CRIUをホスティングで試していく #hostingcasual / My CRIU Life in Progress

Transcript

1. ϗεςΟϯάͰ$3*6Λ࢖͓͏ ۙ౻Ӊஐ࿕
   
   (.0
   1FQBCP
   *OD
   
   ϗεςΟϯάΧδϡΞϧ <)BDPOJXB
   $3*6
   ਐḿ>
   <ݕࡧ>

2. γχΞɾϓϦϯγύϧΤϯδχΞ ۙ౻ Ӊஐ࿕ / @udzura https://blog.udzura.jp/ Uchio Kondo ٕज़෦ ٕज़ج൫νʔϜ

3. ίϯςφ

4. None

5. ϗεςΟϯάʹಋೖ

6. Web Proxy Web Request Dispatcher FastContainer Runtime CMDB ❌ FastContainer

   Killed 1. Check 2. Boot 3. Forward 4. Terminate

7. ϦΫΤετ Ұఆ࣌ؒͷఀࢭ ఀࢭޙͷ࣍ͷϦΫΤετͰ
   Ұ͔Βىಈ OHY@NSVCZ $POUBJOFST ݱࡏͷڍಈ

8. ࠶ىಈͷίετ

9. None

10. Memory dump Network conf File descriptors cgroup params ...... CRIU

    Target
 process Syscalls, /proc files ... Kernel $3*6ͰΠϝʔδΛ࡞੒ɺ͔ͦ͜Βىಈ ˞ࢀߟ

11. ϦΫΤετ ఀࢭޙͷ࣍ͷϦΫΤετͰ
    $3*6Πϝʔδ͔Βىಈ OHY@NSVCZ $3*6ಋೖ ඇಉظͰ
    Πϝʔδͷ࠶࡞੒ $POUBJOFST $3*6
    JNBHF

12. ޮՌଌఆ

13. ؀ڥ Ұ෦ Bench(Bastion) Compute(Users) Web Proxy Core API CMDB 8

    Core 51GB Mem 1 Core 2GB Mem

14. ܭଌ݁Ռ 

15. ܭଌ݁Ռ 
    DPOUFOU
    SPPU
    
    FYU

16. ܭଌ݁Ռ 

17. ܭଌ݁Ռ  3FTQPOTF
    5JNF
    NT ✴"QBDIF͕Ϩεϙϯε Λฦͨ࣌ؒ͠Λൺֱɻ
    ✴"QBDIF͸͢΂ͯͷϫʔ Χʔ্ཱ͕͕ͪΔલʹ ϨεϙϯεΛฦͤΔ͜ ͱ͕ޙʹΘ͔ͬͨ

18. ࣮૷

19. 
    ϦετΞ͞ΕͨϓϩηεΛɺ
    )BDPOJXBͷԼʹ໭͍ͨ͠ɻ Haconiwa sv-sv \- criu restore \- Container Haconiwa

    sv-sv \- Haconiwa sv \- Container ௨ৗىಈ CRIUܦ༝ͷىಈ ϑοΫॲཧ͸
    ओʹ͜͜Ͱߦ͏ ʁʁʁ

20. ํ๏  
    TXSL
    NPEF SFTUPSFTJCMJOH shd: vagrant@pts/0 \_ -bash \_ sudo

    ../mruby/bin/mruby example/restore_child.rb \_ ../mruby/bin/mruby example/restore_child.rb <- libcriuΛݺͼग़ͨ͠mruby script \_ /usr/local/apache2/bin/httpd -DFOREGROUND -X <- ͜Ε͕ίϯςφϓϩηε \_ /usr/local/sbin/criu swrk 6 <- ͜Ε͕swrkϞʔυͰ্ཱ͕ͪͬͨαʔϏεͰɺ cr_restore_tasks() ͸͜͜ͰಡΜͰ͍Δ \_ sh -c ps auxf <- ֬ೝͷͨΊʹ system() ͨ͠΋ͷ \_ ps auxf

21. $3*6ͷTXSL
    NPEF w
    ·ͣTXSLϞʔυͷઆ໌Ͱ͕͢ɺ͜Ε͸MJCDSJVͰؔ਺Λݺͼग़ͨ͠ࡍʹɺ ΞυϗοΫʹDSJVόΠφϦͦͷ΋ͷΛݺͼग़ͯ͠αʔϏεΛ࡞੒͠ɺݟ͔͚ ্αʔϏεͳ͠Ͱ΋DSJVͷػೳΛ࢖͏ϞʔυͰ͢ʢਤ̎ࠨʣɻ

22. DMPOF $-0/&@1"3&/5 $ ./clone-tarou parent --use-clone-parent [!] Hey, maybe a

    new sibling is added 26627 pts/1 S+ 0:00 \_ ./clone-tarou parent --use-clone-parent 26628 pts/1 S+ 0:00 \_ clone-tarou tarou --use-clone-parent 26629 pts/1 S+ 0:00 \_ clone-tarou jirou [!] exit: PID=26628 [!] exit: PID=26629 <DMPOFͷ$-0/&@1"3&/5ϑϥάͷڍಈΛ؍࡯͢Δ>
    <ݕࡧ>

23. clone(fun, ..., CLONE_PARENT|CLONE_NEWPID) ͸ɺΧʔωϧͷόʔδϣϯʹΑͬͯ
    ಈ͔ͳ͍Β͍͠
    $3*6ͷίϝϯτΑΓ

24. ํ๏  
    FYFDDNE
    
    ͬͪ͜Λ࠾༻ Haconiwa sv \- criu restore \- Container

    Haconiwa sv \- haconiwa _restored \- Container FYFD XBJU wDSJVίϚϯυͰϦετΞ͔ͯ͠Βɺ೚ҙͷϓϩάϥϜʹFYFDWF Ͱ͖Δ
    wFYFDલʹGPSLͨ͠ϓϩηεΛɺ৽͍͠ϓϩάϥϜଆͰXBJU Ͱ͖Δ

25. 
    &YUFSOBM
    CJOE
    NPVOU
    ରԠ /path/to/pivot_root `- / (bind-mount self) `- /etc -> /other/etc

    `- /home/foo -> /other2/home `- /var/log -> /other3/log wSPPUGT
    ͷ֎ଆʹ͋ΔϑΝΠϧγεςϜSPPUΛ
    CJOENPVOU
    ͯ͠ɺ
 DISPPUQJWPU@SPPU 
    ͔ͯ͠Β΋࢖͑ΔΑ͏ʹ͢Δ͜ͱ͕Α͋͘Δ™
    wͦ͏͍͏֎ଆͷϑΝΠϧγεςϜΛ$3*6͕ཧղͰ͖ΔΑ͏ʹ͢Δ ͜͜ʹpivot_root

26. &YUFSOBM
    CJOE
    NPVOU
    ͕͏·͍͔͘Μ

27. Φϓγϣϯ௕͗͢ΜͶΜ໰୊

28. 
    Ṗʹͭͳ͕Βͳ͍ωοτϫʔΫ

29. ωοτϫʔΫϩοΫ͕1"5)͕ͳ͍ͷͰ
 ղআ͞Εͳ͍ɻ

30. 
    ཯଎ͯ͠Δʁ໰୊ Hotstart Start from CRIU

31. Web Proxy Web Request Dispatcher FastContainer Runtime CMDB ❌ FastContainer

    Killed 1. Check 2. Boot 3. Forward 4. Terminate 'BTU3FNPUF$IFDLͱ͍͏
    NHFNΛར༻ͯ͠଴͍ͬͯΔ͕ɺ
    ઃఆ͕มʁ

32. 'BTU3FNPUF$IFDLͷύϥϝʔλௐ੔

33. None

34. IUUQTHJUIVCDPNIBDPOJXBIBDPOJXBQVMMT RJT"QS JT"DMPTFE ͦͷ΄͔ wࡉʑͱࠔͬͨ͜ͱ͕͕͋ͬͨɺׂͱҰ௨ΓରԠͰ͖ͨؾ͕͢Δɻ
    wԼه͸ࢀߟ΢ΣοϒϖʔδͰ͢

35. ࠓޙ

36. ϦϦʔεͰ͖ΔΑ͏ؤுΔͧʙ OPEB͞Μ͕

37. (SFOBEJOF
    ͱ͍͏ͷΛ࡞ͬͨ

38. None