コンテナの研究開発から学ぶLinuxの要素技術

Transcript

1. 3-shake SRE Tech Talk #3 εϦʔγΣΠΫٕज़ސ໰ দຊ྄հ / ·ͭ΋ͱΓʔ 2022/03/18
   ίϯςφͷݚڀ։ൃ͔ΒֶͿLinuxͷཁૉٕज़
   IEEE Computer Society Flagship Conference ࠾࿥Λ௨ͯ͡
   

   View Slide

2. 2
   ɾגࣜձࣾεϦʔγΣΠΫ ٕज़ސ໰
   
   
   ɾ͘͞ΒΠϯλʔωοτݚڀॴ ্ڃݚڀһɺͦͷଞෳ਺ࣾͷٕज़ސ໰
   
   
   ɾ৘ใॲཧֶձ IOTݚڀձ OSݚڀձ ҕһɾװࣄ
   
   
   ɾΠϯλʔωοτٕज़ୈ163ҕһձ ӡӦҕһ
   
   
   ɾIEEE / ACM / USENIX ֤छձһ
   
   
   ɾژ౎େֶത࢜ʢ৘ใֶʣ
   
   
   ɾhttps://research.matsumoto-r.jp/
   দຊ྄հ / ·ͭ΋ͱΓʔ / @matsumotory
   

   View Slide

3. • ݚڀ։ൃʹ͓͍ͯ͜Ε·Ͱͷ՝୊Λղܾ͢ΔͨΊʹ͸৽ٕज़͕ඞཁ
   
   
   • ͱ͸͍͑ɺطଘٕज़ͷ૊Έ߹ΘͤΛ׆༻͢Δέʔε΋ଟ͍
   
   
   • طଘٕज़ΛվΊͯղੳɾධՁ͠ɺͦͷػೳΛ࠶ݕূ͢Δ͜ͱ͕ଟ͍
   
   
   • طଘٕज़ͷ಺෦͔Βৄ͘͠ͳ͍ͬͯ͘ʂ
   
   
   • ࠓ೔͸2016೥͔Β࢝ΊͨίϯςφݚڀΛ঺հ͠ͳ͕ΒͦͷҰྫΛ঺հ͠·͢
   3
   ݚڀ։ൃ͔Βཁૉٕज़ΛֶͿ
   

   View Slide

4. • COMPSAC: IEEE Computer Society Flagship International Conference
   
   
   • COMPSAC 2020 Message from the 2020 Program Chairs-in-Chief ※1
   
   
   • over 450 submissions this year, to both our conference tracks and associated workshops
   
   
   • accepted 69 regular papers and 69 short papers
   
   
   • 76 papers that were not accepted for the main conference were referred to COMPSAC
   workshops
   
   
   • An additional 146 papers were submitted directly to our associated workshops
   
   
   • ͜ΕΒΛಡΉݶΓRegular Paperͷ࠾୒཰͸ 69 / (450 - 146) ͷ23%ҎԼ
   4
   COMPSAC 2020 Regular Paper
   ˞.FTTBHFGSPNUIF1SPHSBN$IBJSTJO$IJFG IUUQTJFFFDPNQTBDDPNQVUFSPSH
   

   View Slide

5. 1. എܠͱ໨త
   
   
   2. ؔ࿈ݚڀͷ՝୊
   
   
   3. ఏҊख๏
   
   
   4. ࣮ݧͱߟ࡯
   
   
   5. ·ͱΊͱaccept·Ͱͷաఔ
   5
   ໨࣍
   

   View Slide

6. 1.
   എܠͱ໨త
   

   View Slide

7. • ݸਓ͕౰ͨΓલʹଟछଟ༷ͳWebαΠτΛ࣋ͭ࣌୅
   
   
   • Ϋϥ΢υɾVPSͷΑ͏ͳࣗ༝౓ͱִ཭؀ڥʢΠϯελϯεʣʹର͢Δཁٻ
   
   
   • SNSΛհͯ͠ݸਓͷίϯςϯπΛ֦ࢄ͠΍͍࣌͢୅
   
   
   • ݸਓͷWebαΠτ΁ͷΞΫηεूத͢Δػձͷ૿େ
   
   
   • ݸਓαΠτͰ΋ΞΫηεूத΍ো֐ͱ͍ͬͨมԽʹڧ͍ج൫͕ඞཁ
   
   
   • ༧ଌͰ͖ͳ͍ΞΫηε܏޲ͱϦιʔεׂ౰ΛϦΞΫςΟϒʹߦ͍͍ͨ
   
   
   • ଟछଟ༷ͳWebΞϓϦʹͰ͖Δ͚ͩରԠͯ͠બ୒ࢶΛఏڙ͍ͨ͠
   7
   ݸਓͷWebαΠτ΁ͷΞΫηεूத΍৴པੑ
   

   View Slide

8. 1. Πϯελϯε্ͰWordPressͷΑ͏ͳҰൠత͔ͭଟ༷ͳWebΞϓϦ͕ಈ࡞Մೳ
   
   
   • ઐ໳తͳ஌͕ࣝͳͯ͘΋ར༻Ͱ͖Δ҆ՁͳαʔϏεΛ࣮ݱ͍ͨ͠
   
   
   2. Πϯελϯεͷঢ়ଶมߋॲཧ͕ߴ଎
   
   
   • Πϯελϯε(ίϯςφ)ͷঢ়ଶͷఀࢭɾىಈɾεέʔϦϯάΛߴ଎ʹ॥؀
   
   
   • ϦΫΤετ୯ҐͰϦΞΫςΟϒʹঢ়ଶΛܾఆ → มԽʹڧ͍ج൫΁
   
   
   3. ϋʔυ΢ΣΞϦιʔεͷར༻ޮ཰Λ޲্
   
   
   • ϦΫΤετ͕ແ͍Πϯελϯε͸Ұఆظؒىಈޙʹఀࢭ
   
   
   ΠϯελϯεΛߴूੵʹऩ༰ՄೳͰมԽʹڧ͍Ծ૝Խج൫FastContainer
   8
   ߃ৗੑͷ͋ΔมԽʹڧ͍ج൫ͷؔ࿈ݚڀ※1
   ˞3ZPTVLF.BUTVNPUP 6DIJP,POEP ,FOUBSP,VSJCBZBTIJ 'BTU$POUBJOFS")PNFPTUBUJD4ZTUFN"SDIJUFDUVSF)JHITQFFE"EBQUJOH&YFDVUJPO
   &OWJSPONFOU$IBOHFT 5IFSE"OOVBM*&&&*OUFSOBUJPOBM$PNQVUFST 4PGUXBSF BOE"QQMJDBUJPOT$POGFSFODF $0.14"$
   +VMZ
   

   View Slide

9. • Մ༻ੑ୲อͷͨΊʹෳ਺ΠϯελϯεՔಇͤ͞Δ͜ͱʹΑΔίετͷ૿େ
   
   
   • ෳ਺ͷऩ༰αʔόʹΠϯελϯεΛͦΕͧΕՔಇͤ͞Δ͜ͱͰՄ༻ੑΛ୲อ
   
   
   • ߴूੵʹΠϯελϯεऩ༰͢Δ؍఺͔ΒͰ͖Δ͚ͩϦιʔεΛઅ໿͍ͨ͠
   
   
   • ར༻ऀ໨ઢͰ΋Մ༻ੑΛ୲อͭͭ͠අ༻Λ࡟ݮ͍ͨ͠
   
   
   • ґવͱͯ͠ɺHTTPͷϨεϙϯελΠϜͷ؍఺͔ΒɺFastContainerͷHTTPϦ
   ΫΤετܖػͰঢ়ଶΛมߋ͢Δ࣌ؒͷ୹ॖ΋՝୊
   
   
   • ίϯςφࣗମ͸଎͘ىಈͯ͠΋தͰಈ͘αʔόϓϩηεͷىಈ͕஗͍
   9
   FastContainer͓Αͼؔ࿈ݚڀͷՄ༻ੑͷ՝୊
   

   View Slide

10. 1. Πϯελϯε্ͰWordPressͷΑ͏ͳҰൠతͳWebΞϓϦ͕ಈ࡞Մೳ
    
    
    2. ୯ҰΠϯελϯεͰ΋ऩ༰αʔόো֐࣌ʹ͸ผαʔό΁ࣗಈతʹ࠶഑ஔՄೳ
    
    
    3. Πϯελϯεͷ࠶഑ஔͷ࣮ߦ࣌Ͱ͋ͬͯ΋਺ඵͷ஗ԆͰHTTPλΠϜΞ΢τ͢
    Δ͜ͱͳ͘ΦϯϥΠϯͰϨεϙϯεΛૹ৴Մೳ
    
    
    • ྫ͑͹εϚʔτϑΥϯͰ4GճઢΛܦ༝͢Δͱਓ͕ؒؾ͔ͮͳ͍Α͏ͳ஗Ԇ
    
    
    ΠϯελϯεΛߴ଎ʹ࠶഑ஔՄೳʹ͢Δ͜ͱͰूੵ཰Λ޲্ͤ͞
    
    
    ௿ίετͳج൫Λ࣮ݱ͢ΔεέδϡʔϦϯάख๏ͷఏҊ
    10
    ݚڀͷ໨త: ϦΫΤετ୯Ґ ͰͷΠϯελϯε࠶഑ஔ
    

    View Slide

11. 2.
    ؔ࿈ݚڀͷ՝୊
    

    View Slide

12. • FastContainer ※1͸HTTPϦΫΤετʹԠͯ͡൓Ԡత͔ͭߴ଎ʹΠϯελϯε
    ͷঢ়ଶʢىಈɺఀࢭɺҠಈɺෳ੡ɺϦιʔε૿ݮ౳ʣΛܾఆ
    
    
    • αʔϏεར༻ऀ͸Wordpressͱ͔WebΞϓϦΛී௨ʹ࢖͏Α͏ͳ࢖͍ํ
    
    
    • ΞΫηε਺ʹԠͨ͡ϦΞΫςΟϒͳεέʔϦϯάॲཧ͕Մೳ
    
    
    • Ϋϥ΢υαʔϏεج൫͸༧ΊΠϯελϯεΛىಈͤͯ͞ϦΫΤετΛॲཧ
    
    
    • ΞΫηεूத࣌͸༧ଌత͔ͭϓϩΞΫςΟϒͳεέʔϦϯάॲཧ͕ඞཁ
    12
    FastContainerͱΫϥ΢υαʔϏεج൫ͷಛ௃
    ˞3ZPTVLF.BUTVNPUP 6DIJP,POEP ,FOUBSP,VSJCBZBTIJ 'BTU$POUBJOFS")PNFPTUBUJD4ZTUFN"SDIJUFDUVSF)JHITQFFE"EBQUJOH&YFDVUJPO
    &OWJSPONFOU$IBOHFT 5IFSE"OOVBM*&&&*OUFSOBUJPOBM$PNQVUFST 4PGUXBSF BOE"QQMJDBUJPOT$POGFSFODF $0.14"$
    +VMZ
    

    View Slide

13. 1. WordPressͷΑ͏ͳҰൠతͳWebΞϓϦέʔγϣϯΛར༻Մೳ
    
    
    2. Πϯελϯε΍ίϯςφͷऩ༰αʔόͷো֐࣌ʹHTTPλΠϜΞ΢τ͕ੜ͡ͳ
    ͍ϨϕϧͰαʔϏεΛܧଓͰ͖Δఔ౓ͷՄ༻ੑΛ૝ఆ
    13
    ຊݚڀʹ͓͚ΔԾ૝Խج൫ͱՄ༻ੑͷલఏ
    

    View Slide

14. • ༷ʑͳWebΞϓϦέʔγϣϯ͕ར༻Մೳ
    
    
    • IaaS΍PaaSΛར༻ͨ͠Πϯελϯε୯ҐͰͷߏங͓ΑͼՄ༻ੑ୲อ͕Ұൠత
    
    
    • ຊݚڀͷՄ༻ੑ͕લఏͷ৔߹ɺෳ਺ऩ༰αʔόʹͦΕͧΕΠϯελϯεΛϗο
    τελϯόΠํࣜʢىಈࡁΈͷ଴ػΠϯελϯεʣͰ଴ػ͢Δ͜ͱͰ࣮ݱ
    
    
    • ऩ༰αʔόఀࢭ࣌ʹ΋ଈ࣌αʔϏεΛܧଓ͢ΔͨΊ
    
    
    • ෳ਺Πϯελϯεͷىಈ͕લఏͱͳΓϦιʔε઎༗ͷίετ͕૿େ
    
    
    • ϦΞΫςΟϒʹՄ༻ੑΛ୲อ͢Δʹ͸ϨεϙϯελΠϜ΁ͷӨڹ͕େ͖͍
    14
    FastContainer΍Ϋϥ΢υج൫ͷՄ༻ੑ
    

    View Slide

15. 4UPSBHF
    $MJFOU
    4FSWFS
    JOTUBODF"
    JOTUBODF#
    JOTUBODF$
    4FSWFS
    JOTUBODF"
    'BTU$POUBJOFS΍Ϋϥ΢υج൫ͷՄ༻ੑ
    )551ϦΫΤετ
    4UPSBHF
    $MJFOU
    4FSWFS
    JOTUBODF"
    JOTUBODF#
    JOTUBODF$
    4FSWFS
    JOTUBODF"
    )551ϦΫΤετ
    ✗
    15
    αʔόো֐
    

    View Slide

16. 3.
    ఏҊख๏
    

    View Slide

17. 1. Πϯελϯε্ͰWordPressͷΑ͏ͳҰൠతͳWebΞϓϦ͕ಈ࡞Մೳ
    
    
    2. ୯ҰΠϯελϯεͰ΋ऩ༰αʔόো֐࣌ʹ͸ผαʔό΁ࣗಈతʹ࠶഑ஔՄೳ
    
    
    3. Πϯελϯεͷ࠶഑ஔͷ࣮ߦ࣌Ͱ͋ͬͯ΋਺ඵͷ஗ԆͰHTTPλΠϜΞ΢τ͢
    Δ͜ͱͳ͘ΦϯϥΠϯͰϨεϙϯεΛૹ৴Մೳ
    17
    ఏҊख๏: ϦΫΤετ୯Ґ ͰͷΠϯελϯε࠶഑ஔ
    

    View Slide

18. 18
    4UPSBHF
    $MJFOU
    4FSWFS
    JOTUBODF"
    JOTUBODF#
    JOTUBODF$
    4FSWFS
    ఏҊख๏ʴ'BTU$POUBJOFSͷՄ༻ੑ
    )551ϦΫΤετ
    4UPSBHF
    $MJFOU
    4FSWFS
    JOTUBODF"
    JOTUBODF#
    JOTUBODF$
    4FSWFS
    )551ϦΫΤετ
    JOTUBODF"
    ✗൓Ԡతʹ
    ࠶഑ஔ
    αʔόো֐
    

    View Slide

19. ཁૉٕज़1: ngx_mruby
    

    εΫϦϓτݴޠͱϊϯϒϩοΩϯάI/O
    4QFDJBM5IBOLT,B[VIJLP:BNBTIJUB!QZBNB
    

    View Slide

20. HTTP FastContainerͷجຊϑϩʔ
    20
    8FC1SPYZ
    ʢOHY@NSVCZ
    
    $.%#
    ʴ
    "1*
    8FC%JTQBUDIFS
    OHY@NSVCZ
    
    $MJFOU ίϯςφ
    ίϯςφ
    ίϯςφ
    w )551ϦΫΤετͷ)PTUOBNF
    ΛΩʔʹɺ$.%# ߏ੒؅ཧ%#
    
    ͔Βίϯςφͷ৘ใΛऔಘ
    )551 4
    
    ϦΫΤετ
    w ίϯςφͷ*1ͱϙʔτʹج͍
    ͯίϯςφʹϓϩΩγ
    w ίϯςφ͕-JTUFO͍ͯ͠ͳ͍
    ৔߹͸$.%#͔Βίϯςφ
    ৘ใΛಘͯىಈ
    $POUBJOFS&OHJOF
    IBDPOJXB
    
    ऩ༰ϗετ"
    

    View Slide

21. blocking each request with mruby
    21
    SFRVFTU NSVCZ
    NSVCZ
    SFTQPOTF
    SFRVFTU
    SFRVFTU SFTQPOTF
    SFTQPOTF
    NSVCZ
    TFOESFTQPOTF
    SFDWSFRVFTU
    BUUIFTBNFUJNF
    Other responses are delayed in proportion to the time of processing of mruby blocking
    OPOCMPDLJOHNJEEMFXBSFMJLFOHJOYJOTJOHMFQSPDFTT
    

    View Slide

22. 22
    

    View Slide

23. non-blocking each request with mruby
    23
    SFRVFTU SFTQPOTF
    SFRVFTU
    SFRVFTU SFTQPOTF
    SFTQPOTF
    TFOESFTQPOTF
    SFDWSFRVFTU
    BUUIFTBNFUJNF
    CMPDLJOH
    PQFSBJUPO
    NSVCZ
    CMPDLJOH
    PQFSBJUPO
    NSVCZ
    NSVCZ
    CMPDLJOH
    PQFSBJUPO
    OPOCMPDLJOHNJEEMFXBSFMJLFOHJOYJOTJOHMFQSPDFTT
    

    View Slide

24. 24
    

    View Slide

25. ৄ͘͠͸RubyKaigiͷεϥΠυ΁
    25
    %FTJHOQBUUFSOGPSFNCFEEJOHNSVCZJOUPNJEEMFXBSF
    Edit deck
    IUUQTTQFBLFSEFDLDPNNBUTVNPUP@SEFTJHOQBUUFSOGPSFNCFEEJOHNSVCZJOUPNJEEMFXBSF TMJEF
    

    View Slide

26. ϊϯϒϩοΩϯάରԠͷϒϩά΋
    26
    OHY@NSVCZWͷ)551ΫϥΠΞϯτΛWΑΓ΋࠷େഒߴ଎ʹͨ͠
    IUUQTICNBUTVNPUPSKQFOUSZ
    

    View Slide

27. ཁૉٕज़2: mruby-fast-remote-check
    
    
    ύέοτͷεϦʔγΣΠΫϋϯυ΢ΣΠΫͷ؍࡯
    

    View Slide

28. 1. Proxy͔Βऩ༰αʔόʹICMP/TCPͰ࠷௿ݶͷύέοτͰԠ౴଎౓Λଌఆ
    
    
    2. Ԡ౴଎౓͕ᮢ஋Λ௒͍͑ͯͨΒผͷऩ༰αʔό΁࠶഑ஔ
    
    
    3. ίϯςφىಈ࣌͸ɺىಈ׬ྃ௚લͷঢ়ଶͷϓϩηεΠϝʔδ͔Β෮ݩ
    
    
    → ඇৗʹγϯϓϧͳํࣜͰߴ଎ͳ࠶഑ஔΛ࣮ݱՄೳ
    
    
    → ୯ҰͷίϯςφͰ࣮༻తͳՄ༻ੑΛ୲อՄೳʢϦιʔείετͷ࡟ݮʣ
    28
    ߴ଎ͳऩ༰ϗετͷࢮ׆؂ࢹͱ࠶഑ஔ
    

    View Slide

29. )PTU04
    8FC1SPYZ
    $.%#"1*
    $POUBJOFS
    %JTQBUDIFS
    $POUBJOFS
    )PTU04
    $POUBJOFS
    %JTQBUDIFS
    $POUBJOFS
    $MJFOU
    )551
    *$.1
    )551
    )551
    )551
    *$.1PS5$1
    

    View Slide

30. )PTU04
    8FC1SPYZ
    $.%#"1*
    $POUBJOFS
    %JTQBUDIFS
    $POUBJOFS
    )PTU04
    $POUBJOFS
    %JTQBUDIFS
    $POUBJOFS
    $MJFOU
    )551 *$.1PS5$1
    *$.1PS5$1
    )551
    )551
    )551
    ✗
    ࠷ॳͷ࠶഑ஔ࣌͸ίϯςφͷىಈ͕ඞཁͰ͋Δ͕ɺ
    ىಈޙ͸Ұఆظؒىಈ͠ଓ͚Δɻ
    

    View Slide

31. • ICMP/TCPͰᮢ஋νΣοΫ͕Ұ࣌తʹޡݕ஌ͯ͠΋Өڹ͕গͳ͍
    
    
    • TCPͷ৔߹͸ࣗ࡞TCPελοΫͰԟ෮3ύέοτͰνΣοΫ[3][4]
    
    
    • FastContainerͳͷͰޡݕ஌ͷ࠶഑ஔ͕ੜͯ͡΋αʔϏε͕ܧଓ͞ΕΔ
    
    
    • ޡݕ஌Ͱଞαʔόʹىಈͯ͠͠·ͬͯ΋Ұఆ࣌ؒىಈͨ͠Βఀࢭ͢Δ
    
    
    • ݩαʔόʹ࠶഑ஔ͞ΕͯCMDB্͸ݩαʔόͷΈʹϦΫΤετ͕ྲྀΕΔ
    
    
    • Ԡ౴࣌ؒͷᮢ஋΍λΠϜΞ΢τΛΪϦΪϦ·ͰνϡʔχϯάՄೳ
    31
    ఏҊख๏ͷϙΠϯτʢICMP/TCP؂ࢹʣ
    <>NBUTVNPUPSZ NSVCZGBTUSFNPUFDIFDL IUUQTHJUIVCDPNNBUTVNPUPSZNSVCZGBTUSFNPUFDIFDL
    <>-JOVYΧʔωϧͷ5$1ελοΫͱγεςϜίʔϧͷ૊Έ߹ΘͤʹΑΔख๏ΑΓ΋ߴ଎ʹϙʔτͷ-JTUFOνΣοΫΛ
    ߦ͏ IUUQTICNBUTVNPUPSKQFOUSZ
    

    View Slide

32. ৄ͘͠͸ϒϩά΁
    32
    -JOVYΧʔωϧͷ5$1ελοΫͱγεςϜίʔϧͷ૊Έ߹ΘͤʹΑΔख๏ΑΓ΋ߴ଎ʹϙʔτͷ-JTUFOνΣοΫΛߦ͏
    IUUQTICNBUTVNPUPSKQFOUSZ
    

    View Slide

33. ཁૉٕज़3: CRIU
    
    
    ϓϩηεΠϝʔδͷμϯϓͱϦετΞ
    4QFDJBM5IBOLT6DIJP,POEP!VE[VSB
    

    View Slide

34. • ίϯςφ಺ͷWebαʔόϓϩηεΛىಈ׬ྃ௚લͰΠϝʔδԽ(Checkpoint)
    
    
    • ఆظతʹඇಉظͰϓϩηεͷىಈ׬ྃ௚લΠϝʔδΛ࡞੒͓ͯ͘͠
    
    
    • ϦΫΤετड৴࣌ʹΠϝʔδΛϓϩηεʹ෮ݩ(Restore)
    
    
    • αʔόϓϩηεͷॳظԽॲཧΛεΩοϓ
    
    
    • ىಈʹ࣌ؒͷ͔͔ΔΞϓϦέʔγϣϯαʔό౳ʹ༗ར
    
    
    • Ruby on RailsɼDjangoͳͲ
    34
    ఏҊख๏ͷϙΠϯτʢCheckpoint/Restoreʣ
    

    View Slide

35. • https://github.com/matsumotory/mruby-criu
    
    
    • εςʔτΛ࣋ͨͳ͍Χ΢ϯλʔεΫϦϓτΛkill͔ͯ͠Βrestore͢Δ
    
    
    • ࠷ॳ͔Β࣮ߦ͢ΔͷͰ͸ͳ͘ɺऴΘͬͨϓϩηεͷঢ়ଶ͔Βىಈ͢Δ
    
    
    • 1.2.3….(dump)….(kill)….(restore)…4.5.6…..
    35
    ৄ͘͠͸GitHub΁
    

    View Slide

36. ཁૉٕज़4: seccomp
    
    
    γεςϜίʔϧͷϑοΫ
    4QFDJBM5IBOLT6DIJP,POEP!VE[VSB
    

    View Slide

37. • αʔόϓϩηεͷىಈ௚ޙΛίϯςφϥϯλΠϜͰϑοΫͯ͠Checkpoint
    
    
    • ࢀߟ: seccompͰγεςϜίʔϧΛ؂ࢹ͠ptraceͰҰ࣌ఀࢭ͔ͯ͠ΒCRIUͰ
    CheckpointʹΑΔΠϝʔδԽͱ͍͏ํ๏΋͋Δ
    
    
    • CRIUͷதͰseccompΛ࢖͓ͬͯΓύον͕ඞཁͰ൚༻ੑʹ͔͚Δ
    
    
    • seccompͷϓϩηεఀࢭʹ͸CRIUͷػೳΛ࢖͍ͬͯΔͳͲ
    
    
    • seccomp࣮ߦޙʹݖݶΛམͱ͍ͯ͠ΔͨΊseccomp͕࢖͑ͳ͍ͳͲ
    37
    CRIU+seccompʹΑΔFastContainerͷىಈ
    04ϨΠϠͰ8FCαʔό͕ىಈ࣌ʹ࣮ߦ͢ΔγεςϜίʔϧΛ؂ࢹ͠ىಈ׬ྃ௚લͷϓϩηεΛΠϝʔδԽ͢Δ
    IUUQTICNBUTVNPUPSKQFOUSZ
    

    View Slide

38. • Webαʔόιϑτ΢ΣΞͷىಈॲཧ׬ྃͰɺ͔ͭωοτϫʔΫ͕Listen͍ͯ͠ͳ͍
    ঢ়ଶͷϓϩηεΛΠϝʔδԽ͢Δ͜ͱΛ໨ࢦ͢
    
    
    • seccompͰ؂ࢹ͢ΔγεςϜίʔϧlisten()Λઃఆ͠ɺΠϝʔδԽ͍ͨ͠αʔόϓϩ
    ηεΛfork()͔ͯ͠Βexecv()
    
    
    • ਌ϓϩηε͔Βର৅ͷαʔόϓϩηεͷseccompΠϕϯτΛptrace()Ͱ؂ࢹ͠ɺ
    Listen()࣮ߦલʹΠϕϯτ͕ൃੜ
    
    
    • Πϕϯτൃੜ࣌ʹϓϩηεΛCRIUͰΠϝʔδԽͯ͠อଘ
    38
    γεςϜίʔϧΛ؂ࢹͯ͠௚લͰΠϝʔδԽ
    04ϨΠϠͰ8FCαʔό͕ىಈ࣌ʹ࣮ߦ͢ΔγεςϜίʔϧΛ؂ࢹ͠ىಈ׬ྃ௚લͷϓϩηεΛΠϝʔδԽ͢Δ
    IUUQTICNBUTVNPUPSKQFOUSZ
    

    View Slide

39. αʔόϓϩηεͷCheckpoint/Restoreͷ࣮૷
    39
    SFGl04ϨΠϠͰ8FCαʔό͕ىಈ࣌ʹ࣮ߦ͢ΔγεςϜίʔϧΛ؂ࢹ͠ىಈ׬ྃ௚લͷϓϩηεΛΠϝʔδԽ͢ΔlIUUQ
    ICNBUTVNPUPSKQFOUSZ
    

    View Slide

40. 4.
    ࣮ݧͱߟ࡯
    

    View Slide

41. FastContainerͷγεςϜߏ੒
    41
    

    View Slide

42. 42
    

    View Slide

43. • ༧උ࣮ݧ: CRIUͱCheckpoint/Restore͢ΔϓϩηεͷϝϞϦαΠζͱͷؔ܎
    
    
    • ୅දతͳΞϓϦέʔγϣϯΛ࢖ͬͨίϯςφ࠶഑ஔ࣌ͷϨεϙϯελΠϜ
    
    
    • Apache 2.4.18ɼPHP 7.3.0ɼWordpress 5.0.3ʢσϑΥϧτϖʔδʣ
    
    
    • Python 3.7.1ɼDjango 2.1.4ɼgunicorn 19.9.0※1
    
    
    • Ruby 2.5.1ɼRails 5.2.1ɼPuma 3.12.0※2
    43
    ࣮ݧ಺༰
    ˞IUUQTNDMPMJQPQ[FOEFTLDPNIDKBBSUJDMFT
    ˞IUUQTHJUIVCDPNFWFSZMFBGFMUSBJOJO
    ݱ࣮తͳن໛ʢݸਓάϧʔϓ಺Ͱͷར༻ͷΞϓϦέʔγϣϯఔ౓ʣͰ%#Λར༻ͨ͠΋ͷΛ࠾
    

    View Slide

44. • ComputeͰWebαʔόͷCheckpoint/Restoreͷ଎౓Λܭଌ
    
    
    • mruby-simplehttpserver※1ͰWebαʔόΛىಈͤ͞setsockopt()Λ؂ࢹ
    
    
    • setsockopt()࣮ߦલʹCheckpoint
    
    
    • setsockopt()࣮ߦલʹϝϞϦΛ֬อͯ͠ɺϝϞϦαΠζʹԠͯ͡
    Checkpoint/Restoreͷ଎౓ͷมԽΛܭଌ
    44
    ༧උ࣮ݧɿϓϩηεͷΠϝʔδԽͷ࣮ݧ
    ˞NBUTVNPUPSZNSVCZTJNQMFIUUQTFSWFS IUUQTHJUIVCDPNNBUTVNPUPSZNSVCZTJNQMFIUUQTFSWFS
    

    View Slide

45. αʔόϓϩηεͷΠϝʔδԽ(Checkpoint/Restore)
    45
    $IFDLQPJOU3FTUPSF1SPDFTTJOH5JNFEVFUP.FNPSZ6TBHF
    1SPDFTTJOHUJNF
    
    
    
    
    
    
    
    
    
    
    
    .FNPSZVTBHFQFSQSPDFTT<.#>
    
    $IFDLQPJOU 3FTUPSF
    ୯ҰͷαʔόϓϩηεͷϝϞϦ࢖༻ྔʹԠͨ͡$IFDLQPJOU3FTUPSFʹඞཁ
    

    View Slide

46. • ComputeͰApache httpdͷϓϩηε਺ΛมԽ
    
    
    • HTTPϦΫΤετΛܖػʹApache httpdΛىಈͤͯ͞ϨεϙϯεΛฦ͢
    
    
    • ਺ेόΠτͷ੩తͳindex.htmlʹର͢ΔϦΫΤετ
    
    
    • CRIUΛ࢖͏৔߹
    
    
    • CRIUΛ࢖Θͳ͍৔߹
    46
    ༧උ࣮ݧ2ɿϓϩηε਺ͱCRIUͷؔ܎
    

    View Slide

47. Apacheͷworker਺ͱCRIUͷؔ܎
    47
    )PUTUBSU͸શͯͷ8PSLFSϓϩηε
    ͷىಈ׬ྃΛ଴ͨͣʹɼͭͰ΋
    XPSLFSϓϩηε͕ىಈ͢Ε͹Ϩεϙ
    ϯεΛฦ͢͜ͱ͕Ͱ͖ΔͨΊҰఆɽ
    $3*6͔Βͷىಈ͸8PSLFSϓϩηε
    ΛશͯΠϝʔδ͔͢ΔͨΊɼશ͕ͯ
    3FTUPSF͞Ε͔ͯΒϨεϙϯεΛฦ͢
    ͨΊ୯ௐ૿Ճɽ
    

    View Slide

48. • Apache 2.4.18ɼPHP 7.3.0ɼWordpress 5.0.3
    
    
    • ϓϩηε਺͸3ɼ୯ҰͷϓϩηεͷϝϞϦαΠζ(RSS)͸35MBytes
    
    
    • Python 3.7.1ɼDjango 2.1.4ɼgunicorn 19.9.0 ※1
    
    
    • ϓϩηε਺2ɼεϨου਺2ɼ୯ҰͷϓϩηεͷRSS͸33MBytes
    
    
    • Ruby 2.5.1ɼRails 5.2.1ɼPuma 3.12.0 ※2
    
    
    • ϓϩηε਺2ɼεϨου਺14ɼ୯ҰͷϓϩηεͷRSS͸89MBytes
    
    
    • gemΛࣄલίϯύΠϧ͓ͯ͘͠bootsnapͱ΋ൺֱ
    48
    ίϯςφ࠶഑ஔ࣌ͷϨεϙϯελΠϜ
    

    View Slide

49. WordPress on Apache httpd
    49
    BCίϚϯυͰಉ࣌઀ଓ਺ͷϕϯνϚʔΫΛ͔͚ͳ͕Β
    ऩ༰ϗετΛJQBUBCMFTͰԾ૝తʹμ΢ϯͤͯ͞ɼผͷऩ༰αʔόʹ࠶഑ஔΛڧ੍తʹൃੜͤͨ͞
    

    View Slide

50. Django
    50
    IUUQTNDMPMJQPQ[FOEFTLDPNIDKBBSUJDMFT
    ݱ࣮తͳن໛ʢݸਓάϧʔϓ಺Ͱͷར༻ͷΞϓϦέʔγϣϯఔ౓ʣͰ%#Λར༻ͨ͠΋ͷΛ࠾༻
    

    View Slide

51. Ruby on Rails
    51
    IUUQTHJUIVCDPNFWFSZMFBGFMUSBJOJO
    ݱ࣮తͳن໛ʢݸਓάϧʔϓ಺Ͱͷར༻ͷΞϓϦέʔγϣϯఔ౓ʣͰ%#Λར༻ͨ͠΋ͷΛ࠾༻
    

    View Slide

52. 5.
    ·ͱΊ
    

    View Slide

53. • ୯ҰΠϯελϯεͰՄ༻ੑΛ୲อ͢Δߴ଎ͳεέδϡʔϦϯάख๏ΛఏҊ
    
    
    • ෳ਺ΠϯελϯεΛඞཁͱ͠ͳ͍ͨΊϦιʔείετ͕௿͍
    
    
    • ࣮ݧ͔Βݱ࣌఺Ͱ΋࣮༻ՄೳͳϨϕϧͷ࠶഑ஔͷੑೳ͕ಘΒΕͨ
    
    
    • ϓϩμΫγϣϯ؀ڥͰԠ༻
    
    
    • ϗετো֐࣌Ͱ͋ͬͯ΋Ϣʔβ͕ؾ͔ͮͳ͍ϨϕϧͰͷՄ༻ੑ
    
    
    • ΦʔτεέʔϦϯά࣌ʹ΋γʔϜϨεʹίϯςφΛ૿΍ͯ͠ෛՙରࡦՄೳʹ
    
    
    • ΞΫηε܏޲ͱϦιʔεׂΓ౰͕ͯਖ਼֬ʹ௥ਵՄೳʹ
    
    
    • εέʔϦϯά΍ϋʔυ΢ΣΞϓʔϧͷϦιʔεׂΓ౰ͯ΋࠷దԽ
    53
    ·ͱΊ
    

    View Slide

54. • ݚڀ։ൃ͸ཁૉٕज़ͷධՁ͢Βඞཁͳ৔໘͕ଟ͍
    
    
    • ཁૉٕज़ͷ࣮૷͚ͩͰͳ༷͘ʑͳ؀ڥͰͷධՁΛߦ͏
    
    
    • ࣗવͱৄ͘͠ͳ͍ͬͯ͘
    
    
    • ࠓճͷΑ͏ʹҰͭͷݚڀͰ΋୔ࢁͷཁૉٕज़Λ஌Γɺָ͘͠ͳΔ
    
    
    • ૊ΈࠐΈεΫϦϓτݴޠ಺෦ɺϛυϧ΢ΣΞ಺෦ɺϊϯϒϩοΫI/Oɺύ
    έοτɺCIRUɺseccompɺptrace
    
    
    • ઐ໳Ոʹͳͬͨؾ෼ʂʂʂʂ
    54
    ·ͱΊ
    

    View Slide

55. 55
    CRIUެࣜʹ΋࿦จΛࡌͤͯ΋Β͑Δ
    IUUQTXXXDSJVPSH"SUJDMFT
    

    View Slide

56. • ࠷ॳͷWWW2020ʹఏग़ͯ͠Reject͞Εͨཧ༝
    
    
    • ݚڀͷཱͪҐஔ͕ෆ໌֬ɺ৽نੑ͕͍·͍ͪΑ͘Θ͔Βͳ͍
    
    
    • ຊݚڀͷཱͪҐஔ΍લఏͷ໌֬Խ
    
    
    • ൺֱ͢΂͖ؔ࿈ݚڀ͕ෆ໌ྎ
    
    
    • ຊݚڀͱൺֱ͢΂͖ؔ࿈ݚڀΛॆ࣮ͤͯࠩ͞෼Λ໌֬Խ
    
    
    ڭ܇: ΠϯλʔωοτɾWebٕज़෼໺Ͱ͸ൃද࿦จ΍OSSͷ਺΍ٕज़ͷมԽ଎౓
    ͕ඇৗʹ଎͍ͨΊɺݚڀͷείʔϓͱ࠷৽ͷ՝୊Λ໌֬ʹ্ͨ͠Ͱࠩ෼Λ͔ͬ͠
    Γͱࣔ͠ɺͦͷ՝୊͕ݱ࣮తʹͲΕ΄Ͳҙ͕ٛ͋Δ͜ͱͳͷ͔Λࣔ͢͜ͱ͕େࣄ
    56
    Accept·Ͱͷաఔ
    

    View Slide