いまさら聞けない Linux コンテナの基礎 / KOF 2015

2591343b244565d6199f61c4acd148f9?s=47 tenforward
November 06, 2015
Technology
6
2.3k

いまさら聞けない Linux コンテナの基礎 / KOF 2015

KOF 2015 の発表資料です。
参考となる情報にはPDF中からリンクをしていますが、資料中のリンクは Speaker Deck 上ではクリックできないので PDF をダウンロードしてご覧ください。

2591343b244565d6199f61c4acd148f9?s=128

tenforward

November 06, 2015
Tweet

More Decks by tenforward

See All by tenforward
2591343b244565d6199f61c4acd148f9?s=48 tenforward
3
330
2591343b244565d6199f61c4acd148f9?s=48 tenforward
26
6.8k
2591343b244565d6199f61c4acd148f9?s=48 tenforward
2
450
2591343b244565d6199f61c4acd148f9?s=48 tenforward
7
3.2k
2591343b244565d6199f61c4acd148f9?s=48 tenforward
22
7.5k
2591343b244565d6199f61c4acd148f9?s=48 tenforward
2
430
2591343b244565d6199f61c4acd148f9?s=48 tenforward
6
1.4k
2591343b244565d6199f61c4acd148f9?s=48 tenforward
7
30k
2591343b244565d6199f61c4acd148f9?s=48 tenforward
17
3.5k

Other Decks in Technology

See All in Technology
6557f271a0b301f453f773be43cf876f?s=48 miyamoto_hiroki
1
180
Ca7e4f1680e175e6462a039923e71fc5?s=48 kyokonishito
0
170
C7f4bfa6a378cf43c3475716d1992efe?s=48 ishizuka427
0
210
332f89cc697355902a817506b6995f2b?s=48 ytaka23
7
1.5k
92e7a56a50535ef4c51c112c71d3f9c1?s=48 jkubota
0
260
Cd823abda454a7a2065fe6fe273ae84b?s=48 viva_tweet_x
2
260
7a37d60769f6f3004adee19a8ff2c219?s=48 tunepolo
4
1.4k
4b2f3a64637b51e81813accbe8a98083?s=48 miura55
0
260
Ad22fcf5773b906c08330f4d57242212?s=48 inductor
3
710
5b392dc79d5b6d1dab580bf60e26fb7c?s=48 nitya
0
160
9e7a653ed313b3da4b263a772bfc5026?s=48 clustervr
0
250
13d936e697fe0f4fa96f926d0a712f6c?s=48 sansanbuildersbox
0
210

Featured

See All Featured
C1daf20e5c49ff910745198ef9869ac2?s=48 hatefulcrawdad
257
16k
39488f9d172ab92fd352f2cd7b73258d?s=48 mza
80
3.9k
Ba530e786553390f3fb271848485681c?s=48 3n
159
22k
812e1705ff0f8bc1bcf18587bde687d5?s=48 62gerente
581
190k
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
435
28k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
391
60k
5f2da528927a2ec9ba4fec2069cbc958?s=48 kneath
218
14k
4394ceb8b277f35ee3da7030384efb5d?s=48 davidbonilla
68
3.4k
D36d2c1821af9249b69ff7f5ed60529b?s=48 tammielis
236
23k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
189
17k
7cbd3f5f922d798cc312eaf596de7ae6?s=48 iamctodd
8
1.2k
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
17
1.2k

Transcript

  1. ͍·͞Βฉ͚ͳ͍ Linuxίϯςφͷجૅ KOF 2015 Ճ౻ହจ lxc-jp 2015-11-06 Ճ౻ହจ (lxc-jp) KOF

    2015 2015-11-06 1 / 53

  2. ࣗݾ঺հ Ճ౻ହจ http://www.ten-forward.ws/ @ten forward http://gplus.to/tenforward https://github.com/tenforward http://d.hatena.ne.jp/defiant/ (ٕज़ϒϩά) Ճ౻ହจ

    (lxc-jp) KOF 2015 2015-11-06 2 / 53

  3. ࣗݾ঺հ ϑΝʔεταʔόɹج൫։ൃ෦ɹॴଐ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 3 / 53

  4. ࣗݾ঺հ Plamo Linux ϝϯςφ LXC ͰֶͿίϯςφೖ໳ɹʔܰྔԾ૝Խ؀ڥΛ࣮ݱ͢Δٕज़ gihyo.jp Ͱ࿈ࡌ Ճ౻ହจ (lxc-jp)

    KOF 2015 2015-11-06 4 / 53

  5. ࣗݾ঺հ LXC ͷ։ൃʹগ͠ࢀՃ man page ͷ೔ຊޠ༁ ެࣜϖʔδ (linuxcontainers.org) ຋༁ όάϑΟοΫεͳͲগ͚ͩ͠ίʔυʹ΋ߩݙ

    Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 5 / 53

  6. ࠓ೔ͷ໨ඪ ίϯςφͷ֓ཁΛཧղ͢Δ Linux Χʔωϧ͕࣋ͭίϯςφ͕࢖͏ओཁͳػೳΛ֮͑Δ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 6

    / 53

  7. ࠓ೔ͷ಺༰ ίϯςφͷ֓ཁ Linux ʹ͓͚Δίϯςφͷ࢓૊Έ Namespace σϞ Cgroup σϞ ωοτϫʔΫؔ࿈ػೳ (͕࣌ؒ͋Ε͹)

    ίϯςφͰ࢖͑Δ໘ന͍ػೳ (͕࣌ؒ͋Ε͹) ·ͱΊ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 7 / 53

  8. ίϯςφ֓ཁ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 8 / 53

  9. ίϯςφͱ͸ Ծ૝తͳίϯϐϡʔλɾγεςϜΛ࠶ݱ͢ΔԾ૝Ϛγϯʹର ͯ͠ɺԾ૝తͳ OS ؀ڥΛఏڙ͢Δ ˠ OS ϨϕϧͷԾ૝Խ Χʔωϧ͔ΒݟΔͱී௨ʹϓϩηε͕ىಈ͢Δ͚ͩ ىಈ͢Δࡍʹִ཭Λࢦࣔ͢Δ

    ΧʔωϧͷػೳͰ (ෳ਺ͷ) ಠཱۭͨؒ͠Λ࡞Γग़͠ɼϦιʔ εΛ෼ׂɾ෼഑͢Δ ϓϩηεΛάϧʔϓԽͯ͠ଞͷάϧʔϓͱϦιʔεۭؒΛִ཭ άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ Ծ૝Խͱ͍͏ΑΓʮִ཭Խʯͱݴͬͨ΄͏͕Θ͔Γ΍͍͔͢΋ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 9 / 53

  10. ίϯςφͷϝϦοτ ߴີ౓Խ͕Մೳ ىಈ͍ͯ͠Δ OS (Χʔωϧ) ͸Ұͭ Φʔόʔϔου͕খ͍͞ ϋʔυ΢ΣΞͷԾ૝Խ͕ෆཁ ىಈ͕ૣ͍ Ծ૝ϚγϯͷىಈͰ͸ͳ͘ɼϗετ

    OS ͔ΒݟͨΒ୯ʹϓϩ ηε͕ىಈ͍ͯ͠Δ͚ͩͳͷͰɼී௨ͷϓϩάϥϜ͕ىಈ͢Δ ͷͱ΄ͱΜͲมΘΒͳ͍ ඞͣ͠΋γεςϜΛಈ͔͢ඞཁ͸ͳ͍ (ΞϓϦέʔγϣϯί ϯςφ) ྫ͑͹ίϯςφ಺Ͱ͸ httpd ͷΈ͕ಈ͍͍ͯΔ ίϯςφʹϝϞϦΛݻఆతʹׂΓ౰ͯΔඞཁ͕ͳ͍ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 10 / 53

  11. ίϯςφͷσϝϦοτ ҟͳΔ OS ͷγεςϜ / ϓϩάϥϜ͸ಈ͔ͤͳ͍ ୯ʹϗετ OS ্Ͱϓϩηε͕ىಈ͢Δ͚ͩͳͷͰ౰ͨΓલ ΧʔωϧʹؔΘΔૢ࡞͸Ͱ͖ͳ͍

    ىಈ͍ͯ͠ΔΧʔωϧ͸มΘΒͳ͍ͷͰ ίϯςφຖʹϩʔυ͢ΔϞδϡʔϧΛม͑ΔͳͲ Χʔωϧͷ࣮૷͸ෳࡶʹͳΔ શͯΧʔωϧͷػೳͱ࣮ͯ͠૷͞Ε͍ͯΔͷͰ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 11 / 53

  12. ࠓ೔ͷ಺༰ ίϯςφͷ֓ཁ Linux ʹ͓͚Δίϯςφͷ࢓૊Έ Namespace σϞ Cgroup σϞ ωοτϫʔΫؔ࿈ػೳ (͕࣌ؒ͋Ε͹)

    ίϯςφͰ࢖͑Δ໘ന͍ػೳ (͕࣌ؒ͋Ε͹) ·ͱΊ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 12 / 53

  13. Linuxʹ͓͚Δίϯςφͷ࢓ ૊Έ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 13 / 53

  14. (ͨ·ʹݟ͔͚Δ)ίϯςφͷྺ࢙͔Βݟͨ Linuxίϯςφʹର͢Δޡղ 1979 ೥ʹ chroot(2) γεςϜίʔϧ͕ Version 7 Unix ʹɺ

    1983 ೥ʹ 4.2BSD ʹಋೖ͞ΕΔ 2000 ೥ʹ FreeBSD jail ͕ FreeBSD 4.0 ʹಋೖ ʰDocker? ͦΜͳ΋Μ jail Ͱͣͬͱલ͔ΒͰ͖ͯΔʱ(Docker ੝Γ্͕͖ͬͯͨ࣌ͷΦοαϯͷ੠) ˠ ʷؒҧ͍ 2005 ೥ʹ Solaris Containers ొ৔ 2008 ೥ʹ Linux ʹ Cgroup ͕ಋೖ ʰ͜ΕͰ Linux Ͱ΋͍ͭʹίϯςφ͕ՄೳʹͳΓ·ͨ͠ʱ ˠʷؒҧ͍ 2014 ೥ Docker 1.0 ϦϦʔε (LXC 1.0 ΋ϦϦʔε) ʰCgroup ͷొ৔Ͱ Linux Ͱ΋ίϯςφ͕Մೳʹʯ͕ؒҧ͍ͳཧ༝ ͸͜ͷޙΘ͔Γ·͢ :-) Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 14 / 53

  15. Linuxʹ͓͚Δίϯςφ͸Χʔωϧʹʰίϯ ςφʱͱ͍͏୯Ұͷػೳ͕࣮૷͞Ε࣮ͯݱ͠ ͍ͯΔΘ͚Ͱ͸͋Γ·ͤΜ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 15 /

    53

  16. Linux ͰίϯςφΛ࣮ݱ͢ΔͨΊͷػೳ Linux Χʔωϧʹؚ·ΕΔ৭ʑͳػೳΛ૊Έ߹Θͤͯίϯςφ؀ ڥΛ࡞੒͢ΔɻͦΕͧΕͷػೳ͸ίϯςφઐ༻ͷػೳͱ͍͏Θ͚ Ͱ͸ͳ͍ɻ ϓϩηεΛάϧʔϓԽͯ͠ଞͷάϧʔϓͱִ཭ OS Ϧιʔεͷִ཭ ˠ

    Namespace (໊લۭؒ) άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ ϗετͷ෺ཧϦιʔεʹର͢Δ੍ݶ ˠ Cgroup (control group) Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 16 / 53

  17. LinuxͰίϯςφΛ࣮ݱ͢ΔͨΊͷػೳ ͦͷଞ ωοτϫʔΫ (veth, macvlan ͳͲ) έʔύϏϦςΟ chroot (pivot root)

    bind mount Checkpoint/Restore (CRIU) ͳͲͳͲ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 17 / 53

  18. Linuxͷίϯςφ࣮૷ྫ Docker (libcontainer) Docker தͷίϯςφΛѻ͏ͨΊͷϥΠϒϥϦ͕ libcontainerɻΞϓϦ έʔγϣϯίϯςφͷ࣮ߦʹಛԽɻ LXC/LXD Ubuntu Λத৺ʹ։ൃɻओʹγεςϜίϯςφΛ࣮ߦ͢Δ͜ͱΛલఏʹ࡞

    ΒΕ͍ͯΔ͕ɺΞϓϦέʔγϣϯίϯςφͷ࣮ߦ΋Մೳɻඇಛݖίϯςφ ͕࣮ߦͰ͖Δɻ OpenVZ Linux ͷίϯςφ࣮૷ͱͯ͠͸ݹ͔͘Β͋Δ࣮૷ͷͻͱͭɻ2000 ೥͝Ζ ͔ΒɻΧʔωϧʹύονΛద༻͢ΔɻΧʔωϧʹ࣮૷͞Ε͍ͯΔίϯςφ ؔ࿈ػೳ͸ OpenVZ ༝དྷͷػೳ͕ଟ਺͋ΔɻOpenVZ Λϕʔεʹͨ͠঎ ༻൛ Virtuozzo ͕ଘࡏ͢Δɻ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 18 / 53

  19. Linuxͷίϯςφ࣮૷ྫ rkt CoreOS ͕ࣾ։ൃ͢ΔΞϓϦέʔγϣϯίϯςφͷϥϯλΠϜɻ systemd ͝ଘ஌ Linux ޲͚ͷ࠷ۙओྲྀͱͳͬͨ init ࣮૷ͷͻͱͭɻίϯςφΛѻ͏

    ίϚϯυ΍࢓૊Έ΋಺แ͍ͯ͠Δ MINCS γΣϧεΫϦϓτͰॻ͔Εͨίϯςφ࣮૷ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 19 / 53

  20. ࠓ೔ͷ಺༰ ίϯςφͷ֓ཁ Linux ʹ͓͚Δίϯςφͷ࢓૊Έ Namespace σϞ Cgroup σϞ ωοτϫʔΫؔ࿈ػೳ (͕࣌ؒ͋Ε͹)

    ίϯςφͰ࢖͑Δ໘ന͍ػೳ (͕࣌ؒ͋Ε͹) ·ͱΊ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 20 / 53

  21. Linuxʹ͓͚Δίϯςφͷ࢓૊Έ Namespace Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 21 / 53

  22. Namespace(໊લۭؒ) ִ཭͍ͨ͠ OS Ϧιʔε͝ͱʹ Namespace ͕४උ͞ΕΔ Ұ෦ͷ Namespace ͚ͩ࢖༻ִͯ͠཭؀ڥΛ࡞Δ͜ͱ͕Ͱ͖Δ Ճ౻ହจ

    (lxc-jp) KOF 2015 2015-11-06 22 / 53

  23. Namespace ͷछྨ (1) Mount Namespace: 2.4.19 ϓϩηε͔Βݟ͍͑ͯΔϚ΢ϯτͷू߹ɼૢ࡞Λ෼཭͢Δɽ Namespace ಺ͷ mount,

    umount ͸ଞͷ Namespace ʹ͸Ө ڹ͠ͳ͍ (ࢀߟ) Ϛ΢ϯτ໊લۭؒΛద༻͢Δ (IBM developerWorks) UTS Namespace: 2.6.19 ϗετ໊ͳͲɼuname(2) ͕ฦ͢஋ͷू߹Λ෼཭ɽ setdomainname(2), sethostname(2) Ͱ Namespace ಺ͷ஋ ͷΈมߋͰ͖Δ PID Namespace: 2.6.24 PID ۭؒͷ෼཭ɽ৽͍͠ PID Namespace Ͱ͸ PID 1 ͔Β࢝ ·Δ PID ׂ͕Γ౰ͯΒΕΔɽ਌͔Βࢠͷ PID Namespace ͸ ݟ͑Δ (਌ͷۭؒͷ PID Λ࣋ͭ) ͕ɼࢠ͔Β਌͸ݟ͑ͳ͍ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 23 / 53

  24. Namespace ͷछྨ (2) IPC Namespace: 2.6.19 SysV IPC ΦϒδΣΫτɼPOSIX ϝοηʔδΩϡʔͷִ཭

    User Namespace: 2.6.23 ˜ 3.8 ಠཱͨ͠ UID/GID ۭؒͱ֎෦ۭؒͷϚοϐϯά (ྫ͑͹ɼִ ཭ۭؒͰ͸ uid/gid 0/0ɼ֎෦Ͱ͸ 1000/1000 ͱ͔Մೳʹ ͳΔ) Network Namespace: 2.6.26 ωοτϫʔΫϦιʔεͷִ཭ɽωοτϫʔΫσόΠεɼΞυϨ εɼϧʔςΟϯάςʔϒϧɼιέοτɼϑΟϧλϦϯά Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 24 / 53

  25. Namespace ͷૢ࡞ (γεςϜίʔϧ) clone(2) Ͱ৽͍͠ϓϩηε Λੜ੒ unshare(2) Ͱ৽͍͠ϓϩηεΛੜ੒ͤͣʹ࣮ߦίϯςΩετ Λ੍ޚ͢Δ setns(2)

    ͰϓϩηεΛطଘ ͷ Namespace ʹؔ࿈෇͚Δ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 25 / 53

  26. NamespaceσϞ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 26 / 53

  27. ࠓ೔ͷ಺༰ ίϯςφͷ֓ཁ Linux ʹ͓͚Δίϯςφͷ࢓૊Έ Namespace σϞ Cgroup σϞ ωοτϫʔΫؔ࿈ػೳ (͕࣌ؒ͋Ε͹)

    ίϯςφͰ࢖͑Δ໘ന͍ػೳ (͕࣌ؒ͋Ε͹) ·ͱΊ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 27 / 53

  28. Linuxʹ͓͚Δίϯςφͷ࢓૊Έ Cgroup Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 28 / 53

  29. Cgroupͱ͸ ϓϩηεΛάϧʔϓԽ͠ɺάϧʔϓʹରͯ͠Ϧιʔε੍ݶΛߦ͏ɻ ίϯςφઐ༻ͷ࢓૊ΈͰ͸ͳ͍ɻ Cgroup ͷಛ௃ ػೳ͝ͱʹαϒγεςϜʹ෼͔ΕΔ cgroupfs ΛϚ΢ϯτͯ͠σΟϨΫτϦͰάϧʔϓΛද͢ ϓϩηεΛάϧʔϓ಺ͷ tasks

    ϑΝΠϧʹ௥Ճ͢Δͱؔ࿈͢Δ λεΫ͕εϨου୯ҐͰάϧʔϓʹ௥Ճ͞ΕΔ ෳ਺֊૚ߏ଄ɻվ଄ߏ଄͝ͱʹҟͳΔπϦʔΛ࡞੒Ͱ͖Δɻͨ ͩ͠ɺҰͭͷαϒγεςϜ͕ॴଐͰ͖ΔπϦʔ͸Ұͭ πϦʔͷͲͷϨϕϧͷάϧʔϓʹ΋λεΫ͕ॴଐͰ͖Δ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 29 / 53

  30. Cgroupͷ֊૚ߏ଄ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 30 / 53

  31. CgroupͷαϒγεςϜ cpu: 2.6.24 CFS(Completely Fair Scheduler) bandwidth controlɽ୯Ґ ࣌ؒ಺ͷάϧʔϓ಺ͷλεΫ͕࣮ߦͰ͖Δ߹ܭ࣌ؒΛ੍ݶ͢Δ (3.2

    Ͱ࣮૷) ૬ର഑෼ɽάϧʔϓؒͷ CPU ࣌ؒͷׂ౰ͷׂ߹Λࢦఆ͢Δɽ ྫ͑͹ GroupA=100,GroupB=50 ͱ͢Δͱ A:B=2:1 cpuacct: 2.6.24 άϧʔϓ಺ͷ CPU ϦιʔεͷϨϙʔτ (CPU ࣌ؒ) cpuset: 2.6.24 ׂΓ౰ͯΔ CPU, ϝϞϦϊʔυͷׂ౰ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 31 / 53

  32. CgroupͷαϒγεςϜ device: 2.6.26 σόΠε΁ͷΞΫηεڐՄɼ੍ݶͷࢦఆ freezer: 2.6.28 άϧʔϓ಺ͷϓϩηεΛશͯҰ࣌ఀࢭ͢Δ memory: 2.6.29 ϝϞϦϦιʔεͷ੍ݶ

    (ϢʔβϝϞϦɼΧʔωϧϝϞϦ) blkio (Block IO): I/O weight controller(2.6.33 Ҏ߱) άϧʔϓͷ༏ઌ౓Λࢦఆ ͢Δ I/O throttling(2.6.37 Ҏ߱) άϧʔϓ಺ͷϓϩηεͷσόΠ εʹର͢Δૢ࡞਺ͷ߹ܭͷࢦఆ (ࢀߟ)Linux2.6.37 ͷ৽ػೳ “I/O throttling” Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 32 / 53

  33. CgroupͷαϒγεςϜ hugetlb: 3.6 cgroup ͔Βͷ hugetlb ͷ࢖༻ perf event: 2.6.39

    άϧʔϓ୯ҐͰ perf πʔϧͰϞχλϦϯά (ύϑΥʔϚϯε ղੳ) net cls: 2.6.29 ύέοτʹࣝผࢠΛ͚ͭɼτϥϑΟοΫίϯτϩʔϧ (tc) ͱ netfilter(3.14 Ҏ߱) ͰίϯτϩʔϧՄೳʹ Linux 3.14 Ͱ net cls cgroup ʹ௥Ճ͞Εͨ netfilter ରԠ net prio: 3.3 άϧʔϓؒͰͷωοτϫʔΫͷ༏ઌ౓ΛΠϯλʔϑΣʔεຖʹ ࢦఆ͢Δ Linux 3.3 ͷ৽ػೳ Network priority cgroup Linux 3.3 ͷ৽ػೳ Network priority cgroup (2) Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 33 / 53

  34. CgroupͷαϒγεςϜ pids: 4.3 fork() ΍ clone() ͰىಈͰ͖Δϓϩηε਺Λ੍ݶ͢Δ Linux 4.3 ͷ

    Process Number Controller (1) Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 34 / 53

  35. Cgroupͷ࢖͍ํ Cgroup ͸ίϯςφͱؔ܎ͳ͘࢖༻Մೳ   # mount -t tmpfs cgroup_root

    /sys/fs/cgroup # mkdir /sys/fs/cgroup/memory # mount -t cgroup -o memory cgroup /sys/fs/cgroup/memory (ϝϞϦαϒγεςϜͷ Ϛ΢ϯτ) # mkdir /sys/fs/cgroup/memory/test01 ("test01" ͱ͍͏άϧʔϓͷ࡞੒) # echo $$ > /sys/fs/cgroup/memory/test01/tasks (ϓϩηεΛάϧʔϓʹొ࿥) # cat /sys/fs/cgroup/memory/test01/tasks (άϧʔϓ಺ͷϓϩηεͷ֬ೝ) 2824 2837 # echo 30M > /sys/fs/cgroup/memory/test01/memory.limit_in_bytes (άϧʔϓʹରͯ͠ϝϞϦ্ݶ 30M ͱ͍͏੍ݶΛઃఆ) # cat /sys/fs/cgroup/memory/test01/memory.limit_in_bytes (੍ݶ஋ͷ֬ೝ) 31457280 # cat /sys/fs/cgroup/memory/test01/memory.usage_in_bytes (ݱࡏͷ࢖༻ྔͷ֬ೝ) 565248   Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 35 / 53

  36. cgroupσϞ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 36 / 53

  37. ࠓ೔ͷ಺༰ ίϯςφͷ֓ཁ Linux ʹ͓͚Δίϯςφͷ࢓૊Έ Namespace σϞ Cgroup σϞ ωοτϫʔΫؔ࿈ػೳ (͕࣌ؒ͋Ε͹)

    ίϯςφͰ࢖͑Δ໘ന͍ػೳ (͕࣌ؒ͋Ε͹) ·ͱΊ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 37 / 53

  38. Linuxʹ͓͚Δίϯςφͷ࢓૊Έ ωοτϫʔΫػೳ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 38 / 53

  39. ίϯςφͰ࢖͏ωοτϫʔΫػೳ ʙ veth OpenVZ/Virtuozzo ༝དྷͷػೳ ରͱͳΔΠϯλʔϑΣʔεΛੜ੒͠ɼΠϯλʔϑΣʔεؒͰ ௨৴Λߦ͏ (Layer2 ͷτϯωϧ) ରͷยํΛϗετଆͷϒϦοδʹɼยํΛίϯςφʹ઀ଓ

    Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 39 / 53

  40. ίϯςφͰ࢖͏ωοτϫʔΫػೳ ʙ macvlan ෺ཧΠϯλʔϑΣʔεʹผͷ MAC ΞυϨε͕෇͍ͨԾ૝త ͳ৽͍͠ΠϯλʔϑΣʔεΛ࡞੒ɽ͜ͷΠϯλʔϑΣʔεΛ ίϯςφʹׂ౰ Ճ౻ହจ (lxc-jp)

    KOF 2015 2015-11-06 40 / 53

  41. ࠓ೔ͷ಺༰ ίϯςφͷ֓ཁ Linux ʹ͓͚Δίϯςφͷ࢓૊Έ Namespace σϞ Cgroup σϞ ωοτϫʔΫؔ࿈ػೳ (͕࣌ؒ͋Ε͹)

    ίϯςφͰ࢖͑Δ໘ന͍ػೳ (͕࣌ؒ͋Ε͹) ·ͱΊ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 41 / 53

  42. LinuxΧʔωϧͷίϯςφͰ࢖͑Δ໘ന͍ ػೳ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 42 / 53

  43. CRIU(1) http://criu.org/ OpenVZ ϓϩδΣΫτͷ Checkpoint/Restore ࣮૷ ΞϓϦέʔγϣϯͷ͋Δ࣌఺ͷঢ়ଶΛอଘ͠ɺ࠶։Ͱ͖Δ Χʔωϧ 3.11 Ҏ߱Ͱ࢖༻Մೳ

    Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 43 / 53

  44. CRIU(2)   $ sudo criu dump -D checkpoint -t

    1234 (PID:1234 ͷϓϩηεͷ৘ใΛμϯϓͯ͠ checkpoint σΟϨΫτϦʹอଘ) $ ls ./checkpoint cgroup.img fdinfo-17.img inventory.img pages-15.img core-170.img fdinfo-18.img ipcns-msg-9.img pages-16.img core-176.img fdinfo-2.img ipcns-sem-9.img pages-17.img core-1.img fdinfo-3.img ipcns-shm-9.img pages-1.img core-260.img fdinfo-4.img ipcns-var-9.img pages-2.img core-261.img fdinfo-5.img iptables-8.img pages-3.img : (snip) $ sudo criu restore -D checkpoint -d (checkpoint σΟϨΫτϦͷμϯϓΠϝʔδΛ ࢖ͬͯϦετΞ)   (ॲཧͷུ֓Λॻ͍͚ͨͩͳͷͰ࣮ࡍ͸৭ʑΦϓγϣϯΛࢦఆͨ͠Γ͢Δඞཁ͕͋Γ·͢) Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 44 / 53

  45. overlayfs Union Filesystem (aufs ͱҰॹ) ෳ਺ͷσΟϨΫτϦΛಁաతʹॏͶ͋ΘͤͯͻͱͭʹݟͤΒ ΕΔ ίϯςφͱ͸௚઀ؔ܎ͳ͍ 3.18 kernel

    ͰϚʔδ ίϯςφͷΫϩʔϯΛ࡞੒͢Δͱ͖ͷϑΝΠϧγεςϜͱ͠ ͯ LXC ͔Βར༻Ͱ͖Δ Ubuntu/Plamo ͩͱඇಛݖίϯςφͷΫϩʔϯʹ΋࢖͑Δ Docker Ͱ΋ར༻Ͱ͖Δ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 45 / 53

  46. overlayfs࣮ߦྫ   # mkdir lower upper overlay work #

    ls -F lower/ overlay/ upper/ work/ # touch lower/lower # touch upper/upper # mount -n -t overlay \ > -o lowerdir=lower,upperdir=upper,workdir=work \ > overlay overlay # ls overlay/ lower upper # touch overlay/test # ls overlay/ lower test upper # ls upper/ test upper   Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 46 / 53

  47. overlayfsσϞ 1 lower, upper, work, overlay σΟϨΫτϦ࡞੒ 2 lower, upper

    ʹϑΝΠϧ࡞੒ 3 overlayfs Ϛ΢ϯτ 4 Ϛ΢ϯτͨ͠σΟϨΫτϦ (overlay) ʹ lower, upper ʹଘࡏ ͢ΔϑΝΠϧ͕྆ํݟ͍͑ͯΔͷΛ֬ೝ 5 Ϛ΢ϯτͨ͠σΟϨΫτϦ (overlay) ͰϑΝΠϧ࡞੒ 6 ࡞੒ͨ͠ϑΝΠϧ͕ upper ʹͰ͖͍ͯΔ͜ͱΛ֬ೝ 7 ΞϯϚ΢ϯτͨ͋͠ͱͷ֤σΟϨΫτϦΛ֬ೝ https://asciinema.org/a/24151 Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 47 / 53

  48. ·ͱΊ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 48 / 53

  49. ·ͱΊ ίϯςφͷ֓ཁ Linux ʹ͓͚Δίϯςφͷ࢓૊Έ ίϯςφ͸Χʔωϧʹ࣮૷͞Ε͍ͯΔ৭ʑͳػೳͷ૊Έ߹Θͤ Ͱ࣮ݱ͞Ε͍ͯΔ Namespace OS Ϧιʔεͷִ཭ Cgroup

    ϗετͷ෺ཧϦιʔεͷ੍ݶ ωοτϫʔΫؔ࿈ػೳ veth macvlan ίϯςφͰ࢖͑Δ໘ന͍ػೳ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 49 / 53

  50. lxc-jp LXC ʹݶΒͣίϯςφͷ࿩୊Λѻ͍ͬͯ·͢ɻ https://groups.google.com/d/forum/lxc-jp Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 50

    / 53

  51. ίϯςφܕԾ૝Խͷ৘ใަ׵ձ https://sites.google.com/site/containerstudy/ http://ct-study.connpass.com/ ίϯςφٕज़ʹؔ࿈͢Δ࿩୊Λѻ͏ ίϯςφʹؔ࿈͢ΔΧʔωϧͷ࣮૷ʹ͍ͭͯ ֤छπʔϧΩοτͷ঺հɼ࣮૷ʹ͍ͭͯ ίϯςφٕज़Λ࢖ͬͨπʔϧ΍ιϑτ΢ΣΞͷ঺հ΍࣮૷ʹͭ ͍ͯ ίϯςφٕज़ͷ׆༻ɾӡ༻ࣄྫ ͦͷଞʮίϯςφʯͱ͍͏Ωʔϫʔυ͕গ͠Ͱ΋ೖ͍ͬͯΔٕ

    ज़ʹ͍ͭͯ ͜Ε·Ͱେࡕͱ౦ژͰަޓʹ 8 ճ࣮ࢪɻ࣍ճ͸෱Ԭͷ༧ఆɻ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 51 / 53

  52. ڠྗऀืू ҎԼͷ຋༁Λߦ͍ͬͯ·͢ɻ͕࣌ؒ͋Δͱ͖͚ͩͰ΋ྑ͍ͷ ͰϨϏϡʔɺमਖ਼ɺվྑΛͯͩ͘͠͞Δํ׻ܴ͠·͢ɻ LXC ϚχϡΞϧ (man pages) linuxcontainers.org ίϯςϯπ Ճ౻ହจ

    (lxc-jp) KOF 2015 2015-11-06 52 / 53

  53. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ Ճ౻ହจ (lxc-jp) KOF 2015 2015-11-06 53 / 53