Slide 1
Slide 1 text
ٖؖء٦؟٦غ٦植➿
ך䪮遭דⱄ圓眠ׅ
CVJMEFSTDPOUPLZP
!GVKJXBSB
Slide 2
Slide 2 text
!GVKJXBSB SRE (૯෦)
HJUIVCDPNGVKJXBSB
TGVKJXBSBIBUFOBCMPHDPN
Slide 3
Slide 3 text
(BNF$PNNVOJUZ
Slide 4
Slide 4 text
鑧ֿׅה
ͱ͋ΔձࣾʹϨΨγʔͳ։ൃࢧԉαʔόʔ͕͋Γ
Redmine, SVN, Git(gitolite), etc...͕ಈ͍͍ͯ·͢
ͦΕΛAWSͷϚωʔδυαʔϏεΛͬͯ
ۙԽվम͍ͯ͘͠يͰ͢
• Βͳ͍͜ͱΛܾΊΔ
• URLҡ࣋͢Δ
• ϚωʔδυαʔϏεΛ׆༻͠ɺՄ༻ੑͱίετɺϝϯςφϯε
ੑΛ্͢Δ
Slide 5
Slide 5 text
涪佄䴂؟٦غ٦嚊銲
EC2 γϯάϧߏ(Amazon Linux 1) + RDS for MySQL
3FENJOF : 800Ϣʔβʔ 1800ϓϩδΣΫτ
4VCWFSTJPO(SVN) : 1000ϦϙδτϦ, 1TB
(JU؟٦غ : gitolite2 1000ϦϙδτϦ, 300GB
/P1BTUF : ςΩετεχϖοτΛอଘͯ͠URLΛ Slack/IRC ʹ
ߘ
爡ⰻ(ZB[P : εΫϦʔϯγϣοτΛڞ༗
*3$ꟼ鸬؟٦ؽأ : ircd, znc(IRCͷଓҡ࣋), tiarra(IRCΫϥΠ
Ξϯτ ϩάऔಘ༻), groonga(ϩάͷશจݕࡧ), logviewer(ϩάӾ
ཡWebApp)
Slide 6
Slide 6 text
ֿך؟٦غ٦ך娖〷
痥⚅➿䎃⟃
Ϩϯλϧαʔόʔ্ʹߏங
ιϑτΣΞ: Redmine, SVN
ϛυϧΣΞ: Apache HTTPd, MySQL
OS: RHEL 5?
Slide 7
Slide 7 text
ֿך؟٦غ٦ך娖〷
痥⚅➿䎃
ࣗࣾDCඋʹ͍ KVM Խ
CentOS 6
SVN σʔλίϐʔͰҠߦ
Redmine, SVN ͷσʔλ NFS αʔόʹอଘͯ͠ NFS mount
Slide 8
Slide 8 text
ֿך؟٦غ٦ך娖〷
痥⚅➿䎃
ࣗࣾDCఫୀʹ͍AWSҠߦ
EC2 1 (Amazon Linux 2015.03)
DB RDS for MySQLʹ
ELB ༻ͤͣɺApacheͰTLSॲཧ
σʔλ EBS ʹίϐʔͯ͠EC2ͰϚϯτ
ผͷϗετͰಈ͍͍ͯͨIRCؔ࿈αʔϏε, NoPaste, ࣾGyazo,
GitαʔόΛ౷߹
Slide 9
Slide 9 text
䎃׀הְּחכⱄ圓眠׃גְ
200? Ϩϯλϧαʔό
2011 ΦϯϓϨ
2015 AWS EC2
2019 ???
࠶ߏஙաڈͷΛղফ͢Δνϟϯε
Slide 10
Slide 10 text
3FENJOF⤑ⵃח׃גְ䎃圓䧭
SVN htpasswd ϑΝΠϧʹΑΔ BASIC ೝূ
ʮRedmine ͷΞΧϯτSVNͱ౷Ұ͍ͨ͠ʂʯ
Apache Ͱ BASIC ೝূΛ௨աͨ͠ REMOTE_USER
= RedmineͷϢʔβͱͯ͠ѻ͏ϞϯΩʔύον
ϓϥάΠϯΛར༻ऀͷཁͰؾܰʹՃ
ͲΜͲΜศརʹ…?
Slide 11
Slide 11 text
וו⤑ⵃח׃穠卓
3FENJOFךغ٦آّٝ،حفָ㹋颵♶〳腉ח
खݩͰೖΕͨೝূ·ΘΓͷϞϯΩʔύον͕ඞཁ
→ ͜ΕेߦͳͷͰؤுΕͳ͍͜ͱͳ͍͕…
ϓϥάΠϯ͕Redmineͷ৽όʔδϣϯʹඇରԠ(ͳ͜ͱ͕͋Δ)
→ ϓϥάΠϯͷকདྷʹΘͨͬͯͷϝϯςΛҾ͖ड͚ΔͷෆՄೳ
Slide 12
Slide 12 text
չװזְֿהպ寸
Redmine ͷόʔδϣϯΞοϓ͕Ͱ͖Δঢ়ଶʹอͭ
→ ٌٝؗ٦ػحثכ׃זְ
!
όʔδϣϯΞοϓͷোʹͳΔͷͰفؚٓ؎ٝכⰅזְ
ཁ͕͋ͬͯஅΔɻҰೖΕͳ͍͜ͱʹ͢Δ
ʮ࣌ͷ୲ऀ(ୀ৬)ͷҨݴͳͷͰ…ʯ
Slide 13
Slide 13 text
̔דװֿה
⭕
DB Λ RDS for MySQL ʹͯ͠Ϛωʔδυʹ
⭕
Redmine ͷόʔδϣϯΞοϓ
⭕
ʮΒͳ͍͜ͱʯΛܾΊͨ
ͱ͍͑Ҡߦલͱ͓ͳ͡Ϣʔβ໊ͱύεϫʔυͰೝূ͍ͨ͠
طଘϢʔβ(ඦ໊)ʹҎલͱಉҰύεϫʔυͷൃߦෆՄೳ
શһʹ৽ύεϫʔυΛൃߦ → ࣌ʹେࠞཚ
Slide 14
Slide 14 text
ٌٝؗ٦ػحث״وءז倯岀ד鍑嶊
Redmine ೝূػߏΛίʔυͰΧελϚΠζͰ͖Δ1
htpasswdΛಡΜͰೝূ͢ΔίʔυΛ࣮͢Δ͜ͱͰରԠ
require 'htauth'
class AuthSourceHtpasswd < AuthSource
def authenticate(login, password)
r = nil
HTAuth::PasswdFile.open("/path/to/htpasswd", HTAuth::File::ALTER) do |pf|
user = pf.fetch(login)
if user && user.authenticated?(password)
r = { login: login, auth_source_id: self.id }
end
end
return r
rescue => e
raise AuthSourceException.new(e.message)
end
1 http://www.redmine.org/projects/redmine/wiki/AlternativecustomauthenticationHowTo
Slide 15
Slide 15 text
̔דװֿה
❗
47/װ3FENJOFך幐➰ؿ؋؎ٕךر٦ةח⥂㶷
Elastic Block Store(EBS): EC2༻ͷϒϩοΫετϨʔδ
EBS ผͷϗετ͔Βಉ࣌ϚϯτͰ͖ͳ͍
→ ඞવతʹEC2γϯάϧߏʹ
EBS AZ Λލ͛ͳ͍
→ AZ োʹऑ͍
ͳΜΒ͔ͷϦϞʔτϑΝΠϧγεςϜΛ͏͖ͩͬͨ…?
Slide 16
Slide 16 text
〳欽䚍ך֮/'4؟٦غ荈ⴓד甧ג
: 2015࣌ɺAmazon EFS ·ͩଘࡏ͠ͳ͍
&$〴ծⴽ";ח欽䠐׃ג荈⸂דؿ؋؎ٕず劍
lsyncd ͱ͔ DRBD ͱ͔
…Failover ࣗྗͰΔʁ
ⴓ侔ؿ؋؎ٕءأذيىسٕؐؑ،&$♳ד⹛ַׅ
GlusterFS ͱ͔ Ceph ͱ͔
…ͦͷҡ࣋ͱόʔδϣϯΞοϓͩΕ͕ʁ
EBSͰ͍͘ͱ͍͏அΉΛಘͳ͔ͬͨ෦͋Δ
Slide 17
Slide 17 text
̔דװֿה
❌
&-#⢪欽ׇ׆ծ5-4穄畭"QBDIFד㹋遤
EBS ͷؔͰ EC2 ͕γϯάϧߏ
→1͔͠ͳ͍ͷʹELBΛೖΕΔͷίετతʹແବͱ͍͏அ
תְָ
࣌ϫΠϧυΧʔυূ໌ॻ(DV)Λࣾͷ֤ॴͰ༻
ূ໌ॻऔಘͷίετଞͱڞ༻ͳͷͰແࢹͰ͖ͨ
ACM·ͩͳ͍(2016ϦϦʔε)
Slide 18
Slide 18 text
䎃ךְת罋ִה
TLSपลʹ੬ऑੑ͕සൟʹݟ͔ͭΔͨΊɺఆظతʹରԠ͕ඞཁ
BEAST(2011), CRIME(2012), BREACH(2013), POODLE,
Heartbleed(2014), FREAK, LOGJAM(2015),
DROWN(2016)..
&-#ז"84ָ⦜鋅גֻ
TCPΛ֎ʹࡽ͍ͯ͠Δ͚ͩͰӨڹΛड͚Δ੬ऑੑ
(CVE-2019-11477)
&-# SZ
Slide 19
Slide 19 text
剑鵚ך⫘ぢ
࠷ۙͷωοτϫʔΫ·ΘΓͷ੬ऑੑɺOS։ൃऀɺେखΫϥυ
ϕϯμʔ CDN ࣄۀऀؒͰઌʹݕ౼͞ΕɺΫϥυαʔϏεଆ͕
मਖ਼͞Ε͔ͯΒެ։͞ΕΔ͜ͱ͕ଟ͍
ࣗͰαʔόͷϙʔτΛ֎ʹࡽ͢
ʹ ެ։ޙɺࣗΒͰରॲ͢Δ·Ͱ੬ऑͳ··
ELB ͳΒ AWS ͕طʹύονΛ͍ͯͯΔ
ʹ ެ։࣌ʹطʹӨڹΛड͚ͳ͍(͜ͱ͕ଟ͍)
湫䱸&$דؚٗ٦غٕח儮ׅךכչ鋙䝎պָ䗳銲ז儗➿
Slide 20
Slide 20 text
㔐獳遤ַ䎃
AWSҠߦ͔Βͷ4ؒͰɺੈؒࣾࣄ͍Ζ͍ΖมΘͬͨ
ࣾͷνϟοτΛ Slack ʹશ໘Ҡߦ(2016)
→ IRCؔ࿈͕΄΅ඞཁͳ͘ͳͬͨ
SVNɺࣾGitαʔόΛ΄΅Θͳ͘ͳͬͨ
→ ͘͝Ұ෦·ͩ༻͍ͯ͠Δ͕ɺ΄ͱΜͲશͯ GitHub ʹ
Redmine·ͩ·͍ͩͬͯΔ
3.0 → 3.3 ͷόʔδϣϯΞοϓແࣄʹΓͬͨ
ͦͯ͠ "NB[PO-JOVY&P- 䎃剢
ͰҠߦ͕ඞਢʹ
Slide 21
Slide 21 text
չװזְֿהպ寸
47/ : ➙䖓獳遤׃גֲֿה䲿חծ笝䭯ׅ
1000ϦϙδτϦɺ1TBఔ͋Δ͕ΞΫςΟϒͳͷݸ
৽نʹ࡞͠ͳ͍
⛔
(JU : ؟٦غ堣腉⨡姺 ϑΝΠϧ͚ͩ͢
ΞΫςΟϒͳͷ GitHub ʹҠߦ͢Δ
3FENJOF : όʔδϣϯΞοϓΛؚΊͯ笝䭯ׅ
3.3.xEoLɻϢʔβʔαϙʔτରԠͳͲͰϔϏʔϢʔε
ଈഇࢭҠߦࠔ
⛔
*3$ꟼ鸬 : Ⰻ鿇姺
աڈϩάͱݕࡧ͚ͩ͢ɻ·ͩྺ࢙ΛৼΓฦΔ͜ͱ͕…
Slide 22
Slide 22 text
䎃獳遤ד麦䧭׃ְ湡垥
5-4穄畭وط٦آس؟٦ؽأ⻉
੬ऑੑͷରԠ্ɺূ໌ॻཧ͔Βͷղ์
&$ءؚٕٝ圓䧭膴׃ג㛙暕ח
2019-08-23 ౦ژϦʔδϣϯେোʹΑΓμϯͯ͠͠·ͬͨ
ٔهآزٔד盖椚ׁגזְ鿇ⴓ噰⸂זֻׅ
αʔό্Ͱख࡞ۀ͕ߦΘΕΔͱཧ͞Εͳ͍ઃఆͰߥΕ͍ͯ͘
植㖈ך&$זֻׅ"NB[PO-JOVY&P-ח㼎䘔
ࠓճͷҠߦͰ͜ͷ4Λୡ͍ͨ͠
Slide 23
Slide 23 text
&$ⴓ鍑׃وط٦آس؟٦ؽأדⱄ圓眠
"-# "QQMJDBUJPO-PBE#BMBODFS
㼪Ⰵׅ
→ ʮ1. TLS ऴΛϚωʔδυαʔϏεԽʯୡ
"NB[PO&'44ח縧ֹ䳔ִ
→ ʮ2. EC2 γϯάϧߏΛͯ͠ݎ࿚ʹʯୡͷͨΊ
ɹෳ͔Βڞ༗Ͱ͖ΔετϨʔδ͕ඞཁ
،فٔ؛٦ءّٝ؝ٝذش⻉׃ג"-#ַ䮶ֽ
→ ʮ2. EC2 γϯάϧߏΛͯ͠ݎ࿚ʹʯ
ɹʮ3.ϦϙδτϦͰཧ͞Εͯͳ͍෦Λۃྗͳ͘͢ʯ
ɹʮ4.ݱࡏͷEC2Λͳ͘͢ʯୡͷͨΊ
ALB ͰϧʔςΟϯά͠ɺURL Λҡ࣋ͨ͠··ஈ֊Ҡߦ͕Մೳʹ
Slide 24
Slide 24 text
"NB[PO&$4ח״ىسٕؐؑ،ך؝ٝذش⻉
2015ͷ࣌ͰɺRedmine, SVN, gitolite Ҏ֎ͷͷίϯςφ
ԽࡁɻEC2্ͷ Docker Compose ͰՔಇ͍ͯ͠Δ
ECS ͷϊϋ͕ࣾʹཷ·ͬͯɺػ͕ख़ͨ͠
ECS σϓϩΠπʔϧ ecspresso2 Λ֤ϓϩδΣΫτͰ༻
ϦιʔεཧɺΦϖϨʔγϣϯ΄΅౷ҰͰ͖͍ͯΔ
؝ٝذشחろךכٔهآزٔד盖椚ׁ
AWSͷϚωʔδυαʔϏεΛଟ༻͢Δ͜ͱʹͳΔ
→ Terraform Ͱཧ͢Δ
2 https://github.com/kayac/ecspresso
Slide 25
Slide 25 text
No content
Slide 26
Slide 26 text
No content
Slide 27
Slide 27 text
No content
Slide 28
Slide 28 text
No content
Slide 29
Slide 29 text
No content
Slide 30
Slide 30 text
"-# "QQMJDBUJPO-PBE#BMBODFS
㼪Ⰵ
Slide 31
Slide 31 text
"-#ד5-4穄畭
1. ALB ΛಋೖɺACM Ͱൃߦͨ͠ূ໌
ॻΛ༻
2. ALB ͷσϑΥϧτλʔήοτͱͯ͠
EC2 ΛՃ
3. DNS Λ ALB ͚ͨΒྃʂ
知⽃דׅ״י
Slide 32
Slide 32 text
鷿⚥ַ"-#Ⰵח֮גך嗚鎢✲갪
ة٦حزפך鸐⥋כ)551ַ)5514ַ
HTTP(L7)Ͱproxy͢ΔͨΊɺEC2ଆ௨ৗฏจ(HTTP)Ͱड͚Δ
(ྺ࢙తܦҢʹΑΓ) httpd.conf ͱ͔ͦ͜Β include ͞ΕΔઃఆ
ϑΝΠϧ͕େྔʹଘࡏ
443 → 80 ͷ VirtualHost ʹઃఆΛҠ͢ͱ͜ΖͰؒҧ͏ͱোʹ
ϧʔςΟϯάɺϩάग़ྗɺଞॾʑͷॲཧΛ࿙Εͳ͘80ʹҠಈ͢Δ
ඞཁ͕͋Δ
!
!
չ)5514ךתתז鏣㹀㢌ִזֻגְְךדכպ
Slide 33
Slide 33 text
鷿⚥ַ"-#Ⰵח֮גך嗚鎢✲갪
EC2ଆHTTPS(443)ͷ··Ͱ͍͚Δ͔Ͳ͏͔
ALBͷλʔήοτ HTTPS Ͱͷ௨৴͕Մೳ
λʔήοτଆͷূ໌ॻݕূ͞Εͳ͍
ূ໌ॻͱ໊લͷҰகɺ༗ޮظݶݕূ͞Εͳ͍ͷͰࠓͷ··ͰOK
̔ךתת)5514ד「ֽֿהח׃
Slide 34
Slide 34 text
"-#Ⰵח֮ג䗳銲זֿה
ؙٔؒأز⯋*1،سٖأ姻׃ֻ钠陎ׅ
ͳʹ͠ͳ͍ͱϦΫΤετݩ͕ ALB ͷϓϥΠϕʔτIPΞυϨεʹ
ϩάهΞΫηε੍ݶʹࢧো͕ग़Δ
ϩάهΞΫηε੍ޚΛ X-Forwarded-For ϔομͰߦ͏ʁ
طଘઃఆΛશ෦ॻ͖͑Δͷ
!
mod_remoteip (Apache 2.4͔Βඪ४)
Apache 2.2༻ github.com/ttkzw/mod_remoteip-httpd22
mod_rpaf
Apache 2.2༻ github.com/ttkzw/mod_rpaf-0.6 3
3 https://heartbeats.jp/hbblog/2012/03/mod-rpaf.html
Slide 35
Slide 35 text
NPE@SFNPUFJQPSNPE@SQBG
NPE@SFNPUFJQ
௨ৗΞΫηεͰIPΞυϨε͕औಘͰ͖͕ͨ
ALBܦ༝Ͱ svn checkout ͢Δͱ ALB ͕ 502 Bad Gateway Λฦ͢
ApacheଆͰ200Λฦ͍ͯ͠Δ͕ɺBASICೝূ௨աޙͷΞΫηε
ϩά͕͓͔͍͠ (IPΞυϨε෦͕ۭཝ "s_")
192.0.2.41 - - [27/Jun/2019:15:45:24 +0900] "OPTIONS /svn/xxx HTTP/1.1" 401
- fujiwara [27/Jun/2019:15:45:24 +0900] "OPTIONS /svn/xxx HTTP/1.1" 200
s_ - fujiwara [27/Jun/2019:15:45:24 +0900] "OPTIONS /svn/xxx HTTP/1.1" 200
NPE@SQBG
svn checkout ͳ͘ಈ࡞ͨͨ͠Ί mod_rpaf ʹܾఆ
Slide 36
Slide 36 text
ֿך״ֲזذأزוֿדװַ
͜ͷ EC2 ΠϯελϯεҰͷ
ΠϝʔδΛऔಘͯ͠ผΠϯελϯεΛཱͯͯςετ͕ͨ͠…
ՔಇதͷΠϯελϯε͔Β࡞ͬͨAMIΛىಈ→વ crond ىಈ
cron ͷॲཧ͕ෳ͞ΕͨΠϯελϯεͰಉ࣌ʹ࣮ߦ͞ΕΔ
(ྫ) ֎෦αʔόʔʹϑΝΠϧΛίϐʔ͢Δॲཧ͕ڝ߹
侄鎮♧挿ך؎ٝأةٝأ醱醡׃DSPOEכ⽯⨡姺
Ϣʔβఆٛͷ cron ͱ͔ࢥΘ͵ͷ͕ಈ͍͍ͯͨΓ͢Δ…
Slide 37
Slide 37 text
湡垥չ5-4穄畭وط٦آس؟٦ؽأ⻉պ麦䧭
Slide 38
Slide 38 text
أزٖ٦آ"NB[PO&'44פ
͜Ε·ͰγϯάϧߏͩͬͨࠜຊݪҼ ʹ EBSʹϑΝΠϧ͕͋Δ
EBS ্ͷϑΝΠϧ Amazon EFS (ϚωʔδυNFS) S3 ʹҠ͢
AZ োʹ͑ΒΕΔ
Slide 39
Slide 39 text
أزٖ٦آך獳遤⯓黝ⴖח鼅䫛ׅ
ؿ؋؎ٕׄׯזְהְֽזְך
SVNɺRedmine ͷఴϑΝΠϧͳͲ
ΞϓϦέʔγϣϯʹखΛೖΕΒΕͳ͍ → &'4
،فٔ؛٦ءّٝ剅ֹ䳔ִך
NoPaste, ࣾGyazoࣗ࡞ → 4⢪ֲ״ֲח؝٦س⥜姻
ֲ刿倜ׁזְֽו撑ֽ׃ְך
IRCͷաڈϩάͱશจݕࡧɻ߹ܭGBఔ
→ ؝ٝذش؎ً٦آחر٦ة搶ֹ鴥ד׃תֲ
Slide 40
Slide 40 text
أزٖ٦آָ䗳銲זְ،فٔ؛٦ءّٝ&$4⻉
ALB ͷϦεφʔϧʔϧͰ ECS ʹৼΓ͚Δ
Slide 41
Slide 41 text
أزٖ٦آח4⢪欽ׅ،فٔ؛٦ءّٝ&$4⻉
Slide 42
Slide 42 text
ؿ؋؎ַٕ4פ
NoPaste, Gyazo ϑΝΠϧಡΈॻ͖෦ΛS3ʹมߋ
#FGPSF
POST: ϑΝΠϧʹอଘ
GET: ϑΝΠϧ͔ΒಡΈग़ͯ͠ฦ͢
"GUFS
POST: S3ʹอଘ
GET: S3ʹଘࡏͨ͠Βฦ͢
S3ʹଘࡏ͠ͳ͔ͬͨΒϑΝΠϧʹfallback
৽نߘS3ɺطଘͷߘϑΝΠϧࢀরʹͳΔͷͰ
·ͣ EC2 ্ͰՔಇதͷΞϓϦέʔγϣϯΛࠩ͠ସ͑Δ
Slide 43
Slide 43 text
ؿ؋؎ַٕ4פ
৽نߘS3ɺطଘͷߘEBS্ͷ
ϑΝΠϧࢀরʹͳ͍ͬͯΔ
͜ͷঢ়ଶͰϑΝΠϧΛS3ʹίϐʔ͢Ε
ɺશͯͷϦΫΤετΛS3ͰॲཧͰ͖Δ
Α͏ʹͳΔ
S3ͷίϐʔ͕ऴΘΕɺΞϓϦέʔ
γϣϯΛEC2͔ΒECSʹҠಈͰ͖Δ
Slide 44
Slide 44 text
謬ղ孡בְגְֿה
ϑΝΠϧ͕1σΟϨΫτϦʹ֊ΛΒͣʹอଘ͞Ε͍ͯΔ
(100ສݸ)
ݩʑݹ͍ϑΝΠϧ࣌ݶͰফ͢ӡ༻ͩͬͨͷͰϑϥοτͰΑ
͔ͬͨ
→ ෆศͳͷͰফ͢ͷΛΊͨΒ…
Slide 45
Slide 45 text
ؿ؋؎ָٕر؍ؙٖزٔח㣐ꆀחֺׅ֮ה
MTָדֹזְ
ls ίϚϯυϑΝΠϧͷҰཡΛιʔτͯ͠ฦ͢
શϑΝΠϧͷϝλσʔλΛಡΈग़͔ͯ͠ΒͰͳ͍ͱؼͬͯ͜ͳ͍
1SPUJQOE⢪ֲ
find ίϚϯυσΟϨΫτϦΤϯτϦΛḷͬͯɺݟ͔ͭͬͨͷ
͔Βදࣔ͢ΔͷͰϑΝΠϧ໊ΛॱʹදࣔͰ͖Δ
/21604557d4 → /21/60/4557d4 ͷΑ͏ʹ֊Λ࡞ͬͯίϐʔ͢Δ
GoͷπʔϧΛॻ͍ͯ S3 ίϐʔ
Slide 46
Slide 46 text
&$ָ鯪ֻזגֹ
Slide 47
Slide 47 text
הֿד˘钠鏾כוֲׅ
ࣾπʔϧͳͷͰೝূ͕ඞਢ
࠷ۙ৽نʹ࡞ΒΕͨΞϓϦέʔγϣϯ G Suite ͷΞΧϯτΛ
ͬͨೝূΛ͍ͯ͠Δ
SVN htpasswd Ͱͷ BASIC ೝূ
Redmine htpasswd Λ༻͢ΔೝূϓϥάΠϯ(ࣗ࡞)
NoPaste, Gyazo ͷӾཡ BASIC ೝূ
IUQBTTXE ؿ؋؎ٕ
ָ㣐窟♧ػأٙ٦سر٦ةك٦أ
શࣾతʹ G Suite Λಋೖ͍ͯ͠ΔͷͰɺدͤΔͳΒ͕ͩ͜͜…
Redmine ͷ͘͝Ұ෦Λ͏͚ͩͷਓ͍ΔͨΊɺશһʹ G Suite
ΞΧϯτൃߦ͍͠…
!
Slide 48
Slide 48 text
钠鏾וֲׅ
ࣾһ(G SuiteΞΧϯτΛ͍࣋ͬͯΔ)Λલఏͱͯ͠Α͍ͱ͜Ζ
ALB ͷػೳͰ OIDC ೝূ͕Ͱ͖Δ
→ IRC աڈϩάʹద༻
ͦΕҎ֎ htpasswd Λ໘͍ଓ͚Δ͔͠ͳ͍…
IUQBTTXEؿ؋؎ٕ&$
&$4דず劍ׅ➬穈罋ִ
Slide 49
Slide 49 text
IUQBTTXEך盖椚
ݱঢ়ͷ htpasswd ΞΧϯτཧϚχϡΞϧ(ཁࢫ)
1. EC2 ʹ ssh ͠·͢
2. ࡞ۀલʹϑΝΠϧΛΛ໊͚ͭͨલͰόοΫΞοϓ͠·͢ʂ
(ྫ) htpasswd.20190831
3. ΞΧϯτ࡞ : htpasswd ίϚϯυͰIDͱϋογϡԽ͞Εͨύ
εϫʔυΛՃ͠·͢ʂʂ
ΞΧϯτআ : vi ͰϑΝΠϧͷ֘ߦΛআ͠·͢ʂʂʂ
⟀ㄤחֿכ׳ה
Slide 50
Slide 50 text
ׇגٔهآزٔד㾶娖盖椚
1. GitHubͷϓϥΠϕʔτϦϙδτϦͰ htpasswd ϑΝΠϧΛཧ
2. ՃআϒϥϯνΛͬͯฤूޙʹίϛοτ
3. ͳ͚Ε master ʹ merge ͢Δ
4. &$&$4חזהַ׃גず劍ׅ
ͳΜͱ͔……?
Slide 51
Slide 51 text
$JSDMF$*דرفٗ؎
htpasswd ϑΝΠϧΛอଘ͢Δ S3 bucket Λ༻ҙ
CircleCI Ͱ workflow Λ࣮ߦ͢Δ
Slide 52
Slide 52 text
1. S3 ʹϑΝΠϧΛΞοϓϩʔυ
2. EC2 ʹ SSM(Systems Manager) run command Λൃߦ͠
EC2 ্Ͱ S3 ͔Βऔಘ͢ΔίϚϯυΛ࣮ߦ
3. ECS αʔϏεΛߋ৽ͯ͠λεΫΛೖΕ͑
ίϯςφىಈ࣌ʹ S3 ͔ΒϑΝΠϧΛऔಘޙɺϓϩηεΛى
ಈ͢ΔΑ͏ʹ࡞͓ͬͯ͘
Slide 53
Slide 53 text
No content
Slide 54
Slide 54 text
رفٗ؎ؿٗ٦侭⪒ד罋ִֿה
㹋ꥷך⡲噟罏ח䫺䫑כזְַ
ϦϙδτϦͰཧͯ͠ CircleCI ͔ΒσϓϩΠී௨ʹ͍ͬͯΔ
Route53 ͷ DNSཧ(Roadworker), IAM Ϣʔβཧ(miam)
荈ⴓ⟃㢩ח䪔ִַ
CircleCI ଞͷϓϩδΣΫτͰશ໘తʹҠߦத
ϦϙδτϦͷscriptΛୟ͘ॲཧ͕ॱ൪ʹॻ͍ͯ͋Δ͚ͩ
毙穠さַ
σϓϩΠରଆ֤ࣗͰ S3 ͔Βऔಘ͢Δ pull ܕ
σϓϩΠର͕૿͑Δ → ௨ର͕૿͑Δ͚ͩ
ฒྻԽεέʔϧ͕༻ҙ
Slide 55
Slide 55 text
鑧⠅겗
Slide 56
Slide 56 text
װגְֻ
"NB[PO&'4 &MBTUJD'JMF4ZTUFN
NFSv4 ͰΞΫηε͢ΔϑϧϚωʔδυͳωοτϫʔΫετϨʔδ
ಉ࣌ʹෳͷEC2͔ΒϚϯτՄೳ
ෳ AZ Ͱσʔλ͕อ࣋͞ΕΔͷͰ AZ োʹڧ͍
Ͳ͏ͯ͠σʔλอଘʹϑΝΠϧΛΘͳ͍ͱ͍͚ͳ͍ɺखΛೖ
ΕΒΕͳ͍ΞϓϦέʔγϣϯͷσʔλΛอଘ͢ΔΓࡳ
Slide 57
Slide 57 text
̔&'4ر٦ة؝ؾ٦
EC2 ্Ͱ EFS ΛϚϯτɻrsync -a Ͱίϐʔ
ϑΝΠϧૢ࡞ͷϨΠςϯγ͕ൺֱతେ͖͍ͨΊɺrsyncΛฒྻʹෳ
ΒͤΔ΄͏͕ίϐʔ࣌ؒΛॖͰ͖Δ
Γସ͑ଟগͷμϯλΠϜΛड͚ೖΕΕ؆୯
1.ΞϓϦέʔγϣϯՔಇதʹrsyncͰॳظಉظ
2.ΞϓϦέʔγϣϯఀࢭ
3.rsync ͰࠩΛө
4.EC2 ͷϚϯτϙΠϯτΛ EBS ͔Β EFS ʹΓସ͑Δ
5.ΞϓϦέʔγϣϯىಈ
Slide 58
Slide 58 text
&'4ך؝أز
ετϨʔδλΠϓ ୯Ձ
EFS ඪ४ετϨʔδ (GB-݄) 0.36USD4
EFS සΞΫηεετϨʔδ
(GB-݄)
0.054USD
EFS සΞΫηεϦΫΤετ (స
ૹ GB ͋ͨΓ)
0.012USD
EBS (GP2) GB-݄ 0.12USD
Ծʹ1TBΛอଘ͢Δͱ EBS 13,000ԁ/݄ EFS 39,000ԁ/݄
4 ͯ͢౦ژϦʔδϣϯͷՁ֨
Slide 59
Slide 59 text
&'4כ؝أزָ넝ְ
ඪ४ετϨʔδͷGB୯Ձ EBS ͷ3ഒ(!!)͕ͩ
כ然⥂׃㺁ꆀד铬ꆃׁ
1TBͷEBSΛ༻ҙͨ͠ΒதʹԿೖΕͳͯ͘1TB
&'4כ㺁ꆀ然⥂ׅ䗳銲ָזְ
࣮ࡍʹϑΝΠϧΛอଘͨ͠༰ྔͷΈ
EBS༨༟Λݟͯ༰ྔΛ֬อ͢Δ͜ͱ͕ଟ͍
༻ 50% Ͱ֬อ͢Δͱ࣮ࡍʹ 1.5ഒ
Slide 60
Slide 60 text
&'4⡚걼䏝،ؙإأأزٖ٦آ
ҰఆظؒϑΝΠϧͷ༰ʹΞΫηε͞Εͳ͔ͬͨͷΛࣗಈతʹ
සΞΫηεετϨʔδʹҠߦͰ͖Δ
ඪ४ετϨʔδΑΓ85%҆͘ɺEBS ͷֹҎԼ
σʔλΞΫηεͰ0.012USD/GB՝ۚɺϨΠςϯγ͕େ͖͘ͳΔ
͘͝Ұ෦͚ͩΞΫςΟϒͳϦϙδτϦɺݹ͍ͷΊͬͨʹΞΫ
ηε͞Εͳ͍RedmineͷఴϑΝΠϧΛஔ͘ͷʹ࠷దʂ
Slide 61
Slide 61 text
غحؙ،حف
AWS Backup ͰऔΕ·͢
EBS EFS ౷Ұతʹεφοϓγϣοτ͕औಘͰ͖Δ
ϑΝΠϧૢ࡞Λޡͬͯεφοϓγϣοτ͔Βͷ෮چ͕Մೳ
Slide 62
Slide 62 text
&$ַ&'4ⵃ欽ׅ
ϗετ্Ͱ NFSv4 ͱͯ͠Ϛϯτ͢Δɻamazon-efs-utilsΛ͑
͘͝؆୯
# yum install -y amazon-efs-utils
# mount -t efs fs-12345678:/ /mnt/efs
Slide 63
Slide 63 text
&$4ַ&'4ⵃ欽ׅ
EC2 Ͱ EFS Ϛϯτ ʴ ECS ͷλεΫఆٛͰϗετΛϚϯτ
ECS λεΫ͔Β EFS Ϛϯτݱ࣌ͰͰ͖ͳ͍
{
"taskDefinition": {
"volumes": [{
"host": {"sourcePath": "/mnt/efs"},
"name": "efs"
}],
"containerDefinitions": [{
"name": "httpd",
"mountPoints": [{
"sourceVolume": "efs",
"readOnly": false,
"containerPath": "/efs"
}
]
Slide 64
Slide 64 text
&$4 'BSHBUF
ַ&'4ⵃ欽ׅ
Fargate Λར༻͢Δ߹
&'4כ⢪ִתׇ 植㖈
Ͳ͏ͯ͠EC2Πϯελϯε্ͰλεΫΛىಈ͢Δඞཁ͕͋Δ
מזׁד"84ח銲劄˘
Slide 65
Slide 65 text
ֿֿתד穄ל&$ָ瑞שח 劢㸣
Slide 66
Slide 66 text
չ&$ءؚٕٝ圓䧭膴׃ג㛙暕חպ麦䧭
ALB, ECS, RDS, EFS, S3 ͕ Multi-AZ Ͱಈ࡞͍ͯ͠Δ
չٔهآزٔד盖椚ׁגזְ鿇ⴓ噰⸂זֻׅպ麦䧭
htpasswdϦϙδτϦཧ + ECS + Terraform
չ植㖈ך&$זֻׅպ麦䧭
EC2ۭͬΆͳͷͰࢭΊΒΕΔ
!
Slide 67
Slide 67 text
תה
EC2 γϯάϧߏɺྺ࢙͕٧·ͬͨϨΨγʔͳαʔόʔΛ
ϚωʔδυαʔϏεʹղͯ͠࠶ߏங͍ͯ͠·͢
֎քͱͷɺσʔλอ࣋ϚωʔδυαʔϏεͰ
(ELB, RDS, S3, EFS...)
ఆظతʹγεςϜͱۀΛݟ͠
ҡ࣋͢ΔͷɺΓࣺͯΔͷΛܾΊΔͷେࣄ
ϝϯςͰ͖ΔΈͰ࡞Γ͢ͷେࣄ