Linux コンテナの基礎 / OSC2017 Osaka

Transcript

1. Linux ίϯςφͷجૅ OSC2017 Osaka Ճ౻ହจ 2017-01-28 1

2. ࣗݾ঺հ Ճ౻ହจ • http://www.ten-forward.ws/ • @ten forward • http://gplus.to/tenforward •

   https://github.com/tenforward • http://d.hatena.ne.jp/defiant/ (ٕज़ϒϩά) 2

3. ࣗݾ঺հ • Plamo Linux ϝϯςφ • LXC ͰֶͿίϯςφೖ໳ɹʔܰྔԾ૝Խ؀ڥΛ࣮ݱ͢Δٕज़ gihyo.jp Ͱ࿈ࡌ

   3

4. ࣗݾ঺հ • LXC/LXD ͷ։ൃʹগ͠ࢀՃ • man page ͷ೔ຊޠ༁ • ެࣜϖʔδ

   (linuxcontainers.org) ຋༁ • όάϑΟοΫεͳͲগ͚ͩ͠ίʔυʹ΋ߩݙ • LXD ೔ຊޠϝοηʔδ 4

5. ࣭໰ 5

6. ίϯςφʹ͍ͭͯ • શ͘஌Βͳ͍ • ໊લ͸ฉ͍ͨ͜ͱ͕͋Δ • ࢖ͬͨ͜ͱ͕͋Δ • ਂ͘஌͍ͬͯΔ 6

7. ࠓ೔ͷ໨ඪ • ίϯςφͷ֓ཁΛཧղ͢Δ • Linux Χʔωϧ͕࣋ͭίϯςφΛߏ੒͢ΔͨΊͷओཁͳػೳ Λ֮͑Δ • σϞͰίϯςφͷಈ͖Λମݧ͢Δ •

   (۩ମతͳίϯςφ࣮૷ (docker ͳͲ) ͷ࢖͍ํͷઆ໌͸͋Γ ·ͤΜ) 7

8. ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • cgroup

   • σϞ • ·ͱΊ 8

9. ίϯςφ֓ཁ 9

10. ίϯςφͱ͸ ΧʔωϧͷػೳͰ • ִ཭͞ΕۭͨؒͰϓϩηεΛ࣮ߦ͢Δ • ϓϩηεʹରͯ͠Ϧιʔε੍ݶΛઃఆ͢Δ 10

11. ίϯςφͱ͸ • Χʔωϧ͔ΒݟΔͱී௨ʹϓϩηε͕ىಈ͢Δ͚ͩ • ىಈ͢Δࡍʹִ཭Λࢦࣔ͢Δ • ΧʔωϧͷػೳͰ (ෳ਺ͷ) ಠཱۭͨؒ͠Λ࡞Γग़͠ɼϦιʔ εΛ෼ׂɾ෼഑͢Δ

    • ϓϩηεΛάϧʔϓԽͯ͠ଞͱϦιʔεۭؒΛִ཭ • άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ • Ծ૝Խͱ͍͏ΑΓʮִ཭Խʯͱݴͬͨ΄͏͕Θ͔Γ΍͍͢ ͔΋ • Ծ૝తͳίϯϐϡʔλɾγεςϜΛ࠶ݱ͢ΔԾ૝Ϛγϯʹର ͯ͠ɺԾ૝తͳ OS ؀ڥΛఏڙ͢Δ • ˠ OS ϨϕϧͷԾ૝Խ 11

12. ίϯςφͷϝϦοτ • ߴີ౓Խ͕Մೳ • ىಈ͍ͯ͠Δ OS (Χʔωϧ) ͸Ұͭ • Φʔόʔϔου͕খ͍͞

    • ϋʔυ΢ΣΞͷԾ૝Խ͕ෆཁ • ىಈ͕ૣ͍ • Ծ૝ϚγϯͷىಈͰ͸ͳ͘ɼϗετ OS ͔ΒݟͨΒ୯ʹϓϩ ηε͕ىಈ͍ͯ͠Δ͚ͩͳͷͰɼී௨ͷϓϩάϥϜ͕ىಈ͢ Δͷͱ΄ͱΜͲมΘΒͳ͍ • ඞͣ͠΋γεςϜΛಈ͔͢ඞཁ͸ͳ͍ (ΞϓϦέʔγϣϯί ϯςφ) • ྫ͑͹ίϯςφ಺Ͱ͸ httpd ͷΈ͕ಈ͍͍ͯΔ • ίϯςφʹϝϞϦΛݻఆతʹׂΓ౰ͯΔඞཁ͕ͳ͍ 12

13. ίϯςφͷσϝϦοτ • ҟͳΔ OS ͷγεςϜ / ϓϩάϥϜ͸ಈ͔ͤͳ͍ • ୯ʹϗετ OS

    ্Ͱϓϩηε͕ىಈ͢Δ͚ͩͳͷͰ౰ͨΓલ • ΧʔωϧʹؔΘΔૢ࡞͸Ͱ͖ͳ͍ • ىಈ͍ͯ͠ΔΧʔωϧ͸มΘΒͳ͍ͷͰ • ίϯςφຖʹϩʔυ͢ΔϞδϡʔϧΛม͑ΔͳͲ • Χʔωϧͷ࣮૷͸ෳࡶʹͳΔ • શͯΧʔωϧͷػೳͱ࣮ͯ͠૷͞Ε͍ͯΔͷͰ 13

14. ىಈͤ͞Δϓϩηε͔ΒΈͨίϯςφ ໌֬ʹఆٛ͞Εͨ༻ޠͰ͸ͳ͍ɻίϯςφͱͯ͠ԿΛىಈ͢Δ ͔ʁ ͷҧ͍ɻ • γεςϜίϯςφ • init Λىಈ͢Δɻී௨ʹ OS

    ͕ىಈ͢Δͷͱಉ༷ • ΞϓϦέʔγϣϯίϯςφ • ୯ҰͷϓϩηεͷΈىಈɻඞཁͳΞϓϦέʔγϣϯͷΈִ཭ ͞Εͨ؀ڥͰ࣮ߦɻ 14

15. ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • cgroup

    • σϞ • ·ͱΊ 15

16. Linuxʹ͓͚Δίϯςφͷ࢓ ૊Έ 16

17. Linux ʹ͓͚Δίϯςφ͸Χʔωϧʹʰίϯςφʱ ͱ͍͏୯Ұͷػೳ͕࣮૷͞Ε࣮ͯݱ͍ͯ͠ΔΘ͚ Ͱ͸͋Γ·ͤΜ 17

18. Linux ͰίϯςφΛ࣮ݱ͢ΔͨΊͷػೳ Linux Χʔωϧʹؚ·ΕΔ৭ʑͳػೳΛ૊Έ߹Θͤͯίϯςφ؀ ڥΛ࡞੒͢ΔɻͦΕͧΕͷػೳ͸ίϯςφઐ༻ͷػೳͱ͍͏Θ͚ Ͱ͸ͳ͍ɻ • ϓϩηεΛάϧʔϓԽͯ͠ଞͷάϧʔϓͱִ཭ • OS

    Ϧιʔεͷִ཭ • ˠ Namespace (໊લۭؒ) • άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ • ϗετͷ෺ཧϦιʔεʹର͢Δ੍ݶ • ˠ cgroup (control group) 18

19. Linux ͰίϯςφΛ࣮ݱ͢ΔͨΊͷػೳ • ͦͷଞ • ωοτϫʔΫ (veth, macvlan ͳͲ) •

    έʔύϏϦςΟ • chroot (pivot root) • bind mount • Checkpoint/Restore (CRIU) • ͳͲͳͲ 19

20. Linux ͷίϯςφ࣮૷ྫ • Docker ΞϓϦέʔγϣϯίϯςφͷ࣮ߦʹಛԽɻίϯςφؔ࿈ͷॲཧ͸ runC ϓ ϩδΣΫτ಺ͷ libcontainer Λ࢖༻ɻ͍·΍ʮDockerʯͱ͍͏ݴ༿͕ࢦ

    ͢΋ͷ͸ίϯςφͰ͸͋Γ·ͤΜɻΞϓϦέʔγϣϯΛ؆୯ʹ։ൃͨ͠Γ ߏஙͨ͠Γ͢ΔͨΊͷϓϥοτϑΥʔϜɺΠϯϑϥɻ • runC (libcontainer) Docker ʹΑΔ Open Container Project ४ڌͷ࣮૷ • LXC/LXD Ubuntu Λத৺ʹ։ൃɻओʹγεςϜίϯςφΛ࣮ߦ͢Δ͜ͱΛલఏʹ࡞ ΒΕ͍ͯΔ͕ɺΞϓϦέʔγϣϯίϯςφͷ࣮ߦ΋Մೳɻඇಛݖίϯςφ ͕࣮ߦͰ͖Δɻ 20

21. Linux ͷίϯςφ࣮૷ྫ • OpenVZ Linux ͷίϯςφ࣮૷ͱͯ͠͸ݹ͔͘Β͋Δ࣮૷ͷͻͱͭɻ2000 ೥͝Ζ ͔ΒɻΧʔωϧʹύονΛద༻͢ΔɻΧʔωϧʹ࣮૷͞Ε͍ͯΔίϯςφ ؔ࿈ػೳ͸ OpenVZ

    ༝དྷͷػೳ͕ଟ਺͋ΔɻOpenVZ Λϕʔεʹͨ͠঎ ༻൛ Virtuozzo ͕ଘࡏ͢Δɻ • rkt CoreOS ͕ࣾ։ൃ͢ΔΞϓϦέʔγϣϯίϯςφͷϥϯλΠϜɻ • systemd ͝ଘ஌ Linux ޲͚ͷ࠷ۙओྲྀͱͳͬͨ init ࣮૷ͷͻͱͭɻίϯςφΛѻ͏ ίϚϯυ΍࢓૊Έ΋಺แ͍ͯ͠Δ 21

22. Linux ͷίϯςφ࣮૷ྫ • MINCS γΣϧεΫϦϓτͰॻ͔Εͨίϯςφ࣮૷ • bocker “Docker implemented in

    around 100 lines of bash” • haconiwa ίϯςφ࣮૷ɾ࡞੒ͷͨΊͷ (m)Ruby DSL • aqr perl Ͱॻ͔Εͨίϯςφ࣮૷ • Awesome Container ͦͷଞ৭ʑ·ͱ·ͬͯ·͢ 22

23. ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • cgroup

    • σϞ • ·ͱΊ 23

24. Linux ʹ͓͚Δίϯςφͷ࢓૊Έ Namespace 24

25. Namespace(໊લۭؒ) • ִ཭͍ͨ͠ OS Ϧιʔε͝ͱʹ Namespace ͕४උ͞ΕΔ • Ұ෦ͷ Namespace

    ͚ͩ࢖༻ִͯ͠཭؀ڥΛ࡞Δ͜ͱ͕Ͱ ͖Δ 25

26. Mount Namespace (2.4.19ʙ) • ϓϩηε͔Βݟ͍͑ͯΔϚ΢ϯτͷू߹ɼૢ࡞Λ෼཭͢Δɽ Namespace ಺ͷ mount, umount ͕ଞͷ

    Namespace ʹӨ ڹΛ༩͑ͳ͍Α͏ʹͰ͖Δ (༩͑ΔΑ͏ʹ΋Ͱ͖Δ) ˠ private/shared/slave • ࢀߟ: • Ϛ΢ϯτ໊લۭؒΛద༻͢Δ (IBM developerWorks) • Mount Namespace and shared subtrees (lwn.net) • Mount namespaces, mount propagation, and unbindable mounts (lwn.net) • Χʔωϧෟଐจॻ (Documentation/filesystems/sharedsubtree.txt) • σϑΥϧτ͸ private ͕ͩɺsystemd ͸/Λ shared ͰϚ΢ϯ τ͢Δ 26

27. UTS Namespace (2.6.19ʙ) • ϗετ໊ͳͲɼuname(2) ͕ฦ͢஋ͷू߹Λ෼཭ɽ setdomainname(2), sethostname(2) Ͱ Namespace

    ಺ͷ ஋ͷΈมߋͰ͖Δ ✓ ✏ user$ hostname enterprise --- (͜͜·Ͱϗετͷ Namespace) --- user$ sudo unshare --uts (৽͍͠ Namespace ࡞੒) root# hostname enterprise (ॳظ஋͸ϗετͱಉ͡) root# hostname utsns (ϗετ໊มߋ) root# hostname utsns root# exit logout --- (͔͜͜Βϗετͷ Namespace) --- user$ hostname enterprise ✒ ✑ 27

28. PID Namespace (2.6.24ʙ) • PID ۭؒͷ෼཭ɽ৽͍͠ PID Namespace Ͱ͸ PID

    1 ͔Β ࢝·Δ PID ׂ͕Γ౰ͯΒΕΔɽ਌͔Βࢠͷ PID Namespace ͸ݟ͑Δ (਌ͷۭؒͷ PID Λ࣋ͭ) ͕ɼࢠ͔Β਌͸ݟ͑ͳ͍ 28

29. IPC Namespace (2.6.19ʙ) • SysV IPC ΦϒδΣΫτɼPOSIX ϝοηʔδΩϡʔͷִ཭ ✓ ✏

    # ipcs -q (ϗετͷ Namespace ্ͰϝοηʔδΩϡʔͷ֬ೝ) ------ Message Queues -------- key msqid owner perms used-bytes messages 0x4b79e805 32768 root 644 0 0 # unshare --ipc (৽ͨʹ IPC Namespace ࡞੒) # ipcs -q (৽ͨʹ࡞ͬͨ Namespace ͰΩϡʔΛ֬ೝ͢Δͱଘࡏ͠ͳ͍) ------ Message Queues -------- key msqid owner perms used-bytes messages ✒ ✑ 29

30. User Namespace (3.8ʙ) • ಠཱͨ͠ UID/GID ۭؒͱ֎෦ۭؒͷϚοϐϯά (ྫ͑͹ɼ ִ཭ۭؒͰ͸ uid/gid

    0/0ɼ֎෦Ͱ͸ 1000/1000 ͱ͔Մೳ ʹͳΔ) • User Namespace ͸ҰൠϢʔβͰ࡞੒Ͱ͖ɺNamespace ಺ ͷಛݖϢʔβ͸ଞͷ Namespace Λ࡞੒Ͱ͖Δ (User Namespace Ҏ֎ͷ Namespace ͸ಛݖ͕ඞཁ) 30

31. Network Namespace (2.6.26ʙ) • ωοτϫʔΫϦιʔεͷִ཭ • ωοτϫʔΫσόΠε • ϧʔςΟϯάςʔϒϧ •

    ιέοτ • ϑΟϧλϦϯά • ΞυϨε 31

32. cgroup Namespace (4.6ʙ) • cgroup ͷִ཭ • /proc/$PID/cgroup ϑΝΠϧ಺ͷ cgroup

    ύε • namespace ಺ͰϚ΢ϯτͨ͠ cgroupfs πϦʔ • (͜ͷ Namespace Ͱ clone(2) ʹ༩͑Δϑϥά (32bit ੔਺) Λ࢖͍͖Γ·ͨ͠ :-) • Ubuntu 16.04 ͷ 4.4 Χʔωϧʹ͸όοΫϙʔτࡁ 32

33. Namespace ৄࡉ Namespace ͷΧʔωϧ಺෦ͷ࣮૷ʹ͍ͭͯ͸ʮୈ 8 ճ ίϯςφ ܕԾ૝Խͷ৘ใަ׵ձˏ౦ژʯͰͷ Masami Ichikawa

    ͞Μͷ Linux Namespaces ͕ৄ͍͠Ͱ͢ (ಈը) 33

34. Namespace ͷૢ࡞ (γεςϜίʔϧ) • clone(2) Ͱ৽͍͠ϓϩηε Λੜ੒ • unshare(2) Ͱ৽͍͠ϓϩηεΛੜ੒ͤͣʹ࣮ߦίϯςΩε

    τΛ੍ޚ͢Δ • setns(2) ͰϓϩηεΛطଘ ͷ Namespace ʹؔ࿈෇͚Δ 34

35. ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • cgroup

    • σϞ • ·ͱΊ 35

36. Linux ʹ͓͚Δίϯςφͷ࢓૊Έ cgroup 36

37. cgroup ͱ͸ ϓϩηεΛάϧʔϓԽ͠ɺάϧʔϓʹରͯ͠Ϧιʔε੍ݶΛߦ ͏ɻίϯςφઐ༻ͷ࢓૊ΈͰ͸ͳ͍ɻ • cgroup ͷಛ௃ • ػೳ͝ͱʹαϒγεςϜʹ෼͔ΕΔ •

    cgroupfs ΛϚ΢ϯτͯ͠σΟϨΫτϦͰάϧʔϓΛද͢ • ϓϩηεΛάϧʔϓ಺ͷ tasks ϑΝΠϧʹ௥Ճ͢Δͱؔ࿈͢ ΔλεΫ͕εϨου୯ҐͰάϧʔϓʹ௥Ճ͞ΕΔ • ෳ਺֊૚ߏ଄ɻվ଄ߏ଄͝ͱʹҟͳΔπϦʔΛ࡞੒Ͱ͖Δɻ ͨͩ͠ɺҰͭͷαϒγεςϜ͕ॴଐͰ͖ΔπϦʔ͸Ұͭ • πϦʔͷͲͷϨϕϧͷάϧʔϓʹ΋λεΫ͕ॴଐͰ͖Δ 37

38. cgroup ͷ֊૚ߏ଄ 38

39. cgroup ͷαϒγεςϜ • cpu: 2.6.24 • CFS(Completely Fair Scheduler) bandwidth

    controlɽ୯Ґ ࣌ؒ಺ͷάϧʔϓ಺ͷλεΫ͕࣮ߦͰ͖Δ߹ܭ࣌ؒΛ੍ݶ͢ Δ (3.2 Ͱ࣮૷) • ૬ର഑෼ɽάϧʔϓؒͷ CPU ࣌ؒͷׂ౰ͷׂ߹Λࢦఆ͢Δɽ ྫ͑͹ GroupA=100,GroupB=50 ͱ͢Δͱ A:B=2:1 • cpuacct: 2.6.24 • άϧʔϓ಺ͷ CPU ϦιʔεͷϨϙʔτ (CPU ࣌ؒ) • cpuset: 2.6.24 • ׂΓ౰ͯΔ CPU, ϝϞϦϊʔυͷׂ౰ 39

40. cgroup ͷαϒγεςϜ • device: 2.6.26 • σόΠε΁ͷΞΫηεڐՄɼ੍ݶͷࢦఆ • freezer: 2.6.28

    • άϧʔϓ಺ͷϓϩηεΛશͯҰ࣌ఀࢭ͢Δ • memory: 2.6.29 • ϝϞϦϦιʔεͷ੍ݶ (ϢʔβϝϞϦɼΧʔωϧϝϞϦ) • blkio (Block IO): • I/O weight controller(2.6.33 Ҏ߱) άϧʔϓͷ༏ઌ౓Λࢦ ఆ͢Δ • I/O throttling(2.6.37 Ҏ߱) άϧʔϓ಺ͷϓϩηεͷσόΠ εʹର͢Δૢ࡞਺ͷ߹ܭͷࢦఆ • (ࢀߟ)Linux2.6.37 ͷ৽ػೳ “I/O throttling” 40

41. cgroup ͷαϒγεςϜ • hugetlb: 3.6 • cgroup ͔Βͷ hugetlb ͷ࢖༻

    • perf event: 2.6.39 • άϧʔϓ୯ҐͰ perf πʔϧͰϞχλϦϯά (ύϑΥʔϚϯε ղੳ) • net cls: 2.6.29 • ύέοτʹࣝผࢠΛ͚ͭɼτϥϑΟοΫίϯτϩʔϧ (tc) ͱ netfilter(3.14 Ҏ߱) ͰίϯτϩʔϧՄೳʹ • Linux 3.14 Ͱ net cls cgroup ʹ௥Ճ͞Εͨ netfilter ରԠ • net prio: 3.3 • άϧʔϓؒͰͷωοτϫʔΫͷ༏ઌ౓ΛΠϯλʔϑΣʔεຖ ʹࢦఆ͢Δ • Linux 3.3 ͷ৽ػೳ Network priority cgroup • Linux 3.3 ͷ৽ػೳ Network priority cgroup (2) 41

42. cgroup ͷαϒγεςϜ • pids: 4.3 • fork() ΍ clone() ͰىಈͰ͖Δϓϩηε਺Λ੍ݶ͢Δ

    • LXC ͰֶͿίϯςφೖ໳ ୈ 30 ճ Linux Χʔωϧͷίϯς φػೳ [8] ʔ cgroup ͷ pids αϒγεςϜ 42

43. cgroup ͷ࢖͍ํ cgroup ͸ίϯςφͱؔ܎ͳ͘࢖༻Մೳ ✓ ✏ # mount -t tmpfs

    cgroup_root /sys/fs/cgroup # mkdir /sys/fs/cgroup/memory # mount -t cgroup -o memory cgroup /sys/fs/cgroup/memory (ϝϞϦαϒ γεςϜͷϚ΢ϯτ) # mkdir /sys/fs/cgroup/memory/test01 ("test01" ͱ͍͏άϧʔϓͷ࡞੒) # echo $$ > /sys/fs/cgroup/memory/test01/tasks (ϓϩηεΛάϧʔϓʹొ ࿥) # cat /sys/fs/cgroup/memory/test01/tasks (άϧʔϓ಺ͷϓϩηεͷ֬ೝ) 2824 2837 # echo 30M > /sys/fs/cgroup/memory/test01/memory.limit_in_bytes (άϧʔϓʹରͯ͠ϝϞϦ্ݶ 30M ͱ͍͏੍ݶΛઃఆ) # cat /sys/fs/cgroup/memory/test01/memory.limit_in_bytes (੍ݶ஋ͷ֬ ೝ) 31457280 # cat /sys/fs/cgroup/memory/test01/memory.usage_in_bytes (ݱࡏͷ࢖༻ ྔͷ֬ೝ) 565248 ✒ ✑ 43

44. cgroup v2 • 4.5 ΧʔωϧͰ stable ʹͳͬͨ (ͦΕ·Ͱ΋։ൃ༻Ͱ࣮૷͸ ͞Ε͍ͯͨ) •

    cgroup v1 ͸໰୊͕͋Δ • ෳࡶ͗͢ • ੍ݶ͕͋ΔͷͰෳࡶͳ͜ͱ͕Ͱ͖ͯ΋࣮ࡍ͸࢖͑ͳ͍ɾ࢖Θ ͳ͍ • αϒγεςϜಉ࢜ͷ࿈ܞ͕औΕͳ͍ • ·ͩҰ෦ͷαϒγεςϜͷΈ (memory,io,pids) • Ұ෦͸ v2 Λ࢖ͬͯɺଞ͸ v1 Λ࢖͏͜ͱ΋Ͱ͖Δ • Χʔωϧෟଐจॻ (Documentation/cgroup-v2.txt) 44

45. ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • cgroup

    • σϞ • ·ͱΊ 45

46. σϞ • Namespace σϞ (unshare ίϚϯυ) • User Namespace •

    Network Namespace • PID Namespace • UTS Namespace • γεςϜίϯςφ • LXD • ΞϓϦέʔγϣϯίϯςφ • Docker 46

47. σϞ ʙ unshare ίϚϯυʹΑΔ Namespace ମݧ • unshare ίϚϯυɿutil-linux ʹؚ·ΕΔίϚϯυ

    • ؆қతʹίϯςφ؀ڥΛ࡞੒Ͱ͖Δ σϞ 1 ✓ ✏ # unshare --mount --pid --net --uts --fork --mount-proc -- /bin/bash ✒ ✑ σϞ 2 ✓ ✏ # unshare --mount --pid --net --uts --fork --mount-proc --mount-proc \ --map-root-user -- /bin/bash ✒ ✑ 47

48. σϞ ʙ LXD ʹΑΔγεςϜίϯςφମݧ ✓ ✏ $ lxc launch ubuntu:16.04

    ct01 Creating ct01 Retrieving image: 100% Starting ct01 $ lxc list +------+---------+---------------------+------+------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+---------------------+------+------------+-----------+ | ct01 | RUNNING | 10.53.96.195 (eth0) | | PERSISTENT | 0 | +------+---------+---------------------+------+------------+-----------+ ✒ ✑ ৄ͘͠͸ • LXD / ͸͡Ίʹ - ίϚϯυϥΠϯ • LXD / ΦϯϥΠϯͰͷࢼ༻ • LXD 2.0: Blog post series [0/12](೔ຊޠ༁) 48

49. σϞ ʙ Docker ʹΑΔΞϓϦέʔγϣϯίϯςφମݧ ✓ ✏ #!/bin/sh ctid=$(docker run --detach

    --publish 10080:5000 carinamarina/hello-world-app) docker ps sleep 1 curl http://localhost:10080/ echo docker stop $ctid docker rm $ctid ✒ ✑ 49

50. ࠓ೔ͷ಺༰ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • Namespace • cgroup

    • σϞ • ·ͱΊ 50

51. ·ͱΊ 51

52. ·ͱΊ • ίϯςφͷ֓ཁ • Linux ʹ͓͚Δίϯςφͷ࢓૊Έ • ίϯςφ͸Χʔωϧʹ࣮૷͞Ε͍ͯΔ৭ʑͳػೳͷ૊Έ߹Θ ͤͰ࣮ݱ͞Ε͍ͯΔ •

    Namespace • OS Ϧιʔεͷִ཭ • cgroup • ϗετͷ෺ཧϦιʔεͷ੍ݶ • σϞ 52

53. lxc-jp LXC ʹݶΒͣίϯςφͷ࿩୊Λѻ͍ͬͯ·͢ɻ • https://groups.google.com/d/forum/lxc-jp 53

54. ίϯςφܕԾ૝Խͷ৘ใަ׵ձ • https://sites.google.com/site/containerstudy/ • http://ct-study.connpass.com/ • ίϯςφٕज़ʹؔ࿈͢Δ࿩୊Λѻ͏ • ίϯςφʹؔ࿈͢ΔΧʔωϧͷ࣮૷ʹ͍ͭͯ •

    ֤छπʔϧΩοτͷ঺հɼ࣮૷ʹ͍ͭͯ • ίϯςφٕज़Λ࢖ͬͨπʔϧ΍ιϑτ΢ΣΞͷ঺հ΍࣮૷ʹ ͍ͭͯ • ίϯςφٕज़ͷ׆༻ɾӡ༻ࣄྫ • ͦͷଞʮίϯςφʯͱ͍͏Ωʔϫʔυ͕গ͠Ͱ΋ೖ͍ͬͯΔ ٕज़ʹ͍ͭͯ • ͜Ε·Ͱେࡕͱ౦ژͰަޓʹ 8 ճ։࠵ɻ෱ԬͰ 1 ճ։࠵ɻ࣍ ճ͸େࡕͷ༧ఆ (࣌ظະఆ) 54

55. ڠྗऀืू • ҎԼͷ຋༁Λߦ͍ͬͯ·͢ɻ͕࣌ؒ͋Δͱ͖͚ͩͰ΋ྑ͍ͷ ͰϨϏϡʔɺमਖ਼ɺվྑΛͯͩ͘͠͞Δํ׻ܴ͠·͢ɻ • LXC ϚχϡΞϧ (man pages) •

    linuxcontainers.org ίϯςϯπ • LXD ೔ຊޠϝοηʔδ 55

56. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ 56