Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Zigでコンテナランタイム作ってみた
Search
LINE Developers
PRO
September 24, 2022
Technology
7
3.6k
Zigでコンテナランタイム作ってみた
第55回情報科学若手の会での登壇資料です。
登壇者:井上紘太朗
LINE Developers
PRO
September 24, 2022
Tweet
Share
More Decks by LINE Developers
See All by LINE Developers
LINEスタンプのSREing事例集:大きなスパイクアクセスを捌くためのSREing
line_developers
PRO
1
2k
Java 21 Overview
line_developers
PRO
6
1k
Code Review Challenge: An example of a solution
line_developers
PRO
1
1.1k
KARTEのAPIサーバ化
line_developers
PRO
1
440
著作権とは何か?〜初歩的概念から権利利用法、侵害要件まで
line_developers
PRO
5
2k
生成AIと著作権 〜生成AIによって生じる著作権関連の課題と対処
line_developers
PRO
3
2k
マイクロサービスにおけるBFFアーキテクチャでのモジュラモノリスの導入
line_developers
PRO
9
3k
A/B Testing at LINE NEWS
line_developers
PRO
3
830
LINEのサポートバージョンの考え方
line_developers
PRO
2
1.1k
Other Decks in Technology
See All in Technology
OS 標準のデザインシステムを超えて - より柔軟な Flutter テーマ管理 | FlutterKaigi 2024
ronnnnn
1
300
FlutterアプリにおけるSLI/SLOを用いたユーザー体験の可視化と計測基盤構築
ostk0069
0
120
個人でもIAM Identity Centerを使おう!(アクセス管理編)
ryder472
4
240
Amplify Gen2 Deep Dive / バックエンドの型をいかにしてフロントエンドへ伝えるか #TSKaigi #TSKaigiKansai #AWSAmplifyJP
tacck
PRO
0
390
10XにおけるData Contractの導入について: Data Contract事例共有会
10xinc
7
690
Amazon CloudWatch Network Monitor のススメ
yuki_ink
1
210
VideoMamba: State Space Model for Efficient Video Understanding
chou500
0
190
心が動くエンジニアリング ── 私が夢中になる理由
16bitidol
0
100
The Role of Developer Relations in AI Product Success.
giftojabu1
1
150
【Pycon mini 東海 2024】Google Colaboratoryで試すVLM
kazuhitotakahashi
2
560
アジャイルでの品質の進化 Agile in Motion vol.1/20241118 Hiroyuki Sato
shift_evolve
0
180
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
130
Featured
See All Featured
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
47
2.1k
The World Runs on Bad Software
bkeepers
PRO
65
11k
[RailsConf 2023] Rails as a piece of cake
palkan
52
4.9k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
Unsuck your backbone
ammeep
668
57k
Code Review Best Practice
trishagee
64
17k
Imperfection Machines: The Place of Print at Facebook
scottboms
265
13k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
93
16k
GitHub's CSS Performance
jonrohan
1030
460k
Intergalactic Javascript Robots from Outer Space
tanoku
269
27k
Designing Experiences People Love
moore
138
23k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
Transcript
ZigͰίϯςφϥϯλΠϜ ࡞ͬͯΈͨ 2022/09/24 @ ୈ55ճใՊֶएखͷձ LINEגࣜձࣾɹҪ্ ߛଠ࿕ (@musaprg)
Ҫ্ ߛଠ࿕ (@musaprg) • ॴଐ LINEגࣜձࣾ ITαʔϏεηϯλʔ VerdaϓϥοτϑΥʔϜ։ൃKνʔϜ
• Α͘͏ݴޠ Go, Python • ࠷ۙͷΠνΦγ࡞ ʮCyberpunk: Edgerunnersʯ ʮϦίϦεɾϦίΠϧʯ
Verda • LINEגࣜձࣾͰɾӡ༻͍ͯ͠ΔϓϥΠϕʔτΫϥυ • ΤεϖϥϯτޠͰʮʯ • ͞·͟·ͳαʔϏεΛఏڙ͍ͯ͠Δ • Server (VM/PM),
• Load Balancer • MySQL • VOS (Object Storage) • Managed Kubernetes (VKS: Verda Kubernetes Service) • etc.
Verdaͷن • 202209݄ݱࡏͷ౷ܭ 7,4 ϊʔυ Ҏ্
7,4 Ϋϥελ Ҏ্ 7FSEB Ծαʔό Ҏ্
Ҏ߱ͷൃද༰ ॴଐاۀͷۀͱؔ͋Γ·ͤΜ
ຊͷ͓͠ͳ͕͖ 1. ·͓͖͑ 2. शίϯςφϥϯλΠϜ 3. runzigcͷհ 4.
ZigͷΑ͔ͬͨɾࠔͬͨ 5. ·ͱΊ
ຊͷ͓͠ͳ͕͖ 1. ·͓͖͑ 2. शίϯςφϥϯλΠϜ 3. runzigcͷհ 4.
ZigͷΑ͔ͬͨɾࠔͬͨ 5. ·ͱΊ
ຊηογϣϯͷΰʔϧ • ίϯςφϥϯλΠϜͷΈΛͬ͘͟ΓΔ • ZigͷഽײΛΔʢGopherࢹʣ • ͋ΘΑ͘ίϯςφϥϯλΠϜΛࣗ࡞ͯ͠ΈΑ͏ͱ͍͏ؾʹͳΔ
͜Μͳਓʹͱͬͯ໘ന͍͔ • ίϯςφϥϯλΠϜͷ࣮ʹڵຯ͕͋Δ • Zigͱ͍͏ϓϩάϥϛϯάݴޠʹڵຯ͕͋Δ
͜ΜͳਓʹΓͳ͍͔… • ʢDockerΛ༻͍ͯʣͦͦίϯςφΛར༻ͨ͜͠ͱ͕ͳ͍ • ίϯςφϥϯλΠϜΛ࡞ͬͨ͜ͱ͕͋Δ or ཁૉٕज़Λཧղ͍ͯ͠Δ • ओཁͳίϯςφϥϯλΠϜ࣮ʢruncʣΛಡΜͩ͜ͱ͕͋Δ •
ZigͰͦΕͳΓͷنʹϓϩάϥϜΛॻ͍ͨ͜ͱ͕͋Δ
ຊͷ͓͠ͳ͕͖ 1. ·͓͖͑ 2. शίϯςφϥϯλΠϜ 3. runzigcͷհ 4.
ZigͷΑ͔ͬͨɾࠔͬͨ 5. ·ͱΊ
• ιϑτΣΞͱ࣮ߦڥΛͻͱ·ͱΊʹ → ίϯςφΠϝʔδ • ΠϝʔδΛల։ɾ࣮ߦ͢ΔͨΊͷԾతͳִڥ → ίϯςφ
• ίϯςφΛ࡞ɾཧ͢ΔͨΊͷπʔϧ܈ → Docker Dockerίϯςφ͓͞Β͍ ίϯςφΠϝʔδ ιϑτΣΞ ࣮ߦڥ -JOVYΧʔωϧ ίϯςφ ίϯςφ ίϯςφ
• ΠϝʔδͷϏϧυ docker build -t musaprg/hello . Dockerίϯςφ͓͞Β͍ ίϯςφΠϝʔδ
ιϑτΣΞ ࣮ߦڥ -JOVYΧʔωϧ ίϯςφ ίϯςφ ίϯςφ
• ΠϝʔδͷϏϧυ docker build -t musaprg/hello . • ίϯςφͷىಈ
docker run musaprg/hello Dockerίϯςφ͓͞Β͍ ίϯςφΠϝʔδ ιϑτΣΞ ࣮ߦڥ -JOVYΧʔωϧ ίϯςφ ίϯςφ ίϯςφ )FMMP
ίϯςφΛىಈ͢Δͱى͖Δ͜ͱ • ߴϨϕϧϥϯλΠϜ • Πϝʔδͷཧ • ωοτϫʔΫͷઃఆ ͳͲ • ϨϕϧϥϯλΠϜ
• ࣮ߦڥͷִ • ίϯςφͷཧʢىಈఀࢭʣ ͳͲ https://medium.com/nttlabs/container-runtime-student-internship-2022-q1-89a7113e0cde ʹܝࡌ͞Ε͍ͯΔਤΛͱʹվม
ίϯςφΛىಈ͢Δͱى͖Δ͜ͱ • ߴϨϕϧϥϯλΠϜ • Πϝʔδͷཧ • ωοτϫʔΫઃఆ • ϨϕϧϥϯλΠϜ •
࣮ߦڥͷִ • ίϯςφͷཧʢىಈఀࢭʣ https://medium.com/nttlabs/container-runtime-student-internship-2022-q1-89a7113e0cde ʹܝࡌ͞Ε͍ͯΔਤΛͱʹվม ࠓճ࡞͍ͬͯΔͷͬͪ͜
ϨϕϧϥϯλΠϜ͕ͬͯΔ͜ͱ • OCI Runtime Specͱ͍͏ن͕֨ଘࡏ https://github.com/opencontainers/runtime-spec • ΠϯλʔϑΣʔε
create, start, delete, kill, state • ֤छϑΥʔϚοτ • ίϯςφͷϑΝΠϧߏʢFilesystem Bundleʣ • ίϯςφͷ༷ϑΝΠϧʢcon fi gʣ
ϨϕϧϥϯλΠϜ͕ͬͯΔ͜ͱ • ࣮ߦڥͷִํ๏ԿͰ͍͍ʢنఆͳ͍ʣ ྫɿLinuxͷػೳΛ࣮ͬͯߦڥΛִ͢Δ • Namespaces → ίϯςφ༻ʹϦιʔεΛִ
PID, UTS(hostname), mount point, network, cgroups, IPC, etc. • Control Group (cgroups) → Ϧιʔεͷ੍ޚʢྫ: cpumemoryͷ༻ྔΛ੍ݶʣ
ίϯςφٕज़Λߏ͢Δsyscallͨͪ • fork(2), clone(2) → ࢠϓϩηεͷ࡞ • exec(2) → ϓϩηεͷஔ͖͑ʢ࣮ߦʣ
• unshare(2) → NamespaceΛ࡞ɺ࣮ߦڥͷִ • pivot_root(2) → rootσΟϨΫτϦʢ”/“ʣͷมߋ • etc. ※cgroupsͷઃఆಛघϑΝΠϧγεςϜܦ༝Ͱॻ͖ࠐΉɻ mount point: /sys/fs/cgroup/${subsystem_name}
ϨϕϧϥϯλΠϜࢹͷىಈϓϩηε • ӈਤruncͷ෦ॲཧ ਤോখ༷ͷهࣄΑΓҾ༻ʢͱͯΘ͔Γ͍͢ͷͰΦεεϝʣ https://kurobato.hateblo.jp/entry/2021/05/02/164218 • ίϯςφ࡞ʢrunc createʣ
→ ෦తͳॳظԽॲཧʢrunc initʣ • 2ճforkΛ͢Δͷ͕ಛతʢdouble-forkʣ • namespaceॱংͷؔ
ຊͷ͓͠ͳ͕͖ 1. ·͓͖͑ 2. शίϯςφϥϯλΠϜ 3. runzigcͷհ 4.
ZigͷΑ͔ͬͨɾࠔͬͨ 5. ·ͱΊ
Zig • libcඇґଘͷγϯάϧόΠφϦɾΫϩείϯύΠϧɾWebAssemblyରԠ • ݴޠ༷Λγϯϓϧʹอͭ͜ͱΛڧ͘ҙࣝͨ͠ઃܭ • Ӆṭ͞Ε੍ͨޚϑϩʔ͕ଘࡏ͠ͳ͍ʢe.g., ྫ֎, ԋࢉࢠΦʔόʔϩʔυʣ •
҉తͳώʔϓͷ֬อߦΘΕͳ͍ɻશͯ໌ࣔతʹϝϞϦཧΛߦ͏ɻ • C / C++ͱͷ૬ޓӡ༻͕ՄೳʢZig Toolchainͦͷͷ͕C/C++ίϯύΠϥʣ • ݴޠ༷ະͩunstableʢݱࡏͷόʔδϣϯ: v0.9.1ʣ Zig Project - Logomark / CC BY-SA 4.0.
runzigc • ZigͰॻ͔ΕͨϨϕϧίϯςφϥϯλΠϜ https://github.com/musaprg/runzigc • runcͷίʔυΛ”େ͍ʹ”ࢀߟʹ͍ͯ͠·͢ • Namespace: User,
UTS, PIDͷΈ • cgroups v1ʢcpu, memͷΈʣ • OCI Runtime Specʹະ४ڌ
Demo
ຊͷ͓͠ͳ͕͖ 1. ·͓͖͑ 2. शίϯςφϥϯλΠϜ 3. runzigcͷհ 4.
ZigͷΑͦ͞͏ͳɾࠔͬͨ 5. ·ͱΊ
ॻ͍ͯͯײͨ͡ZigͷΑ͞ 1/2 • ޡղΛڪΕͣʹݴ͏ͱʮࡶʹॻ͚ΔCݴޠʯ • ײ֮తʹɺ͍͍ͩͨGoͱRustͷؒ͘Β͍ • ߏจγϯϓϧͳͷͰɺൺֱతαΫαΫॻ͚Δ • ܕදهʹ͍ͭͯগ͠Ϋη͕͋ΔͷͰ׳Εඞཁ
ॻ͍ͯͯײͨ͡ZigͷΑ͞ 2/2 • ܰྔͳSingle static binaryΛు͚Δ • libcͷґଘ͕ͳ͍ͷͰऔΓճ͕͠ྑ͍ • ࡶͰ؆қతͳྫˠ
Zig 0.9.1 Target: x86_64-linux Optimize: -O ReleaseSmall debug symbol stripped single threaded →ɹ 4.5 KiB const std = @import("std"); pub fn main() void { std.debug.print("Hello, world!\n", .{}); }
ࠔͬͨ͜ͱ 1/4 • Errorͦͷͷʹ࣋ͨͤΔ͜ͱ͕Մೳͳใ͕গͳ͍ • error.PermissionDeniedɺ ”PermissionDenied”Ҏ্ͷใΛͨͳ͍ →
ελοΫτϨʔεɾσόοάϩάͳͲΛิॿతʹ༻͍Δ͜ͱͰ ݪҼՕॴͱঢ়گͷಛఆͰ͖ΔͷͰेͰ͋Δʁ
ࠔͬͨ͜ͱ 2/4 • nճϧʔϓ࣮ʹศརͳfor(int i = 0;i<n;++i)ʹ͋ͨΔߏจ͕ͳ͍ • Zigͷforɺ͍ΘΏΔfor-eachɻ
→ɹwhile-loopͰهड़͢Δ ɹɹɹɹor ɹɹpythonͰ͍͏range()ʹ͋ͨΔͷΛࣗલ࣮ • ҰԠproposalग़͍ͯΔ
ࠔͬͨ͜ͱ 3/4 • Ұ෦ͷLinuxγεςϜίʔϧZigඪ४ϥΠϒϥϦͷ࣮͕ଘࡏ͠ͳ͍ • sethostname(2)ͳͲ → ฦΓͷerrnoΛ
ZigͷerrorʹϚοϓ͢Δ ࣮Λఆٛͯ͠ରԠ pub fn valOrErr(val: anytype, errno: usize) LinuxKernelError!@TypeOf(val) { return switch (os.errno(errno)) { .SUCCESS => val, .PERM => error.OperationNotPermitted, // … else => |e| return os.unexpectedErrno(e), }; } pub fn sethostname(hostname: []const u8) SetHostNameError!void { const result = switch (native_arch) { else => linux.syscall2(.sethostname, @ptrToInt(hostname.ptr), hostname.len), }; return valOrErr({}, result); }
ࠔͬͨ͜ͱ 4/4 • ώʔϓͷཧ͕ඞཁͳͷएׯ໘ • defer/errdeferͱ͍ͬͨείʔϓϕʔεͷ੍ޚߏจ͋Δ • RustͷΑ͏ʹউखʹղ์ ͯ͘͠Εͳ͍
{ var values = std.ArrayList( []const u8).init(allocator); defer values.deinit(); } // είʔϓΛൈ͚ͨ࣌Ͱ // ArrayList༻ʹ֬อ͞ΕͨϝϞϦdealloc͞ΕΔ
ຊͷ͓͠ͳ͕͖ 1. ·͓͖͑ 2. शίϯςφϥϯλΠϜ 3. runzigcͷհ 4.
ZigͷΑ͔ͬͨɾࠔͬͨ 5. ·ͱΊ
·ͱΊ • Linuxʹ͓͚Δίϯςφɺ cgroups + namespace Λ༻͍ͯ ϓϩηεͷϦιʔεΛ࣮ͯ͠ݱ͍ͯ͠Δ •
ίϯςφϥϯλΠϜͷ͏ͪɺϨϕϧϥϯλΠϜ͕ϦιʔεͷΛ ୲͍ͬͯΔ • ZigͰϨϕϧίϯςφϥϯλΠϜ runzigc Λ࡞͍ͬͯ·͢ • Zigͷݴޠ༷unstableɺ·ͩ·ͩൃల్্Ͱࠓޙʹ
runzigcͷকདྷ • OCI Runtime Specશ४ڌ • Cgroup v1࣮ɾCgroup v2ରԠ •
SeccompରԠ • ߴϨϕϧϥϯλΠϜ࣮Ճ ʴ CRIରԠ • ྑ͍ײ͡ͷ໊લΛߟ͑Δʢืूதʣ
ײ • ͪΌΜͱ࣮ͨ͠ΒऔΓճ͠ͷ͍͍ܰྔίϯςφϥϯλΠϜ͕ ര͢ΔͷͰ…ʁͱ͍͏୶͍ظΛ๊͍͍ͯΔɻ • ݱஈ֊Ͱ͓ͪΌͷҬɺΏ͘Ώ͑͘Δͷʹ͍͖͍ͯͨ͠ • ΈΛཧղ͢ΔʹɺࣗͰ࡞ͬͯΈΔͷ͕Ұ൪ •
Έͳ͞ΜίϯςφϥϯλΠϜ࡞ͬͯΈ·ͤΜ͔ʁ
Reference • ίϯςφϢʔβͳΒ୭͕͍ͬͯΔϥϯλΠϜʮruncʯΛ၆ᛌ͢Δ [Container Runtime Meetup #1ൃදϨϙʔτ] https://medium.com/ nttlabs/runc-overview-263b83164c98 •
Low-level Container Runtime:Runc Internals https:// kurobato.hateblo.jp/entry/2021/05/02/164218 • opencontainers/runc https://github.com/opencontainers/runc • containers/youki https://github.com/containers/youki
͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠
Q&A