レガシーサーバーを現代の技術で再構築する/builderscon2019

Transcript

1. ٖؖء٦؟٦غ٦׾植➿ ך䪮遭דⱄ圓眠ׅ׷ CVJMEFSTDPO
   UPLZP
     !GVKJXBSB

2. !GVKJXBSB SRE (૯຿෦) HJUIVCDPNGVKJXBSB TGVKJXBSBIBUFOBCMPHDPN

3. 
   (BNF
   
   $PNNVOJUZ

4. 鑧ֿׅה ͱ͋ΔձࣾʹϨΨγʔͳ։ൃࢧԉαʔόʔ͕͋Γ Redmine, SVN, Git(gitolite), etc...͕ಈ͍͍ͯ·͢ ͦΕΛAWSͷϚωʔδυαʔϏεΛ࢖ͬͯ ۙ୅Խվम͍ͯ͘͠ي੻Ͱ͢ • ΍Βͳ͍͜ͱΛܾΊΔ

   • URL͸ҡ࣋͢Δ • ϚωʔδυαʔϏεΛ׆༻͠ɺՄ༻ੑͱίετɺϝϯςφϯε ੑΛ޲্͢Δ

5. Ꟛ涪佄䴂؟٦غ٦嚊銲 EC2 γϯάϧߏ੒(Amazon Linux 1) + RDS for MySQL 3FENJOF

   : 800Ϣʔβʔ 1800ϓϩδΣΫτ 4VCWFSTJPO(SVN) : 1000ϦϙδτϦ, 1TB (JU؟٦غ : gitolite2 1000ϦϙδτϦ, 300GB /P1BTUF : ςΩετεχϖοτΛอଘͯ͠URLΛ Slack/IRC ʹ౤ ߘ 爡ⰻ(ZB[P : εΫϦʔϯγϣοτΛڞ༗ *3$ꟼ鸬؟٦ؽأ : ircd, znc(IRC΁ͷ઀ଓҡ࣋), tiarra(IRCΫϥΠ Ξϯτ ϩάऔಘ༻), groonga(ϩάͷશจݕࡧ), logviewer(ϩάӾ ཡWebApp)

6. ֿך؟٦غ٦ך娖〷 痥⚅➿
   䎃⟃⵸ ๭Ϩϯλϧαʔόʔ্ʹߏங ιϑτ΢ΣΞ: Redmine, SVN ϛυϧ΢ΣΞ: Apache HTTPd, MySQL

   OS: RHEL 5?

7. ֿך؟٦غ٦ך娖〷 痥⚅➿
   䎃 ࣗࣾDC੔උʹ൐͍ KVM Խ CentOS 6 SVN ͸σʔλίϐʔͰҠߦ Redmine,

   SVN ͷσʔλ͸ NFS αʔόʹอଘͯ͠ NFS mount

8. ֿך؟٦غ٦ך娖〷 痥⚅➿
   䎃 ࣗࣾDCఫୀʹ൐͍AWSҠߦ EC2 1୆ (Amazon Linux 2015.03) DB ͸

   RDS for MySQLʹ෼཭ ELB ͸࢖༻ͤͣɺ௚઀ApacheͰTLSॲཧ σʔλ͸ EBS ʹίϐʔͯ͠EC2ͰϚ΢ϯτ ผͷϗετͰಈ͍͍ͯͨIRCؔ࿈αʔϏε, NoPaste, ࣾ಺Gyazo, GitαʔόΛ౷߹

9. 䎃׀הּ׵ְחכⱄ圓眠׃גְ׷ 200? Ϩϯλϧαʔό 2011 ΦϯϓϨ 2015 AWS EC2 2019 ???

   ࠶ߏங͸աڈͷ໰୊Λղফ͢Δνϟϯε

10. 3FENJOF׾⤑ⵃח׃גְ׋䎃圓䧭 SVN ͸ htpasswd ϑΝΠϧʹΑΔ BASIC ೝূ ʮRedmine ͷΞΧ΢ϯτ΋SVNͱ౷Ұ͍ͨ͠ʂʯ Apache

    Ͱ BASIC ೝূΛ௨աͨ͠ REMOTE_USER = RedmineͷϢʔβͱͯ͠ѻ͏ϞϯΩʔύον ϓϥάΠϯΛར༻ऀͷཁ๬Ͱؾܰʹ௥Ճ ͲΜͲΜศརʹ…?

11. ו׿ו׿⤑ⵃח׃׋穠卓 3FENJOFךغ٦آّٝ،حفָ㹋颵♶〳腉ח खݩͰೖΕͨೝূ·ΘΓͷϞϯΩʔύον͕౎౓ඞཁ → ͜Ε͸਺ेߦͳͷͰؤுΕͳ͍͜ͱ͸ͳ͍͕… ϓϥάΠϯ͕Redmineͷ৽όʔδϣϯʹඇରԠ(ͳ͜ͱ͕͋Δ) → ϓϥάΠϯͷকདྷʹΘͨͬͯͷϝϯςΛҾ͖ड͚Δͷ͸ෆՄೳ

12. չװ׵זְֿהպ׾寸׭׷ Redmine ͷόʔδϣϯΞοϓ͕Ͱ͖Δঢ়ଶʹอͭ → ٌٝؗ٦ػحثכ׃זְ ! όʔδϣϯΞοϓͷো֐ʹͳΔͷͰفؚٓ؎ٝכⰅ׸זְ ཁ๬͕͋ͬͯ΋அΔɻҰ੾ೖΕͳ͍͜ͱʹ͢Δ ʮ౰࣌ͷ୲౰ऀ(ୀ৬)ͷҨݴͳͷͰ…ʯ

13. 
    ̔
    
    דװ׏׋ֿה ⭕ DB Λ RDS for MySQL ʹ෼཭ͯ͠Ϛωʔδυʹ ⭕ Redmine

    ͷόʔδϣϯΞοϓ ⭕ ʮ΍Βͳ͍͜ͱʯΛܾΊͨ ͱ͸͍͑Ҡߦલͱ͓ͳ͡Ϣʔβ໊ͱύεϫʔυͰೝূ͸͍ͨ͠ طଘϢʔβ(਺ඦ໊)ʹҎલͱಉҰύεϫʔυͷൃߦ͸ෆՄೳ શһʹ৽ύεϫʔυΛൃߦ → ഑෍࣌ʹେࠞཚ

14. ٌٝؗ٦ػحث״׶وءז倯岀ד鍑嶊 Redmine ͸ೝূػߏΛίʔυͰΧελϚΠζͰ͖Δ1 htpasswdΛಡΜͰೝূ͢ΔίʔυΛ࣮૷͢Δ͜ͱͰରԠ require 'htauth' class AuthSourceHtpasswd < AuthSource

    def authenticate(login, password) r = nil HTAuth::PasswdFile.open("/path/to/htpasswd", HTAuth::File::ALTER) do |pf| user = pf.fetch(login) if user && user.authenticated?(password) r = { login: login, auth_source_id: self.id } end end return r rescue => e raise AuthSourceException.new(e.message) end 1 http://www.redmine.org/projects/redmine/wiki/AlternativecustomauthenticationHowTo

15. 
    ̔
    
    דװ׏׋ֿה ❗
    47/
    װ
    3FENJOF
    ך幐➰ؿ؋؎ٕךر٦ة׾
    &#4
    ח⥂㶷 Elastic Block Store(EBS): EC2༻ͷϒϩοΫετϨʔδ EBS ͸ผͷϗετ͔Βಉ࣌Ϛ΢ϯτͰ͖ͳ͍ →

    ඞવతʹEC2͸γϯάϧߏ੒ʹ EBS ͸ AZ Λލ͛ͳ͍ → AZ ো֐ʹऑ͍ ͳΜΒ͔ͷϦϞʔτϑΝΠϧγεςϜΛ࢖͏΂͖ͩͬͨ…?

16. 〳欽䚍ך֮׷/'4؟٦غ׾荈ⴓד甧ג׷ ஫: 2015೥౰࣌ɺAmazon EFS ͸·ͩଘࡏ͠ͳ͍ &$
    ׾〴ծⴽ
    ";
    ח欽䠐׃ג荈⸂דؿ؋؎ٕず劍 lsyncd ͱ͔ DRBD ͱ͔

    …Failover ΋ࣗྗͰ΍Δʁ ⴓ侔ؿ؋؎ٕءأذيىسٕؐؑ،׾
    &$
    ♳ד⹛ַׅ GlusterFS ͱ͔ Ceph ͱ͔ …ͦͷҡ࣋ͱόʔδϣϯΞοϓ͸ͩΕ͕ʁ EBSͰ͍͘ͱ͍͏൑அ͸΍ΉΛಘͳ͔ͬͨ෦෼͸͋Δ

17. 
    ̔
    
    דװ׏׋ֿה ❌
    &-#
    ׾⢪欽ׇ׆ծ5-4穄畭׾"QBDIFד㹋遤 EBS ͷؔ܎Ͱ EC2 ͕γϯάϧߏ੒ →1୆͔͠ͳ͍ͷʹELBΛೖΕΔͷ͸ίετతʹແବͱ͍͏൑அ ת׍ְָ ౰࣌͸ϫΠϧυΧʔυূ໌ॻ(DV)Λࣾ಺ͷ֤ॴͰ࢖༻

    ূ໌ॻऔಘͷίετ͸ଞͱڞ༻ͳͷͰແࢹͰ͖ͨ ACM΋·ͩͳ͍(2016೥ϦϦʔε)

18. 䎃ךְת罋ִ׷ה TLSपลʹ͸੬ऑੑ͕සൟʹݟ͔ͭΔͨΊɺఆظతʹରԠ͕ඞཁ BEAST(2011), CRIME(2012), BREACH(2013), POODLE, Heartbleed(2014), FREAK, LOGJAM(2015), DROWN(2016)..

    &-#
    ז׵
    "84
    ָ꬗⦜׾鋅גֻ׸׷ TCPΛ௚઀֎ʹࡽ͍ͯ͠Δ͚ͩͰӨڹΛड͚Δ੬ऑੑ (CVE-2019-11477౳) &-#
    ׌׏׋׵ SZ

19. 剑鵚ך⫘ぢ ࠷ۙͷωοτϫʔΫ·ΘΓͷ੬ऑੑ͸ɺOS։ൃऀɺେखΫϥ΢υ ϕϯμʔ΍ CDN ࣄۀऀؒͰઌʹݕ౼͞ΕɺΫϥ΢υαʔϏεଆ͕ मਖ਼͞Ε͔ͯΒެ։͞ΕΔ͜ͱ͕ଟ͍ ࣗ෼ͰαʔόͷϙʔτΛ֎ʹࡽ͢ ʹ ެ։ޙɺࣗ෼ΒͰରॲ͢Δ·Ͱ੬ऑͳ·· ELB

    ͳΒ AWS ͕طʹύονΛ౰͍ͯͯΔ ʹ ެ։࣌ʹ͸طʹӨڹΛड͚ͳ͍(͜ͱ͕ଟ͍) 湫䱸&$דؚٗ٦غٕח儮ׅךכչ鋙䝎պָ䗳銲ז儗➿

20. ⵸㔐獳遤ַ׵䎃 AWSҠߦ͔Βͷ4೥ؒͰɺੈؒ΋ࣾ಺ࣄ৘΋͍Ζ͍ΖมΘͬͨ ࣾ಺ͷνϟοτΛ Slack ʹશ໘Ҡߦ(2016೥) → IRCؔ࿈͕΄΅ඞཁͳ͘ͳͬͨ SVNɺࣾ಺GitαʔόΛ΄΅࢖Θͳ͘ͳͬͨ → ͘͝Ұ෦͸·ͩ࢖༻͍ͯ͠Δ͕ɺ΄ͱΜͲશͯ

    GitHub ʹ Redmine͸·ͩ·ͩ࢖͍ͬͯΔ 3.0 → 3.3 ΁ͷόʔδϣϯΞοϓ͸ແࣄʹ৐Γ੾ͬͨ ͦͯ͠ "NB[PO
    -JOVY
    
    &P-
    䎃剢 ͰҠߦ͕ඞਢʹ

21. չװ׵זְֿהպ׾寸׭׷ 47/ : ➙䖓獳遤׃ג׮׵ֲֿה׾⵸䲿חծ笝䭯ׅ׷ ໿1000ϦϙδτϦɺ1TBఔ౓͋Δ͕ΞΫςΟϒͳͷ͸਺ݸ ৽نʹ࡞੒͸͠ͳ͍ ⛔ (JU : ؟٦غ堣腉׾⨡姺

    ϑΝΠϧ͚ͩ࢒͢ ΞΫςΟϒͳ΋ͷ͸ GitHub ʹҠߦ͢Δ 3FENJOF : όʔδϣϯΞοϓΛؚΊͯ笝䭯ׅ׷ 3.3.x͸EoLɻϢʔβʔαϙʔτରԠͳͲͰϔϏʔϢʔε ଈഇࢭ΍Ҡߦ͸ࠔ೉ ⛔ *3$ꟼ鸬 : Ⰻ鿇姺׭׷ աڈϩάͱݕࡧ͚ͩ͸࢒͢ɻ·ͩྺ࢙ΛৼΓฦΔ͜ͱ͕…

22. 䎃獳遤ד麦䧭׃׋ְ湡垥 
    5-4
    穄畭׾وط٦آس؟٦ؽأ⻉ ੬ऑੑ΁ͷରԠ޲্ɺূ໌ॻ؅ཧ͔Βͷղ์ 
    &$
    ءؚٕٝ圓䧭׾膴׃ג㛙暕ח 2019-08-23 ౦ژϦʔδϣϯେো֐ʹΑΓμ΢ϯͯ͠͠·ͬͨ 
    ٔهآزٔד盖椚ׁ׸גזְ鿇ⴓ׾噰⸂זֻׅ αʔό্Ͱख࡞ۀ͕ߦΘΕΔͱ؅ཧ͞Εͳ͍ઃఆͰߥΕ͍ͯ͘ 
    植㖈ך&$׾זֻׅ
    
    "NB[PO-JOVY
    
    &P-ח㼎䘔 ࠓճͷҠߦͰ͸͜ͷ4఺Λୡ੒͍ͨ͠

23. &$
    ׾ⴓ鍑׃وط٦آس؟٦ؽأדⱄ圓眠 "-#
    "QQMJDBUJPO
    -PBE
    #BMBODFS
    ׾㼪Ⰵׅ׷ → ʮ1. TLS ऴ୺ΛϚωʔδυαʔϏεԽʯୡ੒ &#4
    ׾
    "NB[PO
    &'4
    
    4
    ח縧ֹ䳔ִ׷ →

    ʮ2. EC2 γϯάϧߏ੒Λ୤ͯ͠ݎ࿚ʹʯୡ੒ͷͨΊ ɹෳ਺୆͔Βڞ༗Ͱ͖ΔετϨʔδ͕ඞཁ ،فٔ؛٦ءّٝ׾؝ٝذش⻉׃ג"-#ַ׵䮶׶׻ֽ → ʮ2. EC2 γϯάϧߏ੒Λ୤ͯ͠ݎ࿚ʹʯ ɹʮ3.ϦϙδτϦͰ؅ཧ͞Εͯͳ͍෦෼Λۃྗͳ͘͢ʯ ɹʮ4.ݱࡏͷEC2Λͳ͘͢ʯୡ੒ͷͨΊ ALB ͰϧʔςΟϯά͠ɺURL Λҡ࣋ͨ͠··ஈ֊Ҡߦ͕Մೳʹ

24. "NB[PO
    &$4
    ח״׷ىسٕؐؑ،ך؝ٝذش⻉ 2015೥ͷ࣌఺ͰɺRedmine, SVN, gitolite Ҏ֎ͷ΋ͷ͸ίϯςφ ԽࡁɻEC2্ͷ Docker Compose ͰՔಇ͍ͯ͠Δ ECS

    ͷϊ΢ϋ΢͕ࣾ಺ʹཷ·ͬͯɺػ͕ख़ͨ͠ ECS σϓϩΠπʔϧ ecspresso2 Λ֤ϓϩδΣΫτͰ࢖༻ Ϧιʔε؅ཧɺΦϖϨʔγϣϯ΋΄΅౷ҰͰ͖͍ͯΔ ؝ٝذشחろ׭׷׮ךכٔهآزٔד盖椚ׁ׸׷ AWSͷϚωʔδυαʔϏεΛଟ਺࢖༻͢Δ͜ͱʹͳΔ → Terraform Ͱ؅ཧ͢Δ 2 https://github.com/kayac/ecspresso
25. None
26. None
27. None
28. None
29. None

30. "-#
    "QQMJDBUJPO
    -PBE
    #BMBODFS
    ׾㼪Ⰵ

31. "-#
    ד
    5-4
    穄畭 1. ALB ΛಋೖɺACM Ͱൃߦͨ͠ূ໌ ॻΛ࢖༻ 2. ALB ͷσϑΥϧτλʔήοτͱͯ͠ EC2

    Λ௥Ճ 3. DNS Λ ALB ΁޲͚ͨΒ׬ྃʂ 知⽃דׅ״י

32. 鷿⚥ַ׵"-#׾Ⰵ׸׷ח֮׋׏גך嗚鎢✲갪 ة٦؜حزפך鸐⥋כ
    )551
    ַ
    )5514
    ַ HTTP(L7)Ͱproxy͢ΔͨΊɺEC2ଆ͸௨ৗฏจ(HTTP)Ͱड͚Δ (ྺ࢙తܦҢʹΑΓ) httpd.conf ͱ͔ͦ͜Β include ͞ΕΔઃఆ ϑΝΠϧ͕େྔʹଘࡏ 443

    → 80 ͷ VirtualHost ʹઃఆΛҠ͢ͱ͜ΖͰؒҧ͏ͱো֐ʹ ϧʔςΟϯάɺϩάग़ྗɺଞॾʑͷॲཧΛ࿙Εͳ͘80ʹҠಈ͢Δ ඞཁ͕͋Δ ! ! չ)5514ךתתז׵鏣㹀׾㢌ִזֻגְְךדכպ

33. 鷿⚥ַ׵"-#׾Ⰵ׸׷ח֮׋׏גך嗚鎢✲갪 EC2ଆ͸HTTPS(443)ͷ··Ͱ͍͚Δ͔Ͳ͏͔ ALBͷλʔήοτ͸ HTTPS Ͱͷ௨৴͕Մೳ λʔήοτଆͷূ໌ॻ͸ݕূ͞Εͳ͍ ূ໌ॻͱ໊લͷҰகɺ༗ޮظݶ͸ݕূ͞Εͳ͍ͷͰࠓͷ··ͰOK ̔
    ׉ךתת)5514ד「ֽ׷ֿהח׃׋

34. "-#׾Ⰵ׸׷ח֮׋׏ג䗳銲זֿה ؙٔؒأز⯋*1،سٖأ׾姻׃ֻ钠陎ׅ׷ ͳʹ΋͠ͳ͍ͱϦΫΤετݩ͕ ALB ͷϓϥΠϕʔτIPΞυϨεʹ ϩάه࿥΍ΞΫηε੍ݶʹࢧো͕ग़Δ ϩάه࿥΍ΞΫηε੍ޚΛ X-Forwarded-For ϔομͰߦ͏ʁ طଘઃఆΛશ෦ॻ͖׵͑Δͷ͸

    ! mod_remoteip (Apache 2.4͔Βඪ४) Apache 2.2༻ github.com/ttkzw/mod_remoteip-httpd22 mod_rpaf Apache 2.2༻ github.com/ttkzw/mod_rpaf-0.6 3 3 https://heartbeats.jp/hbblog/2012/03/mod-rpaf.html

35. NPE@SFNPUFJQ
    PS
    NPE@SQBG
    NPE@SFNPUFJQ ௨ৗΞΫηεͰ͸IPΞυϨε͕औಘͰ͖͕ͨ ALBܦ༝Ͱ svn checkout ͢Δͱ ALB ͕ 502

    Bad Gateway Λฦ͢ ApacheଆͰ͸200Λฦ͍ͯ͠Δ͕ɺBASICೝূ௨աޙͷΞΫηε ϩά͕͓͔͍͠ (IPΞυϨε෦෼͕ۭཝ΍ "s_") 192.0.2.41 - - [27/Jun/2019:15:45:24 +0900] "OPTIONS /svn/xxx HTTP/1.1" 401 - fujiwara [27/Jun/2019:15:45:24 +0900] "OPTIONS /svn/xxx HTTP/1.1" 200 s_ - fujiwara [27/Jun/2019:15:45:24 +0900] "OPTIONS /svn/xxx HTTP/1.1" 200 NPE@SQBG svn checkout ΋໰୊ͳ͘ಈ࡞ͨͨ͠Ί mod_rpaf ʹܾఆ

36. ֿך״ֲזذأز׾וֿדװ׷ַ ͜ͷ EC2 Πϯελϯε͸Ұ఺΋ͷ ΠϝʔδΛऔಘͯ͠ผΠϯελϯεΛཱͯͯςετ͕ͨ͠… ՔಇதͷΠϯελϯε͔Β࡞ͬͨAMIΛىಈ→౰વ crond ΋ىಈ cron ͷॲཧ͕ෳ੡͞ΕͨΠϯελϯεͰ΋ಉ࣌ʹ࣮ߦ͞ΕΔ

    (ྫ) ֎෦αʔόʔʹϑΝΠϧΛίϐʔ͢Δॲཧ͕ڝ߹ 侄鎮
    ♧挿׮ך؎ٝأةٝأ׾醱醡׃׋׵DSPOEכ⽯⨡姺 Ϣʔβఆٛͷ cron ͱ͔ࢥΘ͵΋ͷ͕ಈ͍͍ͯͨΓ͢Δ…

37. 湡垥չ
    5-4
    穄畭׾وط٦آس؟٦ؽأ⻉պ麦䧭
    

38. أزٖ٦آ׾
    "NB[PO
    &'4
    
    4
    פ ͜Ε·Ͱγϯάϧߏ੒ͩͬͨࠜຊݪҼ ʹ EBSʹϑΝΠϧ͕͋Δ EBS ্ͷϑΝΠϧ͸ Amazon EFS (ϚωʔδυNFS) ΍

    S3 ʹҠ͢ AZ ো֐ʹ΋଱͑ΒΕΔ

39. أزٖ٦آך獳遤⯓׾黝ⴖח鼅䫛ׅ׷ ؿ؋؎ٕׄׯזְהְֽזְ׮ך SVNɺRedmine ͷఴ෇ϑΝΠϧͳͲ ΞϓϦέʔγϣϯʹखΛೖΕΒΕͳ͍ → &'4 ،فٔ؛٦ءّٝ׾剅ֹ䳔ִ׵׸׷׮ך NoPaste, ࣾ಺Gyazo͸ࣗ࡞

    → 4
    ׾⢪ֲ״ֲח؝٦س⥜姻 ׮ֲ刿倜ׁ׸זְֽו⿫撑׌ֽ׃׋ְ׮ך IRCͷաڈϩάͱશจݕࡧɻ߹ܭ਺GBఔ౓ → ؝ٝذش؎ً٦آחر٦ة׾搶ֹ鴥׿ד׃תֲ

40. أزٖ٦آָ䗳銲זְ،فٔ؛٦ءّٝ׾&$4⻉ ALB ͷϦεφʔϧʔϧͰ ECS ʹৼΓ෼͚Δ

41. أزٖ٦آח4׾⢪欽ׅ׷،فٔ؛٦ءّٝ׾&$4⻉

42. ؿ؋؎ַٕ׵4פ NoPaste, Gyazo ͸ϑΝΠϧಡΈॻ͖෦෼ΛS3ʹมߋ #FGPSF POST: ϑΝΠϧʹอଘ GET: ϑΝΠϧ͔ΒಡΈग़ͯ͠ฦ͢ "GUFS

    POST: S3ʹอଘ GET: S3ʹଘࡏͨ͠Βฦ͢ S3ʹଘࡏ͠ͳ͔ͬͨΒϑΝΠϧʹfallback ৽ن౤ߘ͸S3ɺطଘͷ౤ߘ͸ϑΝΠϧࢀরʹͳΔͷͰ ·ͣ EC2 ্ͰՔಇதͷΞϓϦέʔγϣϯΛࠩ͠ସ͑Δ

43. ؿ؋؎ַٕ׵4פ ৽ن౤ߘ͸S3ɺطଘͷ౤ߘ͸EBS্ͷ ϑΝΠϧࢀরʹͳ͍ͬͯΔ ͜ͷঢ়ଶͰϑΝΠϧΛS3ʹίϐʔ͢Ε ͹ɺશͯͷϦΫΤετΛS3ͰॲཧͰ͖Δ Α͏ʹͳΔ S3΁ͷίϐʔ͕ऴΘΕ͹ɺΞϓϦέʔ γϣϯΛEC2͔ΒECSʹҠಈͰ͖Δ

44. 謬ղ孡בְגְ׋ֿה ϑΝΠϧ͕1σΟϨΫτϦʹ֊૚Λ੾Βͣʹอଘ͞Ε͍ͯΔ (໿100ສݸ) ݩʑ͸ݹ͍ϑΝΠϧ͸࣌ݶͰফ͢ӡ༻ͩͬͨͷͰϑϥοτͰΑ ͔ͬͨ → ෆศͳͷͰফ͢ͷΛ΍ΊͨΒ…

45. ؿ؋؎ָٕر؍ؙٖزٔח㣐ꆀח֮׶ֺׅ׷ה MT
    ָדֹזְ ls ίϚϯυ͸ϑΝΠϧͷҰཡΛιʔτͯ͠ฦ͢ શϑΝΠϧͷϝλσʔλΛಡΈग़͔ͯ͠ΒͰͳ͍ͱؼͬͯ͜ͳ͍ 1SPUJQ
    OE
    ׾⢪ֲ find ίϚϯυ͸σΟϨΫτϦΤϯτϦΛḷͬͯɺݟ͔ͭͬͨ΋ͷ ͔Βදࣔ͢ΔͷͰϑΝΠϧ໊ΛॱʹදࣔͰ͖Δ /21604557d4

    → /21/60/4557d4 ͷΑ͏ʹ֊૚Λ࡞ͬͯίϐʔ͢Δ GoͷπʔϧΛॻ͍ͯ S3 ΁ίϐʔ

46. ׌׿׌׿&$ָ鯪ֻז׏גֹ׋

47. הֿ׹ד˘
    钠鏾כוֲׅ׷ ࣾ಺πʔϧͳͷͰೝূ͕ඞਢ ࠷ۙ৽نʹ࡞ΒΕͨΞϓϦέʔγϣϯ͸ G Suite ͷΞΧ΢ϯτΛ ࢖ͬͨೝূΛ͍ͯ͠Δ SVN ͸ htpasswd

    Ͱͷ BASIC ೝূ Redmine ͸ htpasswd Λ࢖༻͢ΔೝূϓϥάΠϯ(ࣗ࡞) NoPaste, Gyazo ͷӾཡ΋ BASIC ೝূ IUQBTTXE ؿ؋؎ٕ
    ָ㣐窟♧ػأٙ٦سر٦ةك٦أ શࣾతʹ G Suite Λಋೖ͍ͯ͠ΔͷͰɺدͤΔͳΒ͕ͩ͜͜… Redmine ͷ͘͝Ұ෦Λ࢖͏͚ͩͷਓ΋͍ΔͨΊɺશһʹ G Suite ΞΧ΢ϯτൃߦ͸೉͍͠… !

48. 钠鏾׾וֲׅ׷ ࣾһ(G SuiteΞΧ΢ϯτΛ͍࣋ͬͯΔ)Λલఏͱͯ͠Α͍ͱ͜Ζ͸ ALB ͷػೳͰ OIDC ೝূ͕Ͱ͖Δ → IRC աڈϩάʹద༻

    ͦΕҎ֎͸ htpasswd Λ౰໘࢖͍ଓ͚Δ͔͠ͳ͍… IUQBTTXEؿ؋؎ٕ׾
    &$
    &$4
    דず劍ׅ׷➬穈׫׾罋ִ׷

49. IUQBTTXEך盖椚 ݱঢ়ͷ htpasswd ΞΧ΢ϯτ؅ཧϚχϡΞϧ(ཁࢫ) 1. EC2 ʹ ssh ͠·͢ 2.

    ࡞ۀલʹϑΝΠϧΛ೔෇Λ໊͚ͭͨલͰόοΫΞοϓ͠·͢ʂ (ྫ) htpasswd.20190831 3. ΞΧ΢ϯτ࡞੒ : htpasswd ίϚϯυͰIDͱϋογϡԽ͞Εͨύ εϫʔυΛ௥Ճ͠·͢ʂʂ ΞΧ΢ϯτ࡟আ : vi ͰϑΝΠϧͷ౰֘ߦΛ࡟আ͠·͢ʂʂʂ ⟀ㄤחֿ׸כ׍׳׏ה

50. ׇ׭גٔهآزٔד㾶娖盖椚 1. GitHubͷϓϥΠϕʔτϦϙδτϦͰ htpasswd ϑΝΠϧΛ؅ཧ 2. ௥Ճ࡟আ͸ϒϥϯνΛ੾ͬͯฤूޙʹίϛοτ 3. ໰୊ͳ͚Ε͹ master

    ʹ merge ͢Δ 4. &$
    
    &$4
    חז׿הַ׃גず劍ׅ׷ ͳΜͱ͔……?

51. $JSDMF$*
    דرفٗ؎ htpasswd ϑΝΠϧΛอଘ͢Δ S3 bucket Λ༻ҙ CircleCI Ͱ workflow Λ࣮ߦ͢Δ

52. 1. S3 ʹϑΝΠϧΛΞοϓϩʔυ 2. EC2 ʹ SSM(Systems Manager) run command

    Λൃߦ͠ EC2 ্Ͱ S3 ͔Βऔಘ͢ΔίϚϯυΛ࣮ߦ 3. ECS αʔϏεΛߋ৽ͯ͠λεΫΛೖΕ׵͑ ίϯςφ͸ىಈ࣌ʹ S3 ͔ΒϑΝΠϧΛऔಘޙɺϓϩηεΛى ಈ͢ΔΑ͏ʹ࡞͓ͬͯ͘
53. None

54. رفٗ؎ؿٗ٦侭⪒ד罋ִ׷ֿה 㹋ꥷך⡲噟罏ח䫺䫑כזְַ ϦϙδτϦͰ؅ཧͯ͠ CircleCI ͔ΒσϓϩΠ͸ී௨ʹ΍͍ͬͯΔ Route53 ͷ DNS؅ཧ(Roadworker), IAM Ϣʔβ؅ཧ(miam)

    荈ⴓ⟃㢩ח䪔ִ׷ַ CircleCI ͸ଞͷϓϩδΣΫτͰ΋શ໘తʹҠߦத ϦϙδτϦ಺ͷscriptΛୟ͘ॲཧ͕ॱ൪ʹॻ͍ͯ͋Δ͚ͩ 毙穠さַ σϓϩΠର৅ଆ͸֤ࣗͰ S3 ͔Βऔಘ͢Δ pull ܕ σϓϩΠର৅͕૿͑Δ → ௨஌ର৅͕૿͑Δ͚ͩ ฒྻԽ΍εέʔϧ͕༻ҙ

55. ꟣鑧⠅겗

56. &#4׾װ׭גְֻ "NB[PO
    &'4
    &MBTUJD
    'JMF
    4ZTUFN NFSv4 ͰΞΫηε͢ΔϑϧϚωʔδυͳωοτϫʔΫετϨʔδ ಉ࣌ʹෳ਺ͷEC2͔ΒϚ΢ϯτՄೳ ෳ਺ AZ Ͱσʔλ͕อ࣋͞ΕΔͷͰ AZ

    ো֐ʹ΋ڧ͍ Ͳ͏ͯ͠΋σʔλอଘʹϑΝΠϧΛ࢖Θͳ͍ͱ͍͚ͳ͍ɺखΛೖ ΕΒΕͳ͍ΞϓϦέʔγϣϯͷσʔλΛอଘ͢Δ੾Γࡳ

57. &#4
    ̔
    &'4
    ر٦ة؝ؾ٦ EC2 ্Ͱ EFS ΛϚ΢ϯτɻrsync -a Ͱίϐʔ ϑΝΠϧૢ࡞ͷϨΠςϯγ͕ൺֱతେ͖͍ͨΊɺrsyncΛฒྻʹෳ ਺૸ΒͤΔ΄͏͕ίϐʔ࣌ؒΛ୹ॖͰ͖Δ ੾Γସ͑͸ଟগͷμ΢ϯλΠϜΛड͚ೖΕΕ͹؆୯

    1.ΞϓϦέʔγϣϯՔಇதʹrsyncͰॳظಉظ 2.ΞϓϦέʔγϣϯఀࢭ 3.rsync Ͱࠩ෼Λ൓ө 4.EC2 ͷϚ΢ϯτϙΠϯτΛ EBS ͔Β EFS ʹ੾Γସ͑Δ 5.ΞϓϦέʔγϣϯىಈ

58. &'4
    ך؝أز ετϨʔδλΠϓ ୯Ձ EFS ඪ४ετϨʔδ (GB-݄) 0.36USD4 EFS ௿ස౓ΞΫηεετϨʔδ (GB-݄)

    0.054USD EFS ௿ස౓ΞΫηεϦΫΤετ (స ૹ GB ͋ͨΓ) 0.012USD EBS (GP2) GB-݄ 0.12USD Ծʹ1TBΛอଘ͢Δͱ EBS 13,000ԁ/݄ EFS 39,000ԁ/݄ 4 ͢΂ͯ౦ژϦʔδϣϯͷՁ֨

59. &'4
    כ؝أزָ넝ְ ඪ४ετϨʔδͷGB୯Ձ͸ EBS ͷ3ഒ(!!)͕ͩ &#4כ然⥂׃׋㺁ꆀד铬ꆃׁ׸׷ 1TBͷEBSΛ༻ҙͨ͠ΒதʹԿ΋ೖΕͳͯ͘΋1TB෼ &'4כ㺁ꆀ׾然⥂ׅ׷䗳銲ָזְ ࣮ࡍʹϑΝΠϧΛอଘͨ͠༰ྔͷΈ EBS͸༨༟Λݟͯ༰ྔΛ֬อ͢Δ͜ͱ͕ଟ͍ ࢖༻཰

    50% Ͱ֬อ͢Δͱ࣮ࡍʹ͸ 1.5ഒ

60. &'4
    ⡚걼䏝،ؙإأأزٖ٦آ ҰఆظؒϑΝΠϧͷ಺༰ʹΞΫηε͞Εͳ͔ͬͨ΋ͷΛࣗಈతʹ ௿ස౓ΞΫηεετϨʔδʹҠߦͰ͖Δ ඪ४ετϨʔδΑΓ໿85%҆͘ɺEBS ͷ൒ֹҎԼ σʔλΞΫηεͰ0.012USD/GB՝ۚɺϨΠςϯγ͕େ͖͘ͳΔ ͘͝Ұ෦͚ͩΞΫςΟϒͳϦϙδτϦɺݹ͍΋ͷ͸ΊͬͨʹΞΫ ηε͞Εͳ͍Redmineͷఴ෇ϑΝΠϧΛஔ͘ͷʹ͸࠷దʂ

61. غحؙ،حف AWS Backup ͰऔΕ·͢ EBS ΋ EFS ΋౷Ұతʹεφοϓγϣοτ͕औಘͰ͖Δ ϑΝΠϧૢ࡞Λޡͬͯ΋εφοϓγϣοτ͔Βͷ෮چ͕Մೳ

62. &$
    ַ׵
    &'4
    ׾ⵃ欽ׅ׷ ϗετ্Ͱ NFSv4 ͱͯ͠Ϛ΢ϯτ͢Δɻamazon-efs-utilsΛ࢖͑ ͹͘͝؆୯ # yum install -y amazon-efs-utils

    # mount -t efs fs-12345678:/ /mnt/efs

63. &$4
    ַ׵
    &'4
    ׾ⵃ欽ׅ׷ EC2 Ͱ EFS Ϛ΢ϯτ ʴ ECS ͷλεΫఆٛͰϗετΛϚ΢ϯτ ௚઀ ECS

    λεΫ͔Β EFS Ϛ΢ϯτ͸ݱ࣌఺Ͱ͸Ͱ͖ͳ͍ { "taskDefinition": { "volumes": [{ "host": {"sourcePath": "/mnt/efs"}, "name": "efs" }], "containerDefinitions": [{ "name": "httpd", "mountPoints": [{ "sourceVolume": "efs", "readOnly": false, "containerPath": "/efs" } ]

64. &$4
    'BSHBUF
    ַ׵
    &'4
    ׾ⵃ欽ׅ׷ Fargate Λར༻͢Δ৔߹ &'4
    כ⢪ִתׇ׿ 植㖈 Ͳ͏ͯ͠΋EC2Πϯελϯε্ͰλεΫΛىಈ͢Δඞཁ͕͋Δ ׈מ׫זׁ׿ד"84ח銲劄׾˘

65. ֿֿתד穄׻׸ל&$ָ瑞׏שח 劢㸣

66. չ&$
    ءؚٕٝ圓䧭׾膴׃ג㛙暕חպ麦䧭 ALB, ECS, RDS, EFS, S3 ͕ Multi-AZ Ͱಈ࡞͍ͯ͠Δ չٔهآزٔד盖椚ׁ׸גזְ鿇ⴓ׾噰⸂זֻׅպ麦䧭

    htpasswdϦϙδτϦ؅ཧ + ECS + Terraform չ植㖈ך&$׾זֻׅպ麦䧭 EC2͸ۭͬΆͳͷͰࢭΊΒΕΔ !

67. תה׭ EC2 γϯάϧߏ੒ɺྺ࢙͕٧·ͬͨϨΨγʔͳαʔόʔΛ ϚωʔδυαʔϏεʹ෼ղͯ͠࠶ߏங͍ͯ͠·͢ ֎քͱͷ઀఺ɺσʔλอ࣋͸ϚωʔδυαʔϏεͰ (ELB, RDS, S3, EFS...) ఆظతʹγεςϜͱۀ຿Λݟ௚͠

    ҡ࣋͢Δ΋ͷɺ੾ΓࣺͯΔ΋ͷΛܾΊΔͷ͸େࣄ ϝϯςͰ͖Δ࢓૊ΈͰ࡞Γ௚͢ͷ΋େࣄ