$30 off During Our Annual Pro Sale. View Details »

コンテナ基盤を支えるHashiCorpソフトウェア / HashiCorp Softwares...

Avatar for linyows linyows
September 11, 2018
Technology
6
5.3k

コンテナ基盤を支えるHashiCorpソフトウェア / HashiCorp Softwares on Container Base

2018.09.11 DevOpsを支える今話題のHashiCorpツール群について(HashiCorp Meetup 3rd)でお話しした資料です

Avatar for linyows

linyows

September 11, 2018
Tweet

More Decks by linyows

See All by linyows
Protocol Buffersの型を超えて拡張性を得る / Beyond Protocol Buffers Types Achieving Extensibility
Avatar for linyows linyows
0
170
研究開発と実装OSSと プロダクトの好循環 / A virtuous cycle of research and development implementation OSS and products
Avatar for linyows linyows
1
730
コードジェネレーターで 効率的な開発をする / Efficient development with code generators
Avatar for linyows linyows
0
380
研究を支える拡張性の高い ワークフローツールの提案 / Proposal of highly expandable workflow tools to support research
Avatar for linyows linyows
0
550
非コンテナ環境において宣言的Deploymentを手軽に実現する / Declarative deployment in non-container environments
Avatar for linyows linyows
1
410
メール送信サーバの集約における透過型SMTP プロキシの定量評価 / Quantitative Evaluation of Transparent SMTP Proxy in Email Sending Server Aggregation
Avatar for linyows linyows
0
1.1k
透過型SMTPプロキシによる送信メールの可観測性向上: Update Edition / Improved observability of outgoing emails with transparent smtp proxy: Update edition
Avatar for linyows linyows
2
560
研究の再現性を高める 仕組みをGoでつくる / Creating a system to improve the reproducibility of research using go
Avatar for linyows linyows
1
310
奥が深いメールのシステム / The depth of Email system
Avatar for linyows linyows
4
720

Other Decks in Technology

See All in Technology
子育てで想像してなかった「見えないダメージ」 / Unforeseen "hidden burdens" of raising children.
Avatar for Pauli pauli
2
290
初めてのDatabricks AI/BI Genie
Avatar for Takaaki Yayoi taka_aki
0
200
プロンプトやエージェントを自動的に作る方法
Avatar for shibuiwilliam shibuiwilliam
13
11k
まだ間に合う! Agentic AI on AWSの現在地をやさしく一挙おさらい
Avatar for みのるん minorun365
12
540
年間40件以上の登壇を続けて見えた「本当の発信力」/ 20251213 Masaki Okuda
Avatar for SHIFT EVOLVE shift_evolve
PRO
1
140
AI 駆動開発勉強会 フロントエンド支部 #1 w/あずもば
Avatar for 1ft-seabass 1ftseabass
PRO
0
400
AI駆動開発の実践とその未来
Avatar for Ikko Eltociear Ashimine eltociear
1
230
業務のトイルをバスターせよ 〜AI時代の生存戦略〜
Avatar for staka staka121
PRO
2
220
re:Invent2025 3つの Frontier Agents を紹介 / introducing-3-frontier-agents
Avatar for tomoki10 tomoki10
0
240
学習データって増やせばいいんですか?
Avatar for fumihiko takahashi ftakahashi
2
490
ウェルネス SaaS × AI、1,000万ユーザーを支える 業界特化 AI プロダクト開発への道のり
Avatar for hacomono Inc. hacomono
PRO
0
140
[デモです] NotebookLM で作ったスライドの例
Avatar for Takaaki Tanaka kongmingstrap
0
160

Featured

See All Featured
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
25
1.6k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
37
2.7k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
659
61k
Put a Button on it: Removing Barriers to Going Fast.
Avatar for kastner kastner
60
4.1k
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
302
51k
How Fast Is Fast Enough? [PerfNow 2025]
Avatar for Tammy Everts tammyeverts
3
390
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
141
7.2k
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
274
41k
Code Review Best Practice
Avatar for Trisha Gee trishagee
74
19k
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
32
1.8k
Leading Effective Engineering Teams in the AI Era
Avatar for Addy Osmani addyosmani
9
1.3k
Fireside Chat
Avatar for paigeccino paigeccino
41
3.7k

Transcript

  1. খా஌ԝ(.01FQBCP *OD %FW0QTΛࢧ͑Δࠓ࿩୊ͷ)BTIJ$PSQπʔϧ܈ʹ͍ͭͯ )BTIJ$PSQ.FFUVQSE ίϯςφج൫Λࢧ͑Δ )BTIJ$PSQιϑτ΢ΣΞ

  2. )BTIJ$PSQ.FFUVQSE (.0ϖύϘ ϓϦϯγύϧΤϯδχΞ !MJOZPXT CMPHUPNPIJTBPEBDPN

  3. )BTIJ$PSQ.FFUVQSE ࠷ۙͷ͓࢓ࣄ ϖύϘݚڀॴͱ۝भେֶ͕ڞಉݚڀ

  4. )BTIJ$PSQ.FFUVQSE দຊ྄հʹΑΔ࿦จʢ%*$0.0༧ߘʣਫ਼៛ʹ੍ޚՄೳͳ߃ৗੑͷ͋ΔߴूੵϚϧνΞΧ΢ϯτܕͷϝʔϧج൫ IUUQTSBOEQFQBCPDPNQBQFSTEJDPNPQSPDFFEJOHNBUTVNPUPSZQEG ࠷ۙͷ͓࢓ࣄ ओʹ'BTU$POUBJOFSʹΑΔϝʔϧج൫ݚڀ։ൃɺ࠷࣮ۙ૷ྫΛ(JU)VCͰެ։ IUUQTHJUIVCDPN'BTU$POUBJOFS

  5. )BTIJ$PSQ.FFUVQSE ࠷ۙͷ͓࢓ࣄ 7BVMUͷ8PSLTIPQΛࣾ಺޲͚ʹ։࠵ɻҎԼ͸ͦͷ঺հهࣄ IUUQTUFDIQFQBCPDPNWBVMUXPSLTIPQ

  6. )BTIJ$PSQ.FFUVQSE 8&# %#13&44WPM )BTIJ$PSQ7BVMUͷهࣄدߘ ෱Ԭͷ(PMBOHίϛϡχςΟ 'VLVPLBHPͷओ࠵ͷਓ MJOVYϢʔβͷ໊લղܾΛ (JU)VC͔ΒϚοϐϯά͢Δ ιϑτ΢ΣΞͷ։ൃ

  7. )BTIJ$PSQ.FFUVQSE ίϯςφج൫Λࢧ͑Δ)BTIJ$PSQιϑτ΢ΣΞ

  8. )BTIJ$PSQ.FFUVQSE ๏ Ұൠతͳ,VCFSOFUFT΍%PDLFS͸࢖͍ͬͯ·ͤΜ ๏ -9%ͷΑ͏ͳγεςϜίϯςφͰ΋͋Γ·ͤΜ ๏ ಠࣗίϯςφ؀ڥΛఏڙ͢Δଆͷ࿩Ͱ͢ ๏ 0PIPSJ΍'BTU$POUBJOFSɺ)BDPOJXBΛ࢖͍ͬͯ·͢ લఏίϯςφج൫ͱ͍ͬͯ΋ʜ

  9. )BTIJ$PSQ.FFUVQSE 0PIPSJ'BTU$POUBJOFS)BDPOJXB ☺

  10. )BTIJ$PSQ.FFUVQSE 0PIPSJ'BTU$POUBJOFS)BDPOJXB ☺☺☺☺☺ ͜ΕΒ͸ಠࣗ։ൃͨ͠΋ͷͰ͢ ΞʔΩςΫνϟ ίϯςφϥϯλΠϜ ΦʔέετϨʔλʔ Կʹʁ

  11. )BTIJ$PSQ.FFUVQSE ϩϦϙοϓʂϚωʔδυΫϥ΢υ

  12. )BTIJ$PSQ.FFUVQSE ๏ ίϯςφϕʔεͷ1BB4 ๏ ӡ༻෇͖ͷΫϥ΢υͰΫϥ΢υدΓͷϨϯλϧαʔό ๏ ίΞػೳͷΦʔτεέʔϧ͸ίϯςφෛՙʹԠͯ͡εέʔϧΞ΢τ͠ෛՙ ܰݮΑΓεέʔϧΠϯ ๏ ૝ఆ֎ͷ࢖༻ྔ͸ϝʔϧ௨஌΍ར༻੍ݶͳͲͷઃఆ͕Մೳ

    ϩϦϙοϓʂϚωʔδυΫϥ΢υ

  13. )BTIJ$PSQ.FFUVQSE ๏ ҆Ձͳίϯςφ؀ڥͷఏڙʹίϯςφ͕ߴूੵͰ͋Δඞཁ͕͋ΔʢϨϯ αό͸ϩϯάςʔϧతʣ ๏ Ϣʔβ؅ཧͷίϯςφ͕ܧଓతʹ҆શͰ͋Δඞཁ͕͋Δʢϛυϧ΢ΣΞ΍ ґଘϥΠϒϥϦ͕ఆظతʹ࠷৽ʣ ๏ ίϯςφϦιʔε΍ݖݶʹରͯ͠ॊೈͳઃఆ͕ՄೳͰ͋Δ͜ͱͱɺͦΕ Β͕ೳಈతͰ͋Δඞཁ͕͋Δʢίϯςφࣗ਎͕ಈతʹϦιʔεมߋʣ

    ͳͥಠࣗ։ൃͯ͠࢖͏ͷ͔

  14. )BTIJ$PSQ.FFUVQSE ཁٻΛຬͨͨ͢Ίʹඞཁͩͬͨ ֤ٕज़ৄࡉʹ͍ͭͯ͸ݕࡧͯ͠Έ͍ͯͩ͘͞

  15. )BTIJ$PSQ.FFUVQSE ίϯςφج൫Λࢧ͑Δ ϩϦϙοϓʂϚωʔδυΫϥ΢υΛࢧ͑Δ )BTIJ$PSQιϑτ΢ΣΞ

  16. )BTIJ$PSQ.FFUVQSE ·ͣγεςϜશମ૾

  17. )BTIJ$PSQ.FFUVQSE $BDIF 1SPYZ "1* 4ZTUFN0WFSWJFX 4FDSFU.BOBHFS 4FSWJDF.BOBHFS .POJUPS "$.& #FIBWJPS5FTUFS

    4.51 .FUSJDT 4DIFEVMFS 8FC "1* %# $BDIF +PC -# 1SPYZ $PNQVUF %JTQBUDIFS -# 4UPSBHF %# 4UBSUFS 1SPYZ &OW1SPEVDUJPO 4UBHJOH %FWFMPQNFOU "MFSU.BOBHFS )PTUJOH #VTJOFTT #BTUJPO %# 0QFO4UBDL #BSFNFUBM $.%#

  18. )BTIJ$PSQ.FFUVQSE ϛυϧ΢ΣΞΛ௥Ճͯ͠ΈΔ

  19. )BTIJ$PSQ.FFUVQSE $BDIF 1SPYZ "1* 4FDSFU.BOBHFS 4FSWJDF.BOBHFS .POJUPS "$.& #FIBWJPS5FTUFS 4.51

    .FUSJDT 4DIFEVMFS 8FC "1* %# $BDIF +PC -# 1SPYZ $PNQVUF %JTQBUDIFS -# 4UPSBHF %# 4UBSUFS 1SPYZ "MFSU.BOBHFS )PTUJOH #VTJOFTT #BTUJPO %# 0QFO4UBDL #BSFNFUBM $.%# 4ZTUFN0WFSWJFX &OW1SPEVDUJPO 4UBHJOH %FWFMPQNFOU

  20. )BTIJ$PSQ.FFUVQSE ࣍ʹσϓϩΠϑϩʔ

  21. )BTIJ$PSQ.FFUVQSE 0QFO4UBDL #BSFNFUBM .""4 ,OJGF;FSP $* %FQMPZ'MPX

  22. )BTIJ$PSQ.FFUVQSE ๏ 0QFO4UBDLͱ#BSFNFUBMͷϋΠϒϦου؀ڥ ๏ 1BDLFSͰ࡞ΔΠϝʔδ͸࠷খݶͰશϩʔϧڞ௨Խͯ͠࢖༻ ๏ 5FSSBGPSNͷ1SPWJTJPOFS͸࢖༻ͤͣ,OJGF;FSPΛ࢖͏ ๏ ։ൃ؀ڥ͸7BHSBOUʢϩʔϧ͕ଟ͍ͷͰZNM؅ཧͰ͖ΔQMVHJOΛ࢖༻ʣ ๏

    සൟʹൃੜ͢Δେ͖ͳ࢓༷มߋͱεςʔτϑϧͳϩʔϧ΋ଟ͍͜ͱ͔Β *NNVUBCMF*OGSBΛࣺͯΔઓུ શମతಛ௃

  23. )BTIJ$PSQ.FFUVQSE ๏ 7BHSBOU ๏ 1BDLFS ๏ 5FSSBGPSN ๏ $POTVM ๏

    7BVMU ๏ /PNBEʢͷͪʹKSBMMJTPOHPXPSLFSTͱബ͍"1*ʹมߋʣ ར༻͍ͯ͠Δ)BTIJ$PSQιϑτ΢ΣΞ

  24. )BTIJ$PSQ.FFUVQSE αʔϏεܧଓʹͳͯ͘͸ͳΒͳ͍ ѹ౗తײँ

  25. )BTIJ$PSQ.FFUVQSE 5FSSBGPSN࢖༻ͷಛ௃

  26. )BTIJ$PSQ.FFUVQSE ๏ ՄೳͳݶΓNPEVMFΛ࠶ར༻Ͱ͖ΔΑ͏ʹ͍ͯ͠Δ ๏ ౰ॳUGTUBUFΛHJU؅ཧ͍ͯͯ͠ෳ਺ਓͰ࡞ۀ͢Δͱҋ͔͠ͳ͙͘͢ʹ4ʹมߋ ๏ 8PSLTQBDF͸1SPEVDUJPOͱ4UBHJOHͰ࢖͍ͬͯΔ ๏ DMPVEJOJUͰ4MBDL௨஌౳ɺར༻ऀґଘ෦෼Λ஫ೖ͍ͯ͠Δ ๏

    MJGFDZDMFͷઃఆ͸ࣄނ๷ࢭʹඞਢ ๏ $*ͰGNU͢ΔΑ͏ʹ͍ͯ͠Δ 5FSSBGPSN

  27. )BTIJ$PSQ.FFUVQSE module "reserved_vip" { source = "../reserved_vip" count = "${var.int_vip_count}"

    name = "${var.role}" network = "${var.network}" } module "pairaddress_port" { source = "../pairaddress_port" count = "${var.count}" network = "${var.network}" security_group_ids = ["${values(var.security_groups)}"] use_floating_ip = false allowed_ip_address = "${data.openstack_networking_subnet_v2.subnet.cidr}" role = "${var.role}" } resource "openstack_compute_instance_v2" "instance" { lifecycle { ignore_changes = ["user_data", "key_pair", "image_name", "availability_zone"] } count = "${var.count}" name = "${terraform.env != "staging" ? "" : "staging-"}${var.role}-${count.index + var.count_offset + 1}.${var.domain}" image_name = "${var.image_name}" flavor_name = "${var.flavor_name}" key_pair = "${var.key_pair}" availability_zone = "${var.availability_zones[(count.index + var.count_offset) % length(var.availability_zones)]}" security_groups = ["${keys(var.security_groups)}"] user_data = "${data.template_file.init.rendered}" network { port = "${element(module.pairaddress_port.ids, count.index)}" modules/ ├── instance │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── instance_with_extvip │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── instance_with_intvip │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── pairaddress_port │ ├── main.tf │ ├── outputs.tf │ └── varaibales.tf ├── reserved_vip │ ├── main.tf │ ├── outputs.tf │ └── variables.tf └── volume ├── main.tf └── variables.tf 5FSSBGPSNࡉ͔۠͘੾ͬͨNPEVMFͷྫ

  28. )BTIJ$PSQ.FFUVQSE 5FSSBGPSNࡉ͔۠͘੾ͬͨNPEVMFͷྫ module "api" { count = "${terraform.env == "staging"

    ? 3 : var.api_count}" source = "./modules/instance" role = "api" flavor_name = "c1.large" network_id = "${openstack_networking_network_v2.lan.id}" security_groups = { "${openstack_networking_secgroup_v2.base.name}" = "${openstack_networking_secgroup_v2.base.id}" "${openstack_networking_secgroup_v2.api.name}" = "${openstack_networking_secgroup_v2.api.id}" } } module "secretmanager" { count = "${terraform.env == "staging" ? 2 : var.vault_count}" source = "./modules/instance_with_intvip" role = "secretmanager" flavor_name = "c1.medium" network = "${var.nyah["tenant_name"]}-lan" security_groups = { "${openstack_networking_secgroup_v2.base.name}" = "${openstack_networking_secgroup_v2.base.id}" "${openstack_networking_secgroup_v2.secretmanager.name}" = "${openstack_networking_secgroup_v2.secretmanager.id}" } } ڞ௨ԽʹΑΓ*OTUBODFͷఆ͕ٛγϯϓϧʹ

  29. )BTIJ$PSQ.FFUVQSE $POTVM࢖༻ͷಛ௃

  30. )BTIJ$PSQ.FFUVQSE ๏ ϝΠϯ͸αʔϏεσ ΟεΧόϦʢ΋ͪΖΜ؂ࢹʣ ๏ .BDLFSFMͱ໾ׂ෼୲͸֎ܗ؂ࢹ͔αʔϏε؂ࢹ͔ ๏ ϗετͷ໊લղܾ͸$POTVM%/4ͱ6OCPVOEΛ࢖༻ ๏ 7BVMUͷετϨʔδόοΫΤϯυͱͯ͠΋ར༻

    ๏ શϊʔυʹ$POTVM"HFOUͱαʔϏε΍؂ࢹͰ࢖༻͢Δ1SPNFUIFVTͷ DPOTVM OPEF CMBDLCPYFYQPSUFS͕ೖ͍ͬͯΔ $POTVM

  31. )BTIJ$PSQ.FFUVQSE $POTVM%/4ͷศར࢖༻๏ $ cat ~/.ssh/config … Host bastion-1.ohr HostName xxx.xxx.xxx.xxx

    User linyows Host *.ohr !bastion-1.ohr !bastion-2.ohr !staging-*.ohr !*baremetal.ohr ProxyCommand ssh -W "$(basename "$(sed -E "s/.ohr/.node.consul/"<<<"%h")")":%p bastion-1.ohr User linyows $ ssh app-1.ohr __ ___ __ _____ _/ / / _ \/ // / _ `/ _ \ /_//_/\_, /\_,_/_//_/ /___/ ubuntu https://github.pepabo.com/tech/packer-templates (c) GMO Pepabo, Inc. linyows@app-1:~$ ౿Έ୆αʔόͰ໊લղܾ͢Δ͜ͱͰଟஈ44)Λศརʹ

  32. )BTIJ$PSQ.FFUVQSE $POTVM%/4ͷศར࢖༻๏ 1SPYZͷ6QTUSFBNΛ$POTVM%/4Ͱϥ΢ϯυϩϏϯ hosts: "foo.service.consul:443": listen: port: 443 ssl: certificate-file:

    /etc/h2o/tls.crt key-file: /etc/h2o/tls.key paths: "/": proxy.reverse.url: "https://foo.service.consul:443/"

  33. )BTIJ$PSQ.FFUVQSE $POTVM5FNQMBUFͷ࢖༻ ,FFQBMJWFEͷDPOGʹDPOTVMUFNQMBUFΛ࢖༻͢Δ͜ͱͰ1SPYZͷ$POTVMKPJOͰαʔϏεΠϯ͢Δ virtual_server <%= @vip %> 443 { delay_loop

    10 lvs_sched rr lvs_method NAT protocol TCP {{range service "proxy|passing"}} real_server {{.Address}} 443 { weight 1 TCP_CHECK { connect_port 443 connect_timeout 30 } }{{end}} }

  34. )BTIJ$PSQ.FFUVQSE ͍ΖΜͳϨΠϠʔ͕ͳΊΒ͔ʹϦϦʔε %/4 -# -# 1SPYZ 1SPYZ 1SPYZ /FX1SPYZ 8FC

    8FC 8FC /FX8FC 8FC 8FC XFCTFSWJDFDPOTVM DPOTVMUFNQMBUF DPOTVMEOT YYYYYYYYYYY YYYYYYYYYYY YYYYYYYYYYY YYYYYYYYYYY

  35. )BTIJ$PSQ.FFUVQSE 7BVMU࢖༻ͷಛ௃

  36. )BTIJ$PSQ.FFUVQSE 7BVMU ๏ 1,*ͱ5SBOTJUγʔΫϨοτΛར༻ʢ͞Βʹ௥Ճ༧ఆʣ ๏ %#ʹอ࣋͢Δൿີ৘ใ͸શͯ7BVMUͰ҉߸Խ ๏ ൃߦͨ͠ൿີ৘ใ͸$IFGͰ഑෍ʢSPPU$"΍DPOTVMUFNQMBUFͷUPLFO౳ʣ ๏ 5PLFO͸SFOFXʢ55-ͷԆ௕ʣ͠ͳ͕Β࢖༻

    ๏ NBYMFBTFUUMͷظݶͰࣦޮ͢Δʢ௕͘SFOFX͢Δͱཁ஫ҙʣৄ͘͠͸ޙड़

  37. )BTIJ$PSQ.FFUVQSE ๏ $POTVMΛετϨʔδͱͯ͠ར༻͢ΔͱΞΫςΟϒͳ7BVMUʹରͯ͠ WBVMUTFSWJDFDPOTVM͕ࣗಈతʹઃఆ͞ΕΔ ๏ 7BVMUΛೝূہͱͯ͠ઃఆ͠αʔόূ໌ॻΛࣗ෼Ͱൃߦ͢Δ ๏ 7BVMU͸࠶ىಈ͢Δͱ4FBM͞ΕΔ ๏ -FU`T&ODSZQUΛ࢖ͬͯαʔόূ໌ॻൃߦ͢Δʁ

    1,*ͷ3PPU$"഑෍໰୊ 7BVMUαʔόʹ5-4઀ଓ͢Δ৔߹Ͳ͏ͨ͠Βྑ͍͔

  38. )BTIJ$PSQ.FFUVQSE ๏ 7BVMUʹ4*()61γάφϧͰαʔόূ໌ॻͷ࠶ಡΈࠐΈΛ͢Δ ๏ 4*()61Ͱ͸4FBM͞Εͳ͍ ๏ "VEJUMPHͷMPHSPUBUFʹ΋࢖͑Δ ๏ 7BVMU͕ൃߦͨ͠3PPU$"͸$IFGͰ഑෍ $POTVMUF5FNQMBUFͷ࢖༻

    αʔόূ໌ॻʹDPOTVMUFNQMBUFΛ࢖༻͢Δ͜ͱܧଓతͳূ໌ॻൃߦΛࣗಈԽ͢Δ

  39. )BTIJ$PSQ.FFUVQSE vault { address = "https://127.0.0.1:8200" token = "<%= node['vault']['token']

    %>" renew_token = true grace = "5m" ssl { enabled = true verify = false } } template { contents = "{{ with secret \"pki/issue/service-consul\" \"common_name=vault.service.consul\" }}{{ .Data.issuing_ca }}{{ end }}" destination = "/usr/share/ca-certificates/extra/Vault_Root_CA.crt" command = "sudo /usr/local/sbin/update_ca_certs" } template { contents = "{{ with secret \"pki/issue/service-consul\" \"common_name=vault.service.consul\" }}{{ .Data.certificate }}{{ end }}" destination = "/etc/vault.d/vault.service.consul.crt" command = "sudo /usr/local/sbin/reload_vault" } template { contents = "{{ with secret \"pki/issue/service-consul\" \"common_name=vault.service.consul\" }}{{ .Data.private_key }}{{ end }}" destination = "/etc/vault.d/vault.service.consul.key" command = "sudo /usr/local/sbin/reload_vault" } TVEPFSTͰڐՄ͢ΔͨΊʹ֤εΫϦϓτʹ ୹͍ͷͰΠϯϥΠϯͰهड़ 5PLFOͷ55-ΛԆ௕ͯ͠࢖༻ $POTVMUF5FNQMBUFͷ࢖༻

  40. )BTIJ$PSQ.FFUVQSE ๏ "QQMJDBUJPO͕7BVMUʹରͯ͠ೝূ͢ΔBQQSPMF ๏ ೝূ͢Δͱࢦఆͷ55-͕ઃఆ͞Εͨ5PLFO͕ൃߦ͞ΕΔ ๏ "QQMJDBUJPO͸ͦͷ5PLFOΛ࢖ͬͯ7BVMUͱ΍ΓऔΓΛ͢Δ ๏ "QQMJDBUJPO͕BQQSPMFͷSPMF@JEͱTFDSFU@JEΛ͍࣋ͬͯͯ΋ҙຯ͕ͳ͍ ๏

    "QQMJDBUJPOϓϩηεͷ֎Ͱ5PLFOΛൃߦ͢Δ "QQMJDBUJPO5PLFOͷ഑෍໰୊

  41. )BTIJ$PSQ.FFUVQSE ๏ "QQMJDBUJPOͷσϓϩΠ࣌ʹBQQSPMFBVUIΛ͢ΔίϚϯυΛ࣮ߦ ๏ ίϚϯυ͸ೝূͷ18Ͱ͋ΔTFDSFU@JEͷ55-Ԇ௕Λ1045 ๏ ଓ͚ͯೝূΛ࣮ߦ͠5PLFOΛऔಘ͢Δ ๏ औಘͨ͠5PLFOΛ"QQMJDBUJPO͕ಡΊΔύεʹ഑ஔ "QQMJDBUJPO5PLFOͷ഑෍໰୊ղܾ๏

    7BVMU $PNNBOE SPMF@JE TFDSFU@JE UPLFO

  42. )BTIJ$PSQ.FFUVQSE 7BVMUUPLFO͕ࣦޮͯ͠ো֐

  43. )BTIJ$PSQ.FFUVQSE ๏ "QQSPMFͷTFDSFU@JEΛSFOFX͢ΔͨΊʹDVTUPNTFDSFU@JEͱͯ͠ઃఆͯ͠ ͍Δ ๏ DVTUPNTFDSFU@JEʹઃఆ͢ΔUPLFO͸BVUIUPLFOͰൃߦ ๏ Ϛ΢ϯτͨ͠TFDSFU͝ͱʹNBYMFBTFUUMͱ͍͏ઃఆ͕͋ΓɺγεςϜશମ ʹ΋NBYUUM͕ଘࡏ͢Δ ๏

    ྆ํ͕ະઃఆͷ৔߹ɺγεςϜͷNBYUUMͰ͋ΔEBZT্͕ݶ 7BVMUUPLFO͕ࣦޮͯ͠ো֐

  44. )BTIJ$PSQ.FFUVQSE IUUQTXXXWBVMUQSPKFDUJPEPDTDPODFQUTUPLFOTIUNMUIFHFOFSBMDBTF ίϯηϓτʹॻ͍ͯ͋ͬͨ

  45. )BTIJ$PSQ.FFUVQSE .BY55-ઃఆ͸ɺ֤Ϛ΢ϯτ͞ΕͨγʔΫϨοτ͝ͱʹઃఆ͢ ΔͷͰɺຊ൪ӡ༻࣌ʹ͸ඞͣߟྀ͠·͠ΐ͏ɻ ͱͯ΋ॏཁͰ͢

  46. )BTIJ$PSQ.FFUVQSE ๏ 5PLFO͕ࣦޮͨ͠ΒBVEJUMPHʹΤϥʔ ͕සൃ͍ͯͨ͠ ๏ 7BVMUTFSWFSͷ$POTVMDIFDLTͰBVEJUMPHͷ ؂ࢹΛ௥Ճ ๏ ݕ஌ͨ͠΋ͷ͸$POTVM"MFSUͰ4MBDL௨஌ Αͦ͠ΕͳΒ؂ࢹ௥Ճͩ

    { "name": "vault-audit-log", "tags": ["vault", "audit"], "checks": [ { "script": "sudo /usr/local/sbin/check_audit", "interval": "60s" } ] } #!/bin/bash check-log --file /var/log/vault_audit.log \ --pattern '\"error\":\".+\"' \ —exclude='invalid request|unsupported path|unsupported operation' .BDLFSFMͷDIFDLDPNNBOE

  47. )BTIJ$PSQ.FFUVQSE $POTVMؾܰʹ؂ࢹ௥ՃͰ͖ͯศརʂ

  48. )BTIJ$PSQ.FFUVQSE ๏ ϩϦϙοϓʂϚωʔδυΫϥ΢υͰͷ)BTIJ$PSQιϑτ΢ΣΞͷ׆༻ํ๏ Λഎܠͱಛ௃Λ౿·͑ղઆ ๏ )BTIJ$PSQιϑτ΢ΣΞ͸࢖͍͜ͳ͢͜ͱͰγεςϜ͕͍͍ײ͡ʹͳΔ ͷͰυΩϡϝϯτΛख़ಡ͢΂͠ ๏ )BTIJ$PSQͷ֤ιϑτ΢ΣΞʹ͸ྲྀΕ͕͋Γɺซ༻͢Δ͜ͱͰศར͕͞ ૿͢ʂʂʂ

    $PODMVTJPO

  49. )BTIJ$PSQ.FFUVQSE 5IBOLZPV 8FSFIJSJOH