Slide 1
Slide 1 text
؆ུԽͨ͠
ωοτϫʔΫґଘؔάϥϑ
ͷՄࢹԽج൫
id:y_uuki, id:masayoshi, ͯͳ
2018/11/17 ୈ3ճ Web System Architectureݚڀձ@౦ژ
Slide 2
Slide 2 text
࣍
1. എܠͱత
2. ఏҊख๏
3. ·ͱΊ
Slide 3
Slide 3 text
1. എܠͱత
Slide 4
Slide 4 text
എܠ
• ωοτϫʔΫґଘؔͷෳࡶԽ
• 10୯ҐͷαʔϏεͷظӡ༻ͷؒʹॏͳΔ૿ங
• ϚΠΫϩαʔϏεͳͲͷۙͷτϨϯυมԽ
• γεςϜཧऀ͕هԱͰ͖ͳ͍ݸʑͷ௨৴ͷґଘؔ
• Өڹൣғ͕Θ͔Βͳ͍ͨΊɺมߋͷͨͼʹґଘؔΛ
ௐࠪ͢Δඞཁ͕ൃੜ
Slide 5
Slide 5 text
ઌߦख๏
• ϑΝΠΞΥʔϧͷϩΪϯάػߏύέοτΩϟϓνϟ
• TCP/UDP௨৴ϩάΛूܭαʔόʹసૹ͠ґଘՄࢹԽ
• ωοτϫʔΫεΠον͔Βͷ౷ܭใऔಘ (sFlow/NetFlowͳͲ)
• αΠυΧʔϓϩΩγΞϓϦέʔγϣϯϩά (ࢄτϨʔγϯά)
Slide 6
Slide 6 text
֤ઌߦख๏ͷ՝
• ϑΝΠΞΥʔϧϩΪϯά(iptables)
• a) ύέοτϨΠςϯγ͕૿Ճ
• ύέοτΩϟϓνϟ(tcpdump)
• b) ύέοτશମΛऩू͢ΔͨΊɺऩू·ͨղੳͷͨΊͷෛՙͷ૿Ճ
• sFlow/NetFlow
• c) αϯϓϦϯά͞ΕΔͨΊґଘཏ͕Լ
• ΞϓϦέʔγϣϯ(L7)ͰͷϦΫΤετ୯ҐͷϩΪϯά
• d) ΞϓϦέʔγϣϯͷมߋ͕ඞཁ
Slide 7
Slide 7 text
ઌߦख๏શମͷ՝
• e) ऩूσʔλ͕ґଘؔΛΔ͚ͩʹ͕ͯ͠ଟ͘
• ύέοτɺTCPଓɺϦΫΤετ୯Ґͷใ
• ྫ͑ΤϑΣϝϥϧϙʔτͷଓใͳͲ
• f) ґଘؔάϥϑߏͷෳࡶԽ
• ෛՙࢄͳͲʹΑΓϗετ͕૿Ճͨ͠߹ʹϊʔυͱΤο
δͷݸ͕૿͑Δ
Slide 8
Slide 8 text
2. ఏҊख๏
Slide 9
Slide 9 text
ཁ݅
• 1)ΞϓϦέʔγϣϯੑೳʹӨڹΛ༩͑ͳ͍ଓใͷऩूՄೳ (՝
a),b),c))
• ݱ࣮తͳਫ਼Ͱଓใͷऩूཱ྆
• 2)ΞϓϦέʔγϣϯͷมߋෆཁͰऩूՄೳ (՝d)
• 3)ूԽ͞Εͨϊʔυ୯ҐͰՄࢹԽՄೳ (՝e)
• 4)ϗετ୯ҐͰͳ͘ϗετͷෳάϧʔϓ୯ҐͰՄࢹԽՄೳ ՝ f)
• 5)ҙͷ࣌ؒൣғͰͷґଘؔΛग़ྗՄೳ
Slide 10
Slide 10 text
ఏҊख๏
• ΞϓϦέʔγϣϯͷมߋෆཁͳωοτϫʔΫ௨৴ใͷऩू (ཁ݅2)
• OSʹ͍߹ΘͤऔಘՄೳͳTCPଓใΛར༻
• ΞϓϦέʔγϣϯੑೳʹӨڹΛ༩͑ͳ͍TCPଓใͷऩू (ཁ݅1)
• OS͕ͭෛՙͰऔಘՄೳͳTCPଓͷ౷ܭใΛར༻
• ूԽ͞ΕͨΤοδͱϊʔυ୯ҐͰՄࢹԽՄೳ
• Τοδ: ಉҰϗετ͔ͭಉҰϦοεϯϙʔτͷTCPଓू (ཁ݅3)
• ϊʔυ: αʔόཧπʔϧͷAPIͱ࿈ܞՄೳ (ཁ݅4)
• ίωΫγϣϯཧDBʹूԽ͞ΕͨTCPଓΛ͖࣌ؒͰཧՄೳ (ཁ݅5)
Slide 11
Slide 11 text
ϗετϑϩʔू
• Τοδ: ಉҰϗετ͔ͭಉҰϦοεϯϙʔτͷTCPଓू
• Τοδͷҹͷ͖: TCPͷΞΫςΟϒΦʔϓϯͱύογϒΦʔϓϯͰఆ
port 80
port 3306
port 10000
port 10001
port 10002
port 15000
port 15001
port 15002
ϗετϑϩʔ
ϗετϑϩʔ
Host Host
Slide 12
Slide 12 text
ϗετϑϩʔूͷ࣮
• 1. Netlink APIʹΑΓTCPଓใΛऔಘ͢Δ
• 2. LISTENεςʔτͷଓͷϩʔΧϧϙʔτͷΈநग़
• 3. 1.ͱ2.Λಥ͖߹Θͤɼଓઌϙʔτ͕ϦοεϯϙʔτͰ͋Ε
ΞΫςΟϒΦʔϓϯɼͦΕҎ֎ͷଓύογϒΦʔϓϯͱ
ఆ͢Δɽ
Slide 13
Slide 13 text
send
agent
agent
CMDB
Host
Host
agent
Host
analyzer
sysadmin
get
get
ఏҊख๏ͷશମϑϩʔ֓ཁ
Slide 14
Slide 14 text
send
agent
agent
Postgres
Host
Host
agent
Host
CLI
sysadmin
get
get
ఏҊख๏ͷશମϑϩʔ֓ཁ
Mackerel
get
Slide 15
Slide 15 text
CMDBͷεΩʔϚ
• nodesςʔϒϧ: ϊʔυใ
• IDͱIPΞυϨεͱϙʔτ൪߸
• flowsςʔϒϧ: ϗετϑϩʔใ
• IDͱ͖ͱૹ৴ݩͱૹ৴ઌͷͦΕͧΕͷϊʔυID
Slide 16
Slide 16 text
Mackerel APIʹΑΔෳϊʔυͷάϧʔϓԽ
• ͋Β͔͡Ί֤ϗετΛMackerelʹొ͠ɺෳ͞Εͨϗετ܈Λ1
ͭͷϩʔϧʹ·ͱΊ͓ͯ͘
• MackerelΛར༻ͨ͠ෳϊʔυͷάϧʔϓԽखॱ
• analyzer͕CMDB͔ΒϊʔυΛऔಘ
• Mackerel APIʹΑΓϗετใҰཡΛऔಘ֘͠ϊʔυͷIPΞυ
ϨεͰϑΟϧλ
• ಉҰϩʔϧͷϊʔυΛάϧʔϓԽ
Slide 17
Slide 17 text
github.com/yuuki/mftracer
$ mftctl --level 2 --dest-service blog --dest-roles redis --dest-roles memcached
blog:redis
ᵋ<-- 10.0.0.22:many (connections:30)
ᵋ<-- 10.0.0.23:many (connections:30)
ᵋ<-- 10.0.0.24:many (connections:30)
ᵋ<-- 10.0.0.30:many (connections:1)
ᵋ<-- 10.0.0.31:many (connections:1)
ᵋ<-- 10.0.0.25:many (connections:30)
blog:memcached
ᵋ<-- 10.0.0.23:many (connections:30)
ᵋ<-- 10.0.0.25:many (connections:30)
Slide 18
Slide 18 text
্࣮ͷ՝
• ωοτϫʔΫτϙϩδͷ॥ʹର͢Δߟྀ
• Ϋϥυࣄۀऀ͕ఏڙ͢ΔϚωʔδυαʔϏεΛར༻͍ͯ͠Δ
߹ɼIPΞυϨε͔Β࣮ମΛͨͲΔ͜ͱͷࠔ
• ͋ΔಛఆͷϊʔυΛࢦఆ͠ɼࢦఆͨ͠ϊʔυ”͔Β”ଓ͢Δ
ϊʔυҰཡΛऔಘ͢Δ࣮ (ٯՄೳ)
• ࣌ؒൣғΛࢦఆͨ͠ґଘؔͷऔಘ
• ݱࡏ͔Βաڈͯ͢ͷґଘؔΛऔಘ͢ΔΑ͏ʹͳ͍ͬͯΔ
Slide 19
Slide 19 text
3. ·ͱΊ
Slide 20
Slide 20 text
·ͱΊ
• γεςϜཧऀ͕ݸʑͷωοτϫʔΫґଘؔΛهԱͰ͖ͳ͍
• ΞϓϦέʔγϣϯΛมߋͤͣʹɼΞϓϦέʔγϣϯʹӨڹΛ༩
͑Δ͜ͱͳ͘ɼదͳநͰใΛऔಘՄೳͳґଘؔղੳ
γεςϜ
Slide 21
Slide 21 text
ࠓޙͷ՝
• αʔϕΠ
• ֤ωοτϫʔΫͰઌߦݚڀ͕͋ΔͨΊɺຊݚڀͷཱͪҐஔΛ໌֬Խ
• ධՁ
• ϑΝΠΞΥʔϧϩΪϯάͱύέοτΩϟϓνϟͷϨΠςϯγ૿େͷධՁ
• ͯ͢ͷଓใΛऔಘͰ͖ΔΘ͚Ͱͳ͍ͨΊɼଓใͷऔಘΛ֬
ೝ͠ɼ࣮ӡ༻ʹ͓͍ͯɼेͳਫ਼Ͱ͋Δ͜ͱΛ֬ೝ
• ల
• ಉ͡Α͏ͳ௨৴Λ͍ͯ͠ΔϗετΛΫϥελϦϯάਪఆ
• ίϯςφܕԾԽڥͰͷґଘؔͷղੳͷൃల