Docker使ってたらサーバがゴミ捨て場みたいになってた話

id:y_uuki / @y_uuk1

%PDLFS࢖ͬͯͨΒαʔό͕ ΰϛࣺͯ৔Έ͍ͨʹͳͬͯͨ࿩ *NNVUBCMF*OGSBTUSVDUVSF$POGFSFODF

MPBEBWH͕௒͑ͨ

• curl https://<jenkins>:8000/job/project • timeout • ssh <jenkins> • timeout
• Dom0 ͔Β ήετOSʹϩάΠϯͯ͠ top

UPQVQEBZT VTFST MPBEBWFSBHF 5BTLTUPUBM SVOOJOH TMFFQJOH TUPQQFE
[PNCJF $QVVT TZ OJ JE XB IJ TJ TU $QVVT TZ OJ JE XB IJ TJ TU $QVVT TZ OJ JE XB IJ TJ TU $QVVT TZ OJ JE XB IJ TJ TU $QVVT TZ OJ JE XB IJ TJ TU $QVVT TZ OJ JE XB IJ TJ TU $QVVT TZ OJ JE XB IJ TJ TU $QVVT TZ OJ JE XB IJ TJ TU $QVVT TZ OJ JE XB IJ TJ TU $QVVT TZ OJ JE XB IJ TJ TU $QVVT TZ OJ JE XB IJ TJ TU $QVVT TZ OJ JE XB IJ TJ TU $QVVT TZ OJ JE XB IJ TJ TU $QVVT TZ OJ JE XB IJ TJ TU $QVVT TZ OJ JE XB IJ TJ TU $QVVT TZ OJ JE XB IJ TJ TU ,J#.FNUPUBM VTFE GSFF CV⒎FST ,J#4XBQUPUBM VTFE GSFF DBDIFE

w QSPDFTTFT w -9$ͷϓϩηε͕͏Α͏Αͯ͠ɺϝϞϦ৯͍ͭ Ϳͯ͠TXBQ |-docker -d -p /var/run/docker.pid -H
tcp://0.0.0.0:5555 -H unix:///var/run/docker.sock | |-lxc-start -n 718e7f86d172fc7af7599e0f6472205c986fcc8bf51336ed1a5030900652abfs -f… | |-lxc-start -n 542e7f86d172fc7af7599e0f6472205c986fcc8bf51336ed1a5030900652a2b3 -f… | |-lxc-start -n 983e7f86d172fc7af7599e0f6472205c986fcc8bf51336ed1a5030900652ad00 -f… | |-lxc-start -n 271e7f86d172fc7af7599e0f6472205c986fcc8bf51336ed1a5030900652a111 -f… | |-lxc-start -n 323e7f86d172fc7af7599e0f6472205c986fcc8bf51336ed1a5030900652a1f2 -f… | |-lxc-start -n 789e7f86d172fc7af7599e0f6472205c986fcc8bf51336ed1a5030900652a1f2 -f... w EPDLFSTUPQLJMMDPOUBJOFS@JE͚ͩͩͱϓϩ ηε͸ࢮΜͰ͘Εͳ͍

0 * * * * root docker rm $(docker ps
-a -q)

σΟεΫϦϓλ਺͕ ௒͑ͨ

2014/02/13 18:18:46 Error: start: Cannot start container d42e47e9e6bce9770f1d6d940944fc9e3f9a50a00baceaf21bfa9b1bbfced6d6: pipe2: too
many open ﬁles

# lsof -p <docker pid> | wc -l 1021 !
# cat /proc/<docker pid>/limits | grep files Max open files 1024 4096 files

root 31084 0.0 0.0 0 0 ? S< 2013 0:00
[ext4-dio-unwrit] root 31105 0.0 0.0 0 0 ? S< 2013 0:00 [kdmflush] root 31107 0.0 0.0 0 0 ? S< 2013 0:00 [bioset] root 31109 0.0 0.0 0 0 ? S 2013 0:00 [jbd2/dm-1793-8] root 31110 0.0 0.0 0 0 ? S< 2013 0:00 [ext4-dio-unwrit] root 31126 0.0 0.0 0 0 ? S< 2013 0:00 [kdmflush] root 31128 0.0 0.0 0 0 ? S< 2013 0:00 [bioset] root 31131 0.0 0.0 0 0 ? S 2013 0:00 [jbd2/dm-1794-8] root 31132 0.0 0.0 0 0 ? S< 2013 0:00 [ext4-dio-unwrit] root 31153 0.0 0.0 0 0 ? S< 2013 0:00 [kdmflush] root 31155 0.0 0.0 0 0 ? S< 2013 0:00 [bioset] root 31157 0.0 0.0 0 0 ? S 2013 0:00 [jbd2/dm-1795-8] root 31159 0.0 0.0 0 0 ? S< 2013 0:00 [ext4-dio-unwrit] root 31176 0.0 0.0 0 0 ? S< 2013 0:00 [kdmflush] root 31178 0.0 0.0 0 0 ? S< 2013 0:00 [bioset] root 31180 0.0 0.0 0 0 ? S 2013 0:00 [jbd2/dm-1796-8] root 31181 0.0 0.0 0 0 ? S< 2013 0:00 [ext4-dio-unwrit] root 31203 0.0 0.0 0 0 ? S< 2013 0:00 [kdmflush] root 31204 0.0 0.0 0 0 ? S< 2013 0:00 [bioset] root 31206 0.0 0.0 0 0 ? S 2013 0:00 [jbd2/dm-1797-8] root 31207 0.0 0.0 0 0 ? S< 2013 0:00 [ext4-dio-unwrit] root 31229 0.0 0.0 0 0 ? S< 2013 0:00 [kdmflush] root 31231 0.0 0.0 0 0 ? S< 2013 0:00 [bioset] root 31234 0.0 0.0 0 0 ? S 2013 0:00 [jbd2/dm-1798-8] root 31235 0.0 0.0 0 0 ? S< 2013 0:00 [ext4-dio-unwrit] root 31247 0.0 0.0 0 0 ? S< 2013 0:00 [kdmflush] root 31249 0.0 0.0 0 0 ? S< 2013 0:00 [bioset] root 31251 0.0 0.0 0 0 ? S 2013 0:00 [jbd2/dm-1799-8] root 31252 0.0 0.0 0 0 ? S< 2013 0:00 [ext4-dio-unwrit]

• lsof -p <docker pid> • /dev/mapper/docker-xxx … Έ͍ͨͳΛ΍ͨΒ ͱั·͑ͯΔ
• mount /dev/mapper/docker-202:1-3019790-<sha1> on /var/lib/docker/devicemapper/mnt/ <sha1> type ext4 (rw,relatime,discard,stripe=16,data=ordered) /dev/mapper/docker-202:1-3019790-<sha1> on /var/lib/docker/devicemapper/mnt/ <sha1> type ext4 (rw,relatime,discard,stripe=16,data=ordered) /dev/mapper/docker-202:1-3019790-<sha1> on /var/lib/docker/devicemapper/mnt/ <sha1> type ext4 (rw,relatime,discard,stripe=16,data=ordered) ……..

docker lxc-start … lxc-start … lxc-start … lxc-start … /dev/mapper/docker-xxx:…
ɾ ɾ ɾ /dev/mapper/docker-xxx:… /dev/mapper/docker-xxx:… /dev/mapper/docker-xxx:… /dev/mapper/docker-xxx:… /dev/mapper/docker-xxx:… /dev/mapper/docker-xxx:… /dev/mapper/docker-xxx:… /dev/mapper/docker-xxx:… /dev/mapper/docker-xxx:… /dev/mapper/docker-xxx:… /dev/mapper/docker-xxx:… fork open open open open

Device mapper • Docker ͷΠϝʔδࠩ෼؅ཧΛࢧ͑Δٕज़ͷ1ͭ • aufs, btrfs ͳͲͰ୅ସՄೳ •
Ծ૝తͳϒϩοΫσόΠεΛͭ͘ΕΔ • Ծ૝తͳϒϩοΫσόΠεΛελοΫͰ͖Δ • ࠩ෼؅ཧ • ࠩ෼͋ͨΓɺ1 mount -> 1 open ??

0 * * * * root docker rm -v $(docker
ps -a -q) 1 * * * * root df | cut -d" " -f1 | grep docker | xargs umount /FX

κϯϏϓϩηε਺͕ ௒͑ͨ

! Tasks: 3020 total, 5 running, 2700 sleeping, 0 stopped,
315 zombie

• κϯϏʹͳͬͨLXCϓϩηε͕௫ΜͰΔ /dev/ mapper-xxx ͕ Resource Busy ʹͳͬͯͯ umount Ͱ͖ͳ͍
• ଟ෼ɺdocker rm ͰLXCϓϩηεΛ͏·͘ࡴͤͯ ͳͯ͘κϯϏʹͳͬͯΔ

ps -a -q) 1 * * * * root df | cut -d" " -f1 | grep docker | xargs umount 0 10 * * * root service docker restart /FX

ps -a -q) 1 * * * * root df | cut -d" " -f1 | grep docker | xargs umount 0 10 * * * root service docker restart 59 * * * * root docker ps | grep Ghost | cut -d" " -f1 | xargs docker kill 2 * * * * root docker rmi $(docker images | awk '/^<none>/ { print $3 }') /FX /FX

%JTQPTBCMF

͜͜·Ͱ

https://github.com/dotcloud/docker/blob/master/CHANGELOG.md#080-2014-02-04 https://github.com/dotcloud/docker/blob/master/CHANGELOG.md#081-2014-02-18

• Refactor the devicemapper code to avoid many mount/unmount race
conditions and failures! • Remove directory when removing devicemapper device. This cleans up leftover mount directories! • Avoid extra mount/unmount during container registration. This removes an unneeded mount/unmount operation which was causing problems with devicemapper! • Clean up archive closing. This ﬁxes and improves archive handling! • Avoid temporarily unmounting the container when restarting it. This ﬁxes a race for devicemapper during restart

https://github.com/dotcloud/docker/blob/master/CHANGELOG.md#090-2014-03-10

• Avoid extra mount/unmount during build. This fixes mount/unmount related
errors during build.! • Make --rm the default for docker build.! • Devicemapper: cleanups and fix for unmount. Fixes two problems which were causing unmount to fail intermittently.! • Devicemapper: remove directory when removing device. Directories don't get left behind when removing the device.! • Add -f flag to docker rm to force removal of running containers.! • Kill ghost containers and restart all ghost containers when the docker daemon restarts.

Clean Infrastructure

Docker使ってたらサーバがゴミ捨て場みたいになってた話

Docker使ってたらサーバがゴミ捨て場みたいになってた話

Yuuki Tsubouchi (yuuk1)

More Decks by Yuuki Tsubouchi (yuuk1)

Other Decks in Technology

Featured

Transcript

id:y_uuki / @y_uuk1

%PDLFS࢖ͬͯͨΒαʔό͕ ΰϛࣺͯ৔Έ͍ͨʹͳͬͯͨ࿩ NNVUBCMFOGSBTUSVDUVSF$POGFSFODF

✘

MPBEBWH͕௒͑ͨ

• curl https://<jenkins>:8000/job/project • timeout • ssh <jenkins> • timeout

UPQVQEBZT VTFST MPBEBWFSBHF 5BTLTUPUBM SVOOJOH TMFFQJOH TUPQQFE

w QSPDFTTFT w -9$ͷϓϩηε͕͏Α͏Αͯ͠ɺϝϞϦ৯͍ͭ Ϳͯ͠TXBQ |-docker -d -p /var/run/docker.pid -H

0 * * * * root docker rm $(docker ps

σΟεΫϦϓλ਺͕ ௒͑ͨ

2014/02/13 18:18:46 Error: start: Cannot start container d42e47e9e6bce9770f1d6d940944fc9e3f9a50a00baceaf21bfa9b1bbfced6d6: pipe2: too

# lsof -p <docker pid> | wc -l 1021 !

root 31084 0.0 0.0 0 0 ? S< 2013 0:00

• lsof -p <docker pid> • /dev/mapper/docker-xxx … Έ͍ͨͳΛ΍ͨΒ ͱั·͑ͯΔ

docker lxc-start … lxc-start … lxc-start … lxc-start … /dev/mapper/docker-xxx:…

Device mapper • Docker ͷΠϝʔδࠩ෼؅ཧΛࢧ͑Δٕज़ͷ1ͭ • aufs, btrfs ͳͲͰ୅ସՄೳ •

0 * * * * root docker rm -v $(docker

κϯϏϓϩηε਺͕ ௒͑ͨ

! Tasks: 3020 total, 5 running, 2700 sleeping, 0 stopped,

• κϯϏʹͳͬͨLXCϓϩηε͕௫ΜͰΔ /dev/ mapper-xxx ͕ Resource Busy ʹͳͬͯͯ umount Ͱ͖ͳ͍

0 * * * * root docker rm -v $(docker

0 * * * * root docker rm -v $(docker

%JTQPTBCMF

͜͜·Ͱ

https://github.com/dotcloud/docker/blob/master/CHANGELOG.md#080-2014-02-04 https://github.com/dotcloud/docker/blob/master/CHANGELOG.md#081-2014-02-18

• Refactor the devicemapper code to avoid many mount/unmount race

https://github.com/dotcloud/docker/blob/master/CHANGELOG.md#090-2014-03-10

• Avoid extra mount/unmount during build. This ﬁxes mount/unmount related

Clean Infrastructure