このConsulがすごい!/consul is great!

Transcript

1. ͜ͷConsul͕͍͢͝ தԝઢMeetup #1 2018/08/03 (ۚ) ໦ར༑Ұ @kiririmode

2. ࣗݾ঺հ ɾLJSJSJNPEF
   ɾ൒೥ؒ࢓ࣄΛ΍͢Έ

   
   
   ͚͍ͭͮͯΔ

3. ࣗݾ঺հ ɾ͗ͬ͘Γࠊ ͳ͓ͬͨ͸ͣͩͬͨ

4. ࠓ೔ͷςʔϚ $POTVM

5. ࠓ೔ͷςʔϚ ఻͍͑ͨ ೤͍૝͍

6. ConsulͬͯͳΜ΍ HashiCorp͕ͭͬͯ͘Δɺ
 ࣗ཯෼ࢄγεςϜ༻ͷ
 Swiss-Army-Knife IUUQTXXXWJDUPSJOPYDPNHMPCBMFO1SPEVDUT4XJTT"SNZ,OJWFT-BSHF1PDLFU,OJWFT8PSL$IBNQQ
   ΑΓ

7. ConsulͰԿ͕Ͱ͖ΔΜ΍ • Ϋϥελߏஙɺϝϯόγοϓ؅ཧ • ϔϧενΣοΫ • αʔϏεσΟεΧόϦ • K/V ετΞ

   • ෼ࢄΠϕϯτॲཧ • ෼ࢄϩοΫ/෼ࢄηϚϑΥ • αʔϏεؒ௨৴ͷAuth(N/Z)΍௨৴҉߸Խ (mTLS) • ଞProductͱ૊Έ߹ͤΔͱ͞ΒͳΔՄೳੑ

8. ConsulͷԿ͕͍͔͢͝ • SPoFͷͳ͍ΞʔΩςΫνϟ • ݸʑͷϊʔυͰͷࣗ཯తͳނোݕग़ͱϝϯόγοϓ؅ཧ • ࣗ཯෼ࢄతͳϦʔμʔબग़ͱ߹ҙܗ੒ • ϊʔυؒͰͷ(ڧ|݁Ռ)੔߹ੑΛ࣋ͬͨ৘ใڞ༗ ੲʹࢥ͍ඳ͍͍ͯͨ
   

   ࣗ཯෼ࢄγεςϜͷະདྷ ଟ਺ͷϊʔυ͕
 ʮάϧʔϓʯΛܗ੒͢Δͱ͜Ζʹ͸׆༂ͷ৔͕͋Δ όΠφϦͰ
   ഑෍Մೳ

9. Consul͕ඞཁͱͳΔഎܠ • ಈతͳϊʔυ௥Ճ/࡟আ͕ΨϯΨϯى͜Γ
 ͯΜ΍ΘΜ΍͢Δ • MicroServices • Auto Scaling •

   Node ނো • ͦΜͳ؀ڥͰ͋ͬͯ΋ϊʔυ͸
 ڠௐ͠ԿΒ͔ͷ໨తΛՌͨ͞Ͷ͹ͳΒ͵ զʑͱ͓ͳ͡Ͱ͸
   

10. ͜ͷ໰୊ʹ: ਓྨ͸ز౓ͱͳ͘௅ઓ͠
    ഊ๺Λ܁Γฦ͖ͯͨ͠

11. ࣦഊͷຊ࣭ ೔ຊͷେ౦ѥઓ૪࢙ΛࣾձՊ ֶతʹݟ௚ͯͦ͠ͷഊ๺ͷ࣮ ମΛ໌Β͔ʹ͢Ε͹ɺͦΕ͸ ഊઓͱ͍͏൵ࢂͳܦݧͷ͏͑ ʹங͔Εͨฏ࿨ͱൟӫΛڗड ͖ͯͨ͠ΘΕΘΕͷੈ୅ʹͱͬ ͯɺ͖ΘΊͯେ͖ͳҙຯΛ࣋ ͭ͜ͱʹͳΔͷͰ͸ͳ͍͔ (͸͕͖͠)

12. ࣦഊͷຊ࣭ •աڈͷ੒ޭମݧʹաదԠ͠ ͯ͠·͍ৗʹมಈ͍ͯ͠ ͘ઓ৔ɾઓگʹॊೈʹద Ԡ͍ͯ͘͜͠ͱ͕Ͱ͖ͳ͔ ͬͨ

13. େ੾ͳ͜ͱ • มಈ͍ͯ͠Δ؀ڥʹ͓͍ͯ΋
 ඞཁͱ͢Δਖ਼͍͠৘ใ͕֤ࣗͰ ಘΒΕΔ͜ͱ

14. None

15. ΞʔΩςΫνϟ • Agentܕɻ֤ϊʔυʹΠϯετʔϧ͢Δɻ • Agentʹ͸ServerɺClientͷ2छྨ͕ଘࡏ͢Δ • Client͸: • ࣗϊʔυࣗ਎ͱࣗϊʔυ্ͷαʔϏεΛ؂ࢹ •

    GossipingʹΑΓಈతʹΫϥελΛߏ੒ • 1Ϋϥελ͋ͨΓ਺୆ʙ਺ઍor਺ສ୆ • Server͸: • Client͔Βͷ৘ใΛ΋ͱʹΫϥελϨϕϧͷ৘ใΛ·ͱΊͯอ࣋ • 1Ϋϥελ͋ͨΓ3୆͋Δ͍͸5୆͕جຊ /PEF JOTUBMM

16. $POTVM
    $MVTUFS
    ED ΞʔΩςΫνϟ - Server/Client • RaftΛ࢖͍ΫϥελશମʹؔΘΔσʔλΛ
 ੔߹ੑͷऔΕͨܗͰอ࣋ɾڞ༗ $POTVM
    $MVTUFS
    ED

    $POTVM
    4FSWFST $POTVM
    "HFOUT • Agent͕Service/NodeͷϔϧενΣοΫ • Service/Nodeεςʔλεɺϝϯόγοϓतड • ΫϥελϨϕϧͷ৘ใ͸Serverʹ໰߹ͤ $POTVM
    4FSWFST $POTVM
    "HFOUT • Raft: ίϯηϯαεϓϩτίϧ • αʔόؒͰͷ౤ථʹΑΓϦʔμʔΛબग़ • Ϧʔμʔ͸αʔόͷ߹ҙΛܦͨΫϥελ಺ͷ ঢ়ଶ/৘ใΛଞαʔόʹϨϓϦέʔγϣϯ • ผDC্ͷαʔόͱ΋GossipingͰ৘ใΛڞ༗ ɾ/PEF4FSWJDF
    4UBUVT
    ɾ,FZ7BMVF
    4UPSF
    ɾFUD - (PTTJQJOH
    48*. 3BGU - "OUJ&OUSPQZ ਪ঑
    ʙDMVTUFS

17. ΞʔΩςΫνϟ - ໰͍߹ΘͤͷྲྀΕ $POTVM
    $MVTUFS
    ED $POTVM
    4FSWFST $POTVM
    "HFOUT - - ೚ҙͷαʔόʹ໰͍߹Θͤ

    Ϧʔμʔʹ໰͍߹Θͤ • ໰͍߹Θͤʹ͸Ϧʔμʔ͕ճ౴ • ڧ੔߹ੑΛอ࣋ • ҰํͰΫϥελϫΠυͷσʔλ͸ଞαʔ ό΋อ࣋ • RaftͷϨϓϦέʔγϣϯܦ༝ • Ϧʔμʔ͕ࢮΜͰ΋੾ସ͑Ε͹ྑ͍ ͨͩ͠ɺαʔϏεσΟεΧόϦ͸
 σϑΥͩͱ݁Ռ੔߹ੑɻ͜ͷ͋ͨΓ͸ઃఆՄ
    /P
    41P' 
    DPOTVM
    LW
    HFU
    SFEJTDPOpHDPOO

18. ཁ͢ΔʹConsulͱ͸ • ෼ࢄ؀ڥʹ͓͍ͯ • SPoFͳ͠ʹ • ੔߹ੑΛ࣋ͬͨ৘ใΛ • ڞ༗Ͱ͖Δ

19. ConsulͰͰ͖Δ͜ͱΛ ΫϥελͰڞ༗͢Δσʔλ͔Βߟ͑ͯΈΔ

20. αʔϏεͷࢮ׆৘ใͷڞ༗ • ໰୊ • web͔ΒaccountαʔϏεʹAPI call͍ͨ͠ • web͸ͲͷIPΞυϨεʹAPIΛૹΕ͹ྑ͍͔ • ͨͩ͠

    accountαʔϏε਺͸ࣗಈతʹ૿ݮ͢Δ΋ͷͱ͢Δ XFC BDDPVOU BDDPVOU BDDPVOU

21. αʔϏεͷࢮ׆৘ใͷڞ༗ • ໰୊ • web͔ΒaccountαʔϏεʹAPI call͍ͨ͠ • web͸ͲͷIPΞυϨεʹAPIΛૹΕ͹ྑ͍͔ • ͨͩ͠

    accountαʔϏε਺͸ࣗಈతʹ૿ݮ͢Δ΋ͷͱ͢Δ XFC BDDPVOU BDDPVOU BDDPVOU -#ͷ7*1 -# ɾ-#͕41P'ʹͳͬͪΌ͏ʜ
    
    ˠ-#Λ)"ʹ͢Δͱ·ͨ৭ʑ໘౗ʹʜ
    ɾBDDPVOUαʔϏε͕૿ݮͨ͠ͱ͖ͷ-#ϧʔϧ൓өͲ͏͢Δʜ
    ɾଞαʔϏε͕௥Ճ͞Εͨͱ͖-#͸଱͑ΒΕΔʜ

22. αʔϏεͷࢮ׆৘ใͷڞ༗ • ໰୊ • web͔ΒaccountαʔϏεʹAPI call͍ͨ͠ • web͸ͲͷIPΞυϨεʹAPIΛૹΕ͹ྑ͍͔ • ͨͩ͠

    accountαʔϏε਺͸ࣗಈతʹ૿ݮ͢Δ΋ͷͱ͢Δ XFC BDDPVOU BDDPVOU BDDPVOU BDDPVOUTFSWJDFDPOTVM  "HFOUʹzBDDPVOUzαʔϏεͷଘࡏΛొ࿥
     IFBMUIZͳαʔϏεΛ࣋ͭϊʔυΛ%/4)551ͰDPOTVMʹ໰߹ͤ 
    EJH
    TIPSU
    BDDPVOUTFSWJDFDPOTVM
    
    
     3PVOE
    3PCJOͰฦͬͯ͘ΔͷͰɺෛՙ෼ࢄ΋༰қ

23. Service Discoveryͷ໰߹ͤΫΤϦΛڞ༗ • ໰୊ • DC1ͷPostgreSQL(pg)͕౗ΕͨΒDC2ͷpgʹFailover͍ͨ͠ QH QH BDDPVOU %$

    %$

24. 1. Prepared QueryΛొ࿥
 
 
 
 
 
 
 2.

    Prepared QueryΛར༻ͯ͠DNS lookup 
    DVSM
    ŠSFRVFTU
    1045
    ŠEBUB
    b\
    
    
    l/BNFz
    lQHGBJMPWFSz
    
    
    l4FSWJDFz
    lQHz
    
    
    l'BJM0WFSz
    \
    
    
    
    
    l%BUBDFOUFSTz
    <lEDz
    lEDz>
    
    
    ^
    ^`
    IUUQWRVFSZ ೚ҙͷϊʔυʹొ࿥͓͚ͯ͠͹ɺ
 Ϋϥελશମʹ఻ൖ͢Δ 
    EJH
    TIPSU
    QHGBJMPWFSRVFSZDPOTVM
    %JTDPWFSZઌ
     ϩʔΧϧͳ%$಺ͷ1(
     ED಺ͷ1(
     ED಺ͷ1( 1SFQBSFE
    2VFSZͷ5FNQMBUFػೳΛ࢖͑͹ɺ
    Ұʑ֤αʔϏε༻ʹ2VFSZΛॻ͔ͳͯ͘΋ͭͷ
    2VFSZ͚ͩͰ'BJMPWFSΛ࣮ݱͰ͖·͢ Service Discoveryͷ໰߹ͤΫΤϦΛڞ༗

25. ઃఆ৘ใͷڞ༗ • ໰୊ • ಈతʹ૿ݮ͢ΔϊʔυؒͰઃఆ৘ใΛڞ༗͍ͨ͠ • ઃఆ৘ใ͕มߋ͞ΕͨΒ௨஌ͯ͠΄͍͠ 
    DPOTVM
    LW
    QVU
    SFEJTDPOpHDPOO
     - ,FZ7BMVFͷ஋Λڞ༗

    
    DPOTVM
    LW
    HFU
    SFEJTDPOpHDPOO 
    DPOTVM
    XBUDI
    UZQFLFZQSFpY
    
 QSFpY
    SFEJT
    TDSJQUTIBOEMFSTI SFEJT഑Լͷ஋͕มΘͬͨΒ
 ϋϯυϥ࣮ߦ

26. ϩοΫͷڞ༗ • ໰୊ • N୆ͷMWΛৗ࣌Քಈ͍͕ͤͨ͞ɺ
 Մ༻ੑͷͨΊʹ͞Βʹ1୆ΛHot Standby͓͖͍ͤͯͨ͞ 
    DPOTVM
    MPDL
    O
    MPDLLFZ
    `QBUIUPNXTUBSUTI
    IPHF` .8ىಈ .8ىಈ

    ϩοΫղআ͸ɺϊʔυͷނো-FBEFSมߋ౳Ͱൃੜɻ
    
    
    
    
    αϒϓϩηεʹ͸4*(5&3.ˠඵˠ4*(,*--
    PO
    -JOVY 
    DPOTVM
    MPDL
    O
    MPDLLFZ
    `QBUIUPNXTUBSUTI
    IPHF` 
    DPOTVM
    MPDL
    O
    MPDLLFZ
    `QBUIUPNXTUBSUTI
    IPHF` ϩοΫ͕֎ΕΔ·Ͱ଴ػɻ
 ֎ΕͨλΠϛϯάͰίϚϯυ࣮ߦɻ ϩοΫऔಘ༻ͷΩʔ ϩοΫऔಘ੒ޭ࣌ʹ࣮ߦ͞ΕΔίϚϯυ

27. ূ໌ॻ/ൿີ伴ͷڞ༗ • ໰୊ • αʔϏεؒ௨৴Λ҉߸Խ͢Δͱͱ΋ʹೝূɾೝՄΛߦ͍͍ͨ
 (TLS encryption + auth(n|z)) TJEFDBS
    

    QSPYZ "1*
    $BMM
    UP
    
 BOPUIFS
    TFSWJDF DFSU
    BVUI[ TJEFDBS
    QSPYZ DFSU
    BVUI[ XJUI
    FODSZQUJPO
    
 \DMJFOU TFSWFS^DFSU  $POTVM
    $POOFDU
    Λ༗ޮԽ
     αʔϏεؒ௨৴ͷϧʔϧઃఆ 
    DPOTVM
    JOUFOUJPO
    DSFBUF
    BMMPX
    XFC
    BDDPVOU ɾ$POTVM͕ূ໌ॻͱϧʔϧ *OUFOUJPO Λڞ༗
    ɾ$POTVMʹରԠͨ͠1SPYZ͕ྑ͠ͳʹ

    
    
    5-4ɺ"VUI[Λѻͬͯ͘ΕΔ XFC BDDPVOU

28. ·ͱΊ • Consul͸෼ࢄ؀ڥͰ৘ใڞ༗Λߦ͏ͨΊͷπʔϧ • ڞ༗͢Δ৘ใʹΑͬͯϢʔεέʔεͷ੄໺͕޿ ͕Δ • ୯ମͰ΋: • Service

    Discovery, KV Store(Deployment, Feature Toggle, etc.), Service Mesh, etc. • ଞϓϩμΫτͱͷ૊Έ߹Θͤ: • consul-template, consul-esm, fabio, envoy