LinuxコンテナとLXC入門 (2015-09-13) / 1st kistudy

by tenforward

Slide 1

Slide 1 text

LinuxίϯςφͱLXCೖ໳ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ Ճ౻ହจ 2015-09-13 Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 1 / 58

Slide 2

Slide 2 text

ࣗݾ঺հ Ճ౻ହจ http://www.ten-forward.ws/ @ten forward http://gplus.to/tenforward https://github.com/tenforward http://d.hatena.ne.jp/deﬁant/ (ٕज़ϒϩά) Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 2 / 58

Slide 3

Slide 3 text

ࣗݾ঺հ ϑΝʔεταʔόɹج൫։ൃ෦ɹॴଐ ৽ϒϥϯυͷϗεςΟϯάαʔϏε͸͡Ί·ͨ͠ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 3 / 58

Slide 4

Slide 4 text

ࣗݾ঺հ Plamo Linux ϝϯςφ LXC ͰֶͿίϯςφೖ໳ɹʔܰྔԾ૝Խ؀ڥΛ࣮ݱ͢Δٕज़ gihyo.jp Ͱ࿈ࡌ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 4 / 58

Slide 5

Slide 5 text

ࣗݾ঺հ LXC ͷ։ൃʹগ͠ࢀՃ man page ͷ೔ຊޠ༁ ެࣜϖʔδ (linuxcontainers.org) ຋༁ όάϑΟοΫεͳͲগ͚ͩ͠ίʔυʹ΋ߩݙ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 5 / 58

Slide 6

Slide 6 text

࣭໰ɿΈͳ͞Μʹͱͬͯͷίϯ ςφ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 6 / 58

Slide 7

Slide 7 text

౰વίϨͰ͠ΐ͏ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 7 / 58

Slide 8

Slide 8 text

σʔληϯλʔ͡ΌͶʁ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 8 / 58

Slide 9

Slide 9 text

࠷ۙྲྀߦͬͯΔΒ͍͚͠ͲԿʁ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 9 / 58

Slide 10

Slide 10 text

Docker஌ͬͯΔΑ LXC஌ͬͯΔΑ OpenVZ஌ͬͯΔΑ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 10 / 58

Slide 11

Slide 11 text

Docker࢖ͬͨ͜ͱ͋ΔΑ LXC࢖ͬͨ͜ͱ͋ΔΑ OpenVZ࢖ͬͨ͜ͱ͋ΔΑ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 11 / 58

Slide 12

Slide 12 text

ࠓ೔ͷ໨ඪ ίϯςφͷ֓ཁΛཧղ͢Δ Linux Χʔωϧʹ࣮૷͞Ε͍ͯΔίϯςφؔ࿈ػೳͷ֓ཁΛ ཧղ͢Δ LXC ͷجຊతͳಈ͖Λཧղ͢Δ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 12 / 58

Slide 13

Slide 13 text

ࠓ೔ͷ಺༰ ίϯςφͷ֓ཁ Linux ʹ͓͚Δίϯςφͷ࢓૊Έ LXC ͷ঺հ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 13 / 58

Slide 14

Slide 14 text

ίϯςφ֓ཁ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 14 / 58

Slide 15

Slide 15 text

ίϯςφͱ͸ Ծ૝తͳίϯϐϡʔλɾγεςϜΛ࠶ݱ͢ΔԾ૝Ϛγϯʹର ͯ͠ɺԾ૝తͳ OS ؀ڥΛఏڙ͢Δ ˠ OS ϨϕϧͷԾ૝Խ Χʔωϧ͔ΒݟΔͱී௨ʹϓϩηε͕ىಈ͢Δ͚ͩ ىಈ͢Δࡍʹִ཭Λࢦࣔ͢Δ ΧʔωϧͷػೳͰ (ෳ਺ͷ) ಠཱۭͨؒ͠Λ࡞Γग़͠ɼϦιʔ εΛ෼ׂɾ෼഑͢Δ ϓϩηεΛάϧʔϓԽͯ͠ଞͷάϧʔϓͱϦιʔεۭؒΛִ཭ άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ Ծ૝Խͱ͍͏ΑΓʮִ཭Խʯͱݴͬͨ΄͏͕Θ͔Γ΍͍͔͢΋ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 15 / 58

Slide 16

Slide 16 text

ίϯςφͷϝϦοτ ߴີ౓Խ͕Մೳ ىಈ͍ͯ͠Δ OS (Χʔωϧ) ͸Ұͭ Φʔόʔϔου͕খ͍͞ ϋʔυ΢ΣΞͷԾ૝Խ͕ෆཁ ىಈ͕ૣ͍ Ծ૝ϚγϯͷىಈͰ͸ͳ͘ɼϗετ OS ͔ΒݟͨΒ୯ʹϓϩ ηε͕ىಈ͍ͯ͠Δ͚ͩͳͷͰɼී௨ͷϓϩάϥϜ͕ىಈ͢Δ ͷͱ΄ͱΜͲมΘΒͳ͍ ඞͣ͠΋γεςϜΛಈ͔͢ඞཁ͸ͳ͍ (ΞϓϦέʔγϣϯί ϯςφ) ྫ͑͹ίϯςφ಺Ͱ͸ httpd ͷΈ͕ಈ͍͍ͯΔ ίϯςφʹϝϞϦΛݻఆతʹׂΓ౰ͯΔඞཁ͕ͳ͍ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 16 / 58

Slide 17

Slide 17 text

ίϯςφͷσϝϦοτ ҟͳΔ OS ͷγεςϜ / ϓϩάϥϜ͸ಈ͔ͤͳ͍ ୯ʹϗετ OS ্Ͱϓϩηε͕ىಈ͢Δ͚ͩͳͷͰ౰ͨΓલ ΧʔωϧʹؔΘΔૢ࡞͸Ͱ͖ͳ͍ ىಈ͍ͯ͠ΔΧʔωϧ͸มΘΒͳ͍ͷͰ ίϯςφຖʹϩʔυ͢ΔϞδϡʔϧΛม͑ΔͳͲ Χʔωϧͷ࣮૷͸ෳࡶʹͳΔ શͯΧʔωϧͷػೳͱ࣮ͯ͠૷͞Ε͍ͯΔͷͰ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 17 / 58

Slide 18

Slide 18 text

ࠓ೔ͷ಺༰ ίϯςφͷ֓ཁ Linux ʹ͓͚Δίϯςφͷ࢓૊Έ LXC ͷ঺հ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 18 / 58

Slide 19

Slide 19 text

Linuxʹ͓͚Δίϯςφͷ࢓ ૊Έ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 19 / 58

Slide 20

Slide 20 text

Linuxʹ͓͚Δίϯςφ͸Χʔωϧʹʰίϯ ςφʱͱ͍͏୯Ұͷػೳ͕࣮૷͞Ε࣮ͯݱ͠ ͍ͯΔΘ͚Ͱ͸͋Γ·ͤΜ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 20 / 58

Slide 21

Slide 21 text

Linux ͰίϯςφΛ࣮ݱ͢ΔͨΊͷػೳ Linux Χʔωϧʹؚ·ΕΔ৭ʑͳػೳΛ૊Έ߹Θͤͯίϯςφ؀ ڥΛ࡞੒͢ΔɻͦΕͧΕͷػೳ͸ίϯςφઐ༻ͷػೳͱ͍͏Θ͚ Ͱ͸ͳ͍ɻ ϓϩηεΛάϧʔϓԽͯ͠ଞͷάϧʔϓͱִ཭ OS Ϧιʔεͷִ཭ ˠ Namespace (໊લۭؒ) άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ ϗετͷ෺ཧϦιʔεʹର͢Δ੍ݶ ˠ Cgroup (control group) Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 21 / 58

Slide 22

Slide 22 text

LinuxͰίϯςφΛ࣮ݱ͢ΔͨΊͷػೳ ͦͷଞ ωοτϫʔΫ (veth, macvlan ͳͲ) έʔύϏϦςΟ chroot (pivot root) bind mount Checkpoint/Restore (CRIU) ͳͲͳͲ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 22 / 58

Slide 23

Slide 23 text

Linuxʹ͓͚Δίϯςφͷ࢓૊Έ Namespace Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 23 / 58

Slide 24

Slide 24 text

Namespace(໊લۭؒ) ִ཭͍ͨ͠ OS Ϧιʔε͝ͱʹ Namespace ͕४උ͞ΕΔ Ұ෦ͷ Namespace ͚ͩ࢖༻ִͯ͠཭؀ڥΛ࡞Δ͜ͱ͕Ͱ͖Δ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 24 / 58

Slide 25

Slide 25 text

Namespace ͷछྨ (1) Mount Namespace: 2.4.19 ϓϩηε͔Βݟ͍͑ͯΔϚ΢ϯτͷू߹ɼૢ࡞Λ෼཭͢Δɽ Namespace ಺ͷ mount, umount ͸ଞͷ Namespace ʹ͸Ө ڹ͠ͳ͍ (ࢀߟ) Ϛ΢ϯτ໊લۭؒΛద༻͢Δ (IBM developerWorks) UTS Namespace: 2.6.19 ϗετ໊ͳͲɼuname(2) ͕ฦ͢஋ͷू߹Λ෼཭ɽ setdomainname(2), sethostname(2) Ͱ Namespace ಺ͷ஋ ͷΈมߋͰ͖Δ PID Namespace: 2.6.24 PID ۭؒͷ෼཭ɽ৽͍͠ PID Namespace Ͱ͸ PID 1 ͔Β࢝ ·Δ PID ׂ͕Γ౰ͯΒΕΔɽ਌͔Βࢠͷ PID Namespace ͸ ݟ͑Δ (਌ͷۭؒͷ PID Λ࣋ͭ) ͕ɼࢠ͔Β਌͸ݟ͑ͳ͍ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 25 / 58

Slide 26

Slide 26 text

Namespace ͷछྨ (2) IPC Namespace: 2.6.19 SysV IPC ΦϒδΣΫτɼPOSIX ϝοηʔδΩϡʔͷִ཭ User Namespace: 2.6.23 ˜ 3.8 ಠཱͨ͠ UID/GID ۭؒͱ֎෦ۭؒͷϚοϐϯά (ྫ͑͹ɼִ ཭ۭؒͰ͸ uid/gid 0/0ɼ֎෦Ͱ͸ 1000/1000 ͱ͔Մೳʹ ͳΔ) Network Namespace: 2.6.26 ωοτϫʔΫϦιʔεͷִ཭ɽωοτϫʔΫσόΠεɼΞυϨ εɼϧʔςΟϯάςʔϒϧɼιέοτɼϑΟϧλϦϯά Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 26 / 58

Slide 27

Slide 27 text

Linuxʹ͓͚Δίϯςφͷ࢓૊Έ Cgroup Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 27 / 58

Slide 28

Slide 28 text

Cgroupͱ͸ ϓϩηεΛάϧʔϓԽ͠ɺάϧʔϓʹରͯ͠Ϧιʔε੍ݶΛߦ͏ɻ ίϯςφઐ༻ͷ࢓૊ΈͰ͸ͳ͍ɻ Cgroup ͷಛ௃ ػೳ͝ͱʹαϒγεςϜʹ෼͔ΕΔ cgroupfs ΛϚ΢ϯτͯ͠σΟϨΫτϦͰάϧʔϓΛද͢ ϓϩηεΛάϧʔϓ಺ͷ tasks ϑΝΠϧʹ௥Ճ͢Δͱؔ࿈͢Δ λεΫ͕εϨου୯ҐͰάϧʔϓʹ௥Ճ͞ΕΔ ෳ਺֊૚ߏ଄ɻվ଄ߏ଄͝ͱʹҟͳΔπϦʔΛ࡞੒Ͱ͖Δɻͨ ͩ͠ɺҰͭͷαϒγεςϜ͕ॴଐͰ͖ΔπϦʔ͸Ұͭ πϦʔͷͲͷϨϕϧͷάϧʔϓʹ΋λεΫ͕ॴଐͰ͖Δ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 28 / 58

Slide 29

Slide 29 text

Cgroupͷ֊૚ߏ଄ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 29 / 58

Slide 30

Slide 30 text

CgroupͷαϒγεςϜ cpu: 2.6.24 CFS(Completely Fair Scheduler) bandwidth controlɽ୯Ґ ࣌ؒ಺ͷάϧʔϓ಺ͷλεΫ͕࣮ߦͰ͖Δ߹ܭ࣌ؒΛ੍ݶ͢Δ (3.2 Ͱ࣮૷) ૬ର഑෼ɽάϧʔϓؒͷ CPU ࣌ؒͷׂ౰ͷׂ߹Λࢦఆ͢Δɽ ྫ͑͹ GroupA=100,GroupB=50 ͱ͢Δͱ A:B=2:1 cpuacct: 2.6.24 άϧʔϓ಺ͷ CPU ϦιʔεͷϨϙʔτ (CPU ࣌ؒ) cpuset: 2.6.24 ׂΓ౰ͯΔ CPU, ϝϞϦϊʔυͷׂ౰ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 30 / 58

Slide 31

Slide 31 text

CgroupͷαϒγεςϜ device: 2.6.26 σόΠε΁ͷΞΫηεڐՄɼ੍ݶͷࢦఆ freezer: 2.6.28 άϧʔϓ಺ͷϓϩηεΛશͯҰ࣌ఀࢭ͢Δ memory: 2.6.29 ϝϞϦϦιʔεͷ੍ݶ (ϢʔβϝϞϦɼΧʔωϧϝϞϦ) blkio (Block IO): I/O weight controller(2.6.33 Ҏ߱) άϧʔϓͷ༏ઌ౓Λࢦఆ ͢Δ I/O throttling(2.6.37 Ҏ߱) άϧʔϓ಺ͷϓϩηεͷσόΠ εʹର͢Δૢ࡞਺ͷ߹ܭͷࢦఆ (ࢀߟ)Linux2.6.37 ͷ৽ػೳ “I/O throttling” Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 31 / 58

Slide 32

Slide 32 text

CgroupͷαϒγεςϜ hugetlb: 3.6 cgroup ͔Βͷ hugetlb ͷ࢖༻ perf event: 2.6.39 άϧʔϓ୯ҐͰ perf πʔϧͰϞχλϦϯά (ύϑΥʔϚϯε ղੳ) net cls: 2.6.29 ύέοτʹࣝผࢠΛ͚ͭɼτϥϑΟοΫίϯτϩʔϧ (tc) ͱ netﬁlter(3.14 Ҏ߱) ͰίϯτϩʔϧՄೳʹ Linux 3.14 Ͱ net cls cgroup ʹ௥Ճ͞Εͨ netﬁlter ରԠ net prio: 3.3 άϧʔϓؒͰͷωοτϫʔΫͷ༏ઌ౓ΛΠϯλʔϑΣʔεຖʹ ࢦఆ͢Δ Linux 3.3 ͷ৽ػೳ Network priority cgroup Linux 3.3 ͷ৽ػೳ Network priority cgroup (2) Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 32 / 58

Slide 33

Slide 33 text

Cgroupͷ࢖͍ํ Cgroup ͸ίϯςφͱؔ܎ͳ͘࢖༻Մೳ # mount -t tmpfs cgroup_root /sys/fs/cgroup # mkdir /sys/fs/cgroup/memory # mount -t cgroup -o memory cgroup /sys/fs/cgroup/memory (ϝϞϦαϒγεςϜͷ Ϛ΢ϯτ) # mkdir /sys/fs/cgroup/memory/test01 ("test01" ͱ͍͏άϧʔϓͷ࡞੒) # echo $$ > /sys/fs/cgroup/memory/test01/tasks (ϓϩηεΛάϧʔϓʹొ࿥) # cat /sys/fs/cgroup/memory/test01/tasks (άϧʔϓ಺ͷϓϩηεͷ֬ೝ) 2824 2837 # echo 30M > /sys/fs/cgroup/memory/test01/memory.limit_in_bytes (άϧʔϓʹରͯ͠ϝϞϦ্ݶ 30M ͱ͍͏੍ݶΛઃఆ) # cat /sys/fs/cgroup/memory/test01/memory.limit_in_bytes (੍ݶ஋ͷ֬ೝ) 31457280 # cat /sys/fs/cgroup/memory/test01/memory.usage_in_bytes (ݱࡏͷ࢖༻ྔͷ֬ೝ) 565248 Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 33 / 58

Slide 34

Slide 34 text

ࠓ೔ͷ಺༰ ίϯςφͷ֓ཁ Linux ʹ͓͚Δίϯςφͷ࢓૊Έ LXC ͷ঺հ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 34 / 58

Slide 35

Slide 35 text

LXCͱ͸ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 35 / 58

Slide 36

Slide 36 text

LXCͱ͸ Linux Χʔωϧ͕࣋ͭίϯςφؔ࿈ػೳΛ࢖͏ͨΊͷϢʔβ εϖʔεͷϥΠϒϥϦɺπʔϧ Linux Χʔωϧ͕࣋ͭίϯςφؔ࿈ػೳΛϑϧʹ׆༻ ίϯςφΛѻ͏ͨΊͷϥΠϒϥϦɺ֤छݴޠόΠϯσΟϯάɺ ϥΠϒϥϦ΍όΠϯσΟϯάΛ࢖ͬͨίϯςφૢ࡞ίϚϯυ ͔Β੒Δ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 36 / 58

Slide 37

Slide 37 text

LXCͷྺ࢙ 2008 ೥ɹ Daniel Lezcano ࢯΛத৺ʹΧʔωϧʹ࣮૷͞Εͨ ίϯςφؔ࿈ػೳΛ։ൃऀ͕ࢼͤΔΑ͏ʹ։ൃ͕࢝·Δ 2012 ೥ɹ Ubuntu 12.04 LTS ʹؚ·ΕΔ LXC Ͱ͋Δఔ౓҆ ఆͯ͠࢖͑ΔΑ͏ʹͳΔɻUbuntu ͷਓ͕࣮࣭։ൃΛҾͬ ு͍ͬͯ͘Α͏ʹͳΔ 2013 ೥ɹϝϯςφ͕ Daniel Lezcano ࢯ͔Β Serge Hallyn ࢯ ͱ St´ ephane Graber ࢯʹަ୅ɻ͓;ͨΓͱ΋ Canonical ࣾһɻ 2014 ೥ɹ LXC 1.0 ϦϦʔεɻUbuntu 14.04 LTS ͷ໨ۄػ ೳͷͻͱͭ 2015 ೥ɹ LXD 0.1 ϦϦʔεɻ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 37 / 58

Slide 38

Slide 38 text

LXCͷόʔδϣϯ 1.0 ܥɹ (1.0.7) Ubuntu 14.04 LTS ͕ EOL ʹͳΔ·Ͱα ϙʔτ͞ΕΔ LTS όʔδϣϯ 1.1 ܥɹ (1.1.3) 2016 ೥ 1 ݄·Ͱαϙʔτɻͦͷ࣌఺Ͱ 1.2 ͕ϦϦʔε͞Ε͍ͯͳ͍৔߹͸ɺ1.2 ϦϦʔεͷ 2 ϲ݄ޙ·Ͱ αϙʔτ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 38 / 58

Slide 39

Slide 39 text

LXCͷಛ௃ γεςϜίϯςφ (ίϯςφ಺Ͱ init ͕ىಈ͢Δ) ͕༰қʹߏ ஙɾىಈͰ͖Δ ΋ͪΖΜΞϓϦέʔγϣϯίϯςφ΋༰қʹىಈͰ͖Δ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 39 / 58

Slide 40

Slide 40 text

LXCͷಛ௃ ίϯςφΛ࡞੒͢ΔͨΊͷ๛෋ͳσΟετϦϏϡʔγϣϯର ԠͷςϯϓϨʔτͰ༰қʹίϯςφΠϝʔδ͕࡞੒Ͱ͖Δ ߏஙࡁΈίϯςφΠϝʔδͷμ΢ϯϩʔυ͠ίϯςφΛ࡞੒ Ͱ͖Δ ֤छݴޠόΠϯσΟϯάͷఏڙʹΑΓ৭ʑͳݴޠ͔Βίϯς φΛѻ͑Δ Python(2,3) Lua Go Ruby Haskell ҰൠϢʔβʹΑΔίϯςφͷىಈ ωετͨ͠ίϯςφ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 40 / 58

Slide 41

Slide 41 text

LXCͷಛ௃ ༷ʑͳετϨʔδόοΫΤϯυΛαϙʔτ͠ɺίϯςφΠ ϝʔδΛอଘ͢ΔྖҬʹ࢖༻͢Δ͜ͱͰ༷ʑͳϑΝΠϧγε ςϜͳͲͷಛ௃Λੜ͔ͯ͠ίϯςφΛར༻Ͱ͖Δ σΟϨΫτϦ Btrfs ZFS LVM ϧʔϓσόΠε Aufs Overlayfs NBD Ϋϩʔϯͱεφοϓγϣοτ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 41 / 58

Slide 42

Slide 42 text

LXCͷΠϯετʔϧ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 42 / 58

Slide 43

Slide 43 text

ϗετͷσΟετϦϏϡʔγϣϯΛͲ͏બͿ͔ ಈ͔͍ͨ͠ίϯςφͱಉ͡σΟετϦϏϡʔγϣϯΛબͿͷ ͕؆୯ (ͳ͸ͣ) ύοέʔδ؅ཧίϚϯυ͕ϗετ؀ڥʹ΋͋Δ ςϯϓϨʔτ΋Ұ൪ςετ͞Ε͍ͯΔ (ͩΖ͏) ͱΓ͋͑ͣ Ubuntu Ͱ΍ͬͯΈΔ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 43 / 58

Slide 44

Slide 44 text

ϗετͷσΟετϦϏϡʔγϣϯΛͲ͏બͿ͔ Ubuntu : Ұ൪؆୯ɻଟ෼Ұ൪໰୊͕ى͜Γʹ͍͘ɻΠϯε τʔϧ͢Δ͚ͩͰͱΓ͋͑ͣ࢖͑Δ Fedora : 22 Ͱࢼͨ͠Β·ͣ·ͣ؆୯ͩͬͨɻ ͱΓ͋͑ͣ࢖͏ͷʹඞཁͳϑΝΠϧ͸ೖΔ͕ɺΠϯετʔϧޙ ʹαʔϏεΛ༗ޮԽ͢Δඞཁ͕͋Δ ඞཁͳύοέʔδ͕ґଘؔ܎ͰೖΒͳ͍͜ͱ͕͋Δ (wget ͱ͔) CentOS : 6 ΋ 7 ΋ඍົ 6 ͸ݹ୅ͷΧʔωϧΛ࢖ͬͯΔ ඞཁͳύοέʔδ͕ґଘؔ܎ͰೖΒͳ͍͜ͱ͕͋Δ ωοτϫʔΫͷઃఆ͸खಈͰߦ͏ඞཁ͕͋ΔɻͱΓ͋͑ͣىಈ ͤ͞ΔͨΊͷαϯϓϧతͳઃఆϑΝΠϧͳͲ΋ೖΒͳ͍ 1.0 ܥ͸ systemd ׬શରԠͰ͸ͳ͍ɻ ςϯϓϨʔτʹෆ۩߹͋ΓɻCentOS7 ίϯςφͷىಈʹඇৗ ʹ͕͔͔࣌ؒΔɻ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 44 / 58

Slide 45

Slide 45 text

LXCͷΠϯετʔϧ Ubuntu ͷ৔߹ $ sudo apt-get install lxc Fedora ͷ৔߹ # dnf install lxc lxc-templates lxc-extra lxc-doc # sed -e ’/USE_LXC_BRIDGE/s/false/true/’ /etc/sysconfig/lxc # systemctl enable lxc-net.service # systemctl start lxc-net.service Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 45 / 58

Slide 46

Slide 46 text

ίϯςφͷ࡞੒ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 46 / 58

Slide 47

Slide 47 text

ίϯςφͷ࡞੒ํ๏ lxc-create ίϚϯυΛ࢖༻͢Δ 1 ߏஙࡁΈͷίϯςφΠϝʔδΛμ΢ϯϩʔυ͢Δ 2 ֤σΟετϦϏϡʔγϣϯ༻ͷςϯϓϨʔτΛ࢖ͬͯ࡞੒ ͢Δ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 47 / 58

Slide 48

Slide 48 text

μ΢ϯϩʔυʹΑΔߏங μ΢ϯϩʔυ༻Πϝʔδͷ࡞੒ μ΢ϯϩʔυ༻Πϝʔδ͸ɺఆظతʹ linuxcontainers.org ಺Ͱߏங͞Εɺimages.linuxcontainers.org ʹஔ͔ΕΔɻ ߏங͸ Ubuntu ϗετ্Ͱ LXC ෇ଐͷςϯϓϨʔτΛ࢖༻͠ ͯ lxc-create ίϚϯυͰ࡞੒͍ͯ͠Δ μ΢ϯϩʔυ༻ΠϝʔδΛ࢖༻ͨ͠ίϯςφͷ࡞੒ lxc-create ίϚϯυʹ download ςϯϓϨʔτΛࢦఆ͢Δ $ sudo lxc-create -t download -n ct01 -- -d ubuntu -r trusty -a amd64 Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 48 / 58

Slide 49

Slide 49 text

ςϯϓϨʔτʹΑΔߏங ςϯϓϨʔτͱ͸ lxc-create ίϚϯυ͔Βݺ͹ΕΔίϯςφΛ࡞੒͢ΔͨΊͷ εΫϦϓτɻ෇ଐ͍ͯ͠Δ΋ͷ͸γΣϧεΫϦϓτͰॻ͔Ε ͍ͯΔɻ ֤σΟετϦϏϡʔγϣϯͷύοέʔδ؅ཧίϚϯυΛ࢖༻ ͯ͠ɺίϯςφΠϝʔδΛ࡞੒͢Δɻैͬͯɺϗετ؀ڥʹ ͦͷύοέʔδ؅ཧίϚϯυ͕ͳ͚Ε͹࢖͑ͳ͍͜ͱ΋͋Δɻ ෇ଐ͍ͯ͠ΔςϯϓϨʔτ $ ls /usr/share/lxc/templates/ lxc-alpine* lxc-cirros* lxc-openmandriva* lxc-ubuntu* lxc-altlinux* lxc-debian* lxc-opensuse* lxc-ubuntu-cloud* lxc-archlinux* lxc-download* lxc-oracle* lxc-busybox* lxc-fedora* lxc-plamo* lxc-centos* lxc-gentoo* lxc-sshd* Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 49 / 58

Slide 50

Slide 50 text

ςϯϓϨʔτʹΑΔߏங lxc-create ʹ”lxc-” Λল͍ͨςϯϓϨʔτ໊Λࢦఆ͢Δ $ sudo lxc-create -t ubuntu -n ct01 Ubuntu ςϯϓϨʔτ͸ debootstrap Λ࢖ͬͯίϯςφΠ ϝʔδΛ࡞੒ Fedora ςϯϓϨʔτ͸ chroot yum CentOS ςϯϓϨʔτ͸ yum --installroot ίϚϯυ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 50 / 58

Slide 51

Slide 51 text

ίϯςφͷىಈ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 51 / 58

Slide 52

Slide 52 text

γεςϜίϯςφͷىಈ lxc-start ίϚϯυ 1.0 Ͱ͸σϑΥϧτ͸ϑΥΞάϥ΢ϯυىಈ 1.1 Ͱ͸σϑΥϧτ͸όοΫάϥ΢ϯυىಈ ৗʹ-b(όοΫάϥ΢ϯυ) or -F(ϑΥΞάϥ΢ϯυ) Λࢦఆ ͢ΔΑ͏ʹ͢Δͱྑ͍͔΋ $ sudo lxc-start -n ct01 -d Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 52 / 58

Slide 53

Slide 53 text

ΞϓϦέʔγϣϯίϯςφͷىಈ lxc-start ίϚϯυʹΑΔΞϓϦέʔγϣϯίϯςφ lxc-start ͸ίϚϯυΛࢦఆ͢Ε͹ίϯςφ಺ͰίϚϯυΛ ࣮ߦ $ sudo lxc-start -n ct01 -- /bin/bash ࢦఆͨ͠ίϚϯυ͕͙͢ʹόοΫάϥ΢ϯυʹҠߦ͢ΔΑ͏ ͳ৔߹ɺίϯςφ͕͙͢ʹऴྃͯ͠͠·͏ $ sudo lxc-start -n ct01 -- /usr/sbin/httpd -D FOREGROUND Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 53 / 58

Slide 54

Slide 54 text

ΞϓϦέʔγϣϯίϯςφͷىಈ lxc-execute ίϚϯυ ΞϓϦέʔγϣϯίϯςφ༻ͷίϚϯυ ઐ༻ͷ init ίϚϯυ (init.lxc) ΛؒʹڬΜͰࢦఆͨ͠ίϚϯυ Λ࣮ߦ ˠ ίϯςφ಺ͰσʔϞϯ͕࣮ߦͰ͖Δ init.lxc ͸ɺࢦఆͨ͠ίϚϯυͱίϚϯυ͔Βੜ੒͞Εͨ͢΂ ͯͷϓϩηεͷऴྃΛ଴ͭ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 54 / 58

Slide 55

Slide 55 text

ΞϓϦέʔγϣϯίϯςφͷىಈ ͨͩ͠ɺ1.0 ܥͰ͸ίϯςφ಺ʹࣗ෼Ͱ init.lxc ίϚϯυΛ ηοτΞοϓ͢Δඞཁ͕͋Δ (ϗετͷ/usr/sbin ʹΠϯε τʔϧ͞Ε͍ͯΔ) ˠ ڞ༗ϥΠϒϥϦ΋ಉ࣌ʹΠϯετʔϧ͢Δඞཁ͕͋ΔͳͲ ҙ֎ʹ໘౗ 1.1 ܥͰ͸ίϯςφ಺ʹ init.lxc ͕ͳ͍৔߹ɺϗετͷελ ςΟοΫϦϯΫ൛ init.lxc Λίϯςφ಺ʹ bind mount ͯ͘͠ ΕΔɻ $ sudo lxc-execute -n ct01 -- /usr/sbin/apache2ctl start Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 55 / 58

Slide 56

Slide 56 text

ىಈͨ͠ίϯςφ΁ͷΞΫηε ssh : ίϯςφͰ sshd Λىಈͤͯ͞ΞΫηε (ϦϞʔτ͔Β ͳΒ͜Ε) lxc-console : ίϯςφͷίϯιʔϧ΁ΞΫηε (ϗετ্ ͔Β) lxc-attach : ଘࡏ͢Δ Namespace ͷதʹೖΔίϚϯυ (ϗε τ্͔Β) ඞͣ͠΋ ssh ΞΫηε͢Δඞཁ͸ͳ͍ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 56 / 58

Slide 57

Slide 57 text

ىಈͨ͠ίϯςφ΁ͷΞΫηε lxc-attach Λ࢖ͬͨྫ $ sudo lxc-start -n ct01 -d $ sudo lxc-attach -n ct01 root@ct01:/# Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 57 / 58

Slide 58

Slide 58 text

ඇಛݖίϯςφ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 58 / 58

Slide 59

Slide 59 text

ඇಛݖίϯςφ User Namespace Λ࢖͍ɺҰൠϢʔβݖݶͰίϯςφΛىಈ Ͱ͖Δ ֤Ϣʔβɺάϧʔϓ͕࢖༻Ͱ͖Δαϒ UID,GID ͷൣғΛࢦఆ ͢Δ ࠷৽ͷ shadow ͔ΒࢦఆՄೳɻUbuntu ͩͱ adduser ͰϢʔβ Λ࡞੒ͨ͠Βࣗಈతʹαϒ UID,GID ͕࡞੒͞ΕΔ $ cat /etc/subuid /etc/subgid ubuntu:100000:65536 ubuntu:100000:65536 LXC Ͱ͸͜ͷαϒ UID,GID Λ࢖༻ͯ͠ҰൠϢʔβ͕͋Δൣ ғͷ UID,GID Λ࢖͑ΔΑ͏ʹ͍ͯ͠Δ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 59 / 58

Slide 60

Slide 60 text

ඇಛݖίϯςφͷ४උ 1 ίϯςφ͕ωοτϫʔΫΛ࢖༻͢ΔͨΊʹઃఆ $ cat /etc/lxc/lxc-usernet # USERNAME TYPE BRIDGE COUNT ubuntu veth lxcbr0 10 2 Ϣʔβ༻ͷσϑΥϧτઃఆϑΝΠϧͷ४උ $ cat ~/.config/lxc/default.conf lxc.network.type = veth lxc.network.link = lxcbr0 lxc.network.flags = up lxc.network.hwaddr = 00:16:3e:xx:xx:xx lxc.id_map = u 0 100000 65536 (ˡ͜ͷ 2 ߦ͕ॏཁ) lxc.id_map = g 0 100000 65536 3 Ϣʔβ͕ॻ͖ࠐΊΔ cgroup ͷ४උ (Ubuntu ͳΒࣗಈͰ࡞Β Ε͍ͯΔͷͰԿ΋͠ͳͯ͘ OK) Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 60 / 58

Slide 61

Slide 61 text

ඇಛݖίϯςφͷىಈ ඇಛݖίϯςφͷ৔߹ lxc-create Ͱ͸ඞͣμ΢ϯϩʔυςϯ ϓϨʔτΛ࢖༻͢Δඞཁ͕͋Δ ͋ͱͷૢ࡞͸ಉ͡ $ id uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu) ...(ུ) $ lxc-create -t download -n ct01 -- -d ubuntu -r trusty -a amd64 $ lxc-start -n ct01 -d $ lxc-ls -f NAME STATE IPV4 IPV6 AUTOSTART ------------------------------------------ ct01 RUNNING 10.0.3.224 - NO Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 61 / 58

Slide 62

Slide 62 text

·ͱΊ ίϯςφͷ֓ཁ ίϯςφͱ͸ ˠ ϓϩηεΛִ཭͢Δۭؒ ίϯςφͷϝϦοτɾσϝϦοτ Linux ʹ͓͚Δίϯςφͷ࢓૊Έ ʮίϯςφʯͱ͍͏୯Ұͷػೳ͕Χʔωϧʹ࣮૷͞Ε͍ͯΔΘ ͚Ͱ͸ͳ͍ Namespace Cgroup ͦͷଞͷ৭ʑͳػೳ LXC ͷ঺հ LXC Λ࢖͏ͱ͖ͷϗετͷσΟετϦϏϡʔγϣϯ LXC ͷΠϯετʔϧɺίϯςφͷ࡞੒ɺىಈ ඇಛݖίϯςφ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 62 / 58

Slide 63

Slide 63 text

ίϯςφܕԾ૝Խͷ৘ใަ׵ձ https://sites.google.com/site/containerstudy/ http://ct-study.connpass.com/ ίϯςφٕज़ʹؔ࿈͢Δ࿩୊Λѻ͏ ίϯςφʹؔ࿈͢ΔΧʔωϧͷ࣮૷ʹ͍ͭͯ ֤छπʔϧΩοτͷ঺հɼ࣮૷ʹ͍ͭͯ ίϯςφٕज़Λ࢖ͬͨπʔϧ΍ιϑτ΢ΣΞͷ঺հ΍࣮૷ʹͭ ͍ͯ ίϯςφٕज़ͷ׆༻ɾӡ༻ࣄྫ ͦͷଞʮίϯςφʯͱ͍͏Ωʔϫʔυ͕গ͠Ͱ΋ೖ͍ͬͯΔٕ ज़ʹ͍ͭͯ ͜Ε·Ͱେࡕͱ౦ژͰަޓʹ 7 ճ࣮ࢪɻୈ 8 ճ͸ 9 ݄ 26 ೔ (౔) ʹ౦ژͷ༧ఆ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 63 / 58

Slide 64

Slide 64 text

͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ Ճ౻ହจ ୈ 1 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-09-13 64 / 58