Tweet
Tweet

Slide 1

Slide 1 text

Linux ίϯςφͷجૅ ୈ 11 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձˏେࡕ Ճ౻ହจ 2017-06-17 1

Slide 2

Slide 2 text

ࣗݾ঺հ Ճ౻ହจ • http://www.ten-forward.ws/ • @ten forward • http://gplus.to/tenforward • https://github.com/tenforward • http://d.hatena.ne.jp/defiant/ (ٕज़ϒϩά) 2

Slide 3

Slide 3 text

ࣗݾ঺հ ϑΝʔεταʔόɹج൫։ൃ෦ɹॴଐ 3

Slide 4

Slide 4 text

ࣗݾ঺հ • Plamo Linux ϝϯςφ • LXC ͰֶͿίϯςφೖ໳ɹʔܰྔԾ૝Խ؀ڥΛ࣮ݱ͢Δٕज़ gihyo.jp Ͱ࿈ࡌ 4

Slide 5

Slide 5 text

ࣗݾ঺հ • LXC/LXD ͷ։ൃʹগ͠ࢀՃ • man page ͷ೔ຊޠ༁ • ެࣜϖʔδ (linuxcontainers.org) ຋༁ • όάϑΟοΫεͳͲগ͚ͩ͠ίʔυʹ΋ߩݙ • LXD ೔ຊޠϝοηʔδ 5

Slide 6

Slide 6 text

ࠓ೔ͷ໨ඪ ͜ͷޙͷൃද಺༰͕ཧղͰ͖ΔΑ͏ͳલఏ஌ࣝΛ਎ʹ͚ͭΔ • ίϯςφͷ֓ཁΛཧղ͢Δ • Linux Χʔωϧ͕࣋ͭίϯςφΛߏ੒͢ΔͨΊͷओཁͳػೳ Λ֮͑Δ 6

Slide 7

Slide 7 text

ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • cgroup • ίϯςφͷϑΝΠϧγεςϜ • ·ͱΊ 7

Slide 8

Slide 8 text

ίϯςφ֓ཁ 8

Slide 9

Slide 9 text

ίϯςφͱ͸ ΧʔωϧͷػೳͰ • ִ཭͞ΕۭͨؒͰϓϩηεΛ࣮ߦ͢Δ • ϓϩηεʹରͯ͠Ϧιʔε੍ݶΛઃఆ͢Δ 9

Slide 10

Slide 10 text

ίϯςφͱ͸ • Χʔωϧ͔ΒݟΔͱී௨ʹϓϩηε͕ىಈ͢Δ͚ͩ • ىಈ͢Δࡍʹִ཭Λࢦࣔ͢Δ • ΧʔωϧͷػೳͰ (ෳ਺ͷ) ಠཱۭͨؒ͠Λ࡞Γग़͠ɼϦιʔ εΛ෼ׂɾ෼഑͢Δ • ϓϩηεΛάϧʔϓԽͯ͠ଞͱϦιʔεۭؒΛִ཭ • άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ • Ծ૝Խͱ͍͏ΑΓʮִ཭Խʯͱݴͬͨ΄͏͕Θ͔Γ΍͍͢ ͔΋ • Ծ૝తͳίϯϐϡʔλɾγεςϜΛ࠶ݱ͢ΔԾ૝Ϛγϯʹର ͯ͠ɺԾ૝తͳ OS ؀ڥΛఏڙ͢Δ • ˠ OS ϨϕϧͷԾ૝Խ 10

Slide 11

Slide 11 text

ىಈͤ͞Δϓϩηε͔ΒΈͨίϯςφ • γεςϜίϯςφ • init Λىಈ͢Δɻී௨ʹ OS ͕ىಈ͢Δͷͱಉ༷ • ΞϓϦέʔγϣϯίϯςφ • ୯ҰͷϓϩηεͷΈىಈɻඞཁͳΞϓϦέʔγϣϯͷΈִ཭ ͞Εͨ؀ڥͰ࣮ߦɻ 11

Slide 12

Slide 12 text

ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • cgroup • ίϯςφͷϑΝΠϧγεςϜ • ωοτϫʔΫؔ࿈ػೳ • ίϯςφͰ࢖͑Δ໘ന͍ػೳ • ·ͱΊ 12

Slide 13

Slide 13 text

Linuxʹ͓͚Δίϯςφͷ࢓ ૊Έ 13

Slide 14

Slide 14 text

Linux ʹ͓͚Δίϯςφ͸Χʔωϧʹʰίϯςφʱ ͱ͍͏୯Ұͷػೳ͕࣮૷͞Ε࣮ͯݱ͍ͯ͠ΔΘ͚ Ͱ͸͋Γ·ͤΜ 14

Slide 15

Slide 15 text

Linux ͰίϯςφΛ࣮ݱ͢ΔͨΊͷػೳ Linux Χʔωϧʹؚ·ΕΔ৭ʑͳػೳΛ૊Έ߹Θͤͯίϯςφ؀ ڥΛ࡞੒͢ΔɻͦΕͧΕͷػೳ͸ίϯςφઐ༻ͷػೳͱ͍͏Θ͚ Ͱ͸ͳ͍ɻ • ϓϩηεΛάϧʔϓԽͯ͠ଞͷάϧʔϓͱִ཭ • OS Ϧιʔεͷִ཭ • ˠ Namespace (໊લۭؒ) • άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ • ϗετͷ෺ཧϦιʔεʹର͢Δ੍ݶ • ˠ cgroup (control group) 15

Slide 16

Slide 16 text

Linux ͰίϯςφΛ࣮ݱ͢ΔͨΊͷػೳ • ͦͷଞ • ωοτϫʔΫ (veth, macvlan ͳͲ) • έʔύϏϦςΟ • chroot (pivot root) • bind mount • Checkpoint/Restore (CRIU) • ͳͲͳͲ 16

Slide 17

Slide 17 text

ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • cgroup • ίϯςφͷϑΝΠϧγεςϜ • ωοτϫʔΫؔ࿈ػೳ • ίϯςφͰ࢖͑Δ໘ന͍ػೳ • ·ͱΊ 17

Slide 18

Slide 18 text

Linux ʹ͓͚Δίϯςφͷ࢓૊Έ Namespace 18

Slide 19

Slide 19 text

Namespace(໊લۭؒ) • ִ཭͍ͨ͠ OS Ϧιʔε͝ͱʹ Namespace ͕४උ͞ΕΔ • Ұ෦ͷ Namespace ͚ͩ࢖༻ִͯ͠཭؀ڥΛ࡞Δ͜ͱ͕Ͱ ͖Δ 19

Slide 20

Slide 20 text

Mount Namespace (2.4.19ʙ) • ϓϩηε͔Βݟ͍͑ͯΔϚ΢ϯτͷू߹ɼૢ࡞Λ෼཭͢Δɽ Namespace ಺ͷ mount, umount ͕ଞͷ Namespace ʹӨ ڹΛ༩͑ͳ͍Α͏ʹͰ͖Δ (༩͑ΔΑ͏ʹ΋Ͱ͖Δ) ˠ private/shared/slave • ࢀߟ: • Ϛ΢ϯτ໊લۭؒΛద༻͢Δ (IBM developerWorks) • Mount Namespace and shared subtrees (lwn.net) • Mount namespaces, mount propagation, and unbindable mounts (lwn.net) • Χʔωϧෟଐจॻ (Documentation/filesystems/sharedsubtree.txt) • σϑΥϧτ͸ private ͕ͩɺsystemd ͸/Λ shared ͰϚ΢ϯ τ͢Δ 20

Slide 21

Slide 21 text

UTS Namespace (2.6.19ʙ) • ϗετ໊ͳͲɼuname(2) ͕ฦ͢஋ͷू߹Λ෼཭ɽ setdomainname(2), sethostname(2) Ͱ Namespace ಺ͷ ஋ͷΈมߋͰ͖Δ user$ hostname enterprise --- (͜͜·Ͱϗετͷ Namespace) --- user$ sudo unshare --uts (৽͍͠ Namespace ࡞੒) root# hostname enterprise (ॳظ஋͸ϗετͱಉ͡) root# hostname utsns (ϗετ໊มߋ) root# hostname utsns root# exit logout --- (͔͜͜Βϗετͷ Namespace) --- user$ hostname enterprise 21

Slide 22

Slide 22 text

PID Namespace (2.6.24ʙ) • PID ۭؒͷ෼཭ɽ৽͍͠ PID Namespace Ͱ͸ PID 1 ͔Β ࢝·Δ PID ׂ͕Γ౰ͯΒΕΔɽ਌͔Βࢠͷ PID Namespace ͸ݟ͑Δ (਌ͷۭؒͷ PID Λ࣋ͭ) ͕ɼࢠ͔Β਌͸ݟ͑ͳ͍ 22

Slide 23

Slide 23 text

IPC Namespace (2.6.19ʙ) • SysV IPC ΦϒδΣΫτɼPOSIX ϝοηʔδΩϡʔͷִ཭ # ipcs -q (ϗετͷ Namespace ্ͰϝοηʔδΩϡʔͷ֬ೝ) ------ Message Queues -------- key msqid owner perms used-bytes messages 0x4b79e805 32768 root 644 0 0 # unshare --ipc (৽ͨʹ IPC Namespace ࡞੒) # ipcs -q (৽ͨʹ࡞ͬͨ Namespace ͰΩϡʔΛ֬ೝ͢Δͱଘࡏ͠ͳ͍) ------ Message Queues -------- key msqid owner perms used-bytes messages 23

Slide 24

Slide 24 text

User Namespace (3.8ʙ) • ಠཱͨ͠ UID/GID ۭؒͱ֎෦ۭؒͷϚοϐϯά (ྫ͑͹ɼ ִ཭ۭؒͰ͸ uid/gid 0/0ɼ֎෦Ͱ͸ 1000/1000 ͱ͔Մೳ ʹͳΔ) • User Namespace ͸ҰൠϢʔβͰ࡞੒Ͱ͖ɺNamespace ಺ ͷಛݖϢʔβ͸ଞͷ Namespace Λ࡞੒Ͱ͖Δ (User Namespace Ҏ֎ͷ Namespace ͸ಛݖ͕ඞཁ) 24

Slide 25

Slide 25 text

Network Namespace (2.6.26ʙ) • ωοτϫʔΫϦιʔεͷִ཭ • ωοτϫʔΫσόΠε • ϧʔςΟϯάςʔϒϧ • ιέοτ • ϑΟϧλϦϯά • ΞυϨε 25

Slide 26

Slide 26 text

cgroup Namespace (4.6ʙ) • cgroup ͷִ཭ • /proc/$PID/cgroup ϑΝΠϧ಺ͷ cgroup ύε • namespace ಺ͰϚ΢ϯτͨ͠ cgroupfs πϦʔ • (͜ͷ Namespace Ͱ clone(2) ʹ༩͑Δϑϥά (32bit ੔਺) Λ࢖͍͖Γ·ͨ͠ :-) • Ubuntu 16.04 ͷ 4.4 Χʔωϧʹ͸όοΫϙʔτࡁ 26

Slide 27

Slide 27 text

ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • cgroup • ίϯςφͷϑΝΠϧγεςϜ • ωοτϫʔΫؔ࿈ػೳ • ίϯςφͰ࢖͑Δ໘ന͍ػೳ • ·ͱΊ 27

Slide 28

Slide 28 text

Linux ʹ͓͚Δίϯςφͷ࢓૊Έ cgroup 28

Slide 29

Slide 29 text

cgroup ͱ͸ ϓϩηεΛάϧʔϓԽ͠ɺάϧʔϓʹରͯ͠Ϧιʔε੍ݶΛߦ ͏ɻίϯςφઐ༻ͷ࢓૊ΈͰ͸ͳ͍ɻ 29

Slide 30

Slide 30 text

cgroup ͷαϒγεςϜ • cpu: 2.6.24 • CFS(Completely Fair Scheduler) bandwidth controlɽ୯Ґ ࣌ؒ಺ͷάϧʔϓ಺ͷλεΫ͕࣮ߦͰ͖Δ߹ܭ࣌ؒΛ੍ݶ͢ Δ (3.2 Ͱ࣮૷) • ૬ର഑෼ɽάϧʔϓؒͷ CPU ࣌ؒͷׂ౰ͷׂ߹Λࢦఆ͢Δɽ ྫ͑͹ GroupA=100,GroupB=50 ͱ͢Δͱ A:B=2:1 • cpuacct: 2.6.24 • άϧʔϓ಺ͷ CPU ϦιʔεͷϨϙʔτ (CPU ࣌ؒ) • cpuset: 2.6.24 • ׂΓ౰ͯΔ CPU, ϝϞϦϊʔυͷׂ౰ 30

Slide 31

Slide 31 text

cgroup ͷαϒγεςϜ • device: 2.6.26 • σόΠε΁ͷΞΫηεڐՄɼ੍ݶͷࢦఆ • freezer: 2.6.28 • άϧʔϓ಺ͷϓϩηεΛશͯҰ࣌ఀࢭ͢Δ • memory: 2.6.29 • ϝϞϦϦιʔεͷ੍ݶ (ϢʔβϝϞϦɼΧʔωϧϝϞϦ) • blkio (Block IO): • I/O weight controller(2.6.33 Ҏ߱) άϧʔϓͷ༏ઌ౓Λࢦ ఆ͢Δ • I/O throttling(2.6.37 Ҏ߱) άϧʔϓ಺ͷϓϩηεͷσόΠ εʹର͢Δૢ࡞਺ͷ߹ܭͷࢦఆ • (ࢀߟ)Linux2.6.37 ͷ৽ػೳ “I/O throttling” 31

Slide 32

Slide 32 text

cgroup ͷαϒγεςϜ • hugetlb: 3.6 • cgroup ͔Βͷ hugetlb ͷ࢖༻ • perf event: 2.6.39 • άϧʔϓ୯ҐͰ perf πʔϧͰϞχλϦϯά (ύϑΥʔϚϯε ղੳ) • net cls: 2.6.29 • ύέοτʹࣝผࢠΛ͚ͭɼτϥϑΟοΫίϯτϩʔϧ (tc) ͱ netfilter(3.14 Ҏ߱) ͰίϯτϩʔϧՄೳʹ • Linux 3.14 Ͱ net cls cgroup ʹ௥Ճ͞Εͨ netfilter ରԠ • net prio: 3.3 • άϧʔϓؒͰͷωοτϫʔΫͷ༏ઌ౓ΛΠϯλʔϑΣʔεຖ ʹࢦఆ͢Δ • Linux 3.3 ͷ৽ػೳ Network priority cgroup • Linux 3.3 ͷ৽ػೳ Network priority cgroup (2) 32

Slide 33

Slide 33 text

cgroup ͷαϒγεςϜ • pids: 4.3 • fork() ΍ clone() ͰىಈͰ͖Δϓϩηε਺Λ੍ݶ͢Δ • LXC ͰֶͿίϯςφೖ໳ ୈ 30 ճ Linux Χʔωϧͷίϯς φػೳ [8] ʔ cgroup ͷ pids αϒγεςϜ • rdma: 4.11 • Remote Direct Memory Access 33

Slide 34

Slide 34 text

ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • Cgroup • ίϯςφͷϑΝΠϧγεςϜ • ωοτϫʔΫؔ࿈ػೳ • ίϯςφͰ࢖͑Δ໘ന͍ػೳ • ·ͱΊ 34

Slide 35

Slide 35 text

Linux ʹ͓͚Δίϯςφͷ࢓૊Έ ίϯςφͷϑΝΠϧγεςϜ 35

Slide 36

Slide 36 text

ίϯςφͷϑΝΠϧγεςϜ • ϗετͱಉ͡ϑΝΠϧγεςϜɾσΟϨΫτϦπϦʔΛ࢖͑ Δ৔߹͸ߟྀͷඞཁ͸ͳ͍͕ʜ • ίϯςφ಺ͰͷΈ࢖͑Διϑτ΢ΣΞ΍ϥΠϒϥϦΛೖΕ ͍ͨʜ • ίϯςφઐ༻ͷπϦʔΛ࣋ͬͯಠࣗͷύοέʔδ؅ཧ͕͠ ͍ͨʜ 36

Slide 37

Slide 37 text

chroot chroot = “Change Root”ɻΈ͔͚ͷϧʔτσΟϨΫτϦΛผͷ σΟϨΫτϦʹҠಈͤ͞Δɻ • ͋ΔσΟϨΫτϦҎԼʹಠཱͨ͠σΟϨΫτϦπϦʔΛߏங ͢Δ • ͋Β͔͡Ί४උ͞ΕͨΠϝʔδϑΝΠϧΛऔಘͯ͠ల։ • debootstrap ίϚϯυͳͲͷπʔϧΛ࢖༻ͯ͠࡞੒ • ͦͷσΟϨΫτϦΛ root(/) ʹ͢Δ • ࣮ࡍͷίϯςφ࣮૷Ͱ͸ chroot Ͱ͸ͳ͘ɺpivot root ͕࢖ ΘΕͨΓ͢Δ • pivot root: root ϑΝΠϧγεςϜͷมߋ (man 2 pivot root) 37

Slide 38

Slide 38 text

chroot $ sudo mkdir -p /path/to/test/rootfs $ cd /path/to/test $ sudo wget https://download.openvz.org/template/precreated/debian-7.0-x86_64-minimal.tar.gz $ cd rootfs && tar xvf ../debian-7.0-x86_64-minimal.tar.gz $ sudo chroot $PWD /bin/bash # lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 7.11 (wheezy) Release: 7.11 Codename: wheezy 38

Slide 39

Slide 39 text

bind mount • Ϛ΢ϯτ͞Ε͍ͯΔπϦʔͷҰ෦Λผͷ৔ॴʹϚ΢ϯτ͢Δ ྫ) ΧϨϯτσΟϨΫτϦҎԼʹ/usr,/lib64,/bin Λ bind mount ͠ɺͦͷޙ chroot ͢Δ $ sudo mkdir -p /tmp/test/{usr,lib64,bin} $ cd /tmp/test $ sudo mount --bind /bin ./bin $ sudo mount --bind /usr ./usr $ sudo mount --bind /lib64 ./lib64 $ sudo chroot $PWD /bin/bash # ls -F bin/ lib64/ usr/ 39

Slide 40

Slide 40 text

·ͱΊ 40

Slide 41

Slide 41 text

·ͱΊ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • ίϯςφ͸Χʔωϧʹ࣮૷͞Ε͍ͯΔ৭ʑͳػೳͷ૊Έ߹Θ ͤͰ࣮ݱ͞Ε͍ͯΔ • Namespace • OS Ϧιʔεͷִ཭ • cgroup • ϗετͷ෺ཧϦιʔεͷ੍ݶ • ίϯςφͷϑΝΠϧγεςϜ • chroot/pivot root • bind mount • ωοτϫʔΫؔ࿈ػೳ • veth • macvlan • ίϯςφͰ࢖͑Δ໘ന͍ػೳ 41

Slide 42

Slide 42 text

͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ 42