Upgrade to Pro — share decks privately, control downloads, hide ads and more …

hoscon2016-shibuya-takumakume

Takuma Kume
October 29, 2016

 hoscon2016-shibuya-takumakume

ホスティングにおける柔軟かつ軽量なアクセス制御の必要性とその実装
---
GMOペパボ株式会社
ホスティング事業部インフラエンジニア 久米 拓馬 @takumakume

ホスティングサービスは色々なお客様のデータをお預かりしている性質上、様々なプログラムが動作し刻一刻と負荷状況が変動します。我々は多くのお客様に安定的にサービスをご利用いただくために、その変化に対応できる柔軟な負荷コントロールを行う必要がありました。本セッションでは、パフォーマンス劣化を最小限に抑えつつ、アクセス先ファイルや時間帯に応じて柔軟なアクセスコントロールをmrubyを用いて実現しサービスに導入しましたのでご紹介します。

Takuma Kume

October 29, 2016
Tweet

More Decks by Takuma Kume

Other Decks in Technology

Transcript

  1. ٱถ୓അ(.01FQBCP *OD
    (.0)PTUJOH$POGFSFODF!ौ୩
    ϗεςΟϯάʹ͓͚Δॊೈ͔ͭܰྔͳΞΫηε੍ޚͷ
    ඞཁੑͱͦͷ࣮૷

    View full-size slide

  2. ࣗݾ঺հ
    ٱถ ୓അ (@takumakume)
    ߴߍଔۀʙ6೥ؒ
    ΠϯλʔωοταʔϏεϓϩόΠμͰۈ຿
    ωοτϫʔΫʙϛυϧ΢ΣΞͷߏங
    ϓϦηʔϧεΤϯδχΞ
    2016೥4݄͔ΒϖύϘʹೖࣾ
    ϩϦϙοϓʂͷΠϯϑϥΤϯδχΞ
    ෱Ԭग़਎ɾ෱Ԭࡏॅ
    ϚΠϒʔϜ͸ڕΛ௼ͬͯࡹ͘͜ͱ

    View full-size slide

  3. ϖύϘͷαʔϏε
    ϗεςΟϯά
    ࣄۀ
    &$ࢧԉ
    ࣄۀ
    ϋϯυϝΠυ
    ࣄۀ
    ίϛϡχςΟ
    ࣄۀɾͦͷଞ

    View full-size slide

  4. ໨࣍
    ϗεςΟϯάʹ͓͚Δॊೈ͔ͭܰྔͳΞΫηε੍ޚͱ͸
    mrubyΛ༻͍ͨ࣍ੈ୅ΞΫηε੍ޚͷ࣮૷
    mrubyΛ༻͍ͨϛυϧ΢ΣΞ։ൃʹ͓͚ΔE2Eςετ
    ·ͱΊ
    ࠓޙͷ༧ఆ

    View full-size slide

  5. ϗεςΟϯάʹ͓͚Δॊೈ͔ͭܰྔͳΞΫηε੍ޚ
    ͱ͸

    View full-size slide

  6. ॊೈ͔ͭܰྔͳΞΫηε੍ޚ

    View full-size slide

  7. ϗεςΟϯάʹ͓͚ΔΞΫηε੍ޚ
    ϗεςΟϯά͸ͦͷಛੑ্ɺ͓٬༷ͷ༷ʑͳίϯςϯπΛ͓
    ༬͔Γ͍ͯ͠Δɻ
    தʹ͸ҟৗʹߴෛՙʹͳΔ΋ͷ΍ɺDDoSͷର৅ʹͳΔίϯς
    ϯπͳͲ༷ʑͰ͋Δɻ
    ͔͠͠ɺ͜ͷΑ͏ͳҰ෦ͷίϯςϯπʹΑΓɺͦͷαʔόΛ
    ͝ར༻௖͍͍ͯΔେଟ਺ͷଞͷ͓٬༷͕շదʹ8Λར༻Ͱ͖ͳ͘
    ͳͬͯ͠·͏͜ͱ͸ɺ͋ͬͯ͸ͳΒͳ͍ͱզʑ͸ߟ͍͑ͯ·͢ɻ

    View full-size slide

  8. ຊηογϣϯͰ͸ͦͷղܾखஈͷ̍ͭͱͯ͠ɺ
    ϩϦϙοϓʂͰߦ͍ͬͯΔ
    ଟ͘ͷ͓٬༷ʹշదʹ͝ར༻͍ͨͩͨ͘Ίͷ
    ࣍ੈ୅ΞΫηε੍ޚʹ͍ͭͯ͝঺հ͠·͢ɻ

    View full-size slide

  9. ॊೈ͔ͭܰྔͳΞΫηε੍ޚ

    View full-size slide

  10. ݱঢ়ͷΞΫηε੍ޚͷ՝୊

    View full-size slide

  11. ͜Ε·Ͱʹར༻ͨ͠ΞΫηε੍ޚखஈ

    mod_cbandΛར༻ͨ͠ΞΧ΢ϯτ୯ҐͰͷτϥϑΟοΫ
    ੍ޚͱಉ࣌ΞΫηε਺੍ޚ
    mod_vhost_maxclientsΛར༻ͨ͠υϝΠϯ୯ҐͰͷ
    ಉ࣌ΞΫηε਺੍ޚ
    ͦΕͧΕ՝୊͕͋ͬͨ

    View full-size slide

  12. NPE@DCBOEΛར༻੍ͨ͠ޚʹΑΔ՝୊

    ΞΧ΢ϯτ୯ҐͷτϥϑΟοΫͱಉ࣌ΞΫηε਺੍ݶΛ͍ͯͨ͠ɻ
    CBandSpeed 10Mb/s 30 30
    mod_cbandΛ༗ޮʹ͢Δ͜ͱͰ໿70%ఔ౓ͷύϑΥʔϚϯε
    ྼԽ͕ੜ͡ɺ੍ޚػߏࣗମ͕ϘτϧωοΫͱͳͬͨɻ

    View full-size slide

  13. NPE@WIPTU@NBYDMJFOUTΛར༻੍ͨ͠ޚ

    mod_cbandͷύϑΥʔϚϯεྼԽ͕େ͖͍ͨΊͪ͜ΒΛ࠾༻ɻ
    ಋೖʹΑΔύϑΥʔϚϯεྼԽ͸2%ͱߴ଎ͳιϑτ΢ΣΞɻ
    ҎԼͷΑ͏ʹυϝΠϯ୯Ґͷಉ࣌ΞΫηε਺੍ݶΛߦ͏ɻ

    DocumentRoot /path/to/web
    ServerName hoge.example.jp
    VhostMaxClients 30

    ͔͠͠ɺ࣍ͷΑ͏ͳύλʔϯͰ՝୊͕ੜͨ͡ɻ

    View full-size slide

  14. NPE@WIPTU@NBYDMJFOUTΛͲ͏࢖͍ͬͯΔ͔

    ڞ༻8αʔό
    IPHFDPN
    mod_vhost_maxclientsͷ੍ݶ
    ZDPN
    YDPN
    ஶ͘͠Ϧιʔε࢖༻ྔ͕ภΒͳ͍Α͏ʹେ࿮ͷϦιʔε෼ׂͱ
    ͯ͠ɺ֤υϝΠϯʹಉ࣌઀ଓ਺ͷ੍ݶΛ͔͚͍ͯ·͢ɻ

    View full-size slide


  15. ڞ༻8αʔό
    IPHFDPN
    ॲཧͷॏ͍ϓϩάϥϜʹΞΫηε͕ूத͠αʔό͕ߴෛՙͱͳͬͨ
    mod_vhost_maxclientsͷ੍ݶ
    ZDPN
    YDPN

    View full-size slide


  16. ڞ༻8αʔό
    IPHFDPN
    mod_vhost_maxclientsͷ੍ݶ
    ZDPN
    YDPN
    NPE@WIPTU@NBYDMJFOUTͷ੍ݶΛڧΊΔඞཁ͕͋Δ

    View full-size slide


  17. ڞ༻8αʔό
    IPHFDPN ZDPN
    YDPN
    ੍ݶΛڧΊͨ ܰྔͳίϯςϯπʹ΋ΞΫηεͰ͖ͳ͘ͳΔ

    View full-size slide


  18. ڞ༻8αʔό
    IPHFDPN ZDPN
    YDPN
    ຊདྷ੍ޚ͞ΕΔඞཁ͕ͳ͍ϑΝΠϧ·Ͱ
    ΞΫηεͰ͖ͳ͘ͳͬͯ͠·͏ɻ

    View full-size slide

  19. ղܾํ๏

    ڞ༻8αʔό
    IPHFDPN ZDPN
    YDPN
    ϑΝΠϧ୯ҐͰ੍ޚ
    mod_vhost_maxclients

    View full-size slide

  20. ղܾํ๏

    ڞ༻8αʔό
    IPHFDPN ZDPN
    YDPN
    ϑΝΠϧ୯ҐͰ੍ޚ
    mod_vhost_maxclients
    αʔόͷෛՙΛԼ͛ͭͭɺ੍ޚʹΑΔӨڹΛۃখԽͰ͖Δɻ

    View full-size slide





  21. ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌
    ͋ΔαʔόͷϦιʔεফඅྔ
    <>

    View full-size slide





  22. ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌
    શମ
    ͋ΔαʔόͷϦιʔεফඅྔ
    <>

    ಛఆͷϑΝΠϧ
    ఆظతʹॏ͍ॲཧ͕࣮ߦ͞Ε͍ͯͨ

    View full-size slide





  23. ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌
    શମ
    ͋ΔαʔόͷϦιʔεফඅྔ
    <>

    ಛఆͷϑΝΠϧ
    ಛఆͷϑΝΠϧͷॲཧͰϦιʔεͷ΄ͱΜͲΛফඅ͠
    ఆظతʹଞͷ͓٬༷΁ͷαʔϏεఏڙʹࢧোΛ͖͍ͨͯͨ͠ɻ

    View full-size slide





  24. ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌
    શମ
    ಛఆͷϑΝΠϧ
    ղܾํ๏
    <>

    ෛՙͷߴ͍ϑΝΠϧʹରͯ͠
    ࣌ؒࢦఆͰ੍ޚ͢Δ

    View full-size slide

  25. ॊೈͳΞΫηε੍ޚͷ·ͱΊ
    ݱঢ়ΑΓ΋ࡉ͔͍ɺϑΝΠϧ୯ҐͰΞΫηε੍ޚͰ͖ΔΑ͏
    ʹͯ͠ɺ੍ޚʹΑΔӨڹΛۃখԽ͢Δ͜ͱɻ
    ಛఆͷ࣌ؒͷΈΞΫηε੍ޚΛ༗ޮԽͰ͖Δ͜ͱɻ

    View full-size slide

  26. ॊೈ͔ͭܰྔͳΞΫηε੍ޚ

    View full-size slide

  27. ϗεςΟϯάͰ͸1୆ͷαʔόΛଟ͘ͷ͓٬༷ʹ͝ར༻͍ͨͩ͘͜
    ͱͰ҆Ձʹఏڙ͍ͯ͠Δɻ
    ࠓޙ΋Ͱ͖Δ͚ͩ҆ՁʹշదͳαʔϏεΛఏڙ͍ͨ͠ɻ
    ΞΫηε੍ޚͷػߏ͕ϘτϧωοΫʹͳͬͯ͸ɺͦΕΛୡ੒Ͱ͖
    ͳ͘ͳΔɻ
    ܰྔͳΞΫηε੍ޚͷඞཁੑ

    ΞΫηε੍ޚΛߦ͏ιϑτ΢ΣΞ͸ॲཧ͕ߴ଎Ͱ͋Δඞཁ͕͋Δɻ

    View full-size slide

  28. ॊೈ͔ͭܰྔͳΞΫηε੍ޚ
    ͱ͸

    View full-size slide

  29. ϑΝΠϧ୯ҐͰΞΫηε੍ޚͰ͖Δ͜ͱɻ
    ಛఆͷ࣌ؒଳͷΈΞΫηε੍ޚΛ༗ޮԽͰ͖Δ͜ͱɻ
    ύϑΥʔϚϯεྼԽΛۃྗى͜͞ͳ͍͜ͱɻ
    ॊೈ͔ͭܰྔͳΞΫηε੍ޚͱ͸

    ͲͷΑ͏ʹ࣮ݱ͢Δ͔ʁ

    View full-size slide

  30. ϑΝΠϧ୯ҐͷΞΫηε੍ޚ͸
    طʹ"QBDIFͷϞδϡʔϧ͕ଘࡏ͢Δɻ

    View full-size slide

  31. NPE@WMJNJU
    mod_vlimit
    https://github.com/matsumoto-r/mod_vlimit
    ϑΝΠϧ΍σΟϨΫτϦ୯ҐͰಉ࣌ΞΫηε੍ޚΛ͢Δ͜ͱ͕Ͱ͖Δɻ

    VlimitIP 30 /path/to/hoge.php


    ϑΝΠϧ୯ҐͰͷΞΫηε੍ޚΛߦ͏ػೳ͸͋Δ͕
    ࠓճ͸ಋೖʹ͸ࢸΒͳ͔ͬͨɻ

    View full-size slide

  32. NPE@WMJNJUΛ࠾༻͠ͳ͔ͬͨཧ༝
    ࣌ؒࢦఆͰ੍ݶΛ༗ޮԽͰ͖Δػೳ͕ͳ͍ɻ
    ApacheͷϞδϡʔϧͳͷͰCݴޠͰ࣮૷͞Ε͍ͯΔɻ
    ӡ༻ܥͷπʔϧ͸࣌ؒͷܦաʹରͯ͠ॊೈͳมߋ͕ཁ
    ٻ͞ΕΔɻ
    CݴޠͰͷ։ൃͱͳΔͱ։ൃ޻਺্͕͕Δɺ։ൃऀ͕ݶ
    ΒΕΔɻ

    View full-size slide

  33. Ͱ͸ɺͲͷΑ͏ʹ࣮ݱ͢Δ͔ʁ

    View full-size slide


  34. “mruby” ͳΒղܾͰ͖Δɻ

    View full-size slide

  35. NSVCZ
    Rubyͷύύ͜ͱ “Matz” ͞Μ͕։ൃ͍ͯ͠Δɻ
    লϝϞϦͷ૊ΈࠐΈ޲͚ͷRuby࣮૷ɻ
    Cݴޠ͕ۤखͳͻͱͰ΋ɺmrubyΛ࢖͑͹RubyͰ૊ΈࠐΈ
    ։ൃΛߦ͏ࣄ͕Ͱ͖Δɻ

    View full-size slide

  36. Apache΍NginxͰmrubyΛ༻͍ͨ૊ΈࠐΈ
    ։ൃΛ࣮ݱͨ͠ιϑτ΢ΣΞ͕ଘࡏ͢Δ

    View full-size slide

  37. NPE@NSVCZOHY@NSVCZ
    ฐࣾͷ@matsumotory͕։ൃ͍ͯ͠Δɻ
    mod_mruby
    ApacheͰmrubyΛར༻͢ΔͨΊͷϞδϡʔϧ
    ngx_mruby
    nginxͰmrubyΛར༻͢ΔͨΊͷ֦ு࣮૷

    CݴޠͰϞδϡʔϧΛ࣮૷͠ͳ͚Ε͹࣮ݱͰ͖ͳ͔ͬͨڍಈΛmruby
    Λ࢖͙ͬͯ͢ʹ࣮૷Ͱ͖ͯɺ࠷খݶͷύϑΥʔϚϯεྼԽʹཹΊΔ͜
    ͱ͕Ͱ͖Διϑτ΢ΣΞɻ

    View full-size slide


  38. IUUQTHJUIVCDPNNBUTVNPUPSNPE@NSVCZ
    mod_mruby -1.5%
    ngx_mruby +17.5%
    ੩తίϯςϯπʹର͢ΔύϑΥʔϚϯεܭଌ݁Ռ

    View full-size slide

  39. mrubyΛ༻͍Ε͹֦ுੑɺอकੑΛଛͳΘͣ
    ࠷খݶͷύϑΥʔϚϯεྼԽʹཹΊͯ
    ιϑτ΢ΣΞΛ։ൃ͢Δ͜ͱ͕Ͱ͖Δɻ

    View full-size slide

  40. NSVCZΛ༻͍ͨ࣍ੈ୅ΞΫηε੍ޚͷ࣮૷

    View full-size slide


  41. ࣮૷ʹ͋ͨͬͯར༻ͨ͠ιϑτ΢ΣΞ

    View full-size slide

  42. IUUQBDDFTTMJNJUFS
    ฐࣾͷ @matsumotory ͕։ൃ͍ͯ͠Δɻ
    https://github.com/matsumoto-r/http-access-limiter
    mod_mruby΋͘͠͸ngx_mrubyͰऔಘͨ͠೚ҙͷϦΫΤετύϥ
    ϝʔλΛ༻͍ͯಉ࣌઀ଓ਺ΛΧ΢ϯτ͢Δmruby੡ϛυϧ΢ΣΞ
    औಘͰ͖ΔϦΫΤετύϥϝʔλʹ͸ΞΫηεઌͷϑΝΠϧͷϑϧ
    ύεΛ࢝Ίɺ઀ଓݩͷIPΞυϨε΍ɺURLͳͲΛऔಘͰ͖ΔͨΊ
    ༷ʑͳ༻్Ͱ࢖༻Ͱ͖Δɻ

    View full-size slide

  43. ಈ࡞֓ཁ



    NSVCZ
    8PSLFS
    NSVCZ
    8PSLFS
    NSVCZ
    IUUQE
    ڞ༗ϝϞϦ
    global
    mutex
    ಉ࣌઀ଓ਺
    Χ΢ϯλʔ
    KVS
    ಉ࣌઀ଓ਺Χ΢ϯλʔ
    localmemcacheΛ༻͍ͨ
    Key-Value-Store
    Ωʔͱͨ͠ϦΫΤετύϥϝʔ
    λΛݩʹಉ࣌ΞΫηε਺ΛΧ
    ΢ϯτ͢Δɻ
    global mutex
    ֤Worker͔Βಉ࣌઀ଓ਺Χ
    ΢ϯλʔΛૢ࡞͢ΔͨΊෆ੔
    ߹͕ൃੜ͠ͳ͍Α͏ʹ౎౓ϩο
    ΫΛߦ͏ɻ
    KEY
    /path/to/hoge.php
    VALUE
    1

    View full-size slide

  44. ಈ࡞֓ཁ



    NSVCZ
    8PSLFS
    NSVCZ
    8PSLFS
    NSVCZ
    IUUQE
    ڞ༗ϝϞϦ
    global
    mutex
    ಉ࣌઀ଓ਺
    Χ΢ϯλʔ
    KVS

    ϦΫΤετ

    ϦΫΤετ

    NVUFYΛϩοΫ

    MPDL

    ϦΫΤετύϥϝʔλΛΩʔ
    ʹΠϯΫϦϝϯτ

    ΠϯΫϦϝϯτ
    KEY
    /path/to/hoge.php
    VALUE
    1

    VOMPDL

    NVUFYΛΞϯϩοΫ

    View full-size slide

  45. ಈ࡞֓ཁ



    NSVCZ
    8PSLFS
    NSVCZ
    8PSLFS
    NSVCZ
    IUUQE
    ڞ༗ϝϞϦ
    global
    mutex
    ಉ࣌઀ଓ਺
    Χ΢ϯλʔ
    KVS

    ίϯςϯπͷॲཧΛߦ͏

    NVUFYΛϩοΫ

    MPDL

    σΫϦϝϯτ

    σΫϦϝϯτ

    VOMPDL

    NVUFYΛΞϯϩοΫ
    KEY
    /path/to/hoge.php
    VALUE
    0

    ίϯςϯπͷॲཧ

    View full-size slide

  46. ಈ࡞֓ཁͷ·ͱΊ

    ϦΫΤετ͕͋ͬͨ࣌ʹɺϦΫΤετύϥϝʔλΛmod_mruby΍
    ngx_mrubyΛ༻͍ͯऔಘ͢Δɻ
    ΞΫηε੍ޚΛ͍ͨ͠୯ҐΛΩʔͱͯ͠ɺಉ࣌઀ଓ਺ΛΧ΢ϯτ͢Δɻ
    ෳ਺ͷWorker͔ΒΧ΢ϯλʔૢ࡞͢ΔͨΊɺglobal mutexΛ࢖ͬͯ
    ෆ੔߹͕ى͖ͳ͍Α͏ʹ੍ޚ͢Δɻ

    View full-size slide

  47. ՝୊
    http-access-limiter͸ಉ࣌઀ଓ਺ΛΧ΢ϯτ͢Διϑτ
    ΢ΣΞͰ͋Δɻ
    ͦͷͨΊɺϑΝΠϧຖͷ࠷େಉ࣌઀ଓ਺ͷઃఆػೳ΍ɺ੍ޚ
    Λ༗ޮԽ͢Δ࣌ؒଳΛઃఆ͢Δػೳ͸͍͍ͭͯͳ͍ɻ

    mrubyͰॻ͔Ε͍ͯΔͨΊ؆୯ʹػೳ௥Ճ͕Ͱ͖Δʂ

    View full-size slide

  48. ػೳ௥ՃΠϝʔδ


    NSVCZ
    8PSLFS
    NSVCZ
    8PSLFS
    NSVCZ
    IUUQE
    ڞ༗ϝϞϦ
    global
    mutex
    ಉ࣌઀ଓ਺
    Χ΢ϯλʔ
    KVS
    ੍ޚ৚݅
    localmemcacheΛ༻͍ͨ
    Key-Value-Store
    ϑΝΠϧͷϑϧύε͕Ωʔ
    ࠷େಉ࣌઀ଓ਺
    ੍ݶΛ༗ޮԽ͢Δ࣌ؒଳ
    KVS
    ੍ޚ৚݅

    View full-size slide

  49. ੍ݶ৚݅ͷσʔλ
    /path/to/hoge.php
    {
    "max_clients" : 30, # ࠷େಉ࣌઀ଓ਺
    "time_slots" : [ # ༗ޮʹ͢Δ࣌ؒଳ
    { "begin" : 1200, "end" : 1800 },
    { "begin" : 2100, "end" : 2200 }
    ]
    }
    KEY
    VALUE
    A Aͷؒ͸AQBUIUPIPHFQIQA΁ͷ
    ࠷େ઀ଓ਺ΛAA·Ͱʹ੍ݶ͢Δɻ

    View full-size slide

  50. ػೳ௥Ճޙͷಈ࡞֓ཁ


    NSVCZ
    8PSLFS
    NSVCZ
    8PSLFS
    NSVCZ
    IUUQE
    ڞ༗ϝϞϦ
    global
    mutex
    ಉ࣌઀ଓ਺
    Χ΢ϯλʔ
    KVS
    KVS
    ੍ޚ৚݅

    ϦΫΤετ

    ϦΫΤετ

    ੍ޚ৚݅
    Λࢀর

    ੍ޚ৚݅Λࢀর
    ɹɹଘࡏ͠ͳ͚Ε͹ॲཧऴྃ

    NVUFYΛϩοΫ

    MPDL

    ϑΝΠϧͷϑϧύεΛΩʔʹ
    ΠϯΫϦϝϯτ

    ΠϯΫϦϝϯτ

    ΋੍͠ݶ͕༗ޮͳ࣌ؒଳͰಉ
    ࣌઀ଓ਺੍ݶΛ௒ա͍ͯ͠Ε͹
    ΤϥʔΛฦ͢

    View full-size slide

  51. ࢖͍ํ IUUQEDPOG

    LoadModule mruby_module modules/mod_mruby.so

    # Apacheͷϓϩηε͕ىಈͨ࣌͠ʹϑοΫ͞ΕΔ
    # http-access-limiterͷΫϥεΛఆٛɺ࣍ʹىಈ͢ΔWorker͕ࢀরͰ͖ΔΑ͏ʹ͢Δɻ
    mrubyPostConfigMiddle /etc/httpd/conf.d/access_limiter/access_limiter_init.rb cache

    # ΞΫηε͕ൃੜͨ͠ͱ͖ʹϑοΫ͞ΕΔ
    # ಉ࣌઀ଓ਺Χ΢ϯλΛΠϯΫϦϝϯτ͢Δ
    # ͞Βʹɺ࠷େಉ࣌઀ଓ਺Λ௒աͨ͠৔߹ʹ503ΤϥʔΛฦ͢ͳͲͷΞΫγϣϯΛهड़͢Δɻ
    mrubyAccessCheckerMiddle /etc/httpd/conf.d/access_limiter/access_limiter.rb cache
    # ίϯςϯπͷॲཧ͕ऴΘͬͨͱ͖ʹϑοΫ͞ΕΔ
    # ಉ࣌઀ଓ਺Χ΢ϯλΛσΫϦϝϯτ͢Δ
    mrubyLogTransactionMiddle /etc/httpd/conf.d/access_limiter/access_limiter_end.rb cache



    View full-size slide

  52. ։ൃதͷ໰୊఺


    NSVCZ
    8PSLFS
    NSVCZ
    8PSLFS
    NSVCZ
    IUUQE
    ڞ༗ϝϞϦ
    global
    mutex
    ಉ࣌઀ଓ਺
    Χ΢ϯλʔ
    KVS

    ϦΫΤετ

    ϦΫΤετ

    NVUFYΛϩοΫ

    MPDL

    ΠϯΫϦϝϯτ

    ΠϯΫϦϝϯτ

    ίϯςϯπͷॲཧ
    4FHNFOUBUJPO'BVMU
    8PSLFSϓϩηε͕ҟৗऴྃ͠ɺ
    Ҏ߱ͷσΫϦϝϯτͷॲཧ͕
    ߦΘΕͳ͘ͳΔɻ

    View full-size slide


  53. Χ΢ϯλʔ্͕͕Γͬͺͳ͠ʹͳͬͯ͠·͍ɺ
    ಉ࣌઀ଓՄೳͳ਺͕ݮͬͯ͠·͏ɻ

    View full-size slide

  54. ໰୊఺ͷղܾ
    ಉ࣌઀ଓ਺ΛΧ΢ϯτ͢ΔKVSͷσʔλͷ࣋ͪํΛมߋͨ͠ɻ
    มߋલͷΧ΢ϯλʔ มߋޙͷΧ΢ϯλʔ
    KEY VALUE KEY VALUE
    /path/to/hoge.php 2 /path/to/hoge.php 2
    create_time_/path/to/hoge.php 1477303672
    Χ΢ϯλʔ͕ʹͳͬͨ࣌ؒΛه࿥ͯ͠ɺҰఆ࣌ؒΧ΢ϯλʔ্͕͕Γͬͺͳ͠ʹ
    ͳ͍ͬͯͨΒɺҰ౓ʹ໭͢ͱ͍͏ॲཧΛೖΕΔ͜ͱͰղܾͨ͠ɻ

    View full-size slide


  55. ؾʹͳΔύϑΥʔϚϯε

    View full-size slide

  56. ύϑΥʔϚϯεςετ݁Ռ
    abΛ࢖ͬͯύϑΥʔϚϯεΛଌఆ͠·ͨ͠ɻ
    ςετύλʔϯ ྼԽ཰
    httpd 0%
    httpd + http-access-limiter 3%
    httpd + http-access-limiter (੍ݶର৅) 5%
    WordPress΁ͷΞΫηε
    10ສϦΫΤετ100ଟॏ / CPU24ίΞɾRAM32GB
    ςετύλʔϯ ྼԽ཰
    httpd 0%
    httpd + http-access-limiter 3%
    httpd + http-access-limiter (੍ݶର৅) 30%
    phpinfo()΁ͷΞΫηε

    View full-size slide

  57. ύϑΥʔϚϯεςετ݁Ռʹର͢Δߟ࡯
    access-limiterͷಋೖʹੜ͡ΔύϑΥʔϚϯεྼԽ͸3%ͱߴ
    ଎Ͱ͋Δ͜ͱ͕෼͔ͬͨɻ
    DBΛ࢖͏WordPressͰ͸ɺΞϓϦέʔγϣϯͷॲཧ͕Φʔό
    ϔουͱͳͬͯaccess-limiterΛಋೖ͢Δ͜ͱʹΑΔΦʔό
    ϔου͸ޡࠩఔ౓ͱͳͬͨɻ
    phpinfo()ͷΑ͏ͳܰྔͳॲཧͷ৔߹ʹɺ੍ݶର৅ͱͨ͠ͱ͖
    ʹ3ׂఔ౓ύϑΥʔϚϯεྼԽ͕ੜͨ͡ɻ

    View full-size slide


  58. ͲͷΑ͏ʹͯ͠ύϑΥʔϚϯεΛ
    ޲্͍ͤͯ͞Δͷ͔ʁ

    View full-size slide

  59. NSVCZΛ࢖ͬͨϛυϧ΢ΣΞ։ൃʹ͓͚Δ
    ύϑΥʔϚϯε޲্ͷ޻෉

    View full-size slide

  60. ύϑΥʔϚϯε޲্ͷ޻෉


    NSVCZ
    8PSLFS
    NSVCZ
    8PSLFS
    NSVCZ
    8PSLFS
    NSVCZ
    8PSLFS
    NSVCZ
    KVS͔Β৘ใΛऔಘ͢Δͱ͖
    KVS
    ϦΫΤετ ϦΫΤετ ϦΫΤετ ϦΫΤετ
    PQFO PQFO PQFO PQFO
    ϦΫΤετຖʹKVSΛOpen͢Δͱޮ཰͕ѱ͍

    View full-size slide

  61. ύϑΥʔϚϯε޲্ͷ޻෉
    mod_mruby΍ngx_mrubyʹ͸mrubyΛϑοΫͰ͖ΔλΠϛϯά͕ز͔ͭ͋Γ·͢ɻ
    http-access-limiterͰ࢖͍ͬͯΔͷ͸ҎԼͷσΟϨΫςΟϒͰ͢ɻ
    σΟϨΫςΟϒ λΠϛϯά
    mrubyPostConfigMiddle ਌ϓϩηεىಈ࣌
    mrubyAccessCheckerMiddle ϦΫΤετΛड͚෇͚ͨͱ͖
    mrubyLogTransactionMiddle ΫϥΠΞϯτʹϨεϙϯεΛૹ৴ͨ͋͠ͱ

    View full-size slide

  62. ύϑΥʔϚϯε޲্ͷ޻෉


    NSVCZ
    KVSʹΞΫηε͢Δͱ͖
    KVS
    8PSLFS
    NSVCZ
    8PSLFS
    NSVCZ
    8PSLFS
    NSVCZ
    8PSLFS
    NSVCZ
    ϦΫΤετ ϦΫΤετ ϦΫΤετ ϦΫΤετ
    ڞ༗ϝϞϦ
    KVS
    PQFO
    ΦϒδΣΫτΛ֨ೲ

    View full-size slide


  63. ΞΫηεຖʹKVSΛ։͘ಈ࡞͕লུͰ͖ΔͷͰ
    ΞϓϦέʔγϣϯ͸ߴ଎ʹͳΔ

    View full-size slide

  64. ύϑΥʔϚϯε޲্ͷ޻෉
    mruby-userdataͱ͍͏mgemΛར༻͢Δɻ
    # mrubyPostConfigMiddle(ϓϩηεىಈ࣌)
    Userdata.new.shared_kvs = Cache.new :filename => "store.lmc"
    # mrubyAccessCheckerMiddle(ΞΫηε࣌)
    cache = Userdata.new.shared_kvs ɹɹɹɹ # ڞ༗ϝϞϦΛࢀর͢Δ
    p cache.get["hoge"]

    ଞʹ΋MySQL΍RedisͳͲʹ઀ଓ͢ΔΑ͏ͳ৔߹ʹ΋༗ޮͳखஈ

    View full-size slide

  65. ύϑΥʔϚϯε޲্ͷ޻෉
    σΟϨΫςΟϒͷએݴ࣌ʹcacheΦϓγϣϯΛ͚ͭΔɻ
    ϓϩηεىಈ࣌ʹόΠτίʔυม׵͞Εͯɺ࣮ߦͷͨͼʹίϯύΠ
    ϧ͕ߦΘΕͳ͍ͨΊߴ଎ɻ
    σϝϦοτͱͯ͠ίʔυΛมߋͨ͠৔߹͸ɺϓϩηεͷϦελʔτ
    ͕ඞཁʹͳΔɻ
    mrubyPostConfigMiddle /etc/httpd/conf.d/script/init.rb cache

    View full-size slide

  66. NSVCZΛ༻͍ͨϛυϧ΢ΣΞ։ൃʹ͓͚Δ
    &&ςετ

    View full-size slide

  67. &&ςετͷ໨త
    ΫϥΠΞϯτɾαʔόؒͰҙਤ͍ͯ͠Δಈ͖Λ͍ͯ͠Δ͔Λ֬ೝɻ
    [access_limiterͩͱ] ࢦఆͨ͠ಉ࣌઀ଓ਺ʹୡͨ࣌͠ʹҙਤ͢Δε
    ςʔλείʔυΛฦ͢͜ͱ͕Ͱ͖Δ͔ʁ
    ΫϥΠΞϯτɾαʔόؒͰҙਤ͢ΔύϑΥʔϚϯεΛग़͍ͤͯΔ͔Λ֬ೝɻ
    [access_limiterͩͱ] ϩοΫɺΞϯϩοΫɺΠϯΫϦϝϯτɺσΫϦ
    ϝϯτͱϘτϧωοΫʹͳΓ͏Δಈ࡞Λ͍ͯ͠ΔͷͰૉͷhttpdͱൺ΂ͯ
    Ͳͷ͘Β͍ύϑΥʔϚϯε͕ྼԽ͢Δͷ͔ʁͦΕ͸ڐ༰ൣғ͔ʁ

    View full-size slide

  68. &&ςετͷඞཁੑ
    mrubyιʔείʔυΛॻ͖׵͑ͨ࣌ʹͦͷมߋ͕ͲΕ͚ͩύϑΥʔ
    ϚϯεʹӨڹΛٴ΅͔͢Λ౎౓೺Ѳ͢Δඞཁ͕͋Δɻ
    E2Eςετ͕͋Ε͹ɺଞͷਓ΋ίʔυΛॻ͖׵͑΍͍͢ɻ
    ෛՙΛ͔͚ͨঢ়ଶͰਖ਼ৗͳಈ࡞Λ͢Δ͔ɻ
    ௨ৗͷιϑτ΢ΣΞ։ൃͱ͸ҧ͍ΫϥΠΞϯτͱApache΍Nginx
    ͷؒʹҐஔ͢Δ෦෼Λ։ൃ͢ΔͨΊUnitςετͷΈͰ͸ෆे෼ɻ

    View full-size slide

  69. ͲͷΑ͏ʹςετ͢Δ͔ʁ

    View full-size slide

  70. ෛՙΛ͔͚ͯύϑΥʔϚϯεΛଌఆ͢Δʹ͸ʁ
    abίϚϯυ

    # ab -c 100 -n 100000 -k http://localhost/phpinfo.php
    :
    Requests per second: 1699.53 [#/sec] (mean)
    Time per request: 58.840 [ms] (mean)
    Time per request: 0.588 [ms] (mean, across all concurrent
    requests)
    Transfer rate: 73499.65 [Kbytes/sec] received
    ෛՙΛ͔͚ͨ݁Ռɺ3FDTFD΍Ϩεϙϯείʔυ͕
    ҙਤͨ͠΋ͷͩͬͨͷ͔Λ؆୯ʹ֬ೝ͍ͨ͠ʂ

    View full-size slide

  71. ab-mrubyΛ࢖͑͹࣮ݱͰ͖Δ

    View full-size slide

  72. BCNSVCZͷ࢖͍ํ
    ҎԼͷΑ͏ʹίϚϯυΛ࣮ߦ͠·͢ɻ
    ˌab-mruby -m config.rb -M suite.rb http://hoge.jp/phpinfo.php
    ҎԼͷΑ͏ʹςετͷઃఆ͠·͢ɻ
    add_config(
    "TotalRequests" => 100000,
    "Concurrency" => 100,
    "KeepAlive" => true,
    )
    test_suite do
    "CompleteRequests".should_be 100000
    "RequestPerSecond".should_be_over 1000
    "Non2xxResponses".should_be 0
    end
    config.rb
    suite.rb
    ςετͷઃఆΛهड़
    ςετ݁Ռͷ͋Δ΂͖
    ঢ়ଶΛهड़

    View full-size slide

  73. Mac
    IUUQBDDFTTMJNJUFSͰ͸͜͏͍ͯ͠Δ
    ςετ؀ڥ͸DockerͰίϯςφΛ্ཱͪ͛ͯߏங͢Δɻ
    ab-mrubyΛ࢖ͬͯabͷ݁ՌΛςετ͢Δɻ
    WEB Client
    httpd
    mod-mruby
    ab-mruby
    Docker
    ςετύλʔϯ͸
    httpd
    httpd + access-limiter
    httpd + access-limiter(੍ݶ͋Γ)
    ύϑΥʔϚϯεͷਪҠΛ֬ೝͰ͖ΔΑ͏ʹ͠
    ͯͲ͕͜ϘτϧωοΫʹͳ͍ͬͯΔ͔Λ෼͔
    ΔΑ͏ʹ͍ͯ͠·͢ɻ

    BCʹΑΔෛՙ

    View full-size slide

  74. IUUQBDDFTTMJNJUFSͰ͸͜͏͍ͯ͠Δ
    ςετ࣮ߦ͸ҎԼͷΑ͏ʹ͠·͢ɻ
    ύϑΥʔϚϯεࢼݧ͸සൟʹߦ͏ͷͰɺΦϖϨʔγϣϯΛ؆୯ʹ͢ΔͨΊʹɺશͯ
    ͷςετύλʔϯΛrakeίϚϯυ1ൃͰͰ͖ΔΑ͏ʹ͍ͯ͠·͢ɻ
    ˌrake e2e:test
    >>
    >> performance test
    >>
    :
    Finished 100000 requests
    [TEST CASE] [true] CompleteRequests (100000) should be 100000
    [TEST CASE] [true] RequestPerSecond (1024.9543902983) should be over 1000
    [TEST CASE] [true] Non2xxResponses (0) should be 0
    test suites: [true]

    View full-size slide

  75. &&ςετͷ໨తΛୡ੒Ͱ͖ͨ
    E2Eςετͷ໨త
    ΫϥΠΞϯτɾαʔόؒͰҙਤ͍ͯ͠Δಈ͖Λ͍ͯ͠Δ͔Λ֬ೝɻ
    ΫϥΠΞϯτɾαʔόؒͰҙਤ͢ΔύϑΥʔϚϯεΛग़͍ͤͯΔ͔Λ֬ೝɻ

    E2EςετΛίϚϯυҰൃͰ؆୯ʹͰ͖ΔΑ͏ʹͳͬͨ

    View full-size slide

  76. ·ͱΊ
    ϗεςΟϯά͸ڞ༗αʔόͰ͋ΔͷͰɺΑΓଟ͘ͷਓ͕҆Ձ
    Ͱշదʹ͝ར༻͍ͨͩͨ͘ΊʹΞΫηε੍ޚ͸ඞཁɻ
    ΞΫηε੍ޚͷ୯ҐΛΑΓࡉ੍͔ͯ͘͠ޚʹΑΔӨڹΛۃখ
    Խ͠ɺద੾ͳΞΫηε੍ޚΛ࣮ݱͨ͠ɻ
    ࣮ݱखஈͱͯ͠อकੑɺ֦ுੑɺੑೳͷόϥϯε͕Α͍
    mrubyΛ༻͍ͨɻ

    View full-size slide

  77. ࠓޙͷ༧ఆ

    View full-size slide

  78. ࠓޙͷ༧ఆ
    ڕΛ͞͹͖ͭͭɺద੾ʹΞΫηεΛ͞͹͍͍͖͍ͯͨͰ͢ɻ

    View full-size slide

  79. ࠓޙͷ༧ఆ
    ڕΛ͞͹͖ͭͭɺద੾ʹΞΫηεΛ͞͹͍͍͖͍ͯͨͰ͢ɻ
    mrubyͰ࣮૷ͨ͜͠ͱΛ׆͔ͯ͠ɺ·ͩ·ͩൃల్্ͷhttp-access-
    limiterΛࠓޙ΋ϒϥογϡΞοϓ͍ͯ͘͠ɻ
    ฐࣾͰ͸ෛՙίϯτϩʔϧͷࣗಈԽʹऔΓ૊ΜͰ͍·͢ɻ
    http-access-limiter͸ઃఆͷϦϩʔυ͕ඞཁͳ͘ɺ੍ޚͷӨڹͷ
    ۃখԽΛ࣮ݱͨ͠ιϑτ΢ΣΞͳͷͰࣗಈԽʹద͍ͯ͠·͢ɻ
    ͦͷͨΊɺࠓޙ͸http-access-limiterΛ࢖ͬͨࣗಈతͳෛՙίϯ
    τϩʔϧΛߦ͍͖͍ͬͯͨͱߟ͍͑ͯ·͢ɻ

    View full-size slide

  80. ϖύϘͰҰॹʹಇ͘஥ؒΛืू͍ͯ͠·͢ʂ
    ࠷৽ͷ࠾༻৘ใΛνΣοΫˠ !QC@SFDSVJU

    View full-size slide