PFIセミナー資料 H27.10.22

●
●
● ✔
● ✔
● ✘
●
VM

●
●
●
● Docker
● Go
● 1 1
● LXC libcontainer
●
● root docker pull

● CentOS/Rocket
● Docker
●
● systemd-nspawn
● systemd
● Rocket
● MINCS
● shell script
●

●
●
●
●
●
●
●
●

●
●
●
●
●
●
●
●
●

●
●
●
●
●
$ ll /proc/$$/ns
0
lrwxrwxrwx. 1 takei takei 0 10 17 20:57 ipc -> ipc:[4026531839]
lrwxrwxrwx. 1 takei takei 0 10 17 20:57 mnt -> mnt:[4026531840]
lrwxrwxrwx. 1 takei takei 0 10 17 20:57 net -> net:[4026531992]
lrwxrwxrwx. 1 takei takei 0 10 17 20:57 pid -> pid:[4026531836]

●
●
$ readlink /proc/$$/ns/mnt # mount
mnt:[4026531840]
$ sudo unshare --mount /bin/bash # mount
# readlink /proc/$$/ns/mnt # mount
mnt:[4026532249]
# mkdir mnt; mount -t tmpfs tmpfs mnt
# mount #
# exit

●
●
●
$ mkdir src dest src/{master,slave}
# mount --bind src dest # src dest bind
# mount --make-slave dest # master slave
# mount -t tmpfs tmpfs src/master # (src)
# mount -t tmpfs tmpfs dest/slave # (dest)
$ mount
tmpfs on /home/alice/src/master type tmpfs (rw,relatime,seclabel)

●
●
$ sudo unshare --mount /bin/bash # mount
# mkdir mnt
# mount --make-private / #
# mount -t tmpfs tmpfs mnt
# mount --make-shared / #
# mount #
# exit
$ mount #

●
●
$ hostname
ip-172-31-13-102.ap-northeast-1.compute.internal
$ sudo unshare --uts
# hostname wonderland
# hostname
wonderland
# logout
$ hostname
ip-172-31-13-102.ap-northeast-1.compute.internal

●
●
●
$ sudo ip netns add test # test netns
$ sudo ip netns list #
test
$ sudo ip netns exec test /bin/bash # test
# readlink /proc/$$/ns/net # netns
net:[4026532219]
# ls -li /var/run/netns/test # /var/run/netns
4026532219 -r--r--r--. 1 root root 0 Oct 18 03:02 /run/netns/test
# ip addr # lo

●
●
$ sudo ip link add name master type veth peer name slave # veth
$ sudo ip addr #
6: slave: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 3a:64:e8:80:03:5f brd ff:ff:ff:ff:ff:ff
7: master: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 86:cf:cc:26:74:e4 brd ff:ff:ff:ff:ff:ff
$ sudo ip link set slave netns test # netns test
$ sudo ip addr #
7: master: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 86:cf:cc:26:74:e4 brd ff:ff:ff:ff:ff:ff
$ sudo ip netns exec test ip addr
6: slave: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 3a:64:e8:80:03:5f brd ff:ff:ff:ff:ff:ff

● eth (veth)
● 2. IP &
$ sudo ip addr add 192.168.50.101/24 dev master # master IP
$ sudo ip link set dev master up #
$ sudo ip netns exec test /bin/bash # bash
# ip addr add 192.168.50.102/24 dev slave # slave IP
# ip link set dev slave up #
# ping 192.168.50.101 -c1 #
PING 192.168.50.101 (192.168.50.101) 56(84) bytes of data.
64 bytes from 192.168.50.101: icmp_seq=1 ttl=64 time=0.047 ms
# exit
$ ping 192.168.50.102 -c1

net - : veth
● eth (veth)
● 3. IP &
$ sudo ip netns exec test /bin/bash
# ip route add default via 192.168.50.101 dev slave # default gw
# ip route
default via 192.168.50.101 dev slave
192.168.50.0/24 dev slave proto kernel scope link src 192.168.50.102
# exit
$ # IP
$ sudo iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o eth0 -j MASQUERADE
$ sudo ip netns exec test /bin/bash
# ping 8.8.8.8 -c1 #
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=55 time=2.18 ms

●
●
●
●
●
●
mkdir new-root
sudo yum -y --releasever=7Server --installroot=${PWD}/new-root install
@Core @Base redhat-release-server vim-enhanced

●
●
●
●
●
$ sudo unshare -m -p -f /bin/bash # pid/mnt
# mount --make-rprivate / # off
# mount -o loop /root.img /mnt/new-root/ # root
# cd /mnt/new-root/
# mkdir .old # root
# pivot_root . .old # pivot!

●
●
●
$ mkdir upper work #
$ sudo mount -t overlay
-o lowerdir=/,upperdir=upper,workdir=work overlayfs new-root
$ touch /home/alice/file1 new-root/home/alice/file2
$ ls -l new-root/home/alice/file* #
-rw-rw-r--. 1 alice alice 0 Oct 18 12:30 new-root/home/alice/file1
-rw-rw-r--. 1 alice alice 0 Oct 18 12:30 new-root/home/alice/file2
$ rm new-root/home/alice/file1 #
$ ll upper/home/alice/file* # upper

● Docker
● 1. loop back dm-thin pool
● /var/lib/docker/devicemapper/devicemapper/{,meta}data
$ sudo systemctl start docker # docker
$ losetup # loop pool
NAME SIZELIMIT OFFSET AUTOCLEAR RO BACK-FILE
/dev/loop0 0 0 1 0 /var/lib/docker/devicemapper/devicemapper/data
/dev/loop1 0 0 1 0 /var/lib/docker/devicemapper/devicemapper/metadata
$ sudo ls -hl /var/lib/docker/devicemapper/devicemapper/ # 100G 2G ( )
total 4.5G
-rw-------. 1 root root 100G Oct 19 04:54 data
-rw-------. 1 root root 2.0G Oct 19 04:56 metadata

●
●
●
●
$ sudo du -h /var/lib/docker/devicemapper/devicemapper/data
4.4G/var/lib/docker/devicemapper/devicemapper/data
$ sudo ls -lh /var/lib/docker/devicemapper/devicemapper/data
-rw-------. 1 root root 100G Oct 19 04:54 /var/lib/docker/devicemapper/devicemapper/data
$ fallocate -o 9223372036854775807 -l 1 huge # fallocate
$ ls -lh huge; du -h huge # 8EB( )!!
-rw-r--r--. 1 alice alice 8.0E Oct 19 05:10 huge

● 2.
● 10G (RHEL7 default)
$ docker run -d centos:centos7 /sbin/init #
$ docker ps # ID
CONTAINER ID IMAGE COMMAND ...
b90ed5b981ae centos:centos7 "/sbin/init" ...
$ lsblk #
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
xvda 202:0 0 30G 0 disk
─xvda1 202:1 0 1M 0 part
└─xvda2 202:2 0 30G 0 part /
loop0 7:0 0 100G 0 loop
└─docker-202:2-62765-pool 253:0 0 100G 0 dm
└─docker-202:2-62765-b90ed5b981ae9d06...ee67 253:1 0 10G 0 dm
loop1 7:1 0 2G 0 loop

●
$ # id
$ sudo jq . /var/lib/docker/repositories-devicemapper
{
"Repositories": {
"test": { "latest": "a02698bf3...e5c42b" }
},
"ConfirmDefPush": true
}
$ # dm-thin
$ sudo jq . /var/lib/docker/devicemapper/metadata/a02698bf3...e5c42b
{
"device_id": 352,
"size": 10737418240,
"transaction_id": 582,

●
$ # device_id size
$ sudo jq . /var/lib/docker/devicemapper/metadata/a02698bf...5c42b
... "device_id": 352, "size": 10737418240, ...
$ #
$ lsblk
loop0
└─docker-202:2-62765-pool
$ # dm
$ sudo dmsetup create dockervol
--table "0 $((10737418240 / 512)) thin /dev/mapper/docker-202:2-62765-pool 352"
$ # dm
$ ll /dev/mapper/dockervol
lrwxrwxrwx. 1 root root 7 Oct 19 06:10 /dev/mapper/dockervol -> ../dm-3

● ( ) docker
30
$ ll mnt/ #
total 24
-rw-------. 1 root root 64 Aug 26 23:08 id
drwx------. 2 root root 16384 Aug 26 22:58 lost+found
$ ll mnt/rootfs/ # docker (OS)
total 64
lrwxrwxrwx. 1 root root 7 Jun 18 08:34 bin -> usr/bin
drwxr-xr-x. 3 root root 4096 Oct 18 12:56 boot
:
$ sudo cat mnt/id # id id
f1b10cd842498c23d206ee0cbeaa9de8d2ae09ff3c7af2723a9e337a6965d639
$ docker history test:latest
IMAGE CREATED CREATED BY ...
a02698bf3120 17 hours ago /bin/sh -c yum install -y httpd
a6673f7926d7 7 weeks ago /bin/sh -c #(nop) MAINTAINER TAKEI Yuya <take

●
●
●
●
●
●
● TenForward - MINCS (1)
● http://d.hatena.ne.jp/defiant/20150701/1435749116
●
●
●
●
●
●

PFIセミナー資料 H27.10.22

Recommended

Recommended

More Related Content

What's hot

What's hot (18)

Similar to PFIセミナー資料 H27.10.22

Similar to PFIセミナー資料 H27.10.22 (20)

Recently uploaded

Recently uploaded (20)

PFIセミナー資料 H27.10.22