Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Go言語で実装するLinuxNameServer

 Go言語で実装するLinuxNameServer

PHPカンファレンス福岡で発表したGo言語とSTNSに関する話です。
言語カンファレンスなのですこしだけ技術的な側面に触れています。

Kazuhiko Yamashita

May 21, 2016
Tweet

More Decks by Kazuhiko Yamashita

Other Decks in Technology

Transcript

  1. ʙීஈ͸PHP΋ॻ͍ͯ·͢ฤʙ
    GoݴޠͰ࣮૷͢ΔLinuxNameServer

    View Slide

  2. hi!
    GMO Pepabo, Inc.
    ϗεςΟϯάࣄۀ෦
    ϜʔϜʔυϝΠϯάϧʔϓ
    γχΞΤϯδχΞ
    @pyama86

    View Slide

  3. blog
    https://ten-snapon.com

    View Slide

  4. Go 1.5

    View Slide

  5. -buildmode=c-shared
    Go 1.5͔ΒCGOΛར༻͠ڞ༗ϥΠϒϥϦΛ࡞੒Մೳʹ
    http://qiita.com/masakielastic/items/09018646d7d34996190a

    View Slide

  6. Go?

    View Slide

  7. ϫϯόΠφϦͰΠέͯΔίϚϯυ
    peco pt ghq ghr

    View Slide

  8. ઌਐతWeb։ൃʁ

    View Slide

  9. Linux Middleware

    View Slide

  10. Before Go 1.5
    LinuxͷOSϨΠϠͷ࢓༷Λม͑Δʹ͸ɺਂ͘ͳΕ͹
    ͳΔ΄ͲCݴޠͷ΄΅ಠஃ৔Ͱ͋ͬͨͱࢥ͏

    View Slide

  11. After Go 1.5
    GoݴޠΛ༻͍ͯɺLightweight LanguageͷΑ͏ͳॻ͖
    ຯͰɺLinuxOSͷϛυϧ΢ΣΞ։ൃ͕Մೳʹͳͬͨ
    package main
    /*
    #include
    #include
    */
    import "C"
    //export _nss_stns_getpwnam_r
    func _nss_stns_getpwnam_r(name *C.char, pwd *C.struct_passwd) int {
    return set(&Passwd{pwd, result}, "user", "name", C.GoString(name))
    }

    View Slide

  12. View Slide

  13. STNS
    LinuxͷϢʔβʔɺάϧʔϓͷ໊લղܾɺೝূػೳΛ
    ఏڙ͢ΔLinuxNameService
    % ls -ltr
    -rw-r--r-- 1 pyama wheel 0 May 8 00:09 php_fukuoka.txt
    % ls -ltr
    -rw-r--r-- 1 1000 1000 0 May 8 00:09 php_fukuoka.txt
    id:1000 to pyamaͷ໊લղܾ

    View Slide

  14. STNSͷഎܠ
    1.DevOpsɺσϓϩΠ؀ڥͷભҠʹΑͬͯSSHϩάΠ
    ϯ͕ඞཁͳϢʔβʔͷ૿Ճ
    2.Ϣʔβʔ૿Ճ΍࿈ܞઌ૿Ճʹ൐͍ഁ୼͔͚ͨ͠
    LDAP͔ΒͷҠߦઌ
    3.ͱʹ͔͘๻ͱ͍͏࠽ೳΛӡ༻؅ཧͱ͔ʹ࢖͍ͨ͘
    ͳ͔ͬͨ

    View Slide

  15. ίϯηϓτ
    ໊લղܾɺެ։伴औಘɺsudoೝূͷΈΛఏڙ͢Δɻ
    ଟ͘Λ΍Βͣɺγϯϓϧʹอͭ͜ͱͰ؅ཧɺ
    ૊Έ߹ΘͤΛ༰қʹɻ
    https://github.com/STNS/STNS

    View Slide

  16. ΞʔΩςΫνϟ
    STNS
    http(1104)
    Client
    ls
    libnss-stns
    libpam-stns
    query-wrapper
    key-wrapper
    /user/name/pyama
    {
    name:pyama,
    id: 1000,
    dir:/home/pyama

    }

    View Slide

  17. ΞʔΩςΫνϟ
    STNS
    http(1104)
    Client
    ls
    libnss-stns
    libpam-stns
    query-wrapper
    key-wrapper
    /user/name/pyama
    {
    name:pyama,
    id: 1000,
    dir:/home/pyama

    }

    View Slide

  18. nss
    Network Security Service
    libnss_.so.2(version)ͷϥΠϒϥϦΛಡΈࠐ
    Έɺ໋໊ن໿ʹ߹கͨ͠γϯϘϧ͕ଘࡏ͢Δ৔߹ίʔ
    ϧͯ͘͠ΕΔ
    http://www.gnu.org/software/libc/manual/html_node/NSS-
    Modules-Interface.html

    View Slide

  19. nss
    passwd
    _nss_stns_getpwnam_r
    _nss_stns_getpwuid_r
    _nss_stns_setpwent
    _nss_stns_endpwent
    _nss_stns_getpwent_r
    group
    _nss_stns_getgrnam_r
    _nss_stns_getgrgid_r
    _nss_stns_setgrent
    _nss_stns_endgrent
    _nss_stns_getgrent_r
    shadow
    _nss_stns_getspnam_r
    _nss_stns_setspent
    _nss_stns_endspent
    _nss_stns_getspent_r
    libnss_stns.so
    ͜ͷ໊લͷfunctionΛఆٛ͢Δ͚ͩͰ
    STNS͸࡞ΕΔ

    View Slide

  20. stns.conf(αʔό)
    port = 1104
    include = "/etc/stns/conf.d/*"
    # ϕʔγοΫೝূΛαϙʔτ
    user = "basic_user"
    password = "basic_password"
    [users.example]
    id = 1001
    group_id = 1001
    keys = ["ssh-rsa XXXXX…"]
    [groups.example]
    id = 1001
    users = ["example"]
    [sudoers.example]
    password =
    "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
    hash_type = "sha256"

    View Slide

  21. ࠓ෩ͳػೳ

    View Slide

  22. ΞϓϦέʔγϣϯσϓϩΠ
    [email protected]
    [email protected]
    [email protected]
    /home/deploy/.ssh/authrized_keys
    ʹ֤Ϣʔβʔͷެ։伴Λొ࿥

    View Slide

  23. σϓϩΠϢʔβʔͷ؅ཧ
    ࡢࠓͷWebαʔϏεͰ͸σϓϩΠઐ༻ϢʔβʔΛઃ
    ͚ͯσϓϩΠ͢Δ͜ͱ͕ଟ͍ɻ
    ͔͠͠ɺطଘͷ࢓૊ΈͰ࣮ݱ͢Δʹ͸σϓϩΠϢʔ
    βʔͷ~/.ssh/authorized_keysʹσϓϩΠ͢ΔϢʔ
    βʔͷެ։伴Λฒ΂ͨΓ͢Δඞཁ͕͋ͬͨ

    View Slide

  24. σϓϩΠϢʔβʔͷ؅ཧ
    [users.deploy]
    id = 1000
    group_id = 1000
    link_users = [“example1","example2"]
    [users.foo]
    keys = ["ssh-rsa aaa”]
    [users.bar]
    keys = ["ssh-rsa bbb"]
    deployϢʔβʔͰSSHϩάΠϯ͢Δࡍʹɺlink_usersͰ
    ࢦఆͨ͠Ϣʔβʔͷެ։伴Λར༻͢Δ͜ͱ͕ग़དྷΔ
    →authorized_keysʹॻ͔ͳͯ͘ྑ্͍ʹɺ
    ɹ୭͕σϓϩΠग़དྷΔͷ͔Ұ໨ྎવ

    View Slide

  25. ࢖ͬͯΈΔʁ

    View Slide

  26. ಋೖͷखܰ͞
    1ίϚϯυͰϦϙδτϦΛ௥Ճ͠ɺ
    yumɺaptͰ࠷৽൛Λར༻Մೳ

    View Slide

  27. ಋೖͷखܰ͞
    puppetϚχϑΣετɺchefΫοΫϒοΫΛఏڙ
    Ճ͑ͯ೔ຊޠΠϯετʔϧυΩϡϝϯτ
    https://github.com/STNS/STNS/blob/master/docs/install_ja.md

    View Slide

  28. ৄࡉ͸ઌि౦ژʹஔ͍͖ͯͨ
    https://www.youtube.com/watch?v=ZBuEsQ3rnm4

    View Slide

  29. ͯ͞࿩͸໭ΓɺGo

    View Slide

  30. CGOʹ΋ز੍͔ͭ໿͕͋Δ
    1.ڞ༗ϥΠϒϥϦʹग़དྷΔͷ͸mainύοέʔδͷΈ
    2.CGO͸testʹؚΊΒΕͳ͍
    3.Go 1.5Ͱ͸32bitͷڞ༗ϥΠϒϥϦ͕αϙʔτ͞Ε
    ͍ͯͳ͍(1.6͸OK)

    View Slide

  31. Linuxϛυϧ΢ΣΞ࡞Δʹ͸֮ޛ͕͍Δ
    ʮ$ ls ~ʯͷΑ͏ʹೖྗޙλϒิ׬ͨ͠ࡍʹɺ
    bash͕clone͞Εͯɺΰϧʔνϯ͕ແݶϧʔϓͨ͠Γ

    View Slide

  32. $ strace getent passwd

    View Slide

  33. $ LD_DEBUG=symbols,bindings id

    View Slide

  34. $ vim ldap-pwd.c

    View Slide

  35. ࠶ܝ
    ͨͩ͠ɺCݴޠͷ࠷௿ݶͷ஌ࣝɺ
    ૬Ԡͷσόοάೳྗ͸ඞཁ

    View Slide

  36. ๻ʹͱͬͯ͸Go͕
    ࠷ޙͷҰຕͩͬͨ

    View Slide

  37. Go
    ɾόΠφϦ
    ɾڞ௨ϥΠϒϥϦ
    ɾαʔό
    ɾΫϩείϯύΠϧ
    ɾѹ౗తੜ࢈ੑ

    View Slide

  38. ৽͍͠ݴޠͰ
    ৽͍͠Ձ஋ΛੜΊͨ

    View Slide