Linuxコンテナを支える技術とLXC、Dockerのキホン (2014-07-26)

LinuxίϯςφΛࢧ͑Δٕज़ͱ
LXCɺDockerͷΩϗϯ
ୈ 24 ճࢁӄ ITPro ษڧձ
Ճ౻ହจ
2014-07-26
1

View Slide

୭?
ɹՃ౻ହจ
▶ http://www.ten-forward.ws/
▶ @ten forward
▶ http://gplus.to/tenforward
▶ https://github.com/tenforward
2

View Slide

୭?
▶ ϑΝʔεταʔόגࣜձࣾج൫։ൃ෦
▶ αʔϏεͷ։ൃ
▶ ৭ʑͳٕज़ͷௐࠪ
▶ ࣮͸ίϯςφ͸ۀ຿Ͱ΄΅࢖ͬͯ·ͤΜ
▶ Ҏલ͸ Virtuozzo Λগ͠
▶ ΤϯδχΞืूதͰ͢
3

View Slide

୭?
▶ ίϯςφؔ࿈ٕज़ͷௐࠪ
▶ αʔϏεͰ࢖͑ͳ͍͔ͱ 2010 ೥͘Β͍ʹ cgroup ͷௐࠪΛ࢝
Ίͨͷ͕͖͔͚ͬ
▶ lxc man pages ຋༁
▶ Plamo Linux ϝϯςφ
▶ IP ి࿩αʔϏεͷ։ൃΛͨ͠བྷΈͰ೔ຊ Asterisk Ϣʔβձ
׆ಈΛҎલগ͠
▶ Jetspeed-2 υΩϡϝϯτ຋༁
▶ ʲվగ৽൛ʳLinux ΤϯδχΞཆ੒ಡຊ (ٕज़ධ࿦ࣾ)
4

View Slide

୭?
࿈ࡌ΍ͬͯ·͢
▶ LXC ͰֶͿίϯςφೖ໳ʵܰྔԾ૝Խ؀ڥΛ࣮ݱ͢Δٕज़ ɹ
5

View Slide

աڈͷษڧձࢿྉ
աڈͷࢲͷษڧձࢿྉ΋͝ࢀর͍ͩ͘͞ɽ
▶ ୈҰճษڧձͷࢿྉ. . . Linux ͷίϯςφؔ࿈ػೳͷਐԽ
ͱ͔
▶ ୈೋճษڧձͷࢿྉ
▶ ୈࡾճษڧձͷࢿྉ
6

View Slide

࣭໰
7

View Slide

Ծ૝Խͷٕज़Ͱ͋ΔʰίϯςφʱΛ
1. ՟෺༌ૹؔ࿈ͷ࿩୊ͩͱࢥ͍ͬͯͨ
2. σʔληϯλʔͩͱࢥ͍ͬͯͨ
3. ஌͍ͬͯΔ
8

View Slide

ʮίϯςφʯΛ. . .
1. όϦόϦ࢓ࣄͰ࢖͍ͬͯΔ
2. ͓ࢼ͠ఔ౓ʹ࢖ͬͨ͜ͱ͕͋Δ
3. ࢖ͬͨ͜ͱ͸ͳ͍
9

View Slide

“Docker” Λ. . .
1. ࢖ͬͨ͜ͱ͕͋Δ
2. ஌͍ͬͯΔ͚Ͳ࢖ͬͨ͜ͱ͸ͳ͍
3. ஌Βͳ͍
10

View Slide

ίϯςφͷجૅ
11

View Slide

ίϯςφͷ׆༻
▶ ͢Ͱʹ Google ͸શ෦ͷιϑτ΢ΣΞΛίϯςφʹ৐͓ͤͯ
Γɺຖि 20 ԯݸ΋ͷίϯςφΛىಈ͍ͯ͠Δ (Publickey
5/26)
12

View Slide

ίϯςφͱ͸
▶ OS ϨϕϧͷԾ૝Խ
▶ Χʔωϧ͕࣋ͭػೳ
▶ ΧʔωϧͷػೳͰ (ෳ਺ͷ) ಠཱۭͨؒ͠Λ࡞Γग़͠ɼϦ
ιʔεΛ෼ׂɾ෼഑͢Δ
▶ ϓϩηεΛάϧʔϓԽͯ͠ଞͷάϧʔϓͱϦιʔεۭؒΛ
ִ཭
▶ άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ
13

View Slide

ίϯςφͷϝϦοτ
▶ ߴີ౓Խ͕Մೳ
▶ ىಈ͍ͯ͠Δ OS (Χʔωϧ) ͸Ұͭ
▶ Φʔόʔϔου͕খ͍͞
▶ ϋʔυ΢ΣΞͷԾ૝Խ͕ෆཁ
▶ ىಈ͕ૣ͍
▶ Ծ૝ϚγϯͷىಈͰ͸ͳ͘ɼϗετ OS ͔ΒݟͨΒ୯ʹϓϩ
ηε͕ىಈ͍ͯ͠Δ͚ͩͳͷͰɼී௨ͷϓϩάϥϜ͕ىಈ͢
Δͷͱ΄ͱΜͲมΘΒͳ͍
▶ ඞͣ͠΋γεςϜΛಈ͔͢ඞཁ͸ͳ͍ (ΞϓϦέʔγϣϯί
ϯςφ)
▶ ྫ͑͹ίϯςφ಺Ͱ͸ httpd ͷΈ͕ಈ͍͍ͯΔ
▶ ίϯςφʹϝϞϦΛݻఆతʹׂΓ౰ͯΔඞཁ͕ͳ͍
▶ Ծ૝Ϛγϯͷ্Ͱ΋໰୊ͳ͘ಈͥ͘!
▶ ࠷ۙ͸ KVM ͷ্Ͱ KVM ಈ͍ͨΓ͢ΔͷͰίϯςφͳΒͰ
͸ͱ͍͏Θ͚Ͱ΋ͳ͍
14

View Slide

ίϯςφͷσϝϦοτ
▶ ҟͳΔ OS ͷγεςϜ / ϓϩάϥϜ͸ಈ͔ͤͳ͍
▶ ୯ʹϗετ OS ্Ͱϓϩηε͕ىಈ͢Δ͚ͩͳͷͰ౰ͨΓલ
▶ ΧʔωϧʹؔΘΔૢ࡞͸Ͱ͖ͳ͍
▶ ىಈ͍ͯ͠ΔΧʔωϧ͸มΘΒͳ͍ͷͰ
▶ ίϯςφຖʹϩʔυ͢ΔϞδϡʔϧΛม͑ΔͳͲ
▶ Χʔωϧͷ࣮૷͸ෳࡶʹͳΔ
▶ શͯΧʔωϧͷػೳͱ࣮ͯ͠૷͞Ε͍ͯΔͷͰ
15

View Slide

Linux ʹ͓͚Δίϯςφͷ
࣮૷
16

View Slide

Linux ʹ͓͚Δίϯςφ࣮૷
Χʔωϧͷػೳ (+ ύον) + ΧʔωϧͷػೳΛ࢖͏ userspace
πʔϧ
▶ Χʔωϧ + ύον + userspace πʔϧ
▶ OpenVZ / Virtuozzo(঎༻)
▶ Linux VServer
▶ Χʔωϧ + userspace πʔϧ (લճΑΓ૿͑ͨ! :-)
▶ LXC
▶ libvirt (lxc υϥΠό)
▶ systemd(systemd-nspawn)
▶ vzctl for upstream kernel
▶ lmctfy
▶ docker(libcontainer) 0.9 Ҏ߱
▶ 0.9 ΑΓલ͸ LXC ্Ͱಈ͍͍͕ͯͨɼ0.9 Ͱ LXC ͳ͠Ͱ΋ಈ
࡞Մೳʹ
▶ Warden
17

View Slide

Linux ʹ͓͚Δίϯςφͷ
࢓૊Έ
18

View Slide

Linux ͰίϯςφΛ࣮ݱ͢ΔͨΊͷػೳ
▶ ϓϩηεΛάϧʔϓԽͯ͠ଞͷάϧʔϓͱִ཭
▶ ˠ Namespace (໊લۭؒ)
▶ άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ
▶ ˠ Cgroups (control groups)
▶ ͦͷଞ
▶ ωοτϫʔΫ (veth, macvlan)
▶ έʔύϏϦςΟ
▶ Checkpoint/Restore (CRIU)
▶ chroot (pivot root)
▶ ͳͲͳͲ. . .
19

View Slide

Namespace ͷछྨ (1)
▶ Mount Namespace: 2.4.19
▶ ϓϩηε͔Βݟ͍͑ͯΔϚ΢ϯτͷू߹ɼૢ࡞Λ෼཭͢Δɽ
Namespace ಺ͷ mount, umount ͸ଞͷ Namespace ʹ͸Өڹ
͠ͳ͍
▶ (ࢀߟ) Ϛ΢ϯτ໊લۭؒΛద༻͢Δ (IBM developerWorks)
▶ UTS Namespace: 2.6.19
▶ ϗετ໊ͳͲɼuname(2) ͕ฦ͢஋ͷू߹Λ෼཭ɽ
setdomainname(2), sethostname(2) Ͱ Namespace ಺ͷ஋ͷΈ
มߋͰ͖Δ
▶ PID Namespace: 2.6.24
▶ PID ۭؒͷ෼཭ɽ৽͍͠ PID Namespace Ͱ͸ PID 1 ͔Β࢝
·Δ PID ׂ͕Γ౰ͯΒΕΔɽ਌͔Βࢠͷ PID Namespace ͸
ݟ͑Δ (਌ͷۭؒͷ PID Λ࣋ͭ) ͕ɼࢠ͔Β਌͸ݟ͑ͳ͍
20

View Slide

Namespace ͷछྨ (2)
▶ IPC Namespace: 2.6.19
▶ SysV IPC ΦϒδΣΫτɼPOSIX ϝοηʔδΩϡʔͷִ཭
▶ User Namespace: 2.6.23 ˜ 3.8
▶ ಠཱͨ͠ UID/GID ۭؒͱ֎෦ۭؒͷϚοϐϯά (ྫ͑͹ɼִ
཭ۭؒͰ͸ uid/gid 0/0ɼ֎෦Ͱ͸ 1000/1000 ͱ͔Մೳʹ
ͳΔ)
▶ Network Namespace: 2.6.26
▶ ωοτϫʔΫϦιʔεͷִ཭ɽωοτϫʔΫσόΠεɼΞυ
ϨεɼϧʔςΟϯάςʔϒϧɼιέοτɼϑΟϧλϦϯά
21

View Slide

Namespace ͷૢ࡞ (γεςϜίʔϧ)
▶ clone(2) Ͱ৽͍͠ϓϩηε Λੜ੒
▶ unshare(2) Ͱ৽͍͠ϓϩ ηεΛੜ੒ͤͣʹ࣮ߦίϯςΩε
τΛ੍ޚ͢Δ
▶ unshare ͷ࢖༻ྫ
▶ setns(2) ͰϓϩηεΛطଘ ͷ Namespace ʹؔ࿈෇͚Δ
22

View Slide

Namespace ͷૢ࡞ (ίϚϯυ)
▶ unshare
▶ ਌ϓϩηε͔Βಠ໊ཱͨ͠લۭؒΛ࡞੒ͯ͠ίϚϯυΛ࣮ߦ
▶ nsenter
▶ طʹ࡞੒ࡁΈͷ໊લۭؒʹ઀ଓͯ͠ (໊લۭؒͷதʹೖͬͯ)
ίϚϯυΛ࣮ߦ
▶ ͨͩ͠ɺutil-linux 2.23 ͰೖͬͨͷͰɺ֤छσΟετϦϏϡʔ
γϣϯʹ͸ೖͬͯͳ͍͔΋?
23

View Slide

Cgroup (1)
ϓϩηεΛάϧʔϓԽ͠ɼάϧʔϓʹରͯ͠Ϧιʔε੍ݶΛߦ
͏ɽผʹίϯςφઐ༻ͷ࢓૊ΈͰ͸ͳ͍ɽ
▶ cpu: 2.6.24
▶ CFS(Completely Fair Scheduler) bandwidth controlɽ୯Ґ࣌ؒ
಺ͷάϧʔϓ಺ͷλεΫ͕࣮ߦͰ͖Δ߹ܭ࣌ؒΛ੍ݶ͢Δ
(3.2 Ͱ࣮૷)
▶ (ࢀߟ) Linux 3.2 ͷ CFS bandwidth control
▶ ૬ର഑෼ɽάϧʔϓؒͷ CPU ࣌ؒͷׂ౰ͷׂ߹Λࢦఆ͢Δɽ
ྫ͑͹ GroupA=100, GroupB=50 ͱ͢Δͱ A:B = 2:1
▶ cpuacct: 2.6.24
▶ άϧʔϓ಺ͷ CPU ϦιʔεͷϨϙʔτ (CPU ࣌ؒ)
▶ cpuset: 2.6.24
▶ ׂΓ౰ͯΔ CPU, ϝϞϦϊʔυͷׂ౰
24

View Slide

Cgroup (2)
▶ device: 2.6.26
▶ σόΠε΁ͷΞΫηεڐՄɼ੍ݶͷࢦఆ
▶ freezer: 2.6.28
▶ άϧʔϓ಺ͷϓϩηεΛશͯҰ࣌ఀࢭ͢Δ
▶ memory: 2.6.29
▶ ϝϞϦϦιʔεͷ੍ݶ (ϢʔβϝϞϦɼΧʔωϧϝϞϦ)
▶ blkio (Block IO):
▶ I/O weight controller (2.6.33 Ҏ߱) άϧʔϓͷ༏ઌ౓Λࢦఆ
͢Δ
▶ I/O throttling (2.6.37 Ҏ߱) άϧʔϓ಺ͷϓϩηεͷσόΠε
ʹର͢Δ bytes/second ͷ߹ܭͷࢦఆ
▶ (ࢀߟ) Linux 2.6.37 ͷ৽ػೳ “I/O throttling”
25

View Slide

Cgroup (3)
▶ hugetlb: 3.6
▶ hugetlb ʹର͢Δ੍ݶ
▶ mm/hugetlb: add new HugeTLB cgroup
▶ perf event: 2.6.39
▶ άϧʔϓ୯ҐͰ perf πʔϧͰϞχλϦϯά (ύϑΥʔϚϯε
ղੳ)
▶ net cls: 2.6.29
▶ ύέοτʹࣝผࢠΛ͚ͭɼτϥϑΟοΫίϯτϩʔϧ (tc) ͱ
netﬁlter (3.14 Ҏ߱) ͰίϯτϩʔϧՄೳʹ
▶ net prio: 3.3
▶ άϧʔϓؒͰͷωοτϫʔΫͷ༏ઌ౓ΛΠϯλʔϑΣʔεຖ
ʹࢦఆ͢Δ
▶ Linux 3.3 ͷ৽ػೳ Network priority cgroup
▶ Linux 3.3 ͷ৽ػೳ Network priority cgroup (2)
26

View Slide

Cgroup (4)
Cgroup ͸ίϯςφͱؔ܎ͳ͘࢖༻Մೳ

# mount -t tmpfs cgroup_root /sys/fs/cgroup
# mkdir /sys/fs/cgroup/memory
# mount -t cgroup -o memory cgroup /sys/fs/cgroup/memory (ϝϞϦαϒ
γεςϜͷϚ΢ϯτ)
# mkdir /sys/fs/cgroup/memory/test01 ("test01" ͱ͍͏άϧʔϓͷ࡞੒)
# echo $$ > /sys/fs/cgroup/memory/test01/tasks (ϓϩηεΛάϧʔϓʹొ
࿥)
# cat /sys/fs/cgroup/memory/test01/tasks (άϧʔϓ಺ͷϓϩηεͷ֬ೝ)
2824
2837
# echo 30M > /sys/fs/cgroup/memory/test01/memory.limit_in_bytes
(άϧʔϓʹରͯ͠ϝϞϦ্ݶ 30M ͱ͍͏੍ݶΛઃఆ)
# cat /sys/fs/cgroup/memory/test01/memory.limit_in_bytes (੍ݶ஋ͷ֬
ೝ)
31457280
# cat /sys/fs/cgroup/memory/test01/memory.usage_in_bytes (ݱࡏͷ࢖༻
ྔͷ֬ೝ)
565248

27

View Slide

ίϯςφͰ࢖͏ωοτϫʔΫػೳ ʙ veth
▶ OpenVZ/Virtuozzo ༝དྷͷػೳ
▶ ରͱͳΔΠϯλʔϑΣʔεΛੜ੒͠ɼΠϯλʔϑΣʔεؒͰ
௨৴Λߦ͏ (Layer2 ͷτϯωϧ)
▶ ରͷยํΛϗετଆͷϒϦοδʹɼยํΛίϯςφʹ઀ଓ
28

View Slide

ίϯςφͰ࢖͏ωοτϫʔΫػೳ ʙ macvlan
▶ ෺ཧΠϯλʔϑΣʔεʹผͷ MAC ΞυϨε͕෇͍ͨ৽͍͠
ΠϯλʔϑΣʔεΛ࡞੒ɽ͜ͷΠϯλʔϑΣʔεΛίϯςφ
ʹׂ౰
▶ ෺ཧΠϯλʔϑΣʔεͰࣗ਎ͷ MAC ΞυϨεͷύέοτҎ
֎ʹ΋ macvlan ΠϯλʔϑΣʔε͕࣋ͭ MAC ΞυϨεͷύ
έοτ΋ड͚औΔ
▶ Ϟʔυͷઃఆ͕ଘࡏ: private, vepa, bridge
▶ ෺ཧΠϯλʔϑΣʔεΛͦͷ··࢖͏ͷʹ͍ۙͷͰෛՙ͕௿
͘ɼύϑΥʔϚϯε͕ྑ͍܏޲
▶ (ࢀߟ) macvlan Λ࢖ͬͯΈΔ (ᱜӍͷΧʔωϧ୳ݕୂʢ୞ࠓ
ૺ೉த͆)
▶ lxc ͷԾ૝ωοτϫʔΫͷύϑΥʔϚϯεଌఆ
29

View Slide

σϞ (1) ʙ UTS Namespace
1. UTS Namespace ͷ࡞੒

# unshare --uts /bin/bash

2. ϗετ໊ͷมߋ

# hostname hogehoge.example.jp
hostname

3. ਌؀ڥͰϗετ໊ͷ֬ೝ
30

View Slide

σϞ (2-1) ʙ Network Namespace + veth
▶ Namespace ͷૢ࡞ ip netns ίϚϯυ
▶ Namespace ಺Ͱͷૢ࡞ ip netns exec ίϚϯυ
▶ ৽͍͠ Network Namespace ͷ࡞੒

# ip netns add netns01 # ࡞੒
# ip netns list
netns01

31

View Slide

▶ ࡞੒௚ޙͷωοτϫʔΫͷઃఆ͸?

# ip link show
1: lo: mtu 65536 qdisc noop state DOWN mode DEFAULT group d
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Us
# iptables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source de
ɹ
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
ɹ
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)

32

View Slide

▶ ৽͍͠ veth ϖΞͷ࡞੒

# ip link add name veth0-host type veth peer name veth0-ct
# ip link show

▶ ยํͷ veth Λผͷ໊લۭؒ΁

# ip link set veth0-ct netns netns01
# ip link show | grep veth0
4: veth0-host: mtu 1500 qdisc pfif
# ip netns exec netns01 ip link show
1: lo: mtu 65536 qdisc noop state DOWN
3: veth0-ct: mtu 1500 qdisc noop state DOWN qlen
link/ether be:82:25:d8:94:30 brd ff:ff:ff:ff:ff:ff

33

View Slide

▶ ϗετଆͷ veth ͷઃఆ

ip link set up vethtest01-host
ip addr add 10.10.10.10/24 dev veth0-host

▶ ผͷ໊લۭؒଆͷ veth ͷઃఆ

# ip netns exec netns01 ip addr add 10.10.10.11/24 dev veth0-ct
# ip netns exec netns01 ip link set veth0-ct up
# ip netns exec netns01 ip addr show
1: lo: mtu 65536 qdisc noop state DOWN
3: veth0-ct: mtu 1500 qdisc pfifo_fa
link/ether be:82:25:d8:94:30 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.11/24 scope global veth0-ct
valid_lft forever preferred_lft forever
inet6 fe80::bc82:25ff:fed8:9430/64 scope link
valid_lft forever preferred_lft forever

▶ ping ࣮ߦ
34

View Slide

Linux Χʔωϧͱίϯςφ
35

View Slide

Linux Χʔωϧͷόʔδϣϯͱίϯςφ (1)
͜͜ͷৄࡉ͸ୈ 1 ճɼୈ 2 ճͷࢲͷࢿྉΛ͝ࢀর͍ͩ͘͞ɽ
▶ 2.6.19
▶ ͋ͨ͜͜Γ͔Βঃʑʹ࣮૷͕ਐΈͩ͢ (Mount Namespace Λ
আ͘)
▶ 3.0
▶ setns ͷ࣮૷ (glibc ͸ 2.14 ͔Β)
▶ ns cgroup ࡟আ
▶ 3.2
▶ ͦͦ͜͜࢖͑ΔΜ͡Όͳ͍Ͱ͔͢ :-)
▶ Ubuntu 12.04 LTS Ͱͦͦ͜͜ LXC ͕࢖͑Δ
36

View Slide

Linux Χʔωϧͷόʔδϣϯͱίϯςφ (2)
▶ 3.8
▶ ίϯςφతʹ͸Ұ௨Γͷػೳ͕ଗͬͨόʔδϣϯ
▶ User Namespace ͕࣮૷ (͔͠͠ଟ਺ͷ Filesystem Ͱະ࣮૷)
▶ setns(2) ͕શͯͷ Namespace ʹՄೳʹ + /proc/[PID]/ns ͷ
վྑ
▶ ΧʔωϧϝϞϦʹର͢Δ cgroup ʹΑΔ੍ݶ͕Մೳʹ
▶ 3.9
▶ XFS Λআ͘ϑΝΠϧγεςϜͰͷ࣮૷͕׬ྃ
▶ 3.12
▶ XFS Ͱͷ User Namespace αϙʔτ
▶ ͔͠͠ LXC Ͱ setns Λ࢖༻͢Δ lxc-attach ͸ 3.12 Ͱಈ࡞͠
ͳ͘ͳͬͨ (3.12.9 Ͱमਖ਼)
▶ 3.13
▶ lxc-attach ΋ಈ࡞͢ΔΑ͏ʹͳͬͨ
▶ ༗ޮʹ͢΂͖ػೳΛ࢖͍ͳ͕Βɼίϯςφͷओཁػೳ΋ଗͬ
ͨόʔδϣϯ͔΋
37

View Slide

cgroup ࠶ઃܭ ʙ ݱࡏͷ cgroup ͷ໰୊఺
▶ ࠓͷ cgroup ͸·ͱ΋͡Όͳ͍!
▶ ඪ४తͳΧʔωϧͷ API ͔Β͔ͳΓҳ୤͍ͯ͠Δ
▶ ϑΝΠϧγεςϜ͔ͩΒΞΫηεݖ͑͋͞Ε͹୭Ͱ΋Χʔω
ϧΛ੍ޚͰ͖Δ
▶ αϒγεςϜຖʹগͣͭ͠ಈ͖͕ҧͬͨΓ
▶ ৭ʑͳॴʹϚ΢ϯτͰ͖ͨΓ
▶ ෳࡶͳׂʹ͸ॊೈͳઃఆ͸Ͱ͖ͳ͍
▶ (ࢀߟ) Linux Χʔωϧͷ͢΂ͯ: cgroup ͷ࠶ઃܭ (ݪจ)
▶ (ࢀߟ) Changes coming for systemd and control groups
38

View Slide

cgroup ࠶ઃܭ
▶ Ͱ΋ࠓͷ cgroup ͱޓ׵ੑΛอͬͨ··શ෦·ͱ΋ʹ͢Δͷ
͸ෆՄೳ
▶ ͡Ό͋ɼͱΓ͋͑ͣग़དྷͦ͏ͳॴΛ΍Ζ͏
▶ ୯Ұ֊૚ߏ଄
39

View Slide

Kernel ͷίϯςφؔ܎ػೳͷࠓޙ ʙͦͷଞ
Ұ௨Γػೳ͸ଗͬͨ΋ͷͷɺࡉ͔͍ॴͰ͸·ͩ·ͩཉ͍͠ػೳ͕
͋Δ
▶ σόΠεؔ܎
▶ /dev ҎԼ͸Ծ૝Խ͞Ε͍ͯͳ͍
▶ σόΠε͸ϗετͰ؅ཧ͢Ε͹ྑ͍ͷͰͦ΋ͦ΋Ծ૝Խෆཁ
▶ ͱ͸ݴ͑ίϯςφઐ༻ʹཉ͍͠σόΠε΋͋Δ (loop, fuse. . . )
▶ Android Ͱ࢖͏ࣄΛ೦಄ʹ։ൃ͞Εͨ Device Namespace ͱ͍
͏ͷ΋͋Δ
▶ Χʔωϧϩάؔ܎
▶ ΧʔωϧϝϞϦͷ੍ݶ
▶ memory cgroup ʹ࣮૷ࡁΈ͕ܹͩ͘͠มߋ͞Ε͓ͯΓɺҰ୴
3.16 Ͱ։ൃ༻Ͱ࢖͏ͳɺͱͳΔ
▶ /proc ͷ memory ͳͲͷ౷ܭ஋
▶ checkpoint/restore ؔ܎ػೳͷػೳ௥Ճ͕සൟʹߦΘΕͯ
͍Δ
▶ ͦͷଞɺࡉ͔͍ػೳ͕৭ʑසൟʹఏҊ͞Ε͍ͯΔ
40

View Slide

LXC
41

View Slide

LXC
▶ LXC (http://linuxcontainers.org/)
▶ Linux ͷίϯςφΛૢ࡞͢Δ userspace πʔϧ (ίϚϯυ܈)
▶ ʰUbuntuʱͷίϯςφπʔϧΩοτͷੑ͕֨ڧ͍
▶ ݱࡏͷ stable ͸ 1.0.3 (݁ߏසൟʹϦϦʔε͞Ε͍ͯ·͢)
▶ 1.0 ܥ͸ Ubuntu ͷ 14.04 LTS ʹΠϯετʔϧ͞ΕΔͷͰ 5
೥ϝϯςφϯε͞Ε·͢
▶ libvirt (ͷ LXC ίϯςφυϥΠό) (http://libvirt.org/)
▶ ࠷ۙ LXC ͷઃఆϑΝΠϧΛίϯόʔτ͢Δػೳ͕࣮૷͞Εͨ
(1.2.2)
▶ ͲͪΒ΋ಉ͡ “LXC” ͱ͍͏໊લΛ࢖͍ͬͯΔ͕ɼઃఆϑΝ
Πϧ͸ผʑɽΧʔωϧͷಉ͡ػೳΛ࢖ͬͨผͷ࣮૷ɽ
▶ ίΞͷػೳ͸ Linux ΧʔωϧͷػೳΛ࢖͍ͬͯΔͷͰಈ͖͸
ಉ͕ͩ͡ɼपลͷ࣮૷͕ҟͳΔ
΍΍͍͜͠!!
42

View Slide

LXC Λࢼ͢ͳΒ Ubuntu
▶ LXC Λ࢖͏ͳΒ Ubuntu
▶ LXC ϝϯςφ = Ubuntu σϕϩούʔ
▶ ં֯ͳͷͰ Ubuntu 14.04 LTS Ͱ࢖͍·͠ΐ͏
▶ 14.04 LTS = 1.0.1
▶ 13.10 = 1.0.0.alpha1
▶ 12.04 LTS = 0.7.5 (࣮࣭ 0.8.0 ૬౰)
43

View Slide

σϞ ʙ LXC ͷ࡞੒
1. Πϯετʔϧ

# apt-get install lxc

2. ࡞੒
▶ μ΢ϯϩʔυςϯϓϨʔτͰ࡞੒

# lxc-create -n ubuntu01 -t download - -d ubuntu -r trusty -a a

▶ ෇ଐͷ֤σΟετϦϏϡʔγϣϯͷςϯϓϨʔτΛ࢖༻

# lxc-create -n ubuntu01 -t ubuntu

lxc-alpine lxc-cirros lxc-openmandriva lxc-ubuntu
lxc-altlinux lxc-debian lxc-opensuse lxc-ubuntu-cloud
lxc-archlinux lxc-download lxc-oracle
lxc-busybox lxc-fedora lxc-plamo
lxc-centos lxc-gentoo lxc-sshd
44

View Slide

σϞ ʙ ίϯςφͷ rootfs
Ͳ͜ʹͰ͖͔ͨ֬ೝ
▶ Ұൠతʹ͸ /var/lib/lxc ҎԼʹίϯςφ༻ͷઃఆͱ͔
rootfs ͕࡞ΒΕΔ

# lxc-config lxc.lxcpath
/var/lib/lxc
# ls /var/lib/lxc
ubuntu01
# ls /var/lib/lxc/ubuntu01
config rootfs
# ls /var/lib/lxc/ubuntu01/rootfs/
bin dev home lib64 mnt proc run srv tmp var
boot etc lib media opt root sbin sys usr

▶ ίϯςφͷϑΝΠϧγεςϜ͸ී௨ʹϗετ্ͷσΟϨΫτ
ϦπϦʔͱͯ͠ߏங͞ΕΔ
45

View Slide

σϞ ʙ LXC ͷىಈ
1. ίϯςφىಈ

# lxc-start -n ubuntu01 -d

▶ -d ͸όοΫάϥ΢ϯυͰىಈ
2. ίϯςφͷίϯιʔϧʹΞΫηε

# lxc-console -n ubuntu01

46

View Slide

σϞ ʙ ΞϓϦέʔγϣϯίϯςφ
ίϯςφ಺Ͱ /sbin/init Λىಈ͠ͳͯ͘΋ɼ໨తͷϓϩάϥϜͷ
ΈىಈՄೳɻ

# lxc-start -d -n ubuntu01 -- /usr/sbin/apache2ctl -D FOREGROUND
# pstree -p -A 1310
bash(1310)---lxc-start(2645)---apache2ctl(2656)---apache2(2676)-+-apache2(269
‘-apache2(269

48

View Slide

σϞ ʙ LXC ͷ৭ʑͳίϚϯυ
▶ ίϯςφҰཡ

# lxc-ls
ubuntu01
# lxc-ls --fancy
NAME STATE IPV4 IPV6 AUTOSTART
---------------------------------------------
ubuntu01 RUNNING 10.0.3.31 - NO

▶ ίϯςφఀࢭ

# lxc-stop -n ubuntu01

49

View Slide

σϞ ʙ LXC ͷ৭ʑͳίϚϯυ
▶ ίϯςφ৘ใऔಘ

# lxc-info -n ubuntu01
Name: ubuntu01
State: RUNNING
PID: 4979
IP: 10.0.3.31
CPU use: 0.83 seconds
BlkIO use: 116.00 KiB
Memory use: 7.79 MiB
KMem use: 0 bytes
Link: veth7GU9SH
TX bytes: 1.45 KiB
RX bytes: 1.22 KiB
Total bytes: 2.68 KiB

▶ ίϯςφফڈ

# lxc-destroy -n ubuntu01

50

View Slide

ίϯςφͷத͕ݟ͍ͨ
(͋Δ͋Δ) ίϯςφͷதΛΈ͍ͨ!! ˠ ssh ܦ༝Ͱ!?
▶ sshd ಈ͍ͯͳ͍!?
▶ ΞϓϦέʔγϣϯίϯςφ
Ͳ͏͢Δ!!
51

View Slide

ίϯςφͷத͕ݟ͍ͨ
͍΍ɺ଴͍ͬͯͩ͘͞ɻ
▶ (࠶ܝ) ίϯςφͷϑΝΠϧγεςϜ͸ϗετ্ͷσΟϨΫτ
ϦπϦʔ
▶ ϩάΛݟ͍ͨ
▶ ઃఆϑΝΠϧΛݟ͍ͨ
▶ ˠ ී௨ʹϗετ͔ΒݟΕ·͢ :-)

# cat /var/lib/lxc/ubuntu01/rootfs/etc/hosts
127.0.0.1 localhost
127.0.1.1 ubuntu01
: (snip)
# tail -f /var/lib/lxc/ubuntu01/rootfs/var/log/syslog

52

View Slide

σϞ ʙ ίϯςφͷத͕ݟ͍ͨ
▶ ύε໊௕ͯ͘ϝϯυΫαΠ :-(
▶ chroot ͯ͠͸? cd /var/lib/lxc/ubuntu01/rootfs ;
chroot $PWD
▶ ίϯςφͷ rootfs ʹ cd ͢ΔͷϝϯυΫαΠ
▶ chroot ͡Ό࣮ߦͰ͖ͳ͍ίϚϯυΛ࣮ߦ͍ͨ͠ (ίϯςφͷ
໊લۭؒʹೖ࣮ͬͯߦ͢Δඞཁ͕͋ΔίϚϯυ)
53

View Slide

lxc-attach
ͦΜͳ͋ͳͨʹ lxc-attach !!
▶ ࣮ߦ͢ΔίϚϯυΛࢦఆ͠ͳ͚Ε͹ /bin/bash Λ࣮ߦ

# lxc-attach -n ubuntu
# uname -n
ubuntu01

▶ ࣮ߦ͢ΔίϚϯυΛࢦఆ͢Δ͜ͱ΋Մೳ

# lxc-attach -n ubuntu01 -- /usr/sbin/service apache2 status

▶ 3.8 ΧʔωϧҎ߱Ͱͳ͍ͱ࢖͑·ͤΜ
54

View Slide

εφοϓγϣοτͱΫϩʔϯ
▶ lxc-snapshot ͱ lxc-clone
▶ ίϯςφͷϑΝΠϧγεςϜͷछྨʹΑͬͯΑ͠ͳʹ΍ͬͯ
͘Ε·͢
▶ ίϯςφͷ rootfs Ͱ࢖͑Δ֤छϑΝΠϧγεςϜ
▶ σΟϨΫτϦ (ඪ४)
▶ btrfs
▶ zfs
▶ lvm
▶ loop device
▶ aufs
▶ overlayfs
▶ Ϋϩʔϯ͸͋Δίϯςφ͔Β৽͍͠ίϯςφΛ࡞Δ
▶ εφοϓγϣοτ͸ίϯςφͷঢ়ଶΛ͋Δܾ·ͬͨنଇʹ
ैͬͯอଘ
▶ ಺෦తʹ͸Ϋϩʔϯͯ͠Δ
▶ εφοϓγϣοτ͕͋Δͱݩͷίϯςφ͸࡟আͰ͖ͳ͍
55

View Slide

֤छݴޠ͔Β LXC
▶ liblxc (c ݴޠ)
▶ ֤छݴޠͷ bindings
▶ lua (in tree)
▶ python3 (in tree)
▶ Go (out of tree)
▶ ruby (out of tree)
56

View Slide

σϞ ʙ ruby-lxc
▶ https://github.com/lxc/ruby-lxc

require ’lxc’
c = LXC::Container.new(’sitw’)
c.create(’download’, ’dir’, {}, 0,
[’--dist=ubuntu’,’--release=trusty’, ’--arch=amd64’])
c.start
c.attach do
LXC.run_command(’ip addr show eth0’)
end

57

View Slide

ඇಛݖίϯςφ
▶ ࠓ·Ͱ͸શͯϗετ্Ͱ root Ͱૢ࡞͍ͯ͠·ͨ͠ɻ
▶ Ubuntu ͸ AppArmor ͰϚζ͍ͱ͜Ζʹର͢Δૢ࡞͕Ͱ͖ͳ
͍Α͏ʹ͢Δͱ͔
▶ 3.8 Ͱͷ User Namespace ࣮૷׬੒ͰɺҰൠϢʔβʹΑΔί
ϯςφ࣮ߦͷಓ͕։͚·ͨ͠
▶ ͨͩ͠ɺ࣮ࡍͪΌΜͱ࢖͑ΔΑ͏ʹͳͬͨͷ͸ 3.13 ลΓ͔Β
Ͱ͕͢
58

View Slide

ඇಛݖίϯςφ
▶ ඇಛݖίϯςφͷ४උ
1. subuid/subgid ͷొ࿥ (֘౰͢ΔϢʔβ͕ѻ͑Δ uid/gid ͷൣ
ғΛࢦఆ͠·͢)
2. ֘౰Ϣʔβ͕ѻ͑Δ veth ΠϯλʔϑΣʔεͷ਺Λࢦఆ͠·͢
3. Ϣʔβ༻ͷσϑΥϧτͷઃఆϑΝΠϧΛ࡞੒͠·͢

$ sudo usermod -v 100000-65536 -w 100000-65536 ubuntu (͜Ε͸طʹઃఆ
ࡁ͔΋?)
$ cat /etc/subuid
ubuntu:100000:65536
$ cat /etc/subgid
ubuntu:100000:65536
$ echo "ubuntu veth lxcbr0 10" | sudo tee -a /etc/lxc/lxc-usernet
ubuntu veth lxcbr0 10
$ mkdir -p .config/lxc
$ cp /etc/lxc/default.conf .config/lxc/
$ echo "lxc.id_map = u 0 100000 65536" >> .config/lxc/default.conf
$ echo "lxc.id_map = g 0 100000 65536" >> .config/lxc/default.conf

59

View Slide

σϞ ʙ ඇಛݖίϯςφ
▶ ҰൠϢʔβͷίϯςφ࡞੒ʹ͸ download ςϯϓϨʔτΛ࢖
༻͠·͢
▶ User Namespace ಺ͷ root Ͱ΋Ͱ͖ͳ͍͜ͱ͸͋Γ·͢
1. ࡞੒

$ lxc-create -t download -n ubuntu01 -- \
> --dist=ubuntu --release=trusty --arch=amd64

2. ىಈ

$ lxc-start -n ubuntu01 -d
$ lxc-ls --fancy
NAME STATE IPV4 IPV6 AUTOSTART
----------------------------------------------
ubuntu01 RUNNING 10.0.3.133 - NO

60

View Slide

σϞ ʙ ඇಛݖίϯςφ

$ ls -l ~/.local/share/lxc/ubuntu01/rootfs/
total 76
drwxr-xr-x 2 100000 100000 4096 Jul 20 13:00 bin
drwxr-xr-x 2 100000 100000 4096 Apr 11 07:12 boot
drwxr-xr-x 3 100000 100000 4096 Jul 21 01:08 dev
: (snip)
$ ps aux
: (snip)
ubuntu 2281 0.0 0.1 43132 1524 ? Ss 01:08 0:00 lxc-start -n
untu01 -d
100000 2316 0.1 0.2 33372 2692 ? Ss 01:08 0:00 /sbin/init
: (snip)

61

View Slide

LXC ࠷৽ಈ޲
62

View Slide

LXC ͷݱঢ়
▶ 1.0 ͸ 2014 ೥ 2 ݄ 20 ೔ϦϦʔε!!
▶ 1.0 ܥ͸ 5 ೥αϙʔτ
▶ ݱࡏ 1.0.5
▶ 1.0 ͰυΩϡϝϯτ͕ॆ࣮
▶ ݱࡏ man ͸ӳޠͱ೔ຊޠ (!) ͚ͩͰ͢Α :-D
▶ ςϯϓϨʔτͷॆ࣮ɽओཁσΟετϦϏϡʔγϣϯ͕Ұ௨Γ
ଗͬͨ
▶ CentOS ͷ௥Ճ!!
▶ ެࣜαΠτʹ೔ຊޠ͕!!
▶ https://linuxcontainers.org/jp/
63

View Slide

LXC ։ൃͷಈ޲
▶ 1.0 ͷ׬੒౓Λ͋͛ͭͭɺ1.1 ΛͦΖͦΖߟ͑Α͏
▶ CRIU ͷαϙʔτͱ͔
64

View Slide

Docker
65

View Slide

Docker
(ࠓ͞ΒͰ͕͢)
▶ Docker ͕ࣾ։ൃ
▶ golang Ͱ࣮૷
▶ 6/9 Docker 1.0 ϦϦʔεɺ߹Θͤͯ
▶ ैདྷ Docker ͱݺ͹Ε͍ͯͨ OSS ͷιϑτ΢ΣΞ͸
“Docker Engine” ʹ
▶ Docker ͷΠϝʔδΛެ։͢Δ৔ॴͱͯ͠ “Docker Hub” ͕
▶ Docker Engine, Docker Hub, API, ࿈ܞ͢Διϑτ΢ΣΞɺ
αʔϏεͳͲͷΤίγεςϜΛ߹Θͤͨ΋ͷ͕ “Docker” ͱ
ݺ͹ΕΔ͜ͱʹ
66

View Slide

੝Γ্͕Γ
▶ Docker Meetup Tokyo #2 ։࠵ɻ100 ໊ఆһʹ 405 ໊ਃ͠ࠐΈ (4/11)
▶ Docker ͷͨΊͷܰྔ OSʮRed Hat Enterprise Linux Atomic Hostʯ
ɺRed
Hat ͕ൃද (Publickey 4/18)
▶ AWS Elastic Beanstalk ͕ Docker Λαϙʔτɺ৽͍͠ܗଶͷ PaaS ΁ɻࣄ
্࣮ͲΜͳݴޠͰ΋࢖͑ɺखݩͷ։ൃ؀ڥΛͦͷ·· PaaS ΁σϓϩΠͰ
͖Δ (Publickey 4/28)
▶ Docker ʹ࠷దԽͨ͠ OS ΠϝʔδΛ Google Compute Engine ͕ఏڙ։
࢝ɻCoreOS ΋ར༻Մೳʹ (Publickey 5/26)
▶ Docker ͕ Cloud Foundry Foundation ΁ࢀՃද໌ɻདྷ݄ʹ΋ Cloud
Foundry ͕ Docker ਖ਼ࣜαϙʔτൃද͔ (5/30 Publickey)
▶ Docker 1.0 ϦϦʔε (6/9)
▶ Google Compute Engine ʹଓ͖ɺGoogle App Engine ΋ Docker αϙʔτ
ΛൃදɻDocker ΛΫϥελԽͯ͠؅ཧ͢ΔπʔϧʮKubernetesʯΛΦʔ
ϓϯιʔεͰެ։ (Publickey 6/12)
▶ Docker Meetup Tokyo #3 ։࠵ɻ240 ໊ఆһʹ 508 ໊ਃ͠ࠐΈ (7/4)
67

View Slide

Docker Ҏલ
▶ ։ൃ؀ڥͩͱಈ͍ͨͷʹຊ൪؀ڥʹσϓϩΠͨ͠Βಈ͔ͳ
͔ͬͨ. . . (> <)
▶ ຊ൪؀ڥΛΞοϓσʔτͨ͠Βಈ͔ͳ͘ͳͬͨ (> <)
▶ ͋ͬͪΛΞοϓσʔτͨ͠Β͕ͬͪ͜ಈ͔ͳ͘ͳͬͬͨ
(> <)
▶ ΍ͬͯ͸Έͨ΋ͷͷࣦഊͨ͠!! ·ͨ࠷ॳ͔Β (> <)
▶ ΦϦδφϧͷԾ૝ϚγϯΠϝʔδΛΫϩʔϯͯ͠৭ʑ࡞Ζ͏
ˠσΟεΫͷ༰ྔ͕଍Γͳ͍!! (> <)
▶ VM ͷىಈʹ͕͔͔࣌ؒΔͳ͋ (> <)
▶ . . .
68

View Slide

Docker ҎલͷਐԽ (͔ͳΓࡶ)
αʔόΛߏஙͯ͠ɺΞϓϦέʔγϣϯΛσϓϩΠ͢Δɿ
▶ ෺ཧαʔόˠԾ૝Ϛγϯ
▶ Ծ૝ϚγϯͳΒͰ͸ͷಛ௃΋͕͋ͬͨɺ࣮ߦ؀ڥɺΞϓϦ
έʔγϣϯͷσϓϩΠͳͲͷ໰୊͸ղܾ͠ͳ͍
▶ Infrastructure as Code
▶ σϓϩΠखॱͷίʔυԽ
▶ Vagrant
▶ Πϯϑϥ΋ؚΊͯίʔυԽ
▶ खݩͰ Try & Error Λ͠ͳ͕Β։ൃɺߏங
▶ ຖճɺΫϦʔϯͳ؀ڥ͔Β࡞ۀ͕Մೳ
▶ Ծ૝Ϛγϯ͕ຖճىಈ͢ΔͷͰεϐʔυ໘͸ෆརɻԾ૝Ϛγ
ϯͷಉ࣌ىಈ࣌ͷϦιʔεͷนɻ
69

View Slide

Docker ͷొ৔
▶ ίϯςφͷར༻
▶ ίϯςφͷಛ௃Λ࠷େݶʹ׆͔͢
▶ ϙʔλϏϦςΟ . . . ։ൃ؀ڥͰ͏·͘ಈ͍ͨ΋ͷ͸ɺຊ൪؀
ڥɾผͷ؀ڥͰ΋ಉ͡Α͏ʹಈ͘
▶ ܰྔ . . . ߴ଎ʹىಈɺΦʔόʔϔου΋গͳ͍
▶ ΞϓϦέʔγϣϯίϯςφˠػೳ͝ͱͷίϯςφΛ࡞੒͢Δ
ͱɺϥΠϒϥϦͷόʔδϣϯͷڝ߹΍ෆ੔߹͕๷͛Δ
▶ ࠩ෼؅ཧ ՄೳͳϑΝΠϧγεςϜ
▶ ϕʔεͷΠϝʔδΛ࡞੒͠ɺ͔ͦ͜ΒඞཁͳϞϊΛೖΕͯ΋ɺ
ࠩ෼͚͕ͩ૿Ճ͢Δ͚ͩͳͷͰσΟεΫεϖʔε͕અ໿Ͱ
͖Δ
▶ ͏·͍ͬͨ͘ॴ·Ͱͷࠩ෼Λอଘ (ίϛοτ) ͯ͠ɺͦͷޙͷ
࡞ۀ͸͏·͘ߦͬͨॴ͔ΒͷΈͷࠩ෼ʹͰ͖Δ
▶ ͏·͍͔͘ͳͯ͘΋ࠩ෼ͷ෦෼͚ͩഁغՄೳ
▶ ίϯςφΠϝʔδͷ഑෍Πϯϑϥͷ੔උ
70

View Slide

Immutable Infrastructure
▶ ෆมͷΠϯϑϥ
▶ ഁغՄೳ
▶ Ұ౓Քಇͨ͠Β৮Βͳ͍
▶ ߋ৽͕ඞཁʹͳͬͨΒ৽͍͠؀ڥΛ࡞ͬͯՔಇͤ͞ɺલͷ؀
ڥ͸མͱ͢ (ࣺͯΔ)
▶ Blue Green Deployment (ਤ͸ http:
//martinfowler.com/bliki/BlueGreenDeployment.html
ΑΓ)
71

View Slide

Docker ͷٕज़ཁૉ
▶ ࠩ෼؅ཧ (ϑΝΠϧγεςϜ)
▶ aufs
▶ ॏͶ͋ΘͤՄೳͳϑΝΠϧγεςϜ
▶ dm-thin
▶ Device Mapper ͷ Thin provisioning
▶ εφοϓγϣοτ
▶ ίϯςφ
▶ υϥΠόʹΑΓίϯςφٕज़ͷ੾Γସ͕͑Մೳ
▶ native(libcontainer) (0.9)
▶ LXC
▶ υϥΠόʹΑΓόοΫΤϯυετϨʔδͷ੾Γସ͕͑Մೳ
▶ aufs
▶ btrfs
▶ device mapper
▶ vfs
72

View Slide

Πϯετʔϧ
Ubuntu
▶ https://docs.docker.com/installation/
▶ Ubuntu ͷϦϙδτϦʹ΋ docker.io ύοέʔδ͕͋Δ͕ɺগ
͠ݹ͍
▶ ࠷৽ΛΠϯετʔϧ

$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1
$ sudo sh -c "echo deb https://get.docker.io/ubuntu docker main\
> /etc/apt/sources.list.d/docker.list"
$ sudo apt-get update
$ sudo apt-get install lxc-docker

docker άϧʔϓʹϢʔβΛ௥Ճ͢ΔͱɺҰൠϢʔβͰ docker Λ
ѻ͑Δɻ
73

View Slide

Πϯετʔϧ
Mac OS X
▶ Docker ͸ Linux Χʔωϧͷίϯςφؔ࿈ٕज़Λ࢖͍ͬͯ·
͢ͷͰɺ΋ͪΖΜ Mac Ͱಈ͘͸ͣ΋͋Γ·ͤΜ :-)
▶ ͕ɺVirtualBox ܦ༝Ͱ Docker Λ࢖͑·͢
▶ Πϯετʔϥ΋͋Γ؆୯!! ˠ Installing Docker on Mac OS X
▶ Πϯετʔϥ ˠ https:
//github.com/boot2docker/osx-installer/releases
74

View Slide

σϞ ʙ Πϯετʔϧ௚ޙͷ৘ใ

$ docker version
Client version: 1.1.1
Client API version: 1.13
Go version (client): go1.2.1
Git commit (client): bd609d2
Server version: 1.1.1
Server API version: 1.13
Go version (server): go1.2.1
Git commit (server): bd609d2
$ docker info
Containers: 0
Images: 0
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Dirs: 0
Execution Driver: native-0.2
Kernel Version: 3.13.0-30-generic
WARNING: No swap limit support

75

View Slide

σϞ ʙ Πϝʔδऔಘ
▶ ࣮ߦ͢ΔલʹɺDocker ެࣜͷ Ubuntu ࠷৽ΠϝʔδΛऔಘ
͢Δɻ
▶ औಘͤͣʹίϯςφ࣮ߦͯ͠΋উखʹऔಘ͢Δ
▶ docker pull

$ docker pull ubuntu:latest
Pulling repository ubuntu
e54ca5efa2e9: Download complete
511136ea3c5a: Download complete
d7ac5e4f1812: Download complete
2f4b4d6a4a06: Download complete
83ff768040a0: Download complete
6c37f792ddac: Download complete
$ docker images
REPOSITORY TAG IMAGE ID CREATED
ubuntu latest e54ca5efa2e9 3 weeks ago

76

View Slide

σϞ ʙ ࣮ߦ
▶ ͓໿ଋͷίϚϯυ࣮ߦ
▶ docker run

$ docker run -ti ubuntu /bin/bash
root@cbc388b00064:/#
root@cbc388b00064:/# uname -a
Linux cbc388b00064 3.13.0-30-generic #55-Ubuntu SMP Fri Jul 4 21:40:53 UTC 20
root@cbc388b00064:/# apt-get update
root@cbc388b00064:/# apt-get install apache2
root@cbc388b00064:/# exit

͜ΕͰίϯςφ͸ఀࢭɻ͜ͷޙɺ࠶౓ಉ͡ίϚϯυΛ࣮ߦ͢Δͱ
৽͍͠ίϯςφ͕ىಈ͢Δɻ
77

View Slide

σϞ ʙ ίϯςφͷ֬ೝ
▶ docker ps
▶ σϑΥϧτͰ͸࣮ߦதͷίϯςφͷΈΛҰཡ͢Δ
▶ ఀࢭதͷίϯςφΛݟΔʹ͸ -a Φϓγϣϯ

$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED
cbc388b00064 ubuntu:latest /bin/bash 6 minutes ago

78

View Slide

σϞ ʙ ίϯςφΠϝʔδͷ࡞੒
▶ docker ίϯςφ͔Β৽͍͠ docker ΠϝʔδΛ࡞੒
▶ docker commit
▶ ઌ΄Ͳͷ Ubuntu ʹ Apache ΛೖΕͨঢ়ଶͰίϯςφΛ࡞੒
▶ Πϝʔδ໊͸ Ϣʔβ໊/ίϯςφ໊ ͷΑ͏ʹ෇͚Δ
▶ Ϣʔβ໊͸ Docker Hub ͷϢʔβ໊͕ྑ͍

$ docker commit cbc388b00064 tenforward/apache
3a56ca5ffea7430d7af8711750fd37e22dc9d5a002d6e9702e4d37edd28465e0
$ docker images
tenforward/apache latest 3a56ca5ffea7 16 seconds ago
$ docker run -ti tenforward/apache /bin/bash
root@c69fded73b24:/# dpkg -l | grep apache2
ii apache2 2.4.7-1ubunt amd64 Apache HTTP Server
root@c69fded73b24:/# exit
exit
ubuntu@docker01:~$ docker ps -a
c69fded73b24 tenforward/apache:latest /bin/bash 27 seconds
cbc388b00064 ubuntu:latest /bin/bash 12 minutes
79

View Slide

σϞ ʙ σʔϞϯɺϙʔτ
▶ όοΫάϥ΢ϯυͰಈ͔͢
▶ ίϯςφͷ 80 ൪ϙʔτΛϗετͷ 80 ൪ϙʔτʹϚοϐϯά

$ docker run -p 80:80 -d tenforward/apache /usr/sbin/apache2ctl -D FOREGROUND
8387788a3a0a65af8e450a30a9b06eb24da6ba2b4a3df89b7e6ea1e2f3ed0818
$ docker ps
8387788a3a0a tenforward/apache:latest /usr/sbin/apache2ctl 4 minut
$ curl -I http://localhost/
HTTP/1.1 200 OK
Date: Tue, 15 Jul 2014 17:13:44 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Tue, 15 Jul 2014 16:38:31 GMT
ETag: "2cf6-4fe3e09b30fc0"
Accept-Ranges: bytes
Content-Length: 11510
Vary: Accept-Encoding
Content-Type: text/html

80

View Slide

σϞ ʙ ίϯςφ୳๚
▶ /var/lib/docker/aufs/diff ͷԼΛ୳๚
▶ ࠩ෼ମݧ

# cd /var/lib/docker/aufs/diff/cbc388b0006483a38919cd6c5e07d83cc7d7549840d976
# find . -type f

81

View Slide

σϞ ʙ ΰϛ૟আ
▶ ௐࢠ৐ͬͯ࢖͍ͬͯΔͱίϯςφͷΰϛ͕ͨ·ͬͯσΟεΫ
͕. . .
▶ ఀࢭ͍ͯ͠Δίϯςφͷ࡟আ
▶ docker rm

$ docker ps -a
c551d08375e4 ubuntu:latest /bin/bash 5 seconds ago
$ docker rm c551d08375e4
c551d08375e4

82

View Slide

σϞ ʙ ࢖Θͳ͘ͳͬͨΠϝʔδͷ࡟আ
▶ docker rmi

$ docker images
tenforward/apache latest 89f1b311885c 3 seconds ago
$ docker rmi tenforward/apache
Untagged: tenforward/apache:latest
Deleted: 89f1b311885c10483e0b7ca429d127aa6151c4b651267c2e2b9cff716814c395

83

View Slide

σϞ ʙ Dockerﬁle
▶ Dockerﬁle ͷυΩϡϝϯτ

$ mkdir apache ; cd apache
$ vi Dockerfile
$ cat Dockerfile
FROM ubuntu:latest
RUN apt-get update
RUN apt-get install -y apache2
EXPOSE 80
ADD index.html /var/www/html/index.html
CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]

▶ RUN ͸ίϯςφߏஙதʹ࣮ߦ͢ΔίϚϯυ
▶ CMD ͸ίϯςφىಈޙʹ࣮ߦ͢ΔίϚϯυ
▶ ADD Ͱϗετ্ͷϑΝΠϧΛίϯςφ಺ͷࢦఆͷ৔ॴʹ
ίϐʔ
84

View Slide

σϞ ʙ Dockerﬁle

$ docker build -t "tenforward/apache" .
Sending build context to Docker daemon 2.56 kB
Sending build context to Docker daemon
Step 0 : FROM ubuntu:latest
---> e54ca5efa2e9
Step 1 : RUN apt-get update
---> Running in a75113064677
: (snip)
---> 5657592916ef
Removing intermediate container a75113064677
Step 2 : RUN apt-get install -y apache2
---> Running in 4acd557884f6
: (snip)
---> 50efac402fcd
Removing intermediate container 4acd557884f6
Step 3 : EXPOSE 80
---> Running in d0c49ff849fa
---> ed283f67c245
Removing intermediate container d0c49ff849fa
Step 4 : CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]
---> Running in 636e31a13387
---> d8559cf37ae7
Removing intermediate container 636e31a13387
Successfully built d8559cf37ae7 85

View Slide

σϞ ʙ Dockerﬁle
▶ Dockerﬁle ͰΠϝʔδߏங׬ྃ

$ docker images
tenforward/apache latest 266f03af5081 2 minutes
ubuntu latest e54ca5efa2e9 3 weeks ag

▶ ࣮ߦ

$ docker run -p 80:80 -d tenforward/apache
a514a27c9b91a0342a6801f17a81f5edc9e0bde9ef39a8d973013e17cb7a3274

86

View Slide

σϞ ʙ Dockerﬁle
▶ ઌʹίϯςφΛ࡞੒ͨ͠ Dockerﬁle Λमਖ਼ͯ͠ɺ࠶౓ build
Λ࣮ߦ͢Δͱ. . .
▶ Using cache* ͕ΩϞ!!
▶ Ұ౓࣮ߦͨ͠ॴ͸࠶࣮ߦͤͣʹΩϟογϡΛ࢖͏

$ docker build -t "tenforward/apache" .
Sending build context to Docker daemon 3.584 kB
Sending build context to Docker daemon
Step 0 : FROM ubuntu:latest
---> e54ca5efa2e9
Step 1 : RUN apt-get update
---> Using cache
---> e178d7ec23b0
Step 2 : RUN apt-get install -y apache2
---> Using cache
---> 7daa5cb7ead2
: (snip)
Removing intermediate container d995be466fb1
Successfully built e89b49b4d860

87

View Slide

Docker ͷωοτϫʔΫ
▶ docker σʔϞϯ͕ىಈ͢Δͱ “docker0” ͱ͍͏ϒϦοδ͕
࡞੒͞ΕΔ

$ brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.56847afe9799 no

▶ ίϯςφىಈޙ

$ brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.56847afe9799 no vethcf5a

▶ veth ΠϯλʔϑΣʔε͕࡞ΒΕɺdocker0 ʹΞλον͞Εͯ
͍Δ͜ͱ͕Θ͔Δɻ
88

View Slide

▶ docker0 ͷΞυϨε

$ ip addr show docker0 | grep inet
inet 172.17.42.1/16 scope global docker0
inet6 fe80::5484:7aff:fefe:9799/64 scope link

▶ ίϯςφͷΞυϨε

$ docker inspect -f "{{ .NetworkSettings.IPAddress }}" 74a2e6b77884
172.17.0.2

89

View Slide

▶ ͜͜Ͱ͸ίϯςφͷΞυϨε͸ “172.17.0.16”

$ curl -I http://172.17.0.16
HTTP/1.1 200 OK
Date: Wed, 16 Jul 2014 10:41:19 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Wed, 16 Jul 2014 10:23:51 GMT
ETag: "2cf6-4fe4ceba0dbc0"
Accept-Ranges: bytes
Content-Length: 11510
Vary: Accept-Encoding
Content-Type: text/html

▶ EXPOSE 80 Ͱ docker0 ʹରͯ͠ 80 ൪ϙʔτ͸։͚ͯ͋Δ
ͷͰɺΞΫηεՄೳ
▶ EXPOSE ͍ͯ͠ͳ͚Ε͹ docker0 ʹ઀ଓ͞ΕΔωοτϫʔΫ
ͷϙʔτ͸ด͍ͯ͡ΔͷͰΞΫηεͰ͖ͳ͍
90

View Slide

▶ docker0 ͷωοτϫʔΫ͸࢖ΘΕ͍ͯΔωοτϫʔΫͱॏෳ
͠ͳ͍Α͏ʹ docker σʔϞϯ͕ઃఆ
▶ ίϯςφͷΞυϨε͸ docker ͕ܾΊΔ (DHCP Ͱ͸ͳ͍!)
91

View Slide

ίϯςφؒ௨৴
▶ σϑΥϧτͰ͸ίϯςφؒ௨৴͸ڐՄ͞Ε͍ͯΔ
▶ ڋ൱͢Δʹ͸ docker σʔϞϯΛ --icc=false Ͱىಈ
▶ ίϯςφؒ௨৴Λڋ൱ͨ͠৔߹Ͱ΋ίϯςφىಈ࣌ʹ
--link ΦϓγϣϯΛ࢖͍ɺಛఆͷίϯςφ͚ؒͩ௨৴͢Δ
͜ͱ΋Մೳ
92

View Slide

ϦϙδτϦ
▶ docker commit Ͱ৽͍͠Πϝʔδ͕࡞੒Ͱ͖Δ͕ɺଞͷϗ
ετͰ͸࢖͑ͳ͍
▶ ϦϙδτϦͷར༻
▶ ύϒϦοΫͳϦϙδτϦ ˠ Docker Hub ্ʹ࡞੒Մೳ
▶ ϓϥΠϕʔτϦϙδτϦ ˠϦϙδτϦ༻ͷίϯςφΠϝʔ
δ͕͋ΔͷͰͦΕΛऔಘͯ͠ىಈ
▶ Docker Hub ্ʹ΋ϓϥΠϕʔτͳϦϙδτϦΛ࡞੒Մೳ (ແ
ྉͩͱ 1 ͚ͭͩ)
93

View Slide

Docker Hub
▶ https://hub.docker.com/

$ docker login (࠷ॳҰ౓͚ͩ)
$ docker push tenforward/apache

94

View Slide

Docker Hub
▶ github, bitbucket ͱ࿈ܞͤͯ͞ΠϝʔδΛࣗಈϏϧυՄೳ
▶ (σϞ) github ͱͷ࿈ܞ
95

View Slide

Docker Ԡ༻
Docker Λ࢖ͬͨ CI
96

View Slide

Docker ؔ࿈
ΩʔϫʔυͷΈ. . .
▶ CoreOS
▶ libswarm
▶ Orchestration
▶ Serf
▶ Consul
▶ ϩά
97

View Slide

࠷ޙʹ
98

View Slide

·ͱΊ
͜ͷൃදࣗମ͕·ͱΊͬΆ͍ͷͰಛʹ͋Γ·ͤΜɻੋඇɺ৭ʑ͓
ࢼ͠௖͍ͯɺࠓ౓͸ࢲʹ৭ʑڭ͍͑ͯͩ͘͞ɻ
঺հͨ͠௨Γ LXC ΋ Docker ΋͓͘͢͝ؾܰʹ͓ࢼ͠Ͱ͖·͢!!
99

View Slide

৘ใަ׵
৘ใަ׵ͷ৔
▶ lxc JP άϧʔϓ
▶ ίϯςφͷ࿩Λ·ͬͨΓ΍͍ͬͯ·͢ɽͨ·ʔʹ͔͠ϝʔϧ
͸དྷ·ͤΜɽlxc-jp ͱ͍͏໊લͰ͕͢ɼ࿩୊͸ LXC ʹݶΒͣ
ԿͰ΋ OK Ͱ͢ɽ
▶ Facebook ͷ Docker Community Japan
ษڧձ
▶ ίϯςφܕԾ૝Խͷ৘ใަ׵ձ
▶ Docker Meetup Tokyo
▶ ͨͩ͠ɺࠂ஌ޙҰॠͰ࿮͕ຒ·Γ·͢
100

View Slide

຋༁
▶ lxc man pages ຋༁
▶ ڠྗऀืू! (ಛʹࠪಡ!!)
▶ linuxcontainers.org ຋༁
▶ ڠྗऀืू
▶ ͝ڠྗ͍͚ͨͩΔํ͸ github ͷ lxc-jp ʹొ࿥͠·͢
101

View Slide

͋Γ͕ͱ͏͍͟͝·ͨ͠
102

View Slide

ࢀߟจݙ
▶ Docker جૅ+0.9/0.10 ֓ཁ (@mainyaa ͞Μͷ Docker Meetup
Tokyo #2 ࢿྉ)
▶ Vagrant ϢʔβͷͨΊͷ Docker ೖ໳ (shin1x1 ͞Μͷୈ 3 ճ
ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏେࡕ ࢿྉ)
▶ ʮ͍·͞Βฉ͚ͳ͍ Docker ೖ໳ʯ(@IT)
▶ Immutable Infrastructure ͕։ൃϓϩηεʹ༩͑ΔӨڹ (Ծ)
(@naoya ito ͞Μͷ Immutable Infrastructure Conference #1
ࢿྉ)
103

View Slide

Linuxコンテナを支える技術とLXC、Dockerのキホン (2014-07-26)

Linuxコンテナを支える技術とLXC、Dockerのキホン (2014-07-26)

tenforward

More Decks by tenforward

Other Decks in Technology

Featured

Transcript