hoscon2016-shibuya-takumakume

by Takuma Kume

Slide 1

Slide 1 text

ٱถ୓അ(.01FQBCP *OD (.0)PTUJOH$POGFSFODF!ौ୩ ϗεςΟϯάʹ͓͚Δॊೈ͔ͭܰྔͳΞΫηε੍ޚͷ ඞཁੑͱͦͷ࣮૷

Slide 2

Slide 2 text

ࣗݾ঺հ ٱถ ୓അ (@takumakume) ߴߍଔۀʙ6೥ؒ ΠϯλʔωοταʔϏεϓϩόΠμͰۈ຿ ωοτϫʔΫʙϛυϧ΢ΣΞͷߏங ϓϦηʔϧεΤϯδχΞ 2016೥4݄͔ΒϖύϘʹೖࣾ ϩϦϙοϓʂͷΠϯϑϥΤϯδχΞ ෱Ԭग़਎ɾ෱Ԭࡏॅ ϚΠϒʔϜ͸ڕΛ௼ͬͯࡹ͘͜ͱ

Slide 3

Slide 3 text

ϖύϘͷαʔϏε ϗεςΟϯά ࣄۀ &$ࢧԉ ࣄۀ ϋϯυϝΠυ ࣄۀ ίϛϡχςΟ ࣄۀɾͦͷଞ

Slide 4

Slide 4 text

Slide 5

Slide 5 text

໨࣍ ϗεςΟϯάʹ͓͚Δॊೈ͔ͭܰྔͳΞΫηε੍ޚͱ͸ mrubyΛ༻͍ͨ࣍ੈ୅ΞΫηε੍ޚͷ࣮૷ mrubyΛ༻͍ͨϛυϧ΢ΣΞ։ൃʹ͓͚ΔE2Eςετ ·ͱΊ ࠓޙͷ༧ఆ

Slide 6

Slide 6 text

ϗεςΟϯάʹ͓͚Δॊೈ͔ͭܰྔͳΞΫηε੍ޚ ͱ͸

Slide 7

Slide 7 text

ॊೈ͔ͭܰྔͳΞΫηε੍ޚ

Slide 8

Slide 8 text

ϗεςΟϯάʹ͓͚ΔΞΫηε੍ޚ ϗεςΟϯά͸ͦͷಛੑ্ɺ͓٬༷ͷ༷ʑͳίϯςϯπΛ͓ ༬͔Γ͍ͯ͠Δɻ தʹ͸ҟৗʹߴෛՙʹͳΔ΋ͷ΍ɺDDoSͷର৅ʹͳΔίϯς ϯπͳͲ༷ʑͰ͋Δɻ ͔͠͠ɺ͜ͷΑ͏ͳҰ෦ͷίϯςϯπʹΑΓɺͦͷαʔόΛ ͝ར༻௖͍͍ͯΔେଟ਺ͷଞͷ͓٬༷͕շదʹ8&#Λར༻Ͱ͖ͳ͘ ͳͬͯ͠·͏͜ͱ͸ɺ͋ͬͯ͸ͳΒͳ͍ͱզʑ͸ߟ͍͑ͯ·͢ɻ

Slide 9

Slide 9 text

ຊηογϣϯͰ͸ͦͷղܾखஈͷ̍ͭͱͯ͠ɺ ϩϦϙοϓʂͰߦ͍ͬͯΔ ଟ͘ͷ͓٬༷ʹշదʹ͝ར༻͍ͨͩͨ͘Ίͷ ࣍ੈ୅ΞΫηε੍ޚʹ͍ͭͯ͝঺հ͠·͢ɻ

Slide 10

Slide 10 text

ॊೈ͔ͭܰྔͳΞΫηε੍ޚ

Slide 11

Slide 11 text

ݱঢ়ͷΞΫηε੍ޚͷ՝୊

Slide 12

Slide 12 text

͜Ε·Ͱʹར༻ͨ͠ΞΫηε੍ޚखஈ mod_cbandΛར༻ͨ͠ΞΧ΢ϯτ୯ҐͰͷτϥϑΟοΫ ੍ޚͱಉ࣌ΞΫηε਺੍ޚ mod_vhost_maxclientsΛར༻ͨ͠υϝΠϯ୯ҐͰͷ ಉ࣌ΞΫηε਺੍ޚ ͦΕͧΕ՝୊͕͋ͬͨ

Slide 13

Slide 13 text

NPE@DCBOEΛར༻੍ͨ͠ޚʹΑΔ՝୊ ΞΧ΢ϯτ୯ҐͷτϥϑΟοΫͱಉ࣌ΞΫηε਺੍ݶΛ͍ͯͨ͠ɻ CBandSpeed 10Mb/s 30 30 mod_cbandΛ༗ޮʹ͢Δ͜ͱͰ໿70%ఔ౓ͷύϑΥʔϚϯε ྼԽ͕ੜ͡ɺ੍ޚػߏࣗମ͕ϘτϧωοΫͱͳͬͨɻ

Slide 14

Slide 14 text

NPE@WIPTU@NBYDMJFOUTΛར༻੍ͨ͠ޚ mod_cbandͷύϑΥʔϚϯεྼԽ͕େ͖͍ͨΊͪ͜ΒΛ࠾༻ɻ ಋೖʹΑΔύϑΥʔϚϯεྼԽ͸2%ͱߴ଎ͳιϑτ΢ΣΞɻ ҎԼͷΑ͏ʹυϝΠϯ୯Ґͷಉ࣌ΞΫηε਺੍ݶΛߦ͏ɻ DocumentRoot /path/to/web ServerName hoge.example.jp VhostMaxClients 30 ͔͠͠ɺ࣍ͷΑ͏ͳύλʔϯͰ՝୊͕ੜͨ͡ɻ

Slide 15

Slide 15 text

NPE@WIPTU@NBYDMJFOUTΛͲ͏࢖͍ͬͯΔ͔ ڞ༻8&#αʔό IPHFDPN mod_vhost_maxclientsͷ੍ݶ ZDPN YDPN ஶ͘͠Ϧιʔε࢖༻ྔ͕ภΒͳ͍Α͏ʹେ࿮ͷϦιʔε෼ׂͱ ͯ͠ɺ֤υϝΠϯʹಉ࣌઀ଓ਺ͷ੍ݶΛ͔͚͍ͯ·͢ɻ

Slide 16

Slide 16 text

ڞ༻8&#αʔό IPHFDPN ॲཧͷॏ͍ϓϩάϥϜʹΞΫηε͕ूத͠αʔό͕ߴෛՙͱͳͬͨ mod_vhost_maxclientsͷ੍ݶ ZDPN YDPN

Slide 17

Slide 17 text

ڞ༻8&#αʔό IPHFDPN mod_vhost_maxclientsͷ੍ݶ ZDPN YDPN NPE@WIPTU@NBYDMJFOUTͷ੍ݶΛڧΊΔඞཁ͕͋Δ

Slide 18

Slide 18 text

ڞ༻8&#αʔό IPHFDPN ZDPN YDPN ੍ݶΛڧΊͨ ܰྔͳίϯςϯπʹ΋ΞΫηεͰ͖ͳ͘ͳΔ

Slide 19

Slide 19 text

ڞ༻8&#αʔό IPHFDPN ZDPN YDPN ຊདྷ੍ޚ͞ΕΔඞཁ͕ͳ͍ϑΝΠϧ·Ͱ ΞΫηεͰ͖ͳ͘ͳͬͯ͠·͏ɻ

Slide 20

Slide 20 text

ղܾํ๏ ڞ༻8&#αʔό IPHFDPN ZDPN YDPN ϑΝΠϧ୯ҐͰ੍ޚ mod_vhost_maxclients

Slide 21

Slide 21 text

ղܾํ๏ ڞ༻8&#αʔό IPHFDPN ZDPN YDPN ϑΝΠϧ୯ҐͰ੍ޚ mod_vhost_maxclients αʔόͷෛՙΛԼ͛ͭͭɺ੍ޚʹΑΔӨڹΛۃখԽͰ͖Δɻ

Slide 22

Slide 22 text

࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ͋ΔαʔόͷϦιʔεফඅྔ <>

Slide 23

Slide 23 text

࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ શମ ͋ΔαʔόͷϦιʔεফඅྔ <> ಛఆͷϑΝΠϧ ఆظతʹॏ͍ॲཧ͕࣮ߦ͞Ε͍ͯͨ

Slide 24

Slide 24 text

࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ શମ ͋ΔαʔόͷϦιʔεফඅྔ <> ಛఆͷϑΝΠϧ ಛఆͷϑΝΠϧͷॲཧͰϦιʔεͷ΄ͱΜͲΛফඅ͠ ఆظతʹଞͷ͓٬༷΁ͷαʔϏεఏڙʹࢧোΛ͖͍ͨͯͨ͠ɻ

Slide 25

Slide 25 text

࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ શମ ಛఆͷϑΝΠϧ ղܾํ๏ <> ෛՙͷߴ͍ϑΝΠϧʹରͯ͠ ࣌ؒࢦఆͰ੍ޚ͢Δ

Slide 26

Slide 26 text

ॊೈͳΞΫηε੍ޚͷ·ͱΊ ݱঢ়ΑΓ΋ࡉ͔͍ɺϑΝΠϧ୯ҐͰΞΫηε੍ޚͰ͖ΔΑ͏ ʹͯ͠ɺ੍ޚʹΑΔӨڹΛۃখԽ͢Δ͜ͱɻ ಛఆͷ࣌ؒͷΈΞΫηε੍ޚΛ༗ޮԽͰ͖Δ͜ͱɻ

Slide 27

Slide 27 text

ॊೈ͔ͭܰྔͳΞΫηε੍ޚ

Slide 28

Slide 28 text

ϗεςΟϯάͰ͸1୆ͷαʔόΛଟ͘ͷ͓٬༷ʹ͝ར༻͍ͨͩ͘͜ ͱͰ҆Ձʹఏڙ͍ͯ͠Δɻ ࠓޙ΋Ͱ͖Δ͚ͩ҆ՁʹշదͳαʔϏεΛఏڙ͍ͨ͠ɻ ΞΫηε੍ޚͷػߏ͕ϘτϧωοΫʹͳͬͯ͸ɺͦΕΛୡ੒Ͱ͖ ͳ͘ͳΔɻ ܰྔͳΞΫηε੍ޚͷඞཁੑ ΞΫηε੍ޚΛߦ͏ιϑτ΢ΣΞ͸ॲཧ͕ߴ଎Ͱ͋Δඞཁ͕͋Δɻ

Slide 29

Slide 29 text

ॊೈ͔ͭܰྔͳΞΫηε੍ޚ ͱ͸

Slide 30

Slide 30 text

ϑΝΠϧ୯ҐͰΞΫηε੍ޚͰ͖Δ͜ͱɻ ಛఆͷ࣌ؒଳͷΈΞΫηε੍ޚΛ༗ޮԽͰ͖Δ͜ͱɻ ύϑΥʔϚϯεྼԽΛۃྗى͜͞ͳ͍͜ͱɻ ॊೈ͔ͭܰྔͳΞΫηε੍ޚͱ͸ ͲͷΑ͏ʹ࣮ݱ͢Δ͔ʁ

Slide 31

Slide 31 text

ϑΝΠϧ୯ҐͷΞΫηε੍ޚ͸ طʹ"QBDIFͷϞδϡʔϧ͕ଘࡏ͢Δɻ

Slide 32

Slide 32 text

NPE@WMJNJU mod_vlimit https://github.com/matsumoto-r/mod_vlimit ϑΝΠϧ΍σΟϨΫτϦ୯ҐͰಉ࣌ΞΫηε੍ޚΛ͢Δ͜ͱ͕Ͱ͖Δɻ VlimitIP 30 /path/to/hoge.php ϑΝΠϧ୯ҐͰͷΞΫηε੍ޚΛߦ͏ػೳ͸͋Δ͕ ࠓճ͸ಋೖʹ͸ࢸΒͳ͔ͬͨɻ

Slide 33

Slide 33 text

NPE@WMJNJUΛ࠾༻͠ͳ͔ͬͨཧ༝ ࣌ؒࢦఆͰ੍ݶΛ༗ޮԽͰ͖Δػೳ͕ͳ͍ɻ ApacheͷϞδϡʔϧͳͷͰCݴޠͰ࣮૷͞Ε͍ͯΔɻ ӡ༻ܥͷπʔϧ͸࣌ؒͷܦաʹରͯ͠ॊೈͳมߋ͕ཁ ٻ͞ΕΔɻ CݴޠͰͷ։ൃͱͳΔͱ։ൃ޻਺্͕͕Δɺ։ൃऀ͕ݶ ΒΕΔɻ

Slide 34

Slide 34 text

Ͱ͸ɺͲͷΑ͏ʹ࣮ݱ͢Δ͔ʁ

Slide 35

Slide 35 text

“mruby” ͳΒղܾͰ͖Δɻ

Slide 36

Slide 36 text

NSVCZ Rubyͷύύ͜ͱ “Matz” ͞Μ͕։ൃ͍ͯ͠Δɻ লϝϞϦͷ૊ΈࠐΈ޲͚ͷRuby࣮૷ɻ Cݴޠ͕ۤखͳͻͱͰ΋ɺmrubyΛ࢖͑͹RubyͰ૊ΈࠐΈ ։ൃΛߦ͏ࣄ͕Ͱ͖Δɻ

Slide 37

Slide 37 text

Apache΍NginxͰmrubyΛ༻͍ͨ૊ΈࠐΈ ։ൃΛ࣮ݱͨ͠ιϑτ΢ΣΞ͕ଘࡏ͢Δ

Slide 38

Slide 38 text

NPE@NSVCZOHY@NSVCZ ฐࣾͷ@matsumotory͕։ൃ͍ͯ͠Δɻ mod_mruby ApacheͰmrubyΛར༻͢ΔͨΊͷϞδϡʔϧ ngx_mruby nginxͰmrubyΛར༻͢ΔͨΊͷ֦ு࣮૷ CݴޠͰϞδϡʔϧΛ࣮૷͠ͳ͚Ε͹࣮ݱͰ͖ͳ͔ͬͨڍಈΛmruby Λ࢖͙ͬͯ͢ʹ࣮૷Ͱ͖ͯɺ࠷খݶͷύϑΥʔϚϯεྼԽʹཹΊΔ͜ ͱ͕Ͱ͖Διϑτ΢ΣΞɻ

Slide 39

Slide 39 text

IUUQTHJUIVCDPNNBUTVNPUPSNPE@NSVCZ mod_mruby -1.5% ngx_mruby +17.5% ੩తίϯςϯπʹର͢ΔύϑΥʔϚϯεܭଌ݁Ռ

Slide 40

Slide 40 text

mrubyΛ༻͍Ε͹֦ுੑɺอकੑΛଛͳΘͣ ࠷খݶͷύϑΥʔϚϯεྼԽʹཹΊͯ ιϑτ΢ΣΞΛ։ൃ͢Δ͜ͱ͕Ͱ͖Δɻ

Slide 41

Slide 41 text

NSVCZΛ༻͍ͨ࣍ੈ୅ΞΫηε੍ޚͷ࣮૷

Slide 42

Slide 42 text

࣮૷ʹ͋ͨͬͯར༻ͨ͠ιϑτ΢ΣΞ

Slide 43

Slide 43 text

IUUQBDDFTTMJNJUFS ฐࣾͷ @matsumotory ͕։ൃ͍ͯ͠Δɻ https://github.com/matsumoto-r/http-access-limiter mod_mruby΋͘͠͸ngx_mrubyͰऔಘͨ͠೚ҙͷϦΫΤετύϥ ϝʔλΛ༻͍ͯಉ࣌઀ଓ਺ΛΧ΢ϯτ͢Δmruby੡ϛυϧ΢ΣΞ औಘͰ͖ΔϦΫΤετύϥϝʔλʹ͸ΞΫηεઌͷϑΝΠϧͷϑϧ ύεΛ࢝Ίɺ઀ଓݩͷIPΞυϨε΍ɺURLͳͲΛऔಘͰ͖ΔͨΊ ༷ʑͳ༻్Ͱ࢖༻Ͱ͖Δɻ

Slide 44

Slide 44 text

ಈ࡞֓ཁ ਌ NSVCZ 8PSLFS NSVCZ 8PSLFS NSVCZ IUUQE ڞ༗ϝϞϦ global mutex ಉ࣌઀ଓ਺ Χ΢ϯλʔ KVS ಉ࣌઀ଓ਺Χ΢ϯλʔ localmemcacheΛ༻͍ͨ Key-Value-Store Ωʔͱͨ͠ϦΫΤετύϥϝʔ λΛݩʹಉ࣌ΞΫηε਺ΛΧ ΢ϯτ͢Δɻ global mutex ֤Worker͔Βಉ࣌઀ଓ਺Χ ΢ϯλʔΛૢ࡞͢ΔͨΊෆ੔ ߹͕ൃੜ͠ͳ͍Α͏ʹ౎౓ϩο ΫΛߦ͏ɻ KEY /path/to/hoge.php VALUE 1

Slide 45

Slide 45 text

ಈ࡞֓ཁ ਌ NSVCZ 8PSLFS NSVCZ 8PSLFS NSVCZ IUUQE ڞ༗ϝϞϦ global mutex ಉ࣌઀ଓ਺ Χ΢ϯλʔ KVS ϦΫΤετ ϦΫΤετ NVUFYΛϩοΫ MPDL ϦΫΤετύϥϝʔλΛΩʔ ʹΠϯΫϦϝϯτ ΠϯΫϦϝϯτ KEY /path/to/hoge.php VALUE 1 VOMPDL NVUFYΛΞϯϩοΫ

Slide 46

Slide 46 text

ಈ࡞֓ཁ ਌ NSVCZ 8PSLFS NSVCZ 8PSLFS NSVCZ IUUQE ڞ༗ϝϞϦ global mutex ಉ࣌઀ଓ਺ Χ΢ϯλʔ KVS ίϯςϯπͷॲཧΛߦ͏ NVUFYΛϩοΫ MPDL σΫϦϝϯτ σΫϦϝϯτ VOMPDL NVUFYΛΞϯϩοΫ KEY /path/to/hoge.php VALUE 0 ίϯςϯπͷॲཧ

Slide 47

Slide 47 text

ಈ࡞֓ཁͷ·ͱΊ ϦΫΤετ͕͋ͬͨ࣌ʹɺϦΫΤετύϥϝʔλΛmod_mruby΍ ngx_mrubyΛ༻͍ͯऔಘ͢Δɻ ΞΫηε੍ޚΛ͍ͨ͠୯ҐΛΩʔͱͯ͠ɺಉ࣌઀ଓ਺ΛΧ΢ϯτ͢Δɻ ෳ਺ͷWorker͔ΒΧ΢ϯλʔૢ࡞͢ΔͨΊɺglobal mutexΛ࢖ͬͯ ෆ੔߹͕ى͖ͳ͍Α͏ʹ੍ޚ͢Δɻ

Slide 48

Slide 48 text

՝୊ http-access-limiter͸ಉ࣌઀ଓ਺ΛΧ΢ϯτ͢Διϑτ ΢ΣΞͰ͋Δɻ ͦͷͨΊɺϑΝΠϧຖͷ࠷େಉ࣌઀ଓ਺ͷઃఆػೳ΍ɺ੍ޚ Λ༗ޮԽ͢Δ࣌ؒଳΛઃఆ͢Δػೳ͸͍͍ͭͯͳ͍ɻ mrubyͰॻ͔Ε͍ͯΔͨΊ؆୯ʹػೳ௥Ճ͕Ͱ͖Δʂ

Slide 49

Slide 49 text

ػೳ௥ՃΠϝʔδ ਌ NSVCZ 8PSLFS NSVCZ 8PSLFS NSVCZ IUUQE ڞ༗ϝϞϦ global mutex ಉ࣌઀ଓ਺ Χ΢ϯλʔ KVS ੍ޚ৚݅ localmemcacheΛ༻͍ͨ Key-Value-Store ϑΝΠϧͷϑϧύε͕Ωʔ ࠷େಉ࣌઀ଓ਺ ੍ݶΛ༗ޮԽ͢Δ࣌ؒଳ KVS ੍ޚ৚݅

Slide 50

Slide 50 text

੍ݶ৚݅ͷσʔλ /path/to/hoge.php { "max_clients" : 30, # ࠷େಉ࣌઀ଓ਺ "time_slots" : [ # ༗ޮʹ͢Δ࣌ؒଳ { "begin" : 1200, "end" : 1800 }, { "begin" : 2100, "end" : 2200 } ] } KEY VALUE A Aͷؒ͸AQBUIUPIPHFQIQA΁ͷ ࠷େ઀ଓ਺ΛAA·Ͱʹ੍ݶ͢Δɻ

Slide 51

Slide 51 text

ػೳ௥Ճޙͷಈ࡞֓ཁ ਌ NSVCZ 8PSLFS NSVCZ 8PSLFS NSVCZ IUUQE ڞ༗ϝϞϦ global mutex ಉ࣌઀ଓ਺ Χ΢ϯλʔ KVS KVS ੍ޚ৚݅ ϦΫΤετ ϦΫΤετ ੍ޚ৚݅ Λࢀর ੍ޚ৚݅Λࢀর ɹɹଘࡏ͠ͳ͚Ε͹ॲཧऴྃ NVUFYΛϩοΫ MPDL ϑΝΠϧͷϑϧύεΛΩʔʹ ΠϯΫϦϝϯτ ΠϯΫϦϝϯτ ΋੍͠ݶ͕༗ޮͳ࣌ؒଳͰಉ ࣌઀ଓ਺੍ݶΛ௒ա͍ͯ͠Ε͹ ΤϥʔΛฦ͢

Slide 52

Slide 52 text

࢖͍ํ IUUQEDPOG LoadModule mruby_module modules/mod_mruby.so # Apacheͷϓϩηε͕ىಈͨ࣌͠ʹϑοΫ͞ΕΔ # http-access-limiterͷΫϥεΛఆٛɺ࣍ʹىಈ͢ΔWorker͕ࢀরͰ͖ΔΑ͏ʹ͢Δɻ mrubyPostConfigMiddle /etc/httpd/conf.d/access_limiter/access_limiter_init.rb cache # ΞΫηε͕ൃੜͨ͠ͱ͖ʹϑοΫ͞ΕΔ # ಉ࣌઀ଓ਺Χ΢ϯλΛΠϯΫϦϝϯτ͢Δ # ͞Βʹɺ࠷େಉ࣌઀ଓ਺Λ௒աͨ͠৔߹ʹ503ΤϥʔΛฦ͢ͳͲͷΞΫγϣϯΛهड़͢Δɻ mrubyAccessCheckerMiddle /etc/httpd/conf.d/access_limiter/access_limiter.rb cache # ίϯςϯπͷॲཧ͕ऴΘͬͨͱ͖ʹϑοΫ͞ΕΔ # ಉ࣌઀ଓ਺Χ΢ϯλΛσΫϦϝϯτ͢Δ mrubyLogTransactionMiddle /etc/httpd/conf.d/access_limiter/access_limiter_end.rb cache

Slide 53

Slide 53 text

։ൃதͷ໰୊఺ ਌ NSVCZ 8PSLFS NSVCZ 8PSLFS NSVCZ IUUQE ڞ༗ϝϞϦ global mutex ಉ࣌઀ଓ਺ Χ΢ϯλʔ KVS ϦΫΤετ ϦΫΤετ NVUFYΛϩοΫ MPDL ΠϯΫϦϝϯτ ΠϯΫϦϝϯτ ίϯςϯπͷॲཧ 4FHNFOUBUJPO'BVMU 8PSLFSϓϩηε͕ҟৗऴྃ͠ɺ Ҏ߱ͷσΫϦϝϯτͷॲཧ͕ ߦΘΕͳ͘ͳΔɻ

Slide 54

Slide 54 text

Χ΢ϯλʔ্͕͕Γͬͺͳ͠ʹͳͬͯ͠·͍ɺ ಉ࣌઀ଓՄೳͳ਺͕ݮͬͯ͠·͏ɻ

Slide 55

Slide 55 text

໰୊఺ͷղܾ ಉ࣌઀ଓ਺ΛΧ΢ϯτ͢ΔKVSͷσʔλͷ࣋ͪํΛมߋͨ͠ɻ มߋલͷΧ΢ϯλʔ มߋޙͷΧ΢ϯλʔ KEY VALUE KEY VALUE /path/to/hoge.php 2 /path/to/hoge.php 2 create_time_/path/to/hoge.php 1477303672 Χ΢ϯλʔ͕ʹͳͬͨ࣌ؒΛه࿥ͯ͠ɺҰఆ࣌ؒΧ΢ϯλʔ্͕͕Γͬͺͳ͠ʹ ͳ͍ͬͯͨΒɺҰ౓ʹ໭͢ͱ͍͏ॲཧΛೖΕΔ͜ͱͰղܾͨ͠ɻ

Slide 56

Slide 56 text

ؾʹͳΔύϑΥʔϚϯε

Slide 57

Slide 57 text

ύϑΥʔϚϯεςετ݁Ռ abΛ࢖ͬͯύϑΥʔϚϯεΛଌఆ͠·ͨ͠ɻ ςετύλʔϯ ྼԽ཰ httpd 0% httpd + http-access-limiter 3% httpd + http-access-limiter (੍ݶର৅) 5% WordPress΁ͷΞΫηε 10ສϦΫΤετ100ଟॏ / CPU24ίΞɾRAM32GB ςετύλʔϯ ྼԽ཰ httpd 0% httpd + http-access-limiter 3% httpd + http-access-limiter (੍ݶର৅) 30% phpinfo()΁ͷΞΫηε

Slide 58

Slide 58 text

ύϑΥʔϚϯεςετ݁Ռʹର͢Δߟ࡯ access-limiterͷಋೖʹੜ͡ΔύϑΥʔϚϯεྼԽ͸3%ͱߴ ଎Ͱ͋Δ͜ͱ͕෼͔ͬͨɻ DBΛ࢖͏WordPressͰ͸ɺΞϓϦέʔγϣϯͷॲཧ͕Φʔό ϔουͱͳͬͯaccess-limiterΛಋೖ͢Δ͜ͱʹΑΔΦʔό ϔου͸ޡࠩఔ౓ͱͳͬͨɻ phpinfo()ͷΑ͏ͳܰྔͳॲཧͷ৔߹ʹɺ੍ݶର৅ͱͨ͠ͱ͖ ʹ3ׂఔ౓ύϑΥʔϚϯεྼԽ͕ੜͨ͡ɻ

Slide 59

Slide 59 text

ͲͷΑ͏ʹͯ͠ύϑΥʔϚϯεΛ ޲্͍ͤͯ͞Δͷ͔ʁ

Slide 60

Slide 60 text

NSVCZΛ࢖ͬͨϛυϧ΢ΣΞ։ൃʹ͓͚Δ ύϑΥʔϚϯε޲্ͷ޻෉

Slide 61

Slide 61 text

ύϑΥʔϚϯε޲্ͷ޻෉ ਌ NSVCZ 8PSLFS NSVCZ 8PSLFS NSVCZ 8PSLFS NSVCZ 8PSLFS NSVCZ KVS͔Β৘ใΛऔಘ͢Δͱ͖ KVS ϦΫΤετ ϦΫΤετ ϦΫΤετ ϦΫΤετ PQFO PQFO PQFO PQFO ϦΫΤετຖʹKVSΛOpen͢Δͱޮ཰͕ѱ͍

Slide 62

Slide 62 text

ύϑΥʔϚϯε޲্ͷ޻෉ mod_mruby΍ngx_mrubyʹ͸mrubyΛϑοΫͰ͖ΔλΠϛϯά͕ز͔ͭ͋Γ·͢ɻ http-access-limiterͰ࢖͍ͬͯΔͷ͸ҎԼͷσΟϨΫςΟϒͰ͢ɻ σΟϨΫςΟϒ λΠϛϯά mrubyPostConfigMiddle ਌ϓϩηεىಈ࣌ mrubyAccessCheckerMiddle ϦΫΤετΛड͚෇͚ͨͱ͖ mrubyLogTransactionMiddle ΫϥΠΞϯτʹϨεϙϯεΛૹ৴ͨ͋͠ͱ

Slide 63

Slide 63 text

ύϑΥʔϚϯε޲্ͷ޻෉ ਌ NSVCZ KVSʹΞΫηε͢Δͱ͖ KVS 8PSLFS NSVCZ 8PSLFS NSVCZ 8PSLFS NSVCZ 8PSLFS NSVCZ ϦΫΤετ ϦΫΤετ ϦΫΤετ ϦΫΤετ ڞ༗ϝϞϦ KVS PQFO ΦϒδΣΫτΛ֨ೲ

Slide 64

Slide 64 text

ΞΫηεຖʹKVSΛ։͘ಈ࡞͕লུͰ͖ΔͷͰ ΞϓϦέʔγϣϯ͸ߴ଎ʹͳΔ

Slide 65

Slide 65 text

ύϑΥʔϚϯε޲্ͷ޻෉ mruby-userdataͱ͍͏mgemΛར༻͢Δɻ # mrubyPostConfigMiddle(ϓϩηεىಈ࣌) Userdata.new.shared_kvs = Cache.new :filename => "store.lmc" # mrubyAccessCheckerMiddle(ΞΫηε࣌) cache = Userdata.new.shared_kvs ɹɹɹɹ # ڞ༗ϝϞϦΛࢀর͢Δ p cache.get["hoge"] ଞʹ΋MySQL΍RedisͳͲʹ઀ଓ͢ΔΑ͏ͳ৔߹ʹ΋༗ޮͳखஈ

Slide 66

Slide 66 text

ύϑΥʔϚϯε޲্ͷ޻෉ σΟϨΫςΟϒͷએݴ࣌ʹcacheΦϓγϣϯΛ͚ͭΔɻ ϓϩηεىಈ࣌ʹόΠτίʔυม׵͞Εͯɺ࣮ߦͷͨͼʹίϯύΠ ϧ͕ߦΘΕͳ͍ͨΊߴ଎ɻ σϝϦοτͱͯ͠ίʔυΛมߋͨ͠৔߹͸ɺϓϩηεͷϦελʔτ ͕ඞཁʹͳΔɻ mrubyPostConfigMiddle /etc/httpd/conf.d/script/init.rb cache

Slide 67

Slide 67 text

NSVCZΛ༻͍ͨϛυϧ΢ΣΞ։ൃʹ͓͚Δ &&ςετ

Slide 68

Slide 68 text

&&ςετͷ໨త ΫϥΠΞϯτɾαʔόؒͰҙਤ͍ͯ͠Δಈ͖Λ͍ͯ͠Δ͔Λ֬ೝɻ [access_limiterͩͱ] ࢦఆͨ͠ಉ࣌઀ଓ਺ʹୡͨ࣌͠ʹҙਤ͢Δε ςʔλείʔυΛฦ͢͜ͱ͕Ͱ͖Δ͔ʁ ΫϥΠΞϯτɾαʔόؒͰҙਤ͢ΔύϑΥʔϚϯεΛग़͍ͤͯΔ͔Λ֬ೝɻ [access_limiterͩͱ] ϩοΫɺΞϯϩοΫɺΠϯΫϦϝϯτɺσΫϦ ϝϯτͱϘτϧωοΫʹͳΓ͏Δಈ࡞Λ͍ͯ͠ΔͷͰૉͷhttpdͱൺ΂ͯ Ͳͷ͘Β͍ύϑΥʔϚϯε͕ྼԽ͢Δͷ͔ʁͦΕ͸ڐ༰ൣғ͔ʁ

Slide 69

Slide 69 text

&&ςετͷඞཁੑ mrubyιʔείʔυΛॻ͖׵͑ͨ࣌ʹͦͷมߋ͕ͲΕ͚ͩύϑΥʔ ϚϯεʹӨڹΛٴ΅͔͢Λ౎౓೺Ѳ͢Δඞཁ͕͋Δɻ E2Eςετ͕͋Ε͹ɺଞͷਓ΋ίʔυΛॻ͖׵͑΍͍͢ɻ ෛՙΛ͔͚ͨঢ়ଶͰਖ਼ৗͳಈ࡞Λ͢Δ͔ɻ ௨ৗͷιϑτ΢ΣΞ։ൃͱ͸ҧ͍ΫϥΠΞϯτͱApache΍Nginx ͷؒʹҐஔ͢Δ෦෼Λ։ൃ͢ΔͨΊUnitςετͷΈͰ͸ෆे෼ɻ

Slide 70

Slide 70 text

ͲͷΑ͏ʹςετ͢Δ͔ʁ

Slide 71

Slide 71 text

ෛՙΛ͔͚ͯύϑΥʔϚϯεΛଌఆ͢Δʹ͸ʁ abίϚϯυ # ab -c 100 -n 100000 -k http://localhost/phpinfo.php : Requests per second: 1699.53 [#/sec] (mean) Time per request: 58.840 [ms] (mean) Time per request: 0.588 [ms] (mean, across all concurrent requests) Transfer rate: 73499.65 [Kbytes/sec] received ෛՙΛ͔͚ͨ݁Ռɺ3FDTFD΍Ϩεϙϯείʔυ͕ ҙਤͨ͠΋ͷͩͬͨͷ͔Λ؆୯ʹ֬ೝ͍ͨ͠ʂ

Slide 72

Slide 72 text

ab-mrubyΛ࢖͑͹࣮ݱͰ͖Δ

Slide 73

Slide 73 text

BCNSVCZͷ࢖͍ํ ҎԼͷΑ͏ʹίϚϯυΛ࣮ߦ͠·͢ɻ ˌab-mruby -m config.rb -M suite.rb http://hoge.jp/phpinfo.php ҎԼͷΑ͏ʹςετͷઃఆ͠·͢ɻ add_config( "TotalRequests" => 100000, "Concurrency" => 100, "KeepAlive" => true, ) test_suite do "CompleteRequests".should_be 100000 "RequestPerSecond".should_be_over 1000 "Non2xxResponses".should_be 0 end config.rb suite.rb ςετͷઃఆΛهड़ ςετ݁Ռͷ͋Δ΂͖ ঢ়ଶΛهड़

Slide 74

Slide 74 text

Mac IUUQBDDFTTMJNJUFSͰ͸͜͏͍ͯ͠Δ ςετ؀ڥ͸DockerͰίϯςφΛ্ཱͪ͛ͯߏங͢Δɻ ab-mrubyΛ࢖ͬͯabͷ݁ՌΛςετ͢Δɻ WEB Client httpd mod-mruby ab-mruby Docker ςετύλʔϯ͸ httpd httpd + access-limiter httpd + access-limiter(੍ݶ͋Γ) ύϑΥʔϚϯεͷਪҠΛ֬ೝͰ͖ΔΑ͏ʹ͠ ͯͲ͕͜ϘτϧωοΫʹͳ͍ͬͯΔ͔Λ෼͔ ΔΑ͏ʹ͍ͯ͠·͢ɻ BCʹΑΔෛՙ

Slide 75

Slide 75 text

IUUQBDDFTTMJNJUFSͰ͸͜͏͍ͯ͠Δ ςετ࣮ߦ͸ҎԼͷΑ͏ʹ͠·͢ɻ ύϑΥʔϚϯεࢼݧ͸සൟʹߦ͏ͷͰɺΦϖϨʔγϣϯΛ؆୯ʹ͢ΔͨΊʹɺશͯ ͷςετύλʔϯΛrakeίϚϯυ1ൃͰͰ͖ΔΑ͏ʹ͍ͯ͠·͢ɻ ˌrake e2e:test >> >> performance test >> : Finished 100000 requests [TEST CASE] [true] CompleteRequests (100000) should be 100000 [TEST CASE] [true] RequestPerSecond (1024.9543902983) should be over 1000 [TEST CASE] [true] Non2xxResponses (0) should be 0 test suites: [true]

Slide 76

Slide 76 text

&&ςετͷ໨తΛୡ੒Ͱ͖ͨ E2Eςετͷ໨త ΫϥΠΞϯτɾαʔόؒͰҙਤ͍ͯ͠Δಈ͖Λ͍ͯ͠Δ͔Λ֬ೝɻ ΫϥΠΞϯτɾαʔόؒͰҙਤ͢ΔύϑΥʔϚϯεΛग़͍ͤͯΔ͔Λ֬ೝɻ E2EςετΛίϚϯυҰൃͰ؆୯ʹͰ͖ΔΑ͏ʹͳͬͨ

Slide 77

Slide 77 text

·ͱΊ

Slide 78

Slide 78 text

·ͱΊ ϗεςΟϯά͸ڞ༗αʔόͰ͋ΔͷͰɺΑΓଟ͘ͷਓ͕҆Ձ Ͱշదʹ͝ར༻͍ͨͩͨ͘ΊʹΞΫηε੍ޚ͸ඞཁɻ ΞΫηε੍ޚͷ୯ҐΛΑΓࡉ੍͔ͯ͘͠ޚʹΑΔӨڹΛۃখ Խ͠ɺద੾ͳΞΫηε੍ޚΛ࣮ݱͨ͠ɻ ࣮ݱखஈͱͯ͠อकੑɺ֦ுੑɺੑೳͷόϥϯε͕Α͍ mrubyΛ༻͍ͨɻ

Slide 79

Slide 79 text

ࠓޙͷ༧ఆ

Slide 80

Slide 80 text

ࠓޙͷ༧ఆ ڕΛ͞͹͖ͭͭɺద੾ʹΞΫηεΛ͞͹͍͍͖͍ͯͨͰ͢ɻ

Slide 81

Slide 81 text

ࠓޙͷ༧ఆ ڕΛ͞͹͖ͭͭɺద੾ʹΞΫηεΛ͞͹͍͍͖͍ͯͨͰ͢ɻ mrubyͰ࣮૷ͨ͜͠ͱΛ׆͔ͯ͠ɺ·ͩ·ͩൃల్্ͷhttp-access- limiterΛࠓޙ΋ϒϥογϡΞοϓ͍ͯ͘͠ɻ ฐࣾͰ͸ෛՙίϯτϩʔϧͷࣗಈԽʹऔΓ૊ΜͰ͍·͢ɻ http-access-limiter͸ઃఆͷϦϩʔυ͕ඞཁͳ͘ɺ੍ޚͷӨڹͷ ۃখԽΛ࣮ݱͨ͠ιϑτ΢ΣΞͳͷͰࣗಈԽʹద͍ͯ͠·͢ɻ ͦͷͨΊɺࠓޙ͸http-access-limiterΛ࢖ͬͨࣗಈతͳෛՙίϯ τϩʔϧΛߦ͍͖͍ͬͯͨͱߟ͍͑ͯ·͢ɻ

Slide 82

Slide 82 text

ϖύϘͰҰॹʹಇ͘஥ؒΛืू͍ͯ͠·͢ʂ ࠷৽ͷ࠾༻৘ใΛνΣοΫˠ !QC@SFDSVJU