Go言語で実装するLinuxNameServer

Transcript

1. 1.

   ʙීஈ͸PHP΋ॻ͍ͯ·͢ฤʙ GoݴޠͰ࣮૷͢ΔLinuxNameServer

2. 2.

   hi! GMO Pepabo, Inc. ϗεςΟϯάࣄۀ෦ ϜʔϜʔυϝΠϯάϧʔϓ γχΞΤϯδχΞ @pyama86

3. 3.

   blog https://ten-snapon.com

4. 4.

   Go 1.5

5. 5.

   -buildmode=c-shared Go 1.5͔ΒCGOΛར༻͠ڞ༗ϥΠϒϥϦΛ࡞੒Մೳʹ http://qiita.com/masakielastic/items/09018646d7d34996190a

6. 6.

   Go?

7. 7.

   ϫϯόΠφϦͰΠέͯΔίϚϯυ peco pt ghq ghr

8. 8.

   ઌਐతWeb։ൃʁ

9. 9.

   Linux Middleware

10. 10.

    Before Go 1.5 LinuxͷOSϨΠϠͷ࢓༷Λม͑Δʹ͸ɺਂ͘ͳΕ͹ ͳΔ΄ͲCݴޠͷ΄΅ಠஃ৔Ͱ͋ͬͨͱࢥ͏

11. 11.

    After Go 1.5 GoݴޠΛ༻͍ͯɺLightweight LanguageͷΑ͏ͳॻ͖ ຯͰɺLinuxOSͷϛυϧ΢ΣΞ։ൃ͕Մೳʹͳͬͨ package main /* #include

    <pwd.h> #include <sys/types.h> */ import "C" //export _nss_stns_getpwnam_r func _nss_stns_getpwnam_r(name *C.char, pwd *C.struct_passwd) int { return set(&Passwd{pwd, result}, "user", "name", C.GoString(name)) }
12. 12.

    None
13. 13.

    STNS LinuxͷϢʔβʔɺάϧʔϓͷ໊લղܾɺೝূػೳΛ ఏڙ͢ΔLinuxNameService % ls -ltr -rw-r--r-- 1 pyama wheel

    0 May 8 00:09 php_fukuoka.txt % ls -ltr -rw-r--r-- 1 1000 1000 0 May 8 00:09 php_fukuoka.txt id:1000 to pyamaͷ໊લղܾ
14. 14.

    STNSͷഎܠ 1.DevOpsɺσϓϩΠ؀ڥͷભҠʹΑͬͯSSHϩάΠ ϯ͕ඞཁͳϢʔβʔͷ૿Ճ 2.Ϣʔβʔ૿Ճ΍࿈ܞઌ૿Ճʹ൐͍ഁ୼͔͚ͨ͠ LDAP͔ΒͷҠߦઌ 3.ͱʹ͔͘๻ͱ͍͏࠽ೳΛӡ༻؅ཧͱ͔ʹ࢖͍ͨ͘ ͳ͔ͬͨ

15. 15.

    ίϯηϓτ ໊લղܾɺެ։伴औಘɺsudoೝূͷΈΛఏڙ͢Δɻ ଟ͘Λ΍Βͣɺγϯϓϧʹอͭ͜ͱͰ؅ཧɺ ૊Έ߹ΘͤΛ༰қʹɻ https://github.com/STNS/STNS

16. 16.

    ΞʔΩςΫνϟ STNS http(1104) Client ls libnss-stns libpam-stns query-wrapper key-wrapper /user/name/pyama

    { name:pyama, id: 1000, dir:/home/pyama … }
17. 17.

    ΞʔΩςΫνϟ STNS http(1104) Client ls libnss-stns libpam-stns query-wrapper key-wrapper /user/name/pyama

    { name:pyama, id: 1000, dir:/home/pyama … }
18. 18.

    nss Network Security Service libnss_<name>.so.2(version)ͷϥΠϒϥϦΛಡΈࠐ Έɺ໋໊ن໿ʹ߹கͨ͠γϯϘϧ͕ଘࡏ͢Δ৔߹ίʔ ϧͯ͘͠ΕΔ http://www.gnu.org/software/libc/manual/html_node/NSS- Modules-Interface.html

19. 19.

    nss passwd _nss_stns_getpwnam_r _nss_stns_getpwuid_r _nss_stns_setpwent _nss_stns_endpwent _nss_stns_getpwent_r group _nss_stns_getgrnam_r _nss_stns_getgrgid_r

    _nss_stns_setgrent _nss_stns_endgrent _nss_stns_getgrent_r shadow _nss_stns_getspnam_r _nss_stns_setspent _nss_stns_endspent _nss_stns_getspent_r libnss_stns.so ͜ͷ໊લͷfunctionΛఆٛ͢Δ͚ͩͰ STNS͸࡞ΕΔ
20. 20.

    stns.conf(αʔό) port = 1104 include = "/etc/stns/conf.d/*" # ϕʔγοΫೝূΛαϙʔτ user

    = "basic_user" password = "basic_password" [users.example] id = 1001 group_id = 1001 keys = ["ssh-rsa XXXXX…"] [groups.example] id = 1001 users = ["example"] [sudoers.example] password = "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08" hash_type = "sha256"
21. 21.

    ࠓ෩ͳػೳ

22. 22.

    ΞϓϦέʔγϣϯσϓϩΠ deploy@muumuu-domain.com deploy@muumuu-domain.com deploy@muumuu-domain.com /home/deploy/.ssh/authrized_keys ʹ֤Ϣʔβʔͷެ։伴Λొ࿥

23. 23.

    σϓϩΠϢʔβʔͷ؅ཧ ࡢࠓͷWebαʔϏεͰ͸σϓϩΠઐ༻ϢʔβʔΛઃ ͚ͯσϓϩΠ͢Δ͜ͱ͕ଟ͍ɻ ͔͠͠ɺطଘͷ࢓૊ΈͰ࣮ݱ͢Δʹ͸σϓϩΠϢʔ βʔͷ~/.ssh/authorized_keysʹσϓϩΠ͢ΔϢʔ βʔͷެ։伴Λฒ΂ͨΓ͢Δඞཁ͕͋ͬͨ

24. 24.

    σϓϩΠϢʔβʔͷ؅ཧ [users.deploy] id = 1000 group_id = 1000 link_users =

    [“example1","example2"] [users.foo] keys = ["ssh-rsa aaa”] [users.bar] keys = ["ssh-rsa bbb"] deployϢʔβʔͰSSHϩάΠϯ͢Δࡍʹɺlink_usersͰ ࢦఆͨ͠Ϣʔβʔͷެ։伴Λར༻͢Δ͜ͱ͕ग़དྷΔ →authorized_keysʹॻ͔ͳͯ͘ྑ্͍ʹɺ ɹ୭͕σϓϩΠग़དྷΔͷ͔Ұ໨ྎવ
25. 25.

    ࢖ͬͯΈΔʁ

26. 26.

    ಋೖͷखܰ͞ 1ίϚϯυͰϦϙδτϦΛ௥Ճ͠ɺ yumɺaptͰ࠷৽൛Λར༻Մೳ

27. 27.

    ಋೖͷखܰ͞ puppetϚχϑΣετɺchefΫοΫϒοΫΛఏڙ Ճ͑ͯ೔ຊޠΠϯετʔϧυΩϡϝϯτ https://github.com/STNS/STNS/blob/master/docs/install_ja.md

28. 28.

    ৄࡉ͸ઌि౦ژʹஔ͍͖ͯͨ https://www.youtube.com/watch?v=ZBuEsQ3rnm4

29. 29.

    ͯ͞࿩͸໭ΓɺGo

30. 30.

    CGOʹ΋ز੍͔ͭ໿͕͋Δ 1.ڞ༗ϥΠϒϥϦʹग़དྷΔͷ͸mainύοέʔδͷΈ 2.CGO͸testʹؚΊΒΕͳ͍ 3.Go 1.5Ͱ͸32bitͷڞ༗ϥΠϒϥϦ͕αϙʔτ͞Ε ͍ͯͳ͍(1.6͸OK)

31. 31.

    Linuxϛυϧ΢ΣΞ࡞Δʹ͸֮ޛ͕͍Δ ʮ$ ls ~ʯͷΑ͏ʹೖྗޙλϒิ׬ͨ͠ࡍʹɺ bash͕clone͞Εͯɺΰϧʔνϯ͕ແݶϧʔϓͨ͠Γ

32. 32.

    $ strace getent passwd

33. 33.

    $ LD_DEBUG=symbols,bindings id

34. 34.

    $ vim ldap-pwd.c

35. 35.

    ࠶ܝ ͨͩ͠ɺCݴޠͷ࠷௿ݶͷ஌ࣝɺ ૬Ԡͷσόοάೳྗ͸ඞཁ

36. 36.

    ๻ʹͱͬͯ͸Go͕ ࠷ޙͷҰຕͩͬͨ

37. 37.

    Go ɾόΠφϦ ɾڞ௨ϥΠϒϥϦ ɾαʔό ɾΫϩείϯύΠϧ ɾѹ౗తੜ࢈ੑ

38. 38.

    ৽͍͠ݴޠͰ ৽͍͠Ձ஋ΛੜΊͨ