github.com/circular-dark/docker@v1.7.0/docs/articles/cfengine_process_management.md (about) 1 <!--[metadata]> 2 +++ 3 title = "Process management with CFEngine" 4 description = "Managing containerized processes with CFEngine" 5 keywords = ["cfengine, process, management, usage, docker, documentation"] 6 [menu.main] 7 parent = "smn_third_party" 8 +++ 9 <![end-metadata]--> 10 11 # Process management with CFEngine 12 13 Create Docker containers with managed processes. 14 15 Docker monitors one process in each running container and the container 16 lives or dies with that process. By introducing CFEngine inside Docker 17 containers, we can alleviate a few of the issues that may arise: 18 19 - It is possible to easily start multiple processes within a 20 container, all of which will be managed automatically, with the 21 normal `docker run` command. 22 - If a managed process dies or crashes, CFEngine will start it again 23 within 1 minute. 24 - The container itself will live as long as the CFEngine scheduling 25 daemon (cf-execd) lives. With CFEngine, we are able to decouple the 26 life of the container from the uptime of the service it provides. 27 28 ## How it works 29 30 CFEngine, together with the cfe-docker integration policies, are 31 installed as part of the Dockerfile. This builds CFEngine into our 32 Docker image. 33 34 The Dockerfile's `ENTRYPOINT` takes an arbitrary 35 amount of commands (with any desired arguments) as parameters. When we 36 run the Docker container these parameters get written to CFEngine 37 policies and CFEngine takes over to ensure that the desired processes 38 are running in the container. 39 40 CFEngine scans the process table for the `basename` of the commands given 41 to the `ENTRYPOINT` and runs the command to start the process if the `basename` 42 is not found. For example, if we start the container with 43 `docker run "/path/to/my/application parameters"`, CFEngine will look for a 44 process named `application` and run the command. If an entry for `application` 45 is not found in the process table at any point in time, CFEngine will execute 46 `/path/to/my/application parameters` to start the application once again. The 47 check on the process table happens every minute. 48 49 Note that it is therefore important that the command to start your 50 application leaves a process with the basename of the command. This can 51 be made more flexible by making some minor adjustments to the CFEngine 52 policies, if desired. 53 54 ## Usage 55 56 This example assumes you have Docker installed and working. We will 57 install and manage `apache2` and `sshd` 58 in a single container. 59 60 There are three steps: 61 62 1. Install CFEngine into the container. 63 2. Copy the CFEngine Docker process management policy into the 64 containerized CFEngine installation. 65 3. Start your application processes as part of the `docker run` command. 66 67 ### Building the image 68 69 The first two steps can be done as part of a Dockerfile, as follows. 70 71 FROM ubuntu 72 MAINTAINER Eystein Måløy Stenberg <eytein.stenberg@gmail.com> 73 74 RUN apt-get update && apt-get install -y wget lsb-release unzip ca-certificates 75 76 # install latest CFEngine 77 RUN wget -qO- http://cfengine.com/pub/gpg.key | apt-key add - 78 RUN echo "deb http://cfengine.com/pub/apt $(lsb_release -cs) main" > /etc/apt/sources.list.d/cfengine-community.list 79 RUN apt-get update && apt-get install -y cfengine-community 80 81 # install cfe-docker process management policy 82 RUN wget https://github.com/estenberg/cfe-docker/archive/master.zip -P /tmp/ && unzip /tmp/master.zip -d /tmp/ 83 RUN cp /tmp/cfe-docker-master/cfengine/bin/* /var/cfengine/bin/ 84 RUN cp /tmp/cfe-docker-master/cfengine/inputs/* /var/cfengine/inputs/ 85 RUN rm -rf /tmp/cfe-docker-master /tmp/master.zip 86 87 # apache2 and openssh are just for testing purposes, install your own apps here 88 RUN apt-get update && apt-get install -y openssh-server apache2 89 RUN mkdir -p /var/run/sshd 90 RUN echo "root:password" | chpasswd # need a password for ssh 91 92 ENTRYPOINT ["/var/cfengine/bin/docker_processes_run.sh"] 93 94 By saving this file as Dockerfile to a working directory, you can then build 95 your image with the docker build command, e.g., 96 `docker build -t managed_image`. 97 98 ### Testing the container 99 100 Start the container with `apache2` and `sshd` running and managed, forwarding 101 a port to our SSH instance: 102 103 $ docker run -p 127.0.0.1:222:22 -d managed_image "/usr/sbin/sshd" "/etc/init.d/apache2 start" 104 105 We now clearly see one of the benefits of the cfe-docker integration: it 106 allows to start several processes as part of a normal `docker run` command. 107 108 We can now log in to our new container and see that both `apache2` and `sshd` 109 are running. We have set the root password to "password" in the Dockerfile 110 above and can use that to log in with ssh: 111 112 ssh -p222 root@127.0.0.1 113 114 ps -ef 115 UID PID PPID C STIME TTY TIME CMD 116 root 1 0 0 07:48 ? 00:00:00 /bin/bash /var/cfengine/bin/docker_processes_run.sh /usr/sbin/sshd /etc/init.d/apache2 start 117 root 18 1 0 07:48 ? 00:00:00 /var/cfengine/bin/cf-execd -F 118 root 20 1 0 07:48 ? 00:00:00 /usr/sbin/sshd 119 root 32 1 0 07:48 ? 00:00:00 /usr/sbin/apache2 -k start 120 www-data 34 32 0 07:48 ? 00:00:00 /usr/sbin/apache2 -k start 121 www-data 35 32 0 07:48 ? 00:00:00 /usr/sbin/apache2 -k start 122 www-data 36 32 0 07:48 ? 00:00:00 /usr/sbin/apache2 -k start 123 root 93 20 0 07:48 ? 00:00:00 sshd: root@pts/0 124 root 105 93 0 07:48 pts/0 00:00:00 -bash 125 root 112 105 0 07:49 pts/0 00:00:00 ps -ef 126 127 If we stop apache2, it will be started again within a minute by 128 CFEngine. 129 130 service apache2 status 131 Apache2 is running (pid 32). 132 service apache2 stop 133 * Stopping web server apache2 ... waiting [ OK ] 134 service apache2 status 135 Apache2 is NOT running. 136 # ... wait up to 1 minute... 137 service apache2 status 138 Apache2 is running (pid 173). 139 140 ## Adapting to your applications 141 142 To make sure your applications get managed in the same manner, there are 143 just two things you need to adjust from the above example: 144 145 - In the Dockerfile used above, install your applications instead of 146 `apache2` and `sshd`. 147 - When you start the container with `docker run`, 148 specify the command line arguments to your applications rather than 149 `apache2` and `sshd`.