Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
vuls
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Yusuke Hasegawa
September 26, 2016
Technology
1k
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
vuls
本番サーバの実運用 on GCP
RPM以外も取り込む実運用での工夫について
Yusuke Hasegawa
September 26, 2016
More Decks by Yusuke Hasegawa
See All by Yusuke Hasegawa
ゲームインフラとGoogle Cloud Platformと酒!
yusukeh
0
89
Other Decks in Technology
See All in Technology
AI Agentをシステムに組み込む前にゆるく向き合ってみる
hayama17
0
170
ぼっちではじめた登壇が「51名」「241件」の発信に化けた
subroh0508
1
330
脱SaaS!FDEを支えるプロビジョニングと分離設計
knih
0
300
From Prompt Engineering to Loop Engineering
shibuiwilliam
1
270
フルAIで個人開発して学んだあれこれ / yuruai vol.1
isaoshimizu
0
150
Agile and AI Redmine Japan 2026
hiranabe
4
500
週末にループ・エンジニアリングの理解を深めるためのスライド
nagatsu
0
540
UIパーツの設計を「型」から読み解く 〜TSKaigiのセッションから得た学び〜
yud0uhu
0
100
「勝手に広まる」人気 AI エージェントを爆速で作ろう!(AWS Summit Japan 2026講演資料)
minorun365
PRO
10
2.6k
クラウドファンディング版StackChan 3体(4体)をインタラクティブな体験型作品にして展示もした話 / スタックチャンお誕生日会2026
you
PRO
0
200
感情と身体を置き去りにしない、エンジニアの生きのこり方 ──いまから、ここから「自分の状態」を扱うという選択
saorimurooka
0
360
はてなのサービス基盤を支える Kubernetes《足腰》
masayoshimaezawa
0
150
Featured
See All Featured
Primal Persuasion: How to Engage the Brain for Learning That Lasts
tmiket
0
380
New Earth Scene 8
popppiees
3
2.4k
Between Models and Reality
mayunak
4
350
[RailsConf 2023] Rails as a piece of cake
palkan
59
6.7k
Done Done
chrislema
186
16k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
Building the Perfect Custom Keyboard
takai
2
800
Become a Pro
speakerdeck
PRO
31
6k
Accessibility Awareness
sabderemane
1
140
<Decoding/> the Language of Devs - We Love SEO 2024
nikkihalliwell
1
260
SEOcharity - Dark patterns in SEO and UX: How to avoid them and build a more ethical web
sarafernandez
0
210
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
2
400
Transcript
ຊ൪αʔόͷ࣮ӡ༻PO($1 RPMҎ֎औΓࠐΉ࣮ӡ༻Ͱͷʹ͍ͭͯ
ϚογϡΞοϓͰ͢ʂ ؾָʹฉ͍ͯԼ͍͞ʂ
ࣗݾհ facebook: yusuke.exzm ࢯ໊ ୩ ༞հ ܦྺ GMO, Yahoo Japan,
Squere Enix etc… 2010ʹgms(gloopsͷલ)ೖࣾ גࣜձࣾgrasysͷදΛΓͳ͕ΒΤϯδχΞͬͯ·͢ɻ ৬छ ΠϯϑϥΤϯδχΞ Google Developer Expert, GCPUG Admin publish Fusion-IOΛ2011ʹຊ൪ಋೖ͠Fusion-IOࣾʹऔΓ্͛ΒΕΔ SoftwareDesign2012.03هࣄ 2012DellͷCMग़ԋʢςϨϏ౦ژ ϫʔϧυϏδωεαςϥΠτʣ IcingaʢnagiosͷforkʣͷϢʔβʔίϛϡχςΟʹܝࡌ ຊॻ͖࢝Ί·ͨ͠
ձࣾհ ໊ࣾ גࣜձࣾgrasys ઃཱ 201411݄13 ද ୩༞հ ࣄۀ༰ Cloud Facilitator
ςΫχΧϧ/ϦηϦϯάύʔτφʔ ਓ 8໊
γεςϜߏʢͬ͘͟Γʣ ࠓͷओvulsͳͷͰ ΄Μͱʹͬ͘͟Γ
جຊతͳߏ ops product servers monitor Google Cloud Platform Compute Engine
Firewall QPSU ssh opsͱ͍͏Πϯελϯε͕த৺ SSH౿Έ ΦʔέετϨʔγϣϯ vulsͷ࣮ߦ͜͜Ͱ
ࢹ ΦʔέετϨʔγϣϯ ίʔσΟωʔλʔ ݴޠ XXenv ཁ݅ͰVersionࢦఆͳͲʹରԠ͢ΔͨΊ ϛυϧΣΞ ιʔε͔ΒίϯύΠϧٴͼBinary൛Λར༻ ཁ݅ͰVersionࢦఆͳͲʹରԠ͢ΔͨΊ ϥΠϒϥϦ
ඞཁ͋Ειʔε͔ΒίϯύΠϧ ཁ݅ͰVersionࢦఆͳͲʹରԠ͢ΔͨΊ Πϯελϯε෦ consulͬͯΔΑʂίϯύΠϧ͚ͬ͜͏ͯ͠ΔΑʂ
twemproxy supervisord vuls ͍Ζ͍Ζͳݴޠ ͍Ζ͍ΖͳϛυϧΣΞ ͍Ζ͍ΖͳతͷγεςϜ
γεςϜʹ͍Ζ͍Ζ͋Δɾɾɾ ɾzݹ͍ͷzΒɾɾɾ ɾzྺ࢙zΒɾɾɾ ɾzഎܠzΒɾɾɾ ɾzࣄzΒɾɾɾ 31.͚ͩͰߏ͢Δ͜ͱ΄΅ͳ͍ɾɾɾ ৽نͷઃܭɾߏஙग़དྷΔݶΓ࠷৽൛Ͱ
લஔ͖͜͜·Ͱʂ
ຊ 31.ʹؔͳ͍ͷ Ͳ͏ͬͯTDBOͨ͠Β͍͍͔ɾɾɾ
WVMTDPOpHUPNM [servers.HOSTNAME] host = "HOSTNAME" cpeNames = [ "cpe:/a:djangoproject:django:1.6", ]
↑ ඥ͚ͳ͍ͱ͍͚ͳ͍ ͋͞Ͳ͏ͬͯ͜ͷใΛɾɾɾ cpeNamesͰ ֦ுͰ͖Δ͕ɾɾɾ ↓
DWFTRMJUFDQFTUBCMF CREATE TABLE "cpes" ( "id" integer primary key autoincrement,
"created_at" datetime, "updated_at" datetime, "deleted_at" datetime, "jvn_id" integer, "nvd_id" integer, "cpe_name" varchar(255), "part" varchar(255), "vendor" varchar(255), "product" varchar(255), "version" varchar(255), "update" varchar(255), "edition" varchar(255), "language" varchar(255) ); ←͜ΕͰselect͢Εʂ
31.Ҏ֎ͷऩू kv vuls/[hostname] /usr/local, /optԼͷঢ়ଶΛऩू cronͰconsulͷkey value storeʹJSONͷܗͰอଘ
KTPOGPSNBU { "middleware": [ { "name":"[middleware name]", "version":"[version]", "update":"[patch version]"
} ], "update_time": "YYYY-MM-DD HH:MM:MM", "host": { "Πϯελϯεใ͍Ζ͍Ζ", "node_name": "yusuke" } } ඞཁͳใΛϦετͰ
8FC"QQMJDBUJPO'SBNFXPSLͱ͔ʁ middleware: - name: [product name] version: [version num] update:
[patch version] ↑ औಘͰ͖ͳ͍ͷʹ͍ͭͯYAMLͰҙʹ֦ு ͱ͍ͬͯϑϨʔϜϫʔΫ͕ΆΜΆΜมΘΔ͜ͱͳ͍ͷͰɾɾɾ ͕͢͞ʹ͍Ζ͍Ζ͋ͬͯࣗಈऩूϜϦͩͬͨ͆
࣮ࡍͷσʔλ͜Μͳײ͡ /opt/envutils/utils.pl middleware
WVMTͷUPNMੜ 1. consul HTTP API /v1/catalog/nodes 2. consul KV vuls/[hostname]
JSONऔಘ 3. HostใͷTagΛར༻֦ͯ͠ுͷYAMLऔಘ 4. cve sqliteʹJSONͷproduct, version, updateͰselect 5. Template EngineͰvulsͷtomlΛग़ྗ consul kv vuls/[instance name] cve.sqlite3 script vuls config.toml extend YAML Instance Tagʹඥͮ͘:".- 100͘Β͍Ͱ 10ඵͰྃʂ
͋ͱTDBOΛճ͚ͩ͢ʂ ࣮ࡍcronͰճͯͨ͠Γ͢Δʂ
ΊͰͨ͠ΊͰͨ͠
QIQΒɺOHJOYΒɺSFEJTΒ ख์͠Ͱ͍Ζ͍Ζ੬ऑੑใΛݕ͠ ରࡦ͢Δ͜ͱ͕Մೳʹʂ ͋Δݹ͍γεςϜΛTDBOͨ͠Β ͻͱͭͷαʔόͰ݅Ҏ্ͰͯϏϏͬͨʂ
*OJU4DSJQUʹΑΔӡ༻ͷ؆қԽ /etc/init.d/vuls /etc/init.d/vuls: vuls init script help: example: /etc/init.d/vuls [sub
command] sub command: start: start server stop: stop server restart restart server status server status 1st_setup setup, update_week, reconfig, prepare, start full_setup setup, update_full, reconfig, prepare, start reconfig: make config setup: setup cve/nve database prepare: prepare instance scan: scan history: scan history report: for consul service report tui: Terminal User Interface update cve database update_entire: dictionary entire update update_month: dictionary month update update_week: dictionary week update update_full: dictionary full update go-cve-dictionaly/vulsͷ ىಈͱαϙʔτεΫϦϓτͱͯ͠ configੜͳͲͷϥούʔͱ͔ σΟϨΫτϦπϦʔͷੜͱ͔ ΖΖɾɾɾ ·ΔͬͱͬͯΔͷͰ ࣾͷΤϯδχΞʹઆ໌ཁΒͣ
ൃදҎ্ʂ
ΑΖ͓͘͠ئ͍͠·͢ʂ
͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ ࣭͋͝Γ·ͨ͠Β͓ؾܰʹʂ ୩ ༞հ facebook: yusuke.exzm