Upgrade to Pro — share decks privately, control downloads, hide ads and more …

コンテナの研究開発から学ぶLinuxの要素技術

 コンテナの研究開発から学ぶLinuxの要素技術

コンテナの研究開発から学ぶLinuxの要素技術

IEEE Computer Society Flagship Conference 採録を通じて

3-shake SRE Tech Talk #3 スリーシェイク技術顧問 松本亮介 / まつもとりー 2022/03/18

MATSUMOTO Ryosuke

March 18, 2022
Tweet

More Decks by MATSUMOTO Ryosuke

Other Decks in Technology

Transcript

  1. 3-shake SRE Tech Talk #3 εϦʔγΣΠΫٕज़ސ໰ দຊ྄հ / ·ͭ΋ͱΓʔ 2022/03/18
    ίϯςφͷݚڀ։ൃ͔ΒֶͿLinuxͷཁૉٕज़
    IEEE Computer Society Flagship Conference ࠾࿥Λ௨ͯ͡

    View full-size slide

  2. 2
    ɾגࣜձࣾεϦʔγΣΠΫ ٕज़ސ໰


    ɾ͘͞ΒΠϯλʔωοτݚڀॴ ্ڃݚڀһɺͦͷଞෳ਺ࣾͷٕज़ސ໰


    ɾ৘ใॲཧֶձ IOTݚڀձ OSݚڀձ ҕһɾװࣄ


    ɾΠϯλʔωοτٕज़ୈ163ҕһձ ӡӦҕһ


    ɾIEEE / ACM / USENIX ֤छձһ


    ɾژ౎େֶത࢜ʢ৘ใֶʣ


    ɾhttps://research.matsumoto-r.jp/
    দຊ྄հ / ·ͭ΋ͱΓʔ / @matsumotory

    View full-size slide

  3. • ݚڀ։ൃʹ͓͍ͯ͜Ε·Ͱͷ՝୊Λղܾ͢ΔͨΊʹ͸৽ٕज़͕ඞཁ


    • ͱ͸͍͑ɺطଘٕज़ͷ૊Έ߹ΘͤΛ׆༻͢Δέʔε΋ଟ͍


    • طଘٕज़ΛվΊͯղੳɾධՁ͠ɺͦͷػೳΛ࠶ݕূ͢Δ͜ͱ͕ଟ͍


    • طଘٕज़ͷ಺෦͔Βৄ͘͠ͳ͍ͬͯ͘ʂ


    • ࠓ೔͸2016೥͔Β࢝ΊͨίϯςφݚڀΛ঺հ͠ͳ͕ΒͦͷҰྫΛ঺հ͠·͢
    3
    ݚڀ։ൃ͔Βཁૉٕज़ΛֶͿ

    View full-size slide

  4. • COMPSAC: IEEE Computer Society Flagship International Conference


    • COMPSAC 2020 Message from the 2020 Program Chairs-in-Chief ※1


    • over 450 submissions this year, to both our conference tracks and associated workshops


    • accepted 69 regular papers and 69 short papers


    • 76 papers that were not accepted for the main conference were referred to COMPSAC
    workshops


    • An additional 146 papers were submitted directly to our associated workshops


    • ͜ΕΒΛಡΉݶΓRegular Paperͷ࠾୒཰͸ 69 / (450 - 146) ͷ23%ҎԼ
    4
    COMPSAC 2020 Regular Paper
    ˞.FTTBHFGSPNUIF1SPHSBN$IBJSTJO$IJFG IUUQTJFFFDPNQTBDDPNQVUFSPSH

    View full-size slide

  5. 1. എܠͱ໨త


    2. ؔ࿈ݚڀͷ՝୊


    3. ఏҊख๏


    4. ࣮ݧͱߟ࡯


    5. ·ͱΊͱaccept·Ͱͷաఔ
    5
    ໨࣍

    View full-size slide

  6. 1.
    എܠͱ໨త

    View full-size slide

  7. • ݸਓ͕౰ͨΓલʹଟछଟ༷ͳWebαΠτΛ࣋ͭ࣌୅


    • Ϋϥ΢υɾVPSͷΑ͏ͳࣗ༝౓ͱִ཭؀ڥʢΠϯελϯεʣʹର͢Δཁٻ


    • SNSΛհͯ͠ݸਓͷίϯςϯπΛ֦ࢄ͠΍͍࣌͢୅


    • ݸਓͷWebαΠτ΁ͷΞΫηεूத͢Δػձͷ૿େ


    • ݸਓαΠτͰ΋ΞΫηεूத΍ো֐ͱ͍ͬͨมԽʹڧ͍ج൫͕ඞཁ


    • ༧ଌͰ͖ͳ͍ΞΫηε܏޲ͱϦιʔεׂ౰ΛϦΞΫςΟϒʹߦ͍͍ͨ


    • ଟछଟ༷ͳWebΞϓϦʹͰ͖Δ͚ͩରԠͯ͠બ୒ࢶΛఏڙ͍ͨ͠
    7
    ݸਓͷWebαΠτ΁ͷΞΫηεूத΍৴པੑ

    View full-size slide

  8. 1. Πϯελϯε্ͰWordPressͷΑ͏ͳҰൠత͔ͭଟ༷ͳWebΞϓϦ͕ಈ࡞Մೳ


    • ઐ໳తͳ஌͕ࣝͳͯ͘΋ར༻Ͱ͖Δ҆ՁͳαʔϏεΛ࣮ݱ͍ͨ͠


    2. Πϯελϯεͷঢ়ଶมߋॲཧ͕ߴ଎


    • Πϯελϯε(ίϯςφ)ͷঢ়ଶͷఀࢭɾىಈɾεέʔϦϯάΛߴ଎ʹ॥؀


    • ϦΫΤετ୯ҐͰϦΞΫςΟϒʹঢ়ଶΛܾఆ → มԽʹڧ͍ج൫΁


    3. ϋʔυ΢ΣΞϦιʔεͷར༻ޮ཰Λ޲্


    • ϦΫΤετ͕ແ͍Πϯελϯε͸Ұఆظؒىಈޙʹఀࢭ


    ΠϯελϯεΛߴूੵʹऩ༰ՄೳͰมԽʹڧ͍Ծ૝Խج൫FastContainer
    8
    ߃ৗੑͷ͋ΔมԽʹڧ͍ج൫ͷؔ࿈ݚڀ※1
    ˞3ZPTVLF.BUTVNPUP 6DIJP,POEP ,FOUBSP,VSJCBZBTIJ 'BTU$POUBJOFS")PNFPTUBUJD4ZTUFN"SDIJUFDUVSF)JHITQFFE"EBQUJOH&YFDVUJPO
    &OWJSPONFOU$IBOHFT 5IFSE"OOVBM*&&&*OUFSOBUJPOBM$PNQVUFST 4PGUXBSF BOE"QQMJDBUJPOT$POGFSFODF $0.14"$
    +VMZ

    View full-size slide

  9. • Մ༻ੑ୲อͷͨΊʹෳ਺ΠϯελϯεՔಇͤ͞Δ͜ͱʹΑΔίετͷ૿େ


    • ෳ਺ͷऩ༰αʔόʹΠϯελϯεΛͦΕͧΕՔಇͤ͞Δ͜ͱͰՄ༻ੑΛ୲อ


    • ߴूੵʹΠϯελϯεऩ༰͢Δ؍఺͔ΒͰ͖Δ͚ͩϦιʔεΛઅ໿͍ͨ͠


    • ར༻ऀ໨ઢͰ΋Մ༻ੑΛ୲อͭͭ͠අ༻Λ࡟ݮ͍ͨ͠


    • ґવͱͯ͠ɺHTTPͷϨεϙϯελΠϜͷ؍఺͔ΒɺFastContainerͷHTTPϦ
    ΫΤετܖػͰঢ়ଶΛมߋ͢Δ࣌ؒͷ୹ॖ΋՝୊


    • ίϯςφࣗମ͸଎͘ىಈͯ͠΋தͰಈ͘αʔόϓϩηεͷىಈ͕஗͍
    9
    FastContainer͓Αͼؔ࿈ݚڀͷՄ༻ੑͷ՝୊

    View full-size slide

  10. 1. Πϯελϯε্ͰWordPressͷΑ͏ͳҰൠతͳWebΞϓϦ͕ಈ࡞Մೳ


    2. ୯ҰΠϯελϯεͰ΋ऩ༰αʔόো֐࣌ʹ͸ผαʔό΁ࣗಈతʹ࠶഑ஔՄೳ


    3. Πϯελϯεͷ࠶഑ஔͷ࣮ߦ࣌Ͱ͋ͬͯ΋਺ඵͷ஗ԆͰHTTPλΠϜΞ΢τ͢
    Δ͜ͱͳ͘ΦϯϥΠϯͰϨεϙϯεΛૹ৴Մೳ


    • ྫ͑͹εϚʔτϑΥϯͰ4GճઢΛܦ༝͢Δͱਓ͕ؒؾ͔ͮͳ͍Α͏ͳ஗Ԇ


    ΠϯελϯεΛߴ଎ʹ࠶഑ஔՄೳʹ͢Δ͜ͱͰूੵ཰Λ޲্ͤ͞


    ௿ίετͳج൫Λ࣮ݱ͢ΔεέδϡʔϦϯάख๏ͷఏҊ
    10
    ݚڀͷ໨త: ϦΫΤετ୯Ґ ͰͷΠϯελϯε࠶഑ஔ

    View full-size slide

  11. 2.
    ؔ࿈ݚڀͷ՝୊

    View full-size slide

  12. • FastContainer ※1͸HTTPϦΫΤετʹԠͯ͡൓Ԡత͔ͭߴ଎ʹΠϯελϯε
    ͷঢ়ଶʢىಈɺఀࢭɺҠಈɺෳ੡ɺϦιʔε૿ݮ౳ʣΛܾఆ


    • αʔϏεར༻ऀ͸Wordpressͱ͔WebΞϓϦΛී௨ʹ࢖͏Α͏ͳ࢖͍ํ


    • ΞΫηε਺ʹԠͨ͡ϦΞΫςΟϒͳεέʔϦϯάॲཧ͕Մೳ


    • Ϋϥ΢υαʔϏεج൫͸༧ΊΠϯελϯεΛىಈͤͯ͞ϦΫΤετΛॲཧ


    • ΞΫηεूத࣌͸༧ଌత͔ͭϓϩΞΫςΟϒͳεέʔϦϯάॲཧ͕ඞཁ
    12
    FastContainerͱΫϥ΢υαʔϏεج൫ͷಛ௃
    ˞3ZPTVLF.BUTVNPUP 6DIJP,POEP ,FOUBSP,VSJCBZBTIJ 'BTU$POUBJOFS")PNFPTUBUJD4ZTUFN"SDIJUFDUVSF)JHITQFFE"EBQUJOH&YFDVUJPO
    &OWJSPONFOU$IBOHFT 5IFSE"OOVBM*&&&*OUFSOBUJPOBM$PNQVUFST 4PGUXBSF BOE"QQMJDBUJPOT$POGFSFODF $0.14"$
    +VMZ

    View full-size slide

  13. 1. WordPressͷΑ͏ͳҰൠతͳWebΞϓϦέʔγϣϯΛར༻Մೳ


    2. Πϯελϯε΍ίϯςφͷऩ༰αʔόͷো֐࣌ʹHTTPλΠϜΞ΢τ͕ੜ͡ͳ
    ͍ϨϕϧͰαʔϏεΛܧଓͰ͖Δఔ౓ͷՄ༻ੑΛ૝ఆ
    13
    ຊݚڀʹ͓͚ΔԾ૝Խج൫ͱՄ༻ੑͷલఏ

    View full-size slide

  14. • ༷ʑͳWebΞϓϦέʔγϣϯ͕ར༻Մೳ


    • IaaS΍PaaSΛར༻ͨ͠Πϯελϯε୯ҐͰͷߏங͓ΑͼՄ༻ੑ୲อ͕Ұൠత


    • ຊݚڀͷՄ༻ੑ͕લఏͷ৔߹ɺෳ਺ऩ༰αʔόʹͦΕͧΕΠϯελϯεΛϗο
    τελϯόΠํࣜʢىಈࡁΈͷ଴ػΠϯελϯεʣͰ଴ػ͢Δ͜ͱͰ࣮ݱ


    • ऩ༰αʔόఀࢭ࣌ʹ΋ଈ࣌αʔϏεΛܧଓ͢ΔͨΊ


    • ෳ਺Πϯελϯεͷىಈ͕લఏͱͳΓϦιʔε઎༗ͷίετ͕૿େ


    • ϦΞΫςΟϒʹՄ༻ੑΛ୲อ͢Δʹ͸ϨεϙϯελΠϜ΁ͷӨڹ͕େ͖͍
    14
    FastContainer΍Ϋϥ΢υج൫ͷՄ༻ੑ

    View full-size slide

  15. 4UPSBHF
    $MJFOU
    4FSWFS
    JOTUBODF"
    JOTUBODF#
    JOTUBODF$
    4FSWFS
    JOTUBODF"
    'BTU$POUBJOFS΍Ϋϥ΢υج൫ͷՄ༻ੑ
    )551ϦΫΤετ
    4UPSBHF
    $MJFOU
    4FSWFS
    JOTUBODF"
    JOTUBODF#
    JOTUBODF$
    4FSWFS
    JOTUBODF"
    )551ϦΫΤετ

    15
    αʔόো֐

    View full-size slide

  16. 3.
    ఏҊख๏

    View full-size slide

  17. 1. Πϯελϯε্ͰWordPressͷΑ͏ͳҰൠతͳWebΞϓϦ͕ಈ࡞Մೳ


    2. ୯ҰΠϯελϯεͰ΋ऩ༰αʔόো֐࣌ʹ͸ผαʔό΁ࣗಈతʹ࠶഑ஔՄೳ


    3. Πϯελϯεͷ࠶഑ஔͷ࣮ߦ࣌Ͱ͋ͬͯ΋਺ඵͷ஗ԆͰHTTPλΠϜΞ΢τ͢
    Δ͜ͱͳ͘ΦϯϥΠϯͰϨεϙϯεΛૹ৴Մೳ
    17
    ఏҊख๏: ϦΫΤετ୯Ґ ͰͷΠϯελϯε࠶഑ஔ

    View full-size slide

  18. 18
    4UPSBHF
    $MJFOU
    4FSWFS
    JOTUBODF"
    JOTUBODF#
    JOTUBODF$
    4FSWFS
    ఏҊख๏ʴ'BTU$POUBJOFSͷՄ༻ੑ
    )551ϦΫΤετ
    4UPSBHF
    $MJFOU
    4FSWFS
    JOTUBODF"
    JOTUBODF#
    JOTUBODF$
    4FSWFS
    )551ϦΫΤετ
    JOTUBODF"
    ✗൓Ԡతʹ
    ࠶഑ஔ
    αʔόো֐

    View full-size slide

  19. ཁૉٕज़1: ngx_mruby

    εΫϦϓτݴޠͱϊϯϒϩοΩϯάI/O
    4QFDJBM5IBOLT,B[VIJLP:BNBTIJUB!QZBNB

    View full-size slide

  20. HTTP FastContainerͷجຊϑϩʔ
    20
    8FC1SPYZ
    ʢOHY@NSVCZ

    $.%#
    ʴ
    "1*
    8FC%JTQBUDIFS
    OHY@NSVCZ

    $MJFOU ίϯςφ
    ίϯςφ
    ίϯςφ
    w )551ϦΫΤετͷ)PTUOBNF
    ΛΩʔʹɺ$.%# ߏ੒؅ཧ%#

    ͔Βίϯςφͷ৘ใΛऔಘ
    )551 4

    ϦΫΤετ
    w ίϯςφͷ*1ͱϙʔτʹج͍
    ͯίϯςφʹϓϩΩγ
    w ίϯςφ͕-JTUFO͍ͯ͠ͳ͍
    ৔߹͸$.%#͔Βίϯςφ
    ৘ใΛಘͯىಈ
    $POUBJOFS&OHJOF
    IBDPOJXB

    ऩ༰ϗετ"

    View full-size slide

  21. blocking each request with mruby
    21
    SFRVFTU NSVCZ
    NSVCZ
    SFTQPOTF
    SFRVFTU
    SFRVFTU SFTQPOTF
    SFTQPOTF
    NSVCZ
    TFOESFTQPOTF
    SFDWSFRVFTU
    BUUIFTBNFUJNF
    Other responses are delayed in proportion to the time of processing of mruby blocking
    OPOCMPDLJOHNJEEMFXBSFMJLFOHJOYJOTJOHMFQSPDFTT

    View full-size slide

  22. non-blocking each request with mruby
    23
    SFRVFTU SFTQPOTF
    SFRVFTU
    SFRVFTU SFTQPOTF
    SFTQPOTF
    TFOESFTQPOTF
    SFDWSFRVFTU
    BUUIFTBNFUJNF
    CMPDLJOH
    PQFSBJUPO
    NSVCZ
    CMPDLJOH
    PQFSBJUPO
    NSVCZ
    NSVCZ
    CMPDLJOH
    PQFSBJUPO
    OPOCMPDLJOHNJEEMFXBSFMJLFOHJOYJOTJOHMFQSPDFTT

    View full-size slide

  23. ৄ͘͠͸RubyKaigiͷεϥΠυ΁
    25
    %FTJHOQBUUFSOGPSFNCFEEJOHNSVCZJOUPNJEEMFXBSF
    Edit deck
    IUUQTTQFBLFSEFDLDPNNBUTVNPUP@SEFTJHOQBUUFSOGPSFNCFEEJOHNSVCZJOUPNJEEMFXBSF TMJEF

    View full-size slide

  24. ϊϯϒϩοΩϯάରԠͷϒϩά΋
    26
    OHY@NSVCZWͷ)551ΫϥΠΞϯτΛWΑΓ΋࠷େഒߴ଎ʹͨ͠
    IUUQTICNBUTVNPUPSKQFOUSZ

    View full-size slide

  25. ཁૉٕज़2: mruby-fast-remote-check


    ύέοτͷεϦʔγΣΠΫϋϯυ΢ΣΠΫͷ؍࡯

    View full-size slide

  26. 1. Proxy͔Βऩ༰αʔόʹICMP/TCPͰ࠷௿ݶͷύέοτͰԠ౴଎౓Λଌఆ


    2. Ԡ౴଎౓͕ᮢ஋Λ௒͍͑ͯͨΒผͷऩ༰αʔό΁࠶഑ஔ


    3. ίϯςφىಈ࣌͸ɺىಈ׬ྃ௚લͷঢ়ଶͷϓϩηεΠϝʔδ͔Β෮ݩ


    → ඇৗʹγϯϓϧͳํࣜͰߴ଎ͳ࠶഑ஔΛ࣮ݱՄೳ


    → ୯ҰͷίϯςφͰ࣮༻తͳՄ༻ੑΛ୲อՄೳʢϦιʔείετͷ࡟ݮʣ
    28
    ߴ଎ͳऩ༰ϗετͷࢮ׆؂ࢹͱ࠶഑ஔ

    View full-size slide

  27. )PTU04
    8FC1SPYZ
    $.%#"1*
    $POUBJOFS
    %JTQBUDIFS
    $POUBJOFS
    )PTU04
    $POUBJOFS
    %JTQBUDIFS
    $POUBJOFS
    $MJFOU
    )551
    *$.1
    )551
    )551
    )551
    *$.1PS5$1

    View full-size slide

  28. )PTU04
    8FC1SPYZ
    $.%#"1*
    $POUBJOFS
    %JTQBUDIFS
    $POUBJOFS
    )PTU04
    $POUBJOFS
    %JTQBUDIFS
    $POUBJOFS
    $MJFOU
    )551 *$.1PS5$1
    *$.1PS5$1
    )551
    )551
    )551

    ࠷ॳͷ࠶഑ஔ࣌͸ίϯςφͷىಈ͕ඞཁͰ͋Δ͕ɺ
    ىಈޙ͸Ұఆظؒىಈ͠ଓ͚Δɻ

    View full-size slide

  29. • ICMP/TCPͰᮢ஋νΣοΫ͕Ұ࣌తʹޡݕ஌ͯ͠΋Өڹ͕গͳ͍


    • TCPͷ৔߹͸ࣗ࡞TCPελοΫͰԟ෮3ύέοτͰνΣοΫ[3][4]


    • FastContainerͳͷͰޡݕ஌ͷ࠶഑ஔ͕ੜͯ͡΋αʔϏε͕ܧଓ͞ΕΔ


    • ޡݕ஌Ͱଞαʔόʹىಈͯ͠͠·ͬͯ΋Ұఆ࣌ؒىಈͨ͠Βఀࢭ͢Δ


    • ݩαʔόʹ࠶഑ஔ͞ΕͯCMDB্͸ݩαʔόͷΈʹϦΫΤετ͕ྲྀΕΔ


    • Ԡ౴࣌ؒͷᮢ஋΍λΠϜΞ΢τΛΪϦΪϦ·ͰνϡʔχϯάՄೳ
    31
    ఏҊख๏ͷϙΠϯτʢICMP/TCP؂ࢹʣ
    <>NBUTVNPUPSZ NSVCZGBTUSFNPUFDIFDL IUUQTHJUIVCDPNNBUTVNPUPSZNSVCZGBTUSFNPUFDIFDL
    <>-JOVYΧʔωϧͷ5$1ελοΫͱγεςϜίʔϧͷ૊Έ߹ΘͤʹΑΔख๏ΑΓ΋ߴ଎ʹϙʔτͷ-JTUFOνΣοΫΛ
    ߦ͏ IUUQTICNBUTVNPUPSKQFOUSZ

    View full-size slide

  30. ৄ͘͠͸ϒϩά΁
    32
    -JOVYΧʔωϧͷ5$1ελοΫͱγεςϜίʔϧͷ૊Έ߹ΘͤʹΑΔख๏ΑΓ΋ߴ଎ʹϙʔτͷ-JTUFOνΣοΫΛߦ͏
    IUUQTICNBUTVNPUPSKQFOUSZ

    View full-size slide

  31. ཁૉٕज़3: CRIU


    ϓϩηεΠϝʔδͷμϯϓͱϦετΞ
    4QFDJBM5IBOLT6DIJP,POEP!VE[VSB

    View full-size slide

  32. • ίϯςφ಺ͷWebαʔόϓϩηεΛىಈ׬ྃ௚લͰΠϝʔδԽ(Checkpoint)


    • ఆظతʹඇಉظͰϓϩηεͷىಈ׬ྃ௚લΠϝʔδΛ࡞੒͓ͯ͘͠


    • ϦΫΤετड৴࣌ʹΠϝʔδΛϓϩηεʹ෮ݩ(Restore)


    • αʔόϓϩηεͷॳظԽॲཧΛεΩοϓ


    • ىಈʹ࣌ؒͷ͔͔ΔΞϓϦέʔγϣϯαʔό౳ʹ༗ར


    • Ruby on RailsɼDjangoͳͲ
    34
    ఏҊख๏ͷϙΠϯτʢCheckpoint/Restoreʣ

    View full-size slide

  33. • https://github.com/matsumotory/mruby-criu


    • εςʔτΛ࣋ͨͳ͍Χ΢ϯλʔεΫϦϓτΛkill͔ͯ͠Βrestore͢Δ


    • ࠷ॳ͔Β࣮ߦ͢ΔͷͰ͸ͳ͘ɺऴΘͬͨϓϩηεͷঢ়ଶ͔Βىಈ͢Δ


    • 1.2.3….(dump)….(kill)….(restore)…4.5.6…..
    35
    ৄ͘͠͸GitHub΁

    View full-size slide

  34. ཁૉٕज़4: seccomp


    γεςϜίʔϧͷϑοΫ
    4QFDJBM5IBOLT6DIJP,POEP!VE[VSB

    View full-size slide

  35. • αʔόϓϩηεͷىಈ௚ޙΛίϯςφϥϯλΠϜͰϑοΫͯ͠Checkpoint


    • ࢀߟ: seccompͰγεςϜίʔϧΛ؂ࢹ͠ptraceͰҰ࣌ఀࢭ͔ͯ͠ΒCRIUͰ
    CheckpointʹΑΔΠϝʔδԽͱ͍͏ํ๏΋͋Δ


    • CRIUͷதͰseccompΛ࢖͓ͬͯΓύον͕ඞཁͰ൚༻ੑʹ͔͚Δ


    • seccompͷϓϩηεఀࢭʹ͸CRIUͷػೳΛ࢖͍ͬͯΔͳͲ


    • seccomp࣮ߦޙʹݖݶΛམͱ͍ͯ͠ΔͨΊseccomp͕࢖͑ͳ͍ͳͲ
    37
    CRIU+seccompʹΑΔFastContainerͷىಈ
    04ϨΠϠͰ8FCαʔό͕ىಈ࣌ʹ࣮ߦ͢ΔγεςϜίʔϧΛ؂ࢹ͠ىಈ׬ྃ௚લͷϓϩηεΛΠϝʔδԽ͢Δ
    IUUQTICNBUTVNPUPSKQFOUSZ

    View full-size slide

  36. • Webαʔόιϑτ΢ΣΞͷىಈॲཧ׬ྃͰɺ͔ͭωοτϫʔΫ͕Listen͍ͯ͠ͳ͍
    ঢ়ଶͷϓϩηεΛΠϝʔδԽ͢Δ͜ͱΛ໨ࢦ͢


    • seccompͰ؂ࢹ͢ΔγεςϜίʔϧlisten()Λઃఆ͠ɺΠϝʔδԽ͍ͨ͠αʔόϓϩ
    ηεΛfork()͔ͯ͠Βexecv()


    • ਌ϓϩηε͔Βର৅ͷαʔόϓϩηεͷseccompΠϕϯτΛptrace()Ͱ؂ࢹ͠ɺ
    Listen()࣮ߦલʹΠϕϯτ͕ൃੜ


    • Πϕϯτൃੜ࣌ʹϓϩηεΛCRIUͰΠϝʔδԽͯ͠อଘ
    38
    γεςϜίʔϧΛ؂ࢹͯ͠௚લͰΠϝʔδԽ
    04ϨΠϠͰ8FCαʔό͕ىಈ࣌ʹ࣮ߦ͢ΔγεςϜίʔϧΛ؂ࢹ͠ىಈ׬ྃ௚લͷϓϩηεΛΠϝʔδԽ͢Δ
    IUUQTICNBUTVNPUPSKQFOUSZ

    View full-size slide

  37. αʔόϓϩηεͷCheckpoint/Restoreͷ࣮૷
    39
    SFGl04ϨΠϠͰ8FCαʔό͕ىಈ࣌ʹ࣮ߦ͢ΔγεςϜίʔϧΛ؂ࢹ͠ىಈ׬ྃ௚લͷϓϩηεΛΠϝʔδԽ͢ΔlIUUQ
    ICNBUTVNPUPSKQFOUSZ

    View full-size slide

  38. 4.
    ࣮ݧͱߟ࡯

    View full-size slide

  39. FastContainerͷγεςϜߏ੒
    41

    View full-size slide

  40. • ༧උ࣮ݧ: CRIUͱCheckpoint/Restore͢ΔϓϩηεͷϝϞϦαΠζͱͷؔ܎


    • ୅දతͳΞϓϦέʔγϣϯΛ࢖ͬͨίϯςφ࠶഑ஔ࣌ͷϨεϙϯελΠϜ


    • Apache 2.4.18ɼPHP 7.3.0ɼWordpress 5.0.3ʢσϑΥϧτϖʔδʣ


    • Python 3.7.1ɼDjango 2.1.4ɼgunicorn 19.9.0※1


    • Ruby 2.5.1ɼRails 5.2.1ɼPuma 3.12.0※2
    43
    ࣮ݧ಺༰
    ˞IUUQTNDMPMJQPQ[FOEFTLDPNIDKBBSUJDMFT
    ˞IUUQTHJUIVCDPNFWFSZMFBGFMUSBJOJO
    ݱ࣮తͳن໛ʢݸਓάϧʔϓ಺Ͱͷར༻ͷΞϓϦέʔγϣϯఔ౓ʣͰ%#Λར༻ͨ͠΋ͷΛ࠾

    View full-size slide

  41. • ComputeͰWebαʔόͷCheckpoint/Restoreͷ଎౓Λܭଌ


    • mruby-simplehttpserver※1ͰWebαʔόΛىಈͤ͞setsockopt()Λ؂ࢹ


    • setsockopt()࣮ߦલʹCheckpoint


    • setsockopt()࣮ߦલʹϝϞϦΛ֬อͯ͠ɺϝϞϦαΠζʹԠͯ͡
    Checkpoint/Restoreͷ଎౓ͷมԽΛܭଌ
    44
    ༧උ࣮ݧɿϓϩηεͷΠϝʔδԽͷ࣮ݧ
    ˞NBUTVNPUPSZNSVCZTJNQMFIUUQTFSWFS IUUQTHJUIVCDPNNBUTVNPUPSZNSVCZTJNQMFIUUQTFSWFS

    View full-size slide

  42. αʔόϓϩηεͷΠϝʔδԽ(Checkpoint/Restore)
    45
    $IFDLQPJOU3FTUPSF1SPDFTTJOH5JNFEVFUP.FNPSZ6TBHF
    1SPDFTTJOHUJNF











    .FNPSZVTBHFQFSQSPDFTT<.#>

    $IFDLQPJOU 3FTUPSF
    ୯ҰͷαʔόϓϩηεͷϝϞϦ࢖༻ྔʹԠͨ͡$IFDLQPJOU3FTUPSFʹඞཁ

    View full-size slide

  43. • ComputeͰApache httpdͷϓϩηε਺ΛมԽ


    • HTTPϦΫΤετΛܖػʹApache httpdΛىಈͤͯ͞ϨεϙϯεΛฦ͢


    • ਺ेόΠτͷ੩తͳindex.htmlʹର͢ΔϦΫΤετ


    • CRIUΛ࢖͏৔߹


    • CRIUΛ࢖Θͳ͍৔߹
    46
    ༧උ࣮ݧ2ɿϓϩηε਺ͱCRIUͷؔ܎

    View full-size slide

  44. Apacheͷworker਺ͱCRIUͷؔ܎
    47
    )PUTUBSU͸શͯͷ8PSLFSϓϩηε
    ͷىಈ׬ྃΛ଴ͨͣʹɼͭͰ΋
    XPSLFSϓϩηε͕ىಈ͢Ε͹Ϩεϙ
    ϯεΛฦ͢͜ͱ͕Ͱ͖ΔͨΊҰఆɽ
    $3*6͔Βͷىಈ͸8PSLFSϓϩηε
    ΛશͯΠϝʔδ͔͢ΔͨΊɼશ͕ͯ
    3FTUPSF͞Ε͔ͯΒϨεϙϯεΛฦ͢
    ͨΊ୯ௐ૿Ճɽ

    View full-size slide

  45. • Apache 2.4.18ɼPHP 7.3.0ɼWordpress 5.0.3


    • ϓϩηε਺͸3ɼ୯ҰͷϓϩηεͷϝϞϦαΠζ(RSS)͸35MBytes


    • Python 3.7.1ɼDjango 2.1.4ɼgunicorn 19.9.0 ※1


    • ϓϩηε਺2ɼεϨου਺2ɼ୯ҰͷϓϩηεͷRSS͸33MBytes


    • Ruby 2.5.1ɼRails 5.2.1ɼPuma 3.12.0 ※2


    • ϓϩηε਺2ɼεϨου਺14ɼ୯ҰͷϓϩηεͷRSS͸89MBytes


    • gemΛࣄલίϯύΠϧ͓ͯ͘͠bootsnapͱ΋ൺֱ
    48
    ίϯςφ࠶഑ஔ࣌ͷϨεϙϯελΠϜ

    View full-size slide

  46. WordPress on Apache httpd
    49
    BCίϚϯυͰಉ࣌઀ଓ਺ͷϕϯνϚʔΫΛ͔͚ͳ͕Β
    ऩ༰ϗετΛJQBUBCMFTͰԾ૝తʹμ΢ϯͤͯ͞ɼผͷऩ༰αʔόʹ࠶഑ஔΛڧ੍తʹൃੜͤͨ͞

    View full-size slide

  47. Django
    50
    IUUQTNDMPMJQPQ[FOEFTLDPNIDKBBSUJDMFT
    ݱ࣮తͳن໛ʢݸਓάϧʔϓ಺Ͱͷར༻ͷΞϓϦέʔγϣϯఔ౓ʣͰ%#Λར༻ͨ͠΋ͷΛ࠾༻

    View full-size slide

  48. Ruby on Rails
    51
    IUUQTHJUIVCDPNFWFSZMFBGFMUSBJOJO
    ݱ࣮తͳن໛ʢݸਓάϧʔϓ಺Ͱͷར༻ͷΞϓϦέʔγϣϯఔ౓ʣͰ%#Λར༻ͨ͠΋ͷΛ࠾༻

    View full-size slide

  49. • ୯ҰΠϯελϯεͰՄ༻ੑΛ୲อ͢Δߴ଎ͳεέδϡʔϦϯάख๏ΛఏҊ


    • ෳ਺ΠϯελϯεΛඞཁͱ͠ͳ͍ͨΊϦιʔείετ͕௿͍


    • ࣮ݧ͔Βݱ࣌఺Ͱ΋࣮༻ՄೳͳϨϕϧͷ࠶഑ஔͷੑೳ͕ಘΒΕͨ


    • ϓϩμΫγϣϯ؀ڥͰԠ༻


    • ϗετো֐࣌Ͱ͋ͬͯ΋Ϣʔβ͕ؾ͔ͮͳ͍ϨϕϧͰͷՄ༻ੑ


    • ΦʔτεέʔϦϯά࣌ʹ΋γʔϜϨεʹίϯςφΛ૿΍ͯ͠ෛՙରࡦՄೳʹ


    • ΞΫηε܏޲ͱϦιʔεׂΓ౰͕ͯਖ਼֬ʹ௥ਵՄೳʹ


    • εέʔϦϯά΍ϋʔυ΢ΣΞϓʔϧͷϦιʔεׂΓ౰ͯ΋࠷దԽ
    53
    ·ͱΊ

    View full-size slide

  50. • ݚڀ։ൃ͸ཁૉٕज़ͷධՁ͢Βඞཁͳ৔໘͕ଟ͍


    • ཁૉٕज़ͷ࣮૷͚ͩͰͳ༷͘ʑͳ؀ڥͰͷධՁΛߦ͏


    • ࣗવͱৄ͘͠ͳ͍ͬͯ͘


    • ࠓճͷΑ͏ʹҰͭͷݚڀͰ΋୔ࢁͷཁૉٕज़Λ஌Γɺָ͘͠ͳΔ


    • ૊ΈࠐΈεΫϦϓτݴޠ಺෦ɺϛυϧ΢ΣΞ಺෦ɺϊϯϒϩοΫI/Oɺύ
    έοτɺCIRUɺseccompɺptrace


    • ઐ໳Ոʹͳͬͨؾ෼ʂʂʂʂ
    54
    ·ͱΊ

    View full-size slide

  51. 55
    CRIUެࣜʹ΋࿦จΛࡌͤͯ΋Β͑Δ
    IUUQTXXXDSJVPSH"SUJDMFT

    View full-size slide

  52. • ࠷ॳͷWWW2020ʹఏग़ͯ͠Reject͞Εͨཧ༝


    • ݚڀͷཱͪҐஔ͕ෆ໌֬ɺ৽نੑ͕͍·͍ͪΑ͘Θ͔Βͳ͍


    • ຊݚڀͷཱͪҐஔ΍લఏͷ໌֬Խ


    • ൺֱ͢΂͖ؔ࿈ݚڀ͕ෆ໌ྎ


    • ຊݚڀͱൺֱ͢΂͖ؔ࿈ݚڀΛॆ࣮ͤͯࠩ͞෼Λ໌֬Խ


    ڭ܇: ΠϯλʔωοτɾWebٕज़෼໺Ͱ͸ൃද࿦จ΍OSSͷ਺΍ٕज़ͷมԽ଎౓
    ͕ඇৗʹ଎͍ͨΊɺݚڀͷείʔϓͱ࠷৽ͷ՝୊Λ໌֬ʹ্ͨ͠Ͱࠩ෼Λ͔ͬ͠
    Γͱࣔ͠ɺͦͷ՝୊͕ݱ࣮తʹͲΕ΄Ͳҙ͕ٛ͋Δ͜ͱͳͷ͔Λࣔ͢͜ͱ͕େࣄ
    56
    Accept·Ͱͷաఔ

    View full-size slide