github.com/hustcat/docker@v1.3.3-0.20160314103604-901c67a8eeab/docs/admin/cfengine_process_management.md

github.com/hustcat/docker@v1.3.3-0.20160314103604-901c67a8eeab/docs/admin/cfengine_process_management.md (about)

     1  <!--[metadata]>
     2  +++
     3  aliases = ["/engine/articles/cfengine/"]
     4  title = "Process management with CFEngine"
     5  description = "Managing containerized processes with CFEngine"
     6  keywords = ["cfengine, process, management, usage, docker,  documentation"]
     7  [menu.main]
     8  parent = "engine_admin"
     9  +++
    10  <![end-metadata]-->
    11  
    12  # Process management with CFEngine
    13  
    14  Create Docker containers with managed processes.
    15  
    16  Docker monitors one process in each running container and the container
    17  lives or dies with that process. By introducing CFEngine inside Docker
    18  containers, we can alleviate a few of the issues that may arise:
    19  
    20   - It is possible to easily start multiple processes within a
    21     container, all of which will be managed automatically, with the
    22     normal `docker run` command.
    23   - If a managed process dies or crashes, CFEngine will start it again
    24     within 1 minute.
    25   - The container itself will live as long as the CFEngine scheduling
    26     daemon (cf-execd) lives. With CFEngine, we are able to decouple the
    27     life of the container from the uptime of the service it provides.
    28  
    29  ## How it works
    30  
    31  CFEngine, together with the cfe-docker integration policies, are
    32  installed as part of the Dockerfile. This builds CFEngine into our
    33  Docker image.
    34  
    35  The Dockerfile's `ENTRYPOINT` takes an arbitrary
    36  amount of commands (with any desired arguments) as parameters. When we
    37  run the Docker container these parameters get written to CFEngine
    38  policies and CFEngine takes over to ensure that the desired processes
    39  are running in the container.
    40  
    41  CFEngine scans the process table for the `basename` of the commands given
    42  to the `ENTRYPOINT` and runs the command to start the process if the `basename`
    43  is not found. For example, if we start the container with
    44  `docker run "/path/to/my/application parameters"`, CFEngine will look for a
    45  process named `application` and run the command. If an entry for `application`
    46  is not found in the process table at any point in time, CFEngine will execute
    47  `/path/to/my/application parameters` to start the application once again. The
    48  check on the process table happens every minute.
    49  
    50  Note that it is therefore important that the command to start your
    51  application leaves a process with the basename of the command. This can
    52  be made more flexible by making some minor adjustments to the CFEngine
    53  policies, if desired.
    54  
    55  ## Usage
    56  
    57  This example assumes you have Docker installed and working. We will
    58  install and manage `apache2` and `sshd`
    59  in a single container.
    60  
    61  There are three steps:
    62  
    63  1. Install CFEngine into the container.
    64  2. Copy the CFEngine Docker process management policy into the
    65     containerized CFEngine installation.
    66  3. Start your application processes as part of the `docker run` command.
    67  
    68  ### Building the image
    69  
    70  The first two steps can be done as part of a Dockerfile, as follows.
    71  
    72      FROM ubuntu
    73      MAINTAINER Eystein Måløy Stenberg <eytein.stenberg@gmail.com>
    74  
    75      RUN apt-get update && apt-get install -y wget lsb-release unzip ca-certificates
    76  
    77      # install latest CFEngine
    78      RUN wget -qO- http://cfengine.com/pub/gpg.key | apt-key add -
    79      RUN echo "deb http://cfengine.com/pub/apt $(lsb_release -cs) main" > /etc/apt/sources.list.d/cfengine-community.list
    80      RUN apt-get update && apt-get install -y cfengine-community
    81  
    82      # install cfe-docker process management policy
    83      RUN wget https://github.com/estenberg/cfe-docker/archive/master.zip -P /tmp/ && unzip /tmp/master.zip -d /tmp/
    84      RUN cp /tmp/cfe-docker-master/cfengine/bin/* /var/cfengine/bin/
    85      RUN cp /tmp/cfe-docker-master/cfengine/inputs/* /var/cfengine/inputs/
    86      RUN rm -rf /tmp/cfe-docker-master /tmp/master.zip
    87  
    88      # apache2 and openssh are just for testing purposes, install your own apps here
    89      RUN apt-get update && apt-get install -y openssh-server apache2
    90      RUN mkdir -p /var/run/sshd
    91      RUN echo "root:password" | chpasswd  # need a password for ssh
    92  
    93      ENTRYPOINT ["/var/cfengine/bin/docker_processes_run.sh"]
    94  
    95  By saving this file as Dockerfile to a working directory, you can then build
    96  your image with the docker build command, e.g.,
    97  `docker build -t managed_image`.
    98  
    99  ### Testing the container
   100  
   101  Start the container with `apache2` and `sshd` running and managed, forwarding
   102  a port to our SSH instance:
   103  
   104      $ docker run -p 127.0.0.1:222:22 -d managed_image "/usr/sbin/sshd" "/etc/init.d/apache2 start"
   105  
   106  We now clearly see one of the benefits of the cfe-docker integration: it
   107  allows to start several processes as part of a normal `docker run` command.
   108  
   109  We can now log in to our new container and see that both `apache2` and `sshd`
   110  are running. We have set the root password to "password" in the Dockerfile
   111  above and can use that to log in with ssh:
   112  
   113      ssh -p222 root@127.0.0.1
   114  
   115      ps -ef
   116      UID        PID  PPID  C STIME TTY          TIME CMD
   117      root         1     0  0 07:48 ?        00:00:00 /bin/bash /var/cfengine/bin/docker_processes_run.sh /usr/sbin/sshd /etc/init.d/apache2 start
   118      root        18     1  0 07:48 ?        00:00:00 /var/cfengine/bin/cf-execd -F
   119      root        20     1  0 07:48 ?        00:00:00 /usr/sbin/sshd
   120      root        32     1  0 07:48 ?        00:00:00 /usr/sbin/apache2 -k start
   121      www-data    34    32  0 07:48 ?        00:00:00 /usr/sbin/apache2 -k start
   122      www-data    35    32  0 07:48 ?        00:00:00 /usr/sbin/apache2 -k start
   123      www-data    36    32  0 07:48 ?        00:00:00 /usr/sbin/apache2 -k start
   124      root        93    20  0 07:48 ?        00:00:00 sshd: root@pts/0
   125      root       105    93  0 07:48 pts/0    00:00:00 -bash
   126      root       112   105  0 07:49 pts/0    00:00:00 ps -ef
   127  
   128  If we stop apache2, it will be started again within a minute by
   129  CFEngine.
   130  
   131      service apache2 status
   132       Apache2 is running (pid 32).
   133      service apache2 stop
   134               * Stopping web server apache2 ... waiting    [ OK ]
   135      service apache2 status
   136       Apache2 is NOT running.
   137      # ... wait up to 1 minute...
   138      service apache2 status
   139       Apache2 is running (pid 173).
   140  
   141  ## Adapting to your applications
   142  
   143  To make sure your applications get managed in the same manner, there are
   144  just two things you need to adjust from the above example:
   145  
   146   - In the Dockerfile used above, install your applications instead of
   147     `apache2` and `sshd`.
   148   - When you start the container with `docker run`,
   149     specify the command line arguments to your applications rather than
   150     `apache2` and `sshd`.