LXC Update (2015-02-18)

Transcript

1. LXC Update Ճ౻ହจ 2015-02-18 Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 1

   / 29

2. ୭? Ճ౻ହจ http://www.ten-forward.ws/ @ten forward http://gplus.to/tenforward https://github.com/tenforward http://d.hatena.ne.jp/defiant/ (ٕज़ϒϩά) Ճ౻ହจ

   ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 2 / 29

3. ୭? ϑΝʔεταʔόɹج൫։ൃ෦ɹॴଐ ৽ϒϥϯυͷϗεςΟϯάαʔϏε͸͡Ί·ͨ͠ Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 3 /

   29

4. ୭? 2010 ೥ࠒʹ cgroup ͷௐࠪΛ࢝Ίͨͷ͕͖͔͚ͬͰίϯςφ पลΛ৭ʑ͓͔͚ͬͯͨͷ͕ߴͯ͜͡ͷษڧձΛ΍ͬͯ·͢ LXC ΁ͷίϛοτ ೔ຊޠ man

   pages / ࠷ۙ͸গ͠ίʔυ΋ linuxcontainers.org ຋༁ Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 4 / 29

5. ୭? Plamo Linux ϝϯςφ LXC ͰֶͿίϯςφೖ໳ɹʔܰྔԾ૝Խ؀ڥΛ࣮ݱ͢Δٕज़ gihyo.jp Ͱ࿈ࡌ ʲվగ৽൛ʳLinux ΤϯδχΞཆ੒ಡຊ

   (ٕज़ධ࿦ࣾ) Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 5 / 29

6. ࠓ೔ͷ಺༰ LXCFS LXC 1.1 LXD ͦͷଞ Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ

   2015-02-18 6 / 29

7. LXCFS LXC ༻ͷίϯςφ಺ͷ໰୊Λղܾ͢Δ FUSE ϑΝΠϧγε ςϜ ඇಛݖίϯςφͰ cgroupfs ͬΆ͍πϦʔΛίϯςφ಺ʹ࠶ݱ ίϯςφ಺ͷ

   cpuinfo, meminfo, stat, uptime Λίϯςφ޲ ͚ͷ಺༰ʹݟͤΔ Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 7 / 29

8. LXCFS ࢖͍ํ   $ sudo lxcfs -s -f -o

   allow_other /var/lib/lxcfs   lxcfs   $ ls /var/lib/lxcfs/ cgroup proc $ ls /var/lib/lxcfs/proc/ cpuinfo meminfo stat uptime $ ls /var/lib/lxcfs/cgroup/ blkio cpuacct devices hugetlb name=systemd cpu cpuset freezer memory perf_event   Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 8 / 29

9. LXCFS LXCFS ͷ proc ҎԼͷϑΝΠϧ͸ͦΕͧΕίϯςφ಺ͷ /proc ҎԼʹόΠϯυϚ΢ϯτ͞ΕΔ ϗετͷ cgroupfs ͷίϯςφʹରԠ͢Δ

   cgroup ͔Βಘͨ৘ ใΛݩʹίϯςφ಺ͷ֤ϑΝΠϧΛੜ੒ LXCFS ͷ cgroup ҎԼͷσΟϨΫτϦ͸ίϯςφ಺ͷ /sys/fs/cgroup ҎԼʹόΠϯυϚ΢ϯτ͞ΕΔ systemd ͕ίϯςφ಺Ͱಈ͘৔߹ʹඞཁ Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 9 / 29

10. LXCFS ͜Ε·Ͱ   $ sudo grep cgroup /var/lib/lxc/ct01/config lxc.cgroup.memory.limit_in_bytes

    = 256M (ϝϞϦ্ݶ 256MB ʹઃఆ) $ sudo lxc-start -n ct01 -d (ίϯςφىಈ) $ grep MemTotal /proc/meminfo (ϗετͷϝϞϦྔ) MemTotal: 1017908 kB $ sudo lxc-attach -n ct01 -- grep MemTotal /proc/meminfo MemTotal: 1017908 kB (ϗετͷϝϞϦྔͦͷ··)   LXCFS Λ࢖ͬͨ৔߹   $ sudo grep cgroup /var/lib/lxc/ct01/config lxc.cgroup.memory.limit_in_bytes = 256M (ϝϞϦ্ݶ 256MB ʹઃఆ) $ sudo lxc-start -n ct01 (ίϯςφىಈ) $ grep MemTotal /proc/meminfo (ϗετͷϝϞϦྔ) MemTotal: 1017792 kB $ sudo lxc-attach -n ct01 -- grep MemTotal /proc/meminfo MemTotal: 262144 kB (cgroup Ͱઃఆ੍ͨ͠ݶͷ஋ʹͳ͍ͬͯΔ)   Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 10 / 29

11. ࠓ೔ͷ಺༰ LXCFS LXC 1.1 LXD ͦͷଞ Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ

    2015-02-18 11 / 29

12. LXC 1.1 LXC 1.1.0 2015 ೥ 1 ݄ 30 ೔ʹϦϦʔε

    2016 ೥ 1 ݄ or ࣍ͷϦϦʔε͕͞Ε͍ͯͳ͍৔߹͸ϦϦʔε ͷ 2 ϲ݄ޙ·Ͱαϙʔτ LXC 1.0 ܥྻ͸ 2019 ೥ 4 ݄·Ͱαϙʔτ Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 12 / 29

13. LXC 1.1 ৽ػೳ CRIU Λ࢖ͬͨίϯςφͷνΣοΫϙΠϯτɾϦετΞػೳ ͷαϙʔτ ίϯςφͷ init ͱͯ͠ systemd

    Λαϙʔτ cgmanager, lxcfs ͱ૊Έ߹ΘͤͯඇಛݖίϯςφͰ΋ಈ࡞ Մೳ Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 13 / 29

14. LXC 1.1 ʙ CRIU ʹΑΔC/R lxc-checkpoint ϓϩάϥϜʹΑΔνΣοΫϙΠϯτɾϦετΞ   ubuntu@criu1:~$

    sudo lxc-start -n ct01 ubuntu@criu1:~$ sudo lxc-checkpoint -v -n ct01 -s -D /tmp/checkpoint (νΣο ΫϙΠϯτॲཧޙʹίϯςφఀࢭ) ubuntu@criu1:~$ sudo lxc-ls --fancy NAME STATE IPV4 IPV6 GROUPS AUTOSTART -------------------------------------------- ct01 STOPPED - - - NO ubuntu@criu1:~$ ls /tmp/criu/ cgroup.img fdinfo-17.img inventory.img pages-15.img core-170.img fdinfo-18.img ipcns-msg-9.img pages-16.img core-176.img fdinfo-2.img ipcns-sem-9.img pages-17.img core-1.img fdinfo-3.img ipcns-shm-9.img pages-1.img core-260.img fdinfo-4.img ipcns-var-9.img pages-2.img core-261.img fdinfo-5.img iptables-8.img pages-3.img : (snip) ubuntu@criu1:~$ sudo rsync -avz --devices --rsync-path="sudo rsync" \ /var/lib/lxc/ct01 [email protected]:/var/lib/lxc ubuntu@criu1:~$ sudo rsync -avz --rsync-path="sudo rsync" \ /tmp/checkpoint [email protected]:/tmp   Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 14 / 29

15. LXC 1.1 ʙ CRIU ʹΑΔC/R lxc-checkpoint ϓϩάϥϜʹΑΔνΣοΫϙΠϯτɾϦετΞ   ubuntu@criu2:~$

    ls /tmp/criu/ cgroup.img fdinfo-3.img ipcns-sem-9.img pages-3.img core-1.img fdinfo-4.img ipcns-shm-9.img pages-4.img core-255.img fdinfo-5.img ipcns-var-9.img pages-5.img core-260.img fdinfo-6.img iptables-8.img pages-6.img : (snip) ubuntu@criu2:~$ sudo lxc-checkpoint -n ct01 -r -D /tmp/checkpoint -v -d ubuntu@criu2:~$ sudo lxc-ls -f NAME STATE IPV4 IPV6 GROUPS AUTOSTART -------------------------------------------------- ct01 RUNNING 10.0.3.200 - - NO   Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 15 / 29

16. LXC 1.1 ͦͷଞมߋ఺ lxc-start ͸σʔϞϯϞʔυ͕σϑΥϧτʹ lxc-execute ͸ίϯςφ಺ʹ lxc-init ΛόΠϯυϚ΢ϯτ͢Δ Α͏ʹ

    lxc.autodev ͕σϑΥϧτ༗ޮʹɻ࠷௿ݶͷ /dev ҎԼΛ LXC ͕४උ lxc-snapshot ͷεφοϓγϣοτͷอଘ৔ॴ͕ίϯςφσΟ ϨΫτϦ಺ʹ openvswitch ϒϦοδͷαϙʔτ lxc-top, lxc-device ίϚϯυ͕ C όΠφϦʹ ͦͷଞଟ਺ (https://linuxcontainers.org/ja/lxc/news/) Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 16 / 29

17. ࠓ೔ͷ಺༰ LXCFS LXC 1.1 LXD ͦͷଞ Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ

    2015-02-18 17 / 29

18. LXD ߏ੒ REST API Λఏڙ͢ΔσʔϞϯ ίϚϯυϥΠϯΫϥΠΞϯτ OpenStack Nova ϓϥάΠϯ Ճ౻ହจ

    ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 18 / 29

19. LXD ػೳ APIɺίϚϯυϥΠϯπʔϧΛ࢖ͬͯωοτϫʔΫ্ͷίϯ ςφͷ؅ཧ͕Մೳ Πϝʔδϕʔε ϥΠϒϚΠάϨʔγϣϯ LXD ϗετΛ OpenStack ίϯϐϡʔτϊʔυʹ

    LXC ͷ Go όΠϯσΟϯάΛ࢖ͬͯ liblxc ܦ༝ͰίϯςφΛૢ࡞ Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 19 / 29

20. LXD LXD ͷىಈ lxd ͷىಈ   $ mkdir -p

    /var/lib/lxd $ lxd &   ެࣜจॻ͸ҰൠϢʔβͰىಈ͍ͯ͠Δɻͦͷ৔߹͸ඇಛݖί ϯςφ޲͚ͷ४උ͕ඞཁ subuid, subgid ͷઃఆ chown $USER:$USER /var/lib/lxd Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 20 / 29

21. LXD ϩʔΧϧͷίϯςφͷૢ࡞ ίϯςφ࡞੒ɺىಈ   $ lxc init ubuntu test01

    (ίϯςφͷ࡞੒ɺΠϝʔδΛऔಘͯ͠ίϯςφ࡞੒) $ lxc list (Ұཡ) test01 $ lxc start test01 (ίϯςφىಈ)   ίϯςφ಺ͰίϚϯυͷ࣮ߦ   $ lxc exec test01 -- /bin/uname -a Linux test01 3.19.0-plamo64-karma #2 SMP PREEMPT Mon Feb 9 16:13:40 JST 2015 x86_   Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 21 / 29

22. LXD ϦϞʔτ͔Βͷૢ࡞Λड͚෇͚Δ࣌ͷ LXD ͷىಈ lxd ͷىಈ   $ lxd

    --tcp=10.200.200.200:8443 & $ lxc config set pasword (ύεϫʔυͷઃఆ)   Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 22 / 29

23. LXD ϦϞʔτͷ LXD ϗετͷૢ࡞Λߦ͏ (https://asciinema.org/a/16544) ϦϞʔτϗετͷొ࿥   $ lxc

    remote add lxdhost 10.200.200.200:8443 (10.200.200.200 ͷϗετΛ "lxdhost" ͱ͍͏໊લͰొ࿥) Certificate fingerprint: 8c ea 8b a3 a0 64 dd 9f 5e fb 28 dd f6 89 c6 58 7c 8b e0 ab 62 c1 14 f5 50 dc 44 16 ok (y/n)? y Admin password for lxdhost: ("lxdhost" Ͱઃఆͨ͠ύεϫʔυΛೖΕΔ) Client certificate stored at server: lxdhost   ϦϞʔτͷίϯςφͷૢ࡞   $ lxc init ubuntu lxdhost:test01 ("test01" ίϯςφΛ "lxdhost" ʹ࡞੒) $ lxc list lxdhost: ("lxdhost" ͷίϯςφҰཡ) test01 $ lxc start lxdhost:test01 ("lxdhost"্ͷ"test01"ίϯςφͷىಈ) $ lxc exec lxdhost:test01 -- /bin/uname -a ("lxdhost"্ͷ"test01"ίϯςφͰ uname ίϚϯυ࣮ߦ) Linux test01 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux   Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 23 / 29

24. ࠓ೔ͷ಺༰ LXCFS LXC 1.1 LXD ͦͷଞ Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ

    2015-02-18 24 / 29

25. ͦͷଞ ެࣜϖʔδ https://linuxcontainers.org ϦχϡʔΞϧ ೔ຊޠϖʔδ͸׬શʹӳޠϖʔδʹ௥ਵ (ͯ͠Δͭ΋Γ w) ଴๬ͷϩΰϚʔΫ (?) Ճ౻ହจ

    ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 25 / 29

26. ·ͱΊ LXCFS LXC 1.1 LXD ͦͷଞ Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ

    2015-02-18 26 / 29

27. ·ͱΊ LXC 1.0.0 ϦϦʔε͔Β໿ 1 ೥ɺࡉ͔͍ͱ͜ΖͰ࢖͍উख͕ ྑ͘ͳͬͨΓɺ༷ʑͳ؀ڥͰ౳͖ͪ͘͠Μͱಈ͘Α͏ʹͳͬ ͨײ͡ LXD ָ͠Έ

    Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 27 / 29

28. ڠྗऀืू ڠྗऀืूதɻಛʹϨϏϡʔ man pages ຋༁ linuxcontainers.org ຋༁ ͜ͷษڧձ Ճ౻ହจ ୈ

    6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 28 / 29

29. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ Ճ౻ହจ ୈ 6 ճίϯςφܕԾ૝Խͷ৘ใަ׵ձ 2015-02-18 29 / 29