Linux コンテナの基礎 / 9th CTStudy

Transcript

1. Linuxίϯςφͷجૅ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ Ճ౻ହจ 2016-04-23 Ճ౻ହจ ୈ 9

   ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 1 / 48

2. ࣗݾ঺հ Ճ౻ହจ http://www.ten-forward.ws/ @ten forward http://gplus.to/tenforward https://github.com/tenforward http://d.hatena.ne.jp/defiant/ (ٕज़ϒϩά) Ճ౻ହจ

   ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 2 / 48

3. ࣗݾ঺հ ϑΝʔεταʔόɹج൫։ൃ෦ɹॴଐ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 3 /

   48

4. ࣗݾ঺հ Plamo Linux ϝϯςφ LXC ͰֶͿίϯςφೖ໳ɹʔܰྔԾ૝Խ؀ڥΛ࣮ݱ͢Δٕज़ gihyo.jp Ͱ࿈ࡌ Ճ౻ହจ ୈ

   9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 4 / 48

5. ࣗݾ঺հ LXC/LXD ͷ։ൃʹগ͠ࢀՃ man page ͷ೔ຊޠ༁ ެࣜϖʔδ (linuxcontainers.org) ຋༁ όάϑΟοΫεͳͲগ͚ͩ͠ίʔυʹ΋ߩݙ

   LXD ೔ຊޠϝοηʔδ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 5 / 48

6. ࠓ೔ͷ໨ඪ ίϯςφͷ֓ཁΛཧղ͢Δ Linux Χʔωϧ͕࣋ͭίϯςφΛߏ੒͢ΔͨΊͷओཁͳػೳ Λ֮͑Δ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ

   2016-04-23 6 / 48

7. ࠓ೔ͷ಺༰ ίϯςφͷ֓ཁ Linux ʹ͓͚Δίϯςφͷ࢓૊Έ Namespace σϞ cgroup σϞ ·ͱΊ Ճ౻ହจ

   ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 7 / 48

8. ίϯςφ֓ཁ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 8 / 48

9. ίϯςφͱ͸ ΧʔωϧͷػೳͰ ִ཭͞ΕۭͨؒͰϓϩηεΛ࣮ߦ͢Δ ϓϩηεʹରͯ͠Ϧιʔε੍ݶΛઃఆ͢Δ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23

   9 / 48

10. ίϯςφͱ͸ Χʔωϧ͔ΒݟΔͱී௨ʹϓϩηε͕ىಈ͢Δ͚ͩ ىಈ͢Δࡍʹִ཭Λࢦࣔ͢Δ ΧʔωϧͷػೳͰ (ෳ਺ͷ) ಠཱۭͨؒ͠Λ࡞Γग़͠ɼϦιʔ εΛ෼ׂɾ෼഑͢Δ ϓϩηεΛάϧʔϓԽͯ͠ଞͷάϧʔϓͱϦιʔεۭؒΛִ཭ άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ Ծ૝Խͱ͍͏ΑΓʮִ཭Խʯͱݴͬͨ΄͏͕Θ͔Γ΍͍͔͢΋

    Ծ૝తͳίϯϐϡʔλɾγεςϜΛ࠶ݱ͢ΔԾ૝Ϛγϯʹର ͯ͠ɺԾ૝తͳ OS ؀ڥΛఏڙ͢Δ ˠ OS ϨϕϧͷԾ૝Խ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 10 / 48

11. ίϯςφͷϝϦοτ ߴີ౓Խ͕Մೳ ىಈ͍ͯ͠Δ OS (Χʔωϧ) ͸Ұͭ Φʔόʔϔου͕খ͍͞ ϋʔυ΢ΣΞͷԾ૝Խ͕ෆཁ ىಈ͕ૣ͍ Ծ૝ϚγϯͷىಈͰ͸ͳ͘ɼϗετ

    OS ͔ΒݟͨΒ୯ʹϓϩ ηε͕ىಈ͍ͯ͠Δ͚ͩͳͷͰɼී௨ͷϓϩάϥϜ͕ىಈ͢Δ ͷͱ΄ͱΜͲมΘΒͳ͍ ඞͣ͠΋γεςϜΛಈ͔͢ඞཁ͸ͳ͍ (ΞϓϦέʔγϣϯί ϯςφ) ྫ͑͹ίϯςφ಺Ͱ͸ httpd ͷΈ͕ಈ͍͍ͯΔ ίϯςφʹϝϞϦΛݻఆతʹׂΓ౰ͯΔඞཁ͕ͳ͍ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 11 / 48

12. ίϯςφͷσϝϦοτ ҟͳΔ OS ͷγεςϜ / ϓϩάϥϜ͸ಈ͔ͤͳ͍ ୯ʹϗετ OS ্Ͱϓϩηε͕ىಈ͢Δ͚ͩͳͷͰ౰ͨΓલ ΧʔωϧʹؔΘΔૢ࡞͸Ͱ͖ͳ͍

    ىಈ͍ͯ͠ΔΧʔωϧ͸มΘΒͳ͍ͷͰ ίϯςφຖʹϩʔυ͢ΔϞδϡʔϧΛม͑ΔͳͲ Χʔωϧͷ࣮૷͸ෳࡶʹͳΔ શͯΧʔωϧͷػೳͱ࣮ͯ͠૷͞Ε͍ͯΔͷͰ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 12 / 48

13. ࠓ೔ͷ಺༰ ίϯςφͷ֓ཁ Linux ʹ͓͚Δίϯςφͷ࢓૊Έ Namespace σϞ cgroup σϞ ·ͱΊ Ճ౻ହจ

    ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 13 / 48

14. Linuxʹ͓͚Δίϯςφͷ࢓ ૊Έ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 14 /

    48

15. Linuxʹ͓͚Δίϯςφ͸Χʔωϧʹʰίϯ ςφʱͱ͍͏୯Ұͷػೳ͕࣮૷͞Ε࣮ͯݱ͠ ͍ͯΔΘ͚Ͱ͸͋Γ·ͤΜ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 15

    / 48

16. Linux ͰίϯςφΛ࣮ݱ͢ΔͨΊͷػೳ Linux Χʔωϧʹؚ·ΕΔ৭ʑͳػೳΛ૊Έ߹Θͤͯίϯςφ؀ ڥΛ࡞੒͢ΔɻͦΕͧΕͷػೳ͸ίϯςφઐ༻ͷػೳͱ͍͏Θ͚ Ͱ͸ͳ͍ɻ ϓϩηεΛάϧʔϓԽͯ͠ଞͷάϧʔϓͱִ཭ OS Ϧιʔεͷִ཭ ˠ

    Namespace (໊લۭؒ) άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ ϗετͷ෺ཧϦιʔεʹର͢Δ੍ݶ ˠ cgroup (control group) Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 16 / 48

17. LinuxͰίϯςφΛ࣮ݱ͢ΔͨΊͷػೳ ͦͷଞ ωοτϫʔΫ (veth, macvlan ͳͲ) έʔύϏϦςΟ chroot (pivot root)

    bind mount Checkpoint/Restore (CRIU) ͳͲͳͲ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 17 / 48

18. Linuxͷίϯςφ࣮૷ྫ Docker ΞϓϦέʔγϣϯίϯςφͷ࣮ߦʹಛԽɻίϯςφؔ࿈ͷॲཧ͸ runC ϓ ϩδΣΫτ಺ͷ libcontainer Λ࢖༻ɻ LXC/LXD Ubuntu

    Λத৺ʹ։ൃɻओʹγεςϜίϯςφΛ࣮ߦ͢Δ͜ͱΛલఏʹ࡞ ΒΕ͍ͯΔ͕ɺΞϓϦέʔγϣϯίϯςφͷ࣮ߦ΋Մೳɻඇಛݖίϯςφ ͕࣮ߦͰ͖Δɻ OpenVZ Linux ͷίϯςφ࣮૷ͱͯ͠͸ݹ͔͘Β͋Δ࣮૷ͷͻͱͭɻ2000 ೥͝Ζ ͔ΒɻΧʔωϧʹύονΛద༻͢ΔɻΧʔωϧʹ࣮૷͞Ε͍ͯΔίϯςφ ؔ࿈ػೳ͸ OpenVZ ༝དྷͷػೳ͕ଟ਺͋ΔɻOpenVZ Λϕʔεʹͨ͠঎ ༻൛ Virtuozzo ͕ଘࡏ͢Δɻ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 18 / 48

19. Linuxͷίϯςφ࣮૷ྫ rkt CoreOS ͕ࣾ։ൃ͢ΔΞϓϦέʔγϣϯίϯςφͷϥϯλΠϜɻ systemd ͝ଘ஌ Linux ޲͚ͷ࠷ۙओྲྀͱͳͬͨ init ࣮૷ͷͻͱͭɻίϯςφΛѻ͏

    ίϚϯυ΍࢓૊Έ΋಺แ͍ͯ͠Δ MINCS γΣϧεΫϦϓτͰॻ͔Εͨίϯςφ࣮૷ runC (libcontainer) Docker ʹΑΔ Open Container Project ४ڌͷ࣮૷ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 19 / 48

20. ࠓ೔ͷ಺༰ ίϯςφͷ֓ཁ Linux ʹ͓͚Δίϯςφͷ࢓૊Έ Namespace σϞ cgroup σϞ ·ͱΊ Ճ౻ହจ

    ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 20 / 48

21. Linuxʹ͓͚Δίϯςφͷ࢓૊Έ Namespace Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 21 /

    48

22. Namespace(໊લۭؒ) ִ཭͍ͨ͠ OS Ϧιʔε͝ͱʹ Namespace ͕४උ͞ΕΔ Ұ෦ͷ Namespace ͚ͩ࢖༻ִͯ͠཭؀ڥΛ࡞Δ͜ͱ͕Ͱ͖Δ Ճ౻ହจ

    ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 22 / 48

23. Namespace ͷछྨ (1) Mount Namespace: 2.4.19 ϓϩηε͔Βݟ͍͑ͯΔϚ΢ϯτͷू߹ɼૢ࡞Λ෼཭͢Δɽ Namespace ಺ͷ mount,

    umount ͕ଞͷ Namespace ʹӨڹ Λ༩͑ͳ͍Α͏ʹͰ͖Δ (༩͑ΔΑ͏ʹ΋Ͱ͖Δ) ˠ private/shared/slave (ࢀߟ) Ϛ΢ϯτ໊લۭؒΛద༻͢Δ (IBM developerWorks) (ࢀߟ) Χʔωϧෟଐจॻ (Documentation/filesystems/sharedsubtree.txt) (ࢀߟ) σϑΥϧτ͸ private ͕ͩɺsystemd ͸/Λ shared ͰϚ ΢ϯτ͢Δ UTS Namespace: 2.6.19 ϗετ໊ͳͲɼuname(2) ͕ฦ͢஋ͷू߹Λ෼཭ɽ setdomainname(2), sethostname(2) Ͱ Namespace ಺ͷ஋ ͷΈมߋͰ͖Δ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 23 / 48

24. Namespace ͷछྨ (2) PID Namespace: 2.6.24 PID ۭؒͷ෼཭ɽ৽͍͠ PID Namespace

    Ͱ͸ PID 1 ͔Β࢝ ·Δ PID ׂ͕Γ౰ͯΒΕΔɽ਌͔Βࢠͷ PID Namespace ͸ ݟ͑Δ (਌ͷۭؒͷ PID Λ࣋ͭ) ͕ɼࢠ͔Β਌͸ݟ͑ͳ͍ IPC Namespace: 2.6.19 SysV IPC ΦϒδΣΫτɼPOSIX ϝοηʔδΩϡʔͷִ཭ User Namespace: 2.6.23 ˜ 3.8 ಠཱͨ͠ UID/GID ۭؒͱ֎෦ۭؒͷϚοϐϯά (ྫ͑͹ɼִ ཭ۭؒͰ͸ uid/gid 0/0ɼ֎෦Ͱ͸ 1000/1000 ͱ͔Մೳʹ ͳΔ) Network Namespace: 2.6.26 ωοτϫʔΫϦιʔεͷִ཭ɽωοτϫʔΫσόΠεɼΞυϨ εɼϧʔςΟϯάςʔϒϧɼιέοτɼϑΟϧλϦϯά Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 24 / 48

25. Namespaceͷछྨ(3) cgroup Namespace: 4.6 cgroup ͷִ཭ /proc/$PID/cgroup ϑΝΠϧ಺ͷ cgroup ύε

    namespace ಺ͰϚ΢ϯτͨ͠ cgroupfs πϦʔ (͜ͷ Namespace Ͱ clone(2) ʹ༩͑Δϑϥά (32bit ੔਺) Λ࢖͍͖Γ·ͨ͠ :-) Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 25 / 48

26. Namespaceৄࡉ Namespace ͷΧʔωϧ಺෦ͷ࣮૷ʹ͍ͭͯ͸ʮୈ 8 ճ ίϯςφ ܕԾ૝Խͷ৘ใަ׵ձˏ౦ژʯͰͷ Masami Ichikawa ͞Μͷ

    Linux Namespaces ͕ৄ͍͠Ͱ͢ (ಈը) Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 26 / 48

27. ͦͷଞͷNamespace աڈʹఏҊ͞Ε͍ͯͨ΋ͷ Log Namespace Device Namespace Ճ౻ହจ ୈ 9 ճ

    ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 27 / 48

28. Namespace ͷૢ࡞ (γεςϜίʔϧ) clone(2) Ͱ৽͍͠ϓϩηε Λੜ੒ unshare(2) Ͱ৽͍͠ϓϩηεΛੜ੒ͤͣʹ࣮ߦίϯςΩετ Λ੍ޚ͢Δ setns(2)

    ͰϓϩηεΛطଘ ͷ Namespace ʹؔ࿈෇͚Δ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 28 / 48

29. NamespaceσϞ(1) Mount + PID + UTS + Net Namespace Λಉ࣌ʹ࡞੒͠

    ͯγΣϧΛىಈͤ͞Δ ஫໨఺ɿNamespace ಺ͱϗετ্ͰҎԼ͕ҟͳΔ͜ͱ Ϛ΢ϯτͷ৘ใ (Namespace ಺ͷϚ΢ϯτ͕ϗετ্Ͱ͸ݟ ͑ͳ͍) ϓϩηεͷ৘ใ (PID 1 ͰγΣϧ͕ىಈ͍ͯ͠Δɺϗετ্ͷ ϓϩηε͸ݟ͑ͳ͍) ωοτϫʔΫΠϯλʔϑΣʔε (ϗετͱҟͳΓϧʔϓόοΫ Ҏ֎ʹଘࡏ͠ͳ͍) ϗετ໊ (Namespace ಺Ͱมߋͯ͠΋ϗετ্ͷϗετ໊͸ มΘΒͳ͍) Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 29 / 48

30. NamespaceσϞ(1) Mount + PID + UTS + Net Namespace 

     $ sudo unshare --pid --mount --uts --net --mount-proc --fork \ > -- /bin/bash (PID, Mount Namespace Λࢦఆͯ͠ unshre ࣮ߦ) # mount --make-private / (/ Λ private ʹ) # mount -o bind /usr /mnt (bind mount Λ࣮ߦ) # ps aux (ᶃϓϩηεҰཡ) # cat /proc/1/mountinfo (ᶄ/ ͱ /mnt ͷϚ΢ϯτͷ༷ࢠΛ֬ೝ) # ip a (ᶅωοτϫʔΫΠϯλʔϑΣʔεͷ༷ࢠΛ֬ೝ) # hostname hogehoge (ϗετ໊Λมߋ) # hostname (ᶆϗετ໊ͷ֬ೝ)   ผͷγΣϧͰ   $ ps aux (ᶃϓϩηεҰཡ) $ cat /proc/1/mountinfo (ᶄ/ ͱ /mnt ͷϚ΢ϯτͷ༷ࢠΛ֬ೝ) $ ip a (ᶅωοτϫʔΫΠϯλʔϑΣʔεͷ༷ࢠΛ֬ೝ) $ hostname (ᶆϗετ໊ͷ֬ೝ)   Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 30 / 48

31. NamespaceσϞ(2) User Namespace Λ࡞੒ͯ͠γΣϧΛىಈ͢Δ ஫໨఺ɿ ҰൠϢʔβ͕ Namespace Λ࡞੒Ͱ͖Δ͜ͱ Namespace ಺ͱϗετ্ͰγΣϧͷ࣮ޮϢʔβɾάϧʔϓ͕

    ҟͳΔ͜ͱ Namespace ಺Ͱ࡞੒ͨ͠ϑΝΠϧͷɺNamespace ಺Ͱݟͨ Φʔφʔͱɺϗετ্ͰݟͨΦʔφʔ͕ҟͳΔ͜ͱ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 31 / 48

32. NamespaceσϞ(2) User Namespace   $ unshare -U --map-root-user --

    /bin/bash (User Namespace Λ࡞੒ɻݱϢʔβΛ Namespace ಺ͷ root ʹϚοϐϯά) # echo $$ # grep ’[U|G]id’ /proc/1082/status (ᶃϓϩηεͷ࣮ޮ ID ͷ֬ೝ) # touch /tmp/testfile # ls -l /tmp/testfile (ᶄϑΝΠϧͷΦʔφʔͷ֬ೝ)   ผγΣϧͰ   $ grep ’[U|G]id’ /proc/1082/status (ᶃϓϩηεͷ࣮ޮ ID ͷ֬ೝ) $ ls -l /tmp/testfile (ᶄϑΝΠϧͷΦʔφʔͷ֬ೝ)   Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 32 / 48

33. ࠓ೔ͷ಺༰ ίϯςφͷ֓ཁ Linux ʹ͓͚Δίϯςφͷ࢓૊Έ Namespace σϞ cgroup σϞ ·ͱΊ Ճ౻ହจ

    ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 33 / 48

34. Linuxʹ͓͚Δίϯςφͷ࢓૊Έ cgroup Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 34 /

    48

35. cgroupͱ͸ ϓϩηεΛάϧʔϓԽ͠ɺάϧʔϓʹରͯ͠Ϧιʔε੍ݶΛߦ͏ɻ ίϯςφઐ༻ͷ࢓૊ΈͰ͸ͳ͍ɻ cgroup ͷಛ௃ ػೳ͝ͱʹαϒγεςϜʹ෼͔ΕΔ cgroupfs ΛϚ΢ϯτͯ͠σΟϨΫτϦͰάϧʔϓΛද͢ ϓϩηεΛάϧʔϓ಺ͷ tasks

    ϑΝΠϧʹ௥Ճ͢Δͱؔ࿈͢Δ λεΫ͕εϨου୯ҐͰάϧʔϓʹ௥Ճ͞ΕΔ ෳ਺֊૚ߏ଄ɻվ଄ߏ଄͝ͱʹҟͳΔπϦʔΛ࡞੒Ͱ͖Δɻͨ ͩ͠ɺҰͭͷαϒγεςϜ͕ॴଐͰ͖ΔπϦʔ͸Ұͭ πϦʔͷͲͷϨϕϧͷάϧʔϓʹ΋λεΫ͕ॴଐͰ͖Δ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 35 / 48

36. cgroupͷ֊૚ߏ଄ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 36 / 48

37. cgroupͷαϒγεςϜ cpu: 2.6.24 CFS(Completely Fair Scheduler) bandwidth controlɽ୯Ґ ࣌ؒ಺ͷάϧʔϓ಺ͷλεΫ͕࣮ߦͰ͖Δ߹ܭ࣌ؒΛ੍ݶ͢Δ (3.2

    Ͱ࣮૷) ૬ର഑෼ɽάϧʔϓؒͷ CPU ࣌ؒͷׂ౰ͷׂ߹Λࢦఆ͢Δɽ ྫ͑͹ GroupA=100,GroupB=50 ͱ͢Δͱ A:B=2:1 cpuacct: 2.6.24 άϧʔϓ಺ͷ CPU ϦιʔεͷϨϙʔτ (CPU ࣌ؒ) cpuset: 2.6.24 ׂΓ౰ͯΔ CPU, ϝϞϦϊʔυͷׂ౰ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 37 / 48

38. cgroupͷαϒγεςϜ device: 2.6.26 σόΠε΁ͷΞΫηεڐՄɼ੍ݶͷࢦఆ freezer: 2.6.28 άϧʔϓ಺ͷϓϩηεΛશͯҰ࣌ఀࢭ͢Δ memory: 2.6.29 ϝϞϦϦιʔεͷ੍ݶ

    (ϢʔβϝϞϦɼΧʔωϧϝϞϦ) blkio (Block IO): I/O weight controller(2.6.33 Ҏ߱) άϧʔϓͷ༏ઌ౓Λࢦఆ ͢Δ I/O throttling(2.6.37 Ҏ߱) άϧʔϓ಺ͷϓϩηεͷσόΠ εʹର͢Δૢ࡞਺ͷ߹ܭͷࢦఆ (ࢀߟ)Linux2.6.37 ͷ৽ػೳ “I/O throttling” Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 38 / 48

39. cgroupͷαϒγεςϜ hugetlb: 3.6 cgroup ͔Βͷ hugetlb ͷ࢖༻ perf event: 2.6.39

    άϧʔϓ୯ҐͰ perf πʔϧͰϞχλϦϯά (ύϑΥʔϚϯε ղੳ) net cls: 2.6.29 ύέοτʹࣝผࢠΛ͚ͭɼτϥϑΟοΫίϯτϩʔϧ (tc) ͱ netfilter(3.14 Ҏ߱) ͰίϯτϩʔϧՄೳʹ Linux 3.14 Ͱ net cls cgroup ʹ௥Ճ͞Εͨ netfilter ରԠ net prio: 3.3 άϧʔϓؒͰͷωοτϫʔΫͷ༏ઌ౓ΛΠϯλʔϑΣʔεຖʹ ࢦఆ͢Δ Linux 3.3 ͷ৽ػೳ Network priority cgroup Linux 3.3 ͷ৽ػೳ Network priority cgroup (2) Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 39 / 48

40. cgroupͷαϒγεςϜ pids: 4.3 fork() ΍ clone() ͰىಈͰ͖Δϓϩηε਺Λ੍ݶ͢Δ LXC ͰֶͿίϯςφೖ໳ ୈ

    30 ճ Linux Χʔωϧͷίϯςφ ػೳ [8] ʔ cgroup ͷ pids αϒγεςϜ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 40 / 48

41. cgroupͷ࢖͍ํ cgroup ͸ίϯςφͱؔ܎ͳ͘࢖༻Մೳ   # mount -t tmpfs cgroup_root

    /sys/fs/cgroup # mkdir /sys/fs/cgroup/memory # mount -t cgroup -o memory cgroup /sys/fs/cgroup/memory (ϝϞϦαϒγεςϜͷ Ϛ΢ϯτ) # mkdir /sys/fs/cgroup/memory/test01 ("test01" ͱ͍͏άϧʔϓͷ࡞੒) # echo $$ > /sys/fs/cgroup/memory/test01/tasks (ϓϩηεΛάϧʔϓʹొ࿥) # cat /sys/fs/cgroup/memory/test01/tasks (άϧʔϓ಺ͷϓϩηεͷ֬ೝ) 2824 2837 # echo 30M > /sys/fs/cgroup/memory/test01/memory.limit_in_bytes (άϧʔϓʹରͯ͠ϝϞϦ্ݶ 30M ͱ͍͏੍ݶΛઃఆ) # cat /sys/fs/cgroup/memory/test01/memory.limit_in_bytes (੍ݶ஋ͷ֬ೝ) 31457280 # cat /sys/fs/cgroup/memory/test01/memory.usage_in_bytes (ݱࡏͷ࢖༻ྔͷ֬ೝ) 565248   Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 41 / 48

42. cgroup v2 4.5 ΧʔωϧͰ stable ʹͳͬͨ (ͦΕ·Ͱ΋։ൃ༻Ͱ࣮૷͸͞ Ε͍ͯͨ) cgroup v1

    ͸໰୊͕͋Δ ෳࡶ͗͢ ੍ݶ͕͋ΔͷͰෳࡶͳ͜ͱ͕Ͱ͖ͯ΋࣮ࡍ͸࢖͑ͳ͍ɾ࢖Θ ͳ͍ αϒγεςϜಉ࢜ͷ࿈ܞ͕औΕͳ͍ ·ͩҰ෦ͷαϒγεςϜͷΈ (memory,io,pids) Ұ෦͸ v2 Λ࢖ͬͯɺଞ͸ v1 Λ࢖͏͜ͱ΋Ͱ͖Δ Χʔωϧෟଐจॻ (Documentation/cgroup-v2.txt) Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 42 / 48

43. cgroupσϞ 1 CPU ࢖༻࣌ؒͷ੍ݶ (https://asciinema.org/a/29131) ୯Ґ࣌ؒ 100000(Ж s) த 1000(Ж

    s) ͚ͩ࢖༻͢Δ 2 ϓϩηε਺ͷ੍ݶ (https://asciinema.org/a/29276) Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 43 / 48

44. ·ͱΊ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 44 / 48

45. ·ͱΊ ίϯςφͷ֓ཁ Linux ʹ͓͚Δίϯςφͷ࢓૊Έ ίϯςφ͸Χʔωϧʹ࣮૷͞Ε͍ͯΔ৭ʑͳػೳͷ૊Έ߹Θͤ Ͱ࣮ݱ͞Ε͍ͯΔ Namespace OS Ϧιʔεͷִ཭ cgroup

    ϗετͷ෺ཧϦιʔεͷ੍ݶ ωοτϫʔΫؔ࿈ػೳ veth macvlan ίϯςφͰ࢖͑Δ໘ന͍ػೳ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 45 / 48

46. lxc-jp LXC ʹݶΒͣίϯςφͷ࿩୊Λѻ͍ͬͯ·͢ɻ https://groups.google.com/d/forum/lxc-jp Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23

    46 / 48

47. ڠྗऀืू ҎԼͷ຋༁Λߦ͍ͬͯ·͢ɻ͕࣌ؒ͋Δͱ͖͚ͩͰ΋ྑ͍ͷ ͰϨϏϡʔɺमਖ਼ɺվྑΛͯͩ͘͠͞Δํ׻ܴ͠·͢ɻ LXC ϚχϡΞϧ (man pages) linuxcontainers.org ίϯςϯπ LXD

    ೔ຊޠϝοηʔδ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 47 / 48

48. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ Ճ౻ହจ ୈ 9 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ 2016-04-23 48 / 48