Last active
December 16, 2019 12:18
-
-
Save majek/bede99c29bd49060a20128ccf720af21 to your computer and use it in GitHub Desktop.
gvisor performance with slirp4netns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
# Dependencies: | |
# apt install jq | |
if [ ]; then | |
GVFLAGS=--network=host | |
FILESZ=1G | |
else | |
FILESZ=16M | |
fi | |
RUNSC="./runsc" | |
SLIRP="./slirp4netns" | |
if [ ! -f config.json ]; then | |
${RUNSC} spec | |
EXTRA_CAPS='"CAP_SETGID", "CAP_SETUID", "CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FOWNER", "CAP_SETFCAP", "CAP_SETPCAP"' | |
sed -i "s#\(\"CAP_NET_BIND_SERVICE\"\)#\1, ${EXTRA_CAPS}#" config.json | |
sed -i 's#readonly": true#readonly": false#' config.json | |
sed -i 's#\("TERM=xterm"\)#\1,\n"DEBIAN_FRONTEND=noninteractive"#' config.json | |
fi | |
if [ ! -d rootfs ]; then | |
mkdir rootfs | |
docker export $(docker create ubuntu:bionic) | tar -xf - -C rootfs | |
echo "nameserver 10.0.2.3" > rootfs/etc/resolv.conf | |
fi | |
echo "[*] Cleanup" | |
pkill -f 'python -m SimpleHTTPServer' || true | |
pkill 'slirp4netns' || true | |
${RUNSC} kill hello || true | |
${RUNSC} delete hello || true | |
rm file.bin || true | |
echo "[*] Create gvisor" | |
# gofer requires many files | |
ulimit -n 1048576 | |
${RUNSC} ${GVFLAGS} create hello | |
NSPID=`${RUNSC} state hello | jq .pid` | |
nsenter -n -t ${NSPID} ip link set lo up | |
nsenter -n -t ${NSPID} ip tuntap add mode tap name eth0 | |
nsenter -n -t ${NSPID} ip link set dev eth0 up | |
nsenter -n -t ${NSPID} ip addr add 10.0.2.100/24 dev eth0 | |
nsenter -n -t ${NSPID} ip neigh add 10.0.2.2 lladdr 70:71:aa:4b:29:aa dev eth0 | |
nsenter -n -t ${NSPID} ip route add 0.0.0.0/0 via 10.0.2.2 dev eth0 | |
fallocate -l ${FILESZ} file.bin | |
python -m SimpleHTTPServer 8080 & | |
HTTPPID=$! | |
${SLIRP} ${NSPID} -m 65521 eth0 & | |
SLIRPPID=$! | |
echo "[*] Start gvisor" | |
${RUNSC} ${GVFLAGS} start hello | |
if [ ! -f rootfs/usr/bin/curl ]; then | |
${RUNSC} exec hello apt-get -q update | |
${RUNSC} exec hello apt-get -qy install apt-utils ca-certificates curl | |
fi | |
echo "[*] running curl" | |
${RUNSC} exec hello curl 10.0.2.2:8080/file.bin -o /dev/null || true | |
${RUNSC} kill -all hello | |
${RUNSC} delete -force hello || true | |
kill ${SLIRPPID} ${HTTPPID} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment