Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Using LXC on Production

Avatar for Isao Shimizu Isao Shimizu
September 06, 2014
Technology
440
0

Using LXC on Production

第4回 コンテナ型仮想化の情報交換会@東京

Avatar for Isao Shimizu

Isao Shimizu

September 06, 2014

More Decks by Isao Shimizu

See All by Isao Shimizu
Notion x ポストモーテムで広げる組織の学び / Notion x Postmortem
Avatar for Isao Shimizu isaoshimizu
1
370
New Relicを活用したSREの最初のステップ / NRUG OKINAWA VOL.3
Avatar for Isao Shimizu isaoshimizu
3
1.1k
「家族アルバム みてね」における運用管理・ オブザーバビリティの全貌 / Overview of Operation Management and Observability in FamilyAlbum
Avatar for Isao Shimizu isaoshimizu
5
4.2k
約10年間MIXIのインフラを 支えてきたPagerDutyの活用事例 / PagerDuty on Tour 2024
Avatar for Isao Shimizu isaoshimizu
6
1.3k
家族アルバム みてねにおけるGrafana活用術 / Grafana Meetup Japan Vol.1 LT
Avatar for Isao Shimizu isaoshimizu
2
1.9k
家族アルバム みてねで直面してきた技術的負債 / MIXI KAG 2024
Avatar for Isao Shimizu isaoshimizu
18
9.2k
今年1年のEKS運用振り返り/3-shake SRE Tech Talk
Avatar for Isao Shimizu isaoshimizu
2
450
ポストモーテムの基礎知識と最新事例 / Fundamentals of Postmortem
Avatar for Isao Shimizu isaoshimizu
12
3.4k
全世界1,800万人が利用する「家族アルバム みてね」におけるNew Relic活用法 / FutureStack Tokyo 2023
Avatar for Isao Shimizu isaoshimizu
1
640

Other Decks in Technology

See All in Technology
Databricks における 生成AIガバナンスの実践
Avatar for Takaaki Yayoi taka_aki
1
330
Claude Codeを組織で使いこなす— サーバサイドAIエージェント運用の実践知
Avatar for PERSOL CAREER Dev | techtekt techtekt
PRO
0
210
BigQuery の Cross-cloud Lakehouse への歩み
Avatar for Tomonori Hayashi / ぴーはや phaya72
2
590
個人の発見を、組織の知恵に 〜生成AI活用を"探索"から"組織の仕組み"へ〜
Avatar for KintoTech_Dev kintotechdev
2
1k
noUncheckedIndexedAccess、3時間、1万円。 / noUncheckedIndexedAccess, 3 Hours, 10,000 JPY.
Avatar for 株式会社カオナビ kaonavi
1
310
LLMを「主役」にしないための 3つの原則
Avatar for PERSOL CAREER Dev | techtekt techtekt
PRO
0
120
サイバーセキュリティ概論 / Introduction to Cybersecurity
Avatar for Kenji Saito ks91
PRO
0
170
EventBridge Connection
Avatar for kensh _kensh
4
590
Djangoユーザが知っ得なPostgreSQL機能 - 設計の選択肢を増やす / Djang-use-PostgreSQL
Avatar for soudai sone soudai
PRO
0
200
Building applications in the Gemini API family.
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
1.9k
タクシーアプリ『GO』の実践的データ活用
Avatar for GO Inc. dev mot_techtalk
3
160
実装は速くなった、レビューはどうする? ― 自身のレビューをAIで再現させるサーヴァントエンジニアリングのすゝめ / Implementation got faster. So what about reviews? — An invitation to Servant Engineering: Recreating your own code reviews with AI
Avatar for nrs nrslib
7
4.1k

Featured

See All Featured
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
141
35k
How to Align SEO within the Product Triangle To Get 
Buy-In & Support - #RIMC
Avatar for Aleyda Solis aleyda
2
1.5k
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
331
21k
Designing for Timeless Needs
Avatar for Cassini Nazir cassininazir
1
250
How to Talk to Developers About Accessibility
Avatar for Jason CranfordTeague jct
2
220
Avoiding the “Bad Training, Faster” Trap in the Age of AI
Avatar for Mike Taylor tmiket
0
170
Jess Joyce - The Pitfalls of Following Frameworks
Avatar for Tech SEO Connect techseoconnect
PRO
1
160
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
55
8.2k
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
304
22k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
35
3.5k
Kristin Tynski - Automating Marketing Tasks With AI
Avatar for Tech SEO Connect techseoconnect
PRO
0
270
How People are Using Generative and Agentic AI to Supercharge Their Products, Projects, Services and Value Streams Today
Avatar for Helen Beal helenjbeal
1
200

Transcript

  1. Using LXC on Production ୈ4ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ౦ژ 2014.9.6 Isao SHIMIZU @isaoshimizu

  2. ࠓճͷݩωλ http://alpha.mixi.co.jp/entry/2014/12171/ ͜ͷΤϯτϦΛগ͠ΞϨϯδ͓ͯ͠࿩͠·͢ɻ 

  3. ࣗݾ঺հ ਗ਼ਫ ܄ ʢIsao SHIMIZUʣ ! גࣜձࣾϛΫγΟ ϞϯετελδΦॴଐ ! ݱࡏ4೥໨ʢ2011೥ೖࣾʣ

    mixiͷΠϯϑϥӡ༻ ϞϯελʔετϥΠΫͷΠϯϑϥɾαʔόӡ༻ʢݱࡏʣ ΤϯδχΞϒϩάࣥචʢFedoraɺOpenStackɺLXCͳͲʣ ! લ৬: 2003ʙ2011೥ SIerͰاըɺ։ൃɺΠϯϑϥӡ༻ ૊ΈࠐΈɺWebɺεϚϑΥΞϓϦɺಈը഑৴ͳͲ 

  4. ࠓ೔ͷൃදͷܦҢ 

  5. LXCಋೖʹࢸΔ·Ͱ 

  6. mixiʹ͓͚ΔԾ૝Խ؀ڥ ͍··Ͱ͸͜͏ͩͬͨ 

  7. KVM Kernel-based Virtual Machine 

  8. Ծ૝Խ؀ڥͰKVMΛଟ༻͍ͯͨ࣌͠୅ • Ծ૝Խ؀ڥ͸KVM͔͠࢖͍ͬͯͳ͔ͬͨ • ༻్͸։ൃ؀ڥɺεςʔδϯά؀ڥ͕΄ͱΜͲ • ߏங͸ࣗ࡞ͷγΣϧεΫϦϓτͰ • ϒϦοδΠϯλϑΣʔεͷ࡞੒ •

    Cobblerͱͷ࿈ܞʢϗετ໊ͷ࿈൪Խ΍IPͷॏෳ๷ࢭʣ • virt-install, Kickstart ! • جຊख࡞ۀͰ໘౗͍͘͞ 

  9. KVMͷ͍͍ͱ͜Ζ • ܰ౓ͷར༻Ͱ͸े෼ͳύϑΥʔϚϯε͕ग़Δ • ήετOSʹϚγϯͱಉ͡ѻ͍͕Ͱ͖Δ • ϊ΢ϋ΢ͨ͘͞Μ • Ϋϥ΢υܥͷπʔϧ͕ॆ࣮͍ͯ͠Δ 

  10. KVMͷͭΒ͍ͱ͜Ζ • Ծ૝ԽʹΑΔϘτϧωοΫ͕େ͖͍ʢͱ͘ʹσΟεΫIOʣ • σΟεΫ༰ྔΛଟ͘ফඅ͢ΔʢOS෼͕େ͖͍ʣ • BIOSઃఆͷґଘʢIntel VTͱ͔AMD-Vͱ͔ʣ 

  11. OpenStackͷಋೖ 

  12. OpenStack • 2013೥य़ࠒʹݕূ։࢝ • Version͸Grizzly 2013.01 • ಉ೥ͷՆࠒʹຊ൪ಋೖ • ༻్͸ࣾ಺ϓϩμΫτ޲͚ͷPaaSʢGizmoͱݺ͹ΕΔʣ

    • ΞϓϦαʔό͸ಠࣗͷσϓϩΠπʔϧΛ࢖ͬͯ • ϛυϧ΢ΣΞͷߏ੒͸ChefͰ • MySQLɺRedisɺJenkinsͳͲ • μογϡϘʔυʢHorizonʣศར • ͷͪʹ։ൃ؀ڥʹ΋ల։ 

  13. mixiʹ͓͚ΔԾ૝Խ؀ڥ ͍·ͷӡ༻ 

  14. LXC Linux Containers 

  15. LXCΛ࢖͏લͷҹ৅ • ͱʹ͔͍ܰ͘Β͍͠ʢͰ΋Α͘Θ͔ͬͯͳ͍ʣ • KVMͱ͔ͱԿ͕ҧ͏ͷ͔͍·͍ͪΘ͔ͬͯͳ͍ • LXCͷόʔδϣϯ͕͕͖͍͋ͬͯͯͯͦΖͦΖ͍͍ײ͔͡΋ʁ • Kernelগ্͛͠Ε͹࢖͑ͦ͏ •

    ৽͍ٕ͠ज़ؾʹͳΔɺ࢖ͬͯΈ͍ͨ • ຊ൪Ͱ࢖͍ͬͯΔ࿩͸΄ͱΜͲͳ͍ • ͪΐ͏ͲLinuxCon Japan 2013ͰLXCͷ࿩Λฉ͍ͨ • Ͱ΋ࣾ಺Ͱ͸୭΋৮ͬͯͳ͔ͬͨ 

  16. LXCʹ͍ͭͯ • KVMͷΑ͏ʹϋʔυ΢ΣΞͳͲͷΤϛϡϨʔγϣϯͷ্ʹԾ ૝ϚγϯΛಈ࡞ͤ͞ΔͷͰ͸ͳ͍ • ϓϩηε΍ωοτϫʔΫɺϢʔβʔۭؒͳͲΛ෼཭ͯ͠ɺԾ ૝తͳ؀ڥΛఏڙ • KernelͷػೳΛ࢖ͬͯ෼཭͞Εͨ؀ڥ •

    KVMͰى͖͍ͯͨΑ͏ͳɺCPU΍σΟεΫIOͳͲͷύϑΥʔ ϚϯεྼԽ͕جຊతʹൃੜ͠ͳ͍ • ىಈ͕଎͍ʢinitҎ߱ͷىಈ͚ͩʣ • ΋ͪΖΜΦʔϓϯιʔε 

  17.  LXCͷϨϙδτϦ https://github.com/lxc/lxc

  18.  LXCͷίϛοτਪҠ https://github.com/lxc/lxc

  19. KVMͱLXC 

  20. LXCͷݕূΛ࢝ΊΔ • όʔδϣϯ0.8.0ʢ2012.11.11ϦϦʔεʣ͔Β0.9.0
 ʢ2013.4.5ϦϦʔεʣ΁Ξοϓσʔτ͞Ε͍ͯͨ • 1.0.0͸2014೥2݄Λ༧ఆ͍ͯͨ͠ʢ଴ͯͳ͍ʣ • ·ͣ͸ɺ0.9.0Λݕূͯ͠Έ͍ͨ • ·ͣ΍ͬͨ͜ͱ

    • templatesʹ͋ΔFedoraͷγΣϧεΫϦϓτΛ࢖ͬͯ
 LXCͷΠϝʔδ࡞Γ • ͢ΜͳΓಈ͔ͳ͍ • Fedora޲͚ʹϝϯς͞Εͯͳ͍ͷ͔͍Ζ͍Ζमਖ਼ • ͱΓ͋͑ͣࢼߦࡨޡͯ͠ಈ͍ͨʢख࡞ۀίϚϯυϨϕϧʣ 

  21. ͦΜͳݕূΛ͍ͯ͠Δ͏ͪʹ ΞϨ͕࿩୊ʹ ! ౰࣌2013೥10݄ࠒ 

  22. 

  23. DockerͷτϨϯυ -9$ͷݕূ࢝Ίͨࠒ 

  24. ؾʹͳ͍ͬͯͨDockerͷଘࡏ • ౰࣌ͷόʔδϣϯ 0.6.xʢݱࡏ͸1.2.0ʣ • AUFSؾʹͳΔ • Docker Registryศརͦ͏ •

    GoͷϙʔλϏϦςΟ͢͹Β͍͠ ! • IPϚεΧϨʔυ͸ͪΐͬͱ໘౗͍͘͞ • ίϯςφʹIPΛݸผʹৼͬͯɺԾ૝ϚγϯͷΑ͏ʹѻ͍͍ͨ ʢmacvlan࢖͍͍ͨʣ • taggedVLANͷ؀ڥͰ΋໰୊ͳ͘࢖͍͍ͨ • όʔδϣϯΞοϓ͕ܹ͍͠ 

  25. ಠࣗπʔϧͷ։ൃ΁ 

  26. trailer ʢτϨΠϥʔʣ 

  27. trailerͱ͸ • Ruby੡ͷࣗࣾͰ։ൃͨ͠πʔϧ • LXCͷϥούʔ • ӡ༻ʹඞཁͳػೳͷΈΛ࣮૷ • IPɺMACΞυϨεͷ࠾൪ʢARMͱݺ͹ΕΔαʔόͱ࿈ܞʣ •

    ίϯςφΠϝʔδΛμ΢ϯϩʔυͯ͠ల։͢Δ • ىಈதͷίϯςφ͔ΒΠϝʔδΛ࡞Δ • Trailerfileͱݺ͹ΕΔίϯςφఆٛ 

  28. trailerͷߏ੒ 

  29. trailerΛ࢖ͬͨίϯςφىಈϑϩʔ ᶃ͋Β͔͡Ί࡞ΒΕͨΠϝʔδΛϨϙδτϦαʔό͔Βμ΢ϯϩʔυʢtrailer pullʣ ᶄΠϝʔδΛىಈʢtrailer startʣ (1)ϩʔΧϧʹμ΢ϯϩʔυ͞ΕͨΠϝʔδΛΠϯελϯε༻ͷσΟϨΫτϦʹల։ (2)ARMͱݺ͹ΕΔ಺੡ͷΞυϨε؅ཧπʔϧʹରͯ͠APIΞΫηε͠ɺIPΞυϨεͱ MACΞυϨε͕෷͍ग़͞ΕΔʢARM͸APIΞΫηεՄೳͳDHCPαʔόͷΑ͏ͳ΋ͷʣ (3)औಘͨ͠IPΞυϨεͱMACΛΠϯελϯεʹઃఆ
 ʢmacvlan

    bridgeϞʔυʣͯ͠ɺinitʢsystemdʣΛىಈ (4)trailer start࣮ߦ͔ΒsshͰ઀ଓՄೳʹͳΔ·Ͱʹ͔͔Δ࣌ؒ͸10ඵఔ౓
 ʢΠϝʔδαΠζʹΑͬͯଟগͷมಈ͋Γʣ 

  30. trailerΛ࢖ͬͨίϯςφఀࢭϑϩʔ ᶃఀࢭίϚϯυΛ࣮ߦʢtrailer stopʣ (1)LXCͷϓϩηεͷఀࢭɺσΟϨΫτϦͷ࡟আ 

  31. trailerΛ࢖ͬͨΠϝʔδͷ࡞੒ͱ ϨϙδτϦαʔό΁ͷΞοϓϩʔυͷϑϩʔ ᶃϕʔεͱͳΔΠϝʔδΛىಈʢtrailer startʣ ᶄΠϯελϯεʹରͯ͠ChefͰϨγϐΛద༻ʢknife-soloΛར༻ʣ ᶅϧʔτϑΝΠϧγεςϜʢσΟϨΫτϦπϦʔʣΛѹॖ͢Δʢtrailer snapshotʣ ᶆΠϝʔδ৘ใ͕ॻ͔ΕͨyamlϑΝΠϧͱrootfs.gzΛtarballʹ͢Δʢtrailer archiveʣ ᶇϨϙδτϦαʔό΁Ξοϓϩʔυʢtrailer

    pushʣ 

  32. LXC޲͚ʹ༻ҙͯ͋͠ΔΠϝʔδ •ϕʔεΠϝʔδ •Reverse Proxy (mod_proxy) •Varnish •Q4M (Job Queue) •Application

    Server (mod_perl) •Tokyo Tyrant •Memcached 

  33. LXCΛӡ༻͢Δ্ͰؾΛ͚ͭΔ͜ͱ 

  34. εϨου਺ɺPID਺্ݶ •kernel.threads-max •kernel.pid_max •vm.max_map_count •/etc/security/limits.d/90-nproc.conf Λunlimited ʹ •༻్ʹԠͯ͡File Descriptor਺΍ɺTCP/IPपΓͷKernelύϥϝʔλ ͷௐ੔͕ඞཁɻ

    •ΠϯελϯεଆͰ͸ઃఆͰ͖ͳ͍Kernelύϥϝʔλ͕͋ͬͨΓ͢ ΔͷͰɺsysctl΍echoͳͲͰઃఆ͢Δࡍʹཁ஫ҙɻ 

  35. ͦͷଞɺؾΛ͚ͭΔ͜ͱ wར༻Ϧιʔεͷ༧ଌɺݟੵ΋Γ wଞͷίϯςφʹѱӨڹΛٴ΅͞ͳ͍ઃܭ͕ඞཁ wσΟεΫ༰ྔ w༰ྔ੍ݶ͸Ͱ͖ͳ͍ wϞχλϦϯά wάϥϑେࣄ 

  36. trailerͷσϞ 

  37. ࢀߟࢿྉ 

  38. •OpenStackͱLXCΛಋೖͨ͠࿩ - mixi Engineers' Blog •http://alpha.mixi.co.jp/entry/2014/12171/ •LXCͰֶͿίϯςφೖ໳ ʵܰྔԾ૝Խ؀ڥΛ࣮ݱ͢Δٕज़ •http://gihyo.jp/admin/serial/01/linux_containers •Lxc

    Ͱ࢝ΊΔένένԾ૝Խੜ׆ʁʂ - SlideShare •http://www.slideshare.net/enakai/lxc-8300191 •LXC - Linux Containers •https://linuxcontainers.org/jp/ •LXC(Linux Container) •http://events.linuxfoundation.org/sites/events/files/cojp13_feng.pdf •DockerΛࢧ͑Δٕज़ •http://www.slideshare.net/enakai/docker-34668707 •GitHub - lxc/lxc •https://github.com/lxc/lxc