Tweet
Tweet

Slide 1

Slide 1 text

ϗεςΟϯάͰ$3*6Λ࢖͓͏ ۙ౻Ӊஐ࿕(.01FQBCP *OD ϗεςΟϯάΧδϡΞϧ <)BDPOJXB$3*6ਐḿ><ݕࡧ>

Slide 2

Slide 2 text

γχΞɾϓϦϯγύϧΤϯδχΞ ۙ౻ Ӊஐ࿕ / @udzura https://blog.udzura.jp/ Uchio Kondo ٕज़෦ ٕज़ج൫νʔϜ

Slide 3

Slide 3 text

ίϯςφ

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

ϗεςΟϯάʹಋೖ

Slide 6

Slide 6 text

Web Proxy Web Request Dispatcher FastContainer Runtime CMDB ❌ FastContainer Killed 1. Check 2. Boot 3. Forward 4. Terminate

Slide 7

Slide 7 text

ϦΫΤετ Ұఆ࣌ؒͷఀࢭ ఀࢭޙͷ࣍ͷϦΫΤετͰ Ұ͔Βىಈ OHY@NSVCZ $POUBJOFST ݱࡏͷڍಈ

Slide 8

Slide 8 text

࠶ىಈͷίετ

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

Memory dump Network conf File descriptors cgroup params ...... CRIU Target
 process Syscalls, /proc files ... Kernel $3*6ͰΠϝʔδΛ࡞੒ɺ͔ͦ͜Βىಈ ˞ࢀߟ

Slide 11

Slide 11 text

ϦΫΤετ ఀࢭޙͷ࣍ͷϦΫΤετͰ $3*6Πϝʔδ͔Βىಈ OHY@NSVCZ $3*6ಋೖ ඇಉظͰ Πϝʔδͷ࠶࡞੒ $POUBJOFST $3*6JNBHF

Slide 12

Slide 12 text

ޮՌଌఆ

Slide 13

Slide 13 text

؀ڥ Ұ෦ Bench(Bastion) Compute(Users) Web Proxy Core API CMDB 8 Core 51GB Mem 1 Core 2GB Mem

Slide 14

Slide 14 text

ܭଌ݁Ռ

Slide 15

Slide 15 text

ܭଌ݁Ռ DPOUFOUSPPUFYU

Slide 16

Slide 16 text

ܭଌ݁Ռ

Slide 17

Slide 17 text

ܭଌ݁Ռ 3FTQPOTF5JNF NT ✴"QBDIF͕Ϩεϙϯε Λฦͨ࣌ؒ͠Λൺֱɻ ✴"QBDIF͸͢΂ͯͷϫʔ Χʔ্ཱ͕͕ͪΔલʹ ϨεϙϯεΛฦͤΔ͜ ͱ͕ޙʹΘ͔ͬͨ

Slide 18

Slide 18 text

࣮૷

Slide 19

Slide 19 text

ϦετΞ͞ΕͨϓϩηεΛɺ )BDPOJXBͷԼʹ໭͍ͨ͠ɻ Haconiwa sv-sv \- criu restore \- Container Haconiwa sv-sv \- Haconiwa sv \- Container ௨ৗىಈ CRIUܦ༝ͷىಈ ϑοΫॲཧ͸ ओʹ͜͜Ͱߦ͏ ʁʁʁ

Slide 20

Slide 20 text

ํ๏ TXSLNPEFSFTUPSFTJCMJOH shd: vagrant@pts/0 \_ -bash \_ sudo ../mruby/bin/mruby example/restore_child.rb \_ ../mruby/bin/mruby example/restore_child.rb <- libcriuΛݺͼग़ͨ͠mruby script \_ /usr/local/apache2/bin/httpd -DFOREGROUND -X <- ͜Ε͕ίϯςφϓϩηε \_ /usr/local/sbin/criu swrk 6 <- ͜Ε͕swrkϞʔυͰ্ཱ͕ͪͬͨαʔϏεͰɺ cr_restore_tasks() ͸͜͜ͰಡΜͰ͍Δ \_ sh -c ps auxf <- ֬ೝͷͨΊʹ system() ͨ͠΋ͷ \_ ps auxf

Slide 21

Slide 21 text

$3*6ͷTXSLNPEF w·ͣTXSLϞʔυͷઆ໌Ͱ͕͢ɺ͜Ε͸MJCDSJVͰؔ਺Λݺͼग़ͨ͠ࡍʹɺ ΞυϗοΫʹDSJVόΠφϦͦͷ΋ͷΛݺͼग़ͯ͠αʔϏεΛ࡞੒͠ɺݟ͔͚ ্αʔϏεͳ͠Ͱ΋DSJVͷػೳΛ࢖͏ϞʔυͰ͢ʢਤ̎ࠨʣɻ

Slide 22

Slide 22 text

DMPOF $-0/&@1"3&/5 $ ./clone-tarou parent --use-clone-parent [!] Hey, maybe a new sibling is added 26627 pts/1 S+ 0:00 \_ ./clone-tarou parent --use-clone-parent 26628 pts/1 S+ 0:00 \_ clone-tarou tarou --use-clone-parent 26629 pts/1 S+ 0:00 \_ clone-tarou jirou [!] exit: PID=26628 [!] exit: PID=26629 <ݕࡧ>

Slide 23

Slide 23 text

clone(fun, ..., CLONE_PARENT|CLONE_NEWPID) ͸ɺΧʔωϧͷόʔδϣϯʹΑͬͯ ಈ͔ͳ͍Β͍͠ $3*6ͷίϝϯτΑΓ

Slide 24

Slide 24 text

ํ๏ FYFDDNEͬͪ͜Λ࠾༻ Haconiwa sv \- criu restore \- Container Haconiwa sv \- haconiwa _restored \- Container FYFD XBJU wDSJVίϚϯυͰϦετΞ͔ͯ͠Βɺ೚ҙͷϓϩάϥϜʹFYFDWF Ͱ͖Δ wFYFDલʹGPSLͨ͠ϓϩηεΛɺ৽͍͠ϓϩάϥϜଆͰXBJU Ͱ͖Δ

Slide 25

Slide 25 text

&YUFSOBMCJOENPVOUରԠ /path/to/pivot_root `- / (bind-mount self) `- /etc -> /other/etc `- /home/foo -> /other2/home `- /var/log -> /other3/log wSPPUGTͷ֎ଆʹ͋ΔϑΝΠϧγεςϜSPPUΛCJOENPVOUͯ͠ɺ
 DISPPUQJWPU@SPPU ͔ͯ͠Β΋࢖͑ΔΑ͏ʹ͢Δ͜ͱ͕Α͋͘Δ™ wͦ͏͍͏֎ଆͷϑΝΠϧγεςϜΛ$3*6͕ཧղͰ͖ΔΑ͏ʹ͢Δ ͜͜ʹpivot_root

Slide 26

Slide 26 text

&YUFSOBMCJOENPVOU͕͏·͍͔͘Μ

Slide 27

Slide 27 text

Φϓγϣϯ௕͗͢ΜͶΜ໰୊

Slide 28

Slide 28 text

Ṗʹͭͳ͕Βͳ͍ωοτϫʔΫ

Slide 29

Slide 29 text

ωοτϫʔΫϩοΫ͕1"5)͕ͳ͍ͷͰ
 ղআ͞Εͳ͍ɻ

Slide 30

Slide 30 text

཯଎ͯ͠Δʁ໰୊ Hotstart Start from CRIU

Slide 31

Slide 31 text

Web Proxy Web Request Dispatcher FastContainer Runtime CMDB ❌ FastContainer Killed 1. Check 2. Boot 3. Forward 4. Terminate 'BTU3FNPUF$IFDLͱ͍͏ NHFNΛར༻ͯ͠଴͍ͬͯΔ͕ɺ ઃఆ͕มʁ

Slide 32

Slide 32 text

'BTU3FNPUF$IFDLͷύϥϝʔλௐ੔

Slide 33

Slide 33 text

No content

Slide 34

Slide 34 text

IUUQTHJUIVCDPNIBDPOJXBIBDPOJXBQVMMT RJT"QSJT"DMPTFE ͦͷ΄͔ wࡉʑͱࠔͬͨ͜ͱ͕͕͋ͬͨɺׂͱҰ௨ΓରԠͰ͖ͨؾ͕͢Δɻ wԼه͸ࢀߟ΢ΣοϒϖʔδͰ͢

Slide 35

Slide 35 text

ࠓޙ

Slide 36

Slide 36 text

ϦϦʔεͰ͖ΔΑ͏ؤுΔͧʙ OPEB͞Μ͕

Slide 37

Slide 37 text

(SFOBEJOFͱ͍͏ͷΛ࡞ͬͨ

Slide 38

Slide 38 text

No content