さくらインターネット研究所のコンセプトおよび取り組みの紹介

Transcript

1. ͘͞ΒΠϯλʔωοτגࣜձࣾ
   (C) Copyright 1996-2019 SAKURA Internet Inc
   ͘͞ΒΠϯλʔωοτݚڀॴ
   ͘͞ΒΠϯλʔωοτݚڀॴͷίϯηϓτ͓ΑͼऔΓ૊Έͷ঺հ
   ~ ௒ݸମܕσʔληϯλʔOSͱίϯςφϥϯλΠϜ ~
   2019/05/16 ্ڃݚڀһ দຊ ྄հ
   ୈ 45 ճΠϯλʔωοτٕज़ୈ 163 ҕһձݚڀձ (ITRC meet45)
   

   View Slide

2. 2
   ɾ͘͞ΒΠϯλʔωοτݚڀॴ ্ڃݚڀһ
   ɾגࣜձࣾGrooves Forkewll ٕज़ސ໰
   ɾϖύϘݚڀॴ ٬һݚڀһ ݚڀސ໰
   ɾηΩϡϦςΟɾΩϟϯϓߨࢣ
   ɾ৘ใॲཧֶձ Πϯλʔωοτͱӡ༻ٕज़ݚڀձ ֤छҕһ
   ɾITRC ֤छҕһ ← NEW!
   ɾژ౎େֶത࢜ʢ৘ใֶʣ
   দຊ྄հ / ·ͭ΋ͱΓʔ / @matsumotory
   

   View Slide

3. 3
   2018೥ʙ2019೥ͷݚڀ
   ࿦จࢽ࿦จ
   1. Ryosuke Matsumoto, Kenji Rikitake, Kentaro Kuribayashi, Large-scale Certificate Management on Multi-tenant Web
   Servers, Journal of Information Processing, ʹͯ৚݅෇͖࠾࿥
   2. দຊ ྄հ, ܀ྛ ݈ଠ࿠, Ԭ෦ णஉ, ϦΫΤετ୯ҐͰԾ૝తʹϋʔυ΢ΣΞϦιʔεΛ෼཭͢ΔWebαʔόͷϦιʔε੍ޚ
   ΞʔΩςΫνϟ, ৘ใॲཧֶձ࿦จࢽ, Vol.59, No.3, pp.1016-1025, Mar 2018.
   3. দຊ ྄հ, ܀ྛ ݈ଠ࿠, Ԭ෦ णஉ, WebαʔόͷߴूੵϚϧνςφϯτΞʔΩςΫνϟͱӡ༻ٕज़, ిࢠ৘ใ௨৴ֶձ࿦จࢽ
   B, Vol.J101-B, No.1, pp.16-30, Jan 2018.
   ※ দຊ͕ෳ਺ͷݚڀॴ΍େֶʹॴଐ͢ΔͨΊɼ͢΂ؚͯΜͩ΋ͷʹͳ͍ͬͯ·͢
   

   View Slide

4. 4
   2018೥ʙ2019೥ͷݚڀ
   ࠃࡍձٞ࿦จʢࠪಡ෇͖ʣ
   1. Ryosuke Matsumoto, Uchio Kondo and Kentaro Kuribayashi, FastContainer: A Homeostatic System Architecture High-
   speed Adapting Execution Environment Changes, The 43rd Annual IEEE International Computers, Software, and
   Applications Conference (COMPSAC2019), July 2019. (to appear)
   3. Yuuki Tsubouchi, Asato Wakisaka, Ken Hamada, Masayuki Matsuki, Hiroshi Abe and Ryosuke Matsumoto, HeteroTSDB: An
   Extensible Time Series Database for Automatically Tiering on Heterogeneous Key-Value Stores, The 43rd
   Annual IEEE International Computers, Software, and Applications Conference (COMPSAC2019), July 2019. (to appear)
   4. Komei Nomura, Kenji Rikitake and Ryosuke Matsumoto, Automatic Whitelist Generation for SQL Queries Using Web
   Application Tests, The 9th IEEE International COMPSAC Workshop on Network Technologies for Security, Administration
   and Protection (NETSAP 2019), July 2019. (to appear)
   5.Ryosuke Matsumoto, Kenji Rikitake, Kentaro Kuribayashi, Large-scale Certificate Management on Multi-tenant Web
   Servers, The 6th IEEE International COMPSAC Workshop on Architecture, Design, Deployment and Management of
   Networks and Applications (ADMNET 2018), July 2018.
   ※ দຊ͕ෳ਺ͷݚڀॴ΍େֶʹॴଐ͢ΔͨΊɼ͢΂ؚͯΜͩ΋ͷʹͳ͍ͬͯ·͢
   

   View Slide

5. 5
   1. എܠͱ໨త
   2. ௒ݸମܕσʔληϯλʔ
   3. ௒ݸମܕσʔληϯλʔOSͱίϯςφ
   4. ίϯςφͷOCIϥϯλΠϜͷαʔϕΠͱ࣮ݧ
   5. ·ͱΊ
   ໨࣍
   ※͜ͷݚڀʹج͍͍ͮͯ·͢: দຊ྄հ, ௶಺༎थ, ٶԼ߶ี, ෼ࢄܕσʔληϯλʔOSΛ໨ࢦͨ͠ϦΞΫςΟϒੑΛ࣋ͭίϯ
   ςφ࣮ߦج൫ٕज़, ৘ใॲཧֶձݚڀใࠂΠϯλʔωοτͱӡ༻ٕज़ʢIOTʣ, No.2019-IOT-44, Vol.27, pp.1-8, 2018೥3݄.
   

   View Slide

6. 1.
   എܠͱ໨త
   

   View Slide

7. 7
   େن໛σʔληϯλʔͷूத
   • σʔληϯλʔͷେن໛Խͱूத
   • ίϯϐϡʔλϦιʔεͱίετͷޮ཰Խ
   • Ϋϥ΢υར༻͕͜͜਺೥Ͱਵ෼ͱଅਐ͞Ε͖ͯͨ
   • ٕज़എܠͷมԽʹ൐ͬͯOSS΍Ϋϥ΢υαʔϏε΋ٸ଎ʹมԽ
   • ιϑτ΢ΣΞ΍ϕϯμʔʹڧ͘ґଘ͠ͳ͍มԽʹڧ͍ઃܭ͕ٸ຿
   • αʔϏεͷػೳͷந৅Խͱૄ݁߹ͳઃܭ͕ීٴ
   • Ϋϥ΢υωΠςΟϒɾϚϧνΫϥ΢υɾϚΠΫϩαʔϏεԽ
   

   View Slide

8. 8
   σʔληϯλʔͷूத͔Β෼ࢄ
   • Ϋϥ΢υΛલఏʹϞϊϦγοΫͳαʔϏεઃܭ͔ΒϚΠΫϩαʔϏεԽ΁
   • αʔϏεͷ֤ػೳΛখ͞ͳαʔϏεͱ࣮ͯ͠૷͠gRPC౳Ͱ࿈ܞ
   • ೝূ΍ਪનɺͦͷଞ֤छػೳΛϚΠΫϩαʔϏεԽͯ͠૊Έ߹ΘͤΔ
   • ϚΠΫϩαʔϏε୯ҐͰͷଟ༷ͳνʔϜ։ൃ΍ӡ༻ͷޮ཰Խ
   • εέʔϦϯά΍ো֐࣌ͷӨڹͷہॴԽ
   • ϚΠΫϩαʔϏεؒͰͷଳҬෆ଍΍ϨΠςϯγʔͷ௿ݮ͕ٻΊΒΕΔ
   • େن໛σʔληϯλʔͷڑ཭ʢ౦ژͱੴङؒʣͰ΋ٞ࿦͕ੜ࢝͡ΊΔ
   • αʔό͚ͩͰͳ͘ηϯαʔ΍σόΠεͷߴ౓Խɾଟ਺ԽʹΑΔଳҬෆ଍
   

   View Slide

9. 9
   σʔληϯλʔػೳ͕ࣾձʹ༹͚ࠐΉະདྷ
   • ֤ίϯϐϡʔςΟϯάػೳ͕ݸମͱͯ͠ػೳͭͭ͠૯ମͱͯ͠͸౷཰
   • ϥοΫϨϕϧͷίϯϐϡʔλ܈ɼEdge/FogίϯϐϡʔςΟϯάͳͲ
   • খɾதن໛σʔληϯλʔ͕ϋϒͱͳͬͯ݁Ռతʹશମ͕઀ଓɾߏ੒
   • ੜ׆ͷதͰਓʑ͕ίϯϐϡʔλͷΞγετΛৗʹड͚Δ࣌୅Λ໨ࢦ͢
   • ͍·͔ͩͭͯͳ͍ϚγϯύϫʔͱΠϯςϦδΣϯεͳػೳΛఏڙ
   • ࣾձʹ༹͚ࠐΉσʔληϯλʔػೳ͓ΑͼΫϥ΢υͷϚγϯύϫʔ
   • ௒ݸମܕσʔληϯλʔ͓ΑͼOSͱίϯηϓτΛఆΊΔ
   

   View Slide

10. 10
    ຊൃද
    • ௒ݸମܕσʔληϯλʔʹ͓͚ΔίϯηϓτͱϏδϣϯͷ঺հ
    • ௒ݸମܕσʔληϯλʔOSʹඞཁͳཁ݅ͱ͸
    • ݱ࣮తͳWebΞϓϦέʔγϣϯΛѻ͏ίϯςΩετͰ·ͣ͸ݕ౼
    • ίϯϐϡʔςΟϯάϦιʔε͕෼ࢄԽͨ͠ࡍͷίϯςφͷ͋Γํ
    • σʔληϯλʔOSΛʹ͓͚Δϓϩηε΍εϨουͱͯ͠ͷίϯςφ
    • ίϯςφͷϦΞΫςΟϒੑͷॏཁੑΛٞ࿦
    • ݱࡏͷ֤ۀքͷऔΓ૊Έ΍ίϯςφϥϯλΠϜͷ෼ྨͯ͠੔ཧ
    

    View Slide

11. 2.
    ௒ݸମܕσʔληϯλʔ
    

    View Slide

12. 12
    ͳͥݚڀॴʹίϯηϓτͱϏδϣϯ͕ඞཁ͔
    • اۀͷݚڀॴ͸νʔϜͱͯ͠ߏ੒͠Ұؙͱͳͬͯݚڀ։ൃΛߦ͍͍ͨ
    • ݚڀͷ৔߹ɺඞͣ͠΋اۀͷίϯηϓτͱಉ͡ʹͳΒͳ͍৔߹΋͋Δ
    • ݚڀһͷ໨ࢦ͢ํ޲ੑʹ͕ࠩ͋Δͱٞ࿦ʹᴥᴪ͕ى͖ͨΓ͢Δ
    • ݚڀॴҎ֎ͷϝϯόʔʹ΋औΓ૊ΈΛݟ͑΍͘͢͢Δ
    • اۀ಺Ͱݚڀॴͱݱ৔ͷϝϯόʔ͕ڠྗͯ͠اۀ಺࢈ֶ࿈ܞΛߦ͏
    • ٞ࿦ͷޮ཰ԽɾνʔϜલఏͰͷݚڀ։ൃ
    • ֤ݚڀһ͕໎ͬͨ࣌ͷڌΓॴͰ͋Γɺ໎Θͳ͍Α͏ʹαϙʔτ͠߹͏؀ڥ
    • νʔϜͰߦ͏͜ͱʹΑΔٞ࿦΍ਐḿͷ৺ཧత҆શੑ
    

    View Slide

13. 13
    ίϯηϓτͱݚڀςʔϚͷཱͪҐஔ
    • ίϯηϓτ͸ݚڀॴͷݚڀʹ͓͚ΔபͰ͋Γํ਑
    • ํ޲ੑ͸͕ࣔ͢۩ମతͳΞϓϩʔν΍࣌ܥྻ͸࣌୅എܠʹԠͯ͡มΘΔ
    • ίϯηϓτʹ͓͚ΔϏδϣϯͱ͸
    • ίϯηϓτ͕ཧ૝తʹਐΉͱ͜ͷΑ͏ͳ࣌ܥྻʹͳΔͱ͍͏૝૾
    • ඞͣ͠΋Ϗδϣϯ௨Γʹ͸͍͔ͳ͍͠ɺϏδϣϯ΋ৗʹߋ৽͞ΕΔ
    • ݚڀςʔϚ͸ίϯηϓτ΍Ϗδϣϯʹج͍ͮͯΞϓϩʔνΛܾΊ͍ͯ͘
    • ίϯηϓτʹج͍ͮͯݚڀһͷಘҙ෼໺͝ͱʹෳ਺ͷݚڀςʔϚ͕͋Δ
    

    View Slide

14. 14
    ͘͞ΒΠϯλʔωοτݚڀॴͷϑΥʔΧε
    
    
    T
    TF T
    AS
    T
    A
    A P
    A
    P
    R T
    T
    T
    RI
    V
    

    View Slide

15. 15
    ݱࡏͷΫϥ΢υ͚ͩͰ໰୊͕ղܾͰ͖ΔΘ͚Ͱ͸ͳ͍
    • ΑΓҰ૚ந৅ԽͷਐΜͩΠϯλʔωοτͷ༷૬ͷมԽ
    • Ϋϥ΢υωΠςΟϒʹΑͬͯ͞ΒͳΔσʔληϯλʔͷڊେԽ
    • தԝूݖతͳίϯϐϡʔςΟϯάͰ͸೉͍͠έʔε
    • ϨΠςϯγ͕େ͖ͯ͘൑அ͕ؒʹ߹Θͳ͍ϦΞϧλΠϜ͕ཁٻ͞ΕΔέʔε
    • ͋Δ͍͸σʔλ͕๲େͰଳҬ͕ෆ଍͢Δέʔε
    • ࠓޙΫϥ΢υͷϚγϯύϫʔΛͲͷΑ͏ʹ׆༻Ͱ͖ΔੈքΛ໨ࢦ͢΂͖͔ʁ
    • ͘͞ΒΠϯλʔωοτݚڀॴͷίϯηϓτͱϏδϣϯΛ࠶ఆٛ
    

    View Slide

16. 16
    ͘͞ΒΠϯλʔωοτݚڀॴͷϏδϣϯ
    

    View Slide

17. ίϯηϓτɿ௒ݸମܕσʔληϯλʔ
    

    View Slide

18. 18
    ͦ΋ͦ΋௒ݸମͱ͸
    • ӳޠͰ͸super-organicͱ͔super-organism
    • ࣾձੑࠛ஬ͷࣾձूஂΛҙຯ͢Δ͜ͱ͕ଟ͍
    • ࣾձֶ΍ੜ෺ֶɺܦࡁֶɺαΠόωςΟοΫεͷ෼໺ͳͲͰٞ࿦
    • ୯ػೳ͔ͭݸผͷػೳΛ࣋ͭݸମ͕૯ମͱͯ͠ݸମҎ্ͷৼΔ෣͍Λ͢Δ
    • ଟ਺ͷҟछͷݸମ͕ಠࣗʹಈ͕͘૯ମͱͯ͠͸ҰͭͷݸମͷΑ͏ʹৼΔ෣͏
    • ಉछͰߏ੒͞ΕΔ৔߹͸ݸମ܈΍ίϩχʔͳͲͱݺͿ৔߹΋
    • ͍͔ͭ͘εϚʔτγςΟͷจ຺Ͱ࿦จ΍دߘ͕͋Δ [1][2]
    [1] Franco Zambonelli, Toward Sociotechnical Urban Superorganisms, IEEE Computer Magazine, pp. 76-78, vol. 45, 2012.
    [2] Nicola Bicocchi, Alket Cecaj, Damiano Fontana, Marco Mamei, Andrea Sassi, Franco Zambonelli, Collective Awareness for Human-ICT
    Collaboration in Smart Cities, IEEE WETICE 2013, Volume: 1, Pages: 3-8, 2013.
    

    View Slide

19. 19
    ௒ݸମܕσʔληϯλʔͷ੔ཧ
    1. ݱࡏ͸σʔληϯλʔʹڊେͳίϯϐϡʔςΟϯάϦιʔε͕ଘࡏ͍ͯ͠·͕͢ɺ
    ࠓޙ͸ϨΠςϯγʗηΩϡϦςΟʗίετ౳ͷཁ͔݅Βɺ͋ΒΏΔ৔ॴ΍ࣾձɺ૊
    ৫ʹίϯϐϡʔςΟϯάϦιʔε༹͕͚ࠐΜͰ͍͘͜ͱʹͳΓ·͢ɻ
    2. ͦΕΒ෼ࢄͨ͠ίϯϐϡʔςΟϯάϦιʔε͸ɺ୯ಠͰίϯϐϡʔςΟϯάύϫʔ
    Λఏڙ͢Δʹཹ·Βͣɺͦͷ৔ॴ΍ࣾձͷཁٻʹԠͯ͡ɺࣗ཯తʹɺ෼ࢄ͋Δ͍͸
    ༗ػతʹ݁߹͠ɺݱ৔ɾΫϥ΢υͦΕͧΕ͕ॎԣʹ݁ͼ͍ͭͨϋΠϒϦουߏ଄Λ
    ࠾ΔΑ͏ʹػೳ͠·͢ɻ
    3. ͜ͷΑ͏ͳγεςϜʹΑΓ࣮ݱ͞ΕΔ΋ͷ͸ɺਓʑͷ਎ۙʹଘࡏ͠ɺϦΞϧλΠϜ
    ͔ͭΠϯςϦδΣϯεʹϢʔβΛࢧ͑ͳ͕Βɺ͔͠͠ಉ࣌ʹόοΫΤϯυଆ͕༗ػ
    తʹ݁߹͢Δ͜ͱʹΑΓɺ͔ͭͯͳ͍ϚγϯύϫʔͱϦιʔεྔΛಈһ͢Δ͜ͱͰ
    ݱ৔࠷ద͔ͭશମ࠷దΛ΋࣮ݱ͢ΔSuper Organized WorldͰ͢ɻ
    

    View Slide

20. 20
    ίϯηϓτͷ΋͏Ұͭͷ໾ׂɿٞ࿦Λ͓͜͢
    1. ݱࡏ͸σʔληϯλʔʹڊେͳίϯϐϡʔςΟϯάϦιʔε͕ଘࡏ͍ͯ͠·͕͢ɺ
    ࠓޙ͸ϨΠςϯγʗηΩϡϦςΟʗίετ౳ͷཁ͔݅Βɺ͋ΒΏΔ৔ॴ΍ࣾձɺ૊
    ৫ʹίϯϐϡʔςΟϯάϦιʔε༹͕͚ࠐΜͰ͍͘͜ͱʹͳΓ·͢ɻ
    2. ͦΕΒ෼ࢄͨ͠ίϯϐϡʔςΟϯάϦιʔε͸ɺ୯ಠͰίϯϐϡʔςΟϯάύϫʔ
    Λఏڙ͢Δʹཹ·Βͣɺͦͷ৔ॴ΍ࣾձͷཁٻʹԠͯ͡ɺࣗ཯తʹɺ෼ࢄ͋Δ͍͸
    ༗ػతʹ݁߹͠ɺݱ৔ɾΫϥ΢υͦΕͧΕ͕ॎԣʹ݁ͼ͍ͭͨϋΠϒϦουߏ଄Λ
    ࠾ΔΑ͏ʹػೳ͠·͢ɻ
    3. ͜ͷΑ͏ͳγεςϜʹΑΓ࣮ݱ͞ΕΔ΋ͷ͸ɺਓʑͷ਎ۙʹଘࡏ͠ɺϦΞϧλΠϜ
    ͔ͭΠϯςϦδΣϯεʹϢʔβΛࢧ͑ͳ͕Βɺ͔͠͠ಉ࣌ʹόοΫΤϯυଆ͕༗ػ
    తʹ݁߹͢Δ͜ͱʹΑΓɺ͔ͭͯͳ͍ϚγϯύϫʔͱϦιʔεྔΛಈһ͢Δ͜ͱͰ
    ݱ৔࠷ద͔ͭશମ࠷దΛ΋࣮ݱ͢ΔSuper Organized WorldͰ͢ɻ
    ༗ػతͱ͸ʁॎԣͱ͸ʁ࠷దͱ͸ʁ
    → ੝Μʹٞ࿦Λ͓͜͢΂͋͑ͯ͘ᐆດͳϫʔυΛબ୒
    

    View Slide

21. 21
    ίϯηϓτʹجͮ͘ݚڀςʔϚ΍औΓ૊Έ
    • Ϋϥ΢υɾϗεςΟϯάج൫ٕज़
    • ϦΞΫςΟϒੑΛ࣋ͭίϯςφ࣮ߦج൫ٕज़ɾσʔληϯλʔOS্ͷϓϩηε΍εϨου
    • ෼ࢄڠௐΫΤϦΩϟογϡػߏɾࣗಈ֊૚ԽͷͨΊͷ࣌ܥྻσʔλϕʔεΞʔΩςΫνϟ
    • Edge/FogίϯϐϡʔςΟϯά
    • ϩʔΧϧϊʔυؒ௨৴ͷੑೳධՁͷͨΊͷFogίϯϐϡʔςΟϯάςετϕου
    • ؂ࢹɾ؍ଌɾӡ༻ٕज़
    • ωοτϫʔΫґଘؔ܎ͷࣗ཯෼ࢄత௥੻
    • ίϯηϯαεΞϧΰϦζϜʹΑΔ෼ࢄܕϦιʔεϚωʔδϝϯτϛυϧ΢ΣΞ
    • ػցֶशɾਂ૚ֶशɾ܈஌ೳ
    • ৵ೖݕ஌γεςϜͷͨΊͷάϥϑߏ଄ʹج͍ͮͨػցֶश͓ΑͼՄࢹԽ
    

    View Slide

22. 3.
    ௒ݸମܕσʔληϯλʔOSͱίϯςφ
    

    View Slide

23. 23
    দຊͷઐ໳ྖҬʹ͓͚Δ௒ݸମσʔληϯλʔ
    • ௒ݸମܕσʔληϯλʔʹ޲͚ͨσʔληϯλʔOSͱίϯςφ
    • ࣮༻తͳWebAppɼWordPressͱ͔ɼΛ͏·͘ಈ͔͍ͨ͠ͱ͍͏είʔϓ
    • ComputeͱDataͷ͏ͪCompute-Intensiveʹ·ͣ͸ண໨
    • ෼ࢄͨ͠σʔληϯλʔ্ʹಁաతʹ෼ࢄىಈ͢Δίϯςφ܈͕ඞཁ
    • ߴ౓ʹ෼ࢄͨ͠σʔληϯλʔ্ʹOSͷΑ͏ͳബ͍ϨΠϠʔ͕ඞཁ
    • ௒ݸମܕσʔληϯλʔOS্ʹϓϩηεͱεϨου͕ଘࡏ
    → ͜Ε͕ҰͭͷݚڀςʔϚʹͳΔ
    

    View Slide

24. 24
    ࠓίϯςφͷ໘ന͍ͱ͜Ζ
    • Ϋϥ΢υɾϗεςΟϯάۀքʹ͍ͨࣗ෼ͱͯ͠ཁૉٕज़͸͜Ε·Ͱͱಉ͕ͩ͡
    • ίϯςφΛऔΓר͘ΤίγεςϜ΍ඪ४Խ͕ੈքͰڠௐͯ͠ਐΈ࢝Ί͍ͯΔ
    • kubernetesɺistioͳͲͷαʔϏεϝογϡɺϚΠΫϩαʔϏε΁ͷ׆༻
    • Open Container Initiative(OCI)ɺContainer Runtime Interface(CRI)
    • CNCFΛத৺ʹ͜ΕΒͷݚڀɾઃܭɾ։ൃɾඪ४Խ͕੝ΜʹߦΘΕ͍ͯΔ
    • ಛʹΦʔέετϨʔγϣϯ΍࣮ݱࠔ೉ͩͬͨͱ͜ΖΛօͰڠྗͯٞ͠࿦ɾ։ൃ
    • ΞΧσϛΞͱاۀ͕ڠྗͯ͠ݚڀΛ࢝͠Ί͍ͯΔ
    

    View Slide

25. 25
    ಁաੑͱίϯςφͷϦΞΫςΟϒੑ
    • σʔληϯλʔΛಁաత͔ͭ༗ػతʹίϯςφ͕ॲཧΛߦ͏ඞཁ͕͋Δ
    • ༷ʑͳίϯςφϥϯλΠϜΛϓϩηε΍εϨουͱݟཱͯΔ
    • ίϯςφ͕ϦΞΫςΟϒʹঢ়ଶΛม͑ΒΕΔΑ͏ʹ͢Δඞཁ͕͋Δ
    • ࣄલ༧ଌతͰ͸ͳ͘൓ԠతʹΞΫηεมԽͱϦιʔεׂ౰ΛҰகͤ͞Δ
    • ௒ݸମతʹߴ౓ʹ෼ࢄͨ͠σʔληϯλʔΛލ͍ͩ༗ػతͳ࿈ܞ
    • ίϯςφؒͷ࿈ܞ΍αʔό΍σʔληϯλʔؒΛߴ଎Ҡಈ͢Δඞཁ͕͋Δ
    • ϓϩηε΍εϨουͷΑ͏ͳOSΛʹ͓͚ΔϦΞΫςΟϒੑ͕ٻΊΒΕ͍ͯ͘
    

    View Slide

26. 26
    দຊͷݚڀʹ͓͚Δ௒ݸମܕOSͷείʔϓ
    1. ௒ݸମܕσʔληϯλʔOSͷϓϩηε΍εϨουͱͯ͠ͷίϯςφΛఆٛ
    2. ϓϩηε΍εϨουͱͯ͠ͷίϯςφΛϦΞΫςΟϒʹૢ࡞Մೳ
    3. ௒ݸମܕσʔληϯλʔOSͷίϯςφΛಁաతʹ؅ཧ͢Δػೳͷ੔උ
    → OSػೳʹ͓͚Δεέδϡʔϥ΍ϓϩηεʹѻ͍ʹࠓճ͸ண໨
    → ίϯςφϥϯλΠϜͷOCIϥϯλΠϜʹؔ࿈ͷਂ͍ཁ݅
    

    View Slide

27. 27
    ίϯςφ࣌୅ͷWebαʔϏεج൫Ϟσϧ
    দຊ྄հ, ۙ౻Ӊஐ࿕, ࡾ୐༔հ, ྗ෢݈࣍, ܀ྛ݈ଠ࿠, FastContainer: ࣮ߦ؀ڥͷมԽʹૉૣ͘దԠͰ͖Δ߃ৗੑΛ࣋ͭγεςϜΞʔΩςΫνϟ,
    Πϯλʔωοτͱӡ༻ٕज़γϯϙδ΢Ϝ2017࿦จूɼ2017ɼ89-97ʢ2017-11-30ʣ, 2017೥12݄.
    ← ͜͜Λߋʹਂ۷Γ
    0SDIFTUSBUJPO-BZFS
    (,& &$4 .BSBUIPO ,VCFSOFUFT %PDLFS4XBSN
    4USBUFHZ-BZFS
    3BODIFS 'BTU$POUBJOFS
    4FSWJDF-BZFS
    8FC"QQMJDBUJPOPS4FSWJDFPO$POUBJOFST
    *OGSBTUSVDUVSF-BZFS
    ($1 "[VSF "84 0QFO4UBDL .FTPT #BSF.FUBM -JOVY,JU
    $POUBJOFS3VOUJNF-BZFS
    %PDLFS DPOUBJOFSE -9$ )BDPOJXB H7JTPS ,BUB$POUBJOFST
    $POUBJOFS3VOUJNF*OUFSGBDF $3*
    
    

    View Slide

28. 28
    ίϯςφϥϯλΠϜͷϨΠϠʔϞσϧԽ
    CRI
    ίϯςφϥϯλΠϜ
    ϥϯλΠϜ
    ্هͷΑ͏ʹఆٛ͞ΕΔ͜ͱ͕ଟ͍
    ͕ɺίϯςφϥϯλΠϜͷதʹruncͳ
    ͲͷϥϯλΠϜ͕͋Δͱ͍͏ͷ͸গ͠
    Θ͔Γʹ͍͘ɻ
    CRI
    CRIϥϯλΠϜ
    OCI
    OCIϥϯλΠϜ
    ίϯςφϥϯλΠϜ
    ΛϥϯλΠϜͷ໾ׂ
    ͰϨΠϠʔϞσϧԽ
    CRIϥϯλΠϜͱOCIϥϯλΠϜͱఆٛ※1ɻ͜ͷ2ͭ
    ͷϥϯλΠϜΛ·ͱΊͯίϯςφϥϯλΠϜͱ͢
    Δɻ
    CRI : Container Runtime Interface
    OCI: Open Container Initiative Runtime/Image Format Specification
    ※1 Google CloudͷIan Lewisࢯ͸CRIϥϯλΠϜΛHigh-Level RuntimeɺOCIϥϯλΠϜΛLow-Level Runtimesͱఆٛ
    https://www.ianlewis.org/en/container-runtimes-part-1-introduction-container-r
    

    View Slide

29. 29
    ίϯςφपลͷجຊϨΠϠʔϞσϧ
    ΦʔέετϨʔγϣϯ
    CRI
    CRIϥϯλΠϜ
    OCI
    OCIϥϯλΠϜ
    Podͱίϯςφ܈
    CRIܦ༝ͰΦʔέετϨʔγϣϯʹجͮ
    ͖ίϯςφߏ੒৘ใΛड͚औͬͨΓίϯ
    ςφΠϝʔδΛ؅ཧ͢ΔCRIϥϯλΠϜ
    ʢcri-oɺcontainerdͳͲʣ
    ίϯςφͷߏ੒৘ใ΍ΠϝʔδͳͲ͔Β
    ίϯςφͷϦιʔεׂ౰΍ݖݶ෼཭Λ
    ߦͬͯίϯςφΛىಈͤ͞ΔOCIϥϯλ
    ΠϜʢrunCɺrunscɺrunncɺrunVɺ
    kata-runtimeɺcc-runtimeͳͲʣ
    

    View Slide

30. 30
    ྫɿίϯςφपลͷجຊϨΠϠʔϞσϧ
    kubelet
    CRI
    containerd
    OCI
    runC
    Podͱίϯςφ܈
    ίϯςφͷߏ੒৘ใ΍ΠϝʔδͳͲ͔Β
    ίϯςφͷϦιʔεׂ౰΍ݖݶ෼཭Λ
    ߦͬͯίϯςφΛىಈͤ͞ΔOCIϥϯλ
    ΠϜʢrunCɺrunscɺrunncɺrunVɺ
    kata-runtimeɺcc-runtimeͳͲʣ
    CRIͱOCIʹ४ڌ͍ͯ͠Ε͹ɺ
    ΦʔέετϨʔγϣϯ૚͸
    kubernetesΛ࢖͍ͭͭɺ޷͖ʹ
    CRIϥϯλΠϜ΍OCIϥϯλΠϜ
    Λஔ͖׵͑Մೳ
    CRIܦ༝ͰΦʔέετϨʔγϣϯʹجͮ
    ͖ίϯςφߏ੒৘ใΛड͚औͬͨΓίϯ
    ςφΠϝʔδΛ؅ཧ͢ΔCRIϥϯλΠϜ
    ʢcri-oɺcontainerdͳͲʣ
    

    View Slide

31. 31
    OCIϥϯλΠϜʹ͓͚ΔPodͱίϯςφ
    • kubernetes͸ΦʔέετϨʔγϣϯπʔϧͱͯ͠CNCFʹΑΔඪ४Խ͕ਐΉ
    • ૬ޓʹ઀ଓੑͷ͋Δෳ਺ͷίϯςφΛแׅ͢ΔPod
    • Podͱ͍͏ۭؒ୯ҐͰίϯςφΛͲͷΑ͏ʹσϓϩΠ͢Δ͔
    • PodʹٻΊΒΕΔཁ݅
    • ηΩϡϦςΟɾੑೳɾαʔό΁ͷऩ༰ޮ཰ͳͲ
    • Pod΍ίϯςφͷ࣮ࡍతͳಈ࡞Λ࣮ݱ͢Δͷ͸OCIϥϯλΠϜ
    

    View Slide

32. 4.
    ίϯςφͷOCIϥϯλΠϜͷαʔϕΠͱ࣮ݧ
    

    View Slide

33. 33
    OCIίϯςφϥϯλΠϜͷαʔϕΠͱ࣮ݧ
    • runCɼgVisorɼNabla-ContainersɼFirecrackerɼKata-Containersͷݱঢ়ௐࠪ
    • 2019೥3݄࣌఺
    • Hello Worldͱloop͢ΔDockerΠϝʔδΛ࡞੒
    • ֤छOCIίϯςφϥϯλΠϜͰHello World(Cݴޠ)Λ࣮ߦ
    • TimeίϚϯυͰPodىಈ+ίϯςφىಈ+Hello worldͷ࣮ߦ࣌ؒΛܭଌ
    • loopίϯςφΛىಈͤͯ͞ϝϞϦαΠζʢRSSʣΛܭଌ
    • ࣮ݧϗετɿEC2 i3.metal Πϯελϯε, 72 vCPUsɼ512 GB ϝϞϦ
    

    View Slide

34. 34
    OCIίϯςφϥϯλΠϜίϚϯυͷ௚઀࣮ߦ
    time sudo runc run bundle
    time sudo runsc -log /dev/null run bundle
    time sudo kata-runtime run bundle
    cid=`sudo docker create mizzy/hello:latest`
    mkdir -p bundle/rootfs
    sudo docker export $cid | tar -C bundle/rootfs -xvf -
    

    View Slide

35. 35
    OCIίϯςφϥϯλΠϜίϚϯυͷ௚઀࣮ߦ
    kubelet
    CRI
    containerd
    OCI
    runC
    Podͱίϯςφ܈
    

    View Slide

36. ϝοηʔδ
    ηΩϡϦςΟ ࣮૷ྫ
    helloworldੑೳ
    (Pod+ίϯςφىಈ଎౓)
    ऩ༰ޮ཰
    (1ίϯςφ͋ͨΓͷϝϞ
    ϦͷϑοτϓϦϯτ)
    ϓϩηεܕ ωʔϜεϖʔεͷִ཭ runC 0.159 s runc: 10216 KB
    ߹ܭ໿ 10 MB
    αϯυϘοΫεܕ
    ϢʔβϥϯυΧʔωϧ
    γεςϜίʔϧΞΫηε੍ޚ
    gVisor(runsc) 0.197 s
    runsc: 117748 KB
    runsc-gopher: 13028 KB
    runsc-sandbox: 18404 KB
    ߹ܭ໿ 150 MB
    ϢχΧʔωϧܕ
    ϢχΧʔωϧ෼཭
    (ઐ༻appΠϝʔδͱ࠷௿ݶͷγ
    εςϜίʔϧ੍ݶ)
    Nabla-Containers(runnc)
    runncͷ࢓༷͕ίϯςφ࣮ߦ׬
    ྃΛ଴ͨͳ͍ͨΊະܭଌ
    runncͷ࢓༷͕ίϯςφ࣮ߦ׬
    ྃΛ଴ͨͳ͍ͨΊະܭଌ
    microVMܕ
    microVM
    (virtio-net,virtio-blockɼserial
    console, a 1-button key-board
    controller)
    Firecracker
    runc૬౰ͷίϚϯυͱݱ࣌఺Ͱ
    ௚઀࿈ܞͰ͖ͳ͍ͨΊະܭଌ
    runc૬౰ͷίϚϯυͱݱ࣌఺Ͱ
    ௚઀࿈ܞͰ͖ͳ͍ͨΊະܭଌ
    VMܕ VM Kata-Containers 1.392 s
    kata-runtime: 28424 KB
    qemu-lite-system-x86_64:
    222208 KB
    kata-proxy: 6884 KB
    kata-shim: 19124 KB
    ߹ܭ໿ 280 MB
    

    View Slide

37. 37
    containerdΛܦ༝࣮ͨ͠ߦ
    time sudo ctr run \
    --rm --runtime io.containerd.runc.v1 \
    docker.io/mizzy/hello:latest \
    foo /hellotime sudo ctr run \
    --rm \
    --runtime io.containerd.runsc.v1 docker.io/mizzy/hello:latest ba /hello
    time sudo ctr run \
    --rm \
    --runtime io.containerd.kata.v2 \
    docker.io/mizzy/hello:latest baz /hello
    time sudo ctr run \
    --rm \
    --runtime io.containerd.runtime.v1.linux \
    docker.io/mizzy/hello:latest foo /hello
    time sudo ctr run \
    --rm \
    --snapshotter firecracker-naive \
    --runtime aws.firecracker \
    docker.io/mizzy/hello:latest foo /hello
    

    View Slide

38. 38
    containerdΛܦ༝࣮ͨ͠ߦ
    kubelet
    CRI
    containerd
    OCI
    runC
    Podͱίϯςφ܈
    

    View Slide

39. ϝοηʔδ
    ηΩϡϦςΟ ࣮૷ྫ
    helloworldੑೳ
    (Pod+ίϯςφىಈ଎౓)
    ऩ༰ޮ཰
    (1ίϯςφ͋ͨΓͷϝϞϦͷ
    ϑοτϓϦϯτ)
    ϓϩηεܕ ωʔϜεϖʔεͷִ཭ runC 0.361 s ctr: 26592 KB
    ߹ܭ໿ 26 MB
    αϯυϘοΫεܕ
    ϢʔβϥϯυΧʔωϧ
    γεςϜίʔϧΞΫηε੍ޚ
    gVisor(runsc) 0.422 s
    ctr: 26600 KB
    runsc: 12296 KB
    containerd-shim-runsc-v1: 6908 KB
    runsc-gopher: 12296 KB
    runsc-sandbox: 18124 KB
    ߹ܭ໿ 75 MB
    ϢχΧʔωϧܕ
    ϢχΧʔωϧ෼཭
    (ઐ༻appΠϝʔδͱ࠷௿ݶͷ
    γεςϜίʔϧ੍ݶ)
    Nabla-Containers(runnc)
    containerd shim API v2ʹରԠ͠
    ͍ͯͳ͍ͨΊܭଌෆՄ
    containerd shim API v2ʹରԠ͍ͯ͠
    ͳ͍ͨΊܭଌෆՄ
    microVMܕ
    microVM
    (virtio-net,virtio-blockɼ
    serial console, a 1-button
    key-board controller)
    Firecracker
    (naive snapshotter)
    8.117 s
    ctr: 26120 KB
    containerd-shim-aws-firecracker:
    13748 KB
    firecracker: 59152 KB
    ߹ܭ໿ 100 MB
    (native_snapshotter: 11400 KB)
    VMܕ VM Kata-Containers 1.570 s
    ctr: 26572 KB
    containerd-shim-kata-v2
    : 19780 KB
    qemu-lite-system-x86_64: 195864 KB
    ߹ܭ໿ 241 MB
    

    View Slide

40. 40
    dockerdΛܦ༝࣮ͨ͠ߦ
    time sudo docker run --rm mizzy/hello:latest /hello
    time sudo docker run --rm --runtime=runsc mizzy/
    hello:latest /hello
    time sudo docker run --rm --runtime=kata-runtime mizzy/
    hello:latest /hello
    time sudo docker run --rm --runtime=runnc mizzy/
    hello:latest /hello.nabla
    time sudo docker run --rm --runtime=kata-fc mizzy/
    hello:latest /hello
    

    View Slide

41. 41
    dockerdΛܦ༝࣮ͨ͠ߦ
    dockerd
    docker-containerd
    OCI
    runC
    Podͱίϯςφ܈
    docker
    

    View Slide

42. ϝοηʔδ
    ηΩϡϦςΟ ࣮૷ྫ
    helloworldੑೳ
    (Pod+ίϯςφىಈ଎౓)
    ऩ༰ޮ཰
    (1ίϯςφ͋ͨΓͷϝϞϦͷ
    ϑοτϓϦϯτ)
    ϓϩηεܕ ωʔϜεϖʔεͷִ཭ runC 0.847 s
    docker: 50356 KB
    containerd-shim: 6124 KB
    ߹ܭ໿ 56 MB
    αϯυϘοΫεܕ
    ϢʔβϥϯυΧʔωϧ
    γεςϜίʔϧΞΫηε੍ޚ
    gVisor(runsc) 1.034 s
    docker: 50532 KB
    cintainerd-shim: 5812 KB
    runsc-gopher: 12296 KB
    runsc-sandbox: 18124 KB
    ߹ܭ໿ 85 MB
    ϢχΧʔωϧܕ
    ϢχΧʔωϧ෼཭
    (ઐ༻appΠϝʔδͱ࠷௿ݶͷ
    γεςϜίʔϧ੍ݶ)
    Nabla-Containers(runnc) 0.897 s
    docker: 50720 KB
    containerd-shim: 5512 KB
    nabla-run: 6684 KB
    ߹ܭ໿ 62 MB
    microVMܕ
    microVM
    (virtio-net,virtio-blockɼ
    serial console, a 1-button
    key-board controller)
    Firecracker
    (devmapper snapshotter)
    (Kata plugin)
    3.889 s
    docker: 1170808 KB
    docker-containerd-shim: 9960 KB
    kata-shim: 455664 KB
    firecracker: 145952 KB
    ߹ܭ໿ 1700 MB
    VMܕ VM Kata-Containers 2.415 s
    docker: 51056 KB
    containerd-shim: 6060 KB
    qemu-lite-system-x86_64: 227316 KB
    kata-proxy: 6132 KB
    kata-shim: 19536 KB
    ߹ܭ໿ 310 MB
    

    View Slide

43. 43
    Pod͓Αͼίϯςφͷىಈ࣌ؒͱAppੑೳ
    • VM΍MicroVMΞϓϩʔν͸Podىಈʹ͕͔͔࣌ؒΔ
    • Pod͕ىಈͯ͠͠·͑͹AppͷΞΫηε੍ޚ͸ݫີͰͳ͍
    • ίϯςφ্ͷWebApp͸ൺֱతੑೳ͕ߴ͘ͳΔ
    • αϯυϘοΫ΍ϢχΧʔωϧͷΞϓϩʔν͸Podىಈ͸଎͍
    • AppͷγεςϜίʔϧ΍ϑΝΠϧΞΫηεΛ؂ࢹ͠ݫີʹΞΫηε੍ޚ
    • ίϯςφ্ͷWebApp͸ൺֱతੑೳ͕௿͘ͳΔ
    → ίϯςφͰಈ࡞͢ΔΞϓϦέʔγϣϯͷੑೳΛࠓޙ͸ܭଌ͍ͯ͘͠༧ఆ
    

    View Slide

44. 44
    ௒ݸମܕσʔληϯλʔʹ͓͚Δίϯςφ
    • ඞཁͳͱ͖΍ཁ݅ʹ߹Θͤͯద੾ͳOCIϥϯλΠϜͰىಈ
    • OSʹ͓͚Δϓϩηε΍εϨουͷ࢖͍ํͱಉ༷
    • ίϯςφىಈ଎౓ͱىಈޙͷΞϓϦέʔγϣϯ଎౓ͷτϨʔυΦϑΛٞ࿦
    • ֎తͳΞΫηε܏޲΍༧ଌͰ͖ͳ͍มԽʹϦΞΫςΟϒʹରԠͤ͞Δ
    • ϓϩηε΍εϨουؒͷ࿈ܞʹ͓͍ͯ΋ϗετಁաతʹॲཧ͢Δ
    • ߴ଎ʹίϯςφͷঢ়ଶΛมԽͤͨ͞ΓҠಈ͢Δݚڀ͕ඞཁ[1]
    [1] দຊ྄հɾ௶಺༎थɾٶԼ߶ี, CRIUΛར༻ͨ͠HTTPϦΫΤετ୯ҐͰίϯςφΛ࠶഑ஔͰ͖Δ௿ίετͰߴ଎ͳεέ
    δϡʔϦϯάख๏, IOT44, 2019೥3݄.
    

    View Slide

45. 5.
    ·ͱΊ
    

    View Slide

46. 46
    ௒ݸମܕσʔληϯλʔOSΛ໨ࢦͯ͠
    • ௒ݸମܕσʔληϯλʔͷίϯηϓτΛ঺հ
    • σʔληϯλʔػೳ͕ࣾձʹ༹͚ࠐΈͳ͕ΒΫϥ΢υͷϚγϯύϫʔΛ׆༻
    • ۩ମతͳϏδϣϯΛ঺հ
    • σʔληϯλʔͱίϯςφͷεέδϡʔϦϯάͷ؍఺Ͱٞ࿦
    • ϦΞΫςΟϒʹঢ়ଶΛมߋՄೳʹ͢Δॏཁੑʹ͍ͭͯݕ౼
    • ֤ࣾͷίϯςφͷOCIϥϯλΠϜ࣮૷ͷ঺հͱݱঢ়ͷ࣮ݧతධՁ
    • ίϯςφΛεϨου΍ϓϩηεͱݟཱͯͨ৔߹ͷ෼ྨΛ੔ཧ
    

    View Slide

47. 47
    ࠓޙͷ՝୊ͱݕ౼
    • OCIϥϯλΠϜͷ෼ྨʹ͓͍ͯߋʹߟ࡯
    • ΋ͬͱద੾ͳPodͱίϯςφͷ͋Γํ͕ͳ͍͔
    • ूੵ཰ɾੑೳɾηΩϡϦςΟɾ࢖͍΍͢͞ͷόϥϯεΛ͞Βʹݕ౼͢Δ
    • Podͷىಈͷ଎౓ͱίϯςφͷΞΫηε੍ޚͷੑೳͷόϥϯεΛٞ࿦
    • ߴ౓ʹ෼ࢄ͞Εͨίϯςφͷ৘ใΛ؅ཧ͢Δ࿮૊Έͷઃܭͱ࣮૷
    • ps΍topίϚϯυͷΑ͏ͳ΋ͷ͔ΒΑΓߴ౓ͳπʔϧ·Ͱ
    • ϓϩηε΍εϨουͷѻ͍Λศརʹ͢Δ֓೦ͳͲͷݕ౼
    

    View Slide