Linux コンテナの基礎 / OSC2017 Osaka

Linux ίϯςφͷجૅ
OSC2017 Osaka
Ճ౻ହจ
2017-01-28
1

View Slide

ࣗݾ঺հ
Ճ౻ହจ
• http://www.ten-forward.ws/
• @ten forward
• http://gplus.to/tenforward
• https://github.com/tenforward
• http://d.hatena.ne.jp/deﬁant/ (ٕज़ϒϩά)
2

View Slide

ࣗݾ঺հ
• Plamo Linux ϝϯςφ
• LXC ͰֶͿίϯςφೖ໳ɹʔܰྔԾ૝Խ؀ڥΛ࣮ݱ͢Δٕज़
gihyo.jp Ͱ࿈ࡌ
3

View Slide

ࣗݾ঺հ
• LXC/LXD ͷ։ൃʹগ͠ࢀՃ
• man page ͷ೔ຊޠ༁
• ެࣜϖʔδ (linuxcontainers.org) ຋༁
• όάϑΟοΫεͳͲগ͚ͩ͠ίʔυʹ΋ߩݙ
• LXD ೔ຊޠϝοηʔδ
4

View Slide

࣭໰
5

View Slide

ίϯςφʹ͍ͭͯ
• શ͘஌Βͳ͍
• ໊લ͸ฉ͍ͨ͜ͱ͕͋Δ
• ࢖ͬͨ͜ͱ͕͋Δ
• ਂ͘஌͍ͬͯΔ
6

View Slide

ࠓ೔ͷ໨ඪ
• ίϯςφͷ֓ཁΛཧղ͢Δ
• Linux Χʔωϧ͕࣋ͭίϯςφΛߏ੒͢ΔͨΊͷओཁͳػೳ
Λ֮͑Δ
• σϞͰίϯςφͷಈ͖Λମݧ͢Δ
• (۩ମతͳίϯςφ࣮૷ (docker ͳͲ) ͷ࢖͍ํͷઆ໌͸͋Γ
·ͤΜ)
7

View Slide

ࠓ೔ͷ಺༰
• ίϯςφͷ֓ཁ
• Linux ʹ͓͚Δίϯςφͷ࢓૊Έ
• Namespace
• cgroup
• σϞ
• ·ͱΊ
8

View Slide

ίϯςφ֓ཁ
9

View Slide

ίϯςφͱ͸
ΧʔωϧͷػೳͰ
• ִ཭͞ΕۭͨؒͰϓϩηεΛ࣮ߦ͢Δ
• ϓϩηεʹରͯ͠Ϧιʔε੍ݶΛઃఆ͢Δ
10

View Slide

ίϯςφͱ͸
• Χʔωϧ͔ΒݟΔͱී௨ʹϓϩηε͕ىಈ͢Δ͚ͩ
• ىಈ͢Δࡍʹִ཭Λࢦࣔ͢Δ
• ΧʔωϧͷػೳͰ (ෳ਺ͷ) ಠཱۭͨؒ͠Λ࡞Γग़͠ɼϦιʔ
εΛ෼ׂɾ෼഑͢Δ
• ϓϩηεΛάϧʔϓԽͯ͠ଞͱϦιʔεۭؒΛִ཭
• άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ
• Ծ૝Խͱ͍͏ΑΓʮִ཭Խʯͱݴͬͨ΄͏͕Θ͔Γ΍͍͢
͔΋
• Ծ૝తͳίϯϐϡʔλɾγεςϜΛ࠶ݱ͢ΔԾ૝Ϛγϯʹର
ͯ͠ɺԾ૝తͳ OS ؀ڥΛఏڙ͢Δ
• ˠ OS ϨϕϧͷԾ૝Խ
11

View Slide

ίϯςφͷϝϦοτ
• ߴີ౓Խ͕Մೳ
• ىಈ͍ͯ͠Δ OS (Χʔωϧ) ͸Ұͭ
• Φʔόʔϔου͕খ͍͞
• ϋʔυ΢ΣΞͷԾ૝Խ͕ෆཁ
• ىಈ͕ૣ͍
• Ծ૝ϚγϯͷىಈͰ͸ͳ͘ɼϗετ OS ͔ΒݟͨΒ୯ʹϓϩ
ηε͕ىಈ͍ͯ͠Δ͚ͩͳͷͰɼී௨ͷϓϩάϥϜ͕ىಈ͢
Δͷͱ΄ͱΜͲมΘΒͳ͍
• ඞͣ͠΋γεςϜΛಈ͔͢ඞཁ͸ͳ͍ (ΞϓϦέʔγϣϯί
ϯςφ)
• ྫ͑͹ίϯςφ಺Ͱ͸ httpd ͷΈ͕ಈ͍͍ͯΔ
• ίϯςφʹϝϞϦΛݻఆతʹׂΓ౰ͯΔඞཁ͕ͳ͍
12

View Slide

ίϯςφͷσϝϦοτ
• ҟͳΔ OS ͷγεςϜ / ϓϩάϥϜ͸ಈ͔ͤͳ͍
• ୯ʹϗετ OS ্Ͱϓϩηε͕ىಈ͢Δ͚ͩͳͷͰ౰ͨΓલ
• ΧʔωϧʹؔΘΔૢ࡞͸Ͱ͖ͳ͍
• ىಈ͍ͯ͠ΔΧʔωϧ͸มΘΒͳ͍ͷͰ
• ίϯςφຖʹϩʔυ͢ΔϞδϡʔϧΛม͑ΔͳͲ
• Χʔωϧͷ࣮૷͸ෳࡶʹͳΔ
• શͯΧʔωϧͷػೳͱ࣮ͯ͠૷͞Ε͍ͯΔͷͰ
13

View Slide

ىಈͤ͞Δϓϩηε͔ΒΈͨίϯςφ
໌֬ʹఆٛ͞Εͨ༻ޠͰ͸ͳ͍ɻίϯςφͱͯ͠ԿΛىಈ͢Δ
͔ʁ ͷҧ͍ɻ
• γεςϜίϯςφ
• init Λىಈ͢Δɻී௨ʹ OS ͕ىಈ͢Δͷͱಉ༷
• ΞϓϦέʔγϣϯίϯςφ
• ୯ҰͷϓϩηεͷΈىಈɻඞཁͳΞϓϦέʔγϣϯͷΈִ཭
͞Εͨ؀ڥͰ࣮ߦɻ
14

View Slide

ࠓ೔ͷ಺༰
• ίϯςφͷ֓ཁ
• Namespace
• cgroup
• σϞ
• ·ͱΊ
15

View Slide

Linuxʹ͓͚Δίϯςφͷ࢓
૊Έ
16

View Slide

Linux ʹ͓͚Δίϯςφ͸Χʔωϧʹʰίϯςφʱ
ͱ͍͏୯Ұͷػೳ͕࣮૷͞Ε࣮ͯݱ͍ͯ͠ΔΘ͚
Ͱ͸͋Γ·ͤΜ
17

View Slide

Linux ͰίϯςφΛ࣮ݱ͢ΔͨΊͷػೳ
Linux Χʔωϧʹؚ·ΕΔ৭ʑͳػೳΛ૊Έ߹Θͤͯίϯςφ؀
ڥΛ࡞੒͢ΔɻͦΕͧΕͷػೳ͸ίϯςφઐ༻ͷػೳͱ͍͏Θ͚
Ͱ͸ͳ͍ɻ
• ϓϩηεΛάϧʔϓԽͯ͠ଞͷάϧʔϓͱִ཭
• OS Ϧιʔεͷִ཭
• ˠ Namespace (໊લۭؒ)
• άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ
• ϗετͷ෺ཧϦιʔεʹର͢Δ੍ݶ
• ˠ cgroup (control group)
18

View Slide

Linux ͰίϯςφΛ࣮ݱ͢ΔͨΊͷػೳ
• ͦͷଞ
• ωοτϫʔΫ (veth, macvlan ͳͲ)
• έʔύϏϦςΟ
• chroot (pivot root)
• bind mount
• Checkpoint/Restore (CRIU)
• ͳͲͳͲ
19

View Slide

Linux ͷίϯςφ࣮૷ྫ
• Docker
ΞϓϦέʔγϣϯίϯςφͷ࣮ߦʹಛԽɻίϯςφؔ࿈ͷॲཧ͸ runC ϓ
ϩδΣΫτ಺ͷ libcontainer Λ࢖༻ɻ͍·΍ʮDockerʯͱ͍͏ݴ༿͕ࢦ
͢΋ͷ͸ίϯςφͰ͸͋Γ·ͤΜɻΞϓϦέʔγϣϯΛ؆୯ʹ։ൃͨ͠Γ
ߏஙͨ͠Γ͢ΔͨΊͷϓϥοτϑΥʔϜɺΠϯϑϥɻ
• runC (libcontainer)
Docker ʹΑΔ Open Container Project ४ڌͷ࣮૷
• LXC/LXD
Ubuntu Λத৺ʹ։ൃɻओʹγεςϜίϯςφΛ࣮ߦ͢Δ͜ͱΛલఏʹ࡞
ΒΕ͍ͯΔ͕ɺΞϓϦέʔγϣϯίϯςφͷ࣮ߦ΋Մೳɻඇಛݖίϯςφ
͕࣮ߦͰ͖Δɻ
20

View Slide

• OpenVZ
Linux ͷίϯςφ࣮૷ͱͯ͠͸ݹ͔͘Β͋Δ࣮૷ͷͻͱͭɻ2000 ೥͝Ζ
͔ΒɻΧʔωϧʹύονΛద༻͢ΔɻΧʔωϧʹ࣮૷͞Ε͍ͯΔίϯςφ
ؔ࿈ػೳ͸ OpenVZ ༝དྷͷػೳ͕ଟ਺͋ΔɻOpenVZ Λϕʔεʹͨ͠঎
༻൛ Virtuozzo ͕ଘࡏ͢Δɻ
• rkt
CoreOS ͕ࣾ։ൃ͢ΔΞϓϦέʔγϣϯίϯςφͷϥϯλΠϜɻ
• systemd
͝ଘ஌ Linux ޲͚ͷ࠷ۙओྲྀͱͳͬͨ init ࣮૷ͷͻͱͭɻίϯςφΛѻ͏
ίϚϯυ΍࢓૊Έ΋಺แ͍ͯ͠Δ
21

View Slide

• MINCS
γΣϧεΫϦϓτͰॻ͔Εͨίϯςφ࣮૷
• bocker
“Docker implemented in around 100 lines of bash”
• haconiwa
ίϯςφ࣮૷ɾ࡞੒ͷͨΊͷ (m)Ruby DSL
• aqr
perl Ͱॻ͔Εͨίϯςφ࣮૷
• Awesome Container
ͦͷଞ৭ʑ·ͱ·ͬͯ·͢
22

View Slide

ࠓ೔ͷ಺༰
• ίϯςφͷ֓ཁ
• Namespace
• cgroup
• σϞ
• ·ͱΊ
23

View Slide

Linux ʹ͓͚Δίϯςφͷ࢓૊Έ
Namespace
24

View Slide

Namespace(໊લۭؒ)
• ִ཭͍ͨ͠ OS Ϧιʔε͝ͱʹ Namespace ͕४උ͞ΕΔ
• Ұ෦ͷ Namespace ͚ͩ࢖༻ִͯ͠཭؀ڥΛ࡞Δ͜ͱ͕Ͱ
͖Δ
25

View Slide

Mount Namespace (2.4.19ʙ)
• ϓϩηε͔Βݟ͍͑ͯΔϚ΢ϯτͷू߹ɼૢ࡞Λ෼཭͢Δɽ
Namespace ಺ͷ mount, umount ͕ଞͷ Namespace ʹӨ
ڹΛ༩͑ͳ͍Α͏ʹͰ͖Δ (༩͑ΔΑ͏ʹ΋Ͱ͖Δ)
ˠ private/shared/slave
• ࢀߟ:
• Ϛ΢ϯτ໊લۭؒΛద༻͢Δ (IBM developerWorks)
• Mount Namespace and shared subtrees (lwn.net)
• Mount namespaces, mount propagation, and unbindable
mounts (lwn.net)
• Χʔωϧෟଐจॻ
(Documentation/ﬁlesystems/sharedsubtree.txt)
• σϑΥϧτ͸ private ͕ͩɺsystemd ͸/Λ shared ͰϚ΢ϯ
τ͢Δ
26

View Slide

UTS Namespace (2.6.19ʙ)
• ϗετ໊ͳͲɼuname(2) ͕ฦ͢஋ͷू߹Λ෼཭ɽ
setdomainname(2), sethostname(2) Ͱ Namespace ಺ͷ
஋ͷΈมߋͰ͖Δ
✓ ✏
user$ hostname
enterprise
--- (͜͜·Ͱϗετͷ Namespace) ---
user$ sudo unshare --uts (৽͍͠ Namespace ࡞੒)
root# hostname
enterprise (ॳظ஋͸ϗετͱಉ͡)
root# hostname utsns (ϗετ໊มߋ)
root# hostname
utsns
root# exit
logout
--- (͔͜͜Βϗετͷ Namespace) ---
user$ hostname
enterprise
✒ ✑
27

View Slide

PID Namespace (2.6.24ʙ)
• PID ۭؒͷ෼཭ɽ৽͍͠ PID Namespace Ͱ͸ PID 1 ͔Β
࢝·Δ PID ׂ͕Γ౰ͯΒΕΔɽ਌͔Βࢠͷ PID Namespace
͸ݟ͑Δ (਌ͷۭؒͷ PID Λ࣋ͭ) ͕ɼࢠ͔Β਌͸ݟ͑ͳ͍
28

View Slide

IPC Namespace (2.6.19ʙ)
• SysV IPC ΦϒδΣΫτɼPOSIX ϝοηʔδΩϡʔͷִ཭
✓ ✏
# ipcs -q (ϗετͷ Namespace ্ͰϝοηʔδΩϡʔͷ֬ೝ)
------ Message Queues --------
key msqid owner perms used-bytes messages
0x4b79e805 32768 root 644 0 0
# unshare --ipc (৽ͨʹ IPC Namespace ࡞੒)
# ipcs -q (৽ͨʹ࡞ͬͨ Namespace ͰΩϡʔΛ֬ೝ͢Δͱଘࡏ͠ͳ͍)
------ Message Queues --------
key msqid owner perms used-bytes messages
✒ ✑
29

View Slide

User Namespace (3.8ʙ)
• ಠཱͨ͠ UID/GID ۭؒͱ֎෦ۭؒͷϚοϐϯά (ྫ͑͹ɼ
ִ཭ۭؒͰ͸ uid/gid 0/0ɼ֎෦Ͱ͸ 1000/1000 ͱ͔Մೳ
ʹͳΔ)
• User Namespace ͸ҰൠϢʔβͰ࡞੒Ͱ͖ɺNamespace ಺
ͷಛݖϢʔβ͸ଞͷ Namespace Λ࡞੒Ͱ͖Δ (User
Namespace Ҏ֎ͷ Namespace ͸ಛݖ͕ඞཁ)
30

View Slide

Network Namespace (2.6.26ʙ)
• ωοτϫʔΫϦιʔεͷִ཭
• ωοτϫʔΫσόΠε
• ϧʔςΟϯάςʔϒϧ
• ιέοτ
• ϑΟϧλϦϯά
• ΞυϨε
31

View Slide

cgroup Namespace (4.6ʙ)
• cgroup ͷִ཭
• /proc/$PID/cgroup ϑΝΠϧ಺ͷ cgroup ύε
• namespace ಺ͰϚ΢ϯτͨ͠ cgroupfs πϦʔ
• (͜ͷ Namespace Ͱ clone(2) ʹ༩͑Δϑϥά (32bit ੔਺)
Λ࢖͍͖Γ·ͨ͠ :-)
• Ubuntu 16.04 ͷ 4.4 Χʔωϧʹ͸όοΫϙʔτࡁ
32

View Slide

Namespace ৄࡉ
Namespace ͷΧʔωϧ಺෦ͷ࣮૷ʹ͍ͭͯ͸ʮୈ 8 ճ ίϯςφ
ܕԾ૝Խͷ৘ใަ׵ձˏ౦ژʯͰͷ Masami Ichikawa ͞Μͷ
Linux Namespaces ͕ৄ͍͠Ͱ͢ (ಈը)
33

View Slide

Namespace ͷૢ࡞ (γεςϜίʔϧ)
• clone(2) Ͱ৽͍͠ϓϩηε Λੜ੒
• unshare(2) Ͱ৽͍͠ϓϩηεΛੜ੒ͤͣʹ࣮ߦίϯςΩε
τΛ੍ޚ͢Δ
• setns(2) ͰϓϩηεΛطଘ ͷ Namespace ʹؔ࿈෇͚Δ
34

View Slide

ࠓ೔ͷ಺༰
• ίϯςφͷ֓ཁ
• Namespace
• cgroup
• σϞ
• ·ͱΊ
35

View Slide

Linux ʹ͓͚Δίϯςφͷ࢓૊Έ
cgroup
36

View Slide

cgroup ͱ͸
ϓϩηεΛάϧʔϓԽ͠ɺάϧʔϓʹରͯ͠Ϧιʔε੍ݶΛߦ
͏ɻίϯςφઐ༻ͷ࢓૊ΈͰ͸ͳ͍ɻ
• cgroup ͷಛ௃
• ػೳ͝ͱʹαϒγεςϜʹ෼͔ΕΔ
• cgroupfs ΛϚ΢ϯτͯ͠σΟϨΫτϦͰάϧʔϓΛද͢
• ϓϩηεΛάϧʔϓ಺ͷ tasks ϑΝΠϧʹ௥Ճ͢Δͱؔ࿈͢
ΔλεΫ͕εϨου୯ҐͰάϧʔϓʹ௥Ճ͞ΕΔ
• ෳ਺֊૚ߏ଄ɻվ଄ߏ଄͝ͱʹҟͳΔπϦʔΛ࡞੒Ͱ͖Δɻ
ͨͩ͠ɺҰͭͷαϒγεςϜ͕ॴଐͰ͖ΔπϦʔ͸Ұͭ
• πϦʔͷͲͷϨϕϧͷάϧʔϓʹ΋λεΫ͕ॴଐͰ͖Δ
37

View Slide

cgroup ͷ֊૚ߏ଄
38

View Slide

cgroup ͷαϒγεςϜ
• cpu: 2.6.24
• CFS(Completely Fair Scheduler) bandwidth controlɽ୯Ґ
࣌ؒ಺ͷάϧʔϓ಺ͷλεΫ͕࣮ߦͰ͖Δ߹ܭ࣌ؒΛ੍ݶ͢
Δ (3.2 Ͱ࣮૷)
• ૬ର഑෼ɽάϧʔϓؒͷ CPU ࣌ؒͷׂ౰ͷׂ߹Λࢦఆ͢Δɽ
ྫ͑͹ GroupA=100,GroupB=50 ͱ͢Δͱ A:B=2:1
• cpuacct: 2.6.24
• άϧʔϓ಺ͷ CPU ϦιʔεͷϨϙʔτ (CPU ࣌ؒ)
• cpuset: 2.6.24
• ׂΓ౰ͯΔ CPU, ϝϞϦϊʔυͷׂ౰
39

View Slide

• device: 2.6.26
• σόΠε΁ͷΞΫηεڐՄɼ੍ݶͷࢦఆ
• freezer: 2.6.28
• άϧʔϓ಺ͷϓϩηεΛશͯҰ࣌ఀࢭ͢Δ
• memory: 2.6.29
• ϝϞϦϦιʔεͷ੍ݶ (ϢʔβϝϞϦɼΧʔωϧϝϞϦ)
• blkio (Block IO):
• I/O weight controller(2.6.33 Ҏ߱) άϧʔϓͷ༏ઌ౓Λࢦ
ఆ͢Δ
• I/O throttling(2.6.37 Ҏ߱) άϧʔϓ಺ͷϓϩηεͷσόΠ
εʹର͢Δૢ࡞਺ͷ߹ܭͷࢦఆ
• (ࢀߟ)Linux2.6.37 ͷ৽ػೳ “I/O throttling”
40

View Slide

• hugetlb: 3.6
• cgroup ͔Βͷ hugetlb ͷ࢖༻
• perf event: 2.6.39
• άϧʔϓ୯ҐͰ perf πʔϧͰϞχλϦϯά (ύϑΥʔϚϯε
ղੳ)
• net cls: 2.6.29
• ύέοτʹࣝผࢠΛ͚ͭɼτϥϑΟοΫίϯτϩʔϧ (tc) ͱ
netﬁlter(3.14 Ҏ߱) ͰίϯτϩʔϧՄೳʹ
• Linux 3.14 Ͱ net cls cgroup ʹ௥Ճ͞Εͨ netﬁlter ରԠ
• net prio: 3.3
• άϧʔϓؒͰͷωοτϫʔΫͷ༏ઌ౓ΛΠϯλʔϑΣʔεຖ
ʹࢦఆ͢Δ
• Linux 3.3 ͷ৽ػೳ Network priority cgroup
• Linux 3.3 ͷ৽ػೳ Network priority cgroup (2)
41

View Slide

• pids: 4.3
• fork() ΍ clone() ͰىಈͰ͖Δϓϩηε਺Λ੍ݶ͢Δ
• LXC ͰֶͿίϯςφೖ໳ ୈ 30 ճ Linux Χʔωϧͷίϯς
φػೳ [8] ʔ cgroup ͷ pids αϒγεςϜ
42

View Slide

cgroup ͷ࢖͍ํ
cgroup ͸ίϯςφͱؔ܎ͳ͘࢖༻Մೳ
✓ ✏
# mount -t tmpfs cgroup_root /sys/fs/cgroup
# mkdir /sys/fs/cgroup/memory
# mount -t cgroup -o memory cgroup /sys/fs/cgroup/memory (ϝϞϦαϒ
γεςϜͷϚ΢ϯτ)
# mkdir /sys/fs/cgroup/memory/test01 ("test01" ͱ͍͏άϧʔϓͷ࡞੒)
# echo $$ > /sys/fs/cgroup/memory/test01/tasks (ϓϩηεΛάϧʔϓʹొ
࿥)
# cat /sys/fs/cgroup/memory/test01/tasks (άϧʔϓ಺ͷϓϩηεͷ֬ೝ)
2824
2837
# echo 30M > /sys/fs/cgroup/memory/test01/memory.limit_in_bytes
(άϧʔϓʹରͯ͠ϝϞϦ্ݶ 30M ͱ͍͏੍ݶΛઃఆ)
# cat /sys/fs/cgroup/memory/test01/memory.limit_in_bytes (੍ݶ஋ͷ֬
ೝ)
31457280
# cat /sys/fs/cgroup/memory/test01/memory.usage_in_bytes (ݱࡏͷ࢖༻
ྔͷ֬ೝ)
565248
✒ ✑
43

View Slide

cgroup v2
• 4.5 ΧʔωϧͰ stable ʹͳͬͨ (ͦΕ·Ͱ΋։ൃ༻Ͱ࣮૷͸
͞Ε͍ͯͨ)
• cgroup v1 ͸໰୊͕͋Δ
• ෳࡶ͗͢
• ੍ݶ͕͋ΔͷͰෳࡶͳ͜ͱ͕Ͱ͖ͯ΋࣮ࡍ͸࢖͑ͳ͍ɾ࢖Θ
ͳ͍
• αϒγεςϜಉ࢜ͷ࿈ܞ͕औΕͳ͍
• ·ͩҰ෦ͷαϒγεςϜͷΈ (memory,io,pids)
• Ұ෦͸ v2 Λ࢖ͬͯɺଞ͸ v1 Λ࢖͏͜ͱ΋Ͱ͖Δ
• Χʔωϧෟଐจॻ (Documentation/cgroup-v2.txt)
44

View Slide

ࠓ೔ͷ಺༰
• ίϯςφͷ֓ཁ
• Namespace
• cgroup
• σϞ
• ·ͱΊ
45

View Slide

σϞ
• Namespace σϞ (unshare ίϚϯυ)
• User Namespace
• Network Namespace
• PID Namespace
• UTS Namespace
• γεςϜίϯςφ
• LXD
• ΞϓϦέʔγϣϯίϯςφ
• Docker
46

View Slide

σϞ ʙ unshare ίϚϯυʹΑΔ Namespace ମݧ
• unshare ίϚϯυɿutil-linux ʹؚ·ΕΔίϚϯυ
• ؆қతʹίϯςφ؀ڥΛ࡞੒Ͱ͖Δ
σϞ 1
✓ ✏
# unshare --mount --pid --net --uts --fork --mount-proc -- /bin/bash
✒ ✑
σϞ 2
✓ ✏
# unshare --mount --pid --net --uts --fork --mount-proc --mount-proc \
--map-root-user -- /bin/bash
✒ ✑
47

View Slide

σϞ ʙ LXD ʹΑΔγεςϜίϯςφମݧ
✓ ✏
$ lxc launch ubuntu:16.04 ct01
Creating ct01
Retrieving image: 100%
Starting ct01
$ lxc list
+------+---------+---------------------+------+------------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------+---------+---------------------+------+------------+-----------+
| ct01 | RUNNING | 10.53.96.195 (eth0) | | PERSISTENT | 0 |
+------+---------+---------------------+------+------------+-----------+
✒ ✑
ৄ͘͠͸
• LXD / ͸͡Ίʹ - ίϚϯυϥΠϯ
• LXD / ΦϯϥΠϯͰͷࢼ༻
• LXD 2.0: Blog post series [0/12](೔ຊޠ༁)
48

View Slide

σϞ ʙ Docker ʹΑΔΞϓϦέʔγϣϯίϯςφମݧ
✓ ✏
#!/bin/sh
ctid=$(docker run --detach --publish 10080:5000 carinamarina/hello-world-app)
docker ps
sleep 1
curl http://localhost:10080/
echo
docker stop $ctid
docker rm $ctid
✒ ✑
49

View Slide

ࠓ೔ͷ಺༰
• ίϯςφͷ֓ཁ
• Namespace
• cgroup
• σϞ
• ·ͱΊ
50

View Slide

·ͱΊ
51

View Slide

·ͱΊ
• ίϯςφͷ֓ཁ
• ίϯςφ͸Χʔωϧʹ࣮૷͞Ε͍ͯΔ৭ʑͳػೳͷ૊Έ߹Θ
ͤͰ࣮ݱ͞Ε͍ͯΔ
• Namespace
• OS Ϧιʔεͷִ཭
• cgroup
• ϗετͷ෺ཧϦιʔεͷ੍ݶ
• σϞ
52

View Slide

lxc-jp
LXC ʹݶΒͣίϯςφͷ࿩୊Λѻ͍ͬͯ·͢ɻ
• https://groups.google.com/d/forum/lxc-jp
53

View Slide

ίϯςφܕԾ૝Խͷ৘ใަ׵ձ
• https://sites.google.com/site/containerstudy/
• http://ct-study.connpass.com/
• ίϯςφٕज़ʹؔ࿈͢Δ࿩୊Λѻ͏
• ίϯςφʹؔ࿈͢ΔΧʔωϧͷ࣮૷ʹ͍ͭͯ
• ֤छπʔϧΩοτͷ঺հɼ࣮૷ʹ͍ͭͯ
• ίϯςφٕज़Λ࢖ͬͨπʔϧ΍ιϑτ΢ΣΞͷ঺հ΍࣮૷ʹ
͍ͭͯ
• ίϯςφٕज़ͷ׆༻ɾӡ༻ࣄྫ
• ͦͷଞʮίϯςφʯͱ͍͏Ωʔϫʔυ͕গ͠Ͱ΋ೖ͍ͬͯΔ
ٕज़ʹ͍ͭͯ
• ͜Ε·Ͱେࡕͱ౦ژͰަޓʹ 8 ճ։࠵ɻ෱ԬͰ 1 ճ։࠵ɻ࣍
ճ͸େࡕͷ༧ఆ (࣌ظະఆ)
54

View Slide

ڠྗऀืू
• ҎԼͷ຋༁Λߦ͍ͬͯ·͢ɻ͕࣌ؒ͋Δͱ͖͚ͩͰ΋ྑ͍ͷ
ͰϨϏϡʔɺमਖ਼ɺվྑΛͯͩ͘͠͞Δํ׻ܴ͠·͢ɻ
• LXC ϚχϡΞϧ (man pages)
• linuxcontainers.org ίϯςϯπ
• LXD ೔ຊޠϝοηʔδ
55

View Slide

͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠
56

View Slide

Linux コンテナの基礎 / OSC2017 Osaka

Linux コンテナの基礎 / OSC2017 Osaka

tenforward

More Decks by tenforward

Other Decks in Technology

Featured

Transcript