Slide 1
Slide 1 text
ʙීஈPHPॻ͍ͯ·͢ฤʙ
GoݴޠͰ࣮͢ΔLinuxNameServer
Slide 2
Slide 2 text
hi!
GMO Pepabo, Inc.
ϗεςΟϯάࣄۀ෦
ϜʔϜʔυϝΠϯάϧʔϓ
γχΞΤϯδχΞ
@pyama86
Slide 3
Slide 3 text
blog
https://ten-snapon.com
Slide 4
Slide 4 text
Go 1.5
Slide 5
Slide 5 text
-buildmode=c-shared
Go 1.5͔ΒCGOΛར༻͠ڞ༗ϥΠϒϥϦΛ࡞Մೳʹ
http://qiita.com/masakielastic/items/09018646d7d34996190a
Slide 6
Slide 6 text
Go?
Slide 7
Slide 7 text
ϫϯόΠφϦͰΠέͯΔίϚϯυ
peco pt ghq ghr
Slide 8
Slide 8 text
ઌਐతWeb։ൃʁ
Slide 9
Slide 9 text
Linux Middleware
Slide 10
Slide 10 text
Before Go 1.5
LinuxͷOSϨΠϠͷ༷Λม͑Δʹɺਂ͘ͳΕ
ͳΔ΄ͲCݴޠͷ΄΅ಠஃͰ͋ͬͨͱࢥ͏
Slide 11
Slide 11 text
After Go 1.5
GoݴޠΛ༻͍ͯɺLightweight LanguageͷΑ͏ͳॻ͖
ຯͰɺLinuxOSͷϛυϧΣΞ։ൃ͕Մೳʹͳͬͨ
package main
/*
#include
#include
*/
import "C"
//export _nss_stns_getpwnam_r
func _nss_stns_getpwnam_r(name *C.char, pwd *C.struct_passwd) int {
return set(&Passwd{pwd, result}, "user", "name", C.GoString(name))
}
Slide 12
Slide 12 text
No content
Slide 13
Slide 13 text
STNS
LinuxͷϢʔβʔɺάϧʔϓͷ໊લղܾɺೝূػೳΛ
ఏڙ͢ΔLinuxNameService
% ls -ltr
-rw-r--r-- 1 pyama wheel 0 May 8 00:09 php_fukuoka.txt
% ls -ltr
-rw-r--r-- 1 1000 1000 0 May 8 00:09 php_fukuoka.txt
id:1000 to pyamaͷ໊લղܾ
Slide 14
Slide 14 text
STNSͷഎܠ
1.DevOpsɺσϓϩΠڥͷભҠʹΑͬͯSSHϩάΠ
ϯ͕ඞཁͳϢʔβʔͷ૿Ճ
2.Ϣʔβʔ૿Ճ࿈ܞઌ૿Ճʹ͍ഁ͔͚ͨ͠
LDAP͔ΒͷҠߦઌ
3.ͱʹ͔͘ͱ͍͏࠽ೳΛӡ༻ཧͱ͔ʹ͍ͨ͘
ͳ͔ͬͨ
Slide 15
Slide 15 text
ίϯηϓτ
໊લղܾɺެ։伴औಘɺsudoೝূͷΈΛఏڙ͢Δɻ
ଟ͘ΛΒͣɺγϯϓϧʹอͭ͜ͱͰཧɺ
Έ߹ΘͤΛ༰қʹɻ
https://github.com/STNS/STNS
Slide 16
Slide 16 text
ΞʔΩςΫνϟ
STNS
http(1104)
Client
ls
libnss-stns
libpam-stns
query-wrapper
key-wrapper
/user/name/pyama
{
name:pyama,
id: 1000,
dir:/home/pyama
…
}
Slide 17
Slide 17 text
ΞʔΩςΫνϟ
STNS
http(1104)
Client
ls
libnss-stns
libpam-stns
query-wrapper
key-wrapper
/user/name/pyama
{
name:pyama,
id: 1000,
dir:/home/pyama
…
}
Slide 18
Slide 18 text
nss
Network Security Service
libnss_.so.2(version)ͷϥΠϒϥϦΛಡΈࠐ
Έɺ໋໊نʹ߹கͨ͠γϯϘϧ͕ଘࡏ͢Δ߹ίʔ
ϧͯ͘͠ΕΔ
http://www.gnu.org/software/libc/manual/html_node/NSS-
Modules-Interface.html
Slide 19
Slide 19 text
nss
passwd
_nss_stns_getpwnam_r
_nss_stns_getpwuid_r
_nss_stns_setpwent
_nss_stns_endpwent
_nss_stns_getpwent_r
group
_nss_stns_getgrnam_r
_nss_stns_getgrgid_r
_nss_stns_setgrent
_nss_stns_endgrent
_nss_stns_getgrent_r
shadow
_nss_stns_getspnam_r
_nss_stns_setspent
_nss_stns_endspent
_nss_stns_getspent_r
libnss_stns.so
͜ͷ໊લͷfunctionΛఆٛ͢Δ͚ͩͰ
STNS࡞ΕΔ
Slide 20
Slide 20 text
stns.conf(αʔό)
port = 1104
include = "/etc/stns/conf.d/*"
# ϕʔγοΫೝূΛαϙʔτ
user = "basic_user"
password = "basic_password"
[users.example]
id = 1001
group_id = 1001
keys = ["ssh-rsa XXXXX…"]
[groups.example]
id = 1001
users = ["example"]
[sudoers.example]
password =
"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
hash_type = "sha256"
Slide 21
Slide 21 text
ࠓ෩ͳػೳ
Slide 22
Slide 22 text
ΞϓϦέʔγϣϯσϓϩΠ
[email protected]
[email protected]
[email protected]
/home/deploy/.ssh/authrized_keys
ʹ֤Ϣʔβʔͷެ։伴Λొ
Slide 23
Slide 23 text
σϓϩΠϢʔβʔͷཧ
ࡢࠓͷWebαʔϏεͰσϓϩΠઐ༻ϢʔβʔΛઃ
͚ͯσϓϩΠ͢Δ͜ͱ͕ଟ͍ɻ
͔͠͠ɺطଘͷΈͰ࣮ݱ͢ΔʹσϓϩΠϢʔ
βʔͷ~/.ssh/authorized_keysʹσϓϩΠ͢ΔϢʔ
βʔͷެ։伴ΛฒͨΓ͢Δඞཁ͕͋ͬͨ
Slide 24
Slide 24 text
σϓϩΠϢʔβʔͷཧ
[users.deploy]
id = 1000
group_id = 1000
link_users = [“example1","example2"]
[users.foo]
keys = ["ssh-rsa aaa”]
[users.bar]
keys = ["ssh-rsa bbb"]
deployϢʔβʔͰSSHϩάΠϯ͢Δࡍʹɺlink_usersͰ
ࢦఆͨ͠Ϣʔβʔͷެ։伴Λར༻͢Δ͜ͱ͕ग़དྷΔ
→authorized_keysʹॻ͔ͳͯ͘ྑ্͍ʹɺ
ɹ୭͕σϓϩΠग़དྷΔͷ͔Ұྎવ
Slide 25
Slide 25 text
ͬͯΈΔʁ
Slide 26
Slide 26 text
ಋೖͷखܰ͞
1ίϚϯυͰϦϙδτϦΛՃ͠ɺ
yumɺaptͰ࠷৽൛Λར༻Մೳ
Slide 27
Slide 27 text
ಋೖͷखܰ͞
puppetϚχϑΣετɺchefΫοΫϒοΫΛఏڙ
Ճ͑ͯຊޠΠϯετʔϧυΩϡϝϯτ
https://github.com/STNS/STNS/blob/master/docs/install_ja.md
Slide 28
Slide 28 text
ৄࡉઌि౦ژʹஔ͍͖ͯͨ
https://www.youtube.com/watch?v=ZBuEsQ3rnm4
Slide 29
Slide 29 text
ͯ͞ΓɺGo
Slide 30
Slide 30 text
CGOʹز੍͔͕ͭ͋Δ
1.ڞ༗ϥΠϒϥϦʹग़དྷΔͷmainύοέʔδͷΈ
2.CGOtestʹؚΊΒΕͳ͍
3.Go 1.5Ͱ32bitͷڞ༗ϥΠϒϥϦ͕αϙʔτ͞Ε
͍ͯͳ͍(1.6OK)
Slide 31
Slide 31 text
LinuxϛυϧΣΞ࡞Δʹ֮ޛ͕͍Δ
ʮ$ ls ~ʯͷΑ͏ʹೖྗޙλϒิͨ͠ࡍʹɺ
bash͕clone͞Εͯɺΰϧʔνϯ͕ແݶϧʔϓͨ͠Γ
Slide 32
Slide 32 text
$ strace getent passwd
Slide 33
Slide 33 text
$ LD_DEBUG=symbols,bindings id
Slide 34
Slide 34 text
$ vim ldap-pwd.c
Slide 35
Slide 35 text
࠶ܝ
ͨͩ͠ɺCݴޠͷ࠷ݶͷࣝɺ
૬Ԡͷσόοάೳྗඞཁ
Slide 36
Slide 36 text
ʹͱͬͯGo͕
࠷ޙͷҰຕͩͬͨ
Slide 37
Slide 37 text
Go
ɾόΠφϦ
ɾڞ௨ϥΠϒϥϦ
ɾαʔό
ɾΫϩείϯύΠϧ
ɾѹతੜ࢈ੑ
Slide 38
Slide 38 text
৽͍͠ݴޠͰ
৽͍͠ՁΛੜΊͨ