run
ãŸãã¯build
éã«sshããŒãšãŒãžã§ã³ããã³ã³ããã«è»¢éã§ãããšäŸ¿å©ã§ãã
å€ãã®å Žåãã¢ã¯ã»ã¹ãsshããŒã«ãã£ãŠå¶åŸ¡ããããã©ã€ããŒããªããžããªã«ååšãããœãŒã¹ã³ãŒããæ§ç¯ããå¿
èŠããããŸãã
ããŒãã¡ã€ã«ãã³ã³ããã«è¿œå ããããšã¯ã次ã®ããã«æªãèãã§ãã
ããªãã¯æ¬¡ã®ãããªããšãããããšãã§ããŸãïŒ
# docker run -t -i -v "$SSH_AUTH_SOCK:/tmp/ssh_auth_sock" -e "SSH_AUTH_SOCK=/tmp/ssh_auth_sock" fedora ssh-add -l
2048 82:58:b6:82:c8:89:da:45:ea:9a:1a:13:9c:c3:f9:52 phemmer<strong i="15">@whistler</strong> (RSA)
ãããïŒ
docker run
ããªãbuild
ãçæ³çãªè§£æ±ºçã¯ã ssh
åãããã«ãã¯ã©ã€ã¢ã³ãã«ããŒãšãŒãžã§ã³ããœã±ããã転éãããããšã§ãã
ãã ããããã®é£ããã¯ãä»»æã®æ°ã®ãœã±ããã¹ããªãŒã ã®ãããã·ããµããŒãããããã«ããªã¢ãŒãAPIã®ãã«ããšã¢ã¿ããã®åŒã³åºããå¿
èŠã«ãªãããšã§ãã sshããŒãšãŒãžã§ã³ãã¯UNIXãã¡ã€ã³ãœã±ããã§ãããè€æ°ã®åææ¥ç¶ãå¯èœã§ãããããåäžã®åæ¹åã¹ããªãŒã ãå®è¡ããã ãã§ã¯äžååã§ãã
ïŒ6075ãããªãã«å¿ èŠãªãã®ãäžããã®ã ããã
ç§å¯ã®ã³ã³ããã¯ãããå°ãå®å šã«ãããããããŸããããèšåããããã¹ãŠã®ãã€ã³ãã¯ãŸã ç«ã£ãŠããŸãã
+1ãã®æ©èœã䟿å©ã ãšæããŸãã ç¹ã«ãããšãã°ãã©ã€ããŒãgitãªããžããªããã®ãœãããŠã§ã¢ãå¿ èŠãšããã³ã³ãããæ§ç¯ããå Žåã ã³ã³ããã§ãªããžããªããŒãå ±æããå¿ èŠã¯ãªãã代ããã«ãdocker build ...ãã§ãããããå®è¡äžã®sshãä»ããŠãããã¯è§£é€ãããSSHããŒã«ã¢ã¯ã»ã¹ããããã®ä»ã®æ¹æ³ã䜿çšã§ããããã«ããããšæããŸãã -ãšãŒãžã§ã³ãã
+1ã Dockerã§è¶³ãæ¿¡ããå§ããã°ããã§ããããæåã«çŽé¢ããéå£ã§ããã Dockerããã«ãäžã«ãã¹ãããªã¥ãŒã ãããŠã³ãã§ããªã/ããŠã³ãã§ããªãããšã«æ°ä»ãåã«ãVOLUMEã䜿çšããŠèªèšŒãœãã¯ã¹ãããŠã³ãããããšãã°ããæéãè²»ãããŸããã
ãã¹ã¯ãŒããªãã®SSHããŒã®ã³ããŒã暪ã«ãªã£ãŠããŠããããã³ã³ãããŒã«ã³ããŒããŠãããã«ãäžã«åé€ãããšããä»çµã¿ãééã£ãŠãããšæããããããŸããã ç§ã¯EC2å ã§äœæ¥ãè¡ã£ãŠããŸãããç§å¯éµãããã«ã³ããŒããããšã«ã€ããŠãæ°åããããããŸããïŒãã¹ã¯ãŒããªããã©ããã¯é¢ä¿ãããŸããïŒã
ç§ã®ãŠãŒã¹ã±ãŒã¹ã¯ãéçã䜿çšããŠerlangãããžã§ã¯ããæ§ç¯ããããšã§ãã æ¡ã®å®ãæåã®ãªããžããªã®ã¯ããŒã³ãäœæããDockerfileã䜿çšããŠã€ã¡ãŒãžã«è¿œå ã§ããŸããããããžã§ã¯ãã«ãããã©ã€ããŒããªäŸåé¢ä¿ã§ã¯æ©èœããŸããã ãã¹ããã·ã³ã§ãããžã§ã¯ãããã«ããããã®çµæãæ°ããDockerã€ã¡ãŒãžã«è¿œå ããããšãã§ãããšæããŸãããDockerã§ãããµã³ãããã¯ã¹ã§ãã«ãããããšæããŸãã
åããŠãŒã¹ã±ãŒã¹ãæã€ä»ã®äººã ã¯æ¬¡ã®ãšããã§ãïŒ https ïŒ
SSH_AUTH_SOCKãæ¡çšããŠãã ãããéåžžã«äŸ¿å©ã§ãã
ããããšã
ç·šéïŒDockerãã©ã®ããã«æ©èœãããïŒFSã¬ã€ã€ãŒïŒã«ã€ããŠè©³ããç¥ã£ãã®ã§ããã«ãäžã«SSHããŒãè¿œå ããåŸã§åé€ããããšã«é¢ããŠèª¬æããããšãè¡ãããšã¯äžå¯èœã§ãã ããŒã¯ãäžéšã®FSã¬ã€ã€ãŒã«åŒãç¶ãååšããŸãã
+ 1ãSSH_AUTH_SOCKã䜿çšã§ããããšã¯éåžžã«äŸ¿å©ã§ãïŒ
ãã©ã€ããŒããªããžããªããããªãã¯ãªããžããªãã«é¢ä¿ãªããSSHããŒã䜿çšããŠGithubã§èªèšŒããŸãã
ããã¯ãç§ã®git clone
ã³ãã³ããgit clone [email protected]:razic/my-repo.git
ããã«ãªã£ãŠããããšãæå³ããŸãã
docker run
éã«ããã¹ãã®~/.ssh
ãã£ã¬ã¯ããªãã³ã³ããã«ããªã¥ãŒã ããŠã³ãã§ããŸãã ssh
ã¯ãã¹ãŠåé¡ãããŸããã ãããç§ã¯ãããŠã³ãããããšã¯ã§ããŸããç§ã®~/.ssh
ã®éã«docker build
ã
ïŒ+1ïŒãã«ãäžã®ssh転éçšã
ç§ãç解ããŠããããã«ãããã¯ééã£ãæ¹æ³ã§ãã æ£ããæ¹æ³ã¯ãéçºãã·ã³ã§Dockerã€ã¡ãŒãžãäœæãããããDockerãµãŒããŒã«ã³ããŒããããšã§ãã
@ SevaUA-ããããããã¯æ£ãããããŸããã ãã®ãªã¯ãšã¹ãã¯ã docker build...
å®è¡ããéã®å¶éã«ãããã®ã§ãã docker run ...
å®è¡ããå Žåã®ããã«ãå€æ°ããã®ã¹ããŒãžã«ãšã¯ã¹ããŒãããããšã¯ã§ããŸããã runã³ãã³ãã䜿çšãããšãå®è¡äžã«å€æ°ãDockerã³ã³ãããŒã«ãšã¯ã¹ããŒãã§ããŸããããã«ãã§ã¯ãããèš±å¯ããŸããã ãã®å¶éã¯ãã³ã³ãããæ§ç¯ãããšãã«dockerdãã©ã®ããã«æ©èœãããã«åºã¥ããŠéšåçã«æå³ãããŠããŸãã ãããããããåé¿ããæ¹æ³ã¯ããã€ãããã説æãããŠãããŠãŒã¹ã±ãŒã¹ã¯æå¹ãªãã®ã§ãã ãããã£ãŠããã®ãªã¯ãšã¹ãã¯ãäœããã®æ¹æ³ã§ãã®æ©èœããã«ãã«å®è£
ããããšããŠããŸãã
ç§ã¯ïŒ6697ïŒã·ãŒã¯ã¬ããã¹ãã¢/ããŒã«ãïŒã®ã¢ã€ãã¢ã奜ãã§ãããŒãžãããšããã§ããŸããããããããŸããããããããããããŸããããªãå Žåã¯ãman-in-the-middleééãããã·sshãå®è¡ããããšãã§ããŸãã DockerããŒã¢ã³ã®å€éšã§ãDockerããŒã¢ã³ãã©ãã£ãã¯ãã€ã³ã¿ãŒã»ããããŸãïŒå éšã§ã¯ãããŸããïŒã ãŸãã¯ããã¹ãŠã®git + sshãªã¯ãšã¹ãã¯ãgithubãŸãã¯æçµçã«æçµçã«å¿ èŠãªãã®ã«ééçã«ãããã·ããããŒã«ã«å®çŸ©ã®ãã¹ãã«å¯Ÿãããã®ã§ããå¯èœæ§ããããŸãã
ãã®èãã¯ãã§ã«æèµ·ãããŠããŸãïŒã³ã¡ã³ã2ãåç §ïŒã ããã¯åé¡ã解決ããŸããã
ãã«ãäžã®ssh転éã®+1ã
docker build
ã§ã®SSHãšãŒãžã§ã³ã転éã®+1
npminstallãªã©ã®ãã«ãäžã®ssh転éã®+1ã
OSXã§ã®å®è¡äžã«ssh転éãæ©èœããããã«ãªã£ã人ã¯ããŸããïŒ ããã«è³ªåãããŸããïŒ http ïŒ
+1 =ïŒ
ãã®é害ã«ãã¶ã€ããã ãã§ãã npm install
ãå®è¡ããããšãããšããã©ã€ããŒããªããžããªããã€ã³ããããŸãã ã»ããã¢ããã¯æ¬¡ã®ããã«ãªããŸãã
host -> vagrant -> docker
ã¯ssh-agentã§host -> vagrant -! docker
転éã§ããŸã
+1
ãdockerbuildãäžã«sshãšãŒãžã§ã³ããæ©èœãããæ¹æ³ãèŠã€ããããšããŠãããšãã«ãããæŒããŠãã ããã
åã®äººãšåã+1ã Dockerã€ã¡ãŒãžãæ§ç¯ãããšãã«1ã€ä»¥äžã®ãã©ã€ããŒãgitãªããžããªïŒããšãã°ã bundle install
ãšnpm install
ãèããŠãã ããïŒã«ã¢ã¯ã»ã¹ããå¿
èŠãããå Žåããã®åé¡ã«å¯Ÿããæåã®è§£æ±ºçã®ããã§ãã
Dockerã®å®è¡äžã«ãã¹ãã/ .sshãã£ã¬ã¯ããªãã³ã³ããã«ããªã¥ãŒã ããŠã³ãã§ããŸãããsshã¯ãã¹ãŠåé¡ãããŸããã
@razicãããã©ã®ããã«
ãã¹ãŠã®ã³ã³ãããç¹å®ã®ãŠãŒã¶ãŒãŸãã¯æš©éã§å®è¡ãããŠããããšã確èªããªãéãããããå®è¡ã§ããŸããïŒ
SSH_AUTH_SOCKãžã®+1
@tonivdvã¯ããã®åé¡ã«é¢ããæåã®ã³ã¡ã³ãã®docker run
ã³ãã³ãã確èªããŠããŸãã SSH_AUTH_SOCK
ã«ãã£ãŠåç
§ããããã¹ãã³ã³ããå
ã®/tmp/ssh_auth_sock
ã«ãã€ã³ãããŠã³ãããã³ã³ããå
ã®SSH_AUTH_SOCK
ããã®ãã¹ã«èšå®ããŸãã
@ md5 @razicãš@tonivdvã次ã®ããã«ããŠã³ãã«ã€ããŠè©±ããŠãããšæããŸãïŒ -v ~/.ssh:/root/.ssh:ro
ã§ããããããè¡ããšã.sshãã¡ã€ã«ã¯rootã«ãã£ãŠææãããªããããã»ãã¥ãªãã£ãã§ãã¯ã«å€±æããŸãã
@KyleJamesWalkerãããããã¯ç§ãããšã§ãããããã¯ãã°ããåã®ç§ã®è©Šã¿ã®1ã€ã ã£ãã®ã§ã @ razicãèªãã ãšãããããæ©èœãããããšãã§ããã®ã§ãããã©ããããããã®ã ãããšæã£ãŠããŸãã:)
@tonivdvå¯èœãã©ãããç¥ãããã®ã§ãããæåŸã«è©Šãããšãã¯äœãèŠã€ãããŸããã§ããã
+1 Dockerã䜿çšããŠäœ¿ãæšãŠã®éçºç°å¢ãæ§ç¯ããããšã«èå³ããããŸãããå®å šã«æ©èœãããããšã¯ã§ããŸããã ããã¯ãã®ç¹ã§å€§ãã«åœ¹ç«ã¡ãŸãã
äžæçãªè§£æ±ºçãæ¢ããŠãã人ã«ã¯ããã«ãŒããã©ãŒã¹æ»æã䜿çšããä¿®æ£ããããŸãã
https://github.com/atrauzzi/docker-laravel/blob/master/images/php-cli/entrypoint.sh
ãšã³ããªãã€ã³ãã¹ã¯ãªããå šäœãå¿ èŠãªããã決ããŠæãŸãããœãªã¥ãŒã·ã§ã³ã§ã¯ãããŸããããæ©èœããŸãã
@atrauzzièå³æ·±ãã¢ãããŒãã éçºç°å¢ã§ã¯ãããŒã¹ã€ã¡ãŒãžãäœæãããã®äžã«sshããŒãçŽæ¥ã³ããŒããŸãã å®è¡ããšã«æäŸããå¿ èŠããªããšããå©ç¹ããããŸãã ãããŠããã®ã¡ã€ãžããç¶æ¿ãããã¹ãŠã®ç»åã«ã¯ãããã©ã«ãã§ããŒãå«ãŸããŠããŸãã ããããç§ãã¡ã®æ¹æ³ã§ã¯ãæããã«ãããå ¬ã«å ±æããããšã¯ã§ããŸãã; p
+1ããã¯çŽ æŽãããã§ããã
@tonivdvã¹ã¯ãªããã®å¯Ÿè±¡ãšãªãã³ã³ããã¯ãCLIããŒã«ã®åãªããã¹ãã§ãããããé »ç¹ã«äœæããã³ç Žæ£ãããŸãã ãã¡ãããæäœã¯1åã ãèªç±ã«è¡ããŸãã ãã ãã誰ããèšå®ãå€æŽããŠã³ã³ãããä»ããŠã³ãã³ããåå®è¡ããå Žåã¯ãæ¯åæ°ããã³ããŒã§ããå¿ èŠããããŸãã
@atrauzziããããŸããã ããªãã®ã¢ãããŒãã¯ããã©ã€ããŒãsshããŒãå¿ èŠãšããå¯èœæ§ã®ããDockerã€ã¡ãŒãžã§æ¡çšããå¿ èŠããããŸãã ããšãã°ããã©ã€ããŒããªããžããªã®å Žåãã³ã³ããŒã¶ãŒã€ã¡ãŒãžã«ã¯ãšã³ããªãã€ã³ãã¹ã¯ãªãããå«ããå¿ èŠããããŸãã å°ãªããšãdockerã«ãã€ãã£ããœãªã¥ãŒã·ã§ã³ãä»å±ãããŸã§ã¯ã
ïŒ+1ïŒãã«ãã«ããssh転éçš
ããã«ãå¿ éåïŒ
@atrauzziçŸåšãç§ãæ¬åœã«æ°ã«å ¥ã£ãŠããå¥ã®ã¢ãããŒãã䜿çšããŠããŸãã sshãå«ãããŒã¿ããªã¥ãŒã ã³ã³ãããäœæããŠããŸãã å¥ã®ã³ã³ããã«sshããŒã䜿çšãããå Žåã¯ã次ã®ã³ãã³ãã§ç°¡åã«äœ¿çšã§ããŸãã
docker run -ti --volumes-from ssh-data ...
ãã®ããã«ãåç»åã«ãšã³ããªãã€ã³ããé 眮ããå¿ èŠããªãããã¹ãŠã®ç»åã§æ©èœããŸãã
ãã®ã³ã³ãããäœæããã«ã¯ã次ã®ããã«ããŸã
docker run \
--name ssh-data \
-v /root/.ssh \
-v ${USER_PRIVATE_KEY}:/root/.ssh/id_rsa \
busybox \
sh -c 'chown -R root:root ~/.ssh && chmod -R 400 ~/.ssh'
ãããä»ã®äººãå©ããããšãã§ããããšãé¡ã£ãŠããŸã:)
也æ¯
@ tonivdv-誰ããSSHèšå®ãè¿œå ãŸãã¯æŽæ°ããå¿ èŠãããå Žåãããããåã€ã³ããŒãããå¿ èŠããããããç§ã¯ç§ã®ã¢ãããŒããæ¡çšããŸããã ç§ã䜿çšããŠããç¹å®ã®ã³ã³ãããŒã¯ãåäžã®ã³ãã³ããå®è¡ããããã«æ§ç¯ãããã³ã³ãããŒã§ãããããå®è¡ãããã³ã«ãã³ããŒãååŸããŠææ°ã§ããããšã確èªããŸãã
@atrauzziãããããããŸããã ããã¯èšã£ãŠããsshããªã¥ãŒã ã³ã³ãããæ£ããç¶æãããã©ããã¯ãŠãŒã¶ãŒæ¬¡ç¬¬ã§ãã 圌ã¯å¿ èŠã«å¿ããŠå¥ã®ãã®ã䜿çšããããšãã§ããŸãã ãŸãããªãã·ã§ã³ã§ãã¹ã¯ãªããã䜿çšããŠãªã³ã¶ãã©ã€ã§çæã§ããŸãã ããããç§ã¯å¯äžã®è¯ã解決çããããšã¯æããŸããã ããã¯ãã¹ãŠããŒãºã«äŸåããŸãã ä»ã®äººãèªåã®ããŒãºã«åºã¥ããŠã©ã®ãœãªã¥ãŒã·ã§ã³ãéžæã§ããããã«ãå ±æãããã£ãã ãã§ãã ããã«ã€ããŠããã«ããã°ãæžããããšæã£ãŠããŸããç§ãããªãã®è§£æ±ºçã転éããŸãïŒ ä¹Ÿæ¯
ç§ã¯ããªãã®ã³ã³ãããå®è¡ããŠãã人ã ãsshããŒã§ãã£ã±ãã®ããŒã¿å°çšã³ã³ãããç¶æããããšãèŠæ±ããŸããã é¢ä¿ããŠããããã§ãã
@atrauzziããªã¥ãŒã ã³ã³ãããååšããå¿ èŠãããã®ã¯äºå®ã§ããããŠãŒã¶ãŒãæ£ããå®è¡ãããããšããã®sshããŒãå ±æããå¿ èŠããããŸããïŒ ãããã£ãŠãsshããªã¥ãŒã ã³ã³ãããå¿ èŠã§ããããšã«å ããŠãå®è¡ã®èŠ³ç¹ããèŠãäž¡æ¹ã®ãœãªã¥ãŒã·ã§ã³ã®å¯äžã®éãã¯æ¬¡ã®ãšããã§ãã
docker run ... --volumes-from ssh-data ... php-cli ...
ãš
docker run ... -v ~/.ssh:/path/.host-ssh ... php-cli ..
æ£ããïŒ ãŸãã¯ç§ã¯äœãä»ã®ãã®ãæ¬ ããŠããŸãã:)
ããããç§ã¯ããªãããããããªãã®ããæ¹ã§ãã£ãŠããçç±ãå®å šã«ç解ããŠããŸãã ãã ããããšãã°ä»ã®äººã®äœæ²å®¶ã®ç»åã䜿çšãããå Žåã¯ãããªã¥ãŒã ããã®æ¹æ³ã§ããã«äœ¿çšã§ããŸãã å°ãªããšããããšã³ããªãã€ã³ãããã¯ãã䜿çšããŠç¬èªã®ã€ã¡ãŒãžãäœæããããšã¯é¿ããããŸãã
ç§ãèšã£ãããã«ãäž¡æ¹ãšãåé¿çã§ãããäž¡æ¹ãšãé·æãšçæããããŸãã
也æ¯
ãã®æ©èœã®ã¹ããŒã¿ã¹ã«ã€ããŠDockerããŒã ããææ°æ
å ±ãå
¥æã§ããã°æ¬åœã«çŽ æŽããããšæããŸãã å
·äœçã«ã¯ã docker build
ããã®SSHèªèšŒã
ãã1幎ã«ãªããŸãã ãã®ããã®å®éã®ãŠãŒã¹ã±ãŒã¹ã®å®çšæ§ãèãããšãã¡ãã£ãšé©ãã¹ãããšã§ãã çŸåšãå®è¡äžã®ã³ã³ãããã³ãããããããšã§åçã«ã€ã¡ãŒãžãçæããŠããŸãã ã¢ããªã±ãŒã·ã§ã³ã®ãªããžããªã«Dockerfile
ãå«ããããšã¯ã§ããŸããã ããã¯äºå®äžãã¹ãŠã®æµããå£ããŸãã ããã解決ããããŸã§ãComposeãSwarmãªã©ã®DockerãµãŒãã¹ã§ã¢ããªã±ãŒã·ã§ã³ãå®éã«äœ¿çšããããšã¯ã§ããŸããã
ã¢ããããŒããããã ããã°å¹žãã§ãã ã©ãããããããé¡ãããŸãã
/ cc @phemmer
ãã®æ©èœãªã©ãå¿
èŠãªãããã§ã¯ãããŸããããã®ãããªãã®ããã«ãã®ç§å¯ã®ãŠãŒã¹ã±ãŒã¹ã¯ãå®è£
ãåžæãã人ããã®ææ¡ãå¿
èŠã§ãããæ¿èªãããå Žåã¯ææ¡ã®å®è£
ãå¿
èŠã«ãªããšæããŸãã
ãŸããç§ã¯ãã¹ãŠã®ã¡ã³ãããŒã§ã¯ãªããç§èªèº«ã代衚ããŠè©±ããŸãã
@jfrazelle
ç§ã¯ããªããã¡ãç§ãã¡ãç¡èŠããŠããªãããšãç¥ã£ãŠããŸã:)
ãããã£ãŠãã¹ããŒã¿ã¹ã¯æ¬¡ã®ãšããã§ãã
åãå
¥ããããææ¡ãããã°ããããå®è£
ããããšãæ€èšããŸã
ããã³ãšã³ãžãã¢ãªã³ã°åž¯åå¹
ã
ããã¯ããªãã«ãšã£ãŠæ£ç¢ºã«èãããŸããïŒ
ãŸããçŸåšããã®åé¡ã«å¯ŸåŠããæªè§£æ±ºã®ææ¡ã¯ãããŸããïŒ
2015幎4æ7æ¥ïŒç«ææ¥ïŒã«ããžã§ã·ãŒFrazelleã®[email protected]ã¯æžããŸããïŒ
ãã®æ©èœãªã©ãå¿ èŠãªããšããããã§ã¯ãããŸããã
ãã®ãããªãã®ããã«ãã®ç§å¯ã®å Žåã¯ã
å®è£ ããææã®ãã人ããã®ææ¡ããããŠæ¿èªãããå Žåã¯
ææ¡ã®å®æœã
ãŸããç§ã¯ãã¹ãŠã®ã¡ã³ãããŒã§ã¯ãªããç§èªèº«ã代衚ããŠè©±ããŸããâ
ãã®ã¡ãŒã«ã«çŽæ¥è¿ä¿¡ããããGitHubã§è¡šç€ºããŠãã ãã
https://github.com/docker/docker/issues/6396#issuecomment-90737847 ã
åãå ¥ããããææ¡ãããã°ããããå®è£ ããããšãæ€èšããŸã
ããã³ãšã³ãžãã¢ãªã³ã°åž¯åå¹ ã
ã¯ã
ãããŠãç§ã¯ããã«ã€ããŠã®ãªãŒãã³ãªææ¡ã¯ãªããšæããŸãã
2015幎4æ7æ¥ç«ææ¥ååŸ2æ36åãã¶ã«ãªãŒã¢ãã ã«ãã©ã³<
[email protected]>ã¯æ¬¡ã®ããã«æžããŠããŸãïŒ
@jfrazelle
ç§ã¯ããªããã¡ãç§ãã¡ãç¡èŠããŠããªãããšãç¥ã£ãŠããŸã:)
ãããã£ãŠãã¹ããŒã¿ã¹ã¯æ¬¡ã®ãšããã§ãã
åãå ¥ããããææ¡ãããã°ããããå®è£ ããããšãæ€èšããŸã
ããã³ãšã³ãžãã¢ãªã³ã°åž¯åå¹ ãããã¯ããªãã«ãšã£ãŠæ£ç¢ºã«èãããŸããïŒ
ãŸããçŸåšããã®åé¡ã«å¯ŸåŠããæªè§£æ±ºã®ææ¡ã¯ãããŸããïŒ
2015幎4æ7æ¥ïŒç«ææ¥ïŒã«ã¯ããžã§ã·ãŒFrazelle [email protected]
æžããŸããïŒãã®æ©èœãªã©ãå¿ èŠãªããšããããã§ã¯ãããŸããã
ãã®ãããªãã®ããã«ãã®ç§å¯ã®å Žåã¯ã
å®è£ ããææã®ãã人ããã®ææ¡ããããŠæ¿èªãããå Žåã¯
ææ¡ã®å®æœã
ãŸããç§ã¯ãã¹ãŠã®ã¡ã³ãããŒã§ã¯ãªããç§èªèº«ã代衚ããŠè©±ããŸããâ
ãã®ã¡ãŒã«ã«çŽæ¥è¿ä¿¡ããããGitHubã§è¡šç€ºããŠãã ãã
https://github.com/docker/docker/issues/6396#issuecomment-90737847 ãâ
ãã®ã¡ãŒã«ã«çŽæ¥è¿ä¿¡ããããGitHubã§è¡šç€ºããŠãã ãã
https://github.com/docker/docker/issues/6396#issuecomment-90738913 ã
ç§ãç©äºãåçŽåããããŠãããã©ããã¯ããããŸããããããã«ç§ã®ææ¡ããããŸãïŒ
SSHAGENTïŒè»¢éïŒããã©ã«ãã§ç¡èŠãã
èšå®ãããŠããå Žåããã«ãäžã«ããœã±ãããšé¢é£ããç°å¢å€æ°ãã³ã³ããã«æ¥ç¶ãããããã§äœ¿çšã§ããŸãã ããã®æ©æ¢°çãªéšåã¯ãã§ã«ååšããæ©èœããŠããŸãã docker build
ããããæ¥ç¶ããã ãã§ãã
Dockerã³ãŒãããŒã¹å ã§ã®äœæ¥çµéšã¯ãããŸããããããã¯ç§ã«ãšã£ãŠååã«éèŠã§ããããããæ¡çšããããšãæ€èšããŸãã
ãããã ææ¡æžã®æåºæ¹æ³ã¯ã©ãã§ç¢ºèªã§ããŸããïŒ ãããŸãã
ç¹å®ã®ã¬ã€ãã©ã€ã³ãŸãã¯åé¡ãéãå¿
èŠããããŸããïŒ
2015幎4æ7æ¥ïŒç«ææ¥ïŒã«ããžã§ã·ãŒFrazelleã®[email protected]ã¯æžããŸããïŒ
åãå ¥ãããããã®ãããã°ããããå®è£ ããããšãæ€èšããŸã
ææ¡
ããã³ãšã³ãžãã¢ãªã³ã°åž¯åå¹ ãã¯ã
ãããŠãç§ã¯ããã«ã€ããŠã®ãªãŒãã³ãªææ¡ã¯ãªããšæããŸãã
2015幎4æ7æ¥ç«ææ¥ååŸ2æ36åãã¶ã«ãªãŒã¢ãã ã«ãã©ã³<
[email protected]
<_e i = "18">@jfrazelle
ç§ã¯ããªããã¡ãç§ãã¡ãç¡èŠããŠããªãããšãç¥ã£ãŠããŸã:)
ãããã£ãŠãã¹ããŒã¿ã¹ã¯æ¬¡ã®ãšããã§ãã
åãå ¥ãããããã®ãããã°ããããå®è£ ããããšãæ€èšããŸã
ææ¡
ããã³ãšã³ãžãã¢ãªã³ã°åž¯åå¹ ãããã¯ããªãã«ãšã£ãŠæ£ç¢ºã«èãããŸããïŒ
ãŸããçŸåšããã®åé¡ã«å¯ŸåŠããæªè§£æ±ºã®ææ¡ã¯ãããŸããïŒ
2015幎4æ7æ¥ç«ææ¥ãJessie Frazelle < [email protected]
<_e i = "31" />ã®æžã蟌ã¿ïŒãã®æ©èœãªã©ãå¿ èŠãªããšããããã§ã¯ãããŸããã
䜿çšãã
ãã®ãããªãã®ããã«ãã®ç§å¯ã®å Žåã¯ã
å®è£ ããææã®ãã人ããã®ææ¡ããããŠæ¿èªãããå Žåã¯
ææ¡ã®å®æœã
ãŸããç§ã¯ãã¹ãŠã®ã¡ã³ãããŒã§ã¯ãªããç§èªèº«ã代衚ããŠè©±ããŸããâ
ãã®ã¡ãŒã«ã«çŽæ¥è¿ä¿¡ããããGitHubã§è¡šç€ºããŠãã ãã
https://github.com/docker/docker/issues/6396#issuecomment-90737847 ãâ
ãã®ã¡ãŒã«ã«çŽæ¥è¿ä¿¡ããããGitHubã§è¡šç€ºããŠãã ãã
https://github.com/docker/docker/issues/6396#issuecomment-90738913 ãâ
ãã®ã¡ãŒã«ã«çŽæ¥è¿ä¿¡ããããGitHubã§è¡šç€ºããŠãã ãã
https://github.com/docker/docker/issues/6396#issuecomment-90739596 ã
ç§ã¯ãã¶ã€ã³ææ¡ã®ãããªæå³ã§ã
https://docs.docker.com/project/advanced-contributing/#design -proposal
14:39ã§ç«ã2015幎4æ7æ¥ã«ã¯ããããšã«ã»Staudigel [email protected]
æžããŸããïŒ
ç§ãç©äºãåçŽåããããŠãããã©ããã¯ããããŸããããããã«ç§ã®ææ¡ããããŸãïŒ
SSHAGENTïŒè»¢éïŒããã©ã«ãã§ç¡èŠãã
èšå®ãããŠããå Žåããã«ãäžã«ããœã±ãããšé¢é£ããç°å¢å€æ°ã¯æ¬¡ã®ããã«ãªããŸãã
ãããã䜿çšã§ããã³ã³ããã«æ¥ç¶ãããŠããŸãã æ©æ¢°éšå
ããã¯ãã§ã«ååšããæ©èœããŠããŸããæ¥ç¶ããã ãã§ãã
Dockerãã«ãã§ãããããDockerã³ãŒãããŒã¹å ã§ã®äœæ¥çµéšã¯ãããŸããããããã¯
ç§ã«ãšã£ãŠãããåŒãåããããšãæ€èšããã®ã«ååéèŠã§ããâ
ãã®ã¡ãŒã«ã«çŽæ¥è¿ä¿¡ããããGitHubã§è¡šç€ºããŠãã ãã
https://github.com/docker/docker/issues/6396#issuecomment-90739803 ã
ããã¯éåžžã«é«ã¬ãã«ã®ã¢ã€ãã¢ã§ãããdockerãªã¢ãŒãAPIãä»ããŠæ¥ç¶ãã代ããã«ãdockerãã³ã³ãããŒå ã§ãã³ãã«ãããsshããŒã¢ã³ã䜿çšããŠinitããŒã¢ã³ãå®è¡ããå Žåã¯ã©ããªããŸããïŒ
ããã¯ãå€ãã®åé¡ã解決ããããã«äœ¿çšã§ããŸãã
ããªãã¯https://github.com/docker/docker/issues/11529ã«ã€ããŠèŠãããããããŸãã
æåã®ç®æ¡æžã
14:46ã§ç«ã2015幎4æ7æ¥ã«ã¯ããããªãã¯ã»ãã¡ã«[email protected]
æžããŸããïŒ
ããã¯æ¬åœã«ãã€ã¬ãã«ãªã¢ã€ãã¢ã§ããã
docker remote apiãdockerã¯ãã³ãã«ãããsshã䜿çšããŠinitããŒã¢ã³ãå®è¡ããŸãã
ããŒã¢ã³ãã³ã³ããå ïŒããã¯ãå€ãã®åé¡ã解決ããããã«äœ¿çšã§ããŸãã
- ãã®ããŒã¢ã³ã¯PID1ã«ãªããã¡ã€ã³ã³ã³ããããã»ã¹ã¯æ¬¡ã®ããã«ãªããŸãã
PID2ãããã«ãããä¿¡å·ãç¡èŠããPID1ã®ãã¹ãŠã®åé¡ã解決ãããŸãã
ã³ã³ãããé©åã«ã·ã£ããããŠã³ããŠããŸããã ïŒïŒ3793
https://github.com/docker/docker/issues/3793ïŒ- ããã«ãããSSHããŒãšãŒãžã§ã³ããã¯ãªãŒã³ã«è»¢éã§ããŸãã ïŒïŒ6396
https://github.com/docker/docker/issues/6396ïŒ- ãã®ããŒã¢ã³ã¯åå空éãéãããŸãŸã«ããããšãã§ããŸãïŒïŒ12035
https://github.com/docker/docker/issues/12035ïŒ- TTYã¯ããŒã¢ã³ã«ãã£ãŠäœæãããŸãïŒïŒ11462
https://github.com/docker/docker/issues/11462ïŒ- ...ãããŠããããç§ãå¿ããŠããä»ã®å€ãã®åé¡ã
â
ãã®ã¡ãŒã«ã«çŽæ¥è¿ä¿¡ããããGitHubã§è¡šç€ºããŠãã ãã
https://github.com/docker/docker/issues/6396#issuecomment-90741192 ã
effingã³ããŒããŒã¹ããæã¡ãŸããä»ç§ã¯ããäžæ¹ãããäžåºŠèŠã€ããªããã°ãªããŸãã
ããããããã¯ããã§ããããã¯ããªããèšåããŠãããšç§ãæã£ããã®ã§ããPID 1ãŸã³ãã®ãã®ãä¿®æ£ããŸãããããç§ãã¡ããã©æçš¿ããŠããã«ããããããããã®è žã¯ãã¹ãŠã§ã
@phemmerå®è£ ã®ããã®ã€ã³ããªãžã§ã³ããªææ¡ãè¡ãããã«ãç§ãã¡ãå°ãå°éç¥èãããããã§ãã
@dtsã®ããã«ãèŠããŸãããç§ã¯ããã«æéãè²»ããããšãããšããªãã§ãã
@phemmerãš@dtsã¯ãã³ãã¥ãã±ãŒã·ã§ã³ã容æã«ããããã«ããã®ãã£ã¹ã«ãã·ã§ã³ãããå°ããªã¢ã«ã¿ã€ã ã®ãã£ããã¯ã©ã€ã¢ã³ãã«åã蟌ãæ¹æ³ã¯ãããŸããïŒ ç§ã¯SlackãGoogle Chat / HangoutãIRCããã¢ã¯ã»ã¹ã§ããå¿ èŠã«å¿ããŠä»ã®ãã®ãããŠã³ããŒãããŸãã
@phemmerå®è£ ã®ããã®ã€ã³ããªãžã§ã³ããªææ¡ãè¡ãéã«ç§ãã¡ãå°ãå°éç¥èãããããã§ã
æ®å¿µãªããå®éã«ã¯ããã§ã¯ãããŸãã:-)
ãã¶ã€ã³ã®ã¢ã€ãã¢ãæšãŠãããšã¯ã§ããŸãããDockerã³ãŒãããŒã¹ã®ããäžéšããç¥ããŸããã ãã®çš®ã®å€æŽã¯å€§èŠæš¡ã«ãªãå¯èœæ§ããããŸãã
ããã«ã¯ãã§ã«ããã€ãã®ææ¡ããããŸãïŒ
dockerãªã¢ãŒãAPIãä»ããŠæ¥ç¶ãã代ããã«ãdockerãã³ã³ãããŒå ã§ãã³ãã«ãããsshããŒã¢ã³ã䜿çšããŠinitããŒã¢ã³ãå®è¡ããå Žåã¯ã©ããªããŸããïŒ
SSHAGENTïŒè»¢éïŒããã©ã«ãã§ç¡èŠãã
èšå®ãããŠããå Žåããã«ãäžã«ããœã±ãããšé¢é£ããç°å¢å€æ°ãã³ã³ããã«æ¥ç¶ãããããã§äœ¿çšã§ããŸãã ããã®æ©æ¢°çãªéšåã¯ãã§ã«ååšããæ©èœããŠããŸããDockerãã«ãã§ããããæ¥ç¶ããã ãã§ãã
docker build
ããªã¥ãŒã ãã€ã³ãã£ã³ã°ãæå¹ã«ããŸãã
ãã®æç¹ã§æ¬åœã«å¿ èŠãªã®ã¯ããã®ãã¡ã®1ã€ãåãå ¥ããŠãäœæ¥ãéå§ã§ããããã«ããããšã§ãã
@jfrazelle次ã®ã¹ãããã«é²ãæ¹æ³ã«ã€ããŠ
ç§ã¯slack / irc / Gchat / etcã®äŒè°ã«åå ã§ããŸããããã«ãããå°ãªããšãèŠä»¶ãåéããŠåççãªè¡åæ¹éã決å®ããããã«ãç©äºãå°ãç°¡åã«ãªããšæããŸãã
@dtsãææ¡
SSHAGENTïŒè»¢éïŒããã©ã«ãã§ç¡èŠãã
ããã¯ãå®è£ ã§ã¯ãªããã©ã®ããã«æ¶è²»ããããã«ã€ããŠã®åãªãã¢ã€ãã¢ã§ãã ãinit / sshããŒã¢ã³ãã¯ããããã©ã®ããã«å®è£ ãããããšããã¢ã€ãã¢ã§ãã 2ã€ã¯äž¡æ¹ãšãååšããå¯èœæ§ããããŸãã
@razicææ¡
Dockerå®è¡ã®ããªã¥ãŒã ãã€ã³ãã£ã³ã°ãæå¹ã«ããŸãã
æ®å¿µãªãããããã¯æ©èœããŸããã ãããdocker build
æå³ãããã§ã«ããªã¥ãŒã ããŠã³ãããµããŒãããŠããdocker run
ã§ã¯ãªããšä»®å®ãããšãã¯ã©ã€ã¢ã³ãã¯ãªã¢ãŒãã«ãªããŸãïŒboot2dockerã1ã€ã®é¡èãªäŸã§ãïŒã ããªã¥ãŒã ãã€ã³ãã¯ãã¯ã©ã€ã¢ã³ããDockerããŒã¢ã³ãšåããã¹ãäžã«ããå Žåã«ã®ã¿æ©èœããŸãã
@razicãã¶ã€ã³ææ¡ã«ã€ããŠã¯ããã®ãªã³ã¯ãåç §ããŠãã ãã...ãããã¯ææ¡ã§ã¯ãããŸããhttps://docs.docker.com/project/advanced-contributing/#design -proposal
@phemmer
ãªããããããŸããããªãã®ãæ£ç¢ºã«ç解ã§ããŠããŸããã docker-compose
ã¯ã swarm
ã¯ã©ã¹ã¿ãŒã«å¯Ÿããããªã¥ãŒã ããŠã³ãã§æ©èœããŸãã ãã¡ã€ã«/ãã©ã«ãããã¹ãã·ã¹ãã äžã«ãªãå Žåãååšããªããã¹ã§-v
ãå®è¡ããå ŽåãšåãåäœãããŸãã
@jfrazelleäºè§£ããŸããã
ãã¡ã€ã«/ãã©ã«ããŒããã¹ãã·ã¹ãã äžã«ãªãå ŽåãããŒã«ã«Dockerã«ååšããªããã¹ã§-vãå®è¡ããå Žåãšåãåäœãå®è¡ããŸãã
ç§ã¯ããªãã®äž»åŒµã«åŸããã©ããããããŸããã ãã®åäœã¯ãã®åé¡ã«ã©ã®ããã«åœ¹ç«ã¡ãŸããïŒ
ããŒã«ã«ãã·ã³ã§/tmp/ssh-UPg6h0
ããªãã¹ã³ããŠããsshããŒãšãŒãžã§ã³ããããããªã¢ãŒããã·ã³ã§dockerãå®è¡ããŠããŠã docker build
ãåŒã³åºããšããã®ããŒã«ã«sshããŒãšãŒãžã§ã³ãã«ã¢ã¯ã»ã¹ã§ããªããªããŸãã dockerããŒã¢ã³ã ããªã¥ãŒã ããŠã³ãã¯ãããååŸããã docker build
ã³ã³ããã¯sshããŒã«ã¢ã¯ã»ã¹ã§ããŸããã
倧ãŸãã«èšãã°ãããã解決ããæ¹æ³ã¯2ã€ãããããŸããã
dockerããŒã¢ã³ã¯ã³ã³ããå
ã«unixãã¡ã€ã³ãœã±ãããäœæããäœããããã«æ¥ç¶ãããã³ã«ãå®éã«docker build
ã³ãã³ããå®è¡ããŠããã¯ã©ã€ã¢ã³ãã«ãã®æ¥ç¶ããããã·ããŸãã
ã³ã³ããå ã®UNIXãã¡ã€ã³ãœã±ãããžã®æ¥ç¶ã¯ä»»æã®æ°ã«ãªãå¯èœæ§ãããããããããå®è£ ããã®ã¯é£ããå ŽåããããŸãã ããã¯ãDockerããŒã¢ã³ãšã¯ã©ã€ã¢ã³ããä»»æã®æ°ã®æ¥ç¶ããããã·ããå¿ èŠãããããšããŸãã¯ããŒã¢ã³ãsshãšãŒãžã§ã³ããããã³ã«ã話ããèŠæ±ãå€éåã§ããå¿ èŠãããããšãæå³ããŸãã
ãã ããdocker remote APIãWebSocketããµããŒãããããã«ãªã£ãããïŒãã®åé¡ãäœæãããæç¹ã§ã¯ãµããŒããããŠããŸããã§ããïŒãããã¯ããã»ã©é£ããããšã§ã¯ãªããããããŸããã
sshãšãŒãžã§ã³ãããããã³ã°ãã代ããã«ãã¯ã©ã€ã¢ã³ãããã³ã³ãããžã®å®éã®sshæ¥ç¶ã䜿çšããŸãã dockerã¯ã©ã€ã¢ã³ãã«ã¯sshã¯ã©ã€ã¢ã³ãããã³ãã«ãããŠãããããªã¢ãŒãã³ã³ããã«ssh
ãåŒã³åºããŸãã
ããã¯ãã³ã³ãããžã®æ¥ç¶ã®å®è£
æ¹æ³ã«åã£ãŠä»£ãããããã¯ããã«å€§èŠæš¡ãªå€æŽã«ãªããŸãã ãã ããDockerããããåŠçããå¿
èŠããªããªããæšæºãããã³ã«ã«ç§»è¡ããããšãã§ããŸãã
ããã¯ãä»ã®åé¡ã解決ããå¯èœæ§ããããŸãïŒããã§èª¬æãããã
ãããã£ãŠãæçµçã«ã¯ã¯ããã«å€§èŠæš¡ãªå€æŽãè¡ãããŸãããããé©åãªè§£æ±ºçã«ãªãå¯èœæ§ããããŸãã
çŸå®çã«ã¯ãèŠæš¡ã®é¢ä¿ã§ããããèµ·ãããšã¯æããŸããã
@phemmer
ç§ã¯ããªãã®äž»åŒµã«åŸããã©ããããããŸããã ãã®åäœã¯ãã®åé¡ã«ã©ã®ããã«åœ¹ç«ã¡ãŸããïŒ
ããã®æãäžè¬çãªäœ¿çšäŸã¯ãSSHèªèšŒãå¿ èŠãšãããã©ã€ããŒããªããžããªã§ãã¹ããããŠããäŸåé¢ä¿ãæã€ã€ã¡ãŒãžãæ§ç¯ãã人ã ã§ããããã§ãã
SSHããŒãæã€ãã·ã³ã§ã€ã¡ãŒãžããã«ãããŸãã ãšãŠãç°¡åã§ãã
ããŒã«ã«ãã·ã³ã§/ tmp / ssh-UPg6h0ããªãã¹ã³ããŠããsshããŒãšãŒãžã§ã³ããããããªã¢ãŒããã·ã³ã§dockerãå®è¡ããŠããŠãdocker buildãåŒã³åºããšããã®ããŒã«ã«sshããŒãšãŒãžã§ã³ãã«dockerããŒã¢ã³ã«ã¢ã¯ã»ã¹ã§ããŸããã
ç¥ã£ãŠããã 誰ãæ°ã«ããªãïŒ èªèšŒãœã±ããã«ã¢ã¯ã»ã¹ã§ãããã·ã³ã§docker build
ãå®è¡ããŸãã
ç§ãèšãããšããŠããã®ã¯.... docker-compose
䜿çšãããšããã¡ã€ã«ãå®éã«ãã¹ãäžã«ãããã©ããã«swarm
ã¯ã©ã¹ã¿ãŒã«å¯ŸããŠããªã¥ãŒã ã³ãã³ãã䜿çšã§ããŸãã ã
Dockerãã«ãã®ããªã¥ãŒã ããŠã³ãã«ã€ããŠãåãããšãè¡ãå¿ èŠããããŸãã
| ãã¡ã€ã«ã¯ã·ã¹ãã äžã«ãããŸã| ã¢ã¯ã·ã§ã³|
| ïŒ-| ïŒ-|
| ã¯ã| ããŠã³ã|
| ããã| ãªãïŒå®éã«ã¯ããŠã³ããè©Šã¿ãŸããããã¡ã€ã«/ãã©ã«ããŒãååšããªãå Žåã¯ç©ºã®ãã©ã«ããŒãäœæããŸãã docker run -v /DOES_NOT_EXIST:/DOES_NOT_EXIST ubuntu ls -la /DOES_NOT_EXIST
å®è¡ããŠããã確èªã§ããŸãïŒ|
swarm
èåŸã«ããæŠå¿µã®1ã€ã¯ããã«ããã¹ãã¢ãã«ãééçã«ããããšã§ãã
ãªã¢ãŒãDockerã«ã€ããŠèããŠããã®ã¯è¯ãããšã§ãããããã»ã©éèŠã§ã¯ãããŸããã
docker run
ãšãŸã£ããåãæ¹æ³ã§ã docker build
ããªã¥ãŒã ããŠã³ãã®åäœãã³ããŒããå¿
èŠããããŸãã
https://github.com/docker/compose/blob/master/SWARM.mdããïŒ
ãã«ãã³ã³ããã¢ããªãSwarmã§ã·ãŒã ã¬ã¹ã«åäœããã®ã劚ããäž»ãªçç±ã¯ãã¢ããªãçžäºã«éä¿¡ã§ããããã«ããããšã§ããç°ãªããã¹ãäžã®ã³ã³ããéã®ãã©ã€ããŒãéä¿¡ãæå¹ã«ããããšã¯ããããã³ã°ãããŠããªãæ¹æ³ã§è§£æ±ºãããŠããŸããã
é·æçã«ã¯ããããã¯ãŒã¯ã¯ãã«ããã¹ãã¢ãã«ã«ããããé©åããããã«èŠçŽãããŠããŸãã ä»ã®ãšããããªã³ã¯ãããã³ã³ããã¯åããã¹ãã§èªåçã«ã¹ã±ãžã¥ãŒã«ãããŸãã
@phemmerãããããããªãã説æããåé¡ã®è§£æ±ºçã«ã€ããŠäººã ãèããŠãããšæããŸãã ããªãã説æããŠããåé¡ã¯ãå¥ã®https://github.com/docker/docker/issues/7249ã®ããã«èãã
ç§ã®ã¢ãããŒããæ¡çšããå ŽåïŒ Dockerãã«ãã§ããªã¥ãŒã ããŠã³ããèš±å¯ããã ãã§ãïŒããŠã³ãããããšããŠãããã¡ã€ã«ãå®éã«ã·ã¹ãã äžã«ãããã©ããã«é¢ä¿ãªãããã®åé¡ãéããŠã httpsïŒ//github.com/ã§äœæ¥ãéå§ã§ã
@ cpuguy83ããããŒã¶ã«ãäœæããåã«ãïŒ7133ãèŠãŠããŠãçŽæ¥é¢é£ããŠããããã«èŠããããšã«æ°ã¥ããŸããã
ããã«ããã€ãåèªãè¿œå ããŠããã ããŸããïŒ ïŒ7133ã¯ããã®åé¡ãä¿®æ£ãããšããç§ã®ææ¡ã«å®éã«é¢é£ããŠããŸããããã¯ã docker build
ãããªã¥ãŒã ããµããŒãã§ããããã«ããããšã§ãã
@razicããã¯ã VOLUME /foo
å®éã«ããªã¥ãŒã ãäœæãããã«ãäžã«ãããã³ã³ãããŒã«ããŠã³ããããšããäºå®ã«é¢é£ããŠããŸããããã¯äžè¬çã«æãŸãããã
ãŸããbind-mountsã䜿çšããŠãã¡ã€ã«ããã«ãã³ã³ãããŒã«åã蟌ãããšã«åºã¥ãææ¡ã¯ãããããããŸããããªãã§ãããã
ïŒ6697ãåç
§
docker buildã§-vãå®è¡ãããšãã³ãŒãå®è¡ãã¹ãç°ãªãå¯èœæ§ããããŸãã
ããªã¥ãŒã ãäœæããŠãã«ãäžã«ããŠã³ããã代ããã«ã
dockerfilesã®ããªã¥ãŒã ãåç
§ãããªãçŸåšã®åäœã ãš
代ããã«ãCLIãžã®åŒæ°ã䜿çšããŠå®è¡ããå Žåã«ã®ã¿-vã«äœçšããŸãã
2015幎4æ8æ¥ïŒæ°Žææ¥ïŒã«ã¯ããã©ã€ã¢ã³ã»ãŽãã®[email protected]ã¯æžããŸããïŒ
@razichttps ïŒ//github.com/razicããã¯VOLUMEãšããäºå®ã«é¢é£ããŠããŸã
/ fooã¯å®éã«ããªã¥ãŒã ãäœæãããã®éã«ã³ã³ããã«ããŠã³ãããŸã
ãã«ããããã¯äžè¬çã«æãŸãããããŸããããŸããbind-mountsã䜿çšããŠãã¡ã€ã«ãååŸããããšã«åºã¥ãææ¡ãèšããŸã
ãã«ãã³ã³ããã¯ããããé£ã¶ããšã¯ãããŸããã
ïŒ6697ãåç §https://github.com/docker/docker/pull/6697â
ãã®ã¡ãŒã«ã«çŽæ¥è¿ä¿¡ããããGitHubã§è¡šç€ºããŠãã ãã
https://github.com/docker/docker/issues/6396#issuecomment-90905722 ã
@ cpuguy83説æããŠãããŠããããšãã
+1ãç§ã¯ä»æ¥ãBowerã䜿çšããŠã¯ã©ã€ã¢ã³ãåŽã®äŸåé¢ä¿ãã€ã³ã¹ããŒã«ããRailsã¢ããªã®ã€ã¡ãŒãžãæ§ç¯ããããšããŠãããšãã«ããããããããŸããã äŸåé¢ä¿ã®1ã€ã[email protected]:angular/bower-angular-i18n.git
ãæããŠããå Žåãããã§gitã倱æãããããbowerã倱æããã€ã¡ãŒãžã®æ§ç¯ã倱æããŸãã
ç§ã¯vagrantãäœãããã®ãæ¬åœã«å¥œãã§ãã Vagrantfileã«åäžã®forward_agentæ§æãããå Žåãããã¯vagrantã²ã¹ãã«å¯ŸããŠè§£æ±ºãããŸãã Dockerã¯ãã®ãããªãã®ãå®è£ ã§ããŸããïŒ
ãŸããè£è¶³ãšããŠãããã¯ã€ã¡ãŒãžã®æ§ç¯äžã«çºçããŠããŸãã 誰ããæ¢åã®åé¿çãç¥ã£ãŠããŸããïŒ
ç§ã®åé¿çã¯ãæ°ããRSAããŒãã¢ãçæããgithubã§å ¬éããŒãã»ããã¢ãããïŒãã£ã³ã¬ãŒããªã³ããè¿œå ïŒãDockerã€ã¡ãŒãžã«ç§å¯ããŒãè¿œå ããããšã§ããã
ADD keys/docker_rsa /srv/.ssh/id_rsa
ããã¯é¿ãããã®ã§ãããä»ã®ãšãã蚱容ã§ãããšæããŸãã ä»ã®ææ¡ã¯ãããããã§ãïŒ
誰ããã£ãšåç¬ã殺ããã®ãããããŸããã ãããè¡ã£ãŠãããããªãããŸãã¯ä»ã®ãšããããè¯ãæ¹æ³ãæäŸããŠããªãDockerã
ãããã«ãããç§ã¯ããããä»é±æ«ã«ææ¡ãæåºããã€ããã§ãã @ cpuguy83ã¯ã人ã ãå°ãªããšãããã«ã€ããŠèããèãããã解決çã«ã€ããŠè©±ãåã£ãŠãããšããã®ã¯æ£ããããšã§ãã ãããã£ãŠããã®æç¹ã§ã¯ãç§ãã¡ãäœãã«åæãã誰ãã«ããã«åãçµãã§ãããã ãã®åé¡ã§ãã ããã¯ãçŸåšDockerã«å¯Ÿããç§ã®æ倧ã®äžæºã®ã²ãšã€ã§ãããããç§ã¯å®å šã«ããã«åãçµãããšã«ããŸããã
@razicããã¯ããªãäžè¬çãªãŠãŒã¹ã±ãŒã¹ãªã®ã§ãããã調ã¹ãŠãããŠããããšãã åé¿çãšããŠã¯ãåäœããŸãã ãããããããŒã¯äœ¿çšåŸã«ã€ã¡ãŒãžããåé€ãããå¯èœæ§ããããŸããçµå±ã®ãšãããããŒã¯githubããã¢ããªã±ãŒã·ã§ã³ã®ã³ãŒããååŸããããã«ã®ã¿äœ¿çšãããŸãã
@fullofcaffeine Dockerãå éšã§ã©ã®ããã«æ©èœãããã¯100ïŒ
@razicè¯ãç¹ã
ãã®å¶éãåé¿ããããã«ãïŒããŒã«ã«HTTPãµãŒããŒããïŒç§å¯éµãããŠã³ããŒãããéµãå¿ èŠãšããã³ãã³ããå®è¡ããåŸã§éµãåé€ãããšããã¢ã€ãã¢ãè©ŠããŠããŸããã
ããããã¹ãŠãåäžã®RUN
ã§å®è¡ãããããç»åã«ã¯äœããã£ãã·ã¥ãããŸããã Dockerfileã§ã®è¡šç€ºã¯æ¬¡ã®ãšããã§ãã
RUN ONVAULT npm install --unsafe-perm
ãã®æŠå¿µã«é¢ããæåã®å®è£ ã¯ã httpsïŒ//github.com/dockito/vaultã§å ¥æã§ããŸã
å¯äžã®æ¬ ç¹ã¯ãHTTPãµãŒããŒãå®è¡ããå¿ èŠããããããDockerããããã«ããããªãããšã§ãã
ã©ãèããŠãããæããŠãã ãã ïŒïŒ
+1
ãããå®è£
ãããã®ã楜ãã¿ã«ããŠããŸããéçºç°å¢çšã®ã³ã³ãããã»ããã¢ããããã®ã«åœ¹ç«ã¡ãŸã
+ 1ãboot2dockã§ssh-agentã転éããå¿ èŠããããŸã
ãã®å¶éãåé¿ããããã«ã3ã€ã®ã¹ãããã®ããã»ã¹ãå®è¡ããããšã«ãªããŸããã
ãã®çµæãSSHããŒãå«ãŸãªãSSH-authãä»ããŠäŸåé¢ä¿ããã«ãããDockerã€ã¡ãŒãžãäœæãããŸãã
OSXã®boot2dockerç°å¢ã§docker run
sshãšãŒãžã§ã³ã転éãæå°éã®æéã§æå¹ã«ããã¹ã¯ãªãããäœæããŸããã ãã«ãã®åé¡ã解決ããªãããšã¯ããã£ãŠããŸãããäžéšã®ãŠãŒã¶ãŒã«ã¯åœ¹ç«ã€å¯èœæ§ããããŸãã
Forward sshããŒãšãŒãžã§ã³ãã¯AmazonEC 2 ContainerãµãŒãã¹ãªã©ã®ãµãŒãã¹ã§æ©èœããŸããïŒ ããã«ã¯ãã³ã³ããã®ãããã€ã«äœ¿çšããŠãããã¹ãŠã®ãã©ãããã©ãŒã ãŸãã¯PaaSã§å©çšã§ãããšã¯éããªãç¹å®ã®ãœãããŠã§ã¢ãå¿ èŠã«ãªãããã«æãããŸãã
ããäžè¬çãªãäžèœã®ãœãªã¥ãŒã·ã§ã³ãå¿ èŠã§ãã
çŸåšãç°å¢å€æ°ã䜿çšããŠããŸãã bashã¹ã¯ãªããã¯ãç§å¯éµïŒããã³æ¢ç¥ã®ãã¹ãïŒå€æ°ãååŸãããããid_rsaãã¡ã€ã«ãšknown_hostsãã¡ã€ã«ã«åºåããŸãã ããã¯æ©èœããŸãããç§ã¯ãŸã ãã®ãããªãœãªã¥ãŒã·ã§ã³ã®ã»ãã¥ãªãã£ãžã®åœ±é¿ãè©äŸ¡ããŠããŸããã
FWIWãã³ã³ããåãããssh-agentãšããªã¥ãŒã å ±æã¯ãæå°éã®ã°ãŒãã¡ãªãŒã§ããŸãæ©èœããããšãããããŸããã
https://github.com/whilp/ssh-agent
ãã ããããã«å¯Ÿããäžæµã®ãµããŒããããã°çŽ æŽããããšæããŸãã
_run_ãš_build_ã§æ©èœãããã®ãåºå¥ããããšãéèŠã§ãã @whilpã®ãœãªã¥ãŒã·ã§ã³ã¯_run_ã§ããŸãæ©èœããŸããã_build_äžã«ä»ã®Dockerã®ããªã¥ãŒã ã«ã¢ã¯ã»ã¹ã§ããªãããã_build_ã§ã¯æ©èœããŸããã ãããã£ãŠããªããã®ãã±ããã¯ãŸã çããéããçã¿ã§ãã
@rvowlesãããåæããã äžé£ã®run / commitåŒã³åºããä»ããŠïŒã€ãŸããDockerfileã䜿çšããã«ïŒã³ã³ãããŒãçæããããã«äœãããŸãšããŸããã ããã¯ç§ã®ç¹å®ã®ãŠãŒã¹ã±ãŒã¹ã§ã¯çã«ããªã£ãŠããŸããããšãŒãžã§ã³ã転éãªã©ã®äžè¬çãªãµããŒãïŒãã«ãæéãå«ãïŒã¯éåžžã«åœ¹ç«ã¡ãŸãã
ãã«ãäžã«/ etc / hostsã«ã³ã³ãããå®è¡ããããã®IPãå«ãŸããŠããŸããïŒ ãã®å Žåã1ã€ã®è§£æ±ºçã¯ãããŒãæäŸããã³ã³ãããŒãéå§ãããã«ãäžã«ãã®ã³ã³ãããŒã«ã«ãŒã«ããããšã§ãã
docker build
éã«SSHãšãŒãžã§ã³ãã䜿çšããæ¹æ³ã«ã€ããŠããã°ã«æžããããšãç¥ã£ãŠãããšããã§ããã-http ïŒ//aidanhs.com/blog/post/2015-10-07-dockerfiles-reproducibility-ããªãã¯/ïŒ_ streamlining_your_experience_using_an_ssh_agent
åäžã®ã³ã³ãããéå§ããå¿ èŠããããŸãã éå§ãããšãSSHãšãŒãžã§ã³ãã¢ã¯ã»ã¹ã¯Dockerfileã«3è¡è¿œå ããã ãã§åé¡ãªãæ©èœããã¯ãã§ãããã以äžãããŒãã³ã³ãããŒã«å ¬éããå¿ èŠã¯ãããŸããã
ããã€ãã®æ³šæç¹ïŒDocker> = 1.8ãå¿ èŠã§ãããDocker Hubèªåãã«ãã§ã¯æ©èœããŸããïŒæããã«ïŒã ã»ãã¥ãªãã£ã«é¢ãã泚æäºé ããèªã¿ãã ããã åé¡ãçºçããå Žåã¯ãæçš¿ã§ãªã³ã¯ããŠããsshagentgithubãªããžããªã§åé¡ãæèµ·ããŠãã ããã
ãŸãã @ aidanhsãšåæ§ã®æ¹æ³ã§ãã®åé¡ã解決ããŸããã
https://github.com/mdsol/docker-ssh-exec
ãããå¯èœã«ããããã®é²å±ã¯ãããŸãããïŒ æš©éãšæææš©ãå°ç¡ãã«ãªã£ãŠããããããã¹ãã®~/.ssh
ãã£ã¬ã¯ããªããã€ã³ãããŠã³ãã§ããŸããã
ããã¯ããã€ã³ãããŠã³ããç¹å®ã®uid / gidãšã¢ã¯ã»ã¹èš±å¯ã匷å¶ã§ããããã«ããããšã§è§£æ±ºã§ããã®ã§ã¯ãªãã§ããããïŒ
@ atrauzzibind -
ããã¯FUSEïŒbindfsãªã©ïŒãä»ããŠå®è¡ã§ããŸãããéåžžã®ãã€ã³ãããŠã³ãã ãã§ã¯å®è¡ã§ããŸããã
@ cpuguy83ããã¯ãç§ã察åŠããå¿ èŠã®ãªãéãæ¬åœã«ç§ãé£ããŠè¡ãå§ããŸãã ç¹ã«ãWindowsããŒã¹ã®ãã¹ãã䜿çšããŠããå Žåã
ããã«ãŠãŒã¶ãŒãã¬ã³ããªãŒãªãªãã·ã§ã³ã¯ãããŸãããïŒ å»¶æãããŠããã ãã®åé¡ããããããªæ°ãããŸãã
@atrauzzi確ãã«ãçæçã«è§£æ±ºããã®ã¯ç°¡åãªåé¡ã§ã¯ãããŸããïŒãšã«ããã·ãŒã ã¬ã¹ã§ã¯ãããŸããïŒã
+1ããã¯ãä»ã®ç¹ã§ã¯åçŽãªNode.jsã¢ããªDockerfileã®å€§ããªãããã«ãŒã§ãã ç§ã¯å€ãã®ããŒãã¢ããªã«åãçµãã§ããŸããããNPMã®äŸåé¢ä¿ãšããŠãã©ã€ããŒãGithubãªããžããªãæããªãã¢ããªã¯ãã£ãã«èŠãããŸããã
åé¿çãšããŠã @ apeaceããgitãµãã¢ãžã¥ãŒã«ãšããŠgitãªããžããªã«è¿œå ããŠã¿ãŠãã ããã ããããã°ããããã¯ã³ã³ããã¹ãå
ã«ããããã«ãäžã«è¿œå ããããšãã§ããŸããæ¬åœã«ãããã«ãããå Žåã¯ãããããã®.git
ãã¡ã€ã«ãåé€ãŸãã¯ç¡èŠããŠãã ããã Dockerãã«ãã§ã¯ãããŒã«ã«ãã£ã¬ã¯ããªã䜿çšããŠã€ã³ã¹ããŒã«ã§ããŸãã äœããã®çç±ã§æ¬æ Œçãªgitãªããžããªãå¿
èŠãªå Žåã¯ã .git
ãã¡ã€ã«ãdockerãã«ãã«ååšããªãããšã確èªãã .git/modules/<repo>
ã<path>/<repo>/.git
ãšããŠè¿œå ããŸãã ããã«ãããã¯ããŒã³ãäœæããããã®ããã«ãéåžžã®ãªããžããªã§ããããšã確èªãããŸãã
ãã®ææ¡ã«æè¬ããŸã@jakirkham ããããç§ãã¡ã¯é·ãéNPMäŸåé¢ä¿ãšããŠãã©ã€ããŒããªããžããªã䜿çšããŠããŸãããç§ã¯éåžžã®npm install
ã¯ãŒã¯ãããŒãå£ããããããŸããã
ä»ã®ãšãããæ©èœãããœãªã¥ãŒã·ã§ã³ããããŸãããããã¯åä»ã§ãã æã ã¯æã£ãŠããŸãïŒ
RUN npm install
æã
ããRUN GIT_SSH='/code/.docker/git_ssh.sh' npm install
git_ssh.sh
ã¯ã次ã®ãããªã¹ã¯ãªããã§ãã
#!/bin/sh
ssh -o StrictHostKeyChecking=no -i /code/.docker/deploy_rsa "$@"
ããã¯æ©èœããŸãããsshããŒãšãŒãžã§ã³ãã転éããæ¹ãã¯ããã«åªããŠãããã»ããã¢ããäœæ¥ãå€§å¹ ã«å°ãªããªããŸãã
ïŒ+1ïŒ
ãã«ãæã«ãã©ã€ããŒããªããžããªããã®ã¢ã¯ã»ã¹ãå¿
èŠãšããå€ãã®ãŠãŒã¹ã±ãŒã¹ãããããããã®æ©èœãªã¯ãšã¹ãããŸã å®è£
ãããŠããªãããšãä¿¡ããããšãã§ããŸããã
ãã©ã€ããŒããªããžããªãžã®ã¢ã¯ã»ã¹ãå¿ èŠãšããããŸããŸãªçµã¿èŸŒã¿ã·ã¹ãã éçºç°å¢çšã®ã³ã³ãããæ§ç¯ããããšããŠããŸãã ãã¹ãsshããŒã®ãµããŒããè¿œå ããããšã¯çŽ æŽãããæ©èœã§ãã SOãä»ã®ããŒãžã§é£è¡ããæãäžè¬çãªæ¹æ³ã¯å®å šã§ã¯ãªãããã®æ©èœã®ãµããŒãããªãéããç§å¯éµã䜿çšããã¬ã€ã€ãŒãåºãŸããŸãã
ïŒ+1ïŒ
ïŒ+1ïŒããã¯æ°žé ã«å¿ èŠã§ãã
ããã«ã¡ã¯@apeace ãããªãããããèŠããã©ããã¯ããããŸãããããã®åé¡ã®åé¿çã«ã€ããŠä»¥åã«ã³ã¡ã³ãããŸããã
ããã¯ãã¹ã¯ãªãããšWebãµãŒããŒã®çµã¿åããã§ãã https://github.com/dockito/vaultãã©ãæã
@pirelenitoã䜿çšãããšããã«ãã®ã¬ã€ã€ãŒå ã§ããŒãåŒãç¶ã䜿çšã§ããããã«ãªããŸãããïŒ ãã®å Žåããã«ãããã»ã¹ã«Dockito Valutãè¿œå ããããšã¯ãç§ãã¡ã«ãšã£ãŠäŸ¡å€ããããŸãããç§ã«ãšã£ãŠã¯ãçŸåšè¡ã£ãŠããããšãšåãããã«ããžã§ã³ããŒãã«æããŸãã ç§ã¯ææ¡ã«æè¬ããŸãïŒ
@apeace ONVAULT
ã¹ã¯ãªããã¯ããŒãããŠã³ããŒãããã³ãã³ããå®è¡ããŠããã«ããŒãåé€ããŸãã ããã¯ãã¹ãŠåãã³ãã³ãã§è¡ããããããæçµã¬ã€ã€ãŒã«ã¯ããŒãå«ãŸããŸããã
@apeace Medidataã§ã¯ã -ssh-execãšåŒã°ããäœæããå°ããªããŒã«ã䜿çšããŠããŸãã çµæã®ãã«ãã€ã¡ãŒãžã«ã¯docker-ssh-exec
ãã€ããªã®ã¿ãæ®ããã·ãŒã¯ã¬ããã¯æ®ããŸããã ãŸãã Dockerfile
ãžã®1åèªã®å€æŽã®ã¿ãå¿
èŠãªãããéåžžã«ããããããªã³ããå°ãªããã®ã§ãã
ãã ããDockerãã€ãã£ãã®ã¿ã®ãœãªã¥ãŒã·ã§ã³ã_æ¬åœã«_䜿çšããå¿
èŠãããå Žåã¯ãäŒç€Ÿã®ããã°æçš¿ã«èšèŒãããŠããããã«ããããè¡ãããã®çµã¿èŸŒã¿ã®æ¹æ³ããããŸãã Docker 1.9ã§ã¯ã --build-arg
ãã©ã¡ãŒã¿ãŒã䜿çšããŠãäžæçãªå€ããã«ãããã»ã¹ã«æž¡ãããšãã§ããŸãã ãã©ã€ããŒãSSHããŒãARG
ãšããŠæž¡ãããã¡ã€ã«ã·ã¹ãã ã«æžã蟌ã¿ã git checkout
å®è¡ããŠãããããŒã_delete_ããããšãã§ããŸãããããã¯ãã¹ãŠ1ã€ã®RUN
ç¯å²å
ã§ãã docker-ssh-exec
ã¯ã©ã€ã¢ã³ããè¡ãããšã§ãïŒã ããã¯éãDockerfile
ã«ãªããŸãããå€éšããŒã«ã¯å¿
èŠãããŸããã
ã圹ã«ç«ãŠãã°ã
@bentonåæ§ã®è§£æ±ºçãèãåºããŸããã :)
@pirelenitoãš@bentonã«æè¬ã
ç·šéïŒä»¥äžã¯å®éã«ã¯å®å šã§ã¯ãããŸããïŒ
ã¡ãªã¿ã«ãçµæã®ç»åã«SSHããŒãæ®ããã«ãGithubãããã©ã€ããŒããªããžããªããã§ãã¯ã¢ãŠãããæ¹æ³ã¯æ¬¡ã®ãšããã§ãã
ãŸãã次ã®Dockerfile
user/repo-name
ããã©ã€ããŒããªããžããªãžã®ãã¹ã«çœ®ãæããŸãïŒãã§ãã¯ã¢ãŠãã«sshã䜿çšãããããã«ã [email protected]
ãã¬ãã£ãã¯ã¹ãä¿æããŠããããšã確èªããŠãã ããïŒã
FROM ubuntu:latest
ARG SSH_KEY
ENV MY_REPO [email protected]:user/repo-name.git
RUN apt-get update && apt-get -y install openssh-client git-core &&\
mkdir -p /root/.ssh && chmod 0700 /root/.ssh && \
ssh-keyscan github.com >/root/.ssh/known_hosts
RUN echo "$SSH_KEY" >/root/.ssh/id_rsa &&\
chmod 0600 /root/.ssh/id_rsa &&\
git clone "${MY_REPO}" &&\
rm -f /root/.ssh/id_rsa
次ã«ãã³ãã³ãã§ãã«ãããŸã
docker build --tag=sshtest --build-arg SSH_KEY="$(cat ~/.ssh/path-to-private.key)" .
æ£ãããã¹ãSSHç§å¯éµã«æž¡ããŸãã
^ Docker1.9ã䜿çš
@benton docker inspect sshtest
ãšdocker history sshtest
ã®åºåã詳ãã調ã¹ãããšæããããããŸããã ã³ã³ããã³ã³ããã¹ãèªäœã®å
éšã§å©çšã§ããªãå Žåã§ããæçµçãªç»åã®ã¡ã¿ããŒã¿ã«ã¯ç§å¯ãããããšãããããšæããŸã...
@ljrittleè¯ãã¹ãããã£ã³ã°ã VAR
ã䜿çšããå ŽåãããŒã¯ç¢ºãã«ããã«ãããŸãã ããã§ãå€éšã®åé¿çãå¿
èŠã ãšæããŸãã
ããããããã€ãã£ããœãªã¥ãŒã·ã§ã³ããŸã éçºãããŠããªãçç±ã®1ã€ã¯ãããã€ãã®åé¿çãå®æœãããŠããããã§ãã ããããçµã¿èŸŒã¿ã®ãœãªã¥ãŒã·ã§ã³ããŠãŒã¶ãŒã«ããè¯ããµãŒãã¹ãæäŸããDockerã®ãããããªãŒãå«ããå²åŠã«é©åãããšããç¹ã§ä»ã®ã»ãšãã©ã®äººã«åæããŸãã
ããã¥ã¡ã³ããã...
泚ïŒgithubããŒããŠãŒã¶ãŒè³æ Œæ å ±ãªã©ã®ã·ãŒã¯ã¬ãããæž¡ãããã«ãã«ãæå€æ°ã䜿çšããããšã¯ãå§ãããŸããã
ïŒhttps://docs.docker.com/engine/reference/builder/#argïŒ
ãã¡ã€ã«ãžã®ãã¹ãããã«åœãŠã¯ãŸããšã¯æããŸãããã¡ã¢ã¯ãã³ã³ãœãŒã«ãã°ã«ãããããããã¹ã¯ãŒã/ããŒã¯ã³ã衚瀺ããããšã«ã€ããŠã§ãã
@jcrombezããã©ããŒããŠããŸããã ãã®äŸã§ã¯ãsshããŒãå€æ°ãšããŠARG
ä»ããŠæž¡ããŸãã ãããã£ãŠãããã¯é©çšãããŸãã
ã»ãã¥ãªãã£ãªã¹ã¯ã®èŠ³ç¹ãããããã¯éåžžã«ç°ãªããŸãã
docker build --tag=sshtest --build-arg SSH_KEY="$(cat ~/.ssh/path-to-private.key)" .
ãããã ïŒ
docker build --tag=sshtest --build-arg SSH_KEY="mykeyisthis" .
誰ããããªãã®ã¿ãŒããã«ãã°ãèŠã€ããå Žåãçµæã¯åãã§ã¯ãããŸããã
ããããç§ã¯ã»ãã¥ãªãã£ã®å°é家ã§ã¯ãããŸãããç§ãæ°ä»ããŠããªãä»ã®çç±ã§ãããã¯ãŸã å±éºãããããŸããã
ã³ãã³ãã©ã€ã³ã§ã¯ãç§ã¯æšæž¬ããŸãã
ãã ãã @ ljrittleãææãã @ bentonãèªããããã«ã --build-arg
/ ARG
ã䜿çšããæ¹æ³ã¯ãã¹ãŠãã«ãã§ã³ããããããŸãã ãããã£ãŠãããã調ã¹ããšãããŒã«é¢ããæ
å ±ãæããã«ãªããŸãã ã©ã¡ããæçµçãªDockerã³ã³ãããŒã«ç¶æ
ãæ®ãããã®åŽã§åãè匱æ§ã被ããŸãã ãããã£ãŠãdockerããããè¡ããªãããšãæšå¥šããçç±ã
_USER POLL_
_æŽæ°ã®éç¥ãåãåãæè¯ã®æ¹æ³ã¯ããã®ããŒãžã®_Subscribe_ãã¿ã³ã䜿çšããããšã§ãã_
åé¡ã«ã€ããŠã+1ããŸãã¯ãç§ãããããããŸãããšããã³ã¡ã³ãã¯äœ¿çšããªãã§ãã ããã èªåçã«
ã¹ã¬ãããçãããããã«ããããã®ã³ã¡ã³ããåéããŠãã ããã
以äžã«ãªã¹ããããŠãã人ã ã¯ã+ 1ã®ã³ã¡ã³ããæ®ããŠããã®åé¡ã«è³æããŠããŸãã
@ fletcher91
@benlemasurier
@dmuso
@probepark
@saada
@ianAndrewClark
@jakirkham
@galindro
@luisguilherme
@akurkin
@allardhoeve
@SevaUA
@sankethkatta
@kouk
@cliffxuan
@ kotlas92
@taion
_USER POLL_
_æŽæ°ã®éç¥ãåãåãæè¯ã®æ¹æ³ã¯ããã®ããŒãžã®_Subscribe_ãã¿ã³ã䜿çšããããšã§ãã_
åé¡ã«ã€ããŠã+1ããŸãã¯ãç§ãããããããŸãããšããã³ã¡ã³ãã¯äœ¿çšããªãã§ãã ããã èªåçã«
ã¹ã¬ãããçãããããã«ããããã®ã³ã¡ã³ããåéããŠãã ããã
以äžã«ãªã¹ããããŠãã人ã ã¯ã+ 1ã®ã³ã¡ã³ããæ®ããŠããã®åé¡ã«è³æããŠããŸãã
@parknicker
@dursk
@adambiggs
ã»ãã¥ãªãã£ãªã¹ã¯ã®èŠ³ç¹ãããããã¯éåžžã«ç°ãªããŸãã
docker build --tag=sshtest --build-arg SSH_KEY="$(cat ~/.ssh/path-to-private.key)" .
bashã®å±¥æŽãé€ãã°ããŸã£ããåãã§ãã ãã®æ å ±ãè¡ãçãå¯èœæ§ã®ããå Žæã¯ãããããããŸãã
ããšãã°ãAPIãªã¯ãšã¹ãããµãŒããŒã«èšé²ã§ãããšèããŠãã ããã
ãããdocker build --tag=sshtest --build-arg SSH_KEY="fooobar" .
ããŒã¢ã³ãã°ã§ã
DEBU[0090] Calling POST /v1.22/build
DEBU[0090] POST /v1.22/build?buildargs=%7B%22SSH_KEY%22%3A%22fooobar%22%7D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&memory=0&memswap=0&rm=1&shmsize=0&t=sshtest&ulimits=null
DEBU[0090] [BUILDER] Cache miss: &{[/bin/sh -c #(nop) ARG SSH_KEY]}
DEBU[0090] container mounted via layerStore: /var/lib/docker/aufs/mnt/de3530a82a1a141d77c445959e4780a7e1f36ee65de3bf9e2994611513790b8c
DEBU[0090] container mounted via layerStore: /var/lib/docker/aufs/mnt/de3530a82a1a141d77c445959e4780a7e1f36ee65de3bf9e2994611513790b8c
DEBU[0090] Skipping excluded path: .wh..wh.aufs
DEBU[0090] Skipping excluded path: .wh..wh.orph
DEBU[0090] Applied tar sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef to 91f79150f57d6945351b21c9d5519809e2d1584fd6e29a75349b5f1fe257777e, size: 0
INFO[0090] Layer sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef cleaned up
_USER POLL_
_æŽæ°ã®éç¥ãåãåãæè¯ã®æ¹æ³ã¯ããã®ããŒãžã®_Subscribe_ãã¿ã³ã䜿çšããããšã§ãã_
åé¡ã«ã€ããŠã+1ããŸãã¯ãç§ãããããããŸãããšããã³ã¡ã³ãã¯äœ¿çšããªãã§ãã ããã èªåçã«
ã¹ã¬ãããçãããããã«ããããã®ã³ã¡ã³ããåéããŠãã ããã
以äžã«ãªã¹ããããŠãã人ã ã¯ã+ 1ã®ã³ã¡ã³ããæ®ããŠããã®åé¡ã«è³æããŠããŸãã
@ cj2
åçŽãªRuby / Rackã¢ããªã±ãŒã·ã§ã³ãã³ã³ããåããããšããŠããŸãã Gemfileã¯ããã€ãã®ãã©ã€ããŒãgemãåç
§ããŸãã bundle install
ãèµ·åããŠãã©ã€ããŒããªããžããªã«ã¢ã¯ã»ã¹ããããšãããšããã®ãšã©ãŒãçºçãå§ããŸã
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
ç§ã¯ãããåé¿ããããšãã§ããŸããããç§å¯éµãå ¬éããã«ã¯ããããŸããã§ããã ããã¯ããŸããã sshèªèšŒè»¢éãæå¹ã«ããŠãã ããã
ãã«ãäžã®ssh転éã®+1ã ãã®ããããã©ã€ããŒããªããžããªã§go get
ã䜿çšããããšã¯ã§ããŸãã;ïŒ
ãã®ãŠãŒã¹ã±ãŒã¹ãå®å šãªæ¹æ³ã§æå¹ã«ããããã®+1
_USER POLL_
_æŽæ°ã®éç¥ãåãåãæè¯ã®æ¹æ³ã¯ããã®ããŒãžã®_Subscribe_ãã¿ã³ã䜿çšããããšã§ãã_
åé¡ã«ã€ããŠã+1ããŸãã¯ãç§ãããããããŸãããšããã³ã¡ã³ãã¯äœ¿çšããªãã§ãã ããã èªåçã«
ã¹ã¬ãããçãããããã«ããããã®ã³ã¡ã³ããåéããŠãã ããã
以äžã«ãªã¹ããããŠãã人ã ã¯ã+ 1ã®ã³ã¡ã³ããæ®ããŠããã®åé¡ã«è³æããŠããŸãã
@lukad
ãã®éåžžã«èå³æ·±ãè°è«ãèªãã§ããã ãã§ãç°¡åãªè§£æ±ºçã§ãããã®åé¡ã解決ã§ããã®ã§ã¯ãªãããšæããŸãã ç§ãèããŠããã®ã¯ãã¹ãããã·ã§ãããæ®ããšãã«ç¹å®ã®å éšãã£ã¬ã¯ããª/ãã¡ã€ã«ãé€å€/ç¡èŠã§ããããã«ããDockerfileã®ãªãã·ã§ã³ã§ãã ããã¯ã©ãã»ã©é£ããã§ããããïŒ
ããªãã¡
EXCLUDE .ssh
ããã¯ä»¥éã®ãã¹ãŠã®æé ã«é©çšããããšæããŸãããããã£ãŠãFROMã®åŸã«é 眮ãããšãããŒã奜ããªã ãè¿œå ããŠéåžžã©ããã«äœæã§ããããŒã誀ã£ãŠã€ã¡ãŒãžã«è¡šç€ºãããããšãå¿é ããå¿ èŠã¯ãããŸããïŒèš±å¯ãããŠããŸãïŒãããããå¿ èŠãšãããã¹ãŠã®ã¹ãããã§ããããè¿œå ããå¿ èŠããããããããŸããããããããç»åã«ãªã£ãŠããŸãããšãå¿é ããå¿ èŠã¯ãããŸããïŒ
@bentonã®ææ¡ã¯æ£åžžã«æ©èœããdockerããŒã¢ã³ã¯ãããã°ã¢ãŒãã®å Žåã«ã®ã¿id_rsaããŒããã°ã«èšé²ããŸãã
ãã«ãäžã«ããŒãå ¬éããããã«äŸ¿å©ãªæ¹æ³ã¯æ¬¡ã®ãšããã§ãã
# Dockerfile
ARG SSH_KEY
RUN eval `ssh-agent -s` > /dev/null \
&& echo "$SSH_KEY" | ssh-add - \
&& git clone [email protected]:private/repository.git
docker build -t my_tag --build-arg SSH_KEY="$(< ~/.ssh/id_rsa)" .
Haã docker inspect my_tag
ãèŠããšãå®éã«ããã«åº§ã£ãŠããã ãã§ãããENVãããå°ãæŽçãããŠããããšãé€ãã°ãboot-argã®å®éã®å€ãäœã§ãããã¯ããããŸããã
ãŸããid_rsaããŒã«ãã¹ã¯ãŒããããå Žåã¯ãæªæã®ãã人éã§ããå¯èœæ§ããããŸãã
# Dockerfile
ARG SSH_KEY
ARG SSH_PASS
RUN eval `ssh-agent -s` > /dev/null \
&& echo "echo $SSH_PASS" > /tmp/echo_ps && chmod 700 /tmp/echo_ps \
&& echo "$SSH_KEY" | SSH_ASKPASS=/tmp/echo_ps DISPLAY= ssh-add - \
&& git clone [email protected]:private/repository.git
&& rm /tmp/echo_ps
docker build -t my_tag --build-arg SSH_KEY="$(< ~/.ssh/id_rsa)" --build-arg SSH_PASS=<bad_idea> .
ãã¡ããããããé ãé¢ããå Žæã§ããè¯ãèãã§ããããšãåçåããã®ã¯é£ããã§ããããããç§ãã¡ã¯ç人éã ãšæããŸãã
確ãã«ããããè¡ãæ倧ã®çç±ã¯ãã¹ãŠããã«ãäžã«ãã©ã€ããŒããªããžããªã«å¯ŸããŠããã³ãã«ã€ã³ã¹ããŒã«ããŸãã¯ãååŸããè¡ã人ã ã®ããã§ããããã«æãããŸãã
äŸåé¢ä¿ããã³ããŒã«ããŠãããžã§ã¯ãå šäœãè¿œå ããã ãã ãšæããŸãããä»ããã«äœæ¥ãè¡ãå¿ èŠãããå ŽåããããŸãã
@SvenDowideit @thaJeztahãã®åé¡ã®è§£æ±ºçã¯ãããŸããïŒ ç§ã¯ã¹ã¬ããããã©ããŒããããšããŸããããå¥ã®ã¹ã¬ãããéããŠéããŸã§ã®éããããŠå€ãã®æèŠããããDockerããŒã ããã€äœãããã®ãããããŸããã
Dockerãã«ãã¯ããã«ãå ã§ssh-agentã䜿çšããŠããã¹ãã®sshã«ãããã·ããããŒãç¥ããªããŠãããŒã䜿çšããŸãã
ssh-agentãããã·ã«ã€ããŠåŠãã ã°ããã®äººã®ããã«ïŒ githubãæãã®æãå·®ã䌞ã¹ãŸã
@phemmerã®ãªãªãžãã«ã®ã¢ã€ãã¢ã
@yordisã¹ã¬ããã«ã¯ããŸã ç¡æã§å©çšã§ãããåªããããœãªã¥ãŒã·ã§ã³ã¯ãªããšæããŸãã
docker / docker-pyïŒ980ããã®ãã®ã³ã¡ã³ãã¯ãsshããŒããã¹ãã·ã¹ãã ã®rootãŠãŒã¶ãŒã®ããŒãã£ã¬ã¯ããªã«ã³ããŒãããšãããŒã¢ã³ããããã®ããŒã䜿çšããããšã瀺ããŠããããã§ãã ããããç§ã¯ãã®ç¹ã§çã£ãåå¿è ãªã®ã§ãä»ã®èª°ããæ確ã«ããããšãã§ãããããããŸããã
Docker1.8ã®ãã«ãåŒæ°ã䜿çšããŠããŒãæž¡ããŸãã
èŠåã
å€ãã®äººããããã§ããŒããã«ãã³ã³ããã¹ãã«äžæçã«è¿œå ããŠãããããã«åé€ããããšãæšå¥šããŠããŸãã ããŒãã³ãããã®1ã€ã«å¿ã³èŸŒãã å Žåãã³ã³ããã䜿çšãã人ã¯èª°ã§ãç¹å®ã®ã³ãããããã§ãã¯ã¢ãŠãããããšã§ãã®ããŒã«ã¢ã¯ã»ã¹ã§ãããããéåžžã«å±éºã«èãããŸãã
ãã¶ã€ã³ã®ææ¡ãå¿ èŠã§ãããã®åé¡ã¯_cah _-_ luttered_ã§ãããçŸæç¹ã§ã¯ã¢ã€ãã¢ã¯ãããŸãã§ãã å®éã®å®è£ ã®è©³çŽ°ã¯ããxãå®è¡ããå Žåã¯ã©ããªããããš+1ã®ããã¿ã§å€±ãããŠããŸãã æŽçããŠãã®éåžžã«å¿ èŠãªæ©èœã«åãæããã«ã¯ãå¯èœãªè§£æ±ºçãæã£ãŠãã人ã¯ãäœæããå¿ èŠããããŸãã ã ã
次ã«ããã®åé¡ãåç §ããŠãã ããã
ãã®åé¡ã«ã€ããŠããã€ãã®ãã¥ãŒã¹ããããŸãã
å
é±ã®DockerConã§ã¯ãDockerã®ãAskthe Expertsããããªãªã³ã«æãé£ãã質åãããããã«å§ããããã®ã§ãç§ã¯è¡ããå±ãŸãã®ã¿ã€ãã«ã§ããSolutionsArchitectã®è³¢ããŠãã¬ã³ããªãŒãªãšã³ãžãã¢ãšçããã£ãããããŸããã ç§ã¯åœŒã«ãã®åé¡ã®ç°¡åãªèŠçŽãäžããŸããã圌ã¯ããã_only _ docker-compose
ã§ãããšç§ã«ä¿èšŒããã®ã§ãç§ãæ£ç¢ºã«äŒããããšãé¡ã£ãŠããŸãïŒ åœŒãææ¡ããå
容ã®è©³çŽ°ã«ã¯ãå€æ®µéã®ãã«ãïŒãããããæçµçãªã¢ããªã®ãã«ããšã¯ç°ãªãã³ã³ããã¹ãã§äŸåé¢ä¿ãèç©ããããïŒãå«ãŸãããã«ãæã«ããŒã¿ããªã¥ãŒã ã䜿çšããå¿
èŠãããããã§ããã
æ®å¿µãªãããç§ã¯docker-composeã®çµéšããªãããããã¹ãŠã®è©³çŽ°ã远跡ããããšã¯ã§ããŸããã§ããããæ£ç¢ºãªåé¡ã«ã€ããŠåœŒã«æçŽãæžããå Žåã圌ã¯è§£æ±ºçã§å¿çãããšåœŒã¯ç§ã«çŽæããŸããã ããã§ããã®æªè§£æ±ºã®GitHubã®åé¡ãžã®åç §ãå«ããååã«æ確ãªé»åã¡ãŒã«ã§ãããšç§ãæããã®ãæžããŸããã ãããŠä»æã圌ããäœããæãã€ãããšãã«è¿äºããããšããå®å¿æãæã£ãŠè¿äºãããŸããã
圌ã¯å¿ããã®ã§ãããã«ã¯äœãæåŸ ããŠããŸãããã圌ãåé¡ãç解ããDockerãã€ãã£ãã®ããŒã«ã»ããã ãã§æ»æããæºåãã§ããŠããéããããã¯å±ã¿ã«ãªããŸãã
@bentonãã®ãããã¯ã§èª¬æãããŠããããšãè¡ãããã«ã æ§æã䜿çšããŸãã
version: '2'
services:
serviceName:
volumes:
- "${SSH_AUTH_SOCK}:/tmp/ssh-agent"
environment:
SSH_AUTH_SOCK: /tmp/ssh-agent
ssh-agentããã¹ããã·ã³ã§èµ·åããããŒãèªèããŠããããšã確èªããŸãïŒssh-add -Lã³ãã³ãã§ç¢ºèªã§ããŸãïŒã
è¿œå ãå¿ èŠãªå Žåãããããšã«æ³šæããŠãã ãã
Host *
StrictHostKeyChecking no
ã³ã³ããã®.ssh / configã«ã
ããã«ã¡ã¯@WoZïŒ çããŠãããŠããããšãããšãŠãã·ã³ãã«ã«èŠããã®ã§è©ŠããŠã¿ãŸã:)
質åããããŸãããDocker Hubã®èªåãã«ãã§ãããã©ã®ããã«äœ¿çšã§ããŸããïŒ ç§ã®ä»ã®ãšãããããã«äœæãã¡ã€ã«ã䜿çšããæ¹æ³ã¯ãããŸãã:(
@garcianavalonã¯ããŸãåäœããŸãããããã ãã®ããã run
ããªãbuild
ã Docker for MacããŸã åäœããŠããŸããããToDoãªã¹ãã«å«ãŸããŠããããã§ãã
ç·šéïŒ https ïŒ
ç¹å®ã®ããŒãºã«å¯Ÿå¿ããããã«ãããã«2ã€ã®åé¿çãèãåºããŸããã
1ïŒVPNã®èåŸã«ããnpmãpypiãªã©ã®ç¬èªã®ããã±ãŒãžãã©ãŒãã»ããã¢ããããŸãããã®æ¹æ³ã§ã¯ãSSHã¯å¿ èŠãããŸããã
2ïŒãã§ã«ãã©ã€ããŒããªããžããªã«ã¢ã¯ã»ã¹ã§ãããã¹ãŠã®ãã¹ããã·ã³ããã©ã€ããŒãããã±ãŒãžããã¹ããã·ã³ã«ããŒã«ã«ã§è€è£œ/ããŠã³ããŒãããããã±ãŒãžã®ã€ã³ã¹ããŒã«ãå®è¡ããŠããŠã³ããŒããã-vã䜿çšããŠããªã¥ãŒã ãdockerã«ãããããŠãããdockerããã«ãããŸãã
çŸåšããªãã·ã§ã³2ïŒã䜿çšããŠããŸãã
docker run
éãã docker-ssh-agent-forwardã¯æŽç·Žããããœãªã¥ãŒã·ã§ã³ãæäŸããŠããããã§ãMac / Linuxçšã®Dockerå
šäœã§æ©èœããŸãã
known_hosts
ãã¡ã€ã«ãã³ã³ããã«äœæããã®ã§ã¯ãªãïŒå®å
šæ§ãäœãïŒããã¹ãããã³ããŒããããšããå§ãããŸããssh-agentã¯æ¢ç¥ã®ãã¹ãã転éããŠããªãããã§ãã
ãã ããDockerã®å®è¡ã¹ãããäžã«ãã©ã€ããŒãäŸåé¢ä¿ããã«ããéã®åºæ¬çãªåé¡ã¯ãDockerãã«ããã£ãã·ã¥ããã€ãã¹ããããšã§ããããã¯ããã«ãæéã®èŠ³ç¹ããéåžžã«éèŠã«ãªãå¯èœæ§ããããŸãã
ãã®å¶éãåé¿ãã1ã€ã®æ¹æ³ã¯ããã«ãäŸåé¢ä¿å®£èšïŒ package.json
ïŒãmd5 / dateããçµæãã€ã¡ãŒãžã«ããã·ã¥ããŠããã¡ã€ã«ãå€æŽãããŠããªãå Žåã¯åãã€ã¡ãŒãžãåå©çšããããšã§ãã ç»ååã«ããã·ã¥ã䜿çšãããšãè€æ°ã®ç¶æ
ããã£ãã·ã¥ã§ããŸãã ã€ã³ã¹ããŒã«åã®ã€ã¡ãŒãžãã€ãžã§ã¹ããšãçµã¿åãããå¿
èŠããããŸãã
ããã¯ããã«ããµãŒããŒçšã®@aidanhsã®ãœãªã¥ãŒã·ã§ã³ãããå ç¢ã§ããã¯ãã§ãããããã§ã倧èŠæš¡ã«ãã¹ãããå¿ èŠããããŸãã
ããã¯ããã«ããµãŒããŒçšã®@aidanhsã®ãœãªã¥ãŒã·ã§ã³ãããå ç¢ã§ããã¯ãã§ãããããã§ã倧èŠæš¡ã«ãã¹ãããå¿ èŠããããŸãã
ç§ã®ç¹å®ã®ãœãªã¥ãŒã·ã§ã³ã¯1.9.0以éæ©èœããŠããŸãããç§ãäŸåããŠããã1.8.0ã§å°å ¥ãããæ©èœã¯æå³çã§ã¯ãªãããšãå€æãããããåé€ãããŸããã
ç§ã®ãœãªã¥ãŒã·ã§ã³ã®ååã¯åé¡ãããŸãããïŒaïŒãã·ã³ã䜿çšãbïŒé©åãªå Žæã«ãšã³ããªãè¿œå ã§ããDNSãµãŒããŒããã·ã³ããé¢ããŠããå¿ èŠããããŸãïŒãç§ã¯ç±å¿ã«èšãããšã¯ã§ããŸãããããå§ãããŸãã
è¿œå æ å ±@aidanhsãããããšãïŒ
ææ¡ããããœãªã¥ãŒã·ã§ã³ã«é¢ããããã€ãã®æŽæ°ïŒäŸåé¢ä¿å®£èšãã¡ã€ã«ãè¿œå ããçŽåŸã®ããŒã¹ã€ã¡ãŒãžã®ããã·ã¥ã䜿çšã§ãããããããã·ã¥ãå®éã«çµã¿åãããå¿ èŠã¯ãããŸããã ããã«ãssh-agentã¯å®è¡æã«ã®ã¿äœ¿çšã§ãããããknown_hostãã¡ã€ã«ãããªã¥ãŒã ãšããŠããŠã³ãããæ¹ãé©åã§ãããŸããæ¥ç¶ãããã¹ãŠã®ãã¹ãã®ãªã¹ããå«ãŸããŠãããããããå®å šã§ãã
node / npmã®å®å šãªãœãªã¥ãŒã·ã§ã³ãå®è£ ããŸãããããã¯ã詳现ãªããã¥ã¡ã³ããšäŸãšãšãã«ããã«ãããŸãïŒ https ïŒ
ãã¡ãããååã¯ä»ã®ãã¬ãŒã ã¯ãŒã¯ã«ãæ¡åŒµã§ããŸãã
ããã§åãåé¡ããããŸããã€ã¡ãŒãžãããŒã¹ã€ã¡ãŒãžã«ã¯ã¬ãã³ã·ã£ã«ãæžã蟌ãŸãã«ãDockerã³ã³ãããŒå ã§ããã«ãæã«å€æ°ã®ãããžã§ã¯ãããã§ãã¯ããŠãã«ãããããã«SSHã¯ã¬ãã³ã·ã£ã«ãå¿ èŠãªå Žåãã©ã®ããã«äœãããã«ãããŸããã
ãããåé¿ããã«ã¯ã2段éã®ãã«ãããã»ã¹ã䜿çšããŸãã ãœãŒã¹/ããŒ/ãã«ãã®äŸåé¢ä¿ãå«ãããã«ããã€ã¡ãŒãžãäœæãããŸãã ãã«ãããããšããã«ãçµæãtarfileã«æœåºããããã«å®è¡ãããåŸã§ããããã€ãã€ã¡ãŒãžã«è¿œå ãããŸãã ãã®åŸããã«ãã€ã¡ãŒãžãåé€ãããå ¬éãããã®ã¯ããããã€ãã€ã¡ãŒãžã ãã§ãã ããã«ã¯ãã³ã³ãã/ã¬ã€ã€ãŒã®ãµã€ãºãäœãæãããšããåªããå¯äœçšããããŸãã
@ binarytemple-bet365æ£ç¢ºã«ãããè¡ããšã³ãããŒãšã³ãã®äŸã«ã€ããŠã¯ã httpsïŒ//github.com/iheartradio/docker-nodeãåç §ããŠ
Rockerããã§ãã¯ããŠãã ãããããã¯ã¯ãªãŒã³ãªãœãªã¥ãŒã·ã§ã³ã§ãã
@Sodkiç§ã¯ããªãã®ã¢ããã€ã¹ãåããŸããã ã¯ããããã«ãŒã¯ã¯ãªãŒã³ã§ããèãããããœãªã¥ãŒã·ã§ã³ã§ãã DockerããŒã ããã®ãããžã§ã¯ããèªåãã¡ã®ç¿Œã®äžã«çœ®ããŠã docker build
ãå»æ¢ããã ãã§ã¯ãªãã®ã¯æ®å¿µã§ãã ããããšãã
ããã§ãè¯ãæ¹æ³ã¯ãããŸãããïŒ :(
誰ãããã®æ°ããã¹ã«ãã·ã¥ãè©ŠããŸãããïŒ https://github.com/docker/docker/pull/22641ç§ãã¡ãæ¢ããŠããdockerãã€ãã£ããœãªã¥ãŒã·ã§ã³ãããããŸããã ä»ãããè©ŠããŠããããã©ããªãããèŠãããã«å ±åããŠãã ããã
2幎以äžçµã£ãŠããããã¯ãŸã ä¿®æ£ãããŠããŸããðDockerããŒã ã«äœãããŠãã ãã
1.13ã®æ°ãã--squash
ãªãã·ã§ã³ãæ©èœããŠããããã§ãã
http://g.recordit.co/oSuMulfelK.gif
ç§ã¯ããã次ã®ããã«æ§ç¯ããŸãïŒ docker build -t report-server --squash --build-arg SSH_KEY="$(cat ~/.ssh/github_private_key)" .
ãããã£ãŠã docker history
ãŸãã¯docker inspect
ãšãããŒã衚瀺ãããŸããã
ç§ã®Dockerfileã¯æ¬¡ã®ããã«ãªããŸãã
FROM node:6.9.2-alpine
ARG SSH_KEY
RUN apk add --update git openssh-client && rm -rf /tmp/* /var/cache/apk/* &&\
mkdir -p /root/.ssh && chmod 0700 /root/.ssh && \
ssh-keyscan github.com > /root/.ssh/known_hosts
RUN echo "$SSH_KEY" > /root/.ssh/id_rsa &&\
chmod 0600 /root/.ssh/id_rsa
COPY package.json .
RUN npm install
RUN rm -f /root/.ssh/id_rsa
# Bundle app source
COPY . .
EXPOSE 3000
CMD ["npm","start"]
@ kienpham2000 ãã¹ã¯ãªãŒã³ã·ã§ããã«ã¯ãŸã ããŒãå«ãŸããŠããããã§ã- --no-trunc
ãã©ã°ã䜿çšããŠdocker history
ã®åºåã確èªããç§å¯ããŒãDockerã«è¡šç€ºãããŠãããã©ãããããã«å ±åããŠãã ãããæŽå²ïŒ
@ryanschwartzããªãã¯æ£ããã§ãã --no-trunc
ã¯å
šäœã瀺ããŠããŸããããã¯é£ã°ãªãã§ãã
@ kienpham2000
1.13ãªãªãŒã¹ã§å°å
¥ããããã1ã€ã®ããšã¯ã次ã®ãšããã§ãã
ç§å¯ãç¯ã
â¢âbuild-secretãã©ã°ã䜿çšããŠãã«ãã¿ã€ã ã·ãŒã¯ã¬ãããæå¹ã«ããŸã
â¢ãã«ãäžã«tmpfsãäœæããã·ãŒã¯ã¬ããã
ãã«ãäžã«äœ¿çšããããã«ãã³ã³ããã
⢠https ïŒ
å€åããã¯ããŸãããã§ããããïŒ
ãã«ãã·ãŒã¯ã¬ããã¯1.13ã«ã¯ãªããŸããã§ããããããŸãããã°1.14ã«ãªããŸãã
2016幎12æ15æ¥åå9æ45åããAlexã [email protected]ã¯æ¬¡ã®ããã«æžããŠããŸãã
@ kienpham2000 https://github.com/kienpham2000
1.13ãªãªãŒã¹ã§å°å ¥ããããã1ã€ã®ããšã¯ã次ã®ãšããã§ããç§å¯ãç¯ã
â¢âbuild-secretãã©ã°ã䜿çšããŠãã«ãã¿ã€ã ã·ãŒã¯ã¬ãããæå¹ã«ããŸã
â¢ãã«ãäžã«tmpfsãäœæããã·ãŒã¯ã¬ããã
ãã«ãäžã«äœ¿çšããããã«ãã³ã³ããã
â¢ïŒ28079 https://github.com/docker/docker/pull/28079å€åããã¯ããŸãããã§ããããïŒ
â
ãã®ã¹ã¬ããã«ãµãã¹ã¯ã©ã€ãããŠããããããããåãåã£ãŠããŸãã
ãã®ã¡ãŒã«ã«çŽæ¥è¿ä¿¡ããGitHubã§è¡šç€ºããŠãã ãã
https://github.com/docker/docker/issues/6396#issuecomment-267393020 ããŸãã¯ãã¥ãŒã
ã¹ã¬ãã
https://github.com/notifications/unsubscribe-auth/AAdcPDxrctBP2TlCtXen-Y_uY8Y8B09Sks5rIXy2gaJpZM4CD4SM
ã
ããã§1幎åŸïŒããããããã¯æªãèãã§ãã ããªãã¯ããããã¹ãã§ã¯ãããŸããã ä»ã«ãããŸããŸãªè§£æ±ºçããããŸãã ããšãã°ãGithubã¯ã¢ã¯ã»ã¹ããŒã¯ã³ãæäŸã§ããŸãã ããŒã¯ã³ããšã«èš±å¯ãããã¢ã¯ã·ã§ã³ãæå®ã§ããããããªã¹ã¯ã®å°ãªãæ§æãã¡ã€ã«/ç°å¢å€æ°ã§ãããã䜿çšã§ããŸãã
解決çã¯ãSSH転éãå®è£ ããããšã§ãã ããšãã°ãVagrantã®ããã«ã
誰ããç§ã«ãããå®è£ ããã®ããªããããªã«è€éãªã®ã説æã§ããŸããïŒ
@ omarabid -
ã¢ã¯ã»ã¹ããŒã¯ã³ã䜿çšãããšããããªãã®ææ¡ã«é¢ããŠã¯ããããã¯æçµçã«ã¬ã€ã€ãŒã«ä¿åãããSSHããŒãšåãããã«çœ®ãå»ãã«ããã®ãšåããããå±éºãªå ŽåããããŸãã èªã¿åãå°çšã¢ã¯ã»ã¹ããæã£ãŠããªãå Žåã§ããã»ãšãã©ã®äººã¯ä»ã®äººãèªåã®ãªããžããªãžã®èªã¿åãå°çšã¢ã¯ã»ã¹ãæã£ãŠããããšãæãã§ããŸããã ãŸããé »ç¹ãªå€±å¹/ããŒããŒã·ã§ã³/é åžãçºçããå¿ èŠããããŸãã ããã¯ãããã¹ã¿ãŒãã¢ã¯ã»ã¹ããŒã¯ã³ã䜿çšããããããéçºè ãªã©ããšã«åŠçããæ¹ãå°ãç°¡åã§ãã
ããã€ãã®ã³ã¡ã³ããè¿°ã¹ããã«ãã·ãŒã¯ã¬ãããœãªã¥ãŒã·ã§ã³ã¯ãæ£ããæ¹åãžã®äžæ©ã®ããã«èŠããŸãããSSHãšãŒãžã§ã³ãã䜿çšããæ©èœãæé©ã§ãã SSHãšãŒãžã§ã³ãããã«ãã·ãŒã¯ã¬ãããšçµã¿åãããŠäœ¿çšââã§ãããããããŸããããããããããŸããã
éçºè / CIã·ã¹ãã ãgit / buildæäœäžã«SSHãšãŒãžã§ã³ãã䜿çšããã®ã¯èªç¶ãªããšã§ãã ããã¯ãããŸããŸãªã·ã¹ãã ã§äžæ¬ããŠåãæ¶ã/眮ãæããå¿ èŠã®ããããã¹ã¯ãŒããªãã®ãã¬ãŒã³ããã¹ãã®ç§å¯éµã䜿çšãããããã¯ããã«å®å šã§ãã ãŸããSSHãšãŒãžã§ã³ãã䜿çšãããšãç§å¯éµããŒã¿ãã€ã¡ãŒãžã«ã³ããããããå¯èœæ§ã¯ãããŸããã ææªã®å Žåãç°å¢å€æ°/ SSH_AUTH_SOCKã¬ã ãã³ããã€ã¡ãŒãžã«æ®ãããŸãã
ã·ãŒã¯ã¬ããããŒã®ã³ã³ãã³ãã衚瀺ããããè¿œå ã®ãµãŒãããŒãã£ã®DockerããŒã«ã䜿çšãããããã«ããã®ææ°ã®åé¿çãå ¥æããŸããïŒãã«ããããPRäžã®ã·ãŒã¯ã¬ããããŒã«ããããã«ããŒãžãããããšãé¡ã£ãŠããŸãïŒã
aws cliã䜿çšããŠãå
±æç§å¯éµãS3ãããã¹ãã®çŸåšã®ãªããžããªã«ããŠã³ããŒãããŠããŸãã ãã®ããŒã¯ãKMSã䜿çšããŠä¿åæã«æå·åãããŸãã ããŒãããŠã³ããŒãããããšãDockerfileã¯ãã«ãããã»ã¹äžã«ãã®ããŒãã³ããŒããåŸã§åé€ããŸããã³ã³ãã³ãã¯docker inspect
ãŸãã¯docker history --no-trunc
衚瀺ãããŸããã
æåã«S3ãããã¹ããã·ã³ã«githubç§å¯éµãããŠã³ããŒãããŸãã
# build.sh
s3_key="s3://my-company/shared-github-private-key"
aws configure set s3.signature_version s3v4
aws s3 cp $s3_key id_rsa --region us-west-2 && chmod 0600 id_rsa
docker build -t app_name .
Dockerfileã¯æ¬¡ã®ããã«ãªããŸãã
FROM node:6.9.2-alpine
ENV id_rsa /root/.ssh/id_rsa
ENV app_dir /usr/src/app
RUN mkdir -p $app_dir
RUN apk add --update git openssh-client && rm -rf /tmp/* /var/cache/apk/* && mkdir -p /root/.ssh && ssh-keyscan github.com > /root/.ssh/known_hosts
WORKDIR $app_dir
COPY package.json .
COPY id_rsa $id_rsa
RUN npm install && npm install -g gulp && rm -rf $id_rsa
COPY . $app_dir
RUN rm -rf $app_dir/id_rsa
CMD ["start"]
ENTRYPOINT ["npm"]
@ kienpham2000 ããªããã®ãœãªã¥ãŒã·ã§ã³ã¯ç»åã¬ã€ã€ãŒã«ããŒãä¿æããªãã®ã§ããïŒ ããŒã®ã³ããŒãšåé€ã®ã¢ã¯ã·ã§ã³ã¯å¥ã
ã®ã³ãã³ãã§å®è¡ããããããããŒãæã€å¿
èŠã®ããã¬ã€ã€ãŒããããŸãã
ç§ãã¡ã®ããŒã ã¯æšæ¥ãŸã§ããªãã®ãœãªã¥ãŒã·ã§ã³ã䜿çšããŠããŸããããæ¹åããããœãªã¥ãŒã·ã§ã³ãèŠã€ããŸããïŒ
ãã«ãã¹ã¯ãªããã¯æ¬¡ã®ããã«ãªããŸãã
# build.sh
aws s3 presign s3://my_bucket/my_key --expires-in 300 > ./pre_sign_url
docker build -t my-service .
Dockerfileã¯æ¬¡ã®ããã«ãªããŸãã
FROM node
COPY . .
RUN eval "$(ssh-agent -s)" && \
wget -i ./pre_sign_url -q -O - > ./my_key && \
chmod 700 ./my_key && \
ssh-add ./my_key && \
ssh -o StrictHostKeyChecking=no [email protected] || true && \
npm install --production && \
rm ./my_key && \
rm -rf ~/.ssh/*
ENTRYPOINT ["npm", "run"]
CMD ["start"]
@diegocsandrimã¯ãããææããŠãããŠããããšããç§ã¯ããªãã®è§£æ±ºçãæ¬åœã«å¥œãã§ããããã§ç§ãã¡ã®ãã®ãæŽæ°ããã€ããã§ãã å ±æããŠãããŠããããšãïŒ
ç§ã¯ã¹ã¬ããã«å°ãæ £ããŠããŸããããåºæ¬çã«ã人ã ã¯PKIã«ãã£ãŠãããã解決ãããåé¡ã解決ããããšããŠããããã§ãã 誰ããå¿ ãããPKIãããè¯ã解決çãšãªãåãåé¡ãæãããšããŠããããã§ã¯ãããŸããããååãªåèè³æã¯ããããèæ ®ãããã¹ããã®ã§ããå¯èœæ§ãããããšã瀺ããŠããããã§ãã
ç ©ãããããã§ãããåºæ¬çã«ã¯å¯èœã§ã
ãããŠããããå®çŸå¯èœã§ãããšäººã ãæããå Žåã¯ããã¹ãŠã®äœæ¥ãäžåºŠããŸãããå¿ èŠãããã®ã§ããã²ãããäœæããŠãªãŒãã³ãœãŒã¹ã«ããŠãã ããã roumen petrovãã«ããå®å šã§ããããœãŒã¹ã³ãŒããèšé²ããŠããªãïŒtarããã§ãã¯ããŠããªãïŒãã©ããã¯ããããŸããããããã£ãŠãã©ãã»ã©å®å šãã¯ããããŸããã
https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html
@mehmetcodes ïŒPKIãæã£ãŠããŠããå®éã«ã¯åé¡ã¯è§£æ±ºããŸããã PKIããŒã¹ã®SSHèªèšŒãæ©èœãããã«ã¯ãã€ã¡ãŒãžã«ç§å¯éµãããŒãããå¿ èŠããããŸãã
ããŒã«ã«èªèšŒå±ãéåžžã«çåœã®èšŒææžïŒããšãã°1æéæªæºïŒãçºè¡ããŠããŠããã«ããæåããçŽåŸã«èšŒææžãåãæ¶ããªãéããããã¯å®å šã§ã¯ãããŸããã
çæéã®èšŒææžããã»ã¹ãäœæããããšã«æåããå Žåãããã¯ããã«ããå®äºããçŽåŸã«åãæ¶ãæ°ããSSHããŒã䜿çšããããšãšå€§å·®ãããŸããã
ããããããããããã«åä»ã§ãããç§ã¯äœãã«åãæããå¿ èŠããããŸããããããšããªããããéçã«ååšããã®ã§ããããïŒ
https://blog.cloudflare.com/red-october-cloudflares-open-source-implementation-of-the-two-man-rule/
https://blog.cloudflare.com/how-to-build-your-own-public-key-infrastructure/
ããããŸããããSSHäžæããŒã¯ããããã»ãšãã©ã®ãŠãŒã¹ã±ãŒã¹ã§ã¯ããã«åªããŠããŸãããç¹ã«ãã®ã³ã³ããã¹ãã§ã¯ãç§ãææ¡ãããã®ãå«ãããã¹ãŠã®æ段ã«ã€ããŠäžå®ãªããšããããŸãã
http://blog.cloud66.com/using-ssh-private-keys-securely-in-docker-build/ã«ã€ããŠã©ãæããŸã
éåžžã¯ã代ããã«ããŒã䜿çšããŠããªã¥ãŒã ãããŠã³ãããã ãã§ãããMac / mobyãœãªã¥ãŒã·ã§ã³çšã®Dockerã®å¿ èŠæ§ã¯ãããŸããã
f ..ã¯èª°ã§ããïŒ
@çœè²
ç§ã¯MacOSã§ãããŸã§æã£ãŠããŸãïŒ
bash-3.2$ docker run -t -i -v "$SSH_AUTH_SOCK:/tmp/ssh_auth_sock" -e "SSH_AUTH_SOCK=/tmp/ssh_auth_sock" python:3.6 ssh-add -l
docker: Error response from daemon: Mounts denied:
The path /var/folders/yb/880w03m501z89p0bx7nsxt580000gn/T//ssh-DcwJrLqQ0Vu1/agent.10466
is not shared from OS X and is not known to Docker.
You can configure shared paths from Docker -> Preferences... -> File Sharing.
See https://docs.docker.com/docker-for-mac/osxfs/#namespaces for more info.
.
/ var /ã¯ãDockerãèŠåŽããŠããããã«èŠãããšã€ãªã¢ã¹ã§ãã ãããã$ SSH_AUTH_SOCKãã¹ã®åã«/private
ïŒã€ãŸãã解決ããããšã€ãªã¢ã¹ãã¹ïŒãä»ãããšãDockerã¯ãã¡ã€ã«ãèªã¿åãããšãã§ããŸããã次ã®ããã«ãªããŸãã
bash-3.2$ docker run -t -i -v "/private$SSH_AUTH_SOCK:/tmp/ssh_auth_sock" -e "SSH_AUTH_SOCK=/tmp/ssh_auth_sock" python:3.6 ssh-add -l
Could not open a connection to your authentication agent.
ãã®æç¹ã§ãç§ã¯ãã âŠãã©ãã»ã©æªãã®ãçåã«æã£ãŠããŸãã
docker run -v ~/.ssh:/root/.ssh python:3.6 bash
ïŒ
docker build --build-arg ssh_prv_key="$(cat ~/.ssh/id_rsa_no_pass)" --build-arg ssh_pub_key="$(cat ~/.ssh/id_rsa.pub)" --squash .
ãããŠãDockerãã¡ã€ã«å ïŒ
ARG ssh_prv_key
ARG ssh_pub_key
# Authorize SSH Host
RUN mkdir -p /root/.ssh && \
chmod 0700 /root/.ssh && \
ssh-keyscan github.com > /root/.ssh/known_hosts
# Add the keys and set permissions
RUN echo "$ssh_prv_key" > /root/.ssh/id_rsa && \
echo "$ssh_pub_key" > /root/.ssh/id_rsa.pub && \
chmod 600 /root/.ssh/id_rsa && \
chmod 600 /root/.ssh/id_rsa.pub
ãããŠãå«ããããšãå¿ããªãã§ãã ãã
RUN rm -f /root/.ssh/id_rsa /root/.ssh/id_rsa.pub
æåŸã®ã¹ããããšããŠã
ããã§ã®èœãšãç©Žã¯ãç§å¯éµããã¹ã¯ãŒãã§ä¿è·ããŠã¯ãªããªããšããããšã§ãã
åã®ã³ã¡ã³ãã®åé¡ã¯ãããŒãã¬ã€ã€ãŒã«é 眮ãããããšã§ã... Dockerãã¡ã€ã«ã®åè¡ã¯1ã€ã®ã¬ã€ã€ãŒã§ãããããrmã¯åã®ã¬ã€ã€ãŒããåé€ãããŸããã
docker secret
ãã®åé¡ã解決ããŸãããïŒ
WDYT @thaJeztah
docker secretã¯ïŒãŸã ïŒãã«ãäžã¯å©çšã§ããããµãŒãã¹ã§ã®ã¿å©çšã§ããŸãïŒãããã£ãŠããŸã docker run
ã§ã¯å©çšã§ããŸããïŒ
ãã«ãã¹ããŒãžãã«ãã䜿çšãããšããã®ãããªãã®ãæ©èœããå¯èœæ§ããããŸãïŒç§ã®é»è©±ã§å ¥åããŠããã®ã§ããã°ããåã«äœæããèŠç¹ããªã³ã¯ãããŠãã ããïŒã https://gist.github.com/thaJeztah/836c4220ec024cf6dd48ffa850f07770
ç§ã¯ããDockerã«é¢äžããŠããŸãããããã®åé¡ãããã»ã©é·ãéååšããå¯èœæ§ã¯ã©ã®ããã«ãããŸããã ç§ã¯å£°ããããããšã¯ããŠããŸãããããããä¿®æ£ããããã«å¿
èŠãªåªåãç解ããã®ã§ã¯ãªãããããæ±ã£ãŠãããšãã ruby gems
ãããªãã©ã€ããŒãããã±ãŒãžããã©ã€ããŒããªããžããªã
Moby
ã¯ãã®åé¡ãæ°ã«ããŸããïŒ ç§ãæšæž¬ããã»ã©å€§ããããšã§ã¯ãªãããã«æãããäœãã®ããã«ãããããã»ã©é£ããå¿
èŠãããã®ã¯ãªãã§ããã
ã»ãŒ3幎ã«ãªããŸãð¢
@yordis dockerbuilderã¯1幎ã2幎åçµãããŸããã DockerããŒã ã¯ããã«ããŒã¯ååã«åªããŠãããä»ã®å Žæã«æ³šåããŠãããšè¿°ã¹ãŸããã ããããããã¯ãªããªãããã以æ¥ããã«ããŒã«2ã€ã®å€æŽããããŸããã ã¹ã«ãã·ã¥ãšã ã¹ããªã®ã¹ããŒãžãã«ãã ãã®ããããã«ãã¿ã€ã ã®ââç§å¯ãéäžã«ããå¯èœæ§ããããŸãã
ssh-agentã®ã©ã³ã¿ã€ã 転éã«ã¯ã httpsïŒ//github.com/uber-common/docker-ssh-agent-forwardããå§ãã
ç§ãæšæž¬ããã»ã©å€§ããããšã§ã¯ãªãããã«æãããäœãã®ããã«ãããããã»ã©é£ããå¿ èŠãããã®ã¯ãªãã§ããã
@yordisã¯ãã®åé¡ã®ãããã®èª¬æãèªãã§ããããå®è£
ããã®ã¯ç°¡åã§ã¯ãããŸããã ããã¯èšã£ãŠãã誰ããããã«é¢ããæè¡çãªèšèšææ¡ãæã£ãŠããå Žåã¯ãè°è«ã®ããã«åé¡ãŸãã¯PRãéããŠãã ããã ãŸãã_build_éšåã«ã€ããŠã¯ããã«ããŒã®å°æ¥ã®æ¡åŒµã®ããã«buildkit
ãããžã§ã¯ããéå§ãããããšã«ã泚æããŠãã ããã https://github.com/moby/buildkit
@thaJeztahå¿ èŠãªã¹ãã«ãããã°ããã®ã§ãããããã§ã¯ãããŸããã
@villlem DockerããŒã ããã®ããŒãããããç¥ã£ãŠããŸããïŒ
ãã«ããŒã®é±æ¬¡ã¬ããŒãã¯ããã«ãããŸãã https://github.com/moby/moby/tree/master/reports/builderãã«ãæéã®ç§å¯ã¯ãææ°ã®ã¬ããŒãã«åŒãç¶ããªã¹ããããŠããŸããããã«ãã䜿çšã§ããŸã
@diegocsandrimã®ãœãªã¥ãŒã·ã§ã³ã䜿çšããŠããŸãããS3ã«æå·åãããŠããªãSSHããŒã
ãã®è¿œå ã®æé ã¯ãããŒãDockerã€ã¡ãŒãžãã埩å ã§ããïŒããŠã³ããŒãããããã®URLã5ååŸã«æéåãã«ãªãïŒãAWSãã埩å ã§ããªãããšãæå³ããŸãïŒdockerã€ã¡ãŒãžã®ã¿ãç¥ã£ãŠããããŒããŒã·ã§ã³ãã¹ã¯ãŒãã§æå·åãããŠããããïŒ ã
build.shã®å ŽåïŒ
BUCKET_NAME=my_bucket
KEY_FILE=my_unencrypted_key
openssl rand -base64 -out passfile 64
openssl enc -aes-256-cbc -salt -in $KEY_FILE -kfile passfile | aws s3 cp - s3://$BUCKET_NAME/$(hostname).enc_key
aws s3 presign s3://$BUCKET_NAME/$(hostname).enc_key --expires-in 300 > ./pre_sign_url
docker build -t my_service
ãããŠDockerfileã§ïŒ
COPY . .
RUN eval "$(ssh-agent -s)" && \
wget -i ./pre_sign_url -q -O - | openssl enc -aes-256-cbc -d -kfile passfile > ./my_key && \
chmod 700 ./my_key && \
ssh-add ./my_key && \
mkdir /root/.ssh && \
chmod 0700 /root/.ssh && \
ssh-keyscan github.com > /root/.ssh/known_hosts && \
[commands that require SSH access to Github] && \
rm ./my_key && \
rm ./passfile && \
rm -rf /root/.ssh/
docker run
å Žåã¯ã.sshã--mount type=bind,source="${HOME}/.ssh/",target="/root/.ssh/",readonly
ããŠã³ãããå¿
èŠããããŸãã èªã¿åãå°çšã¯éæ³ã§ãããéåžžã®ã¢ã¯ã»ã¹èš±å¯ããã¹ã¯ããsshã¯åºæ¬çã«æºè¶³ã®ãã0600ã®ã¢ã¯ã»ã¹èš±å¯ã確èªããŸãã -u root:$(id -u $USER)
éãã§ãã³ã³ããå
ã®rootãŠãŒã¶ãŒã«ããŠãŒã¶ãŒãšåãã°ã«ãŒãã§äœæãããã¡ã€ã«ãæžã蟌ãŸããããšãã§ããŸããããããã°ãchmod / chownã䜿çšããã«ãå®å
šã«æžã蟌ãŸãªãå Žåã§ããå°ãªããšãããããèªã¿åãããšãã§ããŸãã ã
ã€ãã«ã
ãã®åé¡ã¯ãå€æ®µéãã«ãã䜿çšããããšã§ã docker build
ã ãã§è§£æ±ºã§ãããšæããŸãã
å¿
èŠãªå Žæã§SSHããŒãŸãã¯ãã®ä»ã®ã·ãŒã¯ã¬ãããCOPY
ãŸãã¯ADD
ããã ãã§ã RUN
ã¹ããŒãã¡ã³ãã§å¥œããªããã«äœ¿çšã§ããŸãã
次ã«ã2çªç®ã®FROM
ã¹ããŒãã¡ã³ãã䜿çšããŠæ°ãããã¡ã€ã«ã·ã¹ãã ãéå§ãã COPY --from=builder
ã䜿çšããŠã·ãŒã¯ã¬ãããå«ãŸãªããã£ã¬ã¯ããªã®ãµãã»ãããã€ã³ããŒãã
ïŒå®éã«ã¯ãŸã è©ŠããŠããŸããããæ©èœã説æã©ããã«æ©èœããå Žåã¯...ïŒ
@bentonãã«ãã¹ããŒãžãã«ãã¯èª¬æ
次ã®ææ³ãæ€èšŒããŸããã
GITHUB_SSH_KEY
ãªã©ã®ãã«ãã¹ããŒãžãã«ãã®æåã®ã¹ããŒãžã«æž¡ããŸãADD
ãŸãã¯COPY
ã䜿çšããŠãèªèšŒã«å¿
èŠãªå Žæã«ããŒãæžã蟌ã¿ãŸãã ããŒã®å ŽæãïŒURLã§ã¯ãªãïŒããŒã«ã«ãã¡ã€ã«ã·ã¹ãã ãã¹ã§ããå Žåã¯ã .dockerignore
ãã¡ã€ã«ã«å«ãŸããŠããªãå¿
èŠããããŸããããã§ãªãå Žåã COPY
ãã£ã¬ã¯ãã£ãã¯æ©èœããŸããã ã¹ããã4ã§ãããããã«ãããã¯æçµçãªç»åã«åœ±é¿ãåãŒããŸã...bundler
ããã³ãã©ã€ããŒãGemãªããžããªã§ãæ©èœããŸãã ãã®æç¹ã§å«ããå¿
èŠã®ããã³ãŒãããŒã¹ã®éã«ãã£ãŠã¯ã COPY .
ãŸãã¯ADD .
ã䜿çšããå Žåã®å¯äœçšãšããŠãããŒãå床远å ããããšã«ãªããŸããADD .
ãŸãã¯COPY .
å®è¡ãããšãã«ãã³ãŒãããŒã¹ãšäžç·ã«è¿œå ãããå¯èœæ§ããããŸããããã¯ãããã_æ£ç¢ºã«ã¯ãã£ã¬ã¯ããª_ã§ããæçµçãªã©ã³ã¿ã€ã ã€ã¡ãŒãžã«ã³ããŒããããããããŒã®äœ¿çšãçµäºããããããããRUN rm -vf ${GITHUB_SSH_KEY}
ã¹ããŒãã¡ã³ããå«ããå¿
èŠããããŸããWORKDIR
ã«å®å
šã«çµã¿èŸŒãŸããããæ°ããFROM
ã¹ããŒãã¡ã³ãã§2çªç®ã®ãã«ã段éãéå§ããç®çã®ã©ã³ã¿ã€ã ã€ã¡ãŒãžã瀺ããŸãã å¿
èŠãªã©ã³ã¿ã€ã äŸåé¢ä¿ãã€ã³ã¹ããŒã«ããŠãããæåã®ã¹ããŒãžã®WORKDIR
ã«å¯ŸããŠCOPY --from=builder
ãã€ã³ã¹ããŒã«ããŸããäžèšã®ææ³ã瀺ãDockerfile
äŸã次ã«ç€ºããŸãã GITHUB_SSH_KEY
ãã«ãåŒæ°ãæå®ãããšããã«ãæã«GitHubèªèšŒããã¹ããããŸãããããŒããŒã¿ã¯æçµçãªã©ã³ã¿ã€ã ã€ã¡ãŒãžã«å«ãŸããŸããã GITHUB_SSH_KEY
ã¯ããã¡ã€ã«ã·ã¹ãã ãã¹ïŒDockerãã«ããã£ã¬ã¯ããªå
ïŒãŸãã¯ããŒããŒã¿ãæäŸããURLã«ããããšãã§ããŸããããã®äŸã§ã¯ããŒèªäœãæå·åããªãã§ãã ããã
########################################################################
# BUILD STAGE 1 - Start with the same image that will be used at runtime
FROM ubuntu:latest as builder
# ssh is used to test GitHub access
RUN apt-get update && apt-get -y install ssh
# The GITHUB_SSH_KEY Build Argument must be a path or URL
# If it's a path, it MUST be in the docker build dir, and NOT in .dockerignore!
ARG GITHUB_SSH_KEY=/path/to/.ssh/key
# Set up root user SSH access for GitHub
ADD ${GITHUB_SSH_KEY} /root/.ssh/id_rsa
# Add the full application codebase dir, minus the .dockerignore contents...
# WARNING! - if the GITHUB_SSH_KEY is a file and not a URL, it will be added!
COPY . /app
WORKDIR /app
# Build app dependencies that require SSH access here (bundle install, etc.)
# Test SSH access (this returns false even when successful, but prints results)
RUN ssh -o StrictHostKeyChecking=no -vT [email protected] 2>&1 | grep -i auth
# Finally, remove the $GITHUB_SSH_KEY if it was a file, so it's not in /app!
# It can also be removed from /root/.ssh/id_rsa, but you're probably not going
# to COPY that directory into the runtime image.
RUN rm -vf ${GITHUB_SSH_KEY} /root/.ssh/id*
########################################################################
# BUILD STAGE 2 - copy the compiled app dir into a fresh runtime image
FROM ubuntu:latest as runtime
COPY --from=builder /app /app
ããŒããŒã¿ã®_å Žæ_ãããã GITHUB_SSH_KEY
ãã«ãåŒæ°ã§ããŒããŒã¿èªäœãæž¡ãæ¹ãå®å
šãããããŸããã ããã«ãããããŒããŒã¿ãããŒã«ã«ãã¡ã€ã«ã«ä¿åãããŠããCOPY .
è¿œå ãããå Žåã«ã誀ã£ãŠããŒããŒã¿ãå«ãŸããã®ãé²ãããšãã§ããŸãã ãã ããããã«ã¯echo
ãšã·ã§ã«ãªãã€ã¬ã¯ãã䜿çšããŠããŒã¿ããã¡ã€ã«ã·ã¹ãã ã«æžã蟌ãå¿
èŠãããããã¹ãŠã®ããŒã¹ã€ã¡ãŒãžã§æ©èœãããšã¯éããŸããã ããŒã¹ã€ã¡ãŒãžã®ã»ããã«å¯ŸããŠæãå®å
šã§å®è¡å¯èœãªææ³ã䜿çšããŸãã
@jbielãã1幎ãç§ãèŠã€ãã解決çã¯ãVaultã®ãããªãã®ã䜿çšããããšã§ãã
ããã2ã€ã®ã¡ãœãããžã®ãªã³ã¯ã§ãïŒ@bentonã«ãã£ãŠåè¿°ãããã¹ã«ãã·ã¥ãšäžéã³ã³ãããŒïŒ
ã¢ã¯ã»ã¹ãå¿ èŠãªã¢ã¯ã·ã§ã³ãå®è¡ãããã³ã«ãšãŒãžã§ã³ãããã¹ãã¬ãŒãºã®å ¥åãæ±ããããã䜿çšããŠããsshããŒã«ãã¹ãã¬ãŒãºãããå ŽåãçŸåšã®ã¢ãããŒãã¯ã©ã¡ããæ©èœããªããšããã¡ã¢ãè¿œå ããŸãã ããŒãã¬ãŒãºãæž¡ããã«ãããåé¿ããæ¹æ³ã¯ãªããšæããŸãïŒããã¯å€ãã®çç±ã§æãŸãããããŸããïŒ
解決ããã
bashã¹ã¯ãªãããäœæããŸãïŒã/ bin / docker-composeãªã©ïŒïŒ
#!/bin/bash
trap 'kill $(jobs -p)' EXIT
socat TCP-LISTEN:56789,reuseaddr,fork UNIX-CLIENT:${SSH_AUTH_SOCK} &
/usr/bin/docker-compose $@
ãããŠãsocatã䜿çšããDockerfileã§ïŒ
...
ENV SSH_AUTH_SOCK /tmp/auth.sock
...
&& apk add --no-cache socat openssh \
&& /bin/sh -c "socat -v UNIX-LISTEN:${SSH_AUTH_SOCK},unlink-early,mode=777,fork TCP:172.22.1.11:56789 &> /dev/null &" \
&& bundle install \
...
or any other ssh commands will works
次ã«ã docker-compose build
å®è¡ããŸã
@bentonãªãRUN rm -vf ${GITHUB_SSH_KEY} /root/.ssh/id*
ã䜿çšããã®ã§ããïŒ RUN rm -vf /root/.ssh/id*
ã ãã§ã¯ãããŸãããïŒ ãããã¯ãããã§ã®æå³ã誀解ããã®ãããããŸããã
@bentonãããŠãŸãããã¯å®å šã§ã¯ãããŸããïŒ
RUN ssh -o StrictHostKeyChecking=no -vT [email protected] 2>&1
æçŽã確èªããå¿ èŠããããŸã
ç§ã¯ãã®æ¹æ³ã§ãã®åé¡ã解決ããŸãã
ARGS USERNAME
ARGS PASSWORD
RUN git config --global url."https://${USERNAME}:${PASSWORD}@github.com".insteadOf "ssh://[email protected]"
次ã«ã
docker build --build-arg USERNAME=use --build-arg PASSWORD=pwd. -t service
ãã ããæåã¯ããã©ã€ããŒãgitãµãŒããŒãusername:password
ã¯ããŒã³ãªããžããªããµããŒãããŠããå¿
èŠããããŸãã
ã³ã³ããå±¥æŽã«ä¿åãããŠãã@zeayesRUNã³ãã³ãããããã£ãŠãããªãã®ãã¹ã¯ãŒãã¯ä»ã®äººã«èŠããããã«ãªããŸãã
æ£ãã; --build-arg
/ ARG
ã䜿çšãããšããããã®å€ããã«ãå±¥æŽã«è¡šç€ºãããŸãã ãã«ãã¹ããŒãžãã«ãã䜿çšããå Žåã¯ããã®ææ³ã䜿çšã§ããŸãããŸããã€ã¡ãŒãžããã«ãããããã¹ããä¿¡é ŒãïŒã€ãŸããä¿¡é Œã§ããªããŠãŒã¶ãŒãããŒã«ã«ãã«ãå±¥æŽã«ã¢ã¯ã»ã¹ã§ããªãå ŽåïŒãäžéãã«ãã¹ããŒãžã¯ã¬ãžã¹ããªã«ããã·ã¥ãããŸããã
ããšãã°ã次ã®äŸã§ã¯ã USERNAME
ãšPASSWORD
ã¯æåã®ã¹ããŒãžïŒããã«ããŒãïŒã®å±¥æŽã«ã®ã¿çºçããŸãããæçµã¹ããŒãžã®å±¥æŽã«ã¯å«ãŸããŸããã
FROM something AS builder
ARG USERNAME
ARG PASSWORD
RUN something that uses $USERNAME and $PASSWORD
FROM something AS finalstage
COPY --from= builder /the/build-artefacts /usr/bin/something
æçµã€ã¡ãŒãžïŒãfinalstageãã«ãã£ãŠçæãããïŒã®ã¿ãã¬ãžã¹ããªã«ããã·ã¥ãããå Žåã USERNAME
ãšPASSWORD
ã¯ãã®ã€ã¡ãŒãžã«å«ãŸããŸããã
_ãã ã_ãããŒã«ã«ãã«ããã£ãã·ã¥å±¥æŽã§ã¯ããããã®å€æ°ã¯åŒãç¶ãååšããŸãïŒãããŠããã¬ãŒã³ããã¹ãã§ãã£ã¹ã¯ã«ä¿åãããŸãïŒã
次äžä»£ãã«ããŒïŒ BuildKitã䜿çšïŒã«ã¯ããã«ãæã®ã·ãŒã¯ã¬ããã®åãæž¡ãã«é¢é£ãããããå€ãã®æ©èœããããŸãã Docker 18.06ã§å®éšçãªæ©èœãšããŠå©çšã§ããŸãããå°æ¥ã®ãªãªãŒã¹ã§å®éšçãªæ©èœããªããªããããã«å€ãã®æ©èœãè¿œå ãããŸãïŒçŸåšã®ããŒãžã§ã³ã§ã·ãŒã¯ã¬ãã/ã¯ã¬ãã³ã·ã£ã«ããã§ã«å¯èœãã©ããã確èªããå¿ èŠããããŸãïŒ
@kinnalru @thaJeztah thxãç§ã¯ãã«ãã¹ããŒãžãã«ãã䜿çšããŠããŸããããã¹ã¯ãŒãã¯ãã£ãã·ã¥ã³ã³ããã®å±¥æŽã§ç¢ºèªã§ããŸã
@zeayesããïŒ ã³ããŒ/貌ãä»ããšã©ãŒãçºçããããã§ãã æçµæ®µéã§ã¯FROM builder ..
䜿çšããªãã§ãã ããã ãããå®å
šãªäŸã§ãã https://gist.github.com/thaJeztah/aââf1c1e3da76d7ad6ce2abab891506e50
@kinnalruã«ãããã®ã³ã¡ã³ãã¯ããããè¡ãæ£ããæ¹æ³ã§ãhttps://github.com/moby/moby/issues/6396#issuecomment -348103398
ãã®æ¹æ³ã§ã¯ãdockerãç§å¯éµãåŠçããããšã¯ãããŸããã ãŸããæ°ããæ©èœãè¿œå ããªããŠããä»æ¥ã§ãæ©èœããŸãã
ãããç解ããã®ã«å°ãæéãããã£ãã®ã§ãããã«ãã£ãšæ確ã§æ¹åããã説æããããŸãã @kinnalruã³ãŒãã--network=host
ãšlocalhost
ã䜿çšããããã«å€æŽããã®ã§ãIPã¢ãã¬ã¹ãç¥ãå¿
èŠã¯ãããŸããã ïŒèŠç¹ã¯ãã¡ãïŒ
ããã¯docker_with_host_ssh.sh
ãDockerãã©ãããã SSH_AUTH_SOCK
ãããŒã«ã«ãã¹ãã®ããŒãã«è»¢éããŸãã
#!/usr/bin/env bash
# ensure the processes get killed when we're done
trap 'kill $(jobs -p)' EXIT
# create a connection from port 56789 to the unix socket SSH_AUTH_SOCK (which is used by ssh-agent)
socat TCP-LISTEN:56789,reuseaddr,fork UNIX-CLIENT:${SSH_AUTH_SOCK} &
# Run docker
# Pass it all the command line args ($@)
# set the network to "host" so docker can talk to localhost
docker $@ --network='host'
Dockerfileã§ãããŒã«ã«ãã¹ããä»ããŠãã¹ãssh-agentã«æ¥ç¶ããŸãã
FROM python:3-stretch
COPY . /app
WORKDIR /app
RUN mkdir -p /tmp
# install socat and ssh to talk to the host ssh-agent
RUN apt-get update && apt-get install git socat openssh-client \
# create variable called SSH_AUTH_SOCK, ssh will use this automatically
&& export SSH_AUTH_SOCK=/tmp/auth.sock \
# make SSH_AUTH_SOCK useful by connecting it to hosts ssh-agent over localhost:56789
&& /bin/sh -c "socat UNIX-LISTEN:${SSH_AUTH_SOCK},unlink-early,mode=777,fork TCP:localhost:56789 &" \
# stuff I needed my ssh keys for
&& mkdir -p ~/.ssh \
&& ssh-keyscan gitlab.com > ~/.ssh/known_hosts \
&& pip install -r requirements.txt
次ã«ãã¹ã¯ãªãããåŒã³åºããŠã€ã¡ãŒãžãäœæã§ããŸãã
$ docker_with_host_ssh.sh build -f ../docker/Dockerfile .
@cowlicksãã®ãã«ãªã¯ãšã¹ãã«èå³ããããããããŸãããããã¯ããã«ãäžã«SSHãšãŒãžã§ã³ãã転éããããã®docker build --ssh
ãµããŒããè¿œå ããŸãã https://github.com/docker/cli/pull/1419ã Dockerfileæ§æã¯ãŸã å
¬åŒä»æ§ã«ã¯å«ãŸããŠããŸããããDockerfileã§syntax=..
ãã£ã¬ã¯ãã£ãã䜿çšããŠãããããµããŒãããããã³ããšã³ãã䜿çšã§ããŸãïŒãã«ãªã¯ãšã¹ãã®äŸ/æé ãåç
§ïŒã
ãã®ãã«ãªã¯ãšã¹ãã¯ã次ã®18.09ãªãªãŒã¹ã®äžéšã«ãªããŸãã
ããã¯18.09ãªãªãŒã¹ã§å©çšã§ããããã«ãªããŸããã ãã®ã¹ã¬ããã¯ãªãªãŒã¹ããŒããšããã£ã¢ã ãã¹ãã®åã«åºãŠããã®ã§ãããã§ã¯ãã¹ãã¹ãããŸãã
ãªãªãŒã¹ããŒãïŒ
https://docs.docker.com/develop/develop-images/build_enhancements/#using -ssh-to-access-private-data-in-builds
ããã£ã¢ã ãã¹ãïŒ
https://medium.com/@tonistiigi/build -secrets-and-ssh-forwarding-in-docker-18-09-ae8161d066
ãšãŠãããããããã
@kalenpã¯https://github.com/moby/buildkit/issues/760ããã³https://github.com/moby/buildkit/issues/825ãåç §ããŠãã ãã
docker build --ssh
ãããã®ã§ããããéããããšãã§ãããšæããŸã
ããã§é¢é£ããäœæã®åé¡ïŒdocker / composeïŒ6865ã 䜿çšããæ©èœSSHãšãŒãžã§ã³ããœã±ãããäœæãã次ã®ãªãªãŒã¹åè£ã§ãã1.25.0-rc3ïŒãªãªãŒã¹ïŒã«å°éããããšã瀺ãããŠããã³ã³ãããŒã«å ¬éããŸãã
æãåèã«ãªãã³ã¡ã³ã
@ kienpham2000 ããªããã®ãœãªã¥ãŒã·ã§ã³ã¯ç»åã¬ã€ã€ãŒã«ããŒãä¿æããªãã®ã§ããïŒ ããŒã®ã³ããŒãšåé€ã®ã¢ã¯ã·ã§ã³ã¯å¥ã ã®ã³ãã³ãã§å®è¡ããããããããŒãæã€å¿ èŠã®ããã¬ã€ã€ãŒããããŸãã
ç§ãã¡ã®ããŒã ã¯æšæ¥ãŸã§ããªãã®ãœãªã¥ãŒã·ã§ã³ã䜿çšããŠããŸããããæ¹åããããœãªã¥ãŒã·ã§ã³ãèŠã€ããŸããïŒ
ããã1ã€ã®ã³ãã³ãã§å®è¡ãããšãsshããŒã¯ã©ã®ã¬ã€ã€ãŒã«ãä¿åãããŸããããäºå眲åURLã¯ä¿åãããŸããããã¯ã5ååŸã«URLãç¡å¹ã«ãªããããåé¡ãããŸããã
ãã«ãã¹ã¯ãªããã¯æ¬¡ã®ããã«ãªããŸãã
Dockerfileã¯æ¬¡ã®ããã«ãªããŸãã