Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
Compare OCI Runtimes
Gosuke Miyashita
PRO
March 22, 2019
Technology
2
970
Compare OCI Runtimes
Gosuke Miyashita
PRO
March 22, 2019
Tweet
Share
More Decks by Gosuke Miyashita
See All by Gosuke Miyashita
Serverspec(をつくった自分)のそれまでとその後
mizzy
PRO
8
2.4k
A method for separating policy definition and behavior control by an intermediate language to achieve optimal server configuration management according to the situation
mizzy
PRO
3
190
Past and future of Infrastructure as Code
mizzy
PRO
0
63
Configuration Managementツールのポリシー定義用中間言語に関する考察/Considerations about an intermediate language of configuration management tools
mizzy
PRO
0
300
Infrastructure as Codeのこれまでとこれから/Infra Study Meetup #1
mizzy
PRO
29
11k
エンジニアかつ研究者としての今後のキャリアについて/My Career As An Engineer And A Researcher
mizzy
PRO
0
280
Serverspec and OSS at IEICE Society Conference 2018
mizzy
PRO
2
220
House Meetup
mizzy
PRO
7
2.4k
Rust + Ruby/mruby
mizzy
PRO
0
1.2k
Other Decks in Technology
See All in Technology
暗号資産ウォレット入門(MetaMaskの入門~NFTの購入~詐欺の注意事項など)
kayato
2
130
エンタープライズにおけるSRE立ち上げとNew Relic選定に至った背景とは / SRE Startup and New Relic in the Enterprise
tomoyakitaura
2
120
Power BI Premiumでデータ準備!
hanaseleb
1
170
Salesforce女子部-権限についてまとめてみたその1
sfggjp
0
170
srenext2022-skaru
mixi_engineers
0
230
ITエンジニアを取り巻く環境とキャリアパス / A career path for Japanese IT engineers
takatama
0
530
msal.jsのあれこれ
takas0522
0
1.3k
220428event_overview
caddi_eng
1
200
tfcon-2022-cpp
cpp
5
4.3k
組織でPower Virtual Agentsを導入するために知っておきたいこと
miyakemito
0
1.4k
実験!カオスエンジニアリング / How to Chaos Engineering
oracle4engineer
PRO
0
120
Understanding Python attributes
reuven
0
550
Featured
See All Featured
Automating Front-end Workflow
addyosmani
1351
200k
Building Applications with DynamoDB
mza
83
4.6k
Design by the Numbers
sachag
271
17k
A Tale of Four Properties
chriscoyier
149
20k
Thoughts on Productivity
jonyablonski
43
2.2k
4 Signs Your Business is Dying
shpigford
169
20k
Happy Clients
brianwarren
89
5.5k
What's in a price? How to price your products and services
michaelherold
229
9.3k
GraphQLとの向き合い方2022年版
quramy
16
8k
Why You Should Never Use an ORM
jnunemaker
PRO
47
5.5k
YesSQL, Process and Tooling at Scale
rocio
157
12k
Designing on Purpose - Digital PM Summit 2013
jponch
106
5.6k
Transcript
͘͞ΒΠϯλʔωοτגࣜձࣾ (C) Copyright 1996-2019 SAKURA Internet Inc ͘͞ΒΠϯλʔωοτݚڀॴ OCIϥϯλΠϜൺֱͷͨΊʹ ͍ͬͯΔ͜ͱ͋Ε͜Ε
2019/03/22 ٬һݚڀһ ٶԼ ߶ี runc, gVisor, Kata Containers Nabla Containers, Firecrackerൺֱ
1. ͡Ίʹ
3 ɾݱࡏOCIϥϯλΠϜͷൺֱʹऔΓΜͰ͍Δ ɾൺֱ߲ɺىಈ࣌ؒɺϝϞϦαΠζɺύϑΥʔϚϯεͳͲ ɾϥϯλΠϜຖʹบ͕͋Γɺಉ݅͡Ͱൺֱ͢Δͷ͕؆୯Ͱͳ͍ ɾ۩ମతʹͬͨ͜ͱɺͱ͘ʹ·ͬͨ͜ͱڞ༗͍ͨ͠ ɾܭଌ݁Ռͷڞ༗͜ͷൃදͷతͰͳ͍ ɾݱࡏͷܭଌ݁Ռʹ͍ͭͯmatsumotory͞ΜͷεϥΠυࢀর ɾhttps://speakerdeck.com/matsumoto_r/chao-ge-ti-xing- detasentaostoocirantaimu ͓͢͠Δ༰
1. ܭଌ४උͰ·ͬͨ͜ͱ
ίϯςφͰಈ͔͢όΠφϦ࡞
6 ɾൺֱ݅Λἧ͑ΔͷͱɺϥϯλΠϜͦͷͷͷੑ࣭Λଌఆ͍ͨ͠ͷ Ͱɺ୯७ͳϓϩάϥϜΛ༻ҙ ɾhello.c ɾHelloͱදࣔ͢Δ͚ͩͷϓϩάϥϜ ɾىಈ࣌ؒଌఆ༻ ɾloop.c ɾແݶϧʔϓ͢ΔϓϩάϥϜ ɾϝϞϦαΠζଌఆ༻ ίϯςφͰಈ͔͢όΠφϦ
7 hello.c #include <stdio.h> void main() { printf("Hello\n"); }
8 loop.c #include <stdio.h> void main() { int i =
0; while(1) { printf("%d\n", i++); } }
9 ɾNabla ContainersϥΠϒϥϦOSʢϢχΧʔωϧʣܕΞϓϩʔνͷ ϥϯλΠϜ ɾ࣮ߦόΠφϦͱΧʔωϧ͕ҰମԽ ɾͳͷͰNabla Containers༻όΠφϦผʹ༻ҙ͢Δඞཁ͕͋Δ ɾx86_64-rumprun-netbsd-gcc -o hello.out
hello.c ɾrumprun-bake solo5_ukvm_seccomp hello.nabla hello.out ɾ৽͠ͷϦϏδϣϯͩͱsolo5_ukvm_seccompͰͳ͘spt Nabla Containers༻όΠφϦ
10 ɾnabla-containers/solo5ΛίϯύΠϧͯ͠Ͱ͖ͨsolo5.oΛ/usr/lib/ libsolo5_seccomp.aʹίϐʔ ɾnabla-containers/runnc ϦϏδϣϯb78fe29Λར༻ ɾnabla-containers/rumprunϦϏδϣϯ8b01b3Λར༻ ɾߋʹҎԼͷύονΛ͋ͯΔ ɾhttps://github.com/rumpkernel/rumprun/issues/122 ɾhttps://github.com/rumpkernel/rumprun/pull/118 Nabla༻όΠφϦͷϏϧυ
11 ɾrumprun-bakeίϚϯυʹύον ɾ࠷ޙʹ࣮ߦͯ͠ΔίϚϯυʹ-L/usr/libΛՃ ɾhttps://blog.cloudkernels.net/posts/build-a-nabla-docker-image/ ɾ͜ͷखॱʹ͕ͨͬͯ͠࠷৽ͷϦϏδϣϯͰϏϧυͯ͠͏·͘ಈ͔ ͳ͔ͬͨ ɾSolo5: ABORT: spt/net.c:36: Assertion
`netfd >= 0' failed Nabla༻όΠφϦͷϏϧυʢ͖ͭͮʣ
Kata Containersͷόʔδϣϯ
13 ɾhttps://github.com/kata-containers/documentation/blob/master/ install/ubuntu-installation-guide.md ɾܭଌ༻ϗετʹUbuntuΛར༻ͨ͠ͷͰ͜ͷखॱʹैͬͨ ɾhttp://download.opensuse.org/repositories/home:/ katacontainers:/releases:/${ARCH}:/master/xUbuntu_$ (lsb_release -rs)/ ͕aptϦϙδτϦͱͯ͠ઃఆ͞ΕΔ ɾ͕ɺ͜Εͩͱ1.6rc1͕Πϯετʔϧ͞Ε·ͱʹಈ͔ͳ͔ͬͨ
ɾs/master/stable-1.5/ Ͱղܾ Kata ContainersͷΠϯετʔϧ
1. ܭଌ࣌ʹ·ͬͨ͜ͱ
ϥϯλΠϜίϚϯυ࣮ߦͰͷܭଌ
16 ɾ༨ͳϨΠϠʔΛল͍ͯͳΔ͘ૉͷঢ়ଶͰͷܭଌ͕త ɾOCI Filesystem BundleΛ༻ҙ ɾdocker export `docker create mizzy/hello`
| tar -C bundle/rootfs - xvf - Ͱrootfsੜ ɾrunc specͰconfig.jsonੜ ϥϯλΠϜίϚϯυ࣮ߦͰͷܭଌ
17 ɾrunc, gVisor, Kata Containers, Nabla ContainersʹOCI Filesystem BundleΛ࣮ߦ͢ΔίϚϯυ͕͋Δ ɾFirecrackerʹ(·ͩ?)ଘࡏ͠ͳ͍ͬΆ͍
ɾͳͷͰFirecracker࣮ߦํࣜͰܭଌͰ͖ͳ͔ͬͨ ɾkata-fc͑Ͱ͖ͦ͏ʢະணखʣ ɾhttps://github.com/kata-containers/documentation/wiki/Initial- release-of-Kata-Containers-with-Firecracker-support OCI Filesystem Bundle࣮ߦίϚϯυ
18 ɾrunncଞͷίϚϯυͱҧ͍runαϒίϚϯυ͕ͳ͍ ɾcreateͯ͠start͢Δඞཁ͕͋Δ ɾtime runnc startͰܭଌ͠Α͏ͱ͢Δͱίϯςφ࣮ߦऴྃલʹtime ͷ݁Ռ͕ฦΔ → ྑ͍ܭଌํ๏ࡧத ɾconfig.jsonͷhooks.prestartͰωοτϫʔΫ·ΘΓͷઃఆΛߦ͏ඞ
ཁ͕͋Δ ɾhttps://github.com/nabla-containers/runnc/issues/53 ɾconfig.jsonͰࢦఆ͢Δroot.path͕૬ରύεͩͱಈ͔ͳ͍ Nabla Containersׂ͕ͱۂऀ
containerdͷctrίϚϯυͰͷܭଌ
20 ɾϥϯλΠϜίϚϯυ࣮ߦͰͯ͢ͷϥϯλΠϜΛܭଌͰ͖ͳ ͔ͬͨͷͰҧ͏ΞϓϩʔνͰܭଌ ɾ͜͜ͰNabla Containersͷนཱ͕͔ͪͩΔ ɾଞͷϥϯλΠϜShim API v2ʹରԠ͍ͯ͠Δ ɾctr run
—runtime=io.containerd.kata.v2 Έ͍ͨʹ࣮ߦͰ͖Δ ɾrunncShim API v2ʹରԠ͍ͯ͠ͳ͍ containerdͷctrίϚϯυͰͷܭଌ
21 ɾ/etc/containerd/config.toml ɾctr run --runtime io.containerd.runtime.v1.linux Ͱ࣮ߦ ผͷํ๏Ͱ࣮ߦΛࢼΈΔ [plugins] [plugins.linux]
shim = "containerd-shim" runtime = "/usr/local/bin/runnc"
22 ɾctr: OCI runtime create failed: runnc did not terminate
sucessfully: unknown ɾrunnc͕panic: Insufficient uniqueness in IDΛు͍ͯΔ ɾཁ͢Δʹίϯςφ໊͕͍ ɾϩάʹ͜Ε͕ݟ͋ͨΒͳ͍ͷͰΘ͔Γʹ͍͘ ɾERR: could not create tapabcdefg12345: no master interface: Link not found ɾίϯςφ໊Λ͘͢Δͱࠓ͜ͷΤϥʔ ɾ͜ΕҎ্·ͩௐࠪͰ͖͍ͯͳ͍ ࣮ߦ݁Ռ
dockerίϚϯυͰͷܭଌ
24 ɾϥϯλΠϜίϚϯυ࣮ߦͰͷܭଌɺctrίϚϯυͰͷܭଌɺͱ ʹͯ͢ͷϥϯλΠϜΛܭଌ͢Δ͜ͱ͕Ͱ͖ͳ͔ͬͨ ɾͷͰ࣍dockerίϚϯυͰτϥΠ dockerίϚϯυͰͷܭଌ
25 ɾFirecrackerͷಈ͔͠ํ͚ͩΘ͔ΒΜɺͱࢥͬͨΒudzura͞ΜʹΑΔ φΠεࢿྉ͕ ɾhttps://speakerdeck.com/udzura/firecracker-from-low-layer-to- hight?slide=14 ɾKata ContainersͰFirecrackerΛಈ͔͢kata-fcΛར༻ ɾhttps://github.com/kata-containers/documentation/wiki/Initial- release-of-Kata-Containers-with-Firecracker-support ɾDockerͷdevicemapperαϙʔτ͕ඞཁ͕ͩɺݱࡏ࠷৽ͷ18.09͕
devicemapperରԠ͍ͯ͠ͳ͍ͷͰɺ18.06Λར༻͢Δඞཁ͋Γ Docker + Firecraker
26 ɾ࠷ॳҙຯ͕Θ͔Βͳ͔ͬͨ ɾ͑ɺͲͬͪOCIϥϯλΠϜ͡Όͳ͍ͷʁ ɾFiracrackerϚΫϩͳࢹͰݟΔͱOCIϥϯλΠϜͱͯ͠ݟΔ͜ͱ Ͱ͖Δ͕ϛΫϩͳࢹͰݟΔͱVMM ɾKata ContainersVMͰίϯςφΛىಈ͢ΔΞϓϩʔνͷOCIϥ ϯλΠϜ ɾVMMͱͯ͠σϑΥϧτͰQEMUΛར༻͢Δ͕ࠩ͠ସ͑Մೳ ɾͭ·ΓKata
ConͷVMMΛFirecrackerʹࠩ͠ସ͑Δ͜ͱ͕Ͱ͖Δ Kata Containers + Firecracker?
ctrͱdockerͰFirecrackerͷ ىಈ͕࣌ؒఆͱҟͳΔ
28 ɾctr: real 0m6.320s ɾdocker: real 0m4.105s ɾdockerͷํ͕ɺdockerdΛܦ༝͢Δ͘ͳΓͦ͏ͳͷʹͳͥʁ ɾctrnaive snapshotterΛར༻
ɾdockerdevicemapperΛར༻ ɾctrͰdevmapper snapshotterΛར༻͢Εಉ݅͡ͰൺֱͰ͖ͦ͏ ɾ→ ະணख ctrͱdockerͰͷFirecrackerىಈ࣌ؒ
1. ίετ
30 ɾݕূڥΛVagrant+VirtualBoxͰߏங ɾKataͱFirecrackerKVM͕ඞཁ ɾVirtualBoxͰKVMಈ͔ͳ͍ ɾVMWare Fusion + Vagrant VMWare ProviderΛߪೖ
ɾVMWare Fusion: 9,925ԁ ɾVagrant VMWare Provider: $79 per seat ׂͱ͓͕͔͔ۚΔ (on macOS)
31 ɾVagrant + VMWare FusionͰmodprobe vhost_vsock͕Τϥʔʹ ͳͬͯ͠·͏ͷͰAWS EC2্Ͱݕূ ɾKVMΛಈ͔ͨ͢ΊʹϕΞϝλϧΠϯελϯε͕ඞཁ ɾi3.metalͰ4.992USD/࣌ؒ
ɾ1ͰBilling AlertඈΜͰདྷͨ ׂͱ͓͕͔͔ۚΔ (on AWS)
1. ࢀߟࢿྉ
33 ɾhttps://github.com/mizzy/container-playground ɾmeasurements/ ɾVagrant + VMWare FusionͰಈ͔ͯ͠Δͭ ɾcompare_on_i3_metal/ ɾVagrant +
AWS EC2 i3.metalΠϯελϯεͰಈ͔ͯ͠Δͭ ɾཧͰ͖ͯͳ͍͠ɺ௨͠Ͱvagrant provisionͯ͠ͳ͍ͷͰಈ͔ͳ ͍ͱ͜Ζ͋Γͦ͏ ɾࢼͯ͠ΈͯΘ͔Βͳ͍͜ͱ͕͋ΕԿͰฉ͍͍ͯͩ͘͞ ܭଌ༻ϦϙδτϦ
34 ɾࠓͷ͍Ζ͍ΖͳίϯςφϥϯλΠϜΛൺֱͯ͠Έͨ ɾhttps://www.slideshare.net/KoheiTokunaga/ss-123664087 ɾ֤छϥϯλΠϜͷಛൺֱͳͲͱͯࢀߟʹͳΔ ɾNabla ContainersΛಈ͔͢ʹ͋ͨͬͯͱͯࢀߟʹͳͬͨ ɾࢿྉͰܭଌʹkubernetes-sigs/cri-toolsΛར༻͍ͯ͠ΔͷͰ͜Ε ࢼͯ͠Έ͍ͨ ࢀߟࢿྉ
mizzy
kayato
tomoyakitaura
hanaseleb
sfggjp
mixi_engineers
takatama
takas0522
caddi_eng
cpp
miyakemito
oracle4engineer
reuven
addyosmani
mza
sachag
chriscoyier
jonyablonski
shpigford
brianwarren
michaelherold
quramy
jnunemaker
rocio
jponch
![21 ɾ/etc/containerd/config.toml ɾctr run --runtime io.containerd.runtime.v1.linux Ͱ࣮ߦ ผͷํ๏Ͱ࣮ߦΛࢼΈΔ [plugins] [plugins.linux]](https://files.speakerdeck.com/presentations/fb40059e7faa4b0f9610b19abe81df74/slide_20.jpg){kind=link}
