いまさら聞けない Linux コンテナの基礎 / OSC 2016 Kyoto

Transcript

1. ͍·͞Βฉ͚ͳ͍ Linux ίϯςφͷجૅ OSC 2016 Kyoto Ճ౻ହจ 2016-07-30 1

2. ࣗݾ঺հ Ճ౻ହจ • http://www.ten-forward.ws/ • @ten forward • http://gplus.to/tenforward •

   https://github.com/tenforward • http://d.hatena.ne.jp/defiant/ (ٕज़ϒϩά) 2

3. ࣗݾ঺հ • Plamo Linux ϝϯςφ • LXC ͰֶͿίϯςφೖ໳ɹʔܰྔԾ૝Խ؀ڥΛ࣮ݱ͢Δٕज़ gihyo.jp Ͱ࿈ࡌ

   3

4. ࣗݾ঺հ • LXC/LXD ͷ։ൃʹগ͠ࢀՃ • man page ͷ೔ຊޠ༁ • ެࣜϖʔδ

   (linuxcontainers.org) ຋༁ • όάϑΟοΫεͳͲগ͚ͩ͠ίʔυʹ΋ߩݙ • LXD ೔ຊޠϝοηʔδ 4

5. ࣭໰ 5

6. σϞ 6

7. ࠓ೔ͷ໨ඪ • ίϯςφͷ֓ཁΛཧղ͢Δ • Linux Χʔωϧ͕࣋ͭίϯςφΛߏ੒͢ΔͨΊͷओཁͳػೳ Λ֮͑Δ 7

8. ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • σϞ

   • cgroup • σϞ • ωοτϫʔΫؔ࿈ػೳ (͕࣌ؒ͋Ε͹) • ίϯςφͰ࢖͑Δ໘ന͍ػೳ (͕࣌ؒ͋Ε͹) • ·ͱΊ 8

9. ίϯςφ֓ཁ 9

10. ίϯςφͱ͸ ΧʔωϧͷػೳͰ • ִ཭͞ΕۭͨؒͰϓϩηεΛ࣮ߦ͢Δ • ϓϩηεʹରͯ͠Ϧιʔε੍ݶΛઃఆ͢Δ 10

11. ίϯςφͱ͸ • Χʔωϧ͔ΒݟΔͱී௨ʹϓϩηε͕ىಈ͢Δ͚ͩ • ىಈ͢Δࡍʹִ཭Λࢦࣔ͢Δ • ΧʔωϧͷػೳͰ (ෳ਺ͷ) ಠཱۭͨؒ͠Λ࡞Γग़͠ɼϦιʔ εΛ෼ׂɾ෼഑͢Δ

    • ϓϩηεΛάϧʔϓԽͯ͠ଞͱϦιʔεۭؒΛִ཭ • άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ • Ծ૝Խͱ͍͏ΑΓʮִ཭Խʯͱݴͬͨ΄͏͕Θ͔Γ΍͍͢ ͔΋ • Ծ૝తͳίϯϐϡʔλɾγεςϜΛ࠶ݱ͢ΔԾ૝Ϛγϯʹର ͯ͠ɺԾ૝తͳ OS ؀ڥΛఏڙ͢Δ • ˠ OS ϨϕϧͷԾ૝Խ 11

12. ίϯςφͷϝϦοτ • ߴີ౓Խ͕Մೳ • ىಈ͍ͯ͠Δ OS (Χʔωϧ) ͸Ұͭ • Φʔόʔϔου͕খ͍͞

    • ϋʔυ΢ΣΞͷԾ૝Խ͕ෆཁ • ىಈ͕ૣ͍ • Ծ૝ϚγϯͷىಈͰ͸ͳ͘ɼϗετ OS ͔ΒݟͨΒ୯ʹϓϩ ηε͕ىಈ͍ͯ͠Δ͚ͩͳͷͰɼී௨ͷϓϩάϥϜ͕ىಈ͢ Δͷͱ΄ͱΜͲมΘΒͳ͍ • ඞͣ͠΋γεςϜΛಈ͔͢ඞཁ͸ͳ͍ (ΞϓϦέʔγϣϯί ϯςφ) • ྫ͑͹ίϯςφ಺Ͱ͸ httpd ͷΈ͕ಈ͍͍ͯΔ • ίϯςφʹϝϞϦΛݻఆతʹׂΓ౰ͯΔඞཁ͕ͳ͍ 12

13. ίϯςφͷσϝϦοτ • ҟͳΔ OS ͷγεςϜ / ϓϩάϥϜ͸ಈ͔ͤͳ͍ • ୯ʹϗετ OS

    ্Ͱϓϩηε͕ىಈ͢Δ͚ͩͳͷͰ౰ͨΓલ • ΧʔωϧʹؔΘΔૢ࡞͸Ͱ͖ͳ͍ • ىಈ͍ͯ͠ΔΧʔωϧ͸มΘΒͳ͍ͷͰ • ίϯςφຖʹϩʔυ͢ΔϞδϡʔϧΛม͑ΔͳͲ • Χʔωϧͷ࣮૷͸ෳࡶʹͳΔ • શͯΧʔωϧͷػೳͱ࣮ͯ͠૷͞Ε͍ͯΔͷͰ 13

14. ىಈͤ͞Δϓϩηε͔ΒΈͨίϯςφ • γεςϜίϯςφ • init Λىಈ͢Δɻී௨ʹ OS ͕ىಈ͢Δͷͱಉ༷ • ΞϓϦέʔγϣϯίϯςφ

    • ୯ҰͷϓϩηεͷΈىಈɻඞཁͳΞϓϦέʔγϣϯͷΈִ཭ ͞Εͨ؀ڥͰ࣮ߦɻ 14

15. ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • σϞ

    • cgroup • σϞ • ωοτϫʔΫؔ࿈ػೳ (͕࣌ؒ͋Ε͹) • ίϯςφͰ࢖͑Δ໘ന͍ػೳ (͕࣌ؒ͋Ε͹) • ·ͱΊ 15

16. Linuxʹ͓͚Δίϯςφͷ࢓ ૊Έ 16

17. Linux ʹ͓͚Δίϯςφ͸Χʔωϧʹʰίϯςφʱ ͱ͍͏୯Ұͷػೳ͕࣮૷͞Ε࣮ͯݱ͍ͯ͠ΔΘ͚ Ͱ͸͋Γ·ͤΜ 17

18. Linux ͰίϯςφΛ࣮ݱ͢ΔͨΊͷػೳ Linux Χʔωϧʹؚ·ΕΔ৭ʑͳػೳΛ૊Έ߹Θͤͯίϯςφ؀ ڥΛ࡞੒͢ΔɻͦΕͧΕͷػೳ͸ίϯςφઐ༻ͷػೳͱ͍͏Θ͚ Ͱ͸ͳ͍ɻ • ϓϩηεΛάϧʔϓԽͯ͠ଞͷάϧʔϓͱִ཭ • OS

    Ϧιʔεͷִ཭ • ˠ Namespace (໊લۭؒ) • άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ • ϗετͷ෺ཧϦιʔεʹର͢Δ੍ݶ • ˠ cgroup (control group) 18

19. Linux ͰίϯςφΛ࣮ݱ͢ΔͨΊͷػೳ • ͦͷଞ • ωοτϫʔΫ (veth, macvlan ͳͲ) •

    έʔύϏϦςΟ • chroot (pivot root) • bind mount • Checkpoint/Restore (CRIU) • ͳͲͳͲ 19

20. Linux ͷίϯςφ࣮૷ྫ • Docker ΞϓϦέʔγϣϯίϯςφͷ࣮ߦʹಛԽɻίϯςφؔ࿈ͷॲཧ͸ runC ϓ ϩδΣΫτ಺ͷ libcontainer Λ࢖༻ɻ͍·΍ʮDockerʯͱ͍͏ݴ༿͕ࢦ

    ͢΋ͷ͸ίϯςφͰ͸͋Γ·ͤΜɻΞϓϦέʔγϣϯΛ؆୯ʹ։ൃͨ͠Γ ߏஙͨ͠Γ͢ΔͨΊͷϓϥοτϑΥʔϜɺΠϯϑϥɻ • runC (libcontainer) Docker ʹΑΔ Open Container Project ४ڌͷ࣮૷ • LXC/LXD Ubuntu Λத৺ʹ։ൃɻओʹγεςϜίϯςφΛ࣮ߦ͢Δ͜ͱΛલఏʹ࡞ ΒΕ͍ͯΔ͕ɺΞϓϦέʔγϣϯίϯςφͷ࣮ߦ΋Մೳɻඇಛݖίϯςφ ͕࣮ߦͰ͖Δɻ 20

21. Linux ͷίϯςφ࣮૷ྫ • OpenVZ Linux ͷίϯςφ࣮૷ͱͯ͠͸ݹ͔͘Β͋Δ࣮૷ͷͻͱͭɻ2000 ೥͝Ζ ͔ΒɻΧʔωϧʹύονΛద༻͢ΔɻΧʔωϧʹ࣮૷͞Ε͍ͯΔίϯςφ ؔ࿈ػೳ͸ OpenVZ

    ༝དྷͷػೳ͕ଟ਺͋ΔɻOpenVZ Λϕʔεʹͨ͠঎ ༻൛ Virtuozzo ͕ଘࡏ͢Δɻ • rkt CoreOS ͕ࣾ։ൃ͢ΔΞϓϦέʔγϣϯίϯςφͷϥϯλΠϜɻ • systemd ͝ଘ஌ Linux ޲͚ͷ࠷ۙओྲྀͱͳͬͨ init ࣮૷ͷͻͱͭɻίϯςφΛѻ͏ ίϚϯυ΍࢓૊Έ΋಺แ͍ͯ͠Δ 21

22. Linux ͷίϯςφ࣮૷ྫ • MINCS γΣϧεΫϦϓτͰॻ͔Εͨίϯςφ࣮૷ • bocker “Docker implemented in

    around 100 lines of bash” • haconiwa ίϯςφ࣮૷ɾ࡞੒ͷͨΊͷ (m)Ruby DSL • aqr perl Ͱॻ͔Εͨίϯςφ࣮૷ • Awesome Container ͦͷଞ৭ʑ·ͱ·ͬͯ·͢ 22

23. ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • σϞ

    • cgroup • σϞ • ωοτϫʔΫؔ࿈ػೳ (͕࣌ؒ͋Ε͹) • ίϯςφͰ࢖͑Δ໘ന͍ػೳ (͕࣌ؒ͋Ε͹) • ·ͱΊ 23

24. Linux ʹ͓͚Δίϯςφͷ࢓૊Έ Namespace 24

25. Namespace(໊લۭؒ) • ִ཭͍ͨ͠ OS Ϧιʔε͝ͱʹ Namespace ͕४උ͞ΕΔ • Ұ෦ͷ Namespace

    ͚ͩ࢖༻ִͯ͠཭؀ڥΛ࡞Δ͜ͱ͕Ͱ ͖Δ 25

26. Mount Namespace (2.4.19ʙ) • ϓϩηε͔Βݟ͍͑ͯΔϚ΢ϯτͷू߹ɼૢ࡞Λ෼཭͢Δɽ Namespace ಺ͷ mount, umount ͕ଞͷ

    Namespace ʹӨ ڹΛ༩͑ͳ͍Α͏ʹͰ͖Δ (༩͑ΔΑ͏ʹ΋Ͱ͖Δ) ˠ private/shared/slave • ࢀߟ: • Ϛ΢ϯτ໊લۭؒΛద༻͢Δ (IBM developerWorks) • Mount Namespace and shared subtrees (lwn.net) • Mount namespaces, mount propagation, and unbindable mounts (lwn.net) • Χʔωϧෟଐจॻ (Documentation/filesystems/sharedsubtree.txt) • σϑΥϧτ͸ private ͕ͩɺsystemd ͸/Λ shared ͰϚ΢ϯ τ͢Δ 26

27. UTS Namespace (2.6.19ʙ) • ϗετ໊ͳͲɼuname(2) ͕ฦ͢஋ͷू߹Λ෼཭ɽ setdomainname(2), sethostname(2) Ͱ Namespace

    ಺ͷ ஋ͷΈมߋͰ͖Δ   user$ hostname enterprise --- (͜͜·Ͱϗετͷ Namespace) --- user$ sudo unshare --uts (৽͍͠ Namespace ࡞੒) root# hostname enterprise (ॳظ஋͸ϗετͱಉ͡) root# hostname utsns (ϗετ໊มߋ) root# hostname utsns root# exit logout --- (͔͜͜Βϗετͷ Namespace) --- user$ hostname enterprise   27

28. PID Namespace (2.6.24ʙ) • PID ۭؒͷ෼཭ɽ৽͍͠ PID Namespace Ͱ͸ PID

    1 ͔Β ࢝·Δ PID ׂ͕Γ౰ͯΒΕΔɽ਌͔Βࢠͷ PID Namespace ͸ݟ͑Δ (਌ͷۭؒͷ PID Λ࣋ͭ) ͕ɼࢠ͔Β਌͸ݟ͑ͳ͍ 28

29. IPC Namespace (2.6.19ʙ) • SysV IPC ΦϒδΣΫτɼPOSIX ϝοηʔδΩϡʔͷִ཭  

    # ipcs -q (ϗετͷ Namespace ্ͰϝοηʔδΩϡʔͷ֬ೝ) ------ Message Queues -------- key msqid owner perms used-bytes messages 0x4b79e805 32768 root 644 0 0 # unshare --ipc (৽ͨʹ IPC Namespace ࡞੒) # ipcs -q (৽ͨʹ࡞ͬͨ Namespace ͰΩϡʔΛ֬ೝ͢Δͱଘࡏ͠ͳ͍) ------ Message Queues -------- key msqid owner perms used-bytes messages   29

30. User Namespace (3.8ʙ) • ಠཱͨ͠ UID/GID ۭؒͱ֎෦ۭؒͷϚοϐϯά (ྫ͑͹ɼ ִ཭ۭؒͰ͸ uid/gid

    0/0ɼ֎෦Ͱ͸ 1000/1000 ͱ͔Մೳ ʹͳΔ) • User Namespace ͸ҰൠϢʔβͰ࡞੒Ͱ͖ɺNamespace ಺ ͷಛݖϢʔβ͸ଞͷ Namespace Λ࡞੒Ͱ͖Δ (User Namespace Ҏ֎ͷ Namespace ͸ಛݖ͕ඞཁ) 30

31. Network Namespace (2.6.26ʙ) • ωοτϫʔΫϦιʔεͷִ཭ • ωοτϫʔΫσόΠε • ϧʔςΟϯάςʔϒϧ •

    ιέοτ • ϑΟϧλϦϯά • ΞυϨε 31

32. cgroup Namespace (4.6ʙ) • cgroup ͷִ཭ • /proc/$PID/cgroup ϑΝΠϧ಺ͷ cgroup

    ύε • namespace ಺ͰϚ΢ϯτͨ͠ cgroupfs πϦʔ • (͜ͷ Namespace Ͱ clone(2) ʹ༩͑Δϑϥά (32bit ੔਺) Λ࢖͍͖Γ·ͨ͠ :-) • Ubuntu 16.04 ͷ 4.4 Χʔωϧʹ͸όοΫϙʔτࡁ 32

33. Namespace ৄࡉ Namespace ͷΧʔωϧ಺෦ͷ࣮૷ʹ͍ͭͯ͸ʮୈ 8 ճ ίϯςφ ܕԾ૝Խͷ৘ใަ׵ձˏ౦ژʯͰͷ Masami Ichikawa

    ͞Μͷ Linux Namespaces ͕ৄ͍͠Ͱ͢ (ಈը) 33

34. Namespace ͷૢ࡞ (γεςϜίʔϧ) • clone(2) Ͱ৽͍͠ϓϩηε Λੜ੒ • unshare(2) Ͱ৽͍͠ϓϩηεΛੜ੒ͤͣʹ࣮ߦίϯςΩε

    τΛ੍ޚ͢Δ • setns(2) ͰϓϩηεΛطଘ ͷ Namespace ʹؔ࿈෇͚Δ 34

35. Namespace σϞ 1. User Namespace Ͱ Namespace ಺͸ rootɺNamespace ֎

    ͸ҰൠϢʔβͱ͍͏Ϣʔβ͕࡞੒Ͱ͖Δ͜ͱΛ֬ೝ 2. User Namespace ͰҰൠϢʔβ͕ଞͷ Namespace Λ࡞੒Ͱ ͖Δ͜ͱΛ֬ೝ 3. PID Namespace ʹΑΓɺίϯςφ಺Ͱ͸ίϯςφ಺ͷϓϩ ηε͔͠ݟ͑ͳ͍͜ͱΛ֬ೝ 4. Network Namespace ʹΑΓɺίϯςφ಺Ͱ͸ಠཱͨ͠ωο τϫʔΫʹͳ͍ͬͯΔ͜ͱΛ֬ೝ 5. UTS Namespace ʹΑΓɺίϯςφಠࣗͷϗετ໊͕෇͚Β ΕΔ͜ͱΛ֬ೝ https://asciinema.org/a/80940 35

36. ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • σϞ

    • cgroup • σϞ • ωοτϫʔΫؔ࿈ػೳ (͕࣌ؒ͋Ε͹) • ίϯςφͰ࢖͑Δ໘ന͍ػೳ (͕࣌ؒ͋Ε͹) • ·ͱΊ 36

37. Linux ʹ͓͚Δίϯςφͷ࢓૊Έ cgroup 37

38. cgroup ͱ͸ ϓϩηεΛάϧʔϓԽ͠ɺάϧʔϓʹରͯ͠Ϧιʔε੍ݶΛߦ ͏ɻίϯςφઐ༻ͷ࢓૊ΈͰ͸ͳ͍ɻ • cgroup ͷಛ௃ • ػೳ͝ͱʹαϒγεςϜʹ෼͔ΕΔ •

    cgroupfs ΛϚ΢ϯτͯ͠σΟϨΫτϦͰάϧʔϓΛද͢ • ϓϩηεΛάϧʔϓ಺ͷ tasks ϑΝΠϧʹ௥Ճ͢Δͱؔ࿈͢ ΔλεΫ͕εϨου୯ҐͰάϧʔϓʹ௥Ճ͞ΕΔ • ෳ਺֊૚ߏ଄ɻվ଄ߏ଄͝ͱʹҟͳΔπϦʔΛ࡞੒Ͱ͖Δɻ ͨͩ͠ɺҰͭͷαϒγεςϜ͕ॴଐͰ͖ΔπϦʔ͸Ұͭ • πϦʔͷͲͷϨϕϧͷάϧʔϓʹ΋λεΫ͕ॴଐͰ͖Δ 38

39. cgroup ͷ֊૚ߏ଄ 39

40. cgroup ͷαϒγεςϜ • cpu: 2.6.24 • CFS(Completely Fair Scheduler) bandwidth

    controlɽ୯Ґ ࣌ؒ಺ͷάϧʔϓ಺ͷλεΫ͕࣮ߦͰ͖Δ߹ܭ࣌ؒΛ੍ݶ͢ Δ (3.2 Ͱ࣮૷) • ૬ର഑෼ɽάϧʔϓؒͷ CPU ࣌ؒͷׂ౰ͷׂ߹Λࢦఆ͢Δɽ ྫ͑͹ GroupA=100,GroupB=50 ͱ͢Δͱ A:B=2:1 • cpuacct: 2.6.24 • άϧʔϓ಺ͷ CPU ϦιʔεͷϨϙʔτ (CPU ࣌ؒ) • cpuset: 2.6.24 • ׂΓ౰ͯΔ CPU, ϝϞϦϊʔυͷׂ౰ 40

41. cgroup ͷαϒγεςϜ • device: 2.6.26 • σόΠε΁ͷΞΫηεڐՄɼ੍ݶͷࢦఆ • freezer: 2.6.28

    • άϧʔϓ಺ͷϓϩηεΛશͯҰ࣌ఀࢭ͢Δ • memory: 2.6.29 • ϝϞϦϦιʔεͷ੍ݶ (ϢʔβϝϞϦɼΧʔωϧϝϞϦ) • blkio (Block IO): • I/O weight controller(2.6.33 Ҏ߱) άϧʔϓͷ༏ઌ౓Λࢦ ఆ͢Δ • I/O throttling(2.6.37 Ҏ߱) άϧʔϓ಺ͷϓϩηεͷσόΠ εʹର͢Δૢ࡞਺ͷ߹ܭͷࢦఆ • (ࢀߟ)Linux2.6.37 ͷ৽ػೳ “I/O throttling” 41

42. cgroup ͷαϒγεςϜ • hugetlb: 3.6 • cgroup ͔Βͷ hugetlb ͷ࢖༻

    • perf event: 2.6.39 • άϧʔϓ୯ҐͰ perf πʔϧͰϞχλϦϯά (ύϑΥʔϚϯε ղੳ) • net cls: 2.6.29 • ύέοτʹࣝผࢠΛ͚ͭɼτϥϑΟοΫίϯτϩʔϧ (tc) ͱ netfilter(3.14 Ҏ߱) ͰίϯτϩʔϧՄೳʹ • Linux 3.14 Ͱ net cls cgroup ʹ௥Ճ͞Εͨ netfilter ରԠ • net prio: 3.3 • άϧʔϓؒͰͷωοτϫʔΫͷ༏ઌ౓ΛΠϯλʔϑΣʔεຖ ʹࢦఆ͢Δ • Linux 3.3 ͷ৽ػೳ Network priority cgroup • Linux 3.3 ͷ৽ػೳ Network priority cgroup (2) 42

43. cgroup ͷαϒγεςϜ • pids: 4.3 • fork() ΍ clone() ͰىಈͰ͖Δϓϩηε਺Λ੍ݶ͢Δ

    • LXC ͰֶͿίϯςφೖ໳ ୈ 30 ճ Linux Χʔωϧͷίϯς φػೳ [8] ʔ cgroup ͷ pids αϒγεςϜ 43

44. cgroup ͷ࢖͍ํ cgroup ͸ίϯςφͱؔ܎ͳ͘࢖༻Մೳ   # mount -t tmpfs

    cgroup_root /sys/fs/cgroup # mkdir /sys/fs/cgroup/memory # mount -t cgroup -o memory cgroup /sys/fs/cgroup/memory (ϝϞϦαϒ γεςϜͷϚ΢ϯτ) # mkdir /sys/fs/cgroup/memory/test01 ("test01" ͱ͍͏άϧʔϓͷ࡞੒) # echo $$ > /sys/fs/cgroup/memory/test01/tasks (ϓϩηεΛάϧʔϓʹొ ࿥) # cat /sys/fs/cgroup/memory/test01/tasks (άϧʔϓ಺ͷϓϩηεͷ֬ೝ) 2824 2837 # echo 30M > /sys/fs/cgroup/memory/test01/memory.limit_in_bytes (άϧʔϓʹରͯ͠ϝϞϦ্ݶ 30M ͱ͍͏੍ݶΛઃఆ) # cat /sys/fs/cgroup/memory/test01/memory.limit_in_bytes (੍ݶ஋ͷ֬ ೝ) 31457280 # cat /sys/fs/cgroup/memory/test01/memory.usage_in_bytes (ݱࡏͷ࢖༻ ྔͷ֬ೝ) 565248   44

45. cgroup σϞ • CPU ͷ࢖༻཰੍ݶ https://asciinema.org/a/29131 45

46. ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • σϞ

    • Cgroup • σϞ • ωοτϫʔΫؔ࿈ػೳ (͕࣌ؒ͋Ε͹) • ίϯςφͰ࢖͑Δ໘ന͍ػೳ (͕࣌ؒ͋Ε͹) • ·ͱΊ 46

47. Linux ʹ͓͚Δίϯςφͷ࢓૊Έ ωοτϫʔΫػೳ 47

48. ίϯςφͰ࢖͏ωοτϫʔΫػೳ ʙ veth • OpenVZ/Virtuozzo ༝དྷͷػೳ • ରͱͳΔΠϯλʔϑΣʔεΛੜ੒͠ɼΠϯλʔϑΣʔεؒͰ ௨৴Λߦ͏ (Layer2

    ͷτϯωϧ) • ରͷยํΛϗετଆͷϒϦοδʹɼยํΛίϯςφʹ઀ଓ 48

49. ίϯςφͰ࢖͏ωοτϫʔΫػೳ ʙ macvlan • ෺ཧΠϯλʔϑΣʔεʹผͷ MAC ΞυϨε͕෇͍ͨԾ૝త ͳ৽͍͠ΠϯλʔϑΣʔεΛ࡞੒ɽ͜ͷΠϯλʔϑΣʔεΛ ίϯςφʹׂ౰ 49

50. ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • σϞ

    • Cgroup • σϞ • ωοτϫʔΫؔ࿈ػೳ (͕࣌ؒ͋Ε͹) • ίϯςφͰ࢖͑Δ໘ന͍ػೳ (͕࣌ؒ͋Ε͹) • ·ͱΊ 50

51. Linux ΧʔωϧͷίϯςφͰ࢖͑Δ໘ന͍ػೳ 51

52. CRIU(1) • http://criu.org/ • OpenVZ ϓϩδΣΫτͷ Checkpoint/Restore ࣮૷ • ΞϓϦέʔγϣϯͷ͋Δ࣌఺ͷঢ়ଶΛอଘ͠ɺ࠶։Ͱ͖Δ

    • Χʔωϧ 3.11 Ҏ߱Ͱ࢖༻Մೳ 52

53. CRIU(2)   $ sudo criu dump -D checkpoint -t

    1234 (PID:1234 ͷϓϩηεͷ৘ใΛμϯ ϓͯ͠ checkpoint σΟϨΫτϦʹอଘ) $ ls ./checkpoint cgroup.img fdinfo-17.img inventory.img pages-15.img core-170.img fdinfo-18.img ipcns-msg-9.img pages-16.img core-176.img fdinfo-2.img ipcns-sem-9.img pages-17.img core-1.img fdinfo-3.img ipcns-shm-9.img pages-1.img core-260.img fdinfo-4.img ipcns-var-9.img pages-2.img core-261.img fdinfo-5.img iptables-8.img pages-3.img : (snip) $ sudo criu restore -D checkpoint -d (checkpoint σΟϨΫτϦͷμϯϓΠ ϝʔδΛ࢖ͬͯϦετΞ)   (ॲཧͷུ֓Λॻ͍͚ͨͩͳͷͰ࣮ࡍ͸৭ʑΦϓγϣϯΛࢦఆͨ͠Γ͢Δඞཁ͕͋Γ·͢) 53

54. overlayfs • Union Filesystem (aufs ͱҰॹ) • ෳ਺ͷσΟϨΫτϦΛಁաతʹॏͶ͋ΘͤͯͻͱͭʹݟͤΒ ΕΔ •

    ίϯςφͱ͸௚઀ؔ܎ͳ͍ • 3.18 kernel ͰϚʔδ • ίϯςφͷΫϩʔϯΛ࡞੒͢Δͱ͖ͷϑΝΠϧγεςϜͱ͠ ͯ LXC ͔Βར༻Ͱ͖Δ • Ubuntu/Plamo ͩͱඇಛݖίϯςφͷΫϩʔϯʹ΋࢖͑Δ • Docker Ͱ΋ར༻Ͱ͖Δ 54

55. overlayfs ࣮ߦྫ   # mkdir lower upper overlay work

    # ls -F lower/ overlay/ upper/ work/ # touch lower/lower # touch upper/upper # mount -n -t overlay \ > -o lowerdir=lower,upperdir=upper,workdir=work \ > overlay overlay # ls overlay/ lower upper # touch overlay/test # ls overlay/ lower test upper # ls upper/ test upper   55

56. overlayfs σϞ 1. lower, upper, work, overlay σΟϨΫτϦ࡞੒ 2. lower,

    upper ʹϑΝΠϧ࡞੒ 3. overlayfs Ϛ΢ϯτ 4. Ϛ΢ϯτͨ͠σΟϨΫτϦ (overlay) ʹ lower, upper ʹଘࡏ ͢ΔϑΝΠϧ͕྆ํݟ͍͑ͯΔͷΛ֬ೝ 5. Ϛ΢ϯτͨ͠σΟϨΫτϦ (overlay) ͰϑΝΠϧ࡞੒ 6. ࡞੒ͨ͠ϑΝΠϧ͕ upper ʹͰ͖͍ͯΔ͜ͱΛ֬ೝ 7. ΞϯϚ΢ϯτͨ͋͠ͱͷ֤σΟϨΫτϦΛ֬ೝ • https://asciinema.org/a/24151 56

57. ·ͱΊ 57

58. ·ͱΊ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • ίϯςφ͸Χʔωϧʹ࣮૷͞Ε͍ͯΔ৭ʑͳػೳͷ૊Έ߹Θ ͤͰ࣮ݱ͞Ε͍ͯΔ •

    Namespace • OS Ϧιʔεͷִ཭ • cgroup • ϗετͷ෺ཧϦιʔεͷ੍ݶ • ωοτϫʔΫؔ࿈ػೳ • veth • macvlan • ίϯςφͰ࢖͑Δ໘ന͍ػೳ 58

59. lxc-jp LXC ʹݶΒͣίϯςφͷ࿩୊Λѻ͍ͬͯ·͢ɻ • https://groups.google.com/d/forum/lxc-jp 59

60. ίϯςφܕԾ૝Խͷ৘ใަ׵ձ • https://sites.google.com/site/containerstudy/ • http://ct-study.connpass.com/ • ίϯςφٕज़ʹؔ࿈͢Δ࿩୊Λѻ͏ • ίϯςφʹؔ࿈͢ΔΧʔωϧͷ࣮૷ʹ͍ͭͯ •

    ֤छπʔϧΩοτͷ঺հɼ࣮૷ʹ͍ͭͯ • ίϯςφٕज़Λ࢖ͬͨπʔϧ΍ιϑτ΢ΣΞͷ঺հ΍࣮૷ʹ ͍ͭͯ • ίϯςφٕज़ͷ׆༻ɾӡ༻ࣄྫ • ͦͷଞʮίϯςφʯͱ͍͏Ωʔϫʔυ͕গ͠Ͱ΋ೖ͍ͬͯΔ ٕज़ʹ͍ͭͯ • ͜Ε·Ͱେࡕͱ౦ژͰަޓʹ 8 ճ࣮ࢪɻ࣍ճ͸෱Ԭͷ༧ఆɻ 60

61. ڠྗऀืू • ҎԼͷ຋༁Λߦ͍ͬͯ·͢ɻ͕࣌ؒ͋Δͱ͖͚ͩͰ΋ྑ͍ͷ ͰϨϏϡʔɺमਖ਼ɺվྑΛͯͩ͘͠͞Δํ׻ܴ͠·͢ɻ • LXC ϚχϡΞϧ (man pages) •

    linuxcontainers.org ίϯςϯπ • LXD ೔ຊޠϝοηʔδ 61

62. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ 62