Linuxコンテナを支える技術とLXC、Dockerのキホン (2014-07-26)

Transcript

1. LinuxίϯςφΛࢧ͑Δٕज़ͱ LXCɺDockerͷΩϗϯ ୈ 24 ճࢁӄ ITPro ษڧձ Ճ౻ହจ 2014-07-26 1

2. ୭? ɹՃ౻ହจ ▶ http://www.ten-forward.ws/ ▶ @ten forward ▶ http://gplus.to/tenforward ▶

   https://github.com/tenforward 2

3. ୭? ▶ ϑΝʔεταʔόגࣜձࣾج൫։ൃ෦ ▶ αʔϏεͷ։ൃ ▶ ৭ʑͳٕज़ͷௐࠪ ▶ ࣮͸ίϯςφ͸ۀ຿Ͱ΄΅࢖ͬͯ·ͤΜ ▶

   Ҏલ͸ Virtuozzo Λগ͠ ▶ ΤϯδχΞืूதͰ͢ 3

4. ୭? ▶ ίϯςφؔ࿈ٕज़ͷௐࠪ ▶ αʔϏεͰ࢖͑ͳ͍͔ͱ 2010 ೥͘Β͍ʹ cgroup ͷௐࠪΛ࢝ Ίͨͷ͕͖͔͚ͬ

   ▶ lxc man pages ຋༁ ▶ Plamo Linux ϝϯςφ ▶ IP ి࿩αʔϏεͷ։ൃΛͨ͠བྷΈͰ೔ຊ Asterisk Ϣʔβձ ׆ಈΛҎલগ͠ ▶ Jetspeed-2 υΩϡϝϯτ຋༁ ▶ ʲվగ৽൛ʳLinux ΤϯδχΞཆ੒ಡຊ (ٕज़ධ࿦ࣾ) 4

5. ୭? ࿈ࡌ΍ͬͯ·͢ ▶ LXC ͰֶͿίϯςφೖ໳ʵܰྔԾ૝Խ؀ڥΛ࣮ݱ͢Δٕज़ ɹ 5

6. աڈͷษڧձࢿྉ աڈͷࢲͷษڧձࢿྉ΋͝ࢀর͍ͩ͘͞ɽ ▶ ୈҰճษڧձͷࢿྉ. . . Linux ͷίϯςφؔ࿈ػೳͷਐԽ ͱ͔ ▶

   ୈೋճษڧձͷࢿྉ ▶ ୈࡾճษڧձͷࢿྉ 6

7. ࣭໰ 7

8. Ծ૝Խͷٕज़Ͱ͋ΔʰίϯςφʱΛ 1. ՟෺༌ૹؔ࿈ͷ࿩୊ͩͱࢥ͍ͬͯͨ 2. σʔληϯλʔͩͱࢥ͍ͬͯͨ 3. ஌͍ͬͯΔ 8

9. ʮίϯςφʯΛ. . . 1. όϦόϦ࢓ࣄͰ࢖͍ͬͯΔ 2. ͓ࢼ͠ఔ౓ʹ࢖ͬͨ͜ͱ͕͋Δ 3. ࢖ͬͨ͜ͱ͸ͳ͍ 9

10. “Docker” Λ. . . 1. ࢖ͬͨ͜ͱ͕͋Δ 2. ஌͍ͬͯΔ͚Ͳ࢖ͬͨ͜ͱ͸ͳ͍ 3. ஌Βͳ͍

    10

11. ίϯςφͷجૅ 11

12. ίϯςφͷ׆༻ ▶ ͢Ͱʹ Google ͸શ෦ͷιϑτ΢ΣΞΛίϯςφʹ৐͓ͤͯ Γɺຖि 20 ԯݸ΋ͷίϯςφΛىಈ͍ͯ͠Δ (Publickey 5/26)

    12

13. ίϯςφͱ͸ ▶ OS ϨϕϧͷԾ૝Խ ▶ Χʔωϧ͕࣋ͭػೳ ▶ ΧʔωϧͷػೳͰ (ෳ਺ͷ) ಠཱۭͨؒ͠Λ࡞Γग़͠ɼϦ

    ιʔεΛ෼ׂɾ෼഑͢Δ ▶ ϓϩηεΛάϧʔϓԽͯ͠ଞͷάϧʔϓͱϦιʔεۭؒΛ ִ཭ ▶ άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ 13

14. ίϯςφͷϝϦοτ ▶ ߴີ౓Խ͕Մೳ ▶ ىಈ͍ͯ͠Δ OS (Χʔωϧ) ͸Ұͭ ▶ Φʔόʔϔου͕খ͍͞

    ▶ ϋʔυ΢ΣΞͷԾ૝Խ͕ෆཁ ▶ ىಈ͕ૣ͍ ▶ Ծ૝ϚγϯͷىಈͰ͸ͳ͘ɼϗετ OS ͔ΒݟͨΒ୯ʹϓϩ ηε͕ىಈ͍ͯ͠Δ͚ͩͳͷͰɼී௨ͷϓϩάϥϜ͕ىಈ͢ Δͷͱ΄ͱΜͲมΘΒͳ͍ ▶ ඞͣ͠΋γεςϜΛಈ͔͢ඞཁ͸ͳ͍ (ΞϓϦέʔγϣϯί ϯςφ) ▶ ྫ͑͹ίϯςφ಺Ͱ͸ httpd ͷΈ͕ಈ͍͍ͯΔ ▶ ίϯςφʹϝϞϦΛݻఆతʹׂΓ౰ͯΔඞཁ͕ͳ͍ ▶ Ծ૝Ϛγϯͷ্Ͱ΋໰୊ͳ͘ಈͥ͘! ▶ ࠷ۙ͸ KVM ͷ্Ͱ KVM ಈ͍ͨΓ͢ΔͷͰίϯςφͳΒͰ ͸ͱ͍͏Θ͚Ͱ΋ͳ͍ 14

15. ίϯςφͷσϝϦοτ ▶ ҟͳΔ OS ͷγεςϜ / ϓϩάϥϜ͸ಈ͔ͤͳ͍ ▶ ୯ʹϗετ OS

    ্Ͱϓϩηε͕ىಈ͢Δ͚ͩͳͷͰ౰ͨΓલ ▶ ΧʔωϧʹؔΘΔૢ࡞͸Ͱ͖ͳ͍ ▶ ىಈ͍ͯ͠ΔΧʔωϧ͸มΘΒͳ͍ͷͰ ▶ ίϯςφຖʹϩʔυ͢ΔϞδϡʔϧΛม͑ΔͳͲ ▶ Χʔωϧͷ࣮૷͸ෳࡶʹͳΔ ▶ શͯΧʔωϧͷػೳͱ࣮ͯ͠૷͞Ε͍ͯΔͷͰ 15

16. Linux ʹ͓͚Δίϯςφͷ ࣮૷ 16

17. Linux ʹ͓͚Δίϯςφ࣮૷ Χʔωϧͷػೳ (+ ύον) + ΧʔωϧͷػೳΛ࢖͏ userspace πʔϧ ▶

    Χʔωϧ + ύον + userspace πʔϧ ▶ OpenVZ / Virtuozzo(঎༻) ▶ Linux VServer ▶ Χʔωϧ + userspace πʔϧ (લճΑΓ૿͑ͨ! :-) ▶ LXC ▶ libvirt (lxc υϥΠό) ▶ systemd(systemd-nspawn) ▶ vzctl for upstream kernel ▶ lmctfy ▶ docker(libcontainer) 0.9 Ҏ߱ ▶ 0.9 ΑΓલ͸ LXC ্Ͱಈ͍͍͕ͯͨɼ0.9 Ͱ LXC ͳ͠Ͱ΋ಈ ࡞Մೳʹ ▶ Warden 17

18. Linux ʹ͓͚Δίϯςφͷ ࢓૊Έ 18

19. Linux ͰίϯςφΛ࣮ݱ͢ΔͨΊͷػೳ ▶ ϓϩηεΛάϧʔϓԽͯ͠ଞͷάϧʔϓͱִ཭ ▶ ˠ Namespace (໊લۭؒ) ▶ άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ

    ▶ ˠ Cgroups (control groups) ▶ ͦͷଞ ▶ ωοτϫʔΫ (veth, macvlan) ▶ έʔύϏϦςΟ ▶ Checkpoint/Restore (CRIU) ▶ chroot (pivot root) ▶ ͳͲͳͲ. . . 19

20. Namespace ͷछྨ (1) ▶ Mount Namespace: 2.4.19 ▶ ϓϩηε͔Βݟ͍͑ͯΔϚ΢ϯτͷू߹ɼૢ࡞Λ෼཭͢Δɽ Namespace

    ಺ͷ mount, umount ͸ଞͷ Namespace ʹ͸Өڹ ͠ͳ͍ ▶ (ࢀߟ) Ϛ΢ϯτ໊લۭؒΛద༻͢Δ (IBM developerWorks) ▶ UTS Namespace: 2.6.19 ▶ ϗετ໊ͳͲɼuname(2) ͕ฦ͢஋ͷू߹Λ෼཭ɽ setdomainname(2), sethostname(2) Ͱ Namespace ಺ͷ஋ͷΈ มߋͰ͖Δ ▶ PID Namespace: 2.6.24 ▶ PID ۭؒͷ෼཭ɽ৽͍͠ PID Namespace Ͱ͸ PID 1 ͔Β࢝ ·Δ PID ׂ͕Γ౰ͯΒΕΔɽ਌͔Βࢠͷ PID Namespace ͸ ݟ͑Δ (਌ͷۭؒͷ PID Λ࣋ͭ) ͕ɼࢠ͔Β਌͸ݟ͑ͳ͍ 20

21. Namespace ͷछྨ (2) ▶ IPC Namespace: 2.6.19 ▶ SysV IPC

    ΦϒδΣΫτɼPOSIX ϝοηʔδΩϡʔͷִ཭ ▶ User Namespace: 2.6.23 ˜ 3.8 ▶ ಠཱͨ͠ UID/GID ۭؒͱ֎෦ۭؒͷϚοϐϯά (ྫ͑͹ɼִ ཭ۭؒͰ͸ uid/gid 0/0ɼ֎෦Ͱ͸ 1000/1000 ͱ͔Մೳʹ ͳΔ) ▶ Network Namespace: 2.6.26 ▶ ωοτϫʔΫϦιʔεͷִ཭ɽωοτϫʔΫσόΠεɼΞυ ϨεɼϧʔςΟϯάςʔϒϧɼιέοτɼϑΟϧλϦϯά 21

22. Namespace ͷૢ࡞ (γεςϜίʔϧ) ▶ clone(2) Ͱ৽͍͠ϓϩηε Λੜ੒ ▶ unshare(2) Ͱ৽͍͠ϓϩ

    ηεΛੜ੒ͤͣʹ࣮ߦίϯςΩε τΛ੍ޚ͢Δ ▶ unshare ͷ࢖༻ྫ ▶ setns(2) ͰϓϩηεΛطଘ ͷ Namespace ʹؔ࿈෇͚Δ 22

23. Namespace ͷૢ࡞ (ίϚϯυ) ▶ unshare ▶ ਌ϓϩηε͔Βಠ໊ཱͨ͠લۭؒΛ࡞੒ͯ͠ίϚϯυΛ࣮ߦ ▶ nsenter ▶

    طʹ࡞੒ࡁΈͷ໊લۭؒʹ઀ଓͯ͠ (໊લۭؒͷதʹೖͬͯ) ίϚϯυΛ࣮ߦ ▶ ͨͩ͠ɺutil-linux 2.23 ͰೖͬͨͷͰɺ֤छσΟετϦϏϡʔ γϣϯʹ͸ೖͬͯͳ͍͔΋? 23

24. Cgroup (1) ϓϩηεΛάϧʔϓԽ͠ɼάϧʔϓʹରͯ͠Ϧιʔε੍ݶΛߦ ͏ɽผʹίϯςφઐ༻ͷ࢓૊ΈͰ͸ͳ͍ɽ ▶ cpu: 2.6.24 ▶ CFS(Completely Fair

    Scheduler) bandwidth controlɽ୯Ґ࣌ؒ ಺ͷάϧʔϓ಺ͷλεΫ͕࣮ߦͰ͖Δ߹ܭ࣌ؒΛ੍ݶ͢Δ (3.2 Ͱ࣮૷) ▶ (ࢀߟ) Linux 3.2 ͷ CFS bandwidth control ▶ ૬ର഑෼ɽάϧʔϓؒͷ CPU ࣌ؒͷׂ౰ͷׂ߹Λࢦఆ͢Δɽ ྫ͑͹ GroupA=100, GroupB=50 ͱ͢Δͱ A:B = 2:1 ▶ cpuacct: 2.6.24 ▶ άϧʔϓ಺ͷ CPU ϦιʔεͷϨϙʔτ (CPU ࣌ؒ) ▶ cpuset: 2.6.24 ▶ ׂΓ౰ͯΔ CPU, ϝϞϦϊʔυͷׂ౰ 24

25. Cgroup (2) ▶ device: 2.6.26 ▶ σόΠε΁ͷΞΫηεڐՄɼ੍ݶͷࢦఆ ▶ freezer: 2.6.28

    ▶ άϧʔϓ಺ͷϓϩηεΛશͯҰ࣌ఀࢭ͢Δ ▶ memory: 2.6.29 ▶ ϝϞϦϦιʔεͷ੍ݶ (ϢʔβϝϞϦɼΧʔωϧϝϞϦ) ▶ blkio (Block IO): ▶ I/O weight controller (2.6.33 Ҏ߱) άϧʔϓͷ༏ઌ౓Λࢦఆ ͢Δ ▶ I/O throttling (2.6.37 Ҏ߱) άϧʔϓ಺ͷϓϩηεͷσόΠε ʹର͢Δ bytes/second ͷ߹ܭͷࢦఆ ▶ (ࢀߟ) Linux 2.6.37 ͷ৽ػೳ “I/O throttling” 25

26. Cgroup (3) ▶ hugetlb: 3.6 ▶ hugetlb ʹର͢Δ੍ݶ ▶ mm/hugetlb:

    add new HugeTLB cgroup ▶ perf event: 2.6.39 ▶ άϧʔϓ୯ҐͰ perf πʔϧͰϞχλϦϯά (ύϑΥʔϚϯε ղੳ) ▶ net cls: 2.6.29 ▶ ύέοτʹࣝผࢠΛ͚ͭɼτϥϑΟοΫίϯτϩʔϧ (tc) ͱ netfilter (3.14 Ҏ߱) ͰίϯτϩʔϧՄೳʹ ▶ net prio: 3.3 ▶ άϧʔϓؒͰͷωοτϫʔΫͷ༏ઌ౓ΛΠϯλʔϑΣʔεຖ ʹࢦఆ͢Δ ▶ Linux 3.3 ͷ৽ػೳ Network priority cgroup ▶ Linux 3.3 ͷ৽ػೳ Network priority cgroup (2) 26

27. Cgroup (4) Cgroup ͸ίϯςφͱؔ܎ͳ͘࢖༻Մೳ   # mount -t tmpfs

    cgroup_root /sys/fs/cgroup # mkdir /sys/fs/cgroup/memory # mount -t cgroup -o memory cgroup /sys/fs/cgroup/memory (ϝϞϦαϒ γεςϜͷϚ΢ϯτ) # mkdir /sys/fs/cgroup/memory/test01 ("test01" ͱ͍͏άϧʔϓͷ࡞੒) # echo $$ > /sys/fs/cgroup/memory/test01/tasks (ϓϩηεΛάϧʔϓʹొ ࿥) # cat /sys/fs/cgroup/memory/test01/tasks (άϧʔϓ಺ͷϓϩηεͷ֬ೝ) 2824 2837 # echo 30M > /sys/fs/cgroup/memory/test01/memory.limit_in_bytes (άϧʔϓʹରͯ͠ϝϞϦ্ݶ 30M ͱ͍͏੍ݶΛઃఆ) # cat /sys/fs/cgroup/memory/test01/memory.limit_in_bytes (੍ݶ஋ͷ֬ ೝ) 31457280 # cat /sys/fs/cgroup/memory/test01/memory.usage_in_bytes (ݱࡏͷ࢖༻ ྔͷ֬ೝ) 565248   27

28. ίϯςφͰ࢖͏ωοτϫʔΫػೳ ʙ veth ▶ OpenVZ/Virtuozzo ༝དྷͷػೳ ▶ ରͱͳΔΠϯλʔϑΣʔεΛੜ੒͠ɼΠϯλʔϑΣʔεؒͰ ௨৴Λߦ͏ (Layer2

    ͷτϯωϧ) ▶ ରͷยํΛϗετଆͷϒϦοδʹɼยํΛίϯςφʹ઀ଓ 28

29. ίϯςφͰ࢖͏ωοτϫʔΫػೳ ʙ macvlan ▶ ෺ཧΠϯλʔϑΣʔεʹผͷ MAC ΞυϨε͕෇͍ͨ৽͍͠ ΠϯλʔϑΣʔεΛ࡞੒ɽ͜ͷΠϯλʔϑΣʔεΛίϯςφ ʹׂ౰ ▶

    ෺ཧΠϯλʔϑΣʔεͰࣗ਎ͷ MAC ΞυϨεͷύέοτҎ ֎ʹ΋ macvlan ΠϯλʔϑΣʔε͕࣋ͭ MAC ΞυϨεͷύ έοτ΋ड͚औΔ ▶ Ϟʔυͷઃఆ͕ଘࡏ: private, vepa, bridge ▶ ෺ཧΠϯλʔϑΣʔεΛͦͷ··࢖͏ͷʹ͍ۙͷͰෛՙ͕௿ ͘ɼύϑΥʔϚϯε͕ྑ͍܏޲ ▶ (ࢀߟ) macvlan Λ࢖ͬͯΈΔ (ᱜӍͷΧʔωϧ୳ݕୂʢ୞ࠓ ૺ೉த͆) ▶ lxc ͷԾ૝ωοτϫʔΫͷύϑΥʔϚϯεଌఆ 29

30. σϞ (1) ʙ UTS Namespace 1. UTS Namespace ͷ࡞੒ 

     # unshare --uts /bin/bash   2. ϗετ໊ͷมߋ   # hostname hogehoge.example.jp hostname   3. ਌؀ڥͰϗετ໊ͷ֬ೝ 30

31. σϞ (2-1) ʙ Network Namespace + veth ▶ Namespace ͷૢ࡞

    ip netns ίϚϯυ ▶ Namespace ಺Ͱͷૢ࡞ ip netns exec ίϚϯυ ▶ ৽͍͠ Network Namespace ͷ࡞੒   # ip netns add netns01 # ࡞੒ # ip netns list netns01   31

32. σϞ (2-1) ʙ Network Namespace + veth ▶ ࡞੒௚ޙͷωοτϫʔΫͷઃఆ͸? 

     # ip link show 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group d link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Us # iptables -L -n -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source de ɹ Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source de ɹ Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source de   32

33. σϞ (2-2) ʙ Network Namespace + veth ▶ ৽͍͠ veth

    ϖΞͷ࡞੒   # ip link add name veth0-host type veth peer name veth0-ct # ip link show   ▶ ยํͷ veth Λผͷ໊લۭؒ΁   # ip link set veth0-ct netns netns01 # ip link show | grep veth0 4: veth0-host: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfif # ip netns exec netns01 ip link show 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 3: veth0-ct: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen link/ether be:82:25:d8:94:30 brd ff:ff:ff:ff:ff:ff   33

34. σϞ (2-2) ʙ Network Namespace + veth ▶ ϗετଆͷ veth

    ͷઃఆ   ip link set up vethtest01-host ip addr add 10.10.10.10/24 dev veth0-host   ▶ ผͷ໊લۭؒଆͷ veth ͷઃఆ   # ip netns exec netns01 ip addr add 10.10.10.11/24 dev veth0-ct # ip netns exec netns01 ip link set veth0-ct up # ip netns exec netns01 ip addr show 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 3: veth0-ct: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fa link/ether be:82:25:d8:94:30 brd ff:ff:ff:ff:ff:ff inet 10.10.10.11/24 scope global veth0-ct valid_lft forever preferred_lft forever inet6 fe80::bc82:25ff:fed8:9430/64 scope link valid_lft forever preferred_lft forever   ▶ ping ࣮ߦ 34

35. Linux Χʔωϧͱίϯςφ 35

36. Linux Χʔωϧͷόʔδϣϯͱίϯςφ (1) ͜͜ͷৄࡉ͸ୈ 1 ճɼୈ 2 ճͷࢲͷࢿྉΛ͝ࢀর͍ͩ͘͞ɽ ▶ 2.6.19

    ▶ ͋ͨ͜͜Γ͔Βঃʑʹ࣮૷͕ਐΈͩ͢ (Mount Namespace Λ আ͘) ▶ 3.0 ▶ setns ͷ࣮૷ (glibc ͸ 2.14 ͔Β) ▶ ns cgroup ࡟আ ▶ 3.2 ▶ ͦͦ͜͜࢖͑ΔΜ͡Όͳ͍Ͱ͔͢ :-) ▶ Ubuntu 12.04 LTS Ͱͦͦ͜͜ LXC ͕࢖͑Δ 36

37. Linux Χʔωϧͷόʔδϣϯͱίϯςφ (2) ▶ 3.8 ▶ ίϯςφతʹ͸Ұ௨Γͷػೳ͕ଗͬͨόʔδϣϯ ▶ User Namespace

    ͕࣮૷ (͔͠͠ଟ਺ͷ Filesystem Ͱະ࣮૷) ▶ setns(2) ͕શͯͷ Namespace ʹՄೳʹ + /proc/[PID]/ns ͷ վྑ ▶ ΧʔωϧϝϞϦʹର͢Δ cgroup ʹΑΔ੍ݶ͕Մೳʹ ▶ 3.9 ▶ XFS Λআ͘ϑΝΠϧγεςϜͰͷ࣮૷͕׬ྃ ▶ 3.12 ▶ XFS Ͱͷ User Namespace αϙʔτ ▶ ͔͠͠ LXC Ͱ setns Λ࢖༻͢Δ lxc-attach ͸ 3.12 Ͱಈ࡞͠ ͳ͘ͳͬͨ (3.12.9 Ͱमਖ਼) ▶ 3.13 ▶ lxc-attach ΋ಈ࡞͢ΔΑ͏ʹͳͬͨ ▶ ༗ޮʹ͢΂͖ػೳΛ࢖͍ͳ͕Βɼίϯςφͷओཁػೳ΋ଗͬ ͨόʔδϣϯ͔΋ 37

38. cgroup ࠶ઃܭ ʙ ݱࡏͷ cgroup ͷ໰୊఺ ▶ ࠓͷ cgroup ͸·ͱ΋͡Όͳ͍!

    ▶ ඪ४తͳΧʔωϧͷ API ͔Β͔ͳΓҳ୤͍ͯ͠Δ ▶ ϑΝΠϧγεςϜ͔ͩΒΞΫηεݖ͑͋͞Ε͹୭Ͱ΋Χʔω ϧΛ੍ޚͰ͖Δ ▶ αϒγεςϜຖʹগͣͭ͠ಈ͖͕ҧͬͨΓ ▶ ৭ʑͳॴʹϚ΢ϯτͰ͖ͨΓ ▶ ෳࡶͳׂʹ͸ॊೈͳઃఆ͸Ͱ͖ͳ͍ ▶ (ࢀߟ) Linux Χʔωϧͷ͢΂ͯ: cgroup ͷ࠶ઃܭ (ݪจ) ▶ (ࢀߟ) Changes coming for systemd and control groups 38

39. cgroup ࠶ઃܭ ▶ Ͱ΋ࠓͷ cgroup ͱޓ׵ੑΛอͬͨ··શ෦·ͱ΋ʹ͢Δͷ ͸ෆՄೳ ▶ ͡Ό͋ɼͱΓ͋͑ͣग़དྷͦ͏ͳॴΛ΍Ζ͏ ▶

    ୯Ұ֊૚ߏ଄ 39

40. Kernel ͷίϯςφؔ܎ػೳͷࠓޙ ʙͦͷଞ Ұ௨Γػೳ͸ଗͬͨ΋ͷͷɺࡉ͔͍ॴͰ͸·ͩ·ͩཉ͍͠ػೳ͕ ͋Δ ▶ σόΠεؔ܎ ▶ /dev ҎԼ͸Ծ૝Խ͞Ε͍ͯͳ͍

    ▶ σόΠε͸ϗετͰ؅ཧ͢Ε͹ྑ͍ͷͰͦ΋ͦ΋Ծ૝Խෆཁ ▶ ͱ͸ݴ͑ίϯςφઐ༻ʹཉ͍͠σόΠε΋͋Δ (loop, fuse. . . ) ▶ Android Ͱ࢖͏ࣄΛ೦಄ʹ։ൃ͞Εͨ Device Namespace ͱ͍ ͏ͷ΋͋Δ ▶ Χʔωϧϩάؔ܎ ▶ ΧʔωϧϝϞϦͷ੍ݶ ▶ memory cgroup ʹ࣮૷ࡁΈ͕ܹͩ͘͠มߋ͞Ε͓ͯΓɺҰ୴ 3.16 Ͱ։ൃ༻Ͱ࢖͏ͳɺͱͳΔ ▶ /proc ͷ memory ͳͲͷ౷ܭ஋ ▶ checkpoint/restore ؔ܎ػೳͷػೳ௥Ճ͕සൟʹߦΘΕͯ ͍Δ ▶ ͦͷଞɺࡉ͔͍ػೳ͕৭ʑසൟʹఏҊ͞Ε͍ͯΔ 40

41. LXC 41

42. LXC ▶ LXC (http://linuxcontainers.org/) ▶ Linux ͷίϯςφΛૢ࡞͢Δ userspace πʔϧ (ίϚϯυ܈)

    ▶ ʰUbuntuʱͷίϯςφπʔϧΩοτͷੑ͕֨ڧ͍ ▶ ݱࡏͷ stable ͸ 1.0.3 (݁ߏසൟʹϦϦʔε͞Ε͍ͯ·͢) ▶ 1.0 ܥ͸ Ubuntu ͷ 14.04 LTS ʹΠϯετʔϧ͞ΕΔͷͰ 5 ೥ϝϯςφϯε͞Ε·͢ ▶ libvirt (ͷ LXC ίϯςφυϥΠό) (http://libvirt.org/) ▶ ࠷ۙ LXC ͷઃఆϑΝΠϧΛίϯόʔτ͢Δػೳ͕࣮૷͞Εͨ (1.2.2) ▶ ͲͪΒ΋ಉ͡ “LXC” ͱ͍͏໊લΛ࢖͍ͬͯΔ͕ɼઃఆϑΝ Πϧ͸ผʑɽΧʔωϧͷಉ͡ػೳΛ࢖ͬͨผͷ࣮૷ɽ ▶ ίΞͷػೳ͸ Linux ΧʔωϧͷػೳΛ࢖͍ͬͯΔͷͰಈ͖͸ ಉ͕ͩ͡ɼपลͷ࣮૷͕ҟͳΔ ΍΍͍͜͠!! 42

43. LXC Λࢼ͢ͳΒ Ubuntu ▶ LXC Λ࢖͏ͳΒ Ubuntu ▶ LXC ϝϯςφ

    = Ubuntu σϕϩούʔ ▶ ં֯ͳͷͰ Ubuntu 14.04 LTS Ͱ࢖͍·͠ΐ͏ ▶ 14.04 LTS = 1.0.1 ▶ 13.10 = 1.0.0.alpha1 ▶ 12.04 LTS = 0.7.5 (࣮࣭ 0.8.0 ૬౰) 43

44. σϞ ʙ LXC ͷ࡞੒ 1. Πϯετʔϧ   # apt-get

    install lxc   2. ࡞੒ ▶ μ΢ϯϩʔυςϯϓϨʔτͰ࡞੒   # lxc-create -n ubuntu01 -t download - -d ubuntu -r trusty -a a   ▶ ෇ଐͷ֤σΟετϦϏϡʔγϣϯͷςϯϓϨʔτΛ࢖༻   # lxc-create -n ubuntu01 -t ubuntu   lxc-alpine lxc-cirros lxc-openmandriva lxc-ubuntu lxc-altlinux lxc-debian lxc-opensuse lxc-ubuntu-cloud lxc-archlinux lxc-download lxc-oracle lxc-busybox lxc-fedora lxc-plamo lxc-centos lxc-gentoo lxc-sshd 44

45. σϞ ʙ ίϯςφͷ rootfs Ͳ͜ʹͰ͖͔ͨ֬ೝ ▶ Ұൠతʹ͸ /var/lib/lxc ҎԼʹίϯςφ༻ͷઃఆͱ͔ rootfs

    ͕࡞ΒΕΔ   # lxc-config lxc.lxcpath /var/lib/lxc # ls /var/lib/lxc ubuntu01 # ls /var/lib/lxc/ubuntu01 config rootfs # ls /var/lib/lxc/ubuntu01/rootfs/ bin dev home lib64 mnt proc run srv tmp var boot etc lib media opt root sbin sys usr   ▶ ίϯςφͷϑΝΠϧγεςϜ͸ී௨ʹϗετ্ͷσΟϨΫτ ϦπϦʔͱͯ͠ߏங͞ΕΔ 45

46. σϞ ʙ LXC ͷىಈ 1. ίϯςφىಈ   # lxc-start

    -n ubuntu01 -d   ▶ -d ͸όοΫάϥ΢ϯυͰىಈ 2. ίϯςφͷίϯιʔϧʹΞΫηε   # lxc-console -n ubuntu01   46

47. σϞ ʙ ίϯςφͷϓϩηεͷ༷ࢠ ਌؀ڥ্ͰίϯςφͷϓϩηεΛݟΔͱ. . .   # pstree

    -p -A init(1)-+-acpid(904) : (snip) |-lxc-start(5765)---init(5777)-+-cron(6189) | |-dhclient(6107) | |-getty(6175) | |-getty(6178) | |-getty(6179) | |-getty(6222) : (snip)   ίϯςφ಺ͰݟΔͱ   # pstree -p -A init(1)-+-cron(377) |-dhclient(295) |-getty(363) |-getty(366) : (snip)   47

48. σϞ ʙ ΞϓϦέʔγϣϯίϯςφ ίϯςφ಺Ͱ /sbin/init Λىಈ͠ͳͯ͘΋ɼ໨తͷϓϩάϥϜͷ ΈىಈՄೳɻ   #

    lxc-start -d -n ubuntu01 -- /usr/sbin/apache2ctl -D FOREGROUND # pstree -p -A 1310 bash(1310)---lxc-start(2645)---apache2ctl(2656)---apache2(2676)-+-apache2(269 ‘-apache2(269   48

49. σϞ ʙ LXC ͷ৭ʑͳίϚϯυ ▶ ίϯςφҰཡ   # lxc-ls

    ubuntu01 # lxc-ls --fancy NAME STATE IPV4 IPV6 AUTOSTART --------------------------------------------- ubuntu01 RUNNING 10.0.3.31 - NO   ▶ ίϯςφఀࢭ   # lxc-stop -n ubuntu01   49

50. σϞ ʙ LXC ͷ৭ʑͳίϚϯυ ▶ ίϯςφ৘ใऔಘ   # lxc-info

    -n ubuntu01 Name: ubuntu01 State: RUNNING PID: 4979 IP: 10.0.3.31 CPU use: 0.83 seconds BlkIO use: 116.00 KiB Memory use: 7.79 MiB KMem use: 0 bytes Link: veth7GU9SH TX bytes: 1.45 KiB RX bytes: 1.22 KiB Total bytes: 2.68 KiB   ▶ ίϯςφফڈ   # lxc-destroy -n ubuntu01   50

51. ίϯςφͷத͕ݟ͍ͨ (͋Δ͋Δ) ίϯςφͷதΛΈ͍ͨ!! ˠ ssh ܦ༝Ͱ!? ▶ sshd ಈ͍ͯͳ͍!? ▶

    ΞϓϦέʔγϣϯίϯςφ Ͳ͏͢Δ!! 51

52. ίϯςφͷத͕ݟ͍ͨ ͍΍ɺ଴͍ͬͯͩ͘͞ɻ ▶ (࠶ܝ) ίϯςφͷϑΝΠϧγεςϜ͸ϗετ্ͷσΟϨΫτ ϦπϦʔ ▶ ϩάΛݟ͍ͨ ▶ ઃఆϑΝΠϧΛݟ͍ͨ

    ▶ ˠ ී௨ʹϗετ͔ΒݟΕ·͢ :-)   # cat /var/lib/lxc/ubuntu01/rootfs/etc/hosts 127.0.0.1 localhost 127.0.1.1 ubuntu01 : (snip) # tail -f /var/lib/lxc/ubuntu01/rootfs/var/log/syslog   52

53. σϞ ʙ ίϯςφͷத͕ݟ͍ͨ ▶ ύε໊௕ͯ͘ϝϯυΫαΠ :-( ▶ chroot ͯ͠͸? cd

    /var/lib/lxc/ubuntu01/rootfs ; chroot $PWD ▶ ίϯςφͷ rootfs ʹ cd ͢ΔͷϝϯυΫαΠ ▶ chroot ͡Ό࣮ߦͰ͖ͳ͍ίϚϯυΛ࣮ߦ͍ͨ͠ (ίϯςφͷ ໊લۭؒʹೖ࣮ͬͯߦ͢Δඞཁ͕͋ΔίϚϯυ) 53

54. lxc-attach ͦΜͳ͋ͳͨʹ lxc-attach !! ▶ ࣮ߦ͢ΔίϚϯυΛࢦఆ͠ͳ͚Ε͹ /bin/bash Λ࣮ߦ  

    # lxc-attach -n ubuntu # uname -n ubuntu01   ▶ ࣮ߦ͢ΔίϚϯυΛࢦఆ͢Δ͜ͱ΋Մೳ   # lxc-attach -n ubuntu01 -- /usr/sbin/service apache2 status   ▶ 3.8 ΧʔωϧҎ߱Ͱͳ͍ͱ࢖͑·ͤΜ 54

55. εφοϓγϣοτͱΫϩʔϯ ▶ lxc-snapshot ͱ lxc-clone ▶ ίϯςφͷϑΝΠϧγεςϜͷछྨʹΑͬͯΑ͠ͳʹ΍ͬͯ ͘Ε·͢ ▶ ίϯςφͷ

    rootfs Ͱ࢖͑Δ֤छϑΝΠϧγεςϜ ▶ σΟϨΫτϦ (ඪ४) ▶ btrfs ▶ zfs ▶ lvm ▶ loop device ▶ aufs ▶ overlayfs ▶ Ϋϩʔϯ͸͋Δίϯςφ͔Β৽͍͠ίϯςφΛ࡞Δ ▶ εφοϓγϣοτ͸ίϯςφͷঢ়ଶΛ͋Δܾ·ͬͨنଇʹ ैͬͯอଘ ▶ ಺෦తʹ͸Ϋϩʔϯͯ͠Δ ▶ εφοϓγϣοτ͕͋Δͱݩͷίϯςφ͸࡟আͰ͖ͳ͍ 55

56. ֤छݴޠ͔Β LXC ▶ liblxc (c ݴޠ) ▶ ֤छݴޠͷ bindings ▶

    lua (in tree) ▶ python3 (in tree) ▶ Go (out of tree) ▶ ruby (out of tree) 56

57. σϞ ʙ ruby-lxc ▶ https://github.com/lxc/ruby-lxc   require ’lxc’ c

    = LXC::Container.new(’sitw’) c.create(’download’, ’dir’, {}, 0, [’--dist=ubuntu’,’--release=trusty’, ’--arch=amd64’]) c.start c.attach do LXC.run_command(’ip addr show eth0’) end   57

58. ඇಛݖίϯςφ ▶ ࠓ·Ͱ͸શͯϗετ্Ͱ root Ͱૢ࡞͍ͯ͠·ͨ͠ɻ ▶ Ubuntu ͸ AppArmor ͰϚζ͍ͱ͜Ζʹର͢Δૢ࡞͕Ͱ͖ͳ

    ͍Α͏ʹ͢Δͱ͔ ▶ 3.8 Ͱͷ User Namespace ࣮૷׬੒ͰɺҰൠϢʔβʹΑΔί ϯςφ࣮ߦͷಓ͕։͚·ͨ͠ ▶ ͨͩ͠ɺ࣮ࡍͪΌΜͱ࢖͑ΔΑ͏ʹͳͬͨͷ͸ 3.13 ลΓ͔Β Ͱ͕͢ 58

59. ඇಛݖίϯςφ ▶ ඇಛݖίϯςφͷ४උ 1. subuid/subgid ͷొ࿥ (֘౰͢ΔϢʔβ͕ѻ͑Δ uid/gid ͷൣ ғΛࢦఆ͠·͢)

    2. ֘౰Ϣʔβ͕ѻ͑Δ veth ΠϯλʔϑΣʔεͷ਺Λࢦఆ͠·͢ 3. Ϣʔβ༻ͷσϑΥϧτͷઃఆϑΝΠϧΛ࡞੒͠·͢   $ sudo usermod -v 100000-65536 -w 100000-65536 ubuntu (͜Ε͸طʹઃఆ ࡁ͔΋?) $ cat /etc/subuid ubuntu:100000:65536 $ cat /etc/subgid ubuntu:100000:65536 $ echo "ubuntu veth lxcbr0 10" | sudo tee -a /etc/lxc/lxc-usernet ubuntu veth lxcbr0 10 $ mkdir -p .config/lxc $ cp /etc/lxc/default.conf .config/lxc/ $ echo "lxc.id_map = u 0 100000 65536" >> .config/lxc/default.conf $ echo "lxc.id_map = g 0 100000 65536" >> .config/lxc/default.conf   59

60. σϞ ʙ ඇಛݖίϯςφ ▶ ҰൠϢʔβͷίϯςφ࡞੒ʹ͸ download ςϯϓϨʔτΛ࢖ ༻͠·͢ ▶ User

    Namespace ಺ͷ root Ͱ΋Ͱ͖ͳ͍͜ͱ͸͋Γ·͢ 1. ࡞੒   $ lxc-create -t download -n ubuntu01 -- \ > --dist=ubuntu --release=trusty --arch=amd64   2. ىಈ   $ lxc-start -n ubuntu01 -d $ lxc-ls --fancy NAME STATE IPV4 IPV6 AUTOSTART ---------------------------------------------- ubuntu01 RUNNING 10.0.3.133 - NO   60

61. σϞ ʙ ඇಛݖίϯςφ   $ ls -l ~/.local/share/lxc/ubuntu01/rootfs/ total

    76 drwxr-xr-x 2 100000 100000 4096 Jul 20 13:00 bin drwxr-xr-x 2 100000 100000 4096 Apr 11 07:12 boot drwxr-xr-x 3 100000 100000 4096 Jul 21 01:08 dev : (snip) $ ps aux : (snip) ubuntu 2281 0.0 0.1 43132 1524 ? Ss 01:08 0:00 lxc-start -n untu01 -d 100000 2316 0.1 0.2 33372 2692 ? Ss 01:08 0:00 /sbin/init : (snip)   61

62. LXC ࠷৽ಈ޲ 62

63. LXC ͷݱঢ় ▶ 1.0 ͸ 2014 ೥ 2 ݄ 20

    ೔ϦϦʔε!! ▶ 1.0 ܥ͸ 5 ೥αϙʔτ ▶ ݱࡏ 1.0.5 ▶ 1.0 ͰυΩϡϝϯτ͕ॆ࣮ ▶ ݱࡏ man ͸ӳޠͱ೔ຊޠ (!) ͚ͩͰ͢Α :-D ▶ ςϯϓϨʔτͷॆ࣮ɽओཁσΟετϦϏϡʔγϣϯ͕Ұ௨Γ ଗͬͨ ▶ CentOS ͷ௥Ճ!! ▶ ެࣜαΠτʹ೔ຊޠ͕!! ▶ https://linuxcontainers.org/jp/ 63

64. LXC ։ൃͷಈ޲ ▶ 1.0 ͷ׬੒౓Λ͋͛ͭͭɺ1.1 ΛͦΖͦΖߟ͑Α͏ ▶ CRIU ͷαϙʔτͱ͔ 64

65. Docker 65

66. Docker (ࠓ͞ΒͰ͕͢) ▶ Docker ͕ࣾ։ൃ ▶ golang Ͱ࣮૷ ▶ 6/9

    Docker 1.0 ϦϦʔεɺ߹Θͤͯ ▶ ैདྷ Docker ͱݺ͹Ε͍ͯͨ OSS ͷιϑτ΢ΣΞ͸ “Docker Engine” ʹ ▶ Docker ͷΠϝʔδΛެ։͢Δ৔ॴͱͯ͠ “Docker Hub” ͕ ▶ Docker Engine, Docker Hub, API, ࿈ܞ͢Διϑτ΢ΣΞɺ αʔϏεͳͲͷΤίγεςϜΛ߹Θͤͨ΋ͷ͕ “Docker” ͱ ݺ͹ΕΔ͜ͱʹ 66

67. ੝Γ্͕Γ ▶ Docker Meetup Tokyo #2 ։࠵ɻ100 ໊ఆһʹ 405 ໊ਃ͠ࠐΈ

    (4/11) ▶ Docker ͷͨΊͷܰྔ OSʮRed Hat Enterprise Linux Atomic Hostʯ ɺRed Hat ͕ൃද (Publickey 4/18) ▶ AWS Elastic Beanstalk ͕ Docker Λαϙʔτɺ৽͍͠ܗଶͷ PaaS ΁ɻࣄ ্࣮ͲΜͳݴޠͰ΋࢖͑ɺखݩͷ։ൃ؀ڥΛͦͷ·· PaaS ΁σϓϩΠͰ ͖Δ (Publickey 4/28) ▶ Docker ʹ࠷దԽͨ͠ OS ΠϝʔδΛ Google Compute Engine ͕ఏڙ։ ࢝ɻCoreOS ΋ར༻Մೳʹ (Publickey 5/26) ▶ Docker ͕ Cloud Foundry Foundation ΁ࢀՃද໌ɻདྷ݄ʹ΋ Cloud Foundry ͕ Docker ਖ਼ࣜαϙʔτൃද͔ (5/30 Publickey) ▶ Docker 1.0 ϦϦʔε (6/9) ▶ Google Compute Engine ʹଓ͖ɺGoogle App Engine ΋ Docker αϙʔτ ΛൃදɻDocker ΛΫϥελԽͯ͠؅ཧ͢ΔπʔϧʮKubernetesʯΛΦʔ ϓϯιʔεͰެ։ (Publickey 6/12) ▶ Docker Meetup Tokyo #3 ։࠵ɻ240 ໊ఆһʹ 508 ໊ਃ͠ࠐΈ (7/4) 67

68. Docker Ҏલ ▶ ։ൃ؀ڥͩͱಈ͍ͨͷʹຊ൪؀ڥʹσϓϩΠͨ͠Βಈ͔ͳ ͔ͬͨ. . . (> <) ▶

    ຊ൪؀ڥΛΞοϓσʔτͨ͠Βಈ͔ͳ͘ͳͬͨ (> <) ▶ ͋ͬͪΛΞοϓσʔτͨ͠Β͕ͬͪ͜ಈ͔ͳ͘ͳͬͬͨ (> <) ▶ ΍ͬͯ͸Έͨ΋ͷͷࣦഊͨ͠!! ·ͨ࠷ॳ͔Β (> <) ▶ ΦϦδφϧͷԾ૝ϚγϯΠϝʔδΛΫϩʔϯͯ͠৭ʑ࡞Ζ͏ ˠσΟεΫͷ༰ྔ͕଍Γͳ͍!! (> <) ▶ VM ͷىಈʹ͕͔͔࣌ؒΔͳ͋ (> <) ▶ . . . 68

69. Docker ҎલͷਐԽ (͔ͳΓࡶ) αʔόΛߏஙͯ͠ɺΞϓϦέʔγϣϯΛσϓϩΠ͢Δɿ ▶ ෺ཧαʔόˠԾ૝Ϛγϯ ▶ Ծ૝ϚγϯͳΒͰ͸ͷಛ௃΋͕͋ͬͨɺ࣮ߦ؀ڥɺΞϓϦ έʔγϣϯͷσϓϩΠͳͲͷ໰୊͸ղܾ͠ͳ͍ ▶

    Infrastructure as Code ▶ σϓϩΠखॱͷίʔυԽ ▶ Vagrant ▶ Πϯϑϥ΋ؚΊͯίʔυԽ ▶ खݩͰ Try & Error Λ͠ͳ͕Β։ൃɺߏங ▶ ຖճɺΫϦʔϯͳ؀ڥ͔Β࡞ۀ͕Մೳ ▶ Ծ૝Ϛγϯ͕ຖճىಈ͢ΔͷͰεϐʔυ໘͸ෆརɻԾ૝Ϛγ ϯͷಉ࣌ىಈ࣌ͷϦιʔεͷนɻ 69

70. Docker ͷొ৔ ▶ ίϯςφͷར༻ ▶ ίϯςφͷಛ௃Λ࠷େݶʹ׆͔͢ ▶ ϙʔλϏϦςΟ . .

    . ։ൃ؀ڥͰ͏·͘ಈ͍ͨ΋ͷ͸ɺຊ൪؀ ڥɾผͷ؀ڥͰ΋ಉ͡Α͏ʹಈ͘ ▶ ܰྔ . . . ߴ଎ʹىಈɺΦʔόʔϔου΋গͳ͍ ▶ ΞϓϦέʔγϣϯίϯςφˠػೳ͝ͱͷίϯςφΛ࡞੒͢Δ ͱɺϥΠϒϥϦͷόʔδϣϯͷڝ߹΍ෆ੔߹͕๷͛Δ ▶ ࠩ෼؅ཧ ՄೳͳϑΝΠϧγεςϜ ▶ ϕʔεͷΠϝʔδΛ࡞੒͠ɺ͔ͦ͜ΒඞཁͳϞϊΛೖΕͯ΋ɺ ࠩ෼͚͕ͩ૿Ճ͢Δ͚ͩͳͷͰσΟεΫεϖʔε͕અ໿Ͱ ͖Δ ▶ ͏·͍ͬͨ͘ॴ·Ͱͷࠩ෼Λอଘ (ίϛοτ) ͯ͠ɺͦͷޙͷ ࡞ۀ͸͏·͘ߦͬͨॴ͔ΒͷΈͷࠩ෼ʹͰ͖Δ ▶ ͏·͍͔͘ͳͯ͘΋ࠩ෼ͷ෦෼͚ͩഁغՄೳ ▶ ίϯςφΠϝʔδͷ഑෍Πϯϑϥͷ੔උ 70

71. Immutable Infrastructure ▶ ෆมͷΠϯϑϥ ▶ ഁغՄೳ ▶ Ұ౓Քಇͨ͠Β৮Βͳ͍ ▶ ߋ৽͕ඞཁʹͳͬͨΒ৽͍͠؀ڥΛ࡞ͬͯՔಇͤ͞ɺલͷ؀

    ڥ͸མͱ͢ (ࣺͯΔ) ▶ Blue Green Deployment (ਤ͸ http: //martinfowler.com/bliki/BlueGreenDeployment.html ΑΓ) 71

72. Docker ͷٕज़ཁૉ ▶ ࠩ෼؅ཧ (ϑΝΠϧγεςϜ) ▶ aufs ▶ ॏͶ͋ΘͤՄೳͳϑΝΠϧγεςϜ ▶

    dm-thin ▶ Device Mapper ͷ Thin provisioning ▶ εφοϓγϣοτ ▶ ίϯςφ ▶ υϥΠόʹΑΓίϯςφٕज़ͷ੾Γସ͕͑Մೳ ▶ native(libcontainer) (0.9) ▶ LXC ▶ υϥΠόʹΑΓόοΫΤϯυετϨʔδͷ੾Γସ͕͑Մೳ ▶ aufs ▶ btrfs ▶ device mapper ▶ vfs 72

73. Πϯετʔϧ Ubuntu ▶ https://docs.docker.com/installation/ ▶ Ubuntu ͷϦϙδτϦʹ΋ docker.io ύοέʔδ͕͋Δ͕ɺগ ͠ݹ͍

    ▶ ࠷৽ΛΠϯετʔϧ   $ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1 $ sudo sh -c "echo deb https://get.docker.io/ubuntu docker main\ > /etc/apt/sources.list.d/docker.list" $ sudo apt-get update $ sudo apt-get install lxc-docker   docker άϧʔϓʹϢʔβΛ௥Ճ͢ΔͱɺҰൠϢʔβͰ docker Λ ѻ͑Δɻ 73

74. Πϯετʔϧ Mac OS X ▶ Docker ͸ Linux Χʔωϧͷίϯςφؔ࿈ٕज़Λ࢖͍ͬͯ· ͢ͷͰɺ΋ͪΖΜ

    Mac Ͱಈ͘͸ͣ΋͋Γ·ͤΜ :-) ▶ ͕ɺVirtualBox ܦ༝Ͱ Docker Λ࢖͑·͢ ▶ Πϯετʔϥ΋͋Γ؆୯!! ˠ Installing Docker on Mac OS X ▶ Πϯετʔϥ ˠ https: //github.com/boot2docker/osx-installer/releases 74

75. σϞ ʙ Πϯετʔϧ௚ޙͷ৘ใ   $ docker version Client version:

    1.1.1 Client API version: 1.13 Go version (client): go1.2.1 Git commit (client): bd609d2 Server version: 1.1.1 Server API version: 1.13 Go version (server): go1.2.1 Git commit (server): bd609d2 $ docker info Containers: 0 Images: 0 Storage Driver: aufs Root Dir: /var/lib/docker/aufs Dirs: 0 Execution Driver: native-0.2 Kernel Version: 3.13.0-30-generic WARNING: No swap limit support   75

76. σϞ ʙ Πϝʔδऔಘ ▶ ࣮ߦ͢ΔલʹɺDocker ެࣜͷ Ubuntu ࠷৽ΠϝʔδΛऔಘ ͢Δɻ ▶

    औಘͤͣʹίϯςφ࣮ߦͯ͠΋উखʹऔಘ͢Δ ▶ docker pull   $ docker pull ubuntu:latest Pulling repository ubuntu e54ca5efa2e9: Download complete 511136ea3c5a: Download complete d7ac5e4f1812: Download complete 2f4b4d6a4a06: Download complete 83ff768040a0: Download complete 6c37f792ddac: Download complete $ docker images REPOSITORY TAG IMAGE ID CREATED ubuntu latest e54ca5efa2e9 3 weeks ago   76

77. σϞ ʙ ࣮ߦ ▶ ͓໿ଋͷίϚϯυ࣮ߦ ▶ docker run  

    $ docker run -ti ubuntu /bin/bash root@cbc388b00064:/# root@cbc388b00064:/# uname -a Linux cbc388b00064 3.13.0-30-generic #55-Ubuntu SMP Fri Jul 4 21:40:53 UTC 20 root@cbc388b00064:/# apt-get update root@cbc388b00064:/# apt-get install apache2 root@cbc388b00064:/# exit   ͜ΕͰίϯςφ͸ఀࢭɻ͜ͷޙɺ࠶౓ಉ͡ίϚϯυΛ࣮ߦ͢Δͱ ৽͍͠ίϯςφ͕ىಈ͢Δɻ 77

78. σϞ ʙ ίϯςφͷ֬ೝ ▶ docker ps ▶ σϑΥϧτͰ͸࣮ߦதͷίϯςφͷΈΛҰཡ͢Δ ▶ ఀࢭதͷίϯςφΛݟΔʹ͸

    -a Φϓγϣϯ   $ docker ps -a CONTAINER ID IMAGE COMMAND CREATED cbc388b00064 ubuntu:latest /bin/bash 6 minutes ago   78

79. σϞ ʙ ίϯςφΠϝʔδͷ࡞੒ ▶ docker ίϯςφ͔Β৽͍͠ docker ΠϝʔδΛ࡞੒ ▶ docker

    commit ▶ ઌ΄Ͳͷ Ubuntu ʹ Apache ΛೖΕͨঢ়ଶͰίϯςφΛ࡞੒ ▶ Πϝʔδ໊͸ Ϣʔβ໊/ίϯςφ໊ ͷΑ͏ʹ෇͚Δ ▶ Ϣʔβ໊͸ Docker Hub ͷϢʔβ໊͕ྑ͍   $ docker commit cbc388b00064 tenforward/apache 3a56ca5ffea7430d7af8711750fd37e22dc9d5a002d6e9702e4d37edd28465e0 $ docker images REPOSITORY TAG IMAGE ID CREATED tenforward/apache latest 3a56ca5ffea7 16 seconds ago ubuntu latest e54ca5efa2e9 3 weeks ago $ docker run -ti tenforward/apache /bin/bash root@c69fded73b24:/# dpkg -l | grep apache2 ii apache2 2.4.7-1ubunt amd64 Apache HTTP Server root@c69fded73b24:/# exit exit ubuntu@docker01:~$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED c69fded73b24 tenforward/apache:latest /bin/bash 27 seconds cbc388b00064 ubuntu:latest /bin/bash 12 minutes  79

80. σϞ ʙ σʔϞϯɺϙʔτ ▶ όοΫάϥ΢ϯυͰಈ͔͢ ▶ ίϯςφͷ 80 ൪ϙʔτΛϗετͷ 80

    ൪ϙʔτʹϚοϐϯά   $ docker run -p 80:80 -d tenforward/apache /usr/sbin/apache2ctl -D FOREGROUND 8387788a3a0a65af8e450a30a9b06eb24da6ba2b4a3df89b7e6ea1e2f3ed0818 $ docker ps CONTAINER ID IMAGE COMMAND CREATED 8387788a3a0a tenforward/apache:latest /usr/sbin/apache2ctl 4 minut $ curl -I http://localhost/ HTTP/1.1 200 OK Date: Tue, 15 Jul 2014 17:13:44 GMT Server: Apache/2.4.7 (Ubuntu) Last-Modified: Tue, 15 Jul 2014 16:38:31 GMT ETag: "2cf6-4fe3e09b30fc0" Accept-Ranges: bytes Content-Length: 11510 Vary: Accept-Encoding Content-Type: text/html   80

81. σϞ ʙ ίϯςφ୳๚ ▶ /var/lib/docker/aufs/diff ͷԼΛ୳๚ ▶ ࠩ෼ମݧ  

    # cd /var/lib/docker/aufs/diff/cbc388b0006483a38919cd6c5e07d83cc7d7549840d976 # find . -type f   81

82. σϞ ʙ ΰϛ૟আ ▶ ௐࢠ৐ͬͯ࢖͍ͬͯΔͱίϯςφͷΰϛ͕ͨ·ͬͯσΟεΫ ͕. . . ▶ ఀࢭ͍ͯ͠Δίϯςφͷ࡟আ

    ▶ docker rm   $ docker ps -a CONTAINER ID IMAGE COMMAND CREATED c551d08375e4 ubuntu:latest /bin/bash 5 seconds ago $ docker rm c551d08375e4 c551d08375e4   82

83. σϞ ʙ ࢖Θͳ͘ͳͬͨΠϝʔδͷ࡟আ ▶ docker rmi   $ docker

    images REPOSITORY TAG IMAGE ID CREATED tenforward/apache latest 89f1b311885c 3 seconds ago ubuntu latest e54ca5efa2e9 3 weeks ago $ docker rmi tenforward/apache Untagged: tenforward/apache:latest Deleted: 89f1b311885c10483e0b7ca429d127aa6151c4b651267c2e2b9cff716814c395   83

84. σϞ ʙ Dockerfile ▶ Dockerfile ͷυΩϡϝϯτ   $ mkdir

    apache ; cd apache $ vi Dockerfile $ cat Dockerfile FROM ubuntu:latest RUN apt-get update RUN apt-get install -y apache2 EXPOSE 80 ADD index.html /var/www/html/index.html CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]   ▶ RUN ͸ίϯςφߏஙதʹ࣮ߦ͢ΔίϚϯυ ▶ CMD ͸ίϯςφىಈޙʹ࣮ߦ͢ΔίϚϯυ ▶ ADD Ͱϗετ্ͷϑΝΠϧΛίϯςφ಺ͷࢦఆͷ৔ॴʹ ίϐʔ 84

85. σϞ ʙ Dockerfile   $ docker build -t "tenforward/apache"

    . Sending build context to Docker daemon 2.56 kB Sending build context to Docker daemon Step 0 : FROM ubuntu:latest ---> e54ca5efa2e9 Step 1 : RUN apt-get update ---> Running in a75113064677 : (snip) ---> 5657592916ef Removing intermediate container a75113064677 Step 2 : RUN apt-get install -y apache2 ---> Running in 4acd557884f6 : (snip) ---> 50efac402fcd Removing intermediate container 4acd557884f6 Step 3 : EXPOSE 80 ---> Running in d0c49ff849fa ---> ed283f67c245 Removing intermediate container d0c49ff849fa Step 4 : CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"] ---> Running in 636e31a13387 ---> d8559cf37ae7 Removing intermediate container 636e31a13387 Successfully built d8559cf37ae7 85

86. σϞ ʙ Dockerfile ▶ Dockerfile ͰΠϝʔδߏங׬ྃ   $ docker

    images REPOSITORY TAG IMAGE ID CREATED tenforward/apache latest 266f03af5081 2 minutes ubuntu latest e54ca5efa2e9 3 weeks ag   ▶ ࣮ߦ   $ docker run -p 80:80 -d tenforward/apache a514a27c9b91a0342a6801f17a81f5edc9e0bde9ef39a8d973013e17cb7a3274   86

87. σϞ ʙ Dockerfile ▶ ઌʹίϯςφΛ࡞੒ͨ͠ Dockerfile Λमਖ਼ͯ͠ɺ࠶౓ build Λ࣮ߦ͢Δͱ. .

    . ▶ Using cache* ͕ΩϞ!! ▶ Ұ౓࣮ߦͨ͠ॴ͸࠶࣮ߦͤͣʹΩϟογϡΛ࢖͏   $ docker build -t "tenforward/apache" . Sending build context to Docker daemon 3.584 kB Sending build context to Docker daemon Step 0 : FROM ubuntu:latest ---> e54ca5efa2e9 Step 1 : RUN apt-get update ---> Using cache ---> e178d7ec23b0 Step 2 : RUN apt-get install -y apache2 ---> Using cache ---> 7daa5cb7ead2 : (snip) Removing intermediate container d995be466fb1 Successfully built e89b49b4d860   87

88. Docker ͷωοτϫʔΫ ▶ docker σʔϞϯ͕ىಈ͢Δͱ “docker0” ͱ͍͏ϒϦοδ͕ ࡞੒͞ΕΔ  

    $ brctl show bridge name bridge id STP enabled interfaces docker0 8000.56847afe9799 no   ▶ ίϯςφىಈޙ   $ brctl show bridge name bridge id STP enabled interfaces docker0 8000.56847afe9799 no vethcf5a   ▶ veth ΠϯλʔϑΣʔε͕࡞ΒΕɺdocker0 ʹΞλον͞Εͯ ͍Δ͜ͱ͕Θ͔Δɻ 88

89. Docker ͷωοτϫʔΫ ▶ docker0 ͷΞυϨε   $ ip addr

    show docker0 | grep inet inet 172.17.42.1/16 scope global docker0 inet6 fe80::5484:7aff:fefe:9799/64 scope link   ▶ ίϯςφͷΞυϨε   $ docker inspect -f "{{ .NetworkSettings.IPAddress }}" 74a2e6b77884 172.17.0.2   89

90. Docker ͷωοτϫʔΫ ▶ ͜͜Ͱ͸ίϯςφͷΞυϨε͸ “172.17.0.16”   $ curl -I

    http://172.17.0.16 HTTP/1.1 200 OK Date: Wed, 16 Jul 2014 10:41:19 GMT Server: Apache/2.4.7 (Ubuntu) Last-Modified: Wed, 16 Jul 2014 10:23:51 GMT ETag: "2cf6-4fe4ceba0dbc0" Accept-Ranges: bytes Content-Length: 11510 Vary: Accept-Encoding Content-Type: text/html   ▶ EXPOSE 80 Ͱ docker0 ʹରͯ͠ 80 ൪ϙʔτ͸։͚ͯ͋Δ ͷͰɺΞΫηεՄೳ ▶ EXPOSE ͍ͯ͠ͳ͚Ε͹ docker0 ʹ઀ଓ͞ΕΔωοτϫʔΫ ͷϙʔτ͸ด͍ͯ͡ΔͷͰΞΫηεͰ͖ͳ͍ 90

91. Docker ͷωοτϫʔΫ ▶ docker0 ͷωοτϫʔΫ͸࢖ΘΕ͍ͯΔωοτϫʔΫͱॏෳ ͠ͳ͍Α͏ʹ docker σʔϞϯ͕ઃఆ ▶ ίϯςφͷΞυϨε͸

    docker ͕ܾΊΔ (DHCP Ͱ͸ͳ͍!) 91

92. ίϯςφؒ௨৴ ▶ σϑΥϧτͰ͸ίϯςφؒ௨৴͸ڐՄ͞Ε͍ͯΔ ▶ ڋ൱͢Δʹ͸ docker σʔϞϯΛ --icc=false Ͱىಈ ▶

    ίϯςφؒ௨৴Λڋ൱ͨ͠৔߹Ͱ΋ίϯςφىಈ࣌ʹ --link ΦϓγϣϯΛ࢖͍ɺಛఆͷίϯςφ͚ؒͩ௨৴͢Δ ͜ͱ΋Մೳ 92

93. ϦϙδτϦ ▶ docker commit Ͱ৽͍͠Πϝʔδ͕࡞੒Ͱ͖Δ͕ɺଞͷϗ ετͰ͸࢖͑ͳ͍ ▶ ϦϙδτϦͷར༻ ▶ ύϒϦοΫͳϦϙδτϦ

    ˠ Docker Hub ্ʹ࡞੒Մೳ ▶ ϓϥΠϕʔτϦϙδτϦ ˠϦϙδτϦ༻ͷίϯςφΠϝʔ δ͕͋ΔͷͰͦΕΛऔಘͯ͠ىಈ ▶ Docker Hub ্ʹ΋ϓϥΠϕʔτͳϦϙδτϦΛ࡞੒Մೳ (ແ ྉͩͱ 1 ͚ͭͩ) 93

94. Docker Hub ▶ https://hub.docker.com/   $ docker login (࠷ॳҰ౓͚ͩ)

    $ docker push tenforward/apache   94

95. Docker Hub ▶ github, bitbucket ͱ࿈ܞͤͯ͞ΠϝʔδΛࣗಈϏϧυՄೳ ▶ (σϞ) github ͱͷ࿈ܞ

    95

96. Docker Ԡ༻ Docker Λ࢖ͬͨ CI 96

97. Docker ؔ࿈ ΩʔϫʔυͷΈ. . . ▶ CoreOS ▶ libswarm ▶

    Orchestration ▶ Serf ▶ Consul ▶ ϩά 97

98. ࠷ޙʹ 98

99. ·ͱΊ ͜ͷൃදࣗମ͕·ͱΊͬΆ͍ͷͰಛʹ͋Γ·ͤΜɻੋඇɺ৭ʑ͓ ࢼ͠௖͍ͯɺࠓ౓͸ࢲʹ৭ʑڭ͍͑ͯͩ͘͞ɻ ঺հͨ͠௨Γ LXC ΋ Docker ΋͓͘͢͝ؾܰʹ͓ࢼ͠Ͱ͖·͢!! 99

100. ৘ใަ׵ ৘ใަ׵ͷ৔ ▶ lxc JP άϧʔϓ ▶ ίϯςφͷ࿩Λ·ͬͨΓ΍͍ͬͯ·͢ɽͨ·ʔʹ͔͠ϝʔϧ ͸དྷ·ͤΜɽlxc-jp ͱ͍͏໊લͰ͕͢ɼ࿩୊͸

     LXC ʹݶΒͣ ԿͰ΋ OK Ͱ͢ɽ ▶ Facebook ͷ Docker Community Japan ษڧձ ▶ ίϯςφܕԾ૝Խͷ৘ใަ׵ձ ▶ Docker Meetup Tokyo ▶ ͨͩ͠ɺࠂ஌ޙҰॠͰ࿮͕ຒ·Γ·͢ 100

101. ຋༁ ▶ lxc man pages ຋༁ ▶ ڠྗऀืू! (ಛʹࠪಡ!!) ▶

     linuxcontainers.org ຋༁ ▶ ڠྗऀืू ▶ ͝ڠྗ͍͚ͨͩΔํ͸ github ͷ lxc-jp ʹొ࿥͠·͢ 101

102. ͋Γ͕ͱ͏͍͟͝·ͨ͠ 102

103. ࢀߟจݙ ▶ Docker جૅ+0.9/0.10 ֓ཁ (@mainyaa ͞Μͷ Docker Meetup Tokyo

     #2 ࢿྉ) ▶ Vagrant ϢʔβͷͨΊͷ Docker ೖ໳ (shin1x1 ͞Μͷୈ 3 ճ ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏେࡕ ࢿྉ) ▶ ʮ͍·͞Βฉ͚ͳ͍ Docker ೖ໳ʯ(@IT) ▶ Immutable Infrastructure ͕։ൃϓϩηεʹ༩͑ΔӨڹ (Ծ) (@naoya ito ͞Μͷ Immutable Infrastructure Conference #1 ࢿྉ) 103