Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Compare OCI Runtimes
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Gosuke Miyashita
March 22, 2019
Technology
1.7k
2
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Compare OCI Runtimes
Gosuke Miyashita
March 22, 2019
More Decks by Gosuke Miyashita
See All by Gosuke Miyashita
なぜインフラコードのモジュール化は難しいのか - アプリケーションコードとの本質的な違いから考える
mizzy
71
36k
Serverspec(をつくった自分)のそれまでとその後
mizzy
9
3.3k
A method for separating policy definition and behavior control by an intermediate language to achieve optimal server configuration management according to the situation
mizzy
3
310
Past and future of Infrastructure as Code
mizzy
0
370
Configuration Managementツールのポリシー定義用中間言語に関する考察/Considerations about an intermediate language of configuration management tools
mizzy
0
520
Infrastructure as Codeのこれまでとこれから/Infra Study Meetup #1
mizzy
28
13k
エンジニアかつ研究者としての今後のキャリアについて/My Career As An Engineer And A Researcher
mizzy
0
460
Serverspec and OSS at IEICE Society Conference 2018
mizzy
2
380
House Meetup
mizzy
7
3.6k
Other Decks in Technology
See All in Technology
スタートアップにAmazon EKSは早すぎる? マルチプロダクト戦略を加速する Platform Engineeringの実践 / Is Amazon EKS Too Soon for Startups? Practical Platform Engineering to Accelerate a Multi-Product Strategy
elmodev09
1
1.9k
SRE歴2ヶ月でも開発6年の知見を活かして、チームで止まっていた環境改善を前に進めた話
a_ono
0
110
AI時代のコスト管理を考えよう〜明日から使える実践AWSノウハウ~
yoshimi0227
0
950
Fabricをフル活用する AI Agent Hub -製造業特化AIエージェントの設計
iotcomjpadmin
0
150
クレデンシャル流出 ― 攻撃 3 時間 vs 復旧 10 時間。この非対称性にどう備えるか
kazzpapa3
3
620
AWS Security Hub CSPMの成功・失敗体験
cmusudakeisuke
0
590
PostgreSQL 19 新機能概要 OSC Hokkaido 2026
nori_shinoda
0
260
千葉での単身赴任からAWSをやり続け、千葉に戻ってきた話
yama3133
1
120
徹底討論!ECS vs EKS!
daitak
3
1.8k
UIパーツの設計を「型」から読み解く 〜TSKaigiのセッションから得た学び〜
yud0uhu
0
100
iOS アプリの「これって不具合ですか?」を AI に調べてもらう
miichan
0
150
Deep Data Security 機能解説
oracle4engineer
PRO
2
230
Featured
See All Featured
Producing Creativity
orderedlist
PRO
348
40k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
130k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.4k
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
aleyda
1
2.1k
Everyday Curiosity
cassininazir
0
240
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
170
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
659
62k
Product Roadmaps are Hard
iamctodd
PRO
55
12k
Color Theory Basics | Prateek | Gurzu
gurzu
0
370
Learning to Love Humans: Emotional Interface Design
aarron
275
41k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Navigating Weather and Climate Data
rabernat
0
240
Transcript
͘͞ΒΠϯλʔωοτגࣜձࣾ (C) Copyright 1996-2019 SAKURA Internet Inc ͘͞ΒΠϯλʔωοτݚڀॴ OCIϥϯλΠϜൺֱͷͨΊʹ ͍ͬͯΔ͜ͱ͋Ε͜Ε
2019/03/22 ٬һݚڀһ ٶԼ ߶ี runc, gVisor, Kata Containers Nabla Containers, Firecrackerൺֱ
1. ͡Ίʹ
3 ɾݱࡏOCIϥϯλΠϜͷൺֱʹऔΓΜͰ͍Δ ɾൺֱ߲ɺىಈ࣌ؒɺϝϞϦαΠζɺύϑΥʔϚϯεͳͲ ɾϥϯλΠϜຖʹบ͕͋Γɺಉ݅͡Ͱൺֱ͢Δͷ͕؆୯Ͱͳ͍ ɾ۩ମతʹͬͨ͜ͱɺͱ͘ʹ·ͬͨ͜ͱڞ༗͍ͨ͠ ɾܭଌ݁Ռͷڞ༗͜ͷൃදͷతͰͳ͍ ɾݱࡏͷܭଌ݁Ռʹ͍ͭͯmatsumotory͞ΜͷεϥΠυࢀর ɾhttps://speakerdeck.com/matsumoto_r/chao-ge-ti-xing- detasentaostoocirantaimu ͓͢͠Δ༰
1. ܭଌ४උͰ·ͬͨ͜ͱ
ίϯςφͰಈ͔͢όΠφϦ࡞
6 ɾൺֱ݅Λἧ͑ΔͷͱɺϥϯλΠϜͦͷͷͷੑ࣭Λଌఆ͍ͨ͠ͷ Ͱɺ୯७ͳϓϩάϥϜΛ༻ҙ ɾhello.c ɾHelloͱදࣔ͢Δ͚ͩͷϓϩάϥϜ ɾىಈ࣌ؒଌఆ༻ ɾloop.c ɾແݶϧʔϓ͢ΔϓϩάϥϜ ɾϝϞϦαΠζଌఆ༻ ίϯςφͰಈ͔͢όΠφϦ
7 hello.c #include <stdio.h> void main() { printf("Hello\n"); }
8 loop.c #include <stdio.h> void main() { int i =
0; while(1) { printf("%d\n", i++); } }
9 ɾNabla ContainersϥΠϒϥϦOSʢϢχΧʔωϧʣܕΞϓϩʔνͷ ϥϯλΠϜ ɾ࣮ߦόΠφϦͱΧʔωϧ͕ҰମԽ ɾͳͷͰNabla Containers༻όΠφϦผʹ༻ҙ͢Δඞཁ͕͋Δ ɾx86_64-rumprun-netbsd-gcc -o hello.out
hello.c ɾrumprun-bake solo5_ukvm_seccomp hello.nabla hello.out ɾ৽͠ͷϦϏδϣϯͩͱsolo5_ukvm_seccompͰͳ͘spt Nabla Containers༻όΠφϦ
10 ɾnabla-containers/solo5ΛίϯύΠϧͯ͠Ͱ͖ͨsolo5.oΛ/usr/lib/ libsolo5_seccomp.aʹίϐʔ ɾnabla-containers/runnc ϦϏδϣϯb78fe29Λར༻ ɾnabla-containers/rumprunϦϏδϣϯ8b01b3Λར༻ ɾߋʹҎԼͷύονΛ͋ͯΔ ɾhttps://github.com/rumpkernel/rumprun/issues/122 ɾhttps://github.com/rumpkernel/rumprun/pull/118 Nabla༻όΠφϦͷϏϧυ
11 ɾrumprun-bakeίϚϯυʹύον ɾ࠷ޙʹ࣮ߦͯ͠ΔίϚϯυʹ-L/usr/libΛՃ ɾhttps://blog.cloudkernels.net/posts/build-a-nabla-docker-image/ ɾ͜ͷखॱʹ͕ͨͬͯ͠࠷৽ͷϦϏδϣϯͰϏϧυͯ͠͏·͘ಈ͔ ͳ͔ͬͨ ɾSolo5: ABORT: spt/net.c:36: Assertion
`netfd >= 0' failed Nabla༻όΠφϦͷϏϧυʢ͖ͭͮʣ
Kata Containersͷόʔδϣϯ
13 ɾhttps://github.com/kata-containers/documentation/blob/master/ install/ubuntu-installation-guide.md ɾܭଌ༻ϗετʹUbuntuΛར༻ͨ͠ͷͰ͜ͷखॱʹैͬͨ ɾhttp://download.opensuse.org/repositories/home:/ katacontainers:/releases:/${ARCH}:/master/xUbuntu_$ (lsb_release -rs)/ ͕aptϦϙδτϦͱͯ͠ઃఆ͞ΕΔ ɾ͕ɺ͜Εͩͱ1.6rc1͕Πϯετʔϧ͞Ε·ͱʹಈ͔ͳ͔ͬͨ
ɾs/master/stable-1.5/ Ͱղܾ Kata ContainersͷΠϯετʔϧ
1. ܭଌ࣌ʹ·ͬͨ͜ͱ
ϥϯλΠϜίϚϯυ࣮ߦͰͷܭଌ
16 ɾ༨ͳϨΠϠʔΛল͍ͯͳΔ͘ૉͷঢ়ଶͰͷܭଌ͕త ɾOCI Filesystem BundleΛ༻ҙ ɾdocker export `docker create mizzy/hello`
| tar -C bundle/rootfs - xvf - Ͱrootfsੜ ɾrunc specͰconfig.jsonੜ ϥϯλΠϜίϚϯυ࣮ߦͰͷܭଌ
17 ɾrunc, gVisor, Kata Containers, Nabla ContainersʹOCI Filesystem BundleΛ࣮ߦ͢ΔίϚϯυ͕͋Δ ɾFirecrackerʹ(·ͩ?)ଘࡏ͠ͳ͍ͬΆ͍
ɾͳͷͰFirecracker࣮ߦํࣜͰܭଌͰ͖ͳ͔ͬͨ ɾkata-fc͑Ͱ͖ͦ͏ʢະணखʣ ɾhttps://github.com/kata-containers/documentation/wiki/Initial- release-of-Kata-Containers-with-Firecracker-support OCI Filesystem Bundle࣮ߦίϚϯυ
18 ɾrunncଞͷίϚϯυͱҧ͍runαϒίϚϯυ͕ͳ͍ ɾcreateͯ͠start͢Δඞཁ͕͋Δ ɾtime runnc startͰܭଌ͠Α͏ͱ͢Δͱίϯςφ࣮ߦऴྃલʹtime ͷ݁Ռ͕ฦΔ → ྑ͍ܭଌํ๏ࡧத ɾconfig.jsonͷhooks.prestartͰωοτϫʔΫ·ΘΓͷઃఆΛߦ͏ඞ
ཁ͕͋Δ ɾhttps://github.com/nabla-containers/runnc/issues/53 ɾconfig.jsonͰࢦఆ͢Δroot.path͕૬ରύεͩͱಈ͔ͳ͍ Nabla Containersׂ͕ͱۂऀ
containerdͷctrίϚϯυͰͷܭଌ
20 ɾϥϯλΠϜίϚϯυ࣮ߦͰͯ͢ͷϥϯλΠϜΛܭଌͰ͖ͳ ͔ͬͨͷͰҧ͏ΞϓϩʔνͰܭଌ ɾ͜͜ͰNabla Containersͷนཱ͕͔ͪͩΔ ɾଞͷϥϯλΠϜShim API v2ʹରԠ͍ͯ͠Δ ɾctr run
—runtime=io.containerd.kata.v2 Έ͍ͨʹ࣮ߦͰ͖Δ ɾrunncShim API v2ʹରԠ͍ͯ͠ͳ͍ containerdͷctrίϚϯυͰͷܭଌ
21 ɾ/etc/containerd/config.toml ɾctr run --runtime io.containerd.runtime.v1.linux Ͱ࣮ߦ ผͷํ๏Ͱ࣮ߦΛࢼΈΔ [plugins] [plugins.linux]
shim = "containerd-shim" runtime = "/usr/local/bin/runnc"
22 ɾctr: OCI runtime create failed: runnc did not terminate
sucessfully: unknown ɾrunnc͕panic: Insufficient uniqueness in IDΛు͍ͯΔ ɾཁ͢Δʹίϯςφ໊͕͍ ɾϩάʹ͜Ε͕ݟ͋ͨΒͳ͍ͷͰΘ͔Γʹ͍͘ ɾERR: could not create tapabcdefg12345: no master interface: Link not found ɾίϯςφ໊Λ͘͢Δͱࠓ͜ͷΤϥʔ ɾ͜ΕҎ্·ͩௐࠪͰ͖͍ͯͳ͍ ࣮ߦ݁Ռ
dockerίϚϯυͰͷܭଌ
24 ɾϥϯλΠϜίϚϯυ࣮ߦͰͷܭଌɺctrίϚϯυͰͷܭଌɺͱ ʹͯ͢ͷϥϯλΠϜΛܭଌ͢Δ͜ͱ͕Ͱ͖ͳ͔ͬͨ ɾͷͰ࣍dockerίϚϯυͰτϥΠ dockerίϚϯυͰͷܭଌ
25 ɾFirecrackerͷಈ͔͠ํ͚ͩΘ͔ΒΜɺͱࢥͬͨΒudzura͞ΜʹΑΔ φΠεࢿྉ͕ ɾhttps://speakerdeck.com/udzura/firecracker-from-low-layer-to- hight?slide=14 ɾKata ContainersͰFirecrackerΛಈ͔͢kata-fcΛར༻ ɾhttps://github.com/kata-containers/documentation/wiki/Initial- release-of-Kata-Containers-with-Firecracker-support ɾDockerͷdevicemapperαϙʔτ͕ඞཁ͕ͩɺݱࡏ࠷৽ͷ18.09͕
devicemapperରԠ͍ͯ͠ͳ͍ͷͰɺ18.06Λར༻͢Δඞཁ͋Γ Docker + Firecraker
26 ɾ࠷ॳҙຯ͕Θ͔Βͳ͔ͬͨ ɾ͑ɺͲͬͪOCIϥϯλΠϜ͡Όͳ͍ͷʁ ɾFiracrackerϚΫϩͳࢹͰݟΔͱOCIϥϯλΠϜͱͯ͠ݟΔ͜ͱ Ͱ͖Δ͕ϛΫϩͳࢹͰݟΔͱVMM ɾKata ContainersVMͰίϯςφΛىಈ͢ΔΞϓϩʔνͷOCIϥ ϯλΠϜ ɾVMMͱͯ͠σϑΥϧτͰQEMUΛར༻͢Δ͕ࠩ͠ସ͑Մೳ ɾͭ·ΓKata
ConͷVMMΛFirecrackerʹࠩ͠ସ͑Δ͜ͱ͕Ͱ͖Δ Kata Containers + Firecracker?
ctrͱdockerͰFirecrackerͷ ىಈ͕࣌ؒఆͱҟͳΔ
28 ɾctr: real 0m6.320s ɾdocker: real 0m4.105s ɾdockerͷํ͕ɺdockerdΛܦ༝͢Δ͘ͳΓͦ͏ͳͷʹͳͥʁ ɾctrnaive snapshotterΛར༻
ɾdockerdevicemapperΛར༻ ɾctrͰdevmapper snapshotterΛར༻͢Εಉ݅͡ͰൺֱͰ͖ͦ͏ ɾ→ ະணख ctrͱdockerͰͷFirecrackerىಈ࣌ؒ
1. ίετ
30 ɾݕূڥΛVagrant+VirtualBoxͰߏங ɾKataͱFirecrackerKVM͕ඞཁ ɾVirtualBoxͰKVMಈ͔ͳ͍ ɾVMWare Fusion + Vagrant VMWare ProviderΛߪೖ
ɾVMWare Fusion: 9,925ԁ ɾVagrant VMWare Provider: $79 per seat ׂͱ͓͕͔͔ۚΔ (on macOS)
31 ɾVagrant + VMWare FusionͰmodprobe vhost_vsock͕Τϥʔʹ ͳͬͯ͠·͏ͷͰAWS EC2্Ͱݕূ ɾKVMΛಈ͔ͨ͢ΊʹϕΞϝλϧΠϯελϯε͕ඞཁ ɾi3.metalͰ4.992USD/࣌ؒ
ɾ1ͰBilling AlertඈΜͰདྷͨ ׂͱ͓͕͔͔ۚΔ (on AWS)
1. ࢀߟࢿྉ
33 ɾhttps://github.com/mizzy/container-playground ɾmeasurements/ ɾVagrant + VMWare FusionͰಈ͔ͯ͠Δͭ ɾcompare_on_i3_metal/ ɾVagrant +
AWS EC2 i3.metalΠϯελϯεͰಈ͔ͯ͠Δͭ ɾཧͰ͖ͯͳ͍͠ɺ௨͠Ͱvagrant provisionͯ͠ͳ͍ͷͰಈ͔ͳ ͍ͱ͜Ζ͋Γͦ͏ ɾࢼͯ͠ΈͯΘ͔Βͳ͍͜ͱ͕͋ΕԿͰฉ͍͍ͯͩ͘͞ ܭଌ༻ϦϙδτϦ
34 ɾࠓͷ͍Ζ͍ΖͳίϯςφϥϯλΠϜΛൺֱͯ͠Έͨ ɾhttps://www.slideshare.net/KoheiTokunaga/ss-123664087 ɾ֤छϥϯλΠϜͷಛൺֱͳͲͱͯࢀߟʹͳΔ ɾNabla ContainersΛಈ͔͢ʹ͋ͨͬͯͱͯࢀߟʹͳͬͨ ɾࢿྉͰܭଌʹkubernetes-sigs/cri-toolsΛར༻͍ͯ͠ΔͷͰ͜Ε ࢼͯ͠Έ͍ͨ ࢀߟࢿྉ