Upgrade to Pro — share decks privately, control downloads, hide ads and more …

レガシーサーバーを現代の技術で再構築する/builderscon2019

 レガシーサーバーを現代の技術で再構築する/builderscon2019

FUJIWARA Shunichiro

August 31, 2019
Tweet

More Decks by FUJIWARA Shunichiro

Other Decks in Technology

Transcript

  1. ٖؖء٦؟٦غ٦׾植➿
    ך䪮遭דⱄ圓眠ׅ׷
    CVJMEFSTDPOUPLZP

    !GVKJXBSB

    View full-size slide

  2. !GVKJXBSB SRE (૯຿෦)
    HJUIVCDPNGVKJXBSB
    TGVKJXBSBIBUFOBCMPHDPN

    View full-size slide

  3. (BNF$PNNVOJUZ

    View full-size slide

  4. 鑧ֿׅה
    ͱ͋ΔձࣾʹϨΨγʔͳ։ൃࢧԉαʔόʔ͕͋Γ
    Redmine, SVN, Git(gitolite), etc...͕ಈ͍͍ͯ·͢
    ͦΕΛAWSͷϚωʔδυαʔϏεΛ࢖ͬͯ
    ۙ୅Խվम͍ͯ͘͠ي੻Ͱ͢
    • ΍Βͳ͍͜ͱΛܾΊΔ
    • URL͸ҡ࣋͢Δ
    • ϚωʔδυαʔϏεΛ׆༻͠ɺՄ༻ੑͱίετɺϝϯςφϯε
    ੑΛ޲্͢Δ

    View full-size slide

  5. Ꟛ涪佄䴂؟٦غ٦嚊銲
    EC2 γϯάϧߏ੒(Amazon Linux 1) + RDS for MySQL
    3FENJOF : 800Ϣʔβʔ 1800ϓϩδΣΫτ
    4VCWFSTJPO(SVN) : 1000ϦϙδτϦ, 1TB
    (JU؟٦غ : gitolite2 1000ϦϙδτϦ, 300GB
    /P1BTUF : ςΩετεχϖοτΛอଘͯ͠URLΛ Slack/IRC ʹ౤
    ߘ
    爡ⰻ(ZB[P : εΫϦʔϯγϣοτΛڞ༗
    *3$ꟼ鸬؟٦ؽأ : ircd, znc(IRC΁ͷ઀ଓҡ࣋), tiarra(IRCΫϥΠ
    Ξϯτ ϩάऔಘ༻), groonga(ϩάͷશจݕࡧ), logviewer(ϩάӾ
    ཡWebApp)

    View full-size slide

  6. ֿך؟٦غ٦ך娖〷
    痥⚅➿䎃⟃⵸
    ๭Ϩϯλϧαʔόʔ্ʹߏங
    ιϑτ΢ΣΞ: Redmine, SVN
    ϛυϧ΢ΣΞ: Apache HTTPd, MySQL
    OS: RHEL 5?

    View full-size slide

  7. ֿך؟٦غ٦ך娖〷
    痥⚅➿䎃
    ࣗࣾDC੔උʹ൐͍ KVM Խ
    CentOS 6
    SVN ͸σʔλίϐʔͰҠߦ
    Redmine, SVN ͷσʔλ͸ NFS αʔόʹอଘͯ͠ NFS mount

    View full-size slide

  8. ֿך؟٦غ٦ך娖〷
    痥⚅➿䎃
    ࣗࣾDCఫୀʹ൐͍AWSҠߦ
    EC2 1୆ (Amazon Linux 2015.03)
    DB ͸ RDS for MySQLʹ෼཭
    ELB ͸࢖༻ͤͣɺ௚઀ApacheͰTLSॲཧ
    σʔλ͸ EBS ʹίϐʔͯ͠EC2ͰϚ΢ϯτ
    ผͷϗετͰಈ͍͍ͯͨIRCؔ࿈αʔϏε, NoPaste, ࣾ಺Gyazo,
    GitαʔόΛ౷߹

    View full-size slide

  9. 䎃׀הּ׵ְחכⱄ圓眠׃גְ׷
    200? Ϩϯλϧαʔό
    2011 ΦϯϓϨ
    2015 AWS EC2
    2019 ???
    ࠶ߏங͸աڈͷ໰୊Λղফ͢Δνϟϯε

    View full-size slide

  10. 3FENJOF׾⤑ⵃח׃גְ׋䎃圓䧭
    SVN ͸ htpasswd ϑΝΠϧʹΑΔ BASIC ೝূ
    ʮRedmine ͷΞΧ΢ϯτ΋SVNͱ౷Ұ͍ͨ͠ʂʯ
    Apache Ͱ BASIC ೝূΛ௨աͨ͠ REMOTE_USER
    = RedmineͷϢʔβͱͯ͠ѻ͏ϞϯΩʔύον
    ϓϥάΠϯΛར༻ऀͷཁ๬Ͱؾܰʹ௥Ճ
    ͲΜͲΜศརʹ…?

    View full-size slide

  11. ו׿ו׿⤑ⵃח׃׋穠卓
    3FENJOFךغ٦آّٝ،حفָ㹋颵♶〳腉ח
    खݩͰೖΕͨೝূ·ΘΓͷϞϯΩʔύον͕౎౓ඞཁ
    → ͜Ε͸਺ेߦͳͷͰؤுΕͳ͍͜ͱ͸ͳ͍͕…
    ϓϥάΠϯ͕Redmineͷ৽όʔδϣϯʹඇରԠ(ͳ͜ͱ͕͋Δ)
    → ϓϥάΠϯͷকདྷʹΘͨͬͯͷϝϯςΛҾ͖ड͚Δͷ͸ෆՄೳ

    View full-size slide

  12. չװ׵זְֿהպ׾寸׭׷
    Redmine ͷόʔδϣϯΞοϓ͕Ͱ͖Δঢ়ଶʹอͭ
    → ٌٝؗ٦ػحثכ׃זְ
    !
    όʔδϣϯΞοϓͷো֐ʹͳΔͷͰفؚٓ؎ٝכⰅ׸זְ
    ཁ๬͕͋ͬͯ΋அΔɻҰ੾ೖΕͳ͍͜ͱʹ͢Δ
    ʮ౰࣌ͷ୲౰ऀ(ୀ৬)ͷҨݴͳͷͰ…ʯ

    View full-size slide

  13. ̔דװ׏׋ֿה

    DB Λ RDS for MySQL ʹ෼཭ͯ͠Ϛωʔδυʹ

    Redmine ͷόʔδϣϯΞοϓ

    ʮ΍Βͳ͍͜ͱʯΛܾΊͨ
    ͱ͸͍͑Ҡߦલͱ͓ͳ͡Ϣʔβ໊ͱύεϫʔυͰೝূ͸͍ͨ͠
    طଘϢʔβ(਺ඦ໊)ʹҎલͱಉҰύεϫʔυͷൃߦ͸ෆՄೳ
    શһʹ৽ύεϫʔυΛൃߦ → ഑෍࣌ʹେࠞཚ

    View full-size slide

  14. ٌٝؗ٦ػحث״׶وءז倯岀ד鍑嶊
    Redmine ͸ೝূػߏΛίʔυͰΧελϚΠζͰ͖Δ1
    htpasswdΛಡΜͰೝূ͢ΔίʔυΛ࣮૷͢Δ͜ͱͰରԠ
    require 'htauth'
    class AuthSourceHtpasswd < AuthSource
    def authenticate(login, password)
    r = nil
    HTAuth::PasswdFile.open("/path/to/htpasswd", HTAuth::File::ALTER) do |pf|
    user = pf.fetch(login)
    if user && user.authenticated?(password)
    r = { login: login, auth_source_id: self.id }
    end
    end
    return r
    rescue => e
    raise AuthSourceException.new(e.message)
    end
    1 http://www.redmine.org/projects/redmine/wiki/AlternativecustomauthenticationHowTo

    View full-size slide

  15. ̔דװ׏׋ֿה

    47/װ3FENJOFך幐➰ؿ؋؎ٕךر٦ة׾ח⥂㶷
    Elastic Block Store(EBS): EC2༻ͷϒϩοΫετϨʔδ
    EBS ͸ผͷϗετ͔Βಉ࣌Ϛ΢ϯτͰ͖ͳ͍
    → ඞવతʹEC2͸γϯάϧߏ੒ʹ
    EBS ͸ AZ Λލ͛ͳ͍
    → AZ ো֐ʹऑ͍
    ͳΜΒ͔ͷϦϞʔτϑΝΠϧγεςϜΛ࢖͏΂͖ͩͬͨ…?

    View full-size slide

  16. 〳欽䚍ך֮׷/'4؟٦غ׾荈ⴓד甧ג׷
    ஫: 2015೥౰࣌ɺAmazon EFS ͸·ͩଘࡏ͠ͳ͍
    &$׾〴ծⴽ";ח欽䠐׃ג荈⸂דؿ؋؎ٕず劍
    lsyncd ͱ͔ DRBD ͱ͔
    …Failover ΋ࣗྗͰ΍Δʁ
    ⴓ侔ؿ؋؎ٕءأذيىسٕؐؑ،׾&$♳ד⹛ַׅ
    GlusterFS ͱ͔ Ceph ͱ͔
    …ͦͷҡ࣋ͱόʔδϣϯΞοϓ͸ͩΕ͕ʁ
    EBSͰ͍͘ͱ͍͏൑அ͸΍ΉΛಘͳ͔ͬͨ෦෼͸͋Δ

    View full-size slide

  17. ̔דװ׏׋ֿה

    &-#׾⢪欽ׇ׆ծ5-4穄畭׾"QBDIFד㹋遤
    EBS ͷؔ܎Ͱ EC2 ͕γϯάϧߏ੒
    →1୆͔͠ͳ͍ͷʹELBΛೖΕΔͷ͸ίετతʹແବͱ͍͏൑அ
    ת׍ְָ

    ౰࣌͸ϫΠϧυΧʔυূ໌ॻ(DV)Λࣾ಺ͷ֤ॴͰ࢖༻
    ূ໌ॻऔಘͷίετ͸ଞͱڞ༻ͳͷͰແࢹͰ͖ͨ
    ACM΋·ͩͳ͍(2016೥ϦϦʔε)

    View full-size slide

  18. 䎃ךְת罋ִ׷ה
    TLSपลʹ͸੬ऑੑ͕සൟʹݟ͔ͭΔͨΊɺఆظతʹରԠ͕ඞཁ
    BEAST(2011), CRIME(2012), BREACH(2013), POODLE,
    Heartbleed(2014), FREAK, LOGJAM(2015),
    DROWN(2016)..
    &-#ז׵"84ָ꬗⦜׾鋅גֻ׸׷
    TCPΛ௚઀֎ʹࡽ͍ͯ͠Δ͚ͩͰӨڹΛड͚Δ੬ऑੑ
    (CVE-2019-11477౳)
    &-#׌׏׋׵ SZ

    View full-size slide

  19. 剑鵚ך⫘ぢ
    ࠷ۙͷωοτϫʔΫ·ΘΓͷ੬ऑੑ͸ɺOS։ൃऀɺେखΫϥ΢υ
    ϕϯμʔ΍ CDN ࣄۀऀؒͰઌʹݕ౼͞ΕɺΫϥ΢υαʔϏεଆ͕
    मਖ਼͞Ε͔ͯΒެ։͞ΕΔ͜ͱ͕ଟ͍
    ࣗ෼ͰαʔόͷϙʔτΛ֎ʹࡽ͢
    ʹ ެ։ޙɺࣗ෼ΒͰରॲ͢Δ·Ͱ੬ऑͳ··
    ELB ͳΒ AWS ͕طʹύονΛ౰͍ͯͯΔ
    ʹ ެ։࣌ʹ͸طʹӨڹΛड͚ͳ͍(͜ͱ͕ଟ͍)
    湫䱸&$דؚٗ٦غٕח儮ׅךכչ鋙䝎պָ䗳銲ז儗➿

    View full-size slide

  20. ⵸㔐獳遤ַ׵䎃
    AWSҠߦ͔Βͷ4೥ؒͰɺੈؒ΋ࣾ಺ࣄ৘΋͍Ζ͍ΖมΘͬͨ
    ࣾ಺ͷνϟοτΛ Slack ʹશ໘Ҡߦ(2016೥)
    → IRCؔ࿈͕΄΅ඞཁͳ͘ͳͬͨ
    SVNɺࣾ಺GitαʔόΛ΄΅࢖Θͳ͘ͳͬͨ
    → ͘͝Ұ෦͸·ͩ࢖༻͍ͯ͠Δ͕ɺ΄ͱΜͲશͯ GitHub ʹ
    Redmine͸·ͩ·ͩ࢖͍ͬͯΔ
    3.0 → 3.3 ΁ͷόʔδϣϯΞοϓ͸ແࣄʹ৐Γ੾ͬͨ
    ͦͯ͠ "NB[PO-JOVY&P- 䎃剢
    ͰҠߦ͕ඞਢʹ

    View full-size slide

  21. չװ׵זְֿהպ׾寸׭׷
    47/ : ➙䖓獳遤׃ג׮׵ֲֿה׾⵸䲿חծ笝䭯ׅ׷
    ໿1000ϦϙδτϦɺ1TBఔ౓͋Δ͕ΞΫςΟϒͳͷ͸਺ݸ
    ৽نʹ࡞੒͸͠ͳ͍

    (JU : ؟٦غ堣腉׾⨡姺 ϑΝΠϧ͚ͩ࢒͢
    ΞΫςΟϒͳ΋ͷ͸ GitHub ʹҠߦ͢Δ
    3FENJOF : όʔδϣϯΞοϓΛؚΊͯ笝䭯ׅ׷
    3.3.x͸EoLɻϢʔβʔαϙʔτରԠͳͲͰϔϏʔϢʔε
    ଈഇࢭ΍Ҡߦ͸ࠔ೉

    *3$ꟼ鸬 : Ⰻ鿇姺׭׷
    աڈϩάͱݕࡧ͚ͩ͸࢒͢ɻ·ͩྺ࢙ΛৼΓฦΔ͜ͱ͕…

    View full-size slide

  22. 䎃獳遤ד麦䧭׃׋ְ湡垥
    5-4穄畭׾وط٦آس؟٦ؽأ⻉
    ੬ऑੑ΁ͷରԠ޲্ɺূ໌ॻ؅ཧ͔Βͷղ์
    &$ءؚٕٝ圓䧭׾膴׃ג㛙暕ח
    2019-08-23 ౦ژϦʔδϣϯେো֐ʹΑΓμ΢ϯͯ͠͠·ͬͨ
    ٔهآزٔד盖椚ׁ׸גזְ鿇ⴓ׾噰⸂זֻׅ
    αʔό্Ͱख࡞ۀ͕ߦΘΕΔͱ؅ཧ͞Εͳ͍ઃఆͰߥΕ͍ͯ͘
    植㖈ך&$׾זֻׅ"NB[PO-JOVY&P-ח㼎䘔
    ࠓճͷҠߦͰ͸͜ͷ4఺Λୡ੒͍ͨ͠

    View full-size slide

  23. &$׾ⴓ鍑׃وط٦آس؟٦ؽأדⱄ圓眠
    "-# "QQMJDBUJPO-PBE#BMBODFS
    ׾㼪Ⰵׅ׷
    → ʮ1. TLS ऴ୺ΛϚωʔδυαʔϏεԽʯୡ੒
    ׾"NB[PO&'44ח縧ֹ䳔ִ׷
    → ʮ2. EC2 γϯάϧߏ੒Λ୤ͯ͠ݎ࿚ʹʯୡ੒ͷͨΊ
    ɹෳ਺୆͔Βڞ༗Ͱ͖ΔετϨʔδ͕ඞཁ
    ،فٔ؛٦ءّٝ׾؝ٝذش⻉׃ג"-#ַ׵䮶׶׻ֽ
    → ʮ2. EC2 γϯάϧߏ੒Λ୤ͯ͠ݎ࿚ʹʯ
    ɹʮ3.ϦϙδτϦͰ؅ཧ͞Εͯͳ͍෦෼Λۃྗͳ͘͢ʯ
    ɹʮ4.ݱࡏͷEC2Λͳ͘͢ʯୡ੒ͷͨΊ
    ALB ͰϧʔςΟϯά͠ɺURL Λҡ࣋ͨ͠··ஈ֊Ҡߦ͕Մೳʹ

    View full-size slide

  24. "NB[PO&$4ח״׷ىسٕؐؑ،ך؝ٝذش⻉
    2015೥ͷ࣌఺ͰɺRedmine, SVN, gitolite Ҏ֎ͷ΋ͷ͸ίϯςφ
    ԽࡁɻEC2্ͷ Docker Compose ͰՔಇ͍ͯ͠Δ
    ECS ͷϊ΢ϋ΢͕ࣾ಺ʹཷ·ͬͯɺػ͕ख़ͨ͠
    ECS σϓϩΠπʔϧ ecspresso2 Λ֤ϓϩδΣΫτͰ࢖༻
    Ϧιʔε؅ཧɺΦϖϨʔγϣϯ΋΄΅౷ҰͰ͖͍ͯΔ
    ؝ٝذشחろ׭׷׮ךכٔهآزٔד盖椚ׁ׸׷
    AWSͷϚωʔδυαʔϏεΛଟ਺࢖༻͢Δ͜ͱʹͳΔ
    → Terraform Ͱ؅ཧ͢Δ
    2 https://github.com/kayac/ecspresso

    View full-size slide

  25. "-# "QQMJDBUJPO-PBE#BMBODFS
    ׾㼪Ⰵ

    View full-size slide

  26. "-#ד5-4穄畭
    1. ALB ΛಋೖɺACM Ͱൃߦͨ͠ূ໌
    ॻΛ࢖༻
    2. ALB ͷσϑΥϧτλʔήοτͱͯ͠
    EC2 Λ௥Ճ
    3. DNS Λ ALB ΁޲͚ͨΒ׬ྃʂ
    知⽃דׅ״י

    View full-size slide

  27. 鷿⚥ַ׵"-#׾Ⰵ׸׷ח֮׋׏גך嗚鎢✲갪
    ة٦؜حزפך鸐⥋כ)551ַ)5514ַ
    HTTP(L7)Ͱproxy͢ΔͨΊɺEC2ଆ͸௨ৗฏจ(HTTP)Ͱड͚Δ
    (ྺ࢙తܦҢʹΑΓ) httpd.conf ͱ͔ͦ͜Β include ͞ΕΔઃఆ
    ϑΝΠϧ͕େྔʹଘࡏ
    443 → 80 ͷ VirtualHost ʹઃఆΛҠ͢ͱ͜ΖͰؒҧ͏ͱো֐ʹ
    ϧʔςΟϯάɺϩάग़ྗɺଞॾʑͷॲཧΛ࿙Εͳ͘80ʹҠಈ͢Δ
    ඞཁ͕͋Δ
    !
    !
    չ)5514ךתתז׵鏣㹀׾㢌ִזֻגְְךדכպ

    View full-size slide

  28. 鷿⚥ַ׵"-#׾Ⰵ׸׷ח֮׋׏גך嗚鎢✲갪
    EC2ଆ͸HTTPS(443)ͷ··Ͱ͍͚Δ͔Ͳ͏͔
    ALBͷλʔήοτ͸ HTTPS Ͱͷ௨৴͕Մೳ
    λʔήοτଆͷূ໌ॻ͸ݕূ͞Εͳ͍
    ূ໌ॻͱ໊લͷҰகɺ༗ޮظݶ͸ݕূ͞Εͳ͍ͷͰࠓͷ··ͰOK
    ̔׉ךתת)5514ד「ֽ׷ֿהח׃׋

    View full-size slide

  29. "-#׾Ⰵ׸׷ח֮׋׏ג䗳銲זֿה
    ؙٔؒأز⯋*1،سٖأ׾姻׃ֻ钠陎ׅ׷
    ͳʹ΋͠ͳ͍ͱϦΫΤετݩ͕ ALB ͷϓϥΠϕʔτIPΞυϨεʹ
    ϩάه࿥΍ΞΫηε੍ݶʹࢧো͕ग़Δ
    ϩάه࿥΍ΞΫηε੍ޚΛ X-Forwarded-For ϔομͰߦ͏ʁ
    طଘઃఆΛશ෦ॻ͖׵͑Δͷ͸
    !
    mod_remoteip (Apache 2.4͔Βඪ४)
    Apache 2.2༻ github.com/ttkzw/mod_remoteip-httpd22
    mod_rpaf
    Apache 2.2༻ github.com/ttkzw/mod_rpaf-0.6 3
    3 https://heartbeats.jp/hbblog/2012/03/mod-rpaf.html

    View full-size slide

  30. NPE@SFNPUFJQPSNPE@SQBG
    NPE@SFNPUFJQ
    ௨ৗΞΫηεͰ͸IPΞυϨε͕औಘͰ͖͕ͨ
    ALBܦ༝Ͱ svn checkout ͢Δͱ ALB ͕ 502 Bad Gateway Λฦ͢
    ApacheଆͰ͸200Λฦ͍ͯ͠Δ͕ɺBASICೝূ௨աޙͷΞΫηε
    ϩά͕͓͔͍͠ (IPΞυϨε෦෼͕ۭཝ΍ "s_")
    192.0.2.41 - - [27/Jun/2019:15:45:24 +0900] "OPTIONS /svn/xxx HTTP/1.1" 401
    - fujiwara [27/Jun/2019:15:45:24 +0900] "OPTIONS /svn/xxx HTTP/1.1" 200
    s_ - fujiwara [27/Jun/2019:15:45:24 +0900] "OPTIONS /svn/xxx HTTP/1.1" 200
    NPE@SQBG
    svn checkout ΋໰୊ͳ͘ಈ࡞ͨͨ͠Ί mod_rpaf ʹܾఆ

    View full-size slide

  31. ֿך״ֲזذأز׾וֿדװ׷ַ
    ͜ͷ EC2 Πϯελϯε͸Ұ఺΋ͷ
    ΠϝʔδΛऔಘͯ͠ผΠϯελϯεΛཱͯͯςετ͕ͨ͠…
    ՔಇதͷΠϯελϯε͔Β࡞ͬͨAMIΛىಈ→౰વ crond ΋ىಈ
    cron ͷॲཧ͕ෳ੡͞ΕͨΠϯελϯεͰ΋ಉ࣌ʹ࣮ߦ͞ΕΔ
    (ྫ) ֎෦αʔόʔʹϑΝΠϧΛίϐʔ͢Δॲཧ͕ڝ߹
    侄鎮♧挿׮ך؎ٝأةٝأ׾醱醡׃׋׵DSPOEכ⽯⨡姺
    Ϣʔβఆٛͷ cron ͱ͔ࢥΘ͵΋ͷ͕ಈ͍͍ͯͨΓ͢Δ…

    View full-size slide

  32. 湡垥չ5-4穄畭׾وط٦آس؟٦ؽأ⻉պ麦䧭

    View full-size slide

  33. أزٖ٦آ׾"NB[PO&'44פ
    ͜Ε·Ͱγϯάϧߏ੒ͩͬͨࠜຊݪҼ ʹ EBSʹϑΝΠϧ͕͋Δ
    EBS ্ͷϑΝΠϧ͸ Amazon EFS (ϚωʔδυNFS) ΍ S3 ʹҠ͢
    AZ ো֐ʹ΋଱͑ΒΕΔ

    View full-size slide

  34. أزٖ٦آך獳遤⯓׾黝ⴖח鼅䫛ׅ׷
    ؿ؋؎ٕׄׯזְהְֽזְ׮ך
    SVNɺRedmine ͷఴ෇ϑΝΠϧͳͲ
    ΞϓϦέʔγϣϯʹखΛೖΕΒΕͳ͍ → &'4
    ،فٔ؛٦ءّٝ׾剅ֹ䳔ִ׵׸׷׮ך
    NoPaste, ࣾ಺Gyazo͸ࣗ࡞ → 4׾⢪ֲ״ֲח؝٦س⥜姻
    ׮ֲ刿倜ׁ׸זְֽו⿫撑׌ֽ׃׋ְ׮ך
    IRCͷաڈϩάͱશจݕࡧɻ߹ܭ਺GBఔ౓
    → ؝ٝذش؎ً٦آחر٦ة׾搶ֹ鴥׿ד׃תֲ

    View full-size slide

  35. أزٖ٦آָ䗳銲זְ،فٔ؛٦ءّٝ׾&$4⻉
    ALB ͷϦεφʔϧʔϧͰ ECS ʹৼΓ෼͚Δ

    View full-size slide

  36. أزٖ٦آח4׾⢪欽ׅ׷،فٔ؛٦ءّٝ׾&$4⻉

    View full-size slide

  37. ؿ؋؎ַٕ׵4פ
    NoPaste, Gyazo ͸ϑΝΠϧಡΈॻ͖෦෼ΛS3ʹมߋ
    #FGPSF
    POST: ϑΝΠϧʹอଘ
    GET: ϑΝΠϧ͔ΒಡΈग़ͯ͠ฦ͢
    "GUFS
    POST: S3ʹอଘ
    GET: S3ʹଘࡏͨ͠Βฦ͢
    S3ʹଘࡏ͠ͳ͔ͬͨΒϑΝΠϧʹfallback
    ৽ن౤ߘ͸S3ɺطଘͷ౤ߘ͸ϑΝΠϧࢀরʹͳΔͷͰ
    ·ͣ EC2 ্ͰՔಇதͷΞϓϦέʔγϣϯΛࠩ͠ସ͑Δ

    View full-size slide

  38. ؿ؋؎ַٕ׵4פ
    ৽ن౤ߘ͸S3ɺطଘͷ౤ߘ͸EBS্ͷ
    ϑΝΠϧࢀরʹͳ͍ͬͯΔ
    ͜ͷঢ়ଶͰϑΝΠϧΛS3ʹίϐʔ͢Ε
    ͹ɺશͯͷϦΫΤετΛS3ͰॲཧͰ͖Δ
    Α͏ʹͳΔ
    S3΁ͷίϐʔ͕ऴΘΕ͹ɺΞϓϦέʔ
    γϣϯΛEC2͔ΒECSʹҠಈͰ͖Δ

    View full-size slide

  39. 謬ղ孡בְגְ׋ֿה
    ϑΝΠϧ͕1σΟϨΫτϦʹ֊૚Λ੾Βͣʹอଘ͞Ε͍ͯΔ
    (໿100ສݸ)
    ݩʑ͸ݹ͍ϑΝΠϧ͸࣌ݶͰফ͢ӡ༻ͩͬͨͷͰϑϥοτͰΑ
    ͔ͬͨ
    → ෆศͳͷͰফ͢ͷΛ΍ΊͨΒ…

    View full-size slide

  40. ؿ؋؎ָٕر؍ؙٖزٔח㣐ꆀח֮׶ֺׅ׷ה
    MTָדֹזְ
    ls ίϚϯυ͸ϑΝΠϧͷҰཡΛιʔτͯ͠ฦ͢
    શϑΝΠϧͷϝλσʔλΛಡΈग़͔ͯ͠ΒͰͳ͍ͱؼͬͯ͜ͳ͍
    1SPUJQOE׾⢪ֲ
    find ίϚϯυ͸σΟϨΫτϦΤϯτϦΛḷͬͯɺݟ͔ͭͬͨ΋ͷ
    ͔Βදࣔ͢ΔͷͰϑΝΠϧ໊ΛॱʹදࣔͰ͖Δ
    /21604557d4 → /21/60/4557d4 ͷΑ͏ʹ֊૚Λ࡞ͬͯίϐʔ͢Δ
    GoͷπʔϧΛॻ͍ͯ S3 ΁ίϐʔ

    View full-size slide

  41. ׌׿׌׿&$ָ鯪ֻז׏גֹ׋

    View full-size slide

  42. הֿ׹ד˘钠鏾כוֲׅ׷
    ࣾ಺πʔϧͳͷͰೝূ͕ඞਢ
    ࠷ۙ৽نʹ࡞ΒΕͨΞϓϦέʔγϣϯ͸ G Suite ͷΞΧ΢ϯτΛ
    ࢖ͬͨೝূΛ͍ͯ͠Δ
    SVN ͸ htpasswd Ͱͷ BASIC ೝূ
    Redmine ͸ htpasswd Λ࢖༻͢ΔೝূϓϥάΠϯ(ࣗ࡞)
    NoPaste, Gyazo ͷӾཡ΋ BASIC ೝূ
    IUQBTTXE ؿ؋؎ٕ
    ָ㣐窟♧ػأٙ٦سر٦ةك٦أ
    શࣾతʹ G Suite Λಋೖ͍ͯ͠ΔͷͰɺدͤΔͳΒ͕ͩ͜͜…
    Redmine ͷ͘͝Ұ෦Λ࢖͏͚ͩͷਓ΋͍ΔͨΊɺશһʹ G Suite
    ΞΧ΢ϯτൃߦ͸೉͍͠…
    !

    View full-size slide

  43. 钠鏾׾וֲׅ׷
    ࣾһ(G SuiteΞΧ΢ϯτΛ͍࣋ͬͯΔ)Λલఏͱͯ͠Α͍ͱ͜Ζ͸
    ALB ͷػೳͰ OIDC ೝূ͕Ͱ͖Δ
    → IRC աڈϩάʹద༻
    ͦΕҎ֎͸ htpasswd Λ౰໘࢖͍ଓ͚Δ͔͠ͳ͍…
    IUQBTTXEؿ؋؎ٕ׾&$ &$4דず劍ׅ׷➬穈׫׾罋ִ׷

    View full-size slide

  44. IUQBTTXEך盖椚
    ݱঢ়ͷ htpasswd ΞΧ΢ϯτ؅ཧϚχϡΞϧ(ཁࢫ)
    1. EC2 ʹ ssh ͠·͢
    2. ࡞ۀલʹϑΝΠϧΛ೔෇Λ໊͚ͭͨલͰόοΫΞοϓ͠·͢ʂ
    (ྫ) htpasswd.20190831
    3. ΞΧ΢ϯτ࡞੒ : htpasswd ίϚϯυͰIDͱϋογϡԽ͞Εͨύ
    εϫʔυΛ௥Ճ͠·͢ʂʂ
    ΞΧ΢ϯτ࡟আ : vi ͰϑΝΠϧͷ౰֘ߦΛ࡟আ͠·͢ʂʂʂ
    ⟀ㄤחֿ׸כ׍׳׏ה

    View full-size slide

  45. ׇ׭גٔهآزٔד㾶娖盖椚
    1. GitHubͷϓϥΠϕʔτϦϙδτϦͰ htpasswd ϑΝΠϧΛ؅ཧ
    2. ௥Ճ࡟আ͸ϒϥϯνΛ੾ͬͯฤूޙʹίϛοτ
    3. ໰୊ͳ͚Ε͹ master ʹ merge ͢Δ
    4. &$&$4חז׿הַ׃גず劍ׅ׷
    ͳΜͱ͔……?

    View full-size slide

  46. $JSDMF$*דرفٗ؎
    htpasswd ϑΝΠϧΛอଘ͢Δ S3 bucket Λ༻ҙ
    CircleCI Ͱ workflow Λ࣮ߦ͢Δ

    View full-size slide

  47. 1. S3 ʹϑΝΠϧΛΞοϓϩʔυ
    2. EC2 ʹ SSM(Systems Manager) run command Λൃߦ͠
    EC2 ্Ͱ S3 ͔Βऔಘ͢ΔίϚϯυΛ࣮ߦ
    3. ECS αʔϏεΛߋ৽ͯ͠λεΫΛೖΕ׵͑
    ίϯςφ͸ىಈ࣌ʹ S3 ͔ΒϑΝΠϧΛऔಘޙɺϓϩηεΛى
    ಈ͢ΔΑ͏ʹ࡞͓ͬͯ͘

    View full-size slide

  48. رفٗ؎ؿٗ٦侭⪒ד罋ִ׷ֿה
    㹋ꥷך⡲噟罏ח䫺䫑כזְַ
    ϦϙδτϦͰ؅ཧͯ͠ CircleCI ͔ΒσϓϩΠ͸ී௨ʹ΍͍ͬͯΔ
    Route53 ͷ DNS؅ཧ(Roadworker), IAM Ϣʔβ؅ཧ(miam)
    荈ⴓ⟃㢩ח䪔ִ׷ַ
    CircleCI ͸ଞͷϓϩδΣΫτͰ΋શ໘తʹҠߦத
    ϦϙδτϦ಺ͷscriptΛୟ͘ॲཧ͕ॱ൪ʹॻ͍ͯ͋Δ͚ͩ
    毙穠さַ
    σϓϩΠର৅ଆ͸֤ࣗͰ S3 ͔Βऔಘ͢Δ pull ܕ
    σϓϩΠର৅͕૿͑Δ → ௨஌ର৅͕૿͑Δ͚ͩ
    ฒྻԽ΍εέʔϧ͕༻ҙ

    View full-size slide

  49. ꟣鑧⠅겗

    View full-size slide

  50. ׾װ׭גְֻ
    "NB[PO&'4 &MBTUJD'JMF4ZTUFN

    NFSv4 ͰΞΫηε͢ΔϑϧϚωʔδυͳωοτϫʔΫετϨʔδ
    ಉ࣌ʹෳ਺ͷEC2͔ΒϚ΢ϯτՄೳ
    ෳ਺ AZ Ͱσʔλ͕อ࣋͞ΕΔͷͰ AZ ো֐ʹ΋ڧ͍
    Ͳ͏ͯ͠΋σʔλอଘʹϑΝΠϧΛ࢖Θͳ͍ͱ͍͚ͳ͍ɺखΛೖ
    ΕΒΕͳ͍ΞϓϦέʔγϣϯͷσʔλΛอଘ͢Δ੾Γࡳ

    View full-size slide

  51. ̔&'4ر٦ة؝ؾ٦
    EC2 ্Ͱ EFS ΛϚ΢ϯτɻrsync -a Ͱίϐʔ
    ϑΝΠϧૢ࡞ͷϨΠςϯγ͕ൺֱతେ͖͍ͨΊɺrsyncΛฒྻʹෳ
    ਺૸ΒͤΔ΄͏͕ίϐʔ࣌ؒΛ୹ॖͰ͖Δ
    ੾Γସ͑͸ଟগͷμ΢ϯλΠϜΛड͚ೖΕΕ͹؆୯
    1.ΞϓϦέʔγϣϯՔಇதʹrsyncͰॳظಉظ
    2.ΞϓϦέʔγϣϯఀࢭ
    3.rsync Ͱࠩ෼Λ൓ө
    4.EC2 ͷϚ΢ϯτϙΠϯτΛ EBS ͔Β EFS ʹ੾Γସ͑Δ
    5.ΞϓϦέʔγϣϯىಈ

    View full-size slide

  52. &'4ך؝أز
    ετϨʔδλΠϓ ୯Ձ
    EFS ඪ४ετϨʔδ (GB-݄) 0.36USD4
    EFS ௿ස౓ΞΫηεετϨʔδ
    (GB-݄)
    0.054USD
    EFS ௿ස౓ΞΫηεϦΫΤετ (స
    ૹ GB ͋ͨΓ)
    0.012USD
    EBS (GP2) GB-݄ 0.12USD
    Ծʹ1TBΛอଘ͢Δͱ EBS 13,000ԁ/݄ EFS 39,000ԁ/݄
    4 ͢΂ͯ౦ژϦʔδϣϯͷՁ֨

    View full-size slide

  53. &'4כ؝أزָ넝ְ
    ඪ४ετϨʔδͷGB୯Ձ͸ EBS ͷ3ഒ(!!)͕ͩ
    כ然⥂׃׋㺁ꆀד铬ꆃׁ׸׷
    1TBͷEBSΛ༻ҙͨ͠ΒதʹԿ΋ೖΕͳͯ͘΋1TB෼
    &'4כ㺁ꆀ׾然⥂ׅ׷䗳銲ָזְ
    ࣮ࡍʹϑΝΠϧΛอଘͨ͠༰ྔͷΈ
    EBS͸༨༟Λݟͯ༰ྔΛ֬อ͢Δ͜ͱ͕ଟ͍
    ࢖༻཰ 50% Ͱ֬อ͢Δͱ࣮ࡍʹ͸ 1.5ഒ

    View full-size slide

  54. &'4⡚걼䏝،ؙإأأزٖ٦آ
    ҰఆظؒϑΝΠϧͷ಺༰ʹΞΫηε͞Εͳ͔ͬͨ΋ͷΛࣗಈతʹ
    ௿ස౓ΞΫηεετϨʔδʹҠߦͰ͖Δ
    ඪ४ετϨʔδΑΓ໿85%҆͘ɺEBS ͷ൒ֹҎԼ
    σʔλΞΫηεͰ0.012USD/GB՝ۚɺϨΠςϯγ͕େ͖͘ͳΔ
    ͘͝Ұ෦͚ͩΞΫςΟϒͳϦϙδτϦɺݹ͍΋ͷ͸ΊͬͨʹΞΫ
    ηε͞Εͳ͍Redmineͷఴ෇ϑΝΠϧΛஔ͘ͷʹ͸࠷దʂ

    View full-size slide

  55. غحؙ،حف
    AWS Backup ͰऔΕ·͢
    EBS ΋ EFS ΋౷Ұతʹεφοϓγϣοτ͕औಘͰ͖Δ
    ϑΝΠϧૢ࡞Λޡͬͯ΋εφοϓγϣοτ͔Βͷ෮چ͕Մೳ

    View full-size slide

  56. &$ַ׵&'4׾ⵃ欽ׅ׷
    ϗετ্Ͱ NFSv4 ͱͯ͠Ϛ΢ϯτ͢Δɻamazon-efs-utilsΛ࢖͑
    ͹͘͝؆୯
    # yum install -y amazon-efs-utils
    # mount -t efs fs-12345678:/ /mnt/efs

    View full-size slide

  57. &$4ַ׵&'4׾ⵃ欽ׅ׷
    EC2 Ͱ EFS Ϛ΢ϯτ ʴ ECS ͷλεΫఆٛͰϗετΛϚ΢ϯτ
    ௚઀ ECS λεΫ͔Β EFS Ϛ΢ϯτ͸ݱ࣌఺Ͱ͸Ͱ͖ͳ͍
    {
    "taskDefinition": {
    "volumes": [{
    "host": {"sourcePath": "/mnt/efs"},
    "name": "efs"
    }],
    "containerDefinitions": [{
    "name": "httpd",
    "mountPoints": [{
    "sourceVolume": "efs",
    "readOnly": false,
    "containerPath": "/efs"
    }
    ]

    View full-size slide

  58. &$4 'BSHBUF
    ַ׵&'4׾ⵃ欽ׅ׷
    Fargate Λར༻͢Δ৔߹
    &'4כ⢪ִתׇ׿ 植㖈

    Ͳ͏ͯ͠΋EC2Πϯελϯε্ͰλεΫΛىಈ͢Δඞཁ͕͋Δ
    ׈מ׫זׁ׿ד"84ח銲劄׾˘

    View full-size slide

  59. ֿֿתד穄׻׸ל&$ָ瑞׏שח 劢㸣

    View full-size slide

  60. չ&$ءؚٕٝ圓䧭׾膴׃ג㛙暕חպ麦䧭
    ALB, ECS, RDS, EFS, S3 ͕ Multi-AZ Ͱಈ࡞͍ͯ͠Δ
    չٔهآزٔד盖椚ׁ׸גזְ鿇ⴓ׾噰⸂זֻׅպ麦䧭
    htpasswdϦϙδτϦ؅ཧ + ECS + Terraform
    չ植㖈ך&$׾זֻׅպ麦䧭
    EC2͸ۭͬΆͳͷͰࢭΊΒΕΔ
    !

    View full-size slide

  61. תה׭
    EC2 γϯάϧߏ੒ɺྺ࢙͕٧·ͬͨϨΨγʔͳαʔόʔΛ
    ϚωʔδυαʔϏεʹ෼ղͯ͠࠶ߏங͍ͯ͠·͢
    ֎քͱͷ઀఺ɺσʔλอ࣋͸ϚωʔδυαʔϏεͰ
    (ELB, RDS, S3, EFS...)
    ఆظతʹγεςϜͱۀ຿Λݟ௚͠
    ҡ࣋͢Δ΋ͷɺ੾ΓࣺͯΔ΋ͷΛܾΊΔͷ͸େࣄ
    ϝϯςͰ͖Δ࢓૊ΈͰ࡞Γ௚͢ͷ΋େࣄ

    View full-size slide