jun 2016 log

2016-06-27

personal memo

• https://talks.golang.org/2012/10things.slide
• https://www.appneta.com/blog/automated-testing-with-docker/
• http://developers.linecorp.com/blog/ja/?p=3392
• https://thepracticalsysadmin.com/ecs-cluster-turnup-with-coreos-and-terraform/
• http://postd.cc/eight-docker-development-patterns/
• http://yut.hatenablog.com/entry/20130617/1371425713

2016-06-07

set timezone and ecs-agent to coreos

• userdata

#cloud-config

coreos:
 units:
   -
     name: settimezone.service
     command: start
     content: |
       [Unit]
       Description=Set Timezone
       [Service]
       ExecStart=/usr/bin/timedatectl set-timezone Asia/Tokyo
       RemainAfterExit=yes
       Type=oneshot
   -
     name: amazon-ecs-agent.service
     command: start
     runtime: true
     content: |
       [Unit]
       Description=AWS ECS Agent
       Documentation=https://docs.aws.amazon.com/AmazonECS/latest/developerguide/
       Requires=docker.socket
       After=docker.socket
       [Service]
       Environment=ECS_CLUSTER=your-ecs-cluster-name
       Environment=ECS_LOGLEVEL=info
       Environment=ECS_VERSION=latest
       Restart=on-failure
       RestartSec=30
       RestartPreventExitStatus=5
       SyslogIdentifier=ecs-agent
       ExecStartPre=-/bin/mkdir -p /var/log/ecs /var/ecs-data /etc/ecs
       ExecStartPre=-/usr/bin/touch /etc/ecs/ecs.config
       ExecStartPre=-/usr/bin/docker kill ecs-agent
       ExecStartPre=-/usr/bin/docker rm ecs-agent
       ExecStartPre=/usr/bin/docker pull amazon/amazon-ecs-agent:${ECS_VERSION}
       ExecStart=/usr/bin/docker run --name ecs-agent \
                                     --env-file=/etc/ecs/ecs.config \
                                     --volume=/var/run/docker.sock:/var/run/docker.sock \
                                     --volume=/var/log/ecs:/log \
                                     --volume=/var/ecs-data:/data \
                                     --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro \
                                     --volume=/run/docker/execdriver/native:/var/lib/docker/execdriver/native:ro \
                                     --publish=127.0.0.1:51678:51678 \
                                     --env=ECS_LOGFILE=/log/ecs-agent.log \
                                     --env=ECS_LOGLEVEL=${ECS_LOGLEVEL} \
                                     --env=ECS_DATADIR=/data \
                                     --env=ECS_CLUSTER=${ECS_CLUSTER} \
                                     --env=ECS_AVAILABLE_LOGGING_DRIVERS=[\"json-file\",\"syslog\",\"fluentd\",\"awslogs\"] \
                                     amazon/amazon-ecs-agent:${ECS_VERSION}

2016-06-06

docker security check

• run your docker containers e.g. via docker-compose
• then git clone https://github.com/docker/docker-bench-security.git
• cd docker-bench-security
• docker-compose run –rm docker-bench-security
• docker-bench-security prints security check result via stdout