ZigͰίϯςφϥϯλΠϜ ࡞ͬͯΈͨ 2022/09/24 @ ୈ55ճ৘ใՊֶएखͷձ LINEגࣜձࣾɹҪ্ ߛଠ࿕ (@musaprg)

Ҫ্ ߛଠ࿕ (@musaprg) • ॴଐ 
 LINEגࣜձࣾ ITαʔϏεηϯλʔ 
 VerdaϓϥοτϑΥʔϜ։ൃKνʔϜ • Α͘࢖͏ݴޠ 
 Go, Python • ࠷ۙͷΠνΦγ࡞඼ 
 ʮCyberpunk: Edgerunnersʯ 
 ʮϦίϦεɾϦίΠϧʯ

Verda • LINEגࣜձࣾͰ಺੡ɾӡ༻͍ͯ͠ΔϓϥΠϕʔτΫϥ΢υ • ΤεϖϥϯτޠͰʮ྘ʯ • ͞·͟·ͳαʔϏεΛఏڙ͍ͯ͠Δ • Server (VM/PM), • Load Balancer • MySQL • VOS (Object Storage) • Managed Kubernetes (VKS: Verda Kubernetes Service) • etc.

Verdaͷن໛ • 2022೥09݄ݱࡏͷ౷ܭ஋ 7,4 
 ϊʔυ਺ 
 Ҏ্ 7,4 
 Ϋϥελ਺ 
 Ҏ্ 7FSEB 
 Ծ૝αʔό୆਺ 
 Ҏ্

Ҏ߱ͷൃද಺༰͸ 
 ॴଐاۀͷۀ຿ͱ͸ؔ܎͋Γ·ͤΜ

ຊ೔ͷ͓͠ͳ͕͖ 
 
 1. ·͓͖͑ 2. ଎शίϯςφϥϯλΠϜ 3. runzigcͷ঺հ 4. ZigͷΑ͔ͬͨ఺ɾࠔͬͨ఺ 5. ·ͱΊ

ຊ೔ͷ͓͠ͳ͕͖ 
 
 1. ·͓͖͑ 2. ଎शίϯςφϥϯλΠϜ 3. runzigcͷ঺հ 4. ZigͷΑ͔ͬͨ఺ɾࠔͬͨ఺ 5. ·ͱΊ

ຊηογϣϯͷΰʔϧ • ίϯςφϥϯλΠϜͷ࢓૊ΈΛͬ͘͟Γ஌Δ • ZigͷഽײΛ஌ΔʢGopherࢹ఺ʣ • ͋ΘΑ͘͹ίϯςφϥϯλΠϜΛࣗ࡞ͯ͠ΈΑ͏ͱ͍͏ؾʹͳΔ

͜Μͳਓʹͱͬͯ͸໘ന͍͔΋ • ίϯςφϥϯλΠϜͷ࣮૷ʹڵຯ͕͋Δ • Zigͱ͍͏ϓϩάϥϛϯάݴޠʹڵຯ͕͋Δ

͜Μͳਓʹ͸෺଍Γͳ͍͔΋… • ʢDocker౳Λ༻͍ͯʣͦ΋ͦ΋ίϯςφΛར༻ͨ͜͠ͱ͕ͳ͍ • ίϯςφϥϯλΠϜΛ࡞ͬͨ͜ͱ͕͋Δ or ཁૉٕज़Λཧղ͍ͯ͠Δ • ओཁͳίϯςφϥϯλΠϜ࣮૷ʢrunc౳ʣΛಡΜͩ͜ͱ͕͋Δ • ZigͰͦΕͳΓͷن໛ʹϓϩάϥϜΛॻ͍ͨ͜ͱ͕͋Δ

ຊ೔ͷ͓͠ͳ͕͖ 
 
 1. ·͓͖͑ 2. ଎शίϯςφϥϯλΠϜ 3. runzigcͷ঺հ 4. ZigͷΑ͔ͬͨ఺ɾࠔͬͨ఺ 5. ·ͱΊ

• ιϑτ΢ΣΞͱ࣮ߦ؀ڥΛͻͱ·ͱΊʹ 
 → ίϯςφΠϝʔδ • ΠϝʔδΛల։ɾ࣮ߦ͢ΔͨΊͷԾ૝తͳִ཭؀ڥ 
 → ίϯςφ • ίϯςφΛ࡞੒ɾ؅ཧ͢ΔͨΊͷπʔϧ܈ 
 → Docker Dockerίϯςφ͓͞Β͍ ίϯςφΠϝʔδ ιϑτ΢ΣΞ ࣮ߦ؀ڥ -JOVYΧʔωϧ ίϯςφ ίϯςφ ίϯςφ

• ΠϝʔδͷϏϧυ 
 docker build -t musaprg/hello . Dockerίϯςφ͓͞Β͍ ίϯςφΠϝʔδ ιϑτ΢ΣΞ ࣮ߦ؀ڥ -JOVYΧʔωϧ ίϯςφ ίϯςφ ίϯςφ

• ΠϝʔδͷϏϧυ 
 docker build -t musaprg/hello . • ίϯςφͷىಈ 
 docker run musaprg/hello Dockerίϯςφ͓͞Β͍ ίϯςφΠϝʔδ ιϑτ΢ΣΞ ࣮ߦ؀ڥ -JOVYΧʔωϧ ίϯςφ ίϯςφ ίϯςφ )FMMP

ίϯςφΛىಈ͢Δͱى͖Δ͜ͱ • ߴϨϕϧϥϯλΠϜ • Πϝʔδͷ؅ཧ • ωοτϫʔΫͷઃఆ ͳͲ • ௿ϨϕϧϥϯλΠϜ • ࣮ߦ؀ڥͷִ཭ • ίϯςφͷ؅ཧʢىಈ΍ఀࢭʣ ͳͲ https://medium.com/nttlabs/container-runtime-student-internship-2022-q1-89a7113e0cde 
 ʹܝࡌ͞Ε͍ͯΔਤΛ΋ͱʹվม

ίϯςφΛىಈ͢Δͱى͖Δ͜ͱ • ߴϨϕϧϥϯλΠϜ • Πϝʔδͷ؅ཧ • ωοτϫʔΫઃఆ • ௿ϨϕϧϥϯλΠϜ • ࣮ߦ؀ڥͷִ཭ • ίϯςφͷ؅ཧʢىಈ΍ఀࢭʣ https://medium.com/nttlabs/container-runtime-student-internship-2022-q1-89a7113e0cde 
 ʹܝࡌ͞Ε͍ͯΔਤΛ΋ͱʹվม ࠓճ࡞͍ͬͯΔͷ͸ͬͪ͜

௿ϨϕϧϥϯλΠϜ͕΍ͬͯΔ͜ͱ • OCI Runtime Specͱ͍͏ن͕֨ଘࡏ 
 https://github.com/opencontainers/runtime-spec • ΠϯλʔϑΣʔε 
 create, start, delete, kill, state • ֤छϑΥʔϚοτ • ίϯςφͷϑΝΠϧߏ଄ʢFilesystem Bundleʣ • ίϯςφͷ࢓༷ϑΝΠϧʢcon fi gʣ

௿ϨϕϧϥϯλΠϜ͕΍ͬͯΔ͜ͱ • ࣮ߦ؀ڥͷִ཭ํ๏͸ԿͰ΋͍͍ʢنఆ͸ͳ͍ʣ 
 ྫɿLinuxͷػೳΛ࢖࣮ͬͯߦ؀ڥΛִ཭͢Δ • Namespaces 
 → ίϯςφ༻ʹϦιʔεΛִ཭ 
 PID, UTS(hostname), mount point, network, cgroups, IPC, etc. • Control Group (cgroups) 
 → Ϧιʔεͷ੍ޚʢྫ: cpu΍memoryͷ࢖༻ྔΛ੍ݶʣ

ίϯςφٕज़Λߏ੒͢Δsyscallͨͪ • fork(2), clone(2) → ࢠϓϩηεͷ࡞੒ • exec(2) → ϓϩηεͷஔ͖׵͑ʢ࣮ߦʣ • unshare(2) → NamespaceΛ࡞੒ɺ࣮ߦ؀ڥͷִ཭ • pivot_root(2) → rootσΟϨΫτϦʢ”/“ʣͷมߋ • etc. 
 
 ※cgroupsͷઃఆ͸ಛघϑΝΠϧγεςϜܦ༝Ͱॻ͖ࠐΉɻ 
 mount point: /sys/fs/cgroup/${subsystem_name}

௿ϨϕϧϥϯλΠϜࢹ఺ͷىಈϓϩηε • ӈਤ͸runcͷ಺෦ॲཧ 
 ਤ͸ോখ԰༷ͷهࣄΑΓҾ༻ʢͱͯ΋Θ͔Γ΍͍͢ͷͰΦεεϝʣ 
 https://kurobato.hateblo.jp/entry/2021/05/02/164218 • ίϯςφ࡞੒ʢrunc createʣ 
 → ಺෦తͳॳظԽॲཧʢrunc initʣ • 2ճforkΛ͢Δͷ͕ಛ௃తʢdouble-forkʣ • namespace෼཭ॱংͷؔ܎

ຊ೔ͷ͓͠ͳ͕͖ 
 
 1. ·͓͖͑ 2. ଎शίϯςφϥϯλΠϜ 3. runzigcͷ঺հ 4. ZigͷΑ͔ͬͨ఺ɾࠔͬͨ఺ 5. ·ͱΊ

Zig • libcඇґଘͷγϯάϧόΠφϦɾΫϩείϯύΠϧɾWebAssemblyରԠ • ݴޠ࢓༷Λγϯϓϧʹอͭ͜ͱΛڧ͘ҙࣝͨ͠ઃܭ • Ӆṭ͞Ε੍ͨޚϑϩʔ͕ଘࡏ͠ͳ͍ʢe.g., ྫ֎, ԋࢉࢠΦʔόʔϩʔυʣ • ҉໧తͳώʔϓͷ֬อ͸ߦΘΕͳ͍ɻશͯ໌ࣔతʹϝϞϦ؅ཧΛߦ͏ɻ • C / C++ͱͷ૬ޓӡ༻͕ՄೳʢZig Toolchainͦͷ΋ͷ͕C/C++ίϯύΠϥʣ • ݴޠ࢓༷͸ະͩunstableʢݱࡏͷόʔδϣϯ: v0.9.1ʣ Zig Project - Logomark / CC BY-SA 4.0.

runzigc • ZigͰॻ͔Εͨ௿ϨϕϧίϯςφϥϯλΠϜ 
 https://github.com/musaprg/runzigc • runcͷίʔυΛ”େ͍ʹ”ࢀߟʹ͍ͯ͠·͢ • Namespace: User, UTS, PIDͷΈ • cgroups v1ʢcpu, memͷΈʣ • OCI Runtime Specʹ͸ະ४ڌ

Demo

ຊ೔ͷ͓͠ͳ͕͖ 
 
 1. ·͓͖͑ 2. ଎शίϯςφϥϯλΠϜ 3. runzigcͷ঺հ 4. ZigͷΑͦ͞͏ͳ఺ɾࠔͬͨ఺ 5. ·ͱΊ

ॻ͍ͯͯײͨ͡ZigͷΑ͞ 1/2 • ޡղΛڪΕͣʹݴ͏ͱʮࡶʹॻ͚ΔCݴޠʯ • ײ֮తʹ͸ɺ͍͍ͩͨGoͱRustͷؒ͘Β͍ • ߏจ͸γϯϓϧͳͷͰɺൺֱతαΫαΫॻ͚Δ • ܕදهʹ͍ͭͯ͸গ͠Ϋη͕͋ΔͷͰ׳Ε͸ඞཁ

ॻ͍ͯͯײͨ͡ZigͷΑ͞ 2/2 • ܰྔͳSingle static binaryΛు͚Δ • libc΁ͷґଘ͕ͳ͍ͷͰऔΓճ͕͠ྑ͍ • ࡶͰ؆қతͳྫˠ 
 Zig 0.9.1 
 Target: x86_64-linux 
 Optimize: -O ReleaseSmall 
 debug symbol stripped 
 single threaded 
 →ɹ໿ 4.5 KiB const std = @import("std"); pub fn main() void { std.debug.print("Hello, world!\n", .{}); }

ࠔͬͨ͜ͱ 1/4 • Errorͦͷ΋ͷʹ࣋ͨͤΔ͜ͱ͕Մೳͳ৘ใ͕গͳ͍ • error.PermissionDenied͸ɺ 
 ”PermissionDenied”Ҏ্ͷ৘ใΛ΋ͨͳ͍ 
 → ελοΫτϨʔεɾσόοάϩάͳͲΛิॿతʹ༻͍Δ͜ͱͰ 
 ݪҼՕॴͱঢ়گͷಛఆ͸Ͱ͖ΔͷͰे෼Ͱ͸͋Δʁ 


ࠔͬͨ͜ͱ 2/4 • nճϧʔϓ࣮૷ʹศརͳfor(int i = 0;i

ࠔͬͨ͜ͱ 3/4 • Ұ෦ͷLinuxγεςϜίʔϧ͸Zigඪ४ϥΠϒϥϦͷ࣮૷͕ଘࡏ͠ͳ͍ • sethostname(2)ͳͲ 
 → ฦΓ஋ͷerrnoΛ 
 ZigͷerrorʹϚοϓ͢Δ 
 ࣮૷Λఆٛͯ͠ରԠ pub fn valOrErr(val: anytype, errno: usize) LinuxKernelError!@TypeOf(val) { return switch (os.errno(errno)) { .SUCCESS => val, .PERM => error.OperationNotPermitted, // … else => |e| return os.unexpectedErrno(e), }; } pub fn sethostname(hostname: []const u8) SetHostNameError!void { const result = switch (native_arch) { else => linux.syscall2(.sethostname, @ptrToInt(hostname.ptr), hostname.len), }; return valOrErr({}, result); }

ࠔͬͨ͜ͱ 4/4 • ώʔϓͷ؅ཧ͕ඞཁͳͷ͸एׯ໘౗ • defer/errdeferͱ͍ͬͨείʔϓϕʔεͷ੍ޚߏจ͸͋Δ • RustͷΑ͏ʹউखʹղ์͸ 
 ͯ͘͠Εͳ͍ 
 { var values = std.ArrayList( []const u8).init(allocator); defer values.deinit(); } // είʔϓΛൈ͚ͨ࣌఺Ͱ
 // ArrayList༻ʹ֬อ͞ΕͨϝϞϦ͸dealloc͞ΕΔ

ຊ೔ͷ͓͠ͳ͕͖ 
 
 1. ·͓͖͑ 2. ଎शίϯςφϥϯλΠϜ 3. runzigcͷ঺հ 4. ZigͷΑ͔ͬͨ఺ɾࠔͬͨ఺ 5. ·ͱΊ

·ͱΊ • Linuxʹ͓͚Δίϯςφ͸ɺ cgroups + namespace Λ༻͍ͯ 
 ϓϩηεͷϦιʔεΛ෼཭࣮ͯ͠ݱ͍ͯ͠Δ • ίϯςφϥϯλΠϜͷ͏ͪɺ௿ϨϕϧϥϯλΠϜ͕Ϧιʔεͷ෼཭Λ ୲͍ͬͯΔ • ZigͰ௿ϨϕϧίϯςφϥϯλΠϜ runzigc Λ࡞͍ͬͯ·͢ • Zigͷݴޠ࢓༷͸unstableɺ·ͩ·ͩൃల్্Ͱࠓޙʹ஫໨

runzigcͷকདྷ • OCI Runtime Spec׬શ४ڌ • Cgroup v1࣮૷ɾCgroup v2ରԠ • SeccompରԠ • ߴϨϕϧϥϯλΠϜ࣮૷௥Ճ ʴ CRIରԠ • ྑ͍ײ͡ͷ໊લΛߟ͑Δʢืूதʣ

ײ૝ • ͪΌΜͱ࣮૷ͨ͠ΒऔΓճ͠ͷ͍͍ܰྔίϯςφϥϯλΠϜ͕ 
 ര஀͢ΔͷͰ͸…ʁͱ͍͏୶͍ظ଴Λ๊͍͍ͯΔɻ • ݱஈ֊Ͱ͸͓΋ͪΌͷҬɺΏ͘Ώ͘͸࢖͑Δ΋ͷʹ͍͖͍ͯͨ͠ • ࢓૊ΈΛཧղ͢Δʹ͸ɺࣗ෼Ͱ࡞ͬͯΈΔͷ͕Ұ൪ • Έͳ͞Μ΋ίϯςφϥϯλΠϜ࡞ͬͯΈ·ͤΜ͔ʁ

Reference • ίϯςφϢʔβͳΒ୭΋͕࢖͍ͬͯΔϥϯλΠϜʮruncʯΛ၆ᛌ͢Δ [Container Runtime Meetup #1ൃදϨϙʔτ] https://medium.com/ nttlabs/runc-overview-263b83164c98 • Low-level Container Runtime:Runc Internals https:// kurobato.hateblo.jp/entry/2021/05/02/164218 • opencontainers/runc https://github.com/opencontainers/runc • containers/youki https://github.com/containers/youki

͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠

Q&A