Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Compare OCI Runtimes
Search
Gosuke Miyashita
March 22, 2019
Technology
1.7k
2
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Compare OCI Runtimes
Gosuke Miyashita
March 22, 2019
More Decks by Gosuke Miyashita
See All by Gosuke Miyashita
なぜインフラコードのモジュール化は難しいのか - アプリケーションコードとの本質的な違いから考える
mizzy
71
37k
Serverspec(をつくった自分)のそれまでとその後
mizzy
9
3.3k
A method for separating policy definition and behavior control by an intermediate language to achieve optimal server configuration management according to the situation
mizzy
3
310
Past and future of Infrastructure as Code
mizzy
0
370
Configuration Managementツールのポリシー定義用中間言語に関する考察/Considerations about an intermediate language of configuration management tools
mizzy
0
530
Infrastructure as Codeのこれまでとこれから/Infra Study Meetup #1
mizzy
28
13k
エンジニアかつ研究者としての今後のキャリアについて/My Career As An Engineer And A Researcher
mizzy
0
460
Serverspec and OSS at IEICE Society Conference 2018
mizzy
2
380
House Meetup
mizzy
7
3.6k
Other Decks in Technology
See All in Technology
しくみを学んで使いこなそう GitHub Copilot app
torumakabe
2
230
SRE Lounge Hiroshimaへの招待
grimoh
0
640
証券システムを10年Scalaで作り続けるということ - 関数型まつり2026
krrrr38
3
840
End-to-Endで考える信頼性 —LINEアプリにおけるクライアント開発×SRE連携の実践
maruloop
4
4.1k
クラウド上のデータ復旧で見落としがちな制約: 医療系 SaaS の BCP 設計から得た教訓
kakehashi
PRO
0
3.4k
世界、断片、モデル。そして理解
ardbeg1958
1
110
AI時代の EM への処方箋
staka121
PRO
0
130
Genie Ontologyは銀の弾丸かを考える / Is Genie Ontology a Silver Bullet?
nttcom
0
240
Compose 新機能総まとめ / What's New in Jetpack Compose
yanzm
0
160
完全自律ロボットを作りたくて、先に開発を自律させた話(ROS Japan UG #63 LT)
rryz09
0
490
Control Planeで育てるBtoB SaaSの認証基盤 - SRE NEXT 2026
pokohide
1
2.3k
AI時代のエンジニアキャリアについて今一度考える
sakamoto_582
2
1.5k
Featured
See All Featured
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
baasie
0
450
BBQ
matthewcrist
89
10k
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
inesmontani
PRO
3
3.6k
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
uxyall
0
340
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.4k
Principles of Awesome APIs and How to Build Them.
keavy
128
18k
Highjacked: Video Game Concept Design
rkendrick25
PRO
1
410
Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)
konakalab
0
490
Everyday Curiosity
cassininazir
0
250
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
190
Primal Persuasion: How to Engage the Brain for Learning That Lasts
tmiket
0
390
Transcript
͘͞ΒΠϯλʔωοτגࣜձࣾ (C) Copyright 1996-2019 SAKURA Internet Inc ͘͞ΒΠϯλʔωοτݚڀॴ OCIϥϯλΠϜൺֱͷͨΊʹ ͍ͬͯΔ͜ͱ͋Ε͜Ε
2019/03/22 ٬һݚڀһ ٶԼ ߶ี runc, gVisor, Kata Containers Nabla Containers, Firecrackerൺֱ
1. ͡Ίʹ
3 ɾݱࡏOCIϥϯλΠϜͷൺֱʹऔΓΜͰ͍Δ ɾൺֱ߲ɺىಈ࣌ؒɺϝϞϦαΠζɺύϑΥʔϚϯεͳͲ ɾϥϯλΠϜຖʹบ͕͋Γɺಉ݅͡Ͱൺֱ͢Δͷ͕؆୯Ͱͳ͍ ɾ۩ମతʹͬͨ͜ͱɺͱ͘ʹ·ͬͨ͜ͱڞ༗͍ͨ͠ ɾܭଌ݁Ռͷڞ༗͜ͷൃදͷతͰͳ͍ ɾݱࡏͷܭଌ݁Ռʹ͍ͭͯmatsumotory͞ΜͷεϥΠυࢀর ɾhttps://speakerdeck.com/matsumoto_r/chao-ge-ti-xing- detasentaostoocirantaimu ͓͢͠Δ༰
1. ܭଌ४උͰ·ͬͨ͜ͱ
ίϯςφͰಈ͔͢όΠφϦ࡞
6 ɾൺֱ݅Λἧ͑ΔͷͱɺϥϯλΠϜͦͷͷͷੑ࣭Λଌఆ͍ͨ͠ͷ Ͱɺ୯७ͳϓϩάϥϜΛ༻ҙ ɾhello.c ɾHelloͱදࣔ͢Δ͚ͩͷϓϩάϥϜ ɾىಈ࣌ؒଌఆ༻ ɾloop.c ɾແݶϧʔϓ͢ΔϓϩάϥϜ ɾϝϞϦαΠζଌఆ༻ ίϯςφͰಈ͔͢όΠφϦ
7 hello.c #include <stdio.h> void main() { printf("Hello\n"); }
8 loop.c #include <stdio.h> void main() { int i =
0; while(1) { printf("%d\n", i++); } }
9 ɾNabla ContainersϥΠϒϥϦOSʢϢχΧʔωϧʣܕΞϓϩʔνͷ ϥϯλΠϜ ɾ࣮ߦόΠφϦͱΧʔωϧ͕ҰମԽ ɾͳͷͰNabla Containers༻όΠφϦผʹ༻ҙ͢Δඞཁ͕͋Δ ɾx86_64-rumprun-netbsd-gcc -o hello.out
hello.c ɾrumprun-bake solo5_ukvm_seccomp hello.nabla hello.out ɾ৽͠ͷϦϏδϣϯͩͱsolo5_ukvm_seccompͰͳ͘spt Nabla Containers༻όΠφϦ
10 ɾnabla-containers/solo5ΛίϯύΠϧͯ͠Ͱ͖ͨsolo5.oΛ/usr/lib/ libsolo5_seccomp.aʹίϐʔ ɾnabla-containers/runnc ϦϏδϣϯb78fe29Λར༻ ɾnabla-containers/rumprunϦϏδϣϯ8b01b3Λར༻ ɾߋʹҎԼͷύονΛ͋ͯΔ ɾhttps://github.com/rumpkernel/rumprun/issues/122 ɾhttps://github.com/rumpkernel/rumprun/pull/118 Nabla༻όΠφϦͷϏϧυ
11 ɾrumprun-bakeίϚϯυʹύον ɾ࠷ޙʹ࣮ߦͯ͠ΔίϚϯυʹ-L/usr/libΛՃ ɾhttps://blog.cloudkernels.net/posts/build-a-nabla-docker-image/ ɾ͜ͷखॱʹ͕ͨͬͯ͠࠷৽ͷϦϏδϣϯͰϏϧυͯ͠͏·͘ಈ͔ ͳ͔ͬͨ ɾSolo5: ABORT: spt/net.c:36: Assertion
`netfd >= 0' failed Nabla༻όΠφϦͷϏϧυʢ͖ͭͮʣ
Kata Containersͷόʔδϣϯ
13 ɾhttps://github.com/kata-containers/documentation/blob/master/ install/ubuntu-installation-guide.md ɾܭଌ༻ϗετʹUbuntuΛར༻ͨ͠ͷͰ͜ͷखॱʹैͬͨ ɾhttp://download.opensuse.org/repositories/home:/ katacontainers:/releases:/${ARCH}:/master/xUbuntu_$ (lsb_release -rs)/ ͕aptϦϙδτϦͱͯ͠ઃఆ͞ΕΔ ɾ͕ɺ͜Εͩͱ1.6rc1͕Πϯετʔϧ͞Ε·ͱʹಈ͔ͳ͔ͬͨ
ɾs/master/stable-1.5/ Ͱղܾ Kata ContainersͷΠϯετʔϧ
1. ܭଌ࣌ʹ·ͬͨ͜ͱ
ϥϯλΠϜίϚϯυ࣮ߦͰͷܭଌ
16 ɾ༨ͳϨΠϠʔΛল͍ͯͳΔ͘ૉͷঢ়ଶͰͷܭଌ͕త ɾOCI Filesystem BundleΛ༻ҙ ɾdocker export `docker create mizzy/hello`
| tar -C bundle/rootfs - xvf - Ͱrootfsੜ ɾrunc specͰconfig.jsonੜ ϥϯλΠϜίϚϯυ࣮ߦͰͷܭଌ
17 ɾrunc, gVisor, Kata Containers, Nabla ContainersʹOCI Filesystem BundleΛ࣮ߦ͢ΔίϚϯυ͕͋Δ ɾFirecrackerʹ(·ͩ?)ଘࡏ͠ͳ͍ͬΆ͍
ɾͳͷͰFirecracker࣮ߦํࣜͰܭଌͰ͖ͳ͔ͬͨ ɾkata-fc͑Ͱ͖ͦ͏ʢະணखʣ ɾhttps://github.com/kata-containers/documentation/wiki/Initial- release-of-Kata-Containers-with-Firecracker-support OCI Filesystem Bundle࣮ߦίϚϯυ
18 ɾrunncଞͷίϚϯυͱҧ͍runαϒίϚϯυ͕ͳ͍ ɾcreateͯ͠start͢Δඞཁ͕͋Δ ɾtime runnc startͰܭଌ͠Α͏ͱ͢Δͱίϯςφ࣮ߦऴྃલʹtime ͷ݁Ռ͕ฦΔ → ྑ͍ܭଌํ๏ࡧத ɾconfig.jsonͷhooks.prestartͰωοτϫʔΫ·ΘΓͷઃఆΛߦ͏ඞ
ཁ͕͋Δ ɾhttps://github.com/nabla-containers/runnc/issues/53 ɾconfig.jsonͰࢦఆ͢Δroot.path͕૬ରύεͩͱಈ͔ͳ͍ Nabla Containersׂ͕ͱۂऀ
containerdͷctrίϚϯυͰͷܭଌ
20 ɾϥϯλΠϜίϚϯυ࣮ߦͰͯ͢ͷϥϯλΠϜΛܭଌͰ͖ͳ ͔ͬͨͷͰҧ͏ΞϓϩʔνͰܭଌ ɾ͜͜ͰNabla Containersͷนཱ͕͔ͪͩΔ ɾଞͷϥϯλΠϜShim API v2ʹରԠ͍ͯ͠Δ ɾctr run
—runtime=io.containerd.kata.v2 Έ͍ͨʹ࣮ߦͰ͖Δ ɾrunncShim API v2ʹରԠ͍ͯ͠ͳ͍ containerdͷctrίϚϯυͰͷܭଌ
21 ɾ/etc/containerd/config.toml ɾctr run --runtime io.containerd.runtime.v1.linux Ͱ࣮ߦ ผͷํ๏Ͱ࣮ߦΛࢼΈΔ [plugins] [plugins.linux]
shim = "containerd-shim" runtime = "/usr/local/bin/runnc"
22 ɾctr: OCI runtime create failed: runnc did not terminate
sucessfully: unknown ɾrunnc͕panic: Insufficient uniqueness in IDΛు͍ͯΔ ɾཁ͢Δʹίϯςφ໊͕͍ ɾϩάʹ͜Ε͕ݟ͋ͨΒͳ͍ͷͰΘ͔Γʹ͍͘ ɾERR: could not create tapabcdefg12345: no master interface: Link not found ɾίϯςφ໊Λ͘͢Δͱࠓ͜ͷΤϥʔ ɾ͜ΕҎ্·ͩௐࠪͰ͖͍ͯͳ͍ ࣮ߦ݁Ռ
dockerίϚϯυͰͷܭଌ
24 ɾϥϯλΠϜίϚϯυ࣮ߦͰͷܭଌɺctrίϚϯυͰͷܭଌɺͱ ʹͯ͢ͷϥϯλΠϜΛܭଌ͢Δ͜ͱ͕Ͱ͖ͳ͔ͬͨ ɾͷͰ࣍dockerίϚϯυͰτϥΠ dockerίϚϯυͰͷܭଌ
25 ɾFirecrackerͷಈ͔͠ํ͚ͩΘ͔ΒΜɺͱࢥͬͨΒudzura͞ΜʹΑΔ φΠεࢿྉ͕ ɾhttps://speakerdeck.com/udzura/firecracker-from-low-layer-to- hight?slide=14 ɾKata ContainersͰFirecrackerΛಈ͔͢kata-fcΛར༻ ɾhttps://github.com/kata-containers/documentation/wiki/Initial- release-of-Kata-Containers-with-Firecracker-support ɾDockerͷdevicemapperαϙʔτ͕ඞཁ͕ͩɺݱࡏ࠷৽ͷ18.09͕
devicemapperରԠ͍ͯ͠ͳ͍ͷͰɺ18.06Λར༻͢Δඞཁ͋Γ Docker + Firecraker
26 ɾ࠷ॳҙຯ͕Θ͔Βͳ͔ͬͨ ɾ͑ɺͲͬͪOCIϥϯλΠϜ͡Όͳ͍ͷʁ ɾFiracrackerϚΫϩͳࢹͰݟΔͱOCIϥϯλΠϜͱͯ͠ݟΔ͜ͱ Ͱ͖Δ͕ϛΫϩͳࢹͰݟΔͱVMM ɾKata ContainersVMͰίϯςφΛىಈ͢ΔΞϓϩʔνͷOCIϥ ϯλΠϜ ɾVMMͱͯ͠σϑΥϧτͰQEMUΛར༻͢Δ͕ࠩ͠ସ͑Մೳ ɾͭ·ΓKata
ConͷVMMΛFirecrackerʹࠩ͠ସ͑Δ͜ͱ͕Ͱ͖Δ Kata Containers + Firecracker?
ctrͱdockerͰFirecrackerͷ ىಈ͕࣌ؒఆͱҟͳΔ
28 ɾctr: real 0m6.320s ɾdocker: real 0m4.105s ɾdockerͷํ͕ɺdockerdΛܦ༝͢Δ͘ͳΓͦ͏ͳͷʹͳͥʁ ɾctrnaive snapshotterΛར༻
ɾdockerdevicemapperΛར༻ ɾctrͰdevmapper snapshotterΛར༻͢Εಉ݅͡ͰൺֱͰ͖ͦ͏ ɾ→ ະணख ctrͱdockerͰͷFirecrackerىಈ࣌ؒ
1. ίετ
30 ɾݕূڥΛVagrant+VirtualBoxͰߏங ɾKataͱFirecrackerKVM͕ඞཁ ɾVirtualBoxͰKVMಈ͔ͳ͍ ɾVMWare Fusion + Vagrant VMWare ProviderΛߪೖ
ɾVMWare Fusion: 9,925ԁ ɾVagrant VMWare Provider: $79 per seat ׂͱ͓͕͔͔ۚΔ (on macOS)
31 ɾVagrant + VMWare FusionͰmodprobe vhost_vsock͕Τϥʔʹ ͳͬͯ͠·͏ͷͰAWS EC2্Ͱݕূ ɾKVMΛಈ͔ͨ͢ΊʹϕΞϝλϧΠϯελϯε͕ඞཁ ɾi3.metalͰ4.992USD/࣌ؒ
ɾ1ͰBilling AlertඈΜͰདྷͨ ׂͱ͓͕͔͔ۚΔ (on AWS)
1. ࢀߟࢿྉ
33 ɾhttps://github.com/mizzy/container-playground ɾmeasurements/ ɾVagrant + VMWare FusionͰಈ͔ͯ͠Δͭ ɾcompare_on_i3_metal/ ɾVagrant +
AWS EC2 i3.metalΠϯελϯεͰಈ͔ͯ͠Δͭ ɾཧͰ͖ͯͳ͍͠ɺ௨͠Ͱvagrant provisionͯ͠ͳ͍ͷͰಈ͔ͳ ͍ͱ͜Ζ͋Γͦ͏ ɾࢼͯ͠ΈͯΘ͔Βͳ͍͜ͱ͕͋ΕԿͰฉ͍͍ͯͩ͘͞ ܭଌ༻ϦϙδτϦ
34 ɾࠓͷ͍Ζ͍ΖͳίϯςφϥϯλΠϜΛൺֱͯ͠Έͨ ɾhttps://www.slideshare.net/KoheiTokunaga/ss-123664087 ɾ֤छϥϯλΠϜͷಛൺֱͳͲͱͯࢀߟʹͳΔ ɾNabla ContainersΛಈ͔͢ʹ͋ͨͬͯͱͯࢀߟʹͳͬͨ ɾࢿྉͰܭଌʹkubernetes-sigs/cri-toolsΛར༻͍ͯ͠ΔͷͰ͜Ε ࢼͯ͠Έ͍ͨ ࢀߟࢿྉ