Zigでコンテナランタイム作ってみた

Transcript

1. ZigͰίϯςφϥϯλΠϜ ࡞ͬͯΈͨ 2022/09/24 @ ୈ55ճ৘ใՊֶएखͷձ LINEגࣜձࣾɹҪ্ ߛଠ࿕ (@musaprg)

2. Ҫ্ ߛଠ࿕ (@musaprg) • ॴଐ 
 LINEגࣜձࣾ ITαʔϏεηϯλʔ 
 VerdaϓϥοτϑΥʔϜ։ൃKνʔϜ

   • Α͘࢖͏ݴޠ 
 Go, Python • ࠷ۙͷΠνΦγ࡞඼ 
 ʮCyberpunk: Edgerunnersʯ 
 ʮϦίϦεɾϦίΠϧʯ

3. Verda • LINEגࣜձࣾͰ಺੡ɾӡ༻͍ͯ͠ΔϓϥΠϕʔτΫϥ΢υ • ΤεϖϥϯτޠͰʮ྘ʯ • ͞·͟·ͳαʔϏεΛఏڙ͍ͯ͠Δ • Server (VM/PM),

   • Load Balancer • MySQL • VOS (Object Storage) • Managed Kubernetes (VKS: Verda Kubernetes Service) • etc.

4. Verdaͷن໛ • 2022೥09݄ݱࡏͷ౷ܭ஋ 7,4 
 ϊʔυ਺
     
 Ҏ্

   7,4 
 Ϋϥελ਺
    
 Ҏ্ 7FSEB 
 Ծ૝αʔό୆਺
     
 Ҏ্

5. Ҏ߱ͷൃද಺༰͸ 
 ॴଐاۀͷۀ຿ͱ͸ؔ܎͋Γ·ͤΜ

6. ຊ೔ͷ͓͠ͳ͕͖ 
 
 1. ·͓͖͑ 2. ଎शίϯςφϥϯλΠϜ 3. runzigcͷ঺հ 4.

   ZigͷΑ͔ͬͨ఺ɾࠔͬͨ఺ 5. ·ͱΊ

7. ຊ೔ͷ͓͠ͳ͕͖ 
 
 1. ·͓͖͑ 2. ଎शίϯςφϥϯλΠϜ 3. runzigcͷ঺հ 4.

   ZigͷΑ͔ͬͨ఺ɾࠔͬͨ఺ 5. ·ͱΊ

8. ຊηογϣϯͷΰʔϧ • ίϯςφϥϯλΠϜͷ࢓૊ΈΛͬ͘͟Γ஌Δ • ZigͷഽײΛ஌ΔʢGopherࢹ఺ʣ • ͋ΘΑ͘͹ίϯςφϥϯλΠϜΛࣗ࡞ͯ͠ΈΑ͏ͱ͍͏ؾʹͳΔ

9. ͜Μͳਓʹͱͬͯ͸໘ന͍͔΋ • ίϯςφϥϯλΠϜͷ࣮૷ʹڵຯ͕͋Δ • Zigͱ͍͏ϓϩάϥϛϯάݴޠʹڵຯ͕͋Δ

10. ͜Μͳਓʹ͸෺଍Γͳ͍͔΋… • ʢDocker౳Λ༻͍ͯʣͦ΋ͦ΋ίϯςφΛར༻ͨ͜͠ͱ͕ͳ͍ • ίϯςφϥϯλΠϜΛ࡞ͬͨ͜ͱ͕͋Δ or ཁૉٕज़Λཧղ͍ͯ͠Δ • ओཁͳίϯςφϥϯλΠϜ࣮૷ʢrunc౳ʣΛಡΜͩ͜ͱ͕͋Δ •

    ZigͰͦΕͳΓͷن໛ʹϓϩάϥϜΛॻ͍ͨ͜ͱ͕͋Δ

11. ຊ೔ͷ͓͠ͳ͕͖ 
 
 1. ·͓͖͑ 2. ଎शίϯςφϥϯλΠϜ 3. runzigcͷ঺հ 4.

    ZigͷΑ͔ͬͨ఺ɾࠔͬͨ఺ 5. ·ͱΊ

12. • ιϑτ΢ΣΞͱ࣮ߦ؀ڥΛͻͱ·ͱΊʹ 
 → ίϯςφΠϝʔδ • ΠϝʔδΛల։ɾ࣮ߦ͢ΔͨΊͷԾ૝తͳִ཭؀ڥ 
 → ίϯςφ

    • ίϯςφΛ࡞੒ɾ؅ཧ͢ΔͨΊͷπʔϧ܈ 
 → Docker Dockerίϯςφ͓͞Β͍ ίϯςφΠϝʔδ ιϑτ΢ΣΞ ࣮ߦ؀ڥ -JOVYΧʔωϧ ίϯςφ ίϯςφ ίϯςφ

13. • ΠϝʔδͷϏϧυ 
 docker build -t musaprg/hello . Dockerίϯςφ͓͞Β͍ ίϯςφΠϝʔδ

    ιϑτ΢ΣΞ ࣮ߦ؀ڥ -JOVYΧʔωϧ ίϯςφ ίϯςφ ίϯςφ

14. • ΠϝʔδͷϏϧυ 
 docker build -t musaprg/hello . • ίϯςφͷىಈ

    
 docker run musaprg/hello Dockerίϯςφ͓͞Β͍ ίϯςφΠϝʔδ ιϑτ΢ΣΞ ࣮ߦ؀ڥ -JOVYΧʔωϧ ίϯςφ ίϯςφ ίϯςφ )FMMP

15. ίϯςφΛىಈ͢Δͱى͖Δ͜ͱ • ߴϨϕϧϥϯλΠϜ • Πϝʔδͷ؅ཧ • ωοτϫʔΫͷઃఆ ͳͲ • ௿ϨϕϧϥϯλΠϜ

    • ࣮ߦ؀ڥͷִ཭ • ίϯςφͷ؅ཧʢىಈ΍ఀࢭʣ ͳͲ https://medium.com/nttlabs/container-runtime-student-internship-2022-q1-89a7113e0cde 
 ʹܝࡌ͞Ε͍ͯΔਤΛ΋ͱʹվม

16. ίϯςφΛىಈ͢Δͱى͖Δ͜ͱ • ߴϨϕϧϥϯλΠϜ • Πϝʔδͷ؅ཧ • ωοτϫʔΫઃఆ • ௿ϨϕϧϥϯλΠϜ •

    ࣮ߦ؀ڥͷִ཭ • ίϯςφͷ؅ཧʢىಈ΍ఀࢭʣ https://medium.com/nttlabs/container-runtime-student-internship-2022-q1-89a7113e0cde 
 ʹܝࡌ͞Ε͍ͯΔਤΛ΋ͱʹվม ࠓճ࡞͍ͬͯΔͷ͸ͬͪ͜

17. ௿ϨϕϧϥϯλΠϜ͕΍ͬͯΔ͜ͱ • OCI Runtime Specͱ͍͏ن͕֨ଘࡏ 
 https://github.com/opencontainers/runtime-spec • ΠϯλʔϑΣʔε 


    create, start, delete, kill, state • ֤छϑΥʔϚοτ • ίϯςφͷϑΝΠϧߏ଄ʢFilesystem Bundleʣ • ίϯςφͷ࢓༷ϑΝΠϧʢcon fi gʣ

18. ௿ϨϕϧϥϯλΠϜ͕΍ͬͯΔ͜ͱ • ࣮ߦ؀ڥͷִ཭ํ๏͸ԿͰ΋͍͍ʢنఆ͸ͳ͍ʣ 
 ྫɿLinuxͷػೳΛ࢖࣮ͬͯߦ؀ڥΛִ཭͢Δ • Namespaces 
 → ίϯςφ༻ʹϦιʔεΛִ཭

    
 PID, UTS(hostname), mount point, network, cgroups, IPC, etc. • Control Group (cgroups) 
 → Ϧιʔεͷ੍ޚʢྫ: cpu΍memoryͷ࢖༻ྔΛ੍ݶʣ

19. ίϯςφٕज़Λߏ੒͢Δsyscallͨͪ • fork(2), clone(2) → ࢠϓϩηεͷ࡞੒ • exec(2) → ϓϩηεͷஔ͖׵͑ʢ࣮ߦʣ

    • unshare(2) → NamespaceΛ࡞੒ɺ࣮ߦ؀ڥͷִ཭ • pivot_root(2) → rootσΟϨΫτϦʢ”/“ʣͷมߋ • etc. 
 
 ※cgroupsͷઃఆ͸ಛघϑΝΠϧγεςϜܦ༝Ͱॻ͖ࠐΉɻ 
 mount point: /sys/fs/cgroup/${subsystem_name}

20. ௿ϨϕϧϥϯλΠϜࢹ఺ͷىಈϓϩηε • ӈਤ͸runcͷ಺෦ॲཧ 
 ਤ͸ോখ԰༷ͷهࣄΑΓҾ༻ʢͱͯ΋Θ͔Γ΍͍͢ͷͰΦεεϝʣ 
 https://kurobato.hateblo.jp/entry/2021/05/02/164218 • ίϯςφ࡞੒ʢrunc createʣ

    
 → ಺෦తͳॳظԽॲཧʢrunc initʣ • 2ճforkΛ͢Δͷ͕ಛ௃తʢdouble-forkʣ • namespace෼཭ॱংͷؔ܎

21. ຊ೔ͷ͓͠ͳ͕͖ 
 
 1. ·͓͖͑ 2. ଎शίϯςφϥϯλΠϜ 3. runzigcͷ঺հ 4.

    ZigͷΑ͔ͬͨ఺ɾࠔͬͨ఺ 5. ·ͱΊ

22. Zig • libcඇґଘͷγϯάϧόΠφϦɾΫϩείϯύΠϧɾWebAssemblyରԠ • ݴޠ࢓༷Λγϯϓϧʹอͭ͜ͱΛڧ͘ҙࣝͨ͠ઃܭ • Ӆṭ͞Ε੍ͨޚϑϩʔ͕ଘࡏ͠ͳ͍ʢe.g., ྫ֎, ԋࢉࢠΦʔόʔϩʔυʣ •

    ҉໧తͳώʔϓͷ֬อ͸ߦΘΕͳ͍ɻશͯ໌ࣔతʹϝϞϦ؅ཧΛߦ͏ɻ • C / C++ͱͷ૬ޓӡ༻͕ՄೳʢZig Toolchainͦͷ΋ͷ͕C/C++ίϯύΠϥʣ • ݴޠ࢓༷͸ະͩunstableʢݱࡏͷόʔδϣϯ: v0.9.1ʣ Zig Project - Logomark / CC BY-SA 4.0.

23. runzigc • ZigͰॻ͔Εͨ௿ϨϕϧίϯςφϥϯλΠϜ 
 https://github.com/musaprg/runzigc • runcͷίʔυΛ”େ͍ʹ”ࢀߟʹ͍ͯ͠·͢ • Namespace: User,

    UTS, PIDͷΈ • cgroups v1ʢcpu, memͷΈʣ • OCI Runtime Specʹ͸ະ४ڌ

24. Demo

25. ຊ೔ͷ͓͠ͳ͕͖ 
 
 1. ·͓͖͑ 2. ଎शίϯςφϥϯλΠϜ 3. runzigcͷ঺հ 4.

    ZigͷΑͦ͞͏ͳ఺ɾࠔͬͨ఺ 5. ·ͱΊ

26. ॻ͍ͯͯײͨ͡ZigͷΑ͞ 1/2 • ޡղΛڪΕͣʹݴ͏ͱʮࡶʹॻ͚ΔCݴޠʯ • ײ֮తʹ͸ɺ͍͍ͩͨGoͱRustͷؒ͘Β͍ • ߏจ͸γϯϓϧͳͷͰɺൺֱతαΫαΫॻ͚Δ • ܕදهʹ͍ͭͯ͸গ͠Ϋη͕͋ΔͷͰ׳Ε͸ඞཁ

27. ॻ͍ͯͯײͨ͡ZigͷΑ͞ 2/2 • ܰྔͳSingle static binaryΛు͚Δ • libc΁ͷґଘ͕ͳ͍ͷͰऔΓճ͕͠ྑ͍ • ࡶͰ؆қతͳྫˠ

    
 Zig 0.9.1 
 Target: x86_64-linux 
 Optimize: -O ReleaseSmall 
 debug symbol stripped 
 single threaded 
 →ɹ໿ 4.5 KiB const std = @import("std"); pub fn main() void { std.debug.print("Hello, world!\n", .{}); }

28. ࠔͬͨ͜ͱ 1/4 • Errorͦͷ΋ͷʹ࣋ͨͤΔ͜ͱ͕Մೳͳ৘ใ͕গͳ͍ • error.PermissionDenied͸ɺ 
 ”PermissionDenied”Ҏ্ͷ৘ใΛ΋ͨͳ͍ 
 →

    ελοΫτϨʔεɾσόοάϩάͳͲΛิॿతʹ༻͍Δ͜ͱͰ 
 ݪҼՕॴͱঢ়گͷಛఆ͸Ͱ͖ΔͷͰे෼Ͱ͸͋Δʁ 


29. ࠔͬͨ͜ͱ 2/4 • nճϧʔϓ࣮૷ʹศརͳfor(int i = 0;i<n;++i)ʹ͋ͨΔߏจ͕ͳ͍ • Zigͷfor͸ɺ͍ΘΏΔfor-eachɻ 


    →ɹwhile-loopͰهड़͢Δ 
 ɹɹɹɹor 
 ɹɹpythonͰ͍͏range()ʹ͋ͨΔ΋ͷΛࣗલ࣮૷ • ҰԠproposal͸ग़͍ͯΔ

30. ࠔͬͨ͜ͱ 3/4 • Ұ෦ͷLinuxγεςϜίʔϧ͸Zigඪ४ϥΠϒϥϦͷ࣮૷͕ଘࡏ͠ͳ͍ • sethostname(2)ͳͲ 
 → ฦΓ஋ͷerrnoΛ 


    ZigͷerrorʹϚοϓ͢Δ 
 ࣮૷Λఆٛͯ͠ରԠ pub fn valOrErr(val: anytype, errno: usize) LinuxKernelError!@TypeOf(val) { return switch (os.errno(errno)) { .SUCCESS => val, .PERM => error.OperationNotPermitted, // … else => |e| return os.unexpectedErrno(e), }; } pub fn sethostname(hostname: []const u8) SetHostNameError!void { const result = switch (native_arch) { else => linux.syscall2(.sethostname, @ptrToInt(hostname.ptr), hostname.len), }; return valOrErr({}, result); }

31. ࠔͬͨ͜ͱ 4/4 • ώʔϓͷ؅ཧ͕ඞཁͳͷ͸एׯ໘౗ • defer/errdeferͱ͍ͬͨείʔϓϕʔεͷ੍ޚߏจ͸͋Δ • RustͷΑ͏ʹউखʹղ์͸ 
 ͯ͘͠Εͳ͍

    
 { var values = std.ArrayList( []const u8).init(allocator); defer values.deinit(); } // είʔϓΛൈ͚ͨ࣌఺Ͱ
 // ArrayList༻ʹ֬อ͞ΕͨϝϞϦ͸dealloc͞ΕΔ

32. ຊ೔ͷ͓͠ͳ͕͖ 
 
 1. ·͓͖͑ 2. ଎शίϯςφϥϯλΠϜ 3. runzigcͷ঺հ 4.

    ZigͷΑ͔ͬͨ఺ɾࠔͬͨ఺ 5. ·ͱΊ

33. ·ͱΊ • Linuxʹ͓͚Δίϯςφ͸ɺ cgroups + namespace Λ༻͍ͯ 
 ϓϩηεͷϦιʔεΛ෼཭࣮ͯ͠ݱ͍ͯ͠Δ •

    ίϯςφϥϯλΠϜͷ͏ͪɺ௿ϨϕϧϥϯλΠϜ͕Ϧιʔεͷ෼཭Λ ୲͍ͬͯΔ • ZigͰ௿ϨϕϧίϯςφϥϯλΠϜ runzigc Λ࡞͍ͬͯ·͢ • Zigͷݴޠ࢓༷͸unstableɺ·ͩ·ͩൃల్্Ͱࠓޙʹ஫໨

34. runzigcͷকདྷ • OCI Runtime Spec׬શ४ڌ • Cgroup v1࣮૷ɾCgroup v2ରԠ •

    SeccompରԠ • ߴϨϕϧϥϯλΠϜ࣮૷௥Ճ ʴ CRIରԠ • ྑ͍ײ͡ͷ໊લΛߟ͑Δʢืूதʣ

35. ײ૝ • ͪΌΜͱ࣮૷ͨ͠ΒऔΓճ͠ͷ͍͍ܰྔίϯςφϥϯλΠϜ͕ 
 ര஀͢ΔͷͰ͸…ʁͱ͍͏୶͍ظ଴Λ๊͍͍ͯΔɻ • ݱஈ֊Ͱ͸͓΋ͪΌͷҬɺΏ͘Ώ͘͸࢖͑Δ΋ͷʹ͍͖͍ͯͨ͠ • ࢓૊ΈΛཧղ͢Δʹ͸ɺࣗ෼Ͱ࡞ͬͯΈΔͷ͕Ұ൪ •

    Έͳ͞Μ΋ίϯςφϥϯλΠϜ࡞ͬͯΈ·ͤΜ͔ʁ

36. Reference • ίϯςφϢʔβͳΒ୭΋͕࢖͍ͬͯΔϥϯλΠϜʮruncʯΛ၆ᛌ͢Δ [Container Runtime Meetup #1ൃදϨϙʔτ] https://medium.com/ nttlabs/runc-overview-263b83164c98 •

    Low-level Container Runtime:Runc Internals https:// kurobato.hateblo.jp/entry/2021/05/02/164218 • opencontainers/runc https://github.com/opencontainers/runc • containers/youki https://github.com/containers/youki

37. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠

38. Q&A