Go言語で実装するLinuxNameServer

Transcript

1. ʙීஈ͸PHP΋ॻ͍ͯ·͢ฤʙ GoݴޠͰ࣮૷͢ΔLinuxNameServer

2. hi! GMO Pepabo, Inc. ϗεςΟϯάࣄۀ෦ ϜʔϜʔυϝΠϯάϧʔϓ γχΞΤϯδχΞ @pyama86

3. blog https://ten-snapon.com

4. Go 1.5

5. -buildmode=c-shared Go 1.5͔ΒCGOΛར༻͠ڞ༗ϥΠϒϥϦΛ࡞੒Մೳʹ http://qiita.com/masakielastic/items/09018646d7d34996190a

6. Go?

7. ϫϯόΠφϦͰΠέͯΔίϚϯυ peco pt ghq ghr

8. ઌਐతWeb։ൃʁ

9. Linux Middleware

10. Before Go 1.5 LinuxͷOSϨΠϠͷ࢓༷Λม͑Δʹ͸ɺਂ͘ͳΕ͹ ͳΔ΄ͲCݴޠͷ΄΅ಠஃ৔Ͱ͋ͬͨͱࢥ͏

11. After Go 1.5 GoݴޠΛ༻͍ͯɺLightweight LanguageͷΑ͏ͳॻ͖ ຯͰɺLinuxOSͷϛυϧ΢ΣΞ։ൃ͕Մೳʹͳͬͨ package main /* #include

    <pwd.h> #include <sys/types.h> */ import "C" //export _nss_stns_getpwnam_r func _nss_stns_getpwnam_r(name *C.char, pwd *C.struct_passwd) int { return set(&Passwd{pwd, result}, "user", "name", C.GoString(name)) }
12. None

13. STNS LinuxͷϢʔβʔɺάϧʔϓͷ໊લղܾɺೝূػೳΛ ఏڙ͢ΔLinuxNameService % ls -ltr -rw-r--r-- 1 pyama wheel

    0 May 8 00:09 php_fukuoka.txt % ls -ltr -rw-r--r-- 1 1000 1000 0 May 8 00:09 php_fukuoka.txt id:1000 to pyamaͷ໊લղܾ

14. STNSͷഎܠ 1.DevOpsɺσϓϩΠ؀ڥͷભҠʹΑͬͯSSHϩάΠ ϯ͕ඞཁͳϢʔβʔͷ૿Ճ 2.Ϣʔβʔ૿Ճ΍࿈ܞઌ૿Ճʹ൐͍ഁ୼͔͚ͨ͠ LDAP͔ΒͷҠߦઌ 3.ͱʹ͔͘๻ͱ͍͏࠽ೳΛӡ༻؅ཧͱ͔ʹ࢖͍ͨ͘ ͳ͔ͬͨ

15. ίϯηϓτ ໊લղܾɺެ։伴औಘɺsudoೝূͷΈΛఏڙ͢Δɻ ଟ͘Λ΍Βͣɺγϯϓϧʹอͭ͜ͱͰ؅ཧɺ ૊Έ߹ΘͤΛ༰қʹɻ https://github.com/STNS/STNS

16. ΞʔΩςΫνϟ STNS http(1104) Client ls libnss-stns libpam-stns query-wrapper key-wrapper /user/name/pyama

    { name:pyama, id: 1000, dir:/home/pyama … }

17. ΞʔΩςΫνϟ STNS http(1104) Client ls libnss-stns libpam-stns query-wrapper key-wrapper /user/name/pyama

    { name:pyama, id: 1000, dir:/home/pyama … }

18. nss Network Security Service libnss_<name>.so.2(version)ͷϥΠϒϥϦΛಡΈࠐ Έɺ໋໊ن໿ʹ߹கͨ͠γϯϘϧ͕ଘࡏ͢Δ৔߹ίʔ ϧͯ͘͠ΕΔ http://www.gnu.org/software/libc/manual/html_node/NSS- Modules-Interface.html

19. nss passwd _nss_stns_getpwnam_r _nss_stns_getpwuid_r _nss_stns_setpwent _nss_stns_endpwent _nss_stns_getpwent_r group _nss_stns_getgrnam_r _nss_stns_getgrgid_r

    _nss_stns_setgrent _nss_stns_endgrent _nss_stns_getgrent_r shadow _nss_stns_getspnam_r _nss_stns_setspent _nss_stns_endspent _nss_stns_getspent_r libnss_stns.so ͜ͷ໊લͷfunctionΛఆٛ͢Δ͚ͩͰ STNS͸࡞ΕΔ

20. stns.conf(αʔό) port = 1104 include = "/etc/stns/conf.d/*" # ϕʔγοΫೝূΛαϙʔτ user

    = "basic_user" password = "basic_password" [users.example] id = 1001 group_id = 1001 keys = ["ssh-rsa XXXXX…"] [groups.example] id = 1001 users = ["example"] [sudoers.example] password = "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08" hash_type = "sha256"

21. ࠓ෩ͳػೳ

22. ΞϓϦέʔγϣϯσϓϩΠ [email protected] [email protected] [email protected] /home/deploy/.ssh/authrized_keys ʹ֤Ϣʔβʔͷެ։伴Λొ࿥

23. σϓϩΠϢʔβʔͷ؅ཧ ࡢࠓͷWebαʔϏεͰ͸σϓϩΠઐ༻ϢʔβʔΛઃ ͚ͯσϓϩΠ͢Δ͜ͱ͕ଟ͍ɻ ͔͠͠ɺطଘͷ࢓૊ΈͰ࣮ݱ͢Δʹ͸σϓϩΠϢʔ βʔͷ~/.ssh/authorized_keysʹσϓϩΠ͢ΔϢʔ βʔͷެ։伴Λฒ΂ͨΓ͢Δඞཁ͕͋ͬͨ

24. σϓϩΠϢʔβʔͷ؅ཧ [users.deploy] id = 1000 group_id = 1000 link_users =

    [“example1","example2"] [users.foo] keys = ["ssh-rsa aaa”] [users.bar] keys = ["ssh-rsa bbb"] deployϢʔβʔͰSSHϩάΠϯ͢Δࡍʹɺlink_usersͰ ࢦఆͨ͠Ϣʔβʔͷެ։伴Λར༻͢Δ͜ͱ͕ग़དྷΔ →authorized_keysʹॻ͔ͳͯ͘ྑ্͍ʹɺ ɹ୭͕σϓϩΠग़དྷΔͷ͔Ұ໨ྎવ

25. ࢖ͬͯΈΔʁ

26. ಋೖͷखܰ͞ 1ίϚϯυͰϦϙδτϦΛ௥Ճ͠ɺ yumɺaptͰ࠷৽൛Λར༻Մೳ

27. ಋೖͷखܰ͞ puppetϚχϑΣετɺchefΫοΫϒοΫΛఏڙ Ճ͑ͯ೔ຊޠΠϯετʔϧυΩϡϝϯτ https://github.com/STNS/STNS/blob/master/docs/install_ja.md

28. ৄࡉ͸ઌि౦ژʹஔ͍͖ͯͨ https://www.youtube.com/watch?v=ZBuEsQ3rnm4

29. ͯ͞࿩͸໭ΓɺGo

30. CGOʹ΋ز੍͔ͭ໿͕͋Δ 1.ڞ༗ϥΠϒϥϦʹग़དྷΔͷ͸mainύοέʔδͷΈ 2.CGO͸testʹؚΊΒΕͳ͍ 3.Go 1.5Ͱ͸32bitͷڞ༗ϥΠϒϥϦ͕αϙʔτ͞Ε ͍ͯͳ͍(1.6͸OK)

31. Linuxϛυϧ΢ΣΞ࡞Δʹ͸֮ޛ͕͍Δ ʮ$ ls ~ʯͷΑ͏ʹೖྗޙλϒิ׬ͨ͠ࡍʹɺ bash͕clone͞Εͯɺΰϧʔνϯ͕ແݶϧʔϓͨ͠Γ

32. $ strace getent passwd

33. $ LD_DEBUG=symbols,bindings id

34. $ vim ldap-pwd.c

35. ࠶ܝ ͨͩ͠ɺCݴޠͷ࠷௿ݶͷ஌ࣝɺ ૬Ԡͷσόοάೳྗ͸ඞཁ

36. ๻ʹͱͬͯ͸Go͕ ࠷ޙͷҰຕͩͬͨ

37. Go ɾόΠφϦ ɾڞ௨ϥΠϒϥϦ ɾαʔό ɾΫϩείϯύΠϧ ɾѹ౗తੜ࢈ੑ

38. ৽͍͠ݴޠͰ ৽͍͠Ձ஋ΛੜΊͨ