コンテナ基盤を支えるHashiCorpソフトウェア / HashiCorp Softwares on Container Base

Transcript

1. খా
   ஌ԝ
   
   (.0
   1FQBCP
   *OD
   
   %FW0QTΛࢧ͑Δࠓ࿩୊ͷ)BTIJ$PSQπʔϧ܈ʹ͍ͭͯ
   )BTIJ$PSQ
   .FFUVQ
   SE ίϯςφج൫Λࢧ͑Δ
   )BTIJ$PSQ
   ιϑτ΢ΣΞ

2. )BTIJ$PSQ
   .FFUVQ
   SE (.0
   ϖύϘ
   ϓϦϯγύϧ
   ΤϯδχΞ !MJOZPXT CMPH
   UPNPIJTBPEBDPN

3. )BTIJ$PSQ
   .FFUVQ
   SE ࠷ۙͷ͓࢓ࣄ ϖύϘݚڀॴͱ۝भେֶ͕ڞಉݚڀ

4. )BTIJ$PSQ
   .FFUVQ
   SE দຊ
   ྄հʹΑΔ࿦จʢ%*$0.0
   ༧ߘʣਫ਼៛ʹ੍ޚՄೳͳ߃ৗੑͷ͋ΔߴूੵϚϧνΞΧ΢ϯτܕͷϝʔϧج൫
   IUUQTSBOEQFQBCPDPNQBQFSTEJDPNPQSPDFFEJOHNBUTVNPUPSZQEG ࠷ۙͷ͓࢓ࣄ ओʹ'BTU$POUBJOFSʹΑΔϝʔϧج൫ݚڀ։ൃɺ࠷࣮ۙ૷ྫΛ(JU)VCͰެ։ IUUQTHJUIVCDPN'BTU$POUBJOFS

5. )BTIJ$PSQ
   .FFUVQ
   SE ࠷ۙͷ͓࢓ࣄ 7BVMUͷ8PSLTIPQΛࣾ಺޲͚ʹ։࠵ɻҎԼ͸ͦͷ঺հهࣄ IUUQTUFDIQFQBCPDPNWBVMUXPSLTIPQ

6. )BTIJ$PSQ
   .FFUVQ
   SE 8&# %#
   13&44
   WPM
   )BTIJ$PSQ
   7BVMUͷهࣄدߘ ෱Ԭͷ(PMBOHίϛϡχςΟ
   'VLVPLBHPͷओ࠵ͷਓ MJOVYϢʔβͷ໊લղܾΛ
   (JU)VC͔ΒϚοϐϯά͢Δ
   ιϑτ΢ΣΞͷ։ൃ

7. )BTIJ$PSQ
   .FFUVQ
   SE ίϯςφج൫Λࢧ͑Δ)BTIJ$PSQ
   ιϑτ΢ΣΞ

8. )BTIJ$PSQ
   .FFUVQ
   SE ๏ Ұൠతͳ,VCFSOFUFT΍%PDLFS͸࢖͍ͬͯ·ͤΜ
   
   ๏ -9%ͷΑ͏ͳγεςϜίϯςφͰ΋͋Γ·ͤΜ
   
   ๏ ಠࣗίϯςφ؀ڥΛఏڙ͢Δଆͷ࿩Ͱ͢
   ๏ 0PIPSJ΍'BTU$POUBJOFSɺ)BDPOJXBΛ࢖͍ͬͯ·͢ લఏ
   ίϯςφج൫ͱ͍ͬͯ΋ʜ

9. )BTIJ$PSQ
   .FFUVQ
   SE 0PIPSJ
   
   'BTU$POUBJOFS
   )BDPOJXB
   ☺

10. )BTIJ$PSQ
    .FFUVQ
    SE 0PIPSJ
    
    'BTU$POUBJOFS
    )BDPOJXB
    ☺☺☺☺☺ ͜ΕΒ͸ಠࣗ։ൃͨ͠΋ͷͰ͢ ΞʔΩςΫνϟ ίϯςφϥϯλΠϜ ΦʔέετϨʔλʔ Կʹʁ

11. )BTIJ$PSQ
    .FFUVQ
    SE ϩϦϙοϓʂϚωʔδυΫϥ΢υ

12. )BTIJ$PSQ
    .FFUVQ
    SE ๏ ίϯςφϕʔεͷ1BB4
    ๏ ӡ༻෇͖ͷΫϥ΢υͰΫϥ΢υدΓͷϨϯλϧαʔό
    ๏ ίΞػೳͷΦʔτεέʔϧ͸ίϯςφෛՙʹԠͯ͡εέʔϧΞ΢τ͠ෛՙ ܰݮΑΓεέʔϧΠϯ
    ๏ ૝ఆ֎ͷ࢖༻ྔ͸ϝʔϧ௨஌΍ར༻੍ݶͳͲͷઃఆ͕Մೳ

    ϩϦϙοϓʂϚωʔδυΫϥ΢υ

13. )BTIJ$PSQ
    .FFUVQ
    SE ๏ ҆Ձͳίϯςφ؀ڥͷఏڙʹίϯςφ͕ߴूੵͰ͋Δඞཁ͕͋ΔʢϨϯ αό͸ϩϯάςʔϧతʣ
    ๏ Ϣʔβ؅ཧͷίϯςφ͕ܧଓతʹ҆શͰ͋Δඞཁ͕͋Δʢϛυϧ΢ΣΞ΍ ґଘϥΠϒϥϦ͕ఆظతʹ࠷৽ʣ
    ๏ ίϯςφϦιʔε΍ݖݶʹରͯ͠ॊೈͳઃఆ͕ՄೳͰ͋Δ͜ͱͱɺͦΕ Β͕ೳಈతͰ͋Δඞཁ͕͋Δʢίϯςφࣗ਎͕ಈతʹϦιʔεมߋʣ

    ͳͥಠࣗ։ൃͯ͠࢖͏ͷ͔

14. )BTIJ$PSQ
    .FFUVQ
    SE ཁٻΛຬͨͨ͢Ίʹඞཁͩͬͨ ֤ٕज़ৄࡉʹ͍ͭͯ͸ݕࡧͯ͠Έ͍ͯͩ͘͞

15. )BTIJ$PSQ
    .FFUVQ
    SE ίϯςφج൫Λࢧ͑Δ
    ϩϦϙοϓʂϚωʔδυΫϥ΢υΛࢧ͑Δ )BTIJ$PSQ
    ιϑτ΢ΣΞ

16. )BTIJ$PSQ
    .FFUVQ
    SE ·ͣγεςϜશମ૾

17. )BTIJ$PSQ
    .FFUVQ
    SE $BDIF 1SPYZ "1* 4ZTUFN
    0WFSWJFX 4FDSFU
    .BOBHFS 4FSWJDF
    .BOBHFS .POJUPS "$.& #FIBWJPS
    5FTUFS

    4.51 .FUSJDT 4DIFEVMFS
    8FC "1* %# $BDIF +PC -#
    1SPYZ $PNQVUF %JTQBUDIFS -# 4UPSBHF %# 4UBSUFS
    1SPYZ &OW
    1SPEVDUJPO
    4UBHJOH
    %FWFMPQNFOU "MFSU
    .BOBHFS )PTUJOH #VTJOFTT #BTUJPO %# 0QFO4UBDL #BSFNFUBM $.%#

18. )BTIJ$PSQ
    .FFUVQ
    SE ϛυϧ΢ΣΞΛ௥Ճͯ͠ΈΔ

19. )BTIJ$PSQ
    .FFUVQ
    SE $BDIF 1SPYZ "1* 4FDSFU
    .BOBHFS 4FSWJDF
    .BOBHFS .POJUPS "$.& #FIBWJPS
    5FTUFS 4.51

    .FUSJDT 4DIFEVMFS
    8FC "1* %# $BDIF +PC -#
    1SPYZ $PNQVUF %JTQBUDIFS -# 4UPSBHF %# 4UBSUFS
    1SPYZ "MFSU
    .BOBHFS )PTUJOH #VTJOFTT #BTUJPO %# 0QFO4UBDL #BSFNFUBM $.%# 4ZTUFN
    0WFSWJFX &OW
    1SPEVDUJPO
    4UBHJOH
    %FWFMPQNFOU

20. )BTIJ$PSQ
    .FFUVQ
    SE ࣍ʹσϓϩΠϑϩʔ

21. )BTIJ$PSQ
    .FFUVQ
    SE 0QFO4UBDL #BSFNFUBM .""4 ,OJGF;FSP $* %FQMPZ
    'MPX

22. )BTIJ$PSQ
    .FFUVQ
    SE ๏ 0QFO4UBDLͱ#BSFNFUBMͷϋΠϒϦου؀ڥ
    ๏ 1BDLFSͰ࡞ΔΠϝʔδ͸࠷খݶͰશϩʔϧڞ௨Խͯ͠࢖༻
    ๏ 5FSSBGPSNͷ1SPWJTJPOFS͸࢖༻ͤͣ,OJGF;FSPΛ࢖͏
    ๏ ։ൃ؀ڥ͸7BHSBOUʢϩʔϧ͕ଟ͍ͷͰZNM؅ཧͰ͖ΔQMVHJOΛ࢖༻ʣ
    ๏

    සൟʹൃੜ͢Δେ͖ͳ࢓༷มߋͱεςʔτϑϧͳϩʔϧ΋ଟ͍͜ͱ͔Β *NNVUBCMF
    *OGSBΛࣺͯΔઓུ શମతಛ௃

23. )BTIJ$PSQ
    .FFUVQ
    SE ๏ 7BHSBOU
    ๏ 1BDLFS
    ๏ 5FSSBGPSN
    ๏ $POTVM
    ๏

    7BVMU
    ๏ /PNBE
    ʢͷͪʹ
    KSBMMJTPOHPXPSLFST
    ͱബ͍"1*
    ʹมߋʣ ར༻͍ͯ͠Δ)BTIJ$PSQιϑτ΢ΣΞ

24. )BTIJ$PSQ
    .FFUVQ
    SE αʔϏεܧଓʹͳͯ͘͸ͳΒͳ͍
    ѹ౗తײँ
    

25. )BTIJ$PSQ
    .FFUVQ
    SE 5FSSBGPSN
    ࢖༻ͷಛ௃

26. )BTIJ$PSQ
    .FFUVQ
    SE ๏ ՄೳͳݶΓNPEVMFΛ࠶ར༻Ͱ͖ΔΑ͏ʹ͍ͯ͠Δ
    ๏ ౰ॳUGTUBUFΛHJU؅ཧ͍ͯͯ͠ෳ਺ਓͰ࡞ۀ͢Δͱҋ͔͠ͳ͙͘͢ʹ4ʹมߋ
    ๏ 8PSLTQBDF͸1SPEVDUJPOͱ4UBHJOHͰ࢖͍ͬͯΔ
    ๏ DMPVEJOJUͰ4MBDL௨஌౳ɺར༻ऀґଘ෦෼Λ஫ೖ͍ͯ͠Δ
    ๏

    MJGFDZDMFͷઃఆ͸ࣄނ๷ࢭʹඞਢ
    ๏ $*ͰGNU͢ΔΑ͏ʹ͍ͯ͠Δ 5FSSBGPSN

27. )BTIJ$PSQ
    .FFUVQ
    SE module "reserved_vip" { source = "../reserved_vip" count = "${var.int_vip_count}"

    name = "${var.role}" network = "${var.network}" } module "pairaddress_port" { source = "../pairaddress_port" count = "${var.count}" network = "${var.network}" security_group_ids = ["${values(var.security_groups)}"] use_floating_ip = false allowed_ip_address = "${data.openstack_networking_subnet_v2.subnet.cidr}" role = "${var.role}" } resource "openstack_compute_instance_v2" "instance" { lifecycle { ignore_changes = ["user_data", "key_pair", "image_name", "availability_zone"] } count = "${var.count}" name = "${terraform.env != "staging" ? "" : "staging-"}${var.role}-${count.index + var.count_offset + 1}.${var.domain}" image_name = "${var.image_name}" flavor_name = "${var.flavor_name}" key_pair = "${var.key_pair}" availability_zone = "${var.availability_zones[(count.index + var.count_offset) % length(var.availability_zones)]}" security_groups = ["${keys(var.security_groups)}"] user_data = "${data.template_file.init.rendered}" network { port = "${element(module.pairaddress_port.ids, count.index)}" modules/ ├── instance │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── instance_with_extvip │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── instance_with_intvip │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── pairaddress_port │ ├── main.tf │ ├── outputs.tf │ └── varaibales.tf ├── reserved_vip │ ├── main.tf │ ├── outputs.tf │ └── variables.tf └── volume ├── main.tf └── variables.tf 5FSSBGPSN
    ࡉ͔۠͘੾ͬͨNPEVMFͷྫ

28. )BTIJ$PSQ
    .FFUVQ
    SE 5FSSBGPSN
    ࡉ͔۠͘੾ͬͨNPEVMFͷྫ module "api" { count = "${terraform.env == "staging"

    ? 3 : var.api_count}" source = "./modules/instance" role = "api" flavor_name = "c1.large" network_id = "${openstack_networking_network_v2.lan.id}" security_groups = { "${openstack_networking_secgroup_v2.base.name}" = "${openstack_networking_secgroup_v2.base.id}" "${openstack_networking_secgroup_v2.api.name}" = "${openstack_networking_secgroup_v2.api.id}" } } module "secretmanager" { count = "${terraform.env == "staging" ? 2 : var.vault_count}" source = "./modules/instance_with_intvip" role = "secretmanager" flavor_name = "c1.medium" network = "${var.nyah["tenant_name"]}-lan" security_groups = { "${openstack_networking_secgroup_v2.base.name}" = "${openstack_networking_secgroup_v2.base.id}" "${openstack_networking_secgroup_v2.secretmanager.name}" = "${openstack_networking_secgroup_v2.secretmanager.id}" } } ڞ௨ԽʹΑΓ*OTUBODFͷఆ͕ٛγϯϓϧʹ

29. )BTIJ$PSQ
    .FFUVQ
    SE $POTVM
    ࢖༻ͷಛ௃

30. )BTIJ$PSQ
    .FFUVQ
    SE ๏ ϝΠϯ͸αʔϏεσ ΟεΧόϦʢ΋ͪΖΜ؂ࢹʣ
    ๏ .BDLFSFMͱ໾ׂ෼୲͸֎ܗ؂ࢹ͔αʔϏε؂ࢹ͔
    ๏ ϗετͷ໊લղܾ͸$POTVM
    %/4ͱ6OCPVOEΛ࢖༻
    ๏ 7BVMUͷετϨʔδόοΫΤϯυͱͯ͠΋ར༻
    

    ๏ શϊʔυʹ$POTVM
    "HFOUͱαʔϏε΍؂ࢹͰ࢖༻͢Δ1SPNFUIFVTͷ DPOTVM OPEF CMBDLCPY
    FYQPSUFS͕ೖ͍ͬͯΔ $POTVM

31. )BTIJ$PSQ
    .FFUVQ
    SE $POTVM
    %/4ͷศར࢖༻๏ $ cat ~/.ssh/config … Host bastion-1.ohr HostName xxx.xxx.xxx.xxx

    User linyows Host *.ohr !bastion-1.ohr !bastion-2.ohr !staging-*.ohr !*baremetal.ohr ProxyCommand ssh -W "$(basename "$(sed -E "s/.ohr/.node.consul/"<<<"%h")")":%p bastion-1.ohr User linyows $ ssh app-1.ohr __ ___ __ _____ _/ / / _ \/ // / _ `/ _ \ /_//_/\_, /\_,_/_//_/ /___/ ubuntu https://github.pepabo.com/tech/packer-templates (c) GMO Pepabo, Inc. linyows@app-1:~$ ౿Έ୆αʔόͰ໊લղܾ͢Δ͜ͱͰଟஈ44)Λศརʹ

32. )BTIJ$PSQ
    .FFUVQ
    SE $POTVM
    %/4ͷศར࢖༻๏ 1SPYZͷ6QTUSFBNΛ$POTVM
    %/4Ͱϥ΢ϯυϩϏϯ hosts: "foo.service.consul:443": listen: port: 443 ssl: certificate-file:

    /etc/h2o/tls.crt key-file: /etc/h2o/tls.key paths: "/": proxy.reverse.url: "https://foo.service.consul:443/"

33. )BTIJ$PSQ
    .FFUVQ
    SE $POTVM
    5FNQMBUFͷ࢖༻ ,FFQBMJWFEͷDPOGʹDPOTVMUFNQMBUFΛ࢖༻͢Δ͜ͱͰ1SPYZͷ$POTVM
    KPJOͰαʔϏεΠϯ͢Δ virtual_server <%= @vip %> 443 { delay_loop

    10 lvs_sched rr lvs_method NAT protocol TCP {{range service "proxy|passing"}} real_server {{.Address}} 443 { weight 1 TCP_CHECK { connect_port 443 connect_timeout 30 } }{{end}} }

34. )BTIJ$PSQ
    .FFUVQ
    SE ͍ΖΜͳϨΠϠʔ͕ͳΊΒ͔ʹϦϦʔε %/4 -# -#
    1SPYZ
    1SPYZ
    1SPYZ
    /FX
    1SPYZ
    8FC

    
    8FC
    8FC
    /FX
    8FC
    8FC
    8FC XFCTFSWJDFDPOTVM DPOTVMUFNQMBUF DPOTVM
    EOT YYYYYYYYYYY YYYYYYYYYYY YYYYYYYYYYY YYYYYYYYYYY

35. )BTIJ$PSQ
    .FFUVQ
    SE 7BVMU
    ࢖༻ͷಛ௃

36. )BTIJ$PSQ
    .FFUVQ
    SE 7BVMU ๏ 1,*ͱ5SBOTJUγʔΫϨοτΛར༻ʢ͞Βʹ௥Ճ༧ఆʣ
    ๏ %#ʹอ࣋͢Δൿີ৘ใ͸શͯ7BVMUͰ҉߸Խ
    ๏ ൃߦͨ͠ൿີ৘ใ͸$IFGͰ഑෍ʢSPPU
    $"΍DPOTVMUFNQMBUFͷUPLFO౳ʣ
    ๏ 5PLFO͸SFOFXʢ55-ͷԆ௕ʣ͠ͳ͕Β࢖༻
    

    ๏ NBYMFBTFUUMͷظݶͰࣦޮ͢Δʢ௕͘SFOFX͢Δͱཁ஫ҙʣৄ͘͠͸ޙड़

37. )BTIJ$PSQ
    .FFUVQ
    SE ๏ $POTVMΛετϨʔδͱͯ͠ར༻͢ΔͱΞΫςΟϒͳ7BVMUʹରͯ͠ WBVMUTFSWJDFDPOTVM͕ࣗಈతʹઃఆ͞ΕΔ
    ๏ 7BVMUΛೝূہͱͯ͠ઃఆ͠αʔόূ໌ॻΛࣗ෼Ͱൃߦ͢Δ
    ๏ 7BVMU͸࠶ىಈ͢Δͱ4FBM͞ΕΔ
    ๏ -FU`T
    &ODSZQUΛ࢖ͬͯαʔόূ໌ॻൃߦ͢Δʁ

    1,*ͷ3PPU
    $"഑෍໰୊ 7BVMUαʔόʹ5-4઀ଓ͢Δ৔߹Ͳ͏ͨ͠Βྑ͍͔

38. )BTIJ$PSQ
    .FFUVQ
    SE ๏ 7BVMUʹ4*()61γάφϧͰαʔόূ໌ॻͷ࠶ಡΈࠐΈΛ͢Δ
    ๏ 4*()61Ͱ͸4FBM͞Εͳ͍
    ๏ "VEJU
    MPHͷMPHSPUBUFʹ΋࢖͑Δ
    ๏ 7BVMU͕ൃߦͨ͠3PPU
    $"͸$IFGͰ഑෍ $POTVMUF
    5FNQMBUFͷ࢖༻

    αʔόূ໌ॻʹDPOTVMUFNQMBUFΛ࢖༻͢Δ͜ͱܧଓతͳূ໌ॻൃߦΛࣗಈԽ͢Δ

39. )BTIJ$PSQ
    .FFUVQ
    SE vault { address = "https://127.0.0.1:8200" token = "<%= node['vault']['token']

    %>" renew_token = true grace = "5m" ssl { enabled = true verify = false } } template { contents = "{{ with secret \"pki/issue/service-consul\" \"common_name=vault.service.consul\" }}{{ .Data.issuing_ca }}{{ end }}" destination = "/usr/share/ca-certificates/extra/Vault_Root_CA.crt" command = "sudo /usr/local/sbin/update_ca_certs" } template { contents = "{{ with secret \"pki/issue/service-consul\" \"common_name=vault.service.consul\" }}{{ .Data.certificate }}{{ end }}" destination = "/etc/vault.d/vault.service.consul.crt" command = "sudo /usr/local/sbin/reload_vault" } template { contents = "{{ with secret \"pki/issue/service-consul\" \"common_name=vault.service.consul\" }}{{ .Data.private_key }}{{ end }}" destination = "/etc/vault.d/vault.service.consul.key" command = "sudo /usr/local/sbin/reload_vault" } TVEPFSTͰڐՄ͢ΔͨΊʹ֤εΫϦϓτʹ ୹͍ͷͰΠϯϥΠϯͰهड़ 5PLFOͷ55-ΛԆ௕ͯ͠࢖༻ $POTVMUF
    5FNQMBUFͷ࢖༻

40. )BTIJ$PSQ
    .FFUVQ
    SE ๏ "QQMJDBUJPO͕7BVMUʹରͯ͠ೝূ͢ΔBQQSPMF
    ๏ ೝূ͢Δͱࢦఆͷ55-͕ઃఆ͞Εͨ5PLFO͕ൃߦ͞ΕΔ
    ๏ "QQMJDBUJPO͸ͦͷ5PLFOΛ࢖ͬͯ7BVMUͱ΍ΓऔΓΛ͢Δ
    ๏ "QQMJDBUJPO͕BQQSPMFͷSPMF@JEͱTFDSFU@JEΛ͍࣋ͬͯͯ΋ҙຯ͕ͳ͍
    ๏

    "QQMJDBUJPOϓϩηεͷ֎Ͱ5PLFOΛൃߦ͢Δ "QQMJDBUJPO
    5PLFOͷ഑෍໰୊

41. )BTIJ$PSQ
    .FFUVQ
    SE ๏ "QQMJDBUJPOͷσϓϩΠ࣌ʹBQQSPMF
    BVUIΛ͢ΔίϚϯυΛ࣮ߦ
    ๏ ίϚϯυ͸ೝূͷ18Ͱ͋ΔTFDSFU@JEͷ55-Ԇ௕Λ1045
    ๏ ଓ͚ͯೝূΛ࣮ߦ͠5PLFOΛऔಘ͢Δ
    ๏ औಘͨ͠5PLFOΛ"QQMJDBUJPO͕ಡΊΔύεʹ഑ஔ "QQMJDBUJPO
    5PLFOͷ഑෍໰୊ղܾ๏

    7BVMU $PNNBOE SPMF@JE TFDSFU@JE UPLFO

42. )BTIJ$PSQ
    .FFUVQ
    SE 7BVMU
    UPLFO͕ࣦޮͯ͠ো֐

43. )BTIJ$PSQ
    .FFUVQ
    SE ๏ "QQSPMFͷTFDSFU@JEΛSFOFX͢ΔͨΊʹDVTUPN
    TFDSFU@JEͱͯ͠ઃఆͯ͠ ͍Δ
    ๏ DVTUPN
    TFDSFU@JEʹઃఆ͢ΔUPLFO͸BVUIUPLFOͰൃߦ
    ๏ Ϛ΢ϯτͨ͠TFDSFU͝ͱʹNBYMFBTFUUMͱ͍͏ઃఆ͕͋ΓɺγεςϜશମ ʹ΋NBY
    UUM͕ଘࡏ͢Δ
    ๏

    ྆ํ͕ະઃఆͷ৔߹ɺγεςϜͷNBY
    UUMͰ͋ΔEBZT্͕ݶ 7BVMU
    UPLFO͕ࣦޮͯ͠ো֐

44. )BTIJ$PSQ
    .FFUVQ
    SE IUUQTXXXWBVMUQSPKFDUJPEPDTDPODFQUTUPLFOTIUNMUIFHFOFSBMDBTF ίϯηϓτʹॻ͍ͯ͋ͬͨ

45. )BTIJ$PSQ
    .FFUVQ
    SE .BY
    55-ઃఆ͸ɺ֤Ϛ΢ϯτ͞ΕͨγʔΫϨοτ͝ͱʹઃఆ͢ ΔͷͰɺຊ൪ӡ༻࣌ʹ͸ඞͣߟྀ͠·͠ΐ͏ɻ
    ͱͯ΋ॏཁͰ͢
    

46. )BTIJ$PSQ
    .FFUVQ
    SE ๏ 5PLFO͕ࣦޮͨ͠ΒBVEJUMPHʹΤϥʔ ͕සൃ͍ͯͨ͠
    ๏ 7BVMU
    TFSWFSͷ$POTVM
    DIFDLTͰBVEJUMPHͷ ؂ࢹΛ௥Ճ
    ๏ ݕ஌ͨ͠΋ͷ͸$POTVM
    "MFSUͰ4MBDL௨஌ Αͦ͠ΕͳΒ؂ࢹ௥Ճͩ

    { "name": "vault-audit-log", "tags": ["vault", "audit"], "checks": [ { "script": "sudo /usr/local/sbin/check_audit", "interval": "60s" } ] } #!/bin/bash check-log --file /var/log/vault_audit.log \ --pattern '\"error\":\".+\"' \ —exclude='invalid request|unsupported path|unsupported operation' .BDLFSFMͷDIFDL
    DPNNBOE

47. )BTIJ$PSQ
    .FFUVQ
    SE $POTVM
    ؾܰʹ؂ࢹ௥ՃͰ͖ͯศརʂ

48. )BTIJ$PSQ
    .FFUVQ
    SE ๏ ϩϦϙοϓʂϚωʔδυΫϥ΢υͰͷ)BTIJ$PSQιϑτ΢ΣΞͷ׆༻ํ๏ Λഎܠͱಛ௃Λ౿·͑ղઆ
    ๏ )BTIJ$PSQιϑτ΢ΣΞ͸࢖͍͜ͳ͢͜ͱͰγεςϜ͕͍͍ײ͡ʹͳΔ ͷͰυΩϡϝϯτΛख़ಡ͢΂͠
    ๏ )BTIJ$PSQͷ֤ιϑτ΢ΣΞʹ͸ྲྀΕ͕͋Γɺซ༻͢Δ͜ͱͰศར͕͞ ૿͢ʂʂʂ

    $PODMVTJPO

49. )BTIJ$PSQ
    .FFUVQ
    SE 5IBOL
    ZPV
    8FSF
    IJSJOH