7. はじめに|前回の論文輪講(引用) 7
Case Perf. Category Docker KVM
A, B CPU Good Bad*
C
Memory Bandwidth
(sequential)
Good Good
D
Memory Bandwidth
(Random)
Good Good
E Network Bandwidth Acceptable* Acceptable*
F Network Latency Bad Bad
G Block I/O (Sequential) Good Good
G Block I/O (RandomAccess)
Good
(Volume Option)
Bad
Comparing to native performance …
equal = Good
a little worse = Acceptable
worse = Bad
* = depends case or tuning
18. • 公式が親切なので参考にして下さい
• [検索] [ docker install ]
• Linux環境を想定します
• dockerの実行には
root権限が必要なので注意
• 仮想マシン上をおすすめ
• win, macならこの辺でも…
• Docker for mac
• Docker for Windows
使い方|インストール 18
19. • $ docker run hello-world
• Hello-Worldコンテナを実行するコマンド
使い方|Hello World ! 19
-bash-4.2$ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
78445dd45222: Pull complete
Digest: sha256:c5515758d4c5e1e838e9cd307f6c6a0d620b5e07e6f927b07d05f6d12a1ac8d7
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
…
20. • $ docker run hello-world
• Hello-Worldイメージからコンテナを実行するコマンド
使い方|Hello World ! 20
docker run hello-worldDocker client
Docker daemon
Docker Hub
イメージの確認
hello-worldイメージ
コンテナの作成
hello-worldイメージ
“Hello from Docker!”
イメージの問い合わせ
46. Linux Container
• Concept of Linux container based on Linux namespace.
• No visibility or access to objects outside the container
• Containers can be viewed as another level of access control
in addition to the user and group permission system.
namespace [17]
• namespace can isolates and virtualizes
system resources of a collection of processes.
• namespace allows creating separate instances of global namespaces.
• Processes running inside the container
• They are sharing the host OS kernel.
• They have its own root directory and mount table.
• They appear to be running on a normal Linux system.
• namespaces feature, originally motivated by difficulties in dealing with high performance computing clusters [17].
補足| Linux Container (namespace) 46
[17] E. W. Biederman. “Multiple instances of the global Linux namespaces.”, In Proceedings of the 2006 Ottawa Linux Symposium, 2006.
Figure: https://access.redhat.com/documentation/en/red-hat-enterprise-linux-atomic-host/7/paged/overview-of-containers-in-red-hat-systems/