github.com/circular-dark/docker@v1.7.0/docs/articles/cfengine_process_management.md (about)

     1  <!--[metadata]>
     2  +++
     3  title = "Process management with CFEngine"
     4  description = "Managing containerized processes with CFEngine"
     5  keywords = ["cfengine, process, management, usage, docker,  documentation"]
     6  [menu.main]
     7  parent = "smn_third_party"
     8  +++
     9  <![end-metadata]-->
    10  
    11  # Process management with CFEngine
    12  
    13  Create Docker containers with managed processes.
    14  
    15  Docker monitors one process in each running container and the container
    16  lives or dies with that process. By introducing CFEngine inside Docker
    17  containers, we can alleviate a few of the issues that may arise:
    18  
    19   - It is possible to easily start multiple processes within a
    20     container, all of which will be managed automatically, with the
    21     normal `docker run` command.
    22   - If a managed process dies or crashes, CFEngine will start it again
    23     within 1 minute.
    24   - The container itself will live as long as the CFEngine scheduling
    25     daemon (cf-execd) lives. With CFEngine, we are able to decouple the
    26     life of the container from the uptime of the service it provides.
    27  
    28  ## How it works
    29  
    30  CFEngine, together with the cfe-docker integration policies, are
    31  installed as part of the Dockerfile. This builds CFEngine into our
    32  Docker image.
    33  
    34  The Dockerfile's `ENTRYPOINT` takes an arbitrary
    35  amount of commands (with any desired arguments) as parameters. When we
    36  run the Docker container these parameters get written to CFEngine
    37  policies and CFEngine takes over to ensure that the desired processes
    38  are running in the container.
    39  
    40  CFEngine scans the process table for the `basename` of the commands given
    41  to the `ENTRYPOINT` and runs the command to start the process if the `basename`
    42  is not found. For example, if we start the container with
    43  `docker run "/path/to/my/application parameters"`, CFEngine will look for a
    44  process named `application` and run the command. If an entry for `application`
    45  is not found in the process table at any point in time, CFEngine will execute
    46  `/path/to/my/application parameters` to start the application once again. The
    47  check on the process table happens every minute.
    48  
    49  Note that it is therefore important that the command to start your
    50  application leaves a process with the basename of the command. This can
    51  be made more flexible by making some minor adjustments to the CFEngine
    52  policies, if desired.
    53  
    54  ## Usage
    55  
    56  This example assumes you have Docker installed and working. We will
    57  install and manage `apache2` and `sshd`
    58  in a single container.
    59  
    60  There are three steps:
    61  
    62  1. Install CFEngine into the container.
    63  2. Copy the CFEngine Docker process management policy into the
    64     containerized CFEngine installation.
    65  3. Start your application processes as part of the `docker run` command.
    66  
    67  ### Building the image
    68  
    69  The first two steps can be done as part of a Dockerfile, as follows.
    70  
    71      FROM ubuntu
    72      MAINTAINER Eystein Måløy Stenberg <eytein.stenberg@gmail.com>
    73  
    74      RUN apt-get update && apt-get install -y wget lsb-release unzip ca-certificates
    75  
    76      # install latest CFEngine
    77      RUN wget -qO- http://cfengine.com/pub/gpg.key | apt-key add -
    78      RUN echo "deb http://cfengine.com/pub/apt $(lsb_release -cs) main" > /etc/apt/sources.list.d/cfengine-community.list
    79      RUN apt-get update && apt-get install -y cfengine-community
    80  
    81      # install cfe-docker process management policy
    82      RUN wget https://github.com/estenberg/cfe-docker/archive/master.zip -P /tmp/ && unzip /tmp/master.zip -d /tmp/
    83      RUN cp /tmp/cfe-docker-master/cfengine/bin/* /var/cfengine/bin/
    84      RUN cp /tmp/cfe-docker-master/cfengine/inputs/* /var/cfengine/inputs/
    85      RUN rm -rf /tmp/cfe-docker-master /tmp/master.zip
    86  
    87      # apache2 and openssh are just for testing purposes, install your own apps here
    88      RUN apt-get update && apt-get install -y openssh-server apache2
    89      RUN mkdir -p /var/run/sshd
    90      RUN echo "root:password" | chpasswd  # need a password for ssh
    91  
    92      ENTRYPOINT ["/var/cfengine/bin/docker_processes_run.sh"]
    93  
    94  By saving this file as Dockerfile to a working directory, you can then build
    95  your image with the docker build command, e.g.,
    96  `docker build -t managed_image`.
    97  
    98  ### Testing the container
    99  
   100  Start the container with `apache2` and `sshd` running and managed, forwarding
   101  a port to our SSH instance:
   102  
   103      $ docker run -p 127.0.0.1:222:22 -d managed_image "/usr/sbin/sshd" "/etc/init.d/apache2 start"
   104  
   105  We now clearly see one of the benefits of the cfe-docker integration: it
   106  allows to start several processes as part of a normal `docker run` command.
   107  
   108  We can now log in to our new container and see that both `apache2` and `sshd`
   109  are running. We have set the root password to "password" in the Dockerfile
   110  above and can use that to log in with ssh:
   111  
   112      ssh -p222 root@127.0.0.1
   113  
   114      ps -ef
   115      UID        PID  PPID  C STIME TTY          TIME CMD
   116      root         1     0  0 07:48 ?        00:00:00 /bin/bash /var/cfengine/bin/docker_processes_run.sh /usr/sbin/sshd /etc/init.d/apache2 start
   117      root        18     1  0 07:48 ?        00:00:00 /var/cfengine/bin/cf-execd -F
   118      root        20     1  0 07:48 ?        00:00:00 /usr/sbin/sshd
   119      root        32     1  0 07:48 ?        00:00:00 /usr/sbin/apache2 -k start
   120      www-data    34    32  0 07:48 ?        00:00:00 /usr/sbin/apache2 -k start
   121      www-data    35    32  0 07:48 ?        00:00:00 /usr/sbin/apache2 -k start
   122      www-data    36    32  0 07:48 ?        00:00:00 /usr/sbin/apache2 -k start
   123      root        93    20  0 07:48 ?        00:00:00 sshd: root@pts/0
   124      root       105    93  0 07:48 pts/0    00:00:00 -bash
   125      root       112   105  0 07:49 pts/0    00:00:00 ps -ef
   126  
   127  If we stop apache2, it will be started again within a minute by
   128  CFEngine.
   129  
   130      service apache2 status
   131       Apache2 is running (pid 32).
   132      service apache2 stop
   133               * Stopping web server apache2 ... waiting    [ OK ]
   134      service apache2 status
   135       Apache2 is NOT running.
   136      # ... wait up to 1 minute...
   137      service apache2 status
   138       Apache2 is running (pid 173).
   139  
   140  ## Adapting to your applications
   141  
   142  To make sure your applications get managed in the same manner, there are
   143  just two things you need to adjust from the above example:
   144  
   145   - In the Dockerfile used above, install your applications instead of
   146     `apache2` and `sshd`.
   147   - When you start the container with `docker run`,
   148     specify the command line arguments to your applications rather than
   149     `apache2` and `sshd`.