Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Compare OCI Runtimes
Search
Gosuke Miyashita
PRO
March 22, 2019
Technology
2
1.4k
Compare OCI Runtimes
Gosuke Miyashita
PRO
March 22, 2019
Tweet
Share
More Decks by Gosuke Miyashita
See All by Gosuke Miyashita
Serverspec(をつくった自分)のそれまでとその後
mizzy
PRO
8
3.1k
A method for separating policy definition and behavior control by an intermediate language to achieve optimal server configuration management according to the situation
mizzy
PRO
3
240
Past and future of Infrastructure as Code
mizzy
PRO
0
160
Configuration Managementツールのポリシー定義用中間言語に関する考察/Considerations about an intermediate language of configuration management tools
mizzy
PRO
0
440
Infrastructure as Codeのこれまでとこれから/Infra Study Meetup #1
mizzy
PRO
29
13k
エンジニアかつ研究者としての今後のキャリアについて/My Career As An Engineer And A Researcher
mizzy
PRO
0
390
Serverspec and OSS at IEICE Society Conference 2018
mizzy
PRO
2
280
House Meetup
mizzy
PRO
7
3.1k
Rust + Ruby/mruby
mizzy
PRO
0
1.7k
Other Decks in Technology
See All in Technology
1行のコードから社会課題の解決へ: EMの探究、事業・技術・組織を紡ぐ実践知 / EM Conf 2025
9ma3r
11
3.9k
IAMのマニアックな話2025
nrinetcom
PRO
4
960
OPENLOGI Company Profile for engineer
hr01
1
20k
Cracking the Coding Interview 6th Edition
gdplabs
14
28k
脳波を用いた嗜好マッチングシステム
hokkey621
0
290
Oracle Database Technology Night #87-1 : Exadata Database Service on Exascale Infrastructure(ExaDB-XS)サービス詳細
oracle4engineer
PRO
1
180
Share my, our lessons from the road to re:Invent
naospon
0
150
Ruby on Railsで持続可能な開発を行うために取り組んでいること
am1157154
3
160
IAMポリシーのAllow/Denyについて、改めて理解する
smt7174
2
210
急成長する企業で作った、エンジニアが輝ける制度/ 20250227 Rinto Ikenoue
shift_evolve
0
140
あなたが人生で成功するための5つの普遍的法則 #jawsug #jawsdays2025 / 20250301 HEROZ
yoshidashingo
2
300
LINE NEWSにおけるバックエンド開発
lycorptech_jp
PRO
0
270
Featured
See All Featured
The Power of CSS Pseudo Elements
geoffreycrofte
75
5.5k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
7k
Optimizing for Happiness
mojombo
376
70k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
160
15k
BBQ
matthewcrist
87
9.5k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
21
2.5k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
27
1.9k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.1k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
59k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
6
570
Faster Mobile Websites
deanohume
306
31k
Building a Modern Day E-commerce SEO Strategy
aleyda
38
7.1k
Transcript
͘͞ΒΠϯλʔωοτגࣜձࣾ (C) Copyright 1996-2019 SAKURA Internet Inc ͘͞ΒΠϯλʔωοτݚڀॴ OCIϥϯλΠϜൺֱͷͨΊʹ ͍ͬͯΔ͜ͱ͋Ε͜Ε
2019/03/22 ٬һݚڀһ ٶԼ ߶ี runc, gVisor, Kata Containers Nabla Containers, Firecrackerൺֱ
1. ͡Ίʹ
3 ɾݱࡏOCIϥϯλΠϜͷൺֱʹऔΓΜͰ͍Δ ɾൺֱ߲ɺىಈ࣌ؒɺϝϞϦαΠζɺύϑΥʔϚϯεͳͲ ɾϥϯλΠϜຖʹบ͕͋Γɺಉ݅͡Ͱൺֱ͢Δͷ͕؆୯Ͱͳ͍ ɾ۩ମతʹͬͨ͜ͱɺͱ͘ʹ·ͬͨ͜ͱڞ༗͍ͨ͠ ɾܭଌ݁Ռͷڞ༗͜ͷൃදͷతͰͳ͍ ɾݱࡏͷܭଌ݁Ռʹ͍ͭͯmatsumotory͞ΜͷεϥΠυࢀর ɾhttps://speakerdeck.com/matsumoto_r/chao-ge-ti-xing- detasentaostoocirantaimu ͓͢͠Δ༰
1. ܭଌ४උͰ·ͬͨ͜ͱ
ίϯςφͰಈ͔͢όΠφϦ࡞
6 ɾൺֱ݅Λἧ͑ΔͷͱɺϥϯλΠϜͦͷͷͷੑ࣭Λଌఆ͍ͨ͠ͷ Ͱɺ୯७ͳϓϩάϥϜΛ༻ҙ ɾhello.c ɾHelloͱදࣔ͢Δ͚ͩͷϓϩάϥϜ ɾىಈ࣌ؒଌఆ༻ ɾloop.c ɾແݶϧʔϓ͢ΔϓϩάϥϜ ɾϝϞϦαΠζଌఆ༻ ίϯςφͰಈ͔͢όΠφϦ
7 hello.c #include <stdio.h> void main() { printf("Hello\n"); }
8 loop.c #include <stdio.h> void main() { int i =
0; while(1) { printf("%d\n", i++); } }
9 ɾNabla ContainersϥΠϒϥϦOSʢϢχΧʔωϧʣܕΞϓϩʔνͷ ϥϯλΠϜ ɾ࣮ߦόΠφϦͱΧʔωϧ͕ҰମԽ ɾͳͷͰNabla Containers༻όΠφϦผʹ༻ҙ͢Δඞཁ͕͋Δ ɾx86_64-rumprun-netbsd-gcc -o hello.out
hello.c ɾrumprun-bake solo5_ukvm_seccomp hello.nabla hello.out ɾ৽͠ͷϦϏδϣϯͩͱsolo5_ukvm_seccompͰͳ͘spt Nabla Containers༻όΠφϦ
10 ɾnabla-containers/solo5ΛίϯύΠϧͯ͠Ͱ͖ͨsolo5.oΛ/usr/lib/ libsolo5_seccomp.aʹίϐʔ ɾnabla-containers/runnc ϦϏδϣϯb78fe29Λར༻ ɾnabla-containers/rumprunϦϏδϣϯ8b01b3Λར༻ ɾߋʹҎԼͷύονΛ͋ͯΔ ɾhttps://github.com/rumpkernel/rumprun/issues/122 ɾhttps://github.com/rumpkernel/rumprun/pull/118 Nabla༻όΠφϦͷϏϧυ
11 ɾrumprun-bakeίϚϯυʹύον ɾ࠷ޙʹ࣮ߦͯ͠ΔίϚϯυʹ-L/usr/libΛՃ ɾhttps://blog.cloudkernels.net/posts/build-a-nabla-docker-image/ ɾ͜ͷखॱʹ͕ͨͬͯ͠࠷৽ͷϦϏδϣϯͰϏϧυͯ͠͏·͘ಈ͔ ͳ͔ͬͨ ɾSolo5: ABORT: spt/net.c:36: Assertion
`netfd >= 0' failed Nabla༻όΠφϦͷϏϧυʢ͖ͭͮʣ
Kata Containersͷόʔδϣϯ
13 ɾhttps://github.com/kata-containers/documentation/blob/master/ install/ubuntu-installation-guide.md ɾܭଌ༻ϗετʹUbuntuΛར༻ͨ͠ͷͰ͜ͷखॱʹैͬͨ ɾhttp://download.opensuse.org/repositories/home:/ katacontainers:/releases:/${ARCH}:/master/xUbuntu_$ (lsb_release -rs)/ ͕aptϦϙδτϦͱͯ͠ઃఆ͞ΕΔ ɾ͕ɺ͜Εͩͱ1.6rc1͕Πϯετʔϧ͞Ε·ͱʹಈ͔ͳ͔ͬͨ
ɾs/master/stable-1.5/ Ͱղܾ Kata ContainersͷΠϯετʔϧ
1. ܭଌ࣌ʹ·ͬͨ͜ͱ
ϥϯλΠϜίϚϯυ࣮ߦͰͷܭଌ
16 ɾ༨ͳϨΠϠʔΛল͍ͯͳΔ͘ૉͷঢ়ଶͰͷܭଌ͕త ɾOCI Filesystem BundleΛ༻ҙ ɾdocker export `docker create mizzy/hello`
| tar -C bundle/rootfs - xvf - Ͱrootfsੜ ɾrunc specͰconfig.jsonੜ ϥϯλΠϜίϚϯυ࣮ߦͰͷܭଌ
17 ɾrunc, gVisor, Kata Containers, Nabla ContainersʹOCI Filesystem BundleΛ࣮ߦ͢ΔίϚϯυ͕͋Δ ɾFirecrackerʹ(·ͩ?)ଘࡏ͠ͳ͍ͬΆ͍
ɾͳͷͰFirecracker࣮ߦํࣜͰܭଌͰ͖ͳ͔ͬͨ ɾkata-fc͑Ͱ͖ͦ͏ʢະணखʣ ɾhttps://github.com/kata-containers/documentation/wiki/Initial- release-of-Kata-Containers-with-Firecracker-support OCI Filesystem Bundle࣮ߦίϚϯυ
18 ɾrunncଞͷίϚϯυͱҧ͍runαϒίϚϯυ͕ͳ͍ ɾcreateͯ͠start͢Δඞཁ͕͋Δ ɾtime runnc startͰܭଌ͠Α͏ͱ͢Δͱίϯςφ࣮ߦऴྃલʹtime ͷ݁Ռ͕ฦΔ → ྑ͍ܭଌํ๏ࡧத ɾconfig.jsonͷhooks.prestartͰωοτϫʔΫ·ΘΓͷઃఆΛߦ͏ඞ
ཁ͕͋Δ ɾhttps://github.com/nabla-containers/runnc/issues/53 ɾconfig.jsonͰࢦఆ͢Δroot.path͕૬ରύεͩͱಈ͔ͳ͍ Nabla Containersׂ͕ͱۂऀ
containerdͷctrίϚϯυͰͷܭଌ
20 ɾϥϯλΠϜίϚϯυ࣮ߦͰͯ͢ͷϥϯλΠϜΛܭଌͰ͖ͳ ͔ͬͨͷͰҧ͏ΞϓϩʔνͰܭଌ ɾ͜͜ͰNabla Containersͷนཱ͕͔ͪͩΔ ɾଞͷϥϯλΠϜShim API v2ʹରԠ͍ͯ͠Δ ɾctr run
—runtime=io.containerd.kata.v2 Έ͍ͨʹ࣮ߦͰ͖Δ ɾrunncShim API v2ʹରԠ͍ͯ͠ͳ͍ containerdͷctrίϚϯυͰͷܭଌ
21 ɾ/etc/containerd/config.toml ɾctr run --runtime io.containerd.runtime.v1.linux Ͱ࣮ߦ ผͷํ๏Ͱ࣮ߦΛࢼΈΔ [plugins] [plugins.linux]
shim = "containerd-shim" runtime = "/usr/local/bin/runnc"
22 ɾctr: OCI runtime create failed: runnc did not terminate
sucessfully: unknown ɾrunnc͕panic: Insufficient uniqueness in IDΛు͍ͯΔ ɾཁ͢Δʹίϯςφ໊͕͍ ɾϩάʹ͜Ε͕ݟ͋ͨΒͳ͍ͷͰΘ͔Γʹ͍͘ ɾERR: could not create tapabcdefg12345: no master interface: Link not found ɾίϯςφ໊Λ͘͢Δͱࠓ͜ͷΤϥʔ ɾ͜ΕҎ্·ͩௐࠪͰ͖͍ͯͳ͍ ࣮ߦ݁Ռ
dockerίϚϯυͰͷܭଌ
24 ɾϥϯλΠϜίϚϯυ࣮ߦͰͷܭଌɺctrίϚϯυͰͷܭଌɺͱ ʹͯ͢ͷϥϯλΠϜΛܭଌ͢Δ͜ͱ͕Ͱ͖ͳ͔ͬͨ ɾͷͰ࣍dockerίϚϯυͰτϥΠ dockerίϚϯυͰͷܭଌ
25 ɾFirecrackerͷಈ͔͠ํ͚ͩΘ͔ΒΜɺͱࢥͬͨΒudzura͞ΜʹΑΔ φΠεࢿྉ͕ ɾhttps://speakerdeck.com/udzura/firecracker-from-low-layer-to- hight?slide=14 ɾKata ContainersͰFirecrackerΛಈ͔͢kata-fcΛར༻ ɾhttps://github.com/kata-containers/documentation/wiki/Initial- release-of-Kata-Containers-with-Firecracker-support ɾDockerͷdevicemapperαϙʔτ͕ඞཁ͕ͩɺݱࡏ࠷৽ͷ18.09͕
devicemapperରԠ͍ͯ͠ͳ͍ͷͰɺ18.06Λར༻͢Δඞཁ͋Γ Docker + Firecraker
26 ɾ࠷ॳҙຯ͕Θ͔Βͳ͔ͬͨ ɾ͑ɺͲͬͪOCIϥϯλΠϜ͡Όͳ͍ͷʁ ɾFiracrackerϚΫϩͳࢹͰݟΔͱOCIϥϯλΠϜͱͯ͠ݟΔ͜ͱ Ͱ͖Δ͕ϛΫϩͳࢹͰݟΔͱVMM ɾKata ContainersVMͰίϯςφΛىಈ͢ΔΞϓϩʔνͷOCIϥ ϯλΠϜ ɾVMMͱͯ͠σϑΥϧτͰQEMUΛར༻͢Δ͕ࠩ͠ସ͑Մೳ ɾͭ·ΓKata
ConͷVMMΛFirecrackerʹࠩ͠ସ͑Δ͜ͱ͕Ͱ͖Δ Kata Containers + Firecracker?
ctrͱdockerͰFirecrackerͷ ىಈ͕࣌ؒఆͱҟͳΔ
28 ɾctr: real 0m6.320s ɾdocker: real 0m4.105s ɾdockerͷํ͕ɺdockerdΛܦ༝͢Δ͘ͳΓͦ͏ͳͷʹͳͥʁ ɾctrnaive snapshotterΛར༻
ɾdockerdevicemapperΛར༻ ɾctrͰdevmapper snapshotterΛར༻͢Εಉ݅͡ͰൺֱͰ͖ͦ͏ ɾ→ ະணख ctrͱdockerͰͷFirecrackerىಈ࣌ؒ
1. ίετ
30 ɾݕূڥΛVagrant+VirtualBoxͰߏங ɾKataͱFirecrackerKVM͕ඞཁ ɾVirtualBoxͰKVMಈ͔ͳ͍ ɾVMWare Fusion + Vagrant VMWare ProviderΛߪೖ
ɾVMWare Fusion: 9,925ԁ ɾVagrant VMWare Provider: $79 per seat ׂͱ͓͕͔͔ۚΔ (on macOS)
31 ɾVagrant + VMWare FusionͰmodprobe vhost_vsock͕Τϥʔʹ ͳͬͯ͠·͏ͷͰAWS EC2্Ͱݕূ ɾKVMΛಈ͔ͨ͢ΊʹϕΞϝλϧΠϯελϯε͕ඞཁ ɾi3.metalͰ4.992USD/࣌ؒ
ɾ1ͰBilling AlertඈΜͰདྷͨ ׂͱ͓͕͔͔ۚΔ (on AWS)
1. ࢀߟࢿྉ
33 ɾhttps://github.com/mizzy/container-playground ɾmeasurements/ ɾVagrant + VMWare FusionͰಈ͔ͯ͠Δͭ ɾcompare_on_i3_metal/ ɾVagrant +
AWS EC2 i3.metalΠϯελϯεͰಈ͔ͯ͠Δͭ ɾཧͰ͖ͯͳ͍͠ɺ௨͠Ͱvagrant provisionͯ͠ͳ͍ͷͰಈ͔ͳ ͍ͱ͜Ζ͋Γͦ͏ ɾࢼͯ͠ΈͯΘ͔Βͳ͍͜ͱ͕͋ΕԿͰฉ͍͍ͯͩ͘͞ ܭଌ༻ϦϙδτϦ
34 ɾࠓͷ͍Ζ͍ΖͳίϯςφϥϯλΠϜΛൺֱͯ͠Έͨ ɾhttps://www.slideshare.net/KoheiTokunaga/ss-123664087 ɾ֤छϥϯλΠϜͷಛൺֱͳͲͱͯࢀߟʹͳΔ ɾNabla ContainersΛಈ͔͢ʹ͋ͨͬͯͱͯࢀߟʹͳͬͨ ɾࢿྉͰܭଌʹkubernetes-sigs/cri-toolsΛར༻͍ͯ͠ΔͷͰ͜Ε ࢼͯ͠Έ͍ͨ ࢀߟࢿྉ