Upgrade to Pro — share decks privately, control downloads, hide ads and more …

STNS pepabo_hatena_tech_con

Kazuhiko Yamashita
July 09, 2016
Technology
0
5.1k

STNS pepabo_hatena_tech_con

ペパボはてな技術大会福岡編でのシンプルなLinuxユーザー管理システムSTNSの資料です

Kazuhiko Yamashita

July 09, 2016
Tweet

More Decks by Kazuhiko Yamashita

See All by Kazuhiko Yamashita
若者とGPTのすべて
pyama86
0
210
Dynamic VM Scheduling
 in OpenStack
pyama86
1
750
GMOペパボにおける大規模インフラのセキュリティ管理
pyama86
1
86
Is Kubernetes On-premises Hardway?
pyama86
2
400
突然のグループ一斉在宅勤務開始!!1に
おける働き方を変革する技術や仕組み
pyama86
4
1k
企業に必要とされている インフラ技術とこれから
pyama86
12
8.3k
「ペパボっぽい」
エンジニアカルチャーを創る
言葉と仕組み
pyama86
20
5.1k
CloudNative Buildpacksで創る、CloudNativeな開発体験
pyama86
9
12k
CN Buildpacksが作る未来
pyama86
2
2.5k

Other Decks in Technology

See All in Technology
Sprasia, Inc. - Sprasia Engineers Culture Deck
sprasiainc
0
110
async-profilerによるスタックトレースタイムトラベル - Kafkaのパフォーマンス問題調査での応用例
line_developers
PRO
1
140
Virtual Threads - 導入の背景と、効果的な使い方 -
skrb
2
310
Impressions of the Ruby Kaigi
suzukahr
1
5.3k
AIの標準化や法規制に関する動向 (2023年版)
asei
3
270
Blueskyちゃん作った話
kojira
0
100
Web API development in Visual Studio 2022
tsubakimoto_s
0
140
Spotify API を使ったアイマス楽曲の楽しみ方
takemikami
0
120
モノリスからの脱却に向けた 物流システムリプレイスの概要紹介 / Towards Decentralized Logistics System Replacement from Monolithic Structure
yumayabe
0
340
copilot-cli(Fargate)でRailsを運用するためのTips / JAWS-UG Okayama 2023
interu
1
350
IoTの振り返りと、IoTが産み出すデータ形式のおさらい【IoT-Tech Meetup】
soracom
PRO
0
830
アクセシビリティへの取り組みにおいての内発的動機付け
junkifurukawa
0
110

Featured

See All Featured
GitHub's CSS Performance
jonrohan
1022
430k
Product Roadmaps are Hard
iamctodd
39
8.2k
Building Your Own Lightsaber
phodgson
96
5k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
152
13k
A designer walks into a library…
pauljervisheath
199
17k
Reflections from 52 weeks, 52 projects
jeffersonlam
341
18k
Building Flexible Design Systems
yeseniaperezcruz
315
35k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
214
12k
GraphQLの誤解/rethinking-graphql
sonatard
41
8.2k
The Illustrated Children's Guide to Kubernetes
chrisshort
26
44k
KATA
mclloyd
13
10k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
32
8.4k

Transcript

  1. QZBNB(.01&1"#0JOD
    ϖύϘɾ͸ͯͳٕज़େձʙΠϯϑϥٕज़ج൫ʙ
    45/4

    View Slide

  2. IUUQTUFOTOBQPODPN
    γχΞɾΤϯδχΞ
    ࢁԼ࿨඙!QZBNB
    ϗεςΟϯάࣄۀ෦ϜʔϜʔυϝΠϯνʔϜ

    View Slide

  3. -JOVYϢʔβʔ؅ཧ
    1.

    View Slide

  4. -JOVYͱ͸ʁ

    View Slide

  5. -JOVY

    View Slide

  6. -JOVYϢʔβʔ؅ཧ
    w -JOVYͰ͸ϑΝΠϧॴ༗ऀɺݖݶ؅ཧ͕Ϣʔβʔɾάϧʔϓ
    ΛݩʹߦΘΕΔ
    w ಛఆͷϢʔβʔݖݶͰίϚϯυΛ࣮ߦ͢Δ4VEPΛ࢝Ίɺ
    ଟ͘ͷίϚϯυͰϢʔβʔɾάϧʔϓͰ੍ޚ͞Ε͍ͯΔ

    View Slide

  7. -JOVYϢʔβʔ؅ཧ
    Ұͭͷ8αʔϏεͰ΋
    ଟ͘ͷ-JOVY͕Քಇ͍ͯ͠Δ

    View Slide

  8. -JOVYϢʔβʔ؅ཧ
    ؤுΔ͘Μ

    View Slide

  9. View Slide

  10. ͕Μ͹Εͳ͍܅ʁ

    View Slide

  11. View Slide

  12. -JOVYϢʔβʔ؅ཧ

    View Slide

  13. 45/4
    w (PMBOH
    w 5PNMܗࣜͷઃఆϑΝΠϧ
    w +40/ΠϯλʔϑΣʔεͷαʔόɾΫϥΠΞϯτ
    w 8SBQQFSΛࣗ༝ʹมߋͰ͖Δ ϓϥΨϒϧ

    View Slide

  14. ίϯηϓτ
    ໊લղܾɺެ։伴औಘɺΞΧ΢ϯτೝূͷΈΛఏڙ
    ͢Δɻଟ͘Λ΍Βͣɺγϯϓϧʹอͭ͜ͱͰ؅ཧɺ
    ૊Έ߹ΘͤΛ༰қʹɻ
    https://github.com/STNS/STNS

    View Slide

  15. -JOVYϢʔβʔάϧʔϓͷ໊લղܾ
    % ls -ltr
    -rw-r--r-- 1 pyama wheel 0 May 8 00:09 hatena_pepabo.txt
    % ls -ltr
    -rw-r--r-- 1 1000 1000 0 May 8 00:09 hatena_pepabo.txt
    id:1000 is pyama

    View Slide

  16. ΞʔΩςΫνϟ
    STNS
    http(1104)
    ls
    libnss-stns
    libpam-stns
    query-wrapper
    key-wrapper
    /user/name/pyama
    {
    name:pyama,
    id: 1000,
    dir:/home/pyama

    }
    αʔόɾΫϥΠΞϯτؒ͸httpΛར༻ͨ͠
    JSONܗࣜͷΠϯλʔϑΣʔε

    View Slide

  17. ઃఆϑΝΠϧαʔό
    QPSU
    JODMVEFFUDTUOTDPOGE
    [email protected]
    [email protected]
    [email protected]
    [email protected]

    JE
    [email protected]
    LFZT<TTISTB99999ʜ>

    JE
    VTFST<FYBNQMF>

    QBTTXPSE
    GEDEBGFBBDBEBCGGCCCDEEDCGB

    View Slide

  18. stns.conf(αʔό)
    stns.conf user.conf
    group.conf
    deploy.conf
    ෳ਺ͷઃఆϑΝΠϧʹ෼ׂ͠ɺ
    ໾ׂ΍૊৫͝ͱʹ؅ཧ͢ΔͱΑ͍

    View Slide

  19. ઃఆϑΝΠϧΫϥΠΞϯτ
    api_end_point = ["http://:1104", "http://:1104"]
    user = "basic_user"
    password = "basic_password"
    wrapper_path = "/usr/local/bin/stns-query-wrapper"
    chain_ssh_wrapper = "/usr/libexec/openssh/ssh-ldap-wrapper"
    ssl_verify = true

    View Slide

  20. ྫ͑͹͜͏͍͏͜ͱ΋ग़དྷΔ
    process
    libnss-stns
    libpam-stns
    query-wrapper
    key-wrapper
    /user/name/pyama
    {
    name:pyama,
    id: 1000,
    dir:/home/pyama

    }
    Linuxϓϩηεͱͷ΍ΓऔΓ͸STNSΛར༻͠ɺ
    Ϣʔβʔ৘ใ͸RailsͰ؅ཧ͢Δ

    View Slide

  21. σϓϩΠϢʔβʔͷ
    ؅ཧ

    View Slide

  22. σϓϩΠϢʔβʔͷ؅ཧ
    [email protected]
    [email protected]
    [email protected]
    /home/deploy/.ssh/authrized_keys
    ʹ֤Ϣʔβʔͷެ։伴Λొ࿥

    View Slide

  23. σϓϩΠϢʔβʔͷ؅ཧ
    ࡢࠓͷWebαʔϏεͰ͸σϓϩΠઐ༻ϢʔβʔΛઃ
    ͚ͯσϓϩΠ͢Δ͜ͱ͕ଟ͍ɻ
    ͔͠͠ɺطଘͷ࢓૊ΈͰ࣮ݱ͢Δʹ͸σϓϩΠϢʔ
    βʔͷ~/.ssh/authorized_keysʹσϓϩΠ͢ΔϢʔ
    βʔͷެ։伴Λฒ΂ͨΓ͢Δඞཁ͕͋ͬͨ

    View Slide

  24. σϓϩΠϢʔβʔͷ؅ཧ
    [users.deploy]
    id = 1000
    group_id = 1000
    link_users = [“foo","bar"]
    [users.foo]
    keys = ["ssh-rsa aaa”]
    [users.bar]
    keys = ["ssh-rsa bbb"]
    deployϢʔβʔͰSSHϩάΠϯ͢Δࡍʹɺlink_usersͰ
    ࢦఆͨ͠Ϣʔβʔͷެ։伴Λར༻ग़དྷΔ
    →authorized_keysʹॻ͔ͳͯ͘ྑ্͍ʹɺ
    ɹ୭͕σϓϩΠग़དྷΔͷ͔Ұ໨ྎવ

    View Slide

  25. ૊৫ߏ଄Λදݱ͢Δ

    View Slide

  26. ૊৫ߏ଄Λදݱ͢Δ
    ྫ͑͹ɺٕज़1՝ʹॴଐ͢ΔϢʔβʔ͸ɺٕज़෦ͷϢʔ
    βʔͰ΋͋Δɻͱ͋Δαʔόʹٕज़෦ͷϢʔβʔ͸ϩά
    Πϯग़དྷΔΑ͏ʹ͍ͨ͠ɻ

    View Slide

  27. ૊৫ߏ଄Λදݱ͢Δ
    [groups.tech]
    users = ["antipop"]
    link_groups = [“tech-1"]
    [groups.tech-1]
    users = ["pyama"]
    pyama͸tech-1ʹॴଐ͢ΔtechͷϢʔβʔͰ͋Δɻ
    ۩ମతͳར༻γʔϯ͸sshd_configͷAllowGroupsɺ
    sudoersͳͲɺάϧʔϓͰ؅ཧ͢Δ৔߹ʹศརɻ

    View Slide

  28. ಋೖ

    View Slide

  29. ಋೖ
    IUUQTUOTKQ

    View Slide

  30. PTT

    View Slide

  31. ಋೖ

    View Slide

  32. ಋೖ
    w SQN EFCڞʹCJU CJU൛ͷఏڙ SFQPTUOTKQ

    DVSMGT4-IUUQTSFQPTUOTKQTDSJQUTZVNSFQPTIcTI
    ZVNJOTUBMMTUOTMJCOTTTUOTMJCQBNTUOT
    IUUQTHJUIVCDPN45/4TUOTDPPLCPPL
    IUUQTHJUIVCDPN45/4QVQQFUTUOT
    w $IFG 1VQQFUͷΫοΫϒοΫɺϚχϑΣετΛఏڙ
    1VQQFUϚχϑΣετ͸!IGN͕։ൃͯ͘͠Εͨ

    View Slide

  33. ಋೖ
    Πϯετʔϧʙ44)ެ։伴ೝূ·Ͱ෼ඵ

    View Slide

  34. ಋೖࣄྫ

    View Slide

  35. Ϣʔβʔ؅ཧ΋(JUIVC'MPX
    (JUIVC&OUFSQSJTF͔ΒϢʔβʔσʔλΛ࡞੒͠ɺ1VMM3FRVFTU
    %SPOFͰࣗಈςετɾਓͷ໨ʹΑΔϨϏϡʔ
    σϓϩΠ

    View Slide

  36. HFOFSBUFCZUIPS
    DPOpHZNM
    UFBNT
    UFDIBENJO˒(JUIVCͷνʔϜ໊
    NVVBENJO
    NJOOFBENJO
    LJCBOˑ[email protected]Λར༻͠૊৫Λ࿈݁
    εΫϦϓτͰ৘ใͷऔಘݩΛ()&ʹू໿͢Δ͜ͱʹΑΓɺϢʔβʔ
    ͷ௥Ճɺ࡟আΛ()&ʹҠৡ͢Δɻ
    ͦ͏͢Δ͜ͱͰγεςϜ͝ͱͷΞΧ΢ϯτࢄࡏΛ๷͙͜ͱ͕ग़དྷ·
    ͢ɻ

    View Slide

  37. ӡ༻Πϝʔδ
    2.

    View Slide

  38. ӡ༻Πϝʔδ
    nginx
    stns
    nginx
    stns
    /HJOYͰ44-Λऴ୺ͭͭ͠ɺ$BQJTUSBOPͳͲͷσϓϩΠπʔϧͰ
    TUOTDPOGΛσϓϩΠ

    View Slide

  39. ӡ༻Πϝʔδ
    nginx
    stns
    nginx
    stns
    αʔόͷTUOTDPOGΛ௚઀ฤू͠ɺ4$1΍STZODͰಉظ

    View Slide

  40. ӡ༻Πϝʔδ ࢖͍౗͢

    process
    libnss-stns
    libpam-stns
    query-wrapper
    key-wrapper
    FUDEΛར༻͠ɺαʔόϨεͳϢʔβʔ؅ཧ

    View Slide

  41. ͱΓ͋͑ͣ৮ͬͯΈΔ

    View Slide

  42. ͜Ε͔ΒϢʔβ؅ཧΛ࢝ΊΔ
    ΈΜͳ΁
    3.

    View Slide

  43. 45/4ϘΫ͕։ൃऀͩ͠࢖ͬͨ΄͏͕͍͍
    w ൥ࡶԽͮ͠Β͍పఈͨ͠γϯϓϧ͞
    w γϯϓϧ͕ނʹ֦ுੑ͕ߴ͍
    w ಋೖͷख͕ؒগͳ͍

    View Slide

  44. 45/4ͰϢʔβʔ؅ཧΛ
    ࢝ΊΑ͏

    View Slide

  45. 5IBOLZPV

    View Slide

  46. ͜͜Ͱঁੑਞ͔Β
    ࣭໰͕ࡴ౸͢Δ

    View Slide