Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Webサーバの高集積マルチテナントアーキテクチャに関する研究

 Webサーバの高集積マルチテナントアーキテクチャに関する研究

松本の研究を通じて高集積ホスティングに関する技術と最新動向を学ぶ

ペパボ研究所 主席研究員/チーフエンジニア 松本亮介
2018年3月27日 小山さんへの高集積ホスティングに関する講義

MATSUMOTO Ryosuke

March 27, 2018
Tweet

More Decks by MATSUMOTO Ryosuke

Other Decks in Research

Transcript

  1. 8FCαʔόͷجຊతͳϞσϧ 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF $IJMEIUUQEQSPDFTT PXOFSBQBDIF $IJMEIUUQEQSPDFTT PXOFSBQBDIF $MJFOU

    ϦΫΤετ Ϩεϙϯε 6/*9ܥ04ͷ৔߹ࣄલʹϦΫΤετΛड͚Δ ϓϩηεΛෳ਺GPSL ͯ͠ϓʔϧ͓ͯ͘͠ ʢ͜ΕΒશͯΛؚΊͯʮ୯Ұͷαʔόϓϩηεʯͱఆٛʣ  ϦΫΤετ Ϩεϙϯε ϦΫΤετ Ϩεϙϯε
  2. ߴूੵͷͨΊͷΞʔΩςΫνϟ IUUQE Ϣʔβ" IUUQE Ϣʔβ# IUUQE Ϣʔβ$ IUUQE Ϣʔβ" Ϣʔβ#

    Ϣʔβ$ ޮ཰ྑ͘࢒ϦιʔεΛ࢖͑Δ ىಈʹඞཁ ͳϦιʔε ىಈʹඞཁ ͳϦιʔε ىಈʹඞཁ ͳϦιʔε ىಈʹඞཁͳϦιʔε ߴूੵ͕ཁٻ͞ΕΔ৔߹ͷ Ϛϧνςφϯτʢຊݚڀʣ ϚϧνςφϯτͷผΞϓϩʔν 
  3. $(*࣮ߦํࣜ $(*QSPDFTT QIQDHJJOEFYQIQ $(*QSPDFTT GPSL UFSNJOBUFQSPDFTT FYFDWF 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT

    PXOFSBQBDIF ϦΫΤετຖʹϓϩηεͷੜ੒ɾഁغͱ ൺֱతେ͖ͳόΠφϦʢ1)1ͩͱQIQDHJόΠφϦʣͷ FYFDWF ͕ඞཁ 
  4. $(*QSPDFTT PXOFSVTFS $(*QSPDFTT PXOFSSPPU QIQDHJJOEFYQIQ PXOFSVTFS $(*QSPDFTT PXOFSVTFS ੩తʹઃఆ͞ΕͨVJEΛݩʹTFUVJE TFUHJE

    GPSL  FYFDWF TVFYFDQSPHSBN TFUVJESPPU UFSNJOBUFQSPDFTT FYFDWF 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF ˞$(* ैདྷͷΞΫηε੍ޚख๏ ϦΫΤετຖʹ$(*༻ϓϩηεͷ ੜ੒ഁغ͕ඞཁ
  5. 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSSPPU JOEFYQIQ PXOFSVTFS TFUVJE TFUHJE QBSTF SVO

    $IJMEIUUQEQSPDFTT PXOFSVTFS $IJMEIUUQEQSPDFTT PXOFSVTFS UFSNJOBUFQSPDFTT ϦΫΤετຖʹࢠIUUQEϓϩηεͷੜ੒ഁغ͕ඞཁ ˞%40 ैདྷͷΞΫηε੍ޚख๏
  6. 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSSPPU JOEFYQIQ PXOFSVTFS TFUVJE TFUHJE QBSTF SVO

    ˞%40 ैདྷͷΞΫηε੍ޚख๏ $IJMEIUUQEQSPDFTT PXOFSVTFS $IJMEIUUQEQSPDFTT PXOFSVTFS UFSNJOBUFQSPDFTT ϦΫΤετຖͷࢠIUUQEϓϩηεͷੜ੒ഁغ͕ඞཁ
  7. $(*QSPDFTT PXOFSVTFS $(*QSPDFTT PXOFSSPPU QIQDHJJOEFYQIQ PXOFSVTFS $(*QSPDFTT PXOFSVTFS ੩తʹઃఆ͞ΕͨVJEΛݩʹTFUVJE TFUHJE

    GPSL  FYFDWF TVFYFDQSPHSBN TFUVJESPPU UFSNJOBUFQSPDFTT FYFDWF 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF ϦΫΤετຖʹ$(*༻ϓϩηεͷ ੜ੒ഁغ͕ඞཁ ˞$(* ैདྷͷΞΫηε੍ޚख๏ 
  8. $(*QSPDFTT PXOFSVTFS $(*QSPDFTT PXOFSSPPU QIQDHJJOEFYQIQ PXOFSVTFS $(*QSPDFTT PXOFSVTFS DISPPU 

    ϦΫΤετϑΝΠϧ͔ΒVJEऔಘޙ TFUVJE TFUHJE GPSL  FYFDWF TVFYFDQSPHSBN TFUVJESPPU UFSNJOBUFQSPDFTT FYFDWF 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF DISPPU&OWJSPONFOU ˞$(* ఏҊ͢ΔΞʔΩςΫνϟ 
  9. 

  10. 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSSPPU JOEFYQIQ PXOFSVTFS TFUVJE TFUHJE QBSTF SVO

    ˞%40 ैདྷͷΞΫηε੍ޚख๏ $IJMEIUUQEQSPDFTT PXOFSVTFS $IJMEIUUQEQSPDFTT PXOFSVTFS UFSNJOBUFQSPDFTT ϦΫΤετຖͷࢠIUUQEϓϩηεͷੜ੒ഁغ͕ඞཁ 
  11. 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF UISFBE PXOFSVTFS UISFBE PXOFSBQBDIF JOEFYQIQ PXOFSVTFS

    TFUVJE TFUHJE ʜ VOTFUDBQT DSFBUFUISFBE TFUDBQT EFTUSPZUISFBE QBSTF SVO QSDUM TFUVJETFUHJEDBQT UISFBE PXOFSVTFS ˞%40 ఏҊ͢ΔΞΫηε੍ޚΞʔΩςΫνϟ 
  12. 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF UISFBE PXOFSVTFS UISFBE PXOFSBQBDIF TFUVJE TFUHJE

    ʜ VOTFUDBQT DSFBUFUISFBE TFUDBQT EFTUSPZUISFBE QSDUM TFUVJETFUHJEDBQT UISFBE PXOFSVTFS ˞$(* ఏҊ͢ΔΞΫηε੍ޚΞʔΩςΫνϟ $(*QSPDFTT PXOFSVTFS QIQDHJJOEFYQIQ PXOFSVTFS $(*QSPDFTT PXOFSVTFS GPSL UFSNJOBUFQSPDFTT FYFDWF 
  13. ࢀߟɿγεςϜίʔϧͷ਺Λൺֱ wQIQJOGP ΁ͷΞΫηεΛTUSBDF͔Βղੳ w$(*ʴTV&9&$ճ wNPE@QIQ NPE@QSPDFTT@TFDVSJUZճ wΦʔόʔϔουʹͳͬͯΔγεςϜίʔϧ wDMPOF PQFO DMPTF

    FYFDWF ͳͲTV&9&$ؔ࿈ ˞TUSBDFDGQ1*% ˞DBUDHJMPHcHSFQWFQPMM@XBJUcHSFQWGVUFYcQFSMBOF <aEa> QSJOU@JG 
  14. w αʔόϓϩηεىಈ࣌ʹΠϯλϓ ϦλΛ֬อ w ϦΫΤετॲཧ࣌ʹΠϯλϓϦλ Λڞ༗ͯ͠εΫϦϓτΛίϯύΠϧ ͔ͯ͠Β࣮ߦ ߏจ໦ղੳ όΠτίʔυੜ੒ 7.্Ͱ࣮ߦ

    ϦΫΤετຖʹαʔόϓϩηε͕εΫϦϓτΛϑοΫ εΫϦϓτಡΈࠐΈ ΠϯλϓϦλͱ ϥΠϒϥϦΛڞ༗ όΠτίʔυɺάϩʔόϧม਺ɾΫϥεɺྫ֎ϑϥάΛ։์ ഉଞॲཧ ϚϧνεϨου8FC αʔόΞʔΩςΫνϟ ʹରԠ 
  15. ߏจ໦ղੳ όΠτίʔυੜ੒ 7.্Ͱ࣮ߦ ϦΫΤετຖʹαʔόϓϩηε͕εΫϦϓτΛϑοΫ εΫϦϓτಡΈࠐΈ ΠϯλϓϦλͱ ϥΠϒϥϦΛڞ༗ άϩʔόϧม਺ɾΫϥεɺྫ֎ϑϥάΛ։์ όΠτίʔυ ςʔϒϧ

    w όΠτίʔυΩϟογϡʹΑͬͯαʔ όϓϩηεىಈޙʹίʔυมߋ͕ඞ ཁͳ͍৔߹͸ߴ଎Խ w αʔόىಈ࣌ʹίϯύΠϧͯ͠όΠ τίʔυςʔϒϧʹอଘ͓͖ͯ͠ɺ ϦΫΤετ࣌ʹऔಘ࣮ͯ͠ߦ 
  16. NPE@NSVCZઃఆྫ # Normal hook <Location /mruby-test> mrubyHandlerMiddle /path/to/test.rb </Location> #

    ByteCode Caching at Start up <Location /mruby-test-cache> mrubyHandlerMiddle /path/to/test.rb cache </Location> 
  17. NPE@NSVCZઃఆྫ # Normal hook <Location /mruby-test> mrubyHandlerMiddle /path/to/test.rb </Location> #

    ByteCode Caching at Start up <Location /mruby-test-cache> mrubyHandlerMiddle /path/to/test.rb cache </Location> 
  18. OHY@NSVCZͷΠϯϥΠϯઃఆྫ # Inline code hook location /mruby-hello { mruby_content_handler_code ‘

    r = Nginx::Request.new c = Nginx::Connection.new r.content_type = “text/plain” Nginx.echo “Hello #{c.remote_ip} World” ‘; } 
  19. OHY@NSVCZͰͷ3FWFSTF1SPYZ # location /proxy { # mruby_set $backend "/path/to/proxy.rb"; #

    proxy_pass http://$backend; # } backends = [ "http://192.168.0.101:8888/", "http://192.168.0.102:8888/", "http://192.168.0.103:8888/", ] backends[rand(backends.length)] 
  20. NPE@NSVCZͷ#BTJD"VUIXJUI3FEJT # <Location /basic/> # AuthType basic # AuthName "Message

    for clients" # AuthBasicProvider mruby # mrubyAuthnCheckPassword /path/to/authn_basic.rb # require valid-user # </Location> anp = Apache::AuthnProvider.new redis = Redis.new "127.0.0.1”, 6379 if redis.get(anp.user) == anp.password Apache.return Apache::AuthnProvider::AUTH_GRANTED else Apache.return Apache::AuthnProvider::AUTH_DENIED end 
  21. ҟͳΔ8FCαʔόͷ౷Ұత֦ுهड़ "QBDIF "1* 3VCZTDSJQU NPE@NSVCZ 3VCZTDSJQU ɾ ɾ ɾ ɾ

     3VCZTDSJQUO /HJOY "1* OHY@NSVCZ 3VCZTDSJQU "QBDIF $PSF /HJOY $PSF 3VCZ %4- GPS8FC "QBDIF 5SB⒏D 4FSWFS "1* UT@NSVCZ "QBDIF 5SB⒏D 4FSWFS $PSF SFGIUUQTHJUIVCDPNTZVDSFBNUT@NSVCZ 
  22. ౷Ұతهड़ྫ # Output Hello World Server = get_server_calss Server.rputs "Hello

    #{Server.module_name}/ #{Server.module_version} world!" # mod_mruby => "Hello mod_mruby/1.9.3 world!" # ngx_mruby => "Hello ngx_mruby/1.3.2 world!" # ts_mruby => "Hello ts_mruby/0.0.1 world!" 
  23. ैདྷख๏ͱͷੑೳൺֱ ैདྷͷػೳ֦ ு NPE@QFSM NPE@SVCZ NPE@MVB NPE@NSVCZ NPE@NSVCZ Ωϟογϡ ݴޠ

    $ 1FSM 3VCZ -VB NSVCZ NSVCZ ΠϯλϓϦλ ॳظԽॲཧ ࣄલ ౎౓ ࣄલ ࣄલ ϥΠϒϥϦ ಡΈࠐΈ ࣄલ ౎౓ ࣄલ ࣄલ ίϯύΠϧ ࣄલ ౎౓ ౎౓ ౎౓ ࣄલ ίʔυͷมߋ ෆՄ Մ Մ Մ ෆՄ άϩʔόϧঢ়ଶ ڞ༗ ڞ༗ ඇڞ༗ ඇڞ༗ ඇڞ༗ ੑೳ 3FTQPOTFTFD       
  24. NPE@NSVCZͱDHSPVQͷ࣮૷ "QBDIF1SPDFTT NPE@NSVCZ NSVCZ MJCNSVCZB  NSVCZDHSPVQ MJCDHSPVQ -JOVYDHSPVQT • 

    ֤ػೳ͸୯ମͰಈ࡞Մೳʢૄ݁߹ʣ •  NPE@NSVCZ͸"QBDIFΛNSVCZͰ੍ޚ •  NSVCZDHSPVQ͸MJCDHSPVQΛNSVCZͰ੍ޚ •  NSVCZ NSVCZDHSPVQ •  3VCZ΍$ίʔυ಺ͰϦιʔεΛ੍ޚՄೳ •  ͜ͷϧʔϓ͸$16Ͱ •  ͜ͷॻ͖ग़͠͸%*4,ॻࠐ.#TFDͰ 
  25. Ϧιʔε੍ޚͷઃఆྫ r = Apache::Request.new if r.filename == “/path/to/cpu.cgi” cpu =

    Cgroup::CPU.new “cpu_group” # CPU 10 cpu.cfs_quota_us = 10000 cpu.create cpu.attach end  ݫີʹ͸NTதNTͷ$16࢖༻࣌ؒΛ RVPUBͱͯ͠εέδϡʔϧ͢Δઃఆ
  26. Ϧιʔε੍ޚͷઃఆྫ r = Apache::Request.new if r.hostname == “example.com” cpu =

    Cgroup::CPU.new “cpu_group” # CPU 10 cpu.cfs_quota_us = 10000 cpu.create cpu.attach end 
  27. Ϧιʔε੍ޚͷઃఆྫ r = Apache::Request.new if r.user== “matsumotory” cpu = Cgroup::CPU.new

    “cpu_group” # CPU 10 cpu.cfs_quota_us = 10000 cpu.create cpu.attach end 
  28. Ϧιʔε੍ޚͷઃఆྫ r = Apache::Request.new if r.method== “POST” cpu = Cgroup::CPU.new

    “cpu_group” # CPU 10 cpu.cfs_quota_us = 10000 cpu.create cpu.attach end 
  29. Ϧιʔε੍ޚͷઃఆྫ r = Apache::Request.new if r.finfo.user == 500 cpu =

    Cgroup::CPU.new “cpu_group” # CPU 10 cpu.cfs_quota_us = 10000 cpu.create cpu.attach end 
  30. Ϧιʔε੍ޚͷઃఆྫ r = Apache::Request.new if r.finfo.group == 300 cpu =

    Cgroup::CPU.new “cpu_group” # CPU 10 cpu.cfs_quota_us = 10000 cpu.create cpu.attach end 
  31. Ϧιʔε੍ޚͷઃఆྫ r = Apache::Request.new if r.finfo.size > 3000 cpu =

    Cgroup::CPU.new “cpu_group” # CPU 10 cpu.cfs_quota_us = 10000 cpu.create cpu.attach end 
  32. Ϧιʔε੍ޚͷઃఆྫ if resource.most_heavy_hosts.include? r.hostname # 1 100 1 c =

    Cgroup::CPU.new "httpd-static-limited" c.cfs_quota_us = 100000 Apache::Resource.attach_cgroup c, "httpd-static-limited" elsif resource.heavy_hosts.include? r.hostname # CPU 25% 24 6 # httpd 100 ( ) c = Cgroup::CPU.new "httpd-limited" c.shares = 25 Apache::Resource.attach_cgroup c, "httpd-limited" else # CPU 75% 24 18 # httpd-limited 100 ( ) c = Cgroup::CPU.new "httpd" c.shares = 75 Apache::Resource.attach_cgroup c, "httpd" end 
  33. 

  34. ຊ࿦จʹؚ·ΕΔൃදจݙ ࿦จࢽ࿦จ 1 দຊ ྄հ, ܀ྛ ݈ଠ࿠, Ԭ෦ णஉ, ϦΫΤετ୯ҐͰԾ૝తʹϋʔυ΢ΣΞϦιʔεΛ෼཭͢

    ΔWebαʔόͷϦιʔε੍ޚΞʔΩςΫνϟ, ৘ใॲཧֶձ࿦จࢽ, Vol.59, No.3, pp.1016-1025, Mar 2018. 2 দຊ ྄հ, ܀ྛ ݈ଠ࿠, Ԭ෦णஉ, WebαʔόͷߴूੵϚϧνςφϯτΞʔΩςΫνϟͱӡ༻ٕ ज़, ిࢠ৘ใ௨৴ֶձ࿦จࢽ, Vol.J101-B, No.1, pp.16-30, Jan 2018. 
  35. ຊ࿦จʹؚ·ΕΔൃදจݙ ࿦จࢽ࿦จ 3 দຊ ྄հ, Ԭ෦ णஉ, mod_mruby: εΫϦϓτݴޠͰߴ଎͔ͭলϝϞϦʹ֦ுՄೳͳWebαʔ όͷػೳ֦ுࢧԉػߏ,

    ৘ใॲཧֶձ࿦จࢽɼVol.55, No.11, pp.2451-2460, Nov 2014. 4 দຊ ྄հ, Ԭ෦णஉ,εϨου୯ҐͰݖݶ෼཭Λߦ͏WebαʔόͷΞΫηε੍ޚΞʔΩςΫ νϟ,ిࢠ৘ใ௨৴ֶձ࿦จࢽ Vol.J96-B, No.10, pp.1122-1130, Oct 2013. 5 দຊ ྄հ, ઒ݪক࢘, দԬً෉, େن໛ڞ༗ܕWebόʔνϟϧϗεςΟϯάج൫ͷηΩϡϦςΟ ͱӡ༻ٕज़ͷվળ, ৘ใॲཧֶձ࿦จࢽ, Vol.54, No.3, pp.1077-1086, Mar 2013. 
  36. ຊ࿦จʹؚ·ΕΔൃදจݙ ࠃࡍձٞൃදʢࠪಡ෇͖ʣ 1 Ryosuke Matsumoto, Yasuo Okabe, Access Control Architecture

    Separating Privilege by a Thread on a Web Server, The 12th IEEE/IPSJ International Symposium on Applications and the Internet (SAINT2012), pp.178-183, July 2012.