Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Zigでコンテナランタイム作ってみた
Search
LINE Developers
September 24, 2022
Technology
7
4.2k
Zigでコンテナランタイム作ってみた
第55回情報科学若手の会での登壇資料です。
登壇者:井上紘太朗
LINE Developers
September 24, 2022
Tweet
Share
More Decks by LINE Developers
See All by LINE Developers
LINEスタンプのSREing事例集:大きなスパイクアクセスを捌くためのSREing
line_developers
1
2.3k
Java 21 Overview
line_developers
6
1.2k
Code Review Challenge: An example of a solution
line_developers
1
1.3k
KARTEのAPIサーバ化
line_developers
1
540
著作権とは何か?〜初歩的概念から権利利用法、侵害要件まで
line_developers
5
2.2k
生成AIと著作権 〜生成AIによって生じる著作権関連の課題と対処
line_developers
3
2.1k
マイクロサービスにおけるBFFアーキテクチャでのモジュラモノリスの導入
line_developers
9
3.5k
A/B Testing at LINE NEWS
line_developers
3
980
LINEのサポートバージョンの考え方
line_developers
2
1.3k
Other Decks in Technology
See All in Technology
Core Audio tapを使ったリアルタイム音声処理のお話
yuta0306
0
190
freeeのアクセシビリティの現在地 / freee's Current Position on Accessibility
ymrl
2
170
関数型プログラミングで 「脳がバグる」を乗り越える
manabeai
1
180
生まれ変わった AWS Security Hub (Preview) を紹介 #reInforce_osaka / reInforce New Security Hub
masahirokawahara
0
470
Geminiとv0による高速プロトタイピング
shinya337
1
270
PO初心者が考えた ”POらしさ”
nb_rady
0
210
Claude Code に プロジェクト管理やらせたみた
unson
6
3.8k
American airlines ®️ USA Contact Numbers: Complete 2025 Support Guide
airhelpsupport
0
380
事業成長の裏側:エンジニア組織と開発生産性の進化 / 20250703 Rinto Ikenoue
shift_evolve
PRO
2
21k
Enhancing SaaS Product Reliability and Release Velocity through Optimized Testing Approach
ropqa
1
220
SaaS型なのに自由度の高い本格CMSでサイト構築と運用のコスパ&タイパUP! MovableType.net の便利機能とユーザー事例のご紹介
masakah
0
110
さくらのIaaS基盤のモニタリングとOpenTelemetry/OSC Hokkaido 2025
fujiwara3
3
430
Featured
See All Featured
Code Reviewing Like a Champion
maltzj
524
40k
Faster Mobile Websites
deanohume
307
31k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.5k
Practical Orchestrator
shlominoach
189
11k
The Pragmatic Product Professional
lauravandoore
35
6.7k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
281
13k
Speed Design
sergeychernyshev
32
1k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
10
950
Large-scale JavaScript Application Architecture
addyosmani
512
110k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
How GitHub (no longer) Works
holman
314
140k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
53
2.9k
Transcript
ZigͰίϯςφϥϯλΠϜ ࡞ͬͯΈͨ 2022/09/24 @ ୈ55ճใՊֶएखͷձ LINEגࣜձࣾɹҪ্ ߛଠ࿕ (@musaprg)
Ҫ্ ߛଠ࿕ (@musaprg) • ॴଐ LINEגࣜձࣾ ITαʔϏεηϯλʔ VerdaϓϥοτϑΥʔϜ։ൃKνʔϜ
• Α͘͏ݴޠ Go, Python • ࠷ۙͷΠνΦγ࡞ ʮCyberpunk: Edgerunnersʯ ʮϦίϦεɾϦίΠϧʯ
Verda • LINEגࣜձࣾͰɾӡ༻͍ͯ͠ΔϓϥΠϕʔτΫϥυ • ΤεϖϥϯτޠͰʮʯ • ͞·͟·ͳαʔϏεΛఏڙ͍ͯ͠Δ • Server (VM/PM),
• Load Balancer • MySQL • VOS (Object Storage) • Managed Kubernetes (VKS: Verda Kubernetes Service) • etc.
Verdaͷن • 202209݄ݱࡏͷ౷ܭ 7,4 ϊʔυ Ҏ্
7,4 Ϋϥελ Ҏ্ 7FSEB Ծαʔό Ҏ্
Ҏ߱ͷൃද༰ ॴଐاۀͷۀͱؔ͋Γ·ͤΜ
ຊͷ͓͠ͳ͕͖ 1. ·͓͖͑ 2. शίϯςφϥϯλΠϜ 3. runzigcͷհ 4.
ZigͷΑ͔ͬͨɾࠔͬͨ 5. ·ͱΊ
ຊͷ͓͠ͳ͕͖ 1. ·͓͖͑ 2. शίϯςφϥϯλΠϜ 3. runzigcͷհ 4.
ZigͷΑ͔ͬͨɾࠔͬͨ 5. ·ͱΊ
ຊηογϣϯͷΰʔϧ • ίϯςφϥϯλΠϜͷΈΛͬ͘͟ΓΔ • ZigͷഽײΛΔʢGopherࢹʣ • ͋ΘΑ͘ίϯςφϥϯλΠϜΛࣗ࡞ͯ͠ΈΑ͏ͱ͍͏ؾʹͳΔ
͜Μͳਓʹͱͬͯ໘ന͍͔ • ίϯςφϥϯλΠϜͷ࣮ʹڵຯ͕͋Δ • Zigͱ͍͏ϓϩάϥϛϯάݴޠʹڵຯ͕͋Δ
͜ΜͳਓʹΓͳ͍͔… • ʢDockerΛ༻͍ͯʣͦͦίϯςφΛར༻ͨ͜͠ͱ͕ͳ͍ • ίϯςφϥϯλΠϜΛ࡞ͬͨ͜ͱ͕͋Δ or ཁૉٕज़Λཧղ͍ͯ͠Δ • ओཁͳίϯςφϥϯλΠϜ࣮ʢruncʣΛಡΜͩ͜ͱ͕͋Δ •
ZigͰͦΕͳΓͷنʹϓϩάϥϜΛॻ͍ͨ͜ͱ͕͋Δ
ຊͷ͓͠ͳ͕͖ 1. ·͓͖͑ 2. शίϯςφϥϯλΠϜ 3. runzigcͷհ 4.
ZigͷΑ͔ͬͨɾࠔͬͨ 5. ·ͱΊ
• ιϑτΣΞͱ࣮ߦڥΛͻͱ·ͱΊʹ → ίϯςφΠϝʔδ • ΠϝʔδΛల։ɾ࣮ߦ͢ΔͨΊͷԾతͳִڥ → ίϯςφ
• ίϯςφΛ࡞ɾཧ͢ΔͨΊͷπʔϧ܈ → Docker Dockerίϯςφ͓͞Β͍ ίϯςφΠϝʔδ ιϑτΣΞ ࣮ߦڥ -JOVYΧʔωϧ ίϯςφ ίϯςφ ίϯςφ
• ΠϝʔδͷϏϧυ docker build -t musaprg/hello . Dockerίϯςφ͓͞Β͍ ίϯςφΠϝʔδ
ιϑτΣΞ ࣮ߦڥ -JOVYΧʔωϧ ίϯςφ ίϯςφ ίϯςφ
• ΠϝʔδͷϏϧυ docker build -t musaprg/hello . • ίϯςφͷىಈ
docker run musaprg/hello Dockerίϯςφ͓͞Β͍ ίϯςφΠϝʔδ ιϑτΣΞ ࣮ߦڥ -JOVYΧʔωϧ ίϯςφ ίϯςφ ίϯςφ )FMMP
ίϯςφΛىಈ͢Δͱى͖Δ͜ͱ • ߴϨϕϧϥϯλΠϜ • Πϝʔδͷཧ • ωοτϫʔΫͷઃఆ ͳͲ • ϨϕϧϥϯλΠϜ
• ࣮ߦڥͷִ • ίϯςφͷཧʢىಈఀࢭʣ ͳͲ https://medium.com/nttlabs/container-runtime-student-internship-2022-q1-89a7113e0cde ʹܝࡌ͞Ε͍ͯΔਤΛͱʹվม
ίϯςφΛىಈ͢Δͱى͖Δ͜ͱ • ߴϨϕϧϥϯλΠϜ • Πϝʔδͷཧ • ωοτϫʔΫઃఆ • ϨϕϧϥϯλΠϜ •
࣮ߦڥͷִ • ίϯςφͷཧʢىಈఀࢭʣ https://medium.com/nttlabs/container-runtime-student-internship-2022-q1-89a7113e0cde ʹܝࡌ͞Ε͍ͯΔਤΛͱʹվม ࠓճ࡞͍ͬͯΔͷͬͪ͜
ϨϕϧϥϯλΠϜ͕ͬͯΔ͜ͱ • OCI Runtime Specͱ͍͏ن͕֨ଘࡏ https://github.com/opencontainers/runtime-spec • ΠϯλʔϑΣʔε
create, start, delete, kill, state • ֤छϑΥʔϚοτ • ίϯςφͷϑΝΠϧߏʢFilesystem Bundleʣ • ίϯςφͷ༷ϑΝΠϧʢcon fi gʣ
ϨϕϧϥϯλΠϜ͕ͬͯΔ͜ͱ • ࣮ߦڥͷִํ๏ԿͰ͍͍ʢنఆͳ͍ʣ ྫɿLinuxͷػೳΛ࣮ͬͯߦڥΛִ͢Δ • Namespaces → ίϯςφ༻ʹϦιʔεΛִ
PID, UTS(hostname), mount point, network, cgroups, IPC, etc. • Control Group (cgroups) → Ϧιʔεͷ੍ޚʢྫ: cpumemoryͷ༻ྔΛ੍ݶʣ
ίϯςφٕज़Λߏ͢Δsyscallͨͪ • fork(2), clone(2) → ࢠϓϩηεͷ࡞ • exec(2) → ϓϩηεͷஔ͖͑ʢ࣮ߦʣ
• unshare(2) → NamespaceΛ࡞ɺ࣮ߦڥͷִ • pivot_root(2) → rootσΟϨΫτϦʢ”/“ʣͷมߋ • etc. ※cgroupsͷઃఆಛघϑΝΠϧγεςϜܦ༝Ͱॻ͖ࠐΉɻ mount point: /sys/fs/cgroup/${subsystem_name}
ϨϕϧϥϯλΠϜࢹͷىಈϓϩηε • ӈਤruncͷ෦ॲཧ ਤോখ༷ͷهࣄΑΓҾ༻ʢͱͯΘ͔Γ͍͢ͷͰΦεεϝʣ https://kurobato.hateblo.jp/entry/2021/05/02/164218 • ίϯςφ࡞ʢrunc createʣ
→ ෦తͳॳظԽॲཧʢrunc initʣ • 2ճforkΛ͢Δͷ͕ಛతʢdouble-forkʣ • namespaceॱংͷؔ
ຊͷ͓͠ͳ͕͖ 1. ·͓͖͑ 2. शίϯςφϥϯλΠϜ 3. runzigcͷհ 4.
ZigͷΑ͔ͬͨɾࠔͬͨ 5. ·ͱΊ
Zig • libcඇґଘͷγϯάϧόΠφϦɾΫϩείϯύΠϧɾWebAssemblyରԠ • ݴޠ༷Λγϯϓϧʹอͭ͜ͱΛڧ͘ҙࣝͨ͠ઃܭ • Ӆṭ͞Ε੍ͨޚϑϩʔ͕ଘࡏ͠ͳ͍ʢe.g., ྫ֎, ԋࢉࢠΦʔόʔϩʔυʣ •
҉తͳώʔϓͷ֬อߦΘΕͳ͍ɻશͯ໌ࣔతʹϝϞϦཧΛߦ͏ɻ • C / C++ͱͷ૬ޓӡ༻͕ՄೳʢZig Toolchainͦͷͷ͕C/C++ίϯύΠϥʣ • ݴޠ༷ະͩunstableʢݱࡏͷόʔδϣϯ: v0.9.1ʣ Zig Project - Logomark / CC BY-SA 4.0.
runzigc • ZigͰॻ͔ΕͨϨϕϧίϯςφϥϯλΠϜ https://github.com/musaprg/runzigc • runcͷίʔυΛ”େ͍ʹ”ࢀߟʹ͍ͯ͠·͢ • Namespace: User,
UTS, PIDͷΈ • cgroups v1ʢcpu, memͷΈʣ • OCI Runtime Specʹະ४ڌ
Demo
ຊͷ͓͠ͳ͕͖ 1. ·͓͖͑ 2. शίϯςφϥϯλΠϜ 3. runzigcͷհ 4.
ZigͷΑͦ͞͏ͳɾࠔͬͨ 5. ·ͱΊ
ॻ͍ͯͯײͨ͡ZigͷΑ͞ 1/2 • ޡղΛڪΕͣʹݴ͏ͱʮࡶʹॻ͚ΔCݴޠʯ • ײ֮తʹɺ͍͍ͩͨGoͱRustͷؒ͘Β͍ • ߏจγϯϓϧͳͷͰɺൺֱతαΫαΫॻ͚Δ • ܕදهʹ͍ͭͯগ͠Ϋη͕͋ΔͷͰ׳Εඞཁ
ॻ͍ͯͯײͨ͡ZigͷΑ͞ 2/2 • ܰྔͳSingle static binaryΛు͚Δ • libcͷґଘ͕ͳ͍ͷͰऔΓճ͕͠ྑ͍ • ࡶͰ؆қతͳྫˠ
Zig 0.9.1 Target: x86_64-linux Optimize: -O ReleaseSmall debug symbol stripped single threaded →ɹ 4.5 KiB const std = @import("std"); pub fn main() void { std.debug.print("Hello, world!\n", .{}); }
ࠔͬͨ͜ͱ 1/4 • Errorͦͷͷʹ࣋ͨͤΔ͜ͱ͕Մೳͳใ͕গͳ͍ • error.PermissionDeniedɺ ”PermissionDenied”Ҏ্ͷใΛͨͳ͍ →
ελοΫτϨʔεɾσόοάϩάͳͲΛิॿతʹ༻͍Δ͜ͱͰ ݪҼՕॴͱঢ়گͷಛఆͰ͖ΔͷͰेͰ͋Δʁ
ࠔͬͨ͜ͱ 2/4 • nճϧʔϓ࣮ʹศརͳfor(int i = 0;i<n;++i)ʹ͋ͨΔߏจ͕ͳ͍ • Zigͷforɺ͍ΘΏΔfor-eachɻ
→ɹwhile-loopͰهड़͢Δ ɹɹɹɹor ɹɹpythonͰ͍͏range()ʹ͋ͨΔͷΛࣗલ࣮ • ҰԠproposalग़͍ͯΔ
ࠔͬͨ͜ͱ 3/4 • Ұ෦ͷLinuxγεςϜίʔϧZigඪ४ϥΠϒϥϦͷ࣮͕ଘࡏ͠ͳ͍ • sethostname(2)ͳͲ → ฦΓͷerrnoΛ
ZigͷerrorʹϚοϓ͢Δ ࣮Λఆٛͯ͠ରԠ pub fn valOrErr(val: anytype, errno: usize) LinuxKernelError!@TypeOf(val) { return switch (os.errno(errno)) { .SUCCESS => val, .PERM => error.OperationNotPermitted, // … else => |e| return os.unexpectedErrno(e), }; } pub fn sethostname(hostname: []const u8) SetHostNameError!void { const result = switch (native_arch) { else => linux.syscall2(.sethostname, @ptrToInt(hostname.ptr), hostname.len), }; return valOrErr({}, result); }
ࠔͬͨ͜ͱ 4/4 • ώʔϓͷཧ͕ඞཁͳͷएׯ໘ • defer/errdeferͱ͍ͬͨείʔϓϕʔεͷ੍ޚߏจ͋Δ • RustͷΑ͏ʹউखʹղ์ ͯ͘͠Εͳ͍
{ var values = std.ArrayList( []const u8).init(allocator); defer values.deinit(); } // είʔϓΛൈ͚ͨ࣌Ͱ // ArrayList༻ʹ֬อ͞ΕͨϝϞϦdealloc͞ΕΔ
ຊͷ͓͠ͳ͕͖ 1. ·͓͖͑ 2. शίϯςφϥϯλΠϜ 3. runzigcͷհ 4.
ZigͷΑ͔ͬͨɾࠔͬͨ 5. ·ͱΊ
·ͱΊ • Linuxʹ͓͚Δίϯςφɺ cgroups + namespace Λ༻͍ͯ ϓϩηεͷϦιʔεΛ࣮ͯ͠ݱ͍ͯ͠Δ •
ίϯςφϥϯλΠϜͷ͏ͪɺϨϕϧϥϯλΠϜ͕ϦιʔεͷΛ ୲͍ͬͯΔ • ZigͰϨϕϧίϯςφϥϯλΠϜ runzigc Λ࡞͍ͬͯ·͢ • Zigͷݴޠ༷unstableɺ·ͩ·ͩൃల్্Ͱࠓޙʹ
runzigcͷকདྷ • OCI Runtime Specશ४ڌ • Cgroup v1࣮ɾCgroup v2ରԠ •
SeccompରԠ • ߴϨϕϧϥϯλΠϜ࣮Ճ ʴ CRIରԠ • ྑ͍ײ͡ͷ໊લΛߟ͑Δʢืूதʣ
ײ • ͪΌΜͱ࣮ͨ͠ΒऔΓճ͠ͷ͍͍ܰྔίϯςφϥϯλΠϜ͕ ര͢ΔͷͰ…ʁͱ͍͏୶͍ظΛ๊͍͍ͯΔɻ • ݱஈ֊Ͱ͓ͪΌͷҬɺΏ͘Ώ͑͘Δͷʹ͍͖͍ͯͨ͠ • ΈΛཧղ͢ΔʹɺࣗͰ࡞ͬͯΈΔͷ͕Ұ൪ •
Έͳ͞ΜίϯςφϥϯλΠϜ࡞ͬͯΈ·ͤΜ͔ʁ
Reference • ίϯςφϢʔβͳΒ୭͕͍ͬͯΔϥϯλΠϜʮruncʯΛ၆ᛌ͢Δ [Container Runtime Meetup #1ൃදϨϙʔτ] https://medium.com/ nttlabs/runc-overview-263b83164c98 •
Low-level Container Runtime:Runc Internals https:// kurobato.hateblo.jp/entry/2021/05/02/164218 • opencontainers/runc https://github.com/opencontainers/runc • containers/youki https://github.com/containers/youki
͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠
Q&A