Tweet
Tweet

Slide 1

Slide 1 text

Linux ίϯςφͷجૅ KOF 2016 Ճ౻ହจ 2016-11-11 1

Slide 2

Slide 2 text

ࣗݾ঺հ Ճ౻ହจ • http://www.ten-forward.ws/ • @ten forward • http://gplus.to/tenforward • https://github.com/tenforward • http://d.hatena.ne.jp/defiant/ (ٕज़ϒϩά) 2

Slide 3

Slide 3 text

ࣗݾ঺հ ϑΝʔεταʔόɹج൫։ൃ෦ɹॴଐ 3

Slide 4

Slide 4 text

ࣗݾ঺հ • Plamo Linux ϝϯςφ • LXC ͰֶͿίϯςφೖ໳ɹʔܰྔԾ૝Խ؀ڥΛ࣮ݱ͢Δٕज़ gihyo.jp Ͱ࿈ࡌ 4

Slide 5

Slide 5 text

ࣗݾ঺հ • LXC/LXD ͷ։ൃʹগ͠ࢀՃ • man page ͷ೔ຊޠ༁ • ެࣜϖʔδ (linuxcontainers.org) ຋༁ • όάϑΟοΫεͳͲগ͚ͩ͠ίʔυʹ΋ߩݙ • LXD ೔ຊޠϝοηʔδ 5

Slide 6

Slide 6 text

࣭໰ 6

Slide 7

Slide 7 text

ίϯςφʹ͍ͭͯ • શ͘஌Βͳ͍ • ໊લ͸ฉ͍ͨ͜ͱ͕͋Δ • ࢖ͬͨ͜ͱ͕͋Δ • ਂ͘஌͍ͬͯΔ 7

Slide 8

Slide 8 text

ࠓ೔ͷ໨ඪ • ίϯςφͷ֓ཁΛཧղ͢Δ • Linux Χʔωϧ͕࣋ͭίϯςφΛߏ੒͢ΔͨΊͷओཁͳػೳ Λ֮͑Δ • σϞͰίϯςφͷಈ͖Λମݧ͢Δ 8

Slide 9

Slide 9 text

ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • cgroup • σϞ • ·ͱΊ 9

Slide 10

Slide 10 text

ίϯςφ֓ཁ 10

Slide 11

Slide 11 text

ίϯςφͱ͸ ΧʔωϧͷػೳͰ • ִ཭͞ΕۭͨؒͰϓϩηεΛ࣮ߦ͢Δ • ϓϩηεʹରͯ͠Ϧιʔε੍ݶΛઃఆ͢Δ 11

Slide 12

Slide 12 text

ίϯςφͱ͸ • Χʔωϧ͔ΒݟΔͱී௨ʹϓϩηε͕ىಈ͢Δ͚ͩ • ىಈ͢Δࡍʹִ཭Λࢦࣔ͢Δ • ΧʔωϧͷػೳͰ (ෳ਺ͷ) ಠཱۭͨؒ͠Λ࡞Γग़͠ɼϦιʔ εΛ෼ׂɾ෼഑͢Δ • ϓϩηεΛάϧʔϓԽͯ͠ଞͱϦιʔεۭؒΛִ཭ • άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ • Ծ૝Խͱ͍͏ΑΓʮִ཭Խʯͱݴͬͨ΄͏͕Θ͔Γ΍͍͢ ͔΋ • Ծ૝తͳίϯϐϡʔλɾγεςϜΛ࠶ݱ͢ΔԾ૝Ϛγϯʹର ͯ͠ɺԾ૝తͳ OS ؀ڥΛఏڙ͢Δ • ˠ OS ϨϕϧͷԾ૝Խ 12

Slide 13

Slide 13 text

ίϯςφͷϝϦοτ • ߴີ౓Խ͕Մೳ • ىಈ͍ͯ͠Δ OS (Χʔωϧ) ͸Ұͭ • Φʔόʔϔου͕খ͍͞ • ϋʔυ΢ΣΞͷԾ૝Խ͕ෆཁ • ىಈ͕ૣ͍ • Ծ૝ϚγϯͷىಈͰ͸ͳ͘ɼϗετ OS ͔ΒݟͨΒ୯ʹϓϩ ηε͕ىಈ͍ͯ͠Δ͚ͩͳͷͰɼී௨ͷϓϩάϥϜ͕ىಈ͢ Δͷͱ΄ͱΜͲมΘΒͳ͍ • ඞͣ͠΋γεςϜΛಈ͔͢ඞཁ͸ͳ͍ (ΞϓϦέʔγϣϯί ϯςφ) • ྫ͑͹ίϯςφ಺Ͱ͸ httpd ͷΈ͕ಈ͍͍ͯΔ • ίϯςφʹϝϞϦΛݻఆతʹׂΓ౰ͯΔඞཁ͕ͳ͍ 13

Slide 14

Slide 14 text

ίϯςφͷσϝϦοτ • ҟͳΔ OS ͷγεςϜ / ϓϩάϥϜ͸ಈ͔ͤͳ͍ • ୯ʹϗετ OS ্Ͱϓϩηε͕ىಈ͢Δ͚ͩͳͷͰ౰ͨΓલ • ΧʔωϧʹؔΘΔૢ࡞͸Ͱ͖ͳ͍ • ىಈ͍ͯ͠ΔΧʔωϧ͸มΘΒͳ͍ͷͰ • ίϯςφຖʹϩʔυ͢ΔϞδϡʔϧΛม͑ΔͳͲ • Χʔωϧͷ࣮૷͸ෳࡶʹͳΔ • શͯΧʔωϧͷػೳͱ࣮ͯ͠૷͞Ε͍ͯΔͷͰ 14

Slide 15

Slide 15 text

ىಈͤ͞Δϓϩηε͔ΒΈͨίϯςφ • γεςϜίϯςφ • init Λىಈ͢Δɻී௨ʹ OS ͕ىಈ͢Δͷͱಉ༷ • ΞϓϦέʔγϣϯίϯςφ • ୯ҰͷϓϩηεͷΈىಈɻඞཁͳΞϓϦέʔγϣϯͷΈִ཭ ͞Εͨ؀ڥͰ࣮ߦɻ 15

Slide 16

Slide 16 text

ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • cgroup • σϞ • ·ͱΊ 16

Slide 17

Slide 17 text

Linuxʹ͓͚Δίϯςφͷ࢓ ૊Έ 17

Slide 18

Slide 18 text

Linux ʹ͓͚Δίϯςφ͸Χʔωϧʹʰίϯςφʱ ͱ͍͏୯Ұͷػೳ͕࣮૷͞Ε࣮ͯݱ͍ͯ͠ΔΘ͚ Ͱ͸͋Γ·ͤΜ 18

Slide 19

Slide 19 text

Linux ͰίϯςφΛ࣮ݱ͢ΔͨΊͷػೳ Linux Χʔωϧʹؚ·ΕΔ৭ʑͳػೳΛ૊Έ߹Θͤͯίϯςφ؀ ڥΛ࡞੒͢ΔɻͦΕͧΕͷػೳ͸ίϯςφઐ༻ͷػೳͱ͍͏Θ͚ Ͱ͸ͳ͍ɻ • ϓϩηεΛάϧʔϓԽͯ͠ଞͷάϧʔϓͱִ཭ • OS Ϧιʔεͷִ཭ • ˠ Namespace (໊લۭؒ) • άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ • ϗετͷ෺ཧϦιʔεʹର͢Δ੍ݶ • ˠ cgroup (control group) 19

Slide 20

Slide 20 text

Linux ͰίϯςφΛ࣮ݱ͢ΔͨΊͷػೳ • ͦͷଞ • ωοτϫʔΫ (veth, macvlan ͳͲ) • έʔύϏϦςΟ • chroot (pivot root) • bind mount • Checkpoint/Restore (CRIU) • ͳͲͳͲ 20

Slide 21

Slide 21 text

Linux ͷίϯςφ࣮૷ྫ • Docker ΞϓϦέʔγϣϯίϯςφͷ࣮ߦʹಛԽɻίϯςφؔ࿈ͷॲཧ͸ runC ϓ ϩδΣΫτ಺ͷ libcontainer Λ࢖༻ɻ͍·΍ʮDockerʯͱ͍͏ݴ༿͕ࢦ ͢΋ͷ͸ίϯςφͰ͸͋Γ·ͤΜɻΞϓϦέʔγϣϯΛ؆୯ʹ։ൃͨ͠Γ ߏஙͨ͠Γ͢ΔͨΊͷϓϥοτϑΥʔϜɺΠϯϑϥɻ • runC (libcontainer) Docker ʹΑΔ Open Container Project ४ڌͷ࣮૷ • LXC/LXD Ubuntu Λத৺ʹ։ൃɻओʹγεςϜίϯςφΛ࣮ߦ͢Δ͜ͱΛલఏʹ࡞ ΒΕ͍ͯΔ͕ɺΞϓϦέʔγϣϯίϯςφͷ࣮ߦ΋Մೳɻඇಛݖίϯςφ ͕࣮ߦͰ͖Δɻ 21

Slide 22

Slide 22 text

Linux ͷίϯςφ࣮૷ྫ • OpenVZ Linux ͷίϯςφ࣮૷ͱͯ͠͸ݹ͔͘Β͋Δ࣮૷ͷͻͱͭɻ2000 ೥͝Ζ ͔ΒɻΧʔωϧʹύονΛద༻͢ΔɻΧʔωϧʹ࣮૷͞Ε͍ͯΔίϯςφ ؔ࿈ػೳ͸ OpenVZ ༝དྷͷػೳ͕ଟ਺͋ΔɻOpenVZ Λϕʔεʹͨ͠঎ ༻൛ Virtuozzo ͕ଘࡏ͢Δɻ • rkt CoreOS ͕ࣾ։ൃ͢ΔΞϓϦέʔγϣϯίϯςφͷϥϯλΠϜɻ • systemd ͝ଘ஌ Linux ޲͚ͷ࠷ۙओྲྀͱͳͬͨ init ࣮૷ͷͻͱͭɻίϯςφΛѻ͏ ίϚϯυ΍࢓૊Έ΋಺แ͍ͯ͠Δ 22

Slide 23

Slide 23 text

Linux ͷίϯςφ࣮૷ྫ • MINCS γΣϧεΫϦϓτͰॻ͔Εͨίϯςφ࣮૷ • bocker “Docker implemented in around 100 lines of bash” • haconiwa ίϯςφ࣮૷ɾ࡞੒ͷͨΊͷ (m)Ruby DSL • aqr perl Ͱॻ͔Εͨίϯςφ࣮૷ • Awesome Container ͦͷଞ৭ʑ·ͱ·ͬͯ·͢ 23

Slide 24

Slide 24 text

ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • cgroup • σϞ • ·ͱΊ 24

Slide 25

Slide 25 text

Linux ʹ͓͚Δίϯςφͷ࢓૊Έ Namespace 25

Slide 26

Slide 26 text

Namespace(໊લۭؒ) • ִ཭͍ͨ͠ OS Ϧιʔε͝ͱʹ Namespace ͕४උ͞ΕΔ • Ұ෦ͷ Namespace ͚ͩ࢖༻ִͯ͠཭؀ڥΛ࡞Δ͜ͱ͕Ͱ ͖Δ 26

Slide 27

Slide 27 text

Mount Namespace (2.4.19ʙ) • ϓϩηε͔Βݟ͍͑ͯΔϚ΢ϯτͷू߹ɼૢ࡞Λ෼཭͢Δɽ Namespace ಺ͷ mount, umount ͕ଞͷ Namespace ʹӨ ڹΛ༩͑ͳ͍Α͏ʹͰ͖Δ (༩͑ΔΑ͏ʹ΋Ͱ͖Δ) ˠ private/shared/slave • ࢀߟ: • Ϛ΢ϯτ໊લۭؒΛద༻͢Δ (IBM developerWorks) • Mount Namespace and shared subtrees (lwn.net) • Mount namespaces, mount propagation, and unbindable mounts (lwn.net) • Χʔωϧෟଐจॻ (Documentation/filesystems/sharedsubtree.txt) • σϑΥϧτ͸ private ͕ͩɺsystemd ͸/Λ shared ͰϚ΢ϯ τ͢Δ 27

Slide 28

Slide 28 text

UTS Namespace (2.6.19ʙ) • ϗετ໊ͳͲɼuname(2) ͕ฦ͢஋ͷू߹Λ෼཭ɽ setdomainname(2), sethostname(2) Ͱ Namespace ಺ͷ ஋ͷΈมߋͰ͖Δ user$ hostname enterprise --- (͜͜·Ͱϗετͷ Namespace) --- user$ sudo unshare --uts (৽͍͠ Namespace ࡞੒) root# hostname enterprise (ॳظ஋͸ϗετͱಉ͡) root# hostname utsns (ϗετ໊มߋ) root# hostname utsns root# exit logout --- (͔͜͜Βϗετͷ Namespace) --- user$ hostname enterprise 28

Slide 29

Slide 29 text

PID Namespace (2.6.24ʙ) • PID ۭؒͷ෼཭ɽ৽͍͠ PID Namespace Ͱ͸ PID 1 ͔Β ࢝·Δ PID ׂ͕Γ౰ͯΒΕΔɽ਌͔Βࢠͷ PID Namespace ͸ݟ͑Δ (਌ͷۭؒͷ PID Λ࣋ͭ) ͕ɼࢠ͔Β਌͸ݟ͑ͳ͍ 29

Slide 30

Slide 30 text

IPC Namespace (2.6.19ʙ) • SysV IPC ΦϒδΣΫτɼPOSIX ϝοηʔδΩϡʔͷִ཭ # ipcs -q (ϗετͷ Namespace ্ͰϝοηʔδΩϡʔͷ֬ೝ) ------ Message Queues -------- key msqid owner perms used-bytes messages 0x4b79e805 32768 root 644 0 0 # unshare --ipc (৽ͨʹ IPC Namespace ࡞੒) # ipcs -q (৽ͨʹ࡞ͬͨ Namespace ͰΩϡʔΛ֬ೝ͢Δͱଘࡏ͠ͳ͍) ------ Message Queues -------- key msqid owner perms used-bytes messages 30

Slide 31

Slide 31 text

User Namespace (3.8ʙ) • ಠཱͨ͠ UID/GID ۭؒͱ֎෦ۭؒͷϚοϐϯά (ྫ͑͹ɼ ִ཭ۭؒͰ͸ uid/gid 0/0ɼ֎෦Ͱ͸ 1000/1000 ͱ͔Մೳ ʹͳΔ) • User Namespace ͸ҰൠϢʔβͰ࡞੒Ͱ͖ɺNamespace ಺ ͷಛݖϢʔβ͸ଞͷ Namespace Λ࡞੒Ͱ͖Δ (User Namespace Ҏ֎ͷ Namespace ͸ಛݖ͕ඞཁ) 31

Slide 32

Slide 32 text

Network Namespace (2.6.26ʙ) • ωοτϫʔΫϦιʔεͷִ཭ • ωοτϫʔΫσόΠε • ϧʔςΟϯάςʔϒϧ • ιέοτ • ϑΟϧλϦϯά • ΞυϨε 32

Slide 33

Slide 33 text

cgroup Namespace (4.6ʙ) • cgroup ͷִ཭ • /proc/$PID/cgroup ϑΝΠϧ಺ͷ cgroup ύε • namespace ಺ͰϚ΢ϯτͨ͠ cgroupfs πϦʔ • (͜ͷ Namespace Ͱ clone(2) ʹ༩͑Δϑϥά (32bit ੔਺) Λ࢖͍͖Γ·ͨ͠ :-) • Ubuntu 16.04 ͷ 4.4 Χʔωϧʹ͸όοΫϙʔτࡁ 33

Slide 34

Slide 34 text

Namespace ৄࡉ Namespace ͷΧʔωϧ಺෦ͷ࣮૷ʹ͍ͭͯ͸ʮୈ 8 ճ ίϯςφ ܕԾ૝Խͷ৘ใަ׵ձˏ౦ژʯͰͷ Masami Ichikawa ͞Μͷ Linux Namespaces ͕ৄ͍͠Ͱ͢ (ಈը) 34

Slide 35

Slide 35 text

Namespace ͷૢ࡞ (γεςϜίʔϧ) • clone(2) Ͱ৽͍͠ϓϩηε Λੜ੒ • unshare(2) Ͱ৽͍͠ϓϩηεΛੜ੒ͤͣʹ࣮ߦίϯςΩε τΛ੍ޚ͢Δ • setns(2) ͰϓϩηεΛطଘ ͷ Namespace ʹؔ࿈෇͚Δ 35

Slide 36

Slide 36 text

ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • cgroup • σϞ • ·ͱΊ 36

Slide 37

Slide 37 text

Linux ʹ͓͚Δίϯςφͷ࢓૊Έ cgroup 37

Slide 38

Slide 38 text

cgroup ͱ͸ ϓϩηεΛάϧʔϓԽ͠ɺάϧʔϓʹରͯ͠Ϧιʔε੍ݶΛߦ ͏ɻίϯςφઐ༻ͷ࢓૊ΈͰ͸ͳ͍ɻ • cgroup ͷಛ௃ • ػೳ͝ͱʹαϒγεςϜʹ෼͔ΕΔ • cgroupfs ΛϚ΢ϯτͯ͠σΟϨΫτϦͰάϧʔϓΛද͢ • ϓϩηεΛάϧʔϓ಺ͷ tasks ϑΝΠϧʹ௥Ճ͢Δͱؔ࿈͢ ΔλεΫ͕εϨου୯ҐͰάϧʔϓʹ௥Ճ͞ΕΔ • ෳ਺֊૚ߏ଄ɻվ଄ߏ଄͝ͱʹҟͳΔπϦʔΛ࡞੒Ͱ͖Δɻ ͨͩ͠ɺҰͭͷαϒγεςϜ͕ॴଐͰ͖ΔπϦʔ͸Ұͭ • πϦʔͷͲͷϨϕϧͷάϧʔϓʹ΋λεΫ͕ॴଐͰ͖Δ 38

Slide 39

Slide 39 text

cgroup ͷ֊૚ߏ଄ 39

Slide 40

Slide 40 text

cgroup ͷαϒγεςϜ • cpu: 2.6.24 • CFS(Completely Fair Scheduler) bandwidth controlɽ୯Ґ ࣌ؒ಺ͷάϧʔϓ಺ͷλεΫ͕࣮ߦͰ͖Δ߹ܭ࣌ؒΛ੍ݶ͢ Δ (3.2 Ͱ࣮૷) • ૬ର഑෼ɽάϧʔϓؒͷ CPU ࣌ؒͷׂ౰ͷׂ߹Λࢦఆ͢Δɽ ྫ͑͹ GroupA=100,GroupB=50 ͱ͢Δͱ A:B=2:1 • cpuacct: 2.6.24 • άϧʔϓ಺ͷ CPU ϦιʔεͷϨϙʔτ (CPU ࣌ؒ) • cpuset: 2.6.24 • ׂΓ౰ͯΔ CPU, ϝϞϦϊʔυͷׂ౰ 40

Slide 41

Slide 41 text

cgroup ͷαϒγεςϜ • device: 2.6.26 • σόΠε΁ͷΞΫηεڐՄɼ੍ݶͷࢦఆ • freezer: 2.6.28 • άϧʔϓ಺ͷϓϩηεΛશͯҰ࣌ఀࢭ͢Δ • memory: 2.6.29 • ϝϞϦϦιʔεͷ੍ݶ (ϢʔβϝϞϦɼΧʔωϧϝϞϦ) • blkio (Block IO): • I/O weight controller(2.6.33 Ҏ߱) άϧʔϓͷ༏ઌ౓Λࢦ ఆ͢Δ • I/O throttling(2.6.37 Ҏ߱) άϧʔϓ಺ͷϓϩηεͷσόΠ εʹର͢Δૢ࡞਺ͷ߹ܭͷࢦఆ • (ࢀߟ)Linux2.6.37 ͷ৽ػೳ “I/O throttling” 41

Slide 42

Slide 42 text

cgroup ͷαϒγεςϜ • hugetlb: 3.6 • cgroup ͔Βͷ hugetlb ͷ࢖༻ • perf event: 2.6.39 • άϧʔϓ୯ҐͰ perf πʔϧͰϞχλϦϯά (ύϑΥʔϚϯε ղੳ) • net cls: 2.6.29 • ύέοτʹࣝผࢠΛ͚ͭɼτϥϑΟοΫίϯτϩʔϧ (tc) ͱ netfilter(3.14 Ҏ߱) ͰίϯτϩʔϧՄೳʹ • Linux 3.14 Ͱ net cls cgroup ʹ௥Ճ͞Εͨ netfilter ରԠ • net prio: 3.3 • άϧʔϓؒͰͷωοτϫʔΫͷ༏ઌ౓ΛΠϯλʔϑΣʔεຖ ʹࢦఆ͢Δ • Linux 3.3 ͷ৽ػೳ Network priority cgroup • Linux 3.3 ͷ৽ػೳ Network priority cgroup (2) 42

Slide 43

Slide 43 text

cgroup ͷαϒγεςϜ • pids: 4.3 • fork() ΍ clone() ͰىಈͰ͖Δϓϩηε਺Λ੍ݶ͢Δ • LXC ͰֶͿίϯςφೖ໳ ୈ 30 ճ Linux Χʔωϧͷίϯς φػೳ [8] ʔ cgroup ͷ pids αϒγεςϜ 43

Slide 44

Slide 44 text

cgroup ͷ࢖͍ํ cgroup ͸ίϯςφͱؔ܎ͳ͘࢖༻Մೳ # mount -t tmpfs cgroup_root /sys/fs/cgroup # mkdir /sys/fs/cgroup/memory # mount -t cgroup -o memory cgroup /sys/fs/cgroup/memory (ϝϞϦαϒ γεςϜͷϚ΢ϯτ) # mkdir /sys/fs/cgroup/memory/test01 ("test01" ͱ͍͏άϧʔϓͷ࡞੒) # echo $$ > /sys/fs/cgroup/memory/test01/tasks (ϓϩηεΛάϧʔϓʹొ ࿥) # cat /sys/fs/cgroup/memory/test01/tasks (άϧʔϓ಺ͷϓϩηεͷ֬ೝ) 2824 2837 # echo 30M > /sys/fs/cgroup/memory/test01/memory.limit_in_bytes (άϧʔϓʹରͯ͠ϝϞϦ্ݶ 30M ͱ͍͏੍ݶΛઃఆ) # cat /sys/fs/cgroup/memory/test01/memory.limit_in_bytes (੍ݶ஋ͷ֬ ೝ) 31457280 # cat /sys/fs/cgroup/memory/test01/memory.usage_in_bytes (ݱࡏͷ࢖༻ ྔͷ֬ೝ) 565248 44

Slide 45

Slide 45 text

cgroup v2 • 4.5 ΧʔωϧͰ stable ʹͳͬͨ (ͦΕ·Ͱ΋։ൃ༻Ͱ࣮૷͸ ͞Ε͍ͯͨ) • cgroup v1 ͸໰୊͕͋Δ • ෳࡶ͗͢ • ੍ݶ͕͋ΔͷͰෳࡶͳ͜ͱ͕Ͱ͖ͯ΋࣮ࡍ͸࢖͑ͳ͍ɾ࢖Θ ͳ͍ • αϒγεςϜಉ࢜ͷ࿈ܞ͕औΕͳ͍ • ·ͩҰ෦ͷαϒγεςϜͷΈ (memory,io,pids) • Ұ෦͸ v2 Λ࢖ͬͯɺଞ͸ v1 Λ࢖͏͜ͱ΋Ͱ͖Δ • Χʔωϧෟଐจॻ (Documentation/cgroup-v2.txt) 45

Slide 46

Slide 46 text

ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • cgroup • σϞ • ·ͱΊ 46

Slide 47

Slide 47 text

σϞʜͷલʹ 47

Slide 48

Slide 48 text

CRIU(1) • http://criu.org/ • OpenVZ ϓϩδΣΫτͷ Checkpoint/Restore ࣮૷ • ΞϓϦέʔγϣϯͷ͋Δ࣌఺ͷঢ়ଶΛอଘ͠ɺ࠶։Ͱ͖Δ • Χʔωϧ 3.11 Ҏ߱Ͱ࢖༻Մೳ 48

Slide 49

Slide 49 text

σϞ 49

Slide 50

Slide 50 text

σϞ • Namespace σϞ (unshare ίϚϯυ) • User Namespace • Network Namespace • PID Namespace • UTS Namespace • γεςϜίϯςφ • LXD • ΞϓϦέʔγϣϯίϯςφ • Docker 50

Slide 51

Slide 51 text

σϞ ʙ unshare ίϚϯυʹΑΔ Namespace ମݧ • unshare ίϚϯυɿutil-linux ʹؚ·ΕΔίϚϯυ • ؆қతʹίϯςφ؀ڥΛ࡞੒Ͱ͖Δ σϞ 1 # unshare --mount --pid --net --uts --fork --mount-proc -- /bin/bash σϞ 2 # unshare --mount --pid --net --uts --fork --mount-proc --mount-proc \ --map-root-user -- /bin/bash 51

Slide 52

Slide 52 text

σϞ ʙ LXD ʹΑΔγεςϜίϯςφମݧ • ίϯςφ࡞੒ • ίϯςφૢ࡞ • ίϯςφͷϥΠϒϚΠάϨʔγϣϯ 52

Slide 53

Slide 53 text

σϞ ʙ Docker ʹΑΔΞϓϦέʔγϣϯίϯςφମݧ • ίϯςφ࡞੒ • ίϯςφૢ࡞ 53

Slide 54

Slide 54 text

ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • cgroup • σϞ • ·ͱΊ 54

Slide 55

Slide 55 text

·ͱΊ 55

Slide 56

Slide 56 text

·ͱΊ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • ίϯςφ͸Χʔωϧʹ࣮૷͞Ε͍ͯΔ৭ʑͳػೳͷ૊Έ߹Θ ͤͰ࣮ݱ͞Ε͍ͯΔ • Namespace • OS Ϧιʔεͷִ཭ • cgroup • ϗετͷ෺ཧϦιʔεͷ੍ݶ • σϞ 56

Slide 57

Slide 57 text

lxc-jp LXC ʹݶΒͣίϯςφͷ࿩୊Λѻ͍ͬͯ·͢ɻ • https://groups.google.com/d/forum/lxc-jp 57

Slide 58

Slide 58 text

ίϯςφܕԾ૝Խͷ৘ใަ׵ձ • https://sites.google.com/site/containerstudy/ • http://ct-study.connpass.com/ • ίϯςφٕज़ʹؔ࿈͢Δ࿩୊Λѻ͏ • ίϯςφʹؔ࿈͢ΔΧʔωϧͷ࣮૷ʹ͍ͭͯ • ֤छπʔϧΩοτͷ঺հɼ࣮૷ʹ͍ͭͯ • ίϯςφٕज़Λ࢖ͬͨπʔϧ΍ιϑτ΢ΣΞͷ঺հ΍࣮૷ʹ ͍ͭͯ • ίϯςφٕज़ͷ׆༻ɾӡ༻ࣄྫ • ͦͷଞʮίϯςφʯͱ͍͏Ωʔϫʔυ͕গ͠Ͱ΋ೖ͍ͬͯΔ ٕज़ʹ͍ͭͯ • ͜Ε·Ͱେࡕͱ౦ژͰަޓʹ 8 ճ࣮ࢪɻ࣍ճ͸෱Ԭͷ༧ఆɻ 58

Slide 59

Slide 59 text

ڠྗऀืू • ҎԼͷ຋༁Λߦ͍ͬͯ·͢ɻ͕࣌ؒ͋Δͱ͖͚ͩͰ΋ྑ͍ͷ ͰϨϏϡʔɺमਖ਼ɺվྑΛͯͩ͘͠͞Δํ׻ܴ͠·͢ɻ • LXC ϚχϡΞϧ (man pages) • linuxcontainers.org ίϯςϯπ • LXD ೔ຊޠϝοηʔδ 59

Slide 60

Slide 60 text

͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ 60