$30 off During Our Annual Pro Sale. View Details »

コンテナの研究開発から学ぶLinuxの要素技術

 コンテナの研究開発から学ぶLinuxの要素技術

コンテナの研究開発から学ぶLinuxの要素技術

IEEE Computer Society Flagship Conference 採録を通じて

3-shake SRE Tech Talk #3 スリーシェイク技術顧問 松本亮介 / まつもとりー 2022/03/18

MATSUMOTO Ryosuke
PRO

March 18, 2022
Tweet

More Decks by MATSUMOTO Ryosuke

Other Decks in Technology

Transcript

  1. 3-shake SRE Tech Talk #3 εϦʔγΣΠΫٕज़ސ໰ দຊ྄հ / ·ͭ΋ͱΓʔ 2022/03/18

    ίϯςφͷݚڀ։ൃ͔ΒֶͿLinuxͷཁૉٕज़ IEEE Computer Society Flagship Conference ࠾࿥Λ௨ͯ͡
  2. 2 ɾגࣜձࣾεϦʔγΣΠΫ ٕज़ސ໰ ɾ͘͞ΒΠϯλʔωοτݚڀॴ ্ڃݚڀһɺͦͷଞෳ਺ࣾͷٕज़ސ໰ ɾ৘ใॲཧֶձ IOTݚڀձ OSݚڀձ ҕһɾװࣄ ɾΠϯλʔωοτٕज़ୈ163ҕһձ

    ӡӦҕһ ɾIEEE / ACM / USENIX ֤छձһ ɾژ౎େֶത࢜ʢ৘ใֶʣ ɾhttps://research.matsumoto-r.jp/ দຊ྄հ / ·ͭ΋ͱΓʔ / @matsumotory
  3. • ݚڀ։ൃʹ͓͍ͯ͜Ε·Ͱͷ՝୊Λղܾ͢ΔͨΊʹ͸৽ٕज़͕ඞཁ • ͱ͸͍͑ɺطଘٕज़ͷ૊Έ߹ΘͤΛ׆༻͢Δέʔε΋ଟ͍ • طଘٕज़ΛվΊͯղੳɾධՁ͠ɺͦͷػೳΛ࠶ݕূ͢Δ͜ͱ͕ଟ͍ • طଘٕज़ͷ಺෦͔Βৄ͘͠ͳ͍ͬͯ͘ʂ • ࠓ೔͸2016೥͔Β࢝ΊͨίϯςφݚڀΛ঺հ͠ͳ͕ΒͦͷҰྫΛ঺հ͠·͢

    3 ݚڀ։ൃ͔Βཁૉٕज़ΛֶͿ
  4. • COMPSAC: IEEE Computer Society Flagship International Conference • COMPSAC

    2020 Message from the 2020 Program Chairs-in-Chief ※1 • over 450 submissions this year, to both our conference tracks and associated workshops • accepted 69 regular papers and 69 short papers • 76 papers that were not accepted for the main conference were referred to COMPSAC workshops • An additional 146 papers were submitted directly to our associated workshops • ͜ΕΒΛಡΉݶΓRegular Paperͷ࠾୒཰͸ 69 / (450 - 146) ͷ23%ҎԼ 4 COMPSAC 2020 Regular Paper ˞.FTTBHFGSPNUIF1SPHSBN$IBJSTJO$IJFG IUUQTJFFFDPNQTBDDPNQVUFSPSH
  5. 1. എܠͱ໨త 2. ؔ࿈ݚڀͷ՝୊ 3. ఏҊख๏ 4. ࣮ݧͱߟ࡯ 5. ·ͱΊͱaccept·Ͱͷաఔ

    5 ໨࣍
  6. 1. എܠͱ໨త

  7. • ݸਓ͕౰ͨΓલʹଟछଟ༷ͳWebαΠτΛ࣋ͭ࣌୅ • Ϋϥ΢υɾVPSͷΑ͏ͳࣗ༝౓ͱִ཭؀ڥʢΠϯελϯεʣʹର͢Δཁٻ • SNSΛհͯ͠ݸਓͷίϯςϯπΛ֦ࢄ͠΍͍࣌͢୅ • ݸਓͷWebαΠτ΁ͷΞΫηεूத͢Δػձͷ૿େ • ݸਓαΠτͰ΋ΞΫηεूத΍ো֐ͱ͍ͬͨมԽʹڧ͍ج൫͕ඞཁ

    • ༧ଌͰ͖ͳ͍ΞΫηε܏޲ͱϦιʔεׂ౰ΛϦΞΫςΟϒʹߦ͍͍ͨ • ଟछଟ༷ͳWebΞϓϦʹͰ͖Δ͚ͩରԠͯ͠બ୒ࢶΛఏڙ͍ͨ͠ 7 ݸਓͷWebαΠτ΁ͷΞΫηεूத΍৴པੑ
  8. 1. Πϯελϯε্ͰWordPressͷΑ͏ͳҰൠత͔ͭଟ༷ͳWebΞϓϦ͕ಈ࡞Մೳ • ઐ໳తͳ஌͕ࣝͳͯ͘΋ར༻Ͱ͖Δ҆ՁͳαʔϏεΛ࣮ݱ͍ͨ͠ 2. Πϯελϯεͷঢ়ଶมߋॲཧ͕ߴ଎ • Πϯελϯε(ίϯςφ)ͷঢ়ଶͷఀࢭɾىಈɾεέʔϦϯάΛߴ଎ʹ॥؀ • ϦΫΤετ୯ҐͰϦΞΫςΟϒʹঢ়ଶΛܾఆ

    → มԽʹڧ͍ج൫΁ 3. ϋʔυ΢ΣΞϦιʔεͷར༻ޮ཰Λ޲্ • ϦΫΤετ͕ແ͍Πϯελϯε͸Ұఆظؒىಈޙʹఀࢭ ΠϯελϯεΛߴूੵʹऩ༰ՄೳͰมԽʹڧ͍Ծ૝Խج൫FastContainer 8 ߃ৗੑͷ͋ΔมԽʹڧ͍ج൫ͷؔ࿈ݚڀ※1 ˞3ZPTVLF.BUTVNPUP 6DIJP,POEP ,FOUBSP,VSJCBZBTIJ 'BTU$POUBJOFS")PNFPTUBUJD4ZTUFN"SDIJUFDUVSF)JHITQFFE"EBQUJOH&YFDVUJPO &OWJSPONFOU$IBOHFT 5IFSE"OOVBM*&&&*OUFSOBUJPOBM$PNQVUFST 4PGUXBSF BOE"QQMJDBUJPOT$POGFSFODF $0.14"$ +VMZ
  9. • Մ༻ੑ୲อͷͨΊʹෳ਺ΠϯελϯεՔಇͤ͞Δ͜ͱʹΑΔίετͷ૿େ • ෳ਺ͷऩ༰αʔόʹΠϯελϯεΛͦΕͧΕՔಇͤ͞Δ͜ͱͰՄ༻ੑΛ୲อ • ߴूੵʹΠϯελϯεऩ༰͢Δ؍఺͔ΒͰ͖Δ͚ͩϦιʔεΛઅ໿͍ͨ͠ • ར༻ऀ໨ઢͰ΋Մ༻ੑΛ୲อͭͭ͠අ༻Λ࡟ݮ͍ͨ͠ • ґવͱͯ͠ɺHTTPͷϨεϙϯελΠϜͷ؍఺͔ΒɺFastContainerͷHTTPϦ

    ΫΤετܖػͰঢ়ଶΛมߋ͢Δ࣌ؒͷ୹ॖ΋՝୊ • ίϯςφࣗମ͸଎͘ىಈͯ͠΋தͰಈ͘αʔόϓϩηεͷىಈ͕஗͍ 9 FastContainer͓Αͼؔ࿈ݚڀͷՄ༻ੑͷ՝୊
  10. 1. Πϯελϯε্ͰWordPressͷΑ͏ͳҰൠతͳWebΞϓϦ͕ಈ࡞Մೳ 2. ୯ҰΠϯελϯεͰ΋ऩ༰αʔόো֐࣌ʹ͸ผαʔό΁ࣗಈతʹ࠶഑ஔՄೳ 3. Πϯελϯεͷ࠶഑ஔͷ࣮ߦ࣌Ͱ͋ͬͯ΋਺ඵͷ஗ԆͰHTTPλΠϜΞ΢τ͢ Δ͜ͱͳ͘ΦϯϥΠϯͰϨεϙϯεΛૹ৴Մೳ • ྫ͑͹εϚʔτϑΥϯͰ4GճઢΛܦ༝͢Δͱਓ͕ؒؾ͔ͮͳ͍Α͏ͳ஗Ԇ ΠϯελϯεΛߴ଎ʹ࠶഑ஔՄೳʹ͢Δ͜ͱͰूੵ཰Λ޲্ͤ͞

    ௿ίετͳج൫Λ࣮ݱ͢ΔεέδϡʔϦϯάख๏ͷఏҊ 10 ݚڀͷ໨త: ϦΫΤετ୯Ґ ͰͷΠϯελϯε࠶഑ஔ
  11. 2. ؔ࿈ݚڀͷ՝୊

  12. • FastContainer ※1͸HTTPϦΫΤετʹԠͯ͡൓Ԡత͔ͭߴ଎ʹΠϯελϯε ͷঢ়ଶʢىಈɺఀࢭɺҠಈɺෳ੡ɺϦιʔε૿ݮ౳ʣΛܾఆ • αʔϏεར༻ऀ͸Wordpressͱ͔WebΞϓϦΛී௨ʹ࢖͏Α͏ͳ࢖͍ํ • ΞΫηε਺ʹԠͨ͡ϦΞΫςΟϒͳεέʔϦϯάॲཧ͕Մೳ • Ϋϥ΢υαʔϏεج൫͸༧ΊΠϯελϯεΛىಈͤͯ͞ϦΫΤετΛॲཧ

    • ΞΫηεूத࣌͸༧ଌత͔ͭϓϩΞΫςΟϒͳεέʔϦϯάॲཧ͕ඞཁ 12 FastContainerͱΫϥ΢υαʔϏεج൫ͷಛ௃ ˞3ZPTVLF.BUTVNPUP 6DIJP,POEP ,FOUBSP,VSJCBZBTIJ 'BTU$POUBJOFS")PNFPTUBUJD4ZTUFN"SDIJUFDUVSF)JHITQFFE"EBQUJOH&YFDVUJPO &OWJSPONFOU$IBOHFT 5IFSE"OOVBM*&&&*OUFSOBUJPOBM$PNQVUFST 4PGUXBSF BOE"QQMJDBUJPOT$POGFSFODF $0.14"$ +VMZ
  13. 1. WordPressͷΑ͏ͳҰൠతͳWebΞϓϦέʔγϣϯΛར༻Մೳ 2. Πϯελϯε΍ίϯςφͷऩ༰αʔόͷো֐࣌ʹHTTPλΠϜΞ΢τ͕ੜ͡ͳ ͍ϨϕϧͰαʔϏεΛܧଓͰ͖Δఔ౓ͷՄ༻ੑΛ૝ఆ 13 ຊݚڀʹ͓͚ΔԾ૝Խج൫ͱՄ༻ੑͷલఏ

  14. • ༷ʑͳWebΞϓϦέʔγϣϯ͕ར༻Մೳ • IaaS΍PaaSΛར༻ͨ͠Πϯελϯε୯ҐͰͷߏங͓ΑͼՄ༻ੑ୲อ͕Ұൠత • ຊݚڀͷՄ༻ੑ͕લఏͷ৔߹ɺෳ਺ऩ༰αʔόʹͦΕͧΕΠϯελϯεΛϗο τελϯόΠํࣜʢىಈࡁΈͷ଴ػΠϯελϯεʣͰ଴ػ͢Δ͜ͱͰ࣮ݱ • ऩ༰αʔόఀࢭ࣌ʹ΋ଈ࣌αʔϏεΛܧଓ͢ΔͨΊ •

    ෳ਺Πϯελϯεͷىಈ͕લఏͱͳΓϦιʔε઎༗ͷίετ͕૿େ • ϦΞΫςΟϒʹՄ༻ੑΛ୲อ͢Δʹ͸ϨεϙϯελΠϜ΁ͷӨڹ͕େ͖͍ 14 FastContainer΍Ϋϥ΢υج൫ͷՄ༻ੑ
  15. 4UPSBHF $MJFOU 4FSWFS JOTUBODF" JOTUBODF# JOTUBODF$ 4FSWFS JOTUBODF" 'BTU$POUBJOFS΍Ϋϥ΢υج൫ͷՄ༻ੑ )551ϦΫΤετ

    4UPSBHF $MJFOU 4FSWFS JOTUBODF" JOTUBODF# JOTUBODF$ 4FSWFS JOTUBODF" )551ϦΫΤετ ✗ 15 αʔόো֐
  16. 3. ఏҊख๏

  17. 1. Πϯελϯε্ͰWordPressͷΑ͏ͳҰൠతͳWebΞϓϦ͕ಈ࡞Մೳ 2. ୯ҰΠϯελϯεͰ΋ऩ༰αʔόো֐࣌ʹ͸ผαʔό΁ࣗಈతʹ࠶഑ஔՄೳ 3. Πϯελϯεͷ࠶഑ஔͷ࣮ߦ࣌Ͱ͋ͬͯ΋਺ඵͷ஗ԆͰHTTPλΠϜΞ΢τ͢ Δ͜ͱͳ͘ΦϯϥΠϯͰϨεϙϯεΛૹ৴Մೳ 17 ఏҊख๏: ϦΫΤετ୯Ґ

    ͰͷΠϯελϯε࠶഑ஔ
  18. 18 4UPSBHF $MJFOU 4FSWFS JOTUBODF" JOTUBODF# JOTUBODF$ 4FSWFS ఏҊख๏ʴ'BTU$POUBJOFSͷՄ༻ੑ )551ϦΫΤετ

    4UPSBHF $MJFOU 4FSWFS JOTUBODF" JOTUBODF# JOTUBODF$ 4FSWFS )551ϦΫΤετ JOTUBODF" ✗൓Ԡతʹ ࠶഑ஔ αʔόো֐
  19. ཁૉٕज़1: ngx_mruby 
 εΫϦϓτݴޠͱϊϯϒϩοΩϯάI/O 4QFDJBM5IBOLT,B[VIJLP:BNBTIJUB!QZBNB

  20. HTTP FastContainerͷجຊϑϩʔ 20 8FC1SPYZ ʢOHY@NSVCZ $.%# ʴ "1* 8FC%JTQBUDIFS OHY@NSVCZ

    $MJFOU ίϯςφ ίϯςφ ίϯςφ w )551ϦΫΤετͷ)PTUOBNF ΛΩʔʹɺ$.%# ߏ੒؅ཧ%# ͔Βίϯςφͷ৘ใΛऔಘ )551 4  ϦΫΤετ w ίϯςφͷ*1ͱϙʔτʹج͍ ͯίϯςφʹϓϩΩγ w ίϯςφ͕-JTUFO͍ͯ͠ͳ͍ ৔߹͸$.%#͔Βίϯςφ ৘ใΛಘͯىಈ $POUBJOFS&OHJOF IBDPOJXB ऩ༰ϗετ"
  21. blocking each request with mruby 21 SFRVFTU NSVCZ NSVCZ SFTQPOTF

    SFRVFTU SFRVFTU SFTQPOTF SFTQPOTF NSVCZ TFOESFTQPOTF SFDWSFRVFTU BUUIFTBNFUJNF Other responses are delayed in proportion to the time of processing of mruby blocking OPOCMPDLJOHNJEEMFXBSFMJLFOHJOYJOTJOHMFQSPDFTT
  22. 22

  23. non-blocking each request with mruby 23 SFRVFTU SFTQPOTF SFRVFTU SFRVFTU

    SFTQPOTF SFTQPOTF TFOESFTQPOTF SFDWSFRVFTU BUUIFTBNFUJNF CMPDLJOH PQFSBJUPO NSVCZ CMPDLJOH PQFSBJUPO NSVCZ NSVCZ CMPDLJOH PQFSBJUPO OPOCMPDLJOHNJEEMFXBSFMJLFOHJOYJOTJOHMFQSPDFTT
  24. 24

  25. ৄ͘͠͸RubyKaigiͷεϥΠυ΁ 25 %FTJHOQBUUFSOGPSFNCFEEJOHNSVCZJOUPNJEEMFXBSF Edit deck IUUQTTQFBLFSEFDLDPNNBUTVNPUP@SEFTJHOQBUUFSOGPSFNCFEEJOHNSVCZJOUPNJEEMFXBSF TMJEF

  26. ϊϯϒϩοΩϯάରԠͷϒϩά΋ 26 OHY@NSVCZWͷ)551ΫϥΠΞϯτΛWΑΓ΋࠷େഒߴ଎ʹͨ͠ IUUQTICNBUTVNPUPSKQFOUSZ

  27. ཁૉٕज़2: mruby-fast-remote-check ύέοτͷεϦʔγΣΠΫϋϯυ΢ΣΠΫͷ؍࡯

  28. 1. Proxy͔Βऩ༰αʔόʹICMP/TCPͰ࠷௿ݶͷύέοτͰԠ౴଎౓Λଌఆ 2. Ԡ౴଎౓͕ᮢ஋Λ௒͍͑ͯͨΒผͷऩ༰αʔό΁࠶഑ஔ 3. ίϯςφىಈ࣌͸ɺىಈ׬ྃ௚લͷঢ়ଶͷϓϩηεΠϝʔδ͔Β෮ݩ → ඇৗʹγϯϓϧͳํࣜͰߴ଎ͳ࠶഑ஔΛ࣮ݱՄೳ → ୯ҰͷίϯςφͰ࣮༻తͳՄ༻ੑΛ୲อՄೳʢϦιʔείετͷ࡟ݮʣ

    28 ߴ଎ͳऩ༰ϗετͷࢮ׆؂ࢹͱ࠶഑ஔ
  29. )PTU04 8FC1SPYZ $.%#"1* $POUBJOFS %JTQBUDIFS $POUBJOFS )PTU04 $POUBJOFS %JTQBUDIFS $POUBJOFS

    $MJFOU )551 *$.1 )551 )551 )551 *$.1PS5$1
  30. )PTU04 8FC1SPYZ $.%#"1* $POUBJOFS %JTQBUDIFS $POUBJOFS )PTU04 $POUBJOFS %JTQBUDIFS $POUBJOFS

    $MJFOU )551 *$.1PS5$1 *$.1PS5$1 )551 )551 )551 ✗ ࠷ॳͷ࠶഑ஔ࣌͸ίϯςφͷىಈ͕ඞཁͰ͋Δ͕ɺ ىಈޙ͸Ұఆظؒىಈ͠ଓ͚Δɻ
  31. • ICMP/TCPͰᮢ஋νΣοΫ͕Ұ࣌తʹޡݕ஌ͯ͠΋Өڹ͕গͳ͍ • TCPͷ৔߹͸ࣗ࡞TCPελοΫͰԟ෮3ύέοτͰνΣοΫ[3][4] • FastContainerͳͷͰޡݕ஌ͷ࠶഑ஔ͕ੜͯ͡΋αʔϏε͕ܧଓ͞ΕΔ • ޡݕ஌Ͱଞαʔόʹىಈͯ͠͠·ͬͯ΋Ұఆ࣌ؒىಈͨ͠Βఀࢭ͢Δ • ݩαʔόʹ࠶഑ஔ͞ΕͯCMDB্͸ݩαʔόͷΈʹϦΫΤετ͕ྲྀΕΔ

    • Ԡ౴࣌ؒͷᮢ஋΍λΠϜΞ΢τΛΪϦΪϦ·ͰνϡʔχϯάՄೳ 31 ఏҊख๏ͷϙΠϯτʢICMP/TCP؂ࢹʣ <>NBUTVNPUPSZ NSVCZGBTUSFNPUFDIFDL IUUQTHJUIVCDPNNBUTVNPUPSZNSVCZGBTUSFNPUFDIFDL <>-JOVYΧʔωϧͷ5$1ελοΫͱγεςϜίʔϧͷ૊Έ߹ΘͤʹΑΔख๏ΑΓ΋ߴ଎ʹϙʔτͷ-JTUFOνΣοΫΛ ߦ͏ IUUQTICNBUTVNPUPSKQFOUSZ
  32. ৄ͘͠͸ϒϩά΁ 32 -JOVYΧʔωϧͷ5$1ελοΫͱγεςϜίʔϧͷ૊Έ߹ΘͤʹΑΔख๏ΑΓ΋ߴ଎ʹϙʔτͷ-JTUFOνΣοΫΛߦ͏ IUUQTICNBUTVNPUPSKQFOUSZ

  33. ཁૉٕज़3: CRIU ϓϩηεΠϝʔδͷμϯϓͱϦετΞ 4QFDJBM5IBOLT6DIJP,POEP!VE[VSB

  34. • ίϯςφ಺ͷWebαʔόϓϩηεΛىಈ׬ྃ௚લͰΠϝʔδԽ(Checkpoint) • ఆظతʹඇಉظͰϓϩηεͷىಈ׬ྃ௚લΠϝʔδΛ࡞੒͓ͯ͘͠ • ϦΫΤετड৴࣌ʹΠϝʔδΛϓϩηεʹ෮ݩ(Restore) • αʔόϓϩηεͷॳظԽॲཧΛεΩοϓ • ىಈʹ࣌ؒͷ͔͔ΔΞϓϦέʔγϣϯαʔό౳ʹ༗ར

    • Ruby on RailsɼDjangoͳͲ 34 ఏҊख๏ͷϙΠϯτʢCheckpoint/Restoreʣ
  35. • https://github.com/matsumotory/mruby-criu • εςʔτΛ࣋ͨͳ͍Χ΢ϯλʔεΫϦϓτΛkill͔ͯ͠Βrestore͢Δ • ࠷ॳ͔Β࣮ߦ͢ΔͷͰ͸ͳ͘ɺऴΘͬͨϓϩηεͷঢ়ଶ͔Βىಈ͢Δ • 1.2.3….(dump)….(kill)….(restore)…4.5.6….. 35 ৄ͘͠͸GitHub΁

  36. ཁૉٕज़4: seccomp γεςϜίʔϧͷϑοΫ 4QFDJBM5IBOLT6DIJP,POEP!VE[VSB

  37. • αʔόϓϩηεͷىಈ௚ޙΛίϯςφϥϯλΠϜͰϑοΫͯ͠Checkpoint • ࢀߟ: seccompͰγεςϜίʔϧΛ؂ࢹ͠ptraceͰҰ࣌ఀࢭ͔ͯ͠ΒCRIUͰ CheckpointʹΑΔΠϝʔδԽͱ͍͏ํ๏΋͋Δ • CRIUͷதͰseccompΛ࢖͓ͬͯΓύον͕ඞཁͰ൚༻ੑʹ͔͚Δ • seccompͷϓϩηεఀࢭʹ͸CRIUͷػೳΛ࢖͍ͬͯΔͳͲ

    • seccomp࣮ߦޙʹݖݶΛམͱ͍ͯ͠ΔͨΊseccomp͕࢖͑ͳ͍ͳͲ 37 CRIU+seccompʹΑΔFastContainerͷىಈ 04ϨΠϠͰ8FCαʔό͕ىಈ࣌ʹ࣮ߦ͢ΔγεςϜίʔϧΛ؂ࢹ͠ىಈ׬ྃ௚લͷϓϩηεΛΠϝʔδԽ͢Δ IUUQTICNBUTVNPUPSKQFOUSZ
  38. • Webαʔόιϑτ΢ΣΞͷىಈॲཧ׬ྃͰɺ͔ͭωοτϫʔΫ͕Listen͍ͯ͠ͳ͍ ঢ়ଶͷϓϩηεΛΠϝʔδԽ͢Δ͜ͱΛ໨ࢦ͢ • seccompͰ؂ࢹ͢ΔγεςϜίʔϧlisten()Λઃఆ͠ɺΠϝʔδԽ͍ͨ͠αʔόϓϩ ηεΛfork()͔ͯ͠Βexecv() • ਌ϓϩηε͔Βର৅ͷαʔόϓϩηεͷseccompΠϕϯτΛptrace()Ͱ؂ࢹ͠ɺ Listen()࣮ߦલʹΠϕϯτ͕ൃੜ •

    Πϕϯτൃੜ࣌ʹϓϩηεΛCRIUͰΠϝʔδԽͯ͠อଘ 38 γεςϜίʔϧΛ؂ࢹͯ͠௚લͰΠϝʔδԽ 04ϨΠϠͰ8FCαʔό͕ىಈ࣌ʹ࣮ߦ͢ΔγεςϜίʔϧΛ؂ࢹ͠ىಈ׬ྃ௚લͷϓϩηεΛΠϝʔδԽ͢Δ IUUQTICNBUTVNPUPSKQFOUSZ
  39. αʔόϓϩηεͷCheckpoint/Restoreͷ࣮૷ 39 SFGl04ϨΠϠͰ8FCαʔό͕ىಈ࣌ʹ࣮ߦ͢ΔγεςϜίʔϧΛ؂ࢹ͠ىಈ׬ྃ௚લͷϓϩηεΛΠϝʔδԽ͢ΔlIUUQ ICNBUTVNPUPSKQFOUSZ

  40. 4. ࣮ݧͱߟ࡯

  41. FastContainerͷγεςϜߏ੒ 41

  42. 42

  43. • ༧උ࣮ݧ: CRIUͱCheckpoint/Restore͢ΔϓϩηεͷϝϞϦαΠζͱͷؔ܎ • ୅දతͳΞϓϦέʔγϣϯΛ࢖ͬͨίϯςφ࠶഑ஔ࣌ͷϨεϙϯελΠϜ • Apache 2.4.18ɼPHP 7.3.0ɼWordpress 5.0.3ʢσϑΥϧτϖʔδʣ

    • Python 3.7.1ɼDjango 2.1.4ɼgunicorn 19.9.0※1 • Ruby 2.5.1ɼRails 5.2.1ɼPuma 3.12.0※2 43 ࣮ݧ಺༰ ˞IUUQTNDMPMJQPQ[FOEFTLDPNIDKBBSUJDMFT ˞IUUQTHJUIVCDPNFWFSZMFBGFMUSBJOJO ݱ࣮తͳن໛ʢݸਓάϧʔϓ಺Ͱͷར༻ͷΞϓϦέʔγϣϯఔ౓ʣͰ%#Λར༻ͨ͠΋ͷΛ࠾
  44. • ComputeͰWebαʔόͷCheckpoint/Restoreͷ଎౓Λܭଌ • mruby-simplehttpserver※1ͰWebαʔόΛىಈͤ͞setsockopt()Λ؂ࢹ • setsockopt()࣮ߦલʹCheckpoint • setsockopt()࣮ߦલʹϝϞϦΛ֬อͯ͠ɺϝϞϦαΠζʹԠͯ͡ Checkpoint/Restoreͷ଎౓ͷมԽΛܭଌ 44

    ༧උ࣮ݧɿϓϩηεͷΠϝʔδԽͷ࣮ݧ ˞NBUTVNPUPSZNSVCZTJNQMFIUUQTFSWFS IUUQTHJUIVCDPNNBUTVNPUPSZNSVCZTJNQMFIUUQTFSWFS
  45. αʔόϓϩηεͷΠϝʔδԽ(Checkpoint/Restore) 45 $IFDLQPJOU3FTUPSF1SPDFTTJOH5JNFEVFUP.FNPSZ6TBHF 1SPDFTTJOHUJNF<TFD>      

         .FNPSZVTBHFQFSQSPDFTT<.#>          $IFDLQPJOU 3FTUPSF ୯ҰͷαʔόϓϩηεͷϝϞϦ࢖༻ྔʹԠͨ͡$IFDLQPJOU3FTUPSFʹඞཁ
  46. • ComputeͰApache httpdͷϓϩηε਺ΛมԽ • HTTPϦΫΤετΛܖػʹApache httpdΛىಈͤͯ͞ϨεϙϯεΛฦ͢ • ਺ेόΠτͷ੩తͳindex.htmlʹର͢ΔϦΫΤετ • CRIUΛ࢖͏৔߹

    • CRIUΛ࢖Θͳ͍৔߹ 46 ༧උ࣮ݧ2ɿϓϩηε਺ͱCRIUͷؔ܎
  47. Apacheͷworker਺ͱCRIUͷؔ܎ 47 )PUTUBSU͸શͯͷ8PSLFSϓϩηε ͷىಈ׬ྃΛ଴ͨͣʹɼͭͰ΋ XPSLFSϓϩηε͕ىಈ͢Ε͹Ϩεϙ ϯεΛฦ͢͜ͱ͕Ͱ͖ΔͨΊҰఆɽ $3*6͔Βͷىಈ͸8PSLFSϓϩηε ΛશͯΠϝʔδ͔͢ΔͨΊɼશ͕ͯ 3FTUPSF͞Ε͔ͯΒϨεϙϯεΛฦ͢ ͨΊ୯ௐ૿Ճɽ

  48. • Apache 2.4.18ɼPHP 7.3.0ɼWordpress 5.0.3 • ϓϩηε਺͸3ɼ୯ҰͷϓϩηεͷϝϞϦαΠζ(RSS)͸35MBytes • Python 3.7.1ɼDjango

    2.1.4ɼgunicorn 19.9.0 ※1 • ϓϩηε਺2ɼεϨου਺2ɼ୯ҰͷϓϩηεͷRSS͸33MBytes • Ruby 2.5.1ɼRails 5.2.1ɼPuma 3.12.0 ※2 • ϓϩηε਺2ɼεϨου਺14ɼ୯ҰͷϓϩηεͷRSS͸89MBytes • gemΛࣄલίϯύΠϧ͓ͯ͘͠bootsnapͱ΋ൺֱ 48 ίϯςφ࠶഑ஔ࣌ͷϨεϙϯελΠϜ
  49. WordPress on Apache httpd 49 BCίϚϯυͰಉ࣌઀ଓ਺ͷϕϯνϚʔΫΛ͔͚ͳ͕Β ऩ༰ϗετΛJQBUBCMFTͰԾ૝తʹμ΢ϯͤͯ͞ɼผͷऩ༰αʔόʹ࠶഑ஔΛڧ੍తʹൃੜͤͨ͞

  50. Django 50 IUUQTNDMPMJQPQ[FOEFTLDPNIDKBBSUJDMFT ݱ࣮తͳن໛ʢݸਓάϧʔϓ಺Ͱͷར༻ͷΞϓϦέʔγϣϯఔ౓ʣͰ%#Λར༻ͨ͠΋ͷΛ࠾༻

  51. Ruby on Rails 51 IUUQTHJUIVCDPNFWFSZMFBGFMUSBJOJO ݱ࣮తͳن໛ʢݸਓάϧʔϓ಺Ͱͷར༻ͷΞϓϦέʔγϣϯఔ౓ʣͰ%#Λར༻ͨ͠΋ͷΛ࠾༻

  52. 5. ·ͱΊ

  53. • ୯ҰΠϯελϯεͰՄ༻ੑΛ୲อ͢Δߴ଎ͳεέδϡʔϦϯάख๏ΛఏҊ • ෳ਺ΠϯελϯεΛඞཁͱ͠ͳ͍ͨΊϦιʔείετ͕௿͍ • ࣮ݧ͔Βݱ࣌఺Ͱ΋࣮༻ՄೳͳϨϕϧͷ࠶഑ஔͷੑೳ͕ಘΒΕͨ • ϓϩμΫγϣϯ؀ڥͰԠ༻ • ϗετো֐࣌Ͱ͋ͬͯ΋Ϣʔβ͕ؾ͔ͮͳ͍ϨϕϧͰͷՄ༻ੑ

    • ΦʔτεέʔϦϯά࣌ʹ΋γʔϜϨεʹίϯςφΛ૿΍ͯ͠ෛՙରࡦՄೳʹ • ΞΫηε܏޲ͱϦιʔεׂΓ౰͕ͯਖ਼֬ʹ௥ਵՄೳʹ • εέʔϦϯά΍ϋʔυ΢ΣΞϓʔϧͷϦιʔεׂΓ౰ͯ΋࠷దԽ 53 ·ͱΊ
  54. • ݚڀ։ൃ͸ཁૉٕज़ͷධՁ͢Βඞཁͳ৔໘͕ଟ͍ • ཁૉٕज़ͷ࣮૷͚ͩͰͳ༷͘ʑͳ؀ڥͰͷධՁΛߦ͏ • ࣗવͱৄ͘͠ͳ͍ͬͯ͘ • ࠓճͷΑ͏ʹҰͭͷݚڀͰ΋୔ࢁͷཁૉٕज़Λ஌Γɺָ͘͠ͳΔ • ૊ΈࠐΈεΫϦϓτݴޠ಺෦ɺϛυϧ΢ΣΞ಺෦ɺϊϯϒϩοΫI/Oɺύ

    έοτɺCIRUɺseccompɺptrace • ઐ໳Ոʹͳͬͨؾ෼ʂʂʂʂ 54 ·ͱΊ
  55. 55 CRIUެࣜʹ΋࿦จΛࡌͤͯ΋Β͑Δ IUUQTXXXDSJVPSH"SUJDMFT

  56. • ࠷ॳͷWWW2020ʹఏग़ͯ͠Reject͞Εͨཧ༝ • ݚڀͷཱͪҐஔ͕ෆ໌֬ɺ৽نੑ͕͍·͍ͪΑ͘Θ͔Βͳ͍ • ຊݚڀͷཱͪҐஔ΍લఏͷ໌֬Խ • ൺֱ͢΂͖ؔ࿈ݚڀ͕ෆ໌ྎ • ຊݚڀͱൺֱ͢΂͖ؔ࿈ݚڀΛॆ࣮ͤͯࠩ͞෼Λ໌֬Խ

    ڭ܇: ΠϯλʔωοτɾWebٕज़෼໺Ͱ͸ൃද࿦จ΍OSSͷ਺΍ٕज़ͷมԽ଎౓ ͕ඇৗʹ଎͍ͨΊɺݚڀͷείʔϓͱ࠷৽ͷ՝୊Λ໌֬ʹ্ͨ͠Ͱࠩ෼Λ͔ͬ͠ Γͱࣔ͠ɺͦͷ՝୊͕ݱ࣮తʹͲΕ΄Ͳҙ͕ٛ͋Δ͜ͱͳͷ͔Λࣔ͢͜ͱ͕େࣄ 56 Accept·Ͱͷաఔ