200万 Webサイトを支えるロリポップ！と mruby

by harasou

Slide 1

Slide 1 text

GMO Pepabo, Inc. SOGO Haraguchi 2015/07/11 ؔ੢Rubyձٞ06 ສ8FCαΠτΛࢧ͑Δ ϩϦϙοϓʂͱNSVCZ

Slide 2

Slide 2 text

ࣗݾ঺հ !IBSBTPV ΠϯϑϥΤϯδχΞ 4*FSΛ೥΄Ͳసʑ (.0ϖύϘגࣜձࣾ  ϗεςΟϯάࣄۀ෦ΠϯϑϥνʔϜ  ෱Ԭ

Slide 3

Slide 3 text

ϗεςΟϯάαʔϏε  Ϣʔβͷ8&#΍ϝʔϧΛ༬͔ͬͯӡ༻͢Δɻ͍ΘΏ ΔʮϨϯλϧαʔόʔʯͳͲɻ (.0ϖύϘגࣜձࣾɹ

Slide 4

Slide 4 text

!ITCU

Slide 5

Slide 5 text

!NBUTVNPUPSZ

Slide 6

Slide 6 text

ΞδΣϯμ 8FCϗεςΟϯάͷ೰Έ NSVCZNPE@NSVCZͷ঺հ NSVCZΛར༻ͨ͠ରࡦ ·ͱΊ

Slide 7

Slide 7 text

8FCϗεςΟϯά ͷ೰Έ

Slide 8

Slide 8 text

ͦͷ̍

Slide 9

Slide 9 text

େྔΞΫηε %P4 XFC αʔό ߈ܸऀ

Slide 10

Slide 10 text

ͦͷ̎

Slide 11

Slide 11 text

$16Λ৯͏ΞΫηε XFC αʔό ˋ ˋ

Slide 12

Slide 12 text

!NBUTVNPUPSZ

Slide 13

Slide 13 text

ͦΕNSVCZͳΒ Ͱ͖ΔΑͶ

Slide 14

Slide 14 text

"QBDIF NPE@NSVCZ    NSCHFNTʢϦιʔε੍ޚ༻ʣ

Slide 15

Slide 15 text

NSVCZ লϝϞϦͷ3VCZ࣮૷ɻ૊ΈࠐΈ޲͚ɻ ΞϓϦέʔγϣϯ͸$ $Ͱ։ൃɻ  ॊೈੑɺੜ࢈ੑ͕ඞཁͳ෦෼͚ͩ3VCZ Ͱ࣮૷ɻ MJCNSVCZB  ΞϓϦ૊ࠐΈ༻ϥΠϒϥϦ

Slide 16

Slide 16 text

NPE@NSVCZ "QBDIFͷϞδϡʔϧ NSVCZͷεΫϦϓτͰ༷ʑͳ"QBDIFͷ  ੍ޚ͕Մೳ NPE@NSVCZ NSVCZεΫϦϓτ NPE@TTM DPSF "QBDIF MJCNSVCZB IUUQEPTEFUFDUPS NSVCZεΫϦϓτ

Slide 17

Slide 17 text

ઃఆNPE@NSVCZ NPE@NSVCZ͕ఏڙ͍ͯ͠ΔIPPLʹ࣮ߦͨ͠ ͍NSVCZεΫϦϓτΛઃఆ ʮDBDIFʯΛ͚ͭΔͱࣄલʹόΠτίʔυ 1 2 mrubyFixupsMiddle start.rb cache 3 mrubyLogTransactionMiddle end.rb cache 4

Slide 18

Slide 18 text

Ϧιʔε੍ޚຊͷ໼ NPE@NSVCZͰར༻͢ΔNSCHFNT IUUQEPTEFUFDUPS IUUQBDDFTTMJNJUUFS NSVCZDHSPVQ

Slide 19

Slide 19 text

1.http-dos-detector େྔʢ%PTతͳʣΞΫηε΁ͷରࡦ ʮҰఆظؒʯͷΞΫηεঢ়گΛ΋ͱʹ ͞·͟·ͳ੍ޚ͕Մೳ ྫʣ͋ΔυϝΠϯʹɺSFRT དྷͨΒɺͦͷޙ̍ඵؒ͸Λฦ ͢ɻ

Slide 20

Slide 20 text

$16Λ৯͏ΞΫηε΁ͷରࡦ ʮݱ࣌఺ʯͷΞΫηεঢ়گΛ΋ͱʹɺ ͞·͟·ͳ੍ޚ͕Մೳ ྫʣ͋Δ$(*΁ͷಉ࣌ΞΫηε਺͕ ̑Λ௒͑ͨͱ͖͸Λฦ͢ɻ 2.http-access-limitter

Slide 21

Slide 21 text

ུ֓ਤᶃ IUUQEPTEFUFDUPSIUUQBDDFTTMJNJUUFS "QBDIF ਌ϓϩηε NSVCZ XPSLFS NSVCZ XPSLFS NSVCZ XPSLFS NSVCZ XPSLFS NSVCZ ڞ༗ϝϞϦ HMPCBMMPDL ᶄΧ΢ϯλ ΠϯΫˠॲཧˠσΫϦ MPDBMNFNDBDIF ,74 ᶃUSZ@MPDL ᶅVOMPDL

Slide 22

Slide 22 text

ઃఆᶃIUUQBDDFTTMJNJUUFS 1 LoadModule mruby_module modules/mod_mruby.so 2 3 4 mrubyPostConfigMiddle access_limitter_init.rb cache 5 mrubyChildInitMiddle access_limitter_worker_init.rb cache 6 7 8 mrubyAccessCheckerMiddle access_limitter_start.rb cache 9 mrubyLogTransactionMiddle access_limitter_end.rb cache 10 11 access_limitter_apache.conf

Slide 23

Slide 23 text

ઃఆᶃIUUQBDDFTTMJNJUUFS access_limitter_start.rb 1 threshold = 2 2 3 Server = get_server_class 4 r = Server::Request.new 5 cache = Userdata.new.shared_cache 6 global_mutex = Userdata.new.shared_mutex 7 8 limit = AccessLimitter.new r, cache, { :target => r.filename } 9 10 timeout = global_mutex.try_lock_loop(50000) do 11 begin 12 limit.increment 13 if limit.current > threshold 14 Server.return Server::HTTP_SERVICE_UNAVAILABLE 15 end 16 rescue => e 17 raise "AccessLimitter failed: #{e}" 18 ensure 19 global_mutex.unlock 20 end 21 end

Slide 24

Slide 24 text

ઃఆᶃIUUQBDDFTTMJNJUUFS access_limitter_end.rb 1 2 3 Server = get_server_class 4 r = Server::Request.new 5 cache = Userdata.new.shared_cache 6 global_mutex = Userdata.new.shared_mutex 7 8 limit = AccessLimitter.new r, cache, { :target => f.filename } 9 10 timeout = global_mutex.try_lock_loop(50000) do 11 begin 12 limit.decrement 13 rescue => e 14 raise "AccessLimitter failed: #{e}" 15 ensure 16 global_mutex.unlock 17 end 18 end

Slide 25

Slide 25 text

$16Λ৯͏ΞΫηε΁ͷରࡦ lDHSPVQzͱݺ͹ΕΔ-JOVYΧʔωϧͷ ػೳΛૢ࡞͠ɺ$16ɺϝϞϦɺωοτ ϫʔΫଳҬͳͲΛ੍ޚɻ ྫʣϗεςΟϯά͞Ε͍ͯΔΞΧ΢ϯτ ୯ҐͰɺར༻Ͱ͖Δ$16ΛฏۉԽ͢Δɻ 3.mruby-cgroup

Slide 26

Slide 26 text

ུ֓ਤᶄ DHSPVQlDQVTIBSFTz$16࣌ؒͷׂ߹Λࢦఆ ϧʔτάϧʔϓɿDQVTIBSFT Ϣʔβ"άϧʔϓɿDQVTIBSFT $16࢖͏ϓϩηε# $16࢖͏ϓϩηε" Ϣʔβ#άϧʔϓɿDQVTIBSFT $16࢖͏ϓϩηε$ ^ ^ ߹ܭͰˋ ̍ͭͰˋ

Slide 27

Slide 27 text

ઃఆᶄNSVCZDHSPVQ 1 2 mrubyFixupsMiddle resouce_manage_start.rb cache 3 mrubyLogTransactionMiddle resouce_manage_end.rb cache 4 1 r = Apache::Request.new 2 u = r.finfo.user 3 4 c = Cgroup::CPU.new u 5 if c.exist? 6 c.modify 7 else 8 c.create 9 end 10 c.attach resource_manage_start.rb mod_mruby.conf

Slide 28

Slide 28 text

Ϧιʔε੍ޚຊͷ໼ IUUQEPTEFUFDUPS IUUQBDDFTTMJNJUUFS NSVCZDHSPVQ

Slide 29

Slide 29 text

OHY@NSVCZ IUUQEPTEFUFDUPS

Slide 30

Slide 30 text

ੑೳݕূ!TBXBOPCPMZ ඵͰ ϦΫΤετͷϧʔϧͰϒϩοΫͯ͠Έͨɻ 1 config = { 2 :counter_key => r.hostname, 3 :magic_str => "....", 4 5 :behind_counter => -500, 6 7 :threshold_counter => 1000, 8 :threshold_time => 5, 9 10 :expire_time => 60, 11 } http://qiita.com/sawanoboly/items/74368e002631bed3afb7

Slide 31

Slide 31 text

BC OD ͷ݁Ռ EPTEFUFDUPSͳ͠ Concurrency Level: 30 Time taken for tests: 2.756 seconds Complete requests: 6000 Failed requests: 0 Requests per second: 2177.34 [#/sec] (mean) Time per request: 13.778 [ms] (mean) Time per request: 0.459 [ms] (mean, across all concurrent requests) Transfer rate: 493.30 [Kbytes/sec] received EPTEFUFDUPS͋ΓˍϒϩοΫͳ͠ Concurrency Level: 30 Time taken for tests: 3.940 seconds Complete requests: 6000 Failed requests: 0 Total transferred: 1392000 bytes HTML transferred: 24000 bytes Requests per second: 1522.99 [#/sec] (mean) Time per request: 19.698 [ms] (mean) Time per request: 0.657 [ms] (mean, across all concurrent requests) Transfer rate: 345.05 [Kbytes/sec] received

Slide 32

Slide 32 text

ੑೳ·ͱΊ ׂ̏͘Β͍͋ͬͨͶɻ

Slide 33

Slide 33 text

·ͱΊ

Slide 34

Slide 34 text

·ͱΊ NPE@NSVCZ͔ͭ͏ͱ"QBDIFͷ  ੍ޚ͕Ͱ͖Δ OHY@NSVCZ/HJOYʣ  $ͩͱߦͷ࣮૷͕ɺNSVCZͩͱ Θ͔ͣ਺ेߦɻ୹ظؒͰ։ൃՄೳɻ  CZNBUTVNPUPSZ

Slide 35

Slide 35 text

ϗεςΟϯάӡ༻ Λ NSVCZͰίϯτϩʔϧ Ͱ͖Δɺศར͞ʂ