CRIUをホスティングで試していく #hostingcasual / My CRIU Life in Progress

Transcript

1. 1.

   ϗεςΟϯάͰ$3*6Λ࢖͓͏ ۙ౻Ӊஐ࿕
   
   (.0
   1FQBCP
   *OD
   
   ϗεςΟϯάΧδϡΞϧ <)BDPOJXB
   $3*6
   ਐḿ>
   <ݕࡧ>

2. 2.

   γχΞɾϓϦϯγύϧΤϯδχΞ ۙ౻ Ӊஐ࿕ / @udzura https://blog.udzura.jp/ Uchio Kondo ٕज़෦ ٕज़ج൫νʔϜ

3. 3.

   ίϯςφ

4. 4.

   None
5. 5.

   ϗεςΟϯάʹಋೖ

6. 6.

   Web Proxy Web Request Dispatcher FastContainer Runtime CMDB ❌ FastContainer

   Killed 1. Check 2. Boot 3. Forward 4. Terminate
7. 7.

   ϦΫΤετ Ұఆ࣌ؒͷఀࢭ ఀࢭޙͷ࣍ͷϦΫΤετͰ
   Ұ͔Βىಈ OHY@NSVCZ $POUBJOFST ݱࡏͷڍಈ

8. 8.

   ࠶ىಈͷίετ

9. 9.

   None
10. 10.

    Memory dump Network conf File descriptors cgroup params ...... CRIU

    Target
 process Syscalls, /proc files ... Kernel $3*6ͰΠϝʔδΛ࡞੒ɺ͔ͦ͜Βىಈ ˞ࢀߟ
11. 11.

    ϦΫΤετ ఀࢭޙͷ࣍ͷϦΫΤετͰ
    $3*6Πϝʔδ͔Βىಈ OHY@NSVCZ $3*6ಋೖ ඇಉظͰ
    Πϝʔδͷ࠶࡞੒ $POUBJOFST $3*6
    JNBHF

12. 12.

    ޮՌଌఆ

13. 13.

    ؀ڥ Ұ෦ Bench(Bastion) Compute(Users) Web Proxy Core API CMDB 8

    Core 51GB Mem 1 Core 2GB Mem
14. 14.

    ܭଌ݁Ռ 

15. 15.

    ܭଌ݁Ռ 
    DPOUFOU
    SPPU
    
    FYU

16. 16.

    ܭଌ݁Ռ 

17. 17.

    ܭଌ݁Ռ  3FTQPOTF
    5JNF
    NT ✴"QBDIF͕Ϩεϙϯε Λฦͨ࣌ؒ͠Λൺֱɻ
    ✴"QBDIF͸͢΂ͯͷϫʔ Χʔ্ཱ͕͕ͪΔલʹ ϨεϙϯεΛฦͤΔ͜ ͱ͕ޙʹΘ͔ͬͨ

18. 18.

    ࣮૷

19. 19.

    
    ϦετΞ͞ΕͨϓϩηεΛɺ
    )BDPOJXBͷԼʹ໭͍ͨ͠ɻ Haconiwa sv-sv \- criu restore \- Container Haconiwa

    sv-sv \- Haconiwa sv \- Container ௨ৗىಈ CRIUܦ༝ͷىಈ ϑοΫॲཧ͸
    ओʹ͜͜Ͱߦ͏ ʁʁʁ
20. 20.

    ํ๏  
    TXSL
    NPEF SFTUPSFTJCMJOH shd: vagrant@pts/0 \_ -bash \_ sudo

    ../mruby/bin/mruby example/restore_child.rb \_ ../mruby/bin/mruby example/restore_child.rb <- libcriuΛݺͼग़ͨ͠mruby script \_ /usr/local/apache2/bin/httpd -DFOREGROUND -X <- ͜Ε͕ίϯςφϓϩηε \_ /usr/local/sbin/criu swrk 6 <- ͜Ε͕swrkϞʔυͰ্ཱ͕ͪͬͨαʔϏεͰɺ cr_restore_tasks() ͸͜͜ͰಡΜͰ͍Δ \_ sh -c ps auxf <- ֬ೝͷͨΊʹ system() ͨ͠΋ͷ \_ ps auxf
21. 21.

    $3*6ͷTXSL
    NPEF w
    ·ͣTXSLϞʔυͷઆ໌Ͱ͕͢ɺ͜Ε͸MJCDSJVͰؔ਺Λݺͼग़ͨ͠ࡍʹɺ ΞυϗοΫʹDSJVόΠφϦͦͷ΋ͷΛݺͼग़ͯ͠αʔϏεΛ࡞੒͠ɺݟ͔͚ ্αʔϏεͳ͠Ͱ΋DSJVͷػೳΛ࢖͏ϞʔυͰ͢ʢਤ̎ࠨʣɻ

22. 22.

    DMPOF $-0/&@1"3&/5 $ ./clone-tarou parent --use-clone-parent [!] Hey, maybe a

    new sibling is added 26627 pts/1 S+ 0:00 \_ ./clone-tarou parent --use-clone-parent 26628 pts/1 S+ 0:00 \_ clone-tarou tarou --use-clone-parent 26629 pts/1 S+ 0:00 \_ clone-tarou jirou [!] exit: PID=26628 [!] exit: PID=26629 <DMPOFͷ$-0/&@1"3&/5ϑϥάͷڍಈΛ؍࡯͢Δ>
    <ݕࡧ>
23. 23.

    clone(fun, ..., CLONE_PARENT|CLONE_NEWPID) ͸ɺΧʔωϧͷόʔδϣϯʹΑͬͯ
    ಈ͔ͳ͍Β͍͠
    $3*6ͷίϝϯτΑΓ

24. 24.

    ํ๏  
    FYFDDNE
    
    ͬͪ͜Λ࠾༻ Haconiwa sv \- criu restore \- Container

    Haconiwa sv \- haconiwa _restored \- Container FYFD XBJU wDSJVίϚϯυͰϦετΞ͔ͯ͠Βɺ೚ҙͷϓϩάϥϜʹFYFDWF Ͱ͖Δ
    wFYFDલʹGPSLͨ͠ϓϩηεΛɺ৽͍͠ϓϩάϥϜଆͰXBJU Ͱ͖Δ
25. 25.

    
    &YUFSOBM
    CJOE
    NPVOU
    ରԠ /path/to/pivot_root `- / (bind-mount self) `- /etc -> /other/etc

    `- /home/foo -> /other2/home `- /var/log -> /other3/log wSPPUGT
    ͷ֎ଆʹ͋ΔϑΝΠϧγεςϜSPPUΛ
    CJOENPVOU
    ͯ͠ɺ
 DISPPUQJWPU@SPPU 
    ͔ͯ͠Β΋࢖͑ΔΑ͏ʹ͢Δ͜ͱ͕Α͋͘Δ™
    wͦ͏͍͏֎ଆͷϑΝΠϧγεςϜΛ$3*6͕ཧղͰ͖ΔΑ͏ʹ͢Δ ͜͜ʹpivot_root
26. 26.

    &YUFSOBM
    CJOE
    NPVOU
    ͕͏·͍͔͘Μ

27. 27.

    Φϓγϣϯ௕͗͢ΜͶΜ໰୊

28. 28.

    
    Ṗʹͭͳ͕Βͳ͍ωοτϫʔΫ

29. 29.

    ωοτϫʔΫϩοΫ͕1"5)͕ͳ͍ͷͰ
 ղআ͞Εͳ͍ɻ

30. 30.

    
    ཯଎ͯ͠Δʁ໰୊ Hotstart Start from CRIU

31. 31.

    Web Proxy Web Request Dispatcher FastContainer Runtime CMDB ❌ FastContainer

    Killed 1. Check 2. Boot 3. Forward 4. Terminate 'BTU3FNPUF$IFDLͱ͍͏
    NHFNΛར༻ͯ͠଴͍ͬͯΔ͕ɺ
    ઃఆ͕มʁ
32. 32.

    'BTU3FNPUF$IFDLͷύϥϝʔλௐ੔

33. 33.

    None
34. 34.

    IUUQTHJUIVCDPNIBDPOJXBIBDPOJXBQVMMT RJT"QS JT"DMPTFE ͦͷ΄͔ wࡉʑͱࠔͬͨ͜ͱ͕͕͋ͬͨɺׂͱҰ௨ΓରԠͰ͖ͨؾ͕͢Δɻ
    wԼه͸ࢀߟ΢ΣοϒϖʔδͰ͢

35. 35.

    ࠓޙ

36. 36.

    ϦϦʔεͰ͖ΔΑ͏ؤுΔͧʙ OPEB͞Μ͕

37. 37.

    (SFOBEJOF
    ͱ͍͏ͷΛ࡞ͬͨ

38. 38.

    None