Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
vuls
Search
Yusuke Hasegawa
September 26, 2016
Technology
0
990
vuls
本番サーバの実運用 on GCP
RPM以外も取り込む実運用での工夫について
Yusuke Hasegawa
September 26, 2016
Tweet
Share
More Decks by Yusuke Hasegawa
See All by Yusuke Hasegawa
ゲームインフラとGoogle Cloud Platformと酒!
yusukeh
0
86
Other Decks in Technology
See All in Technology
面倒な作業はAIにおまかせ。Flutter開発をスマートに効率化
ruideengineer
0
410
「クラウドコスト絶対削減」を支える技術—FinOpsを超えた徹底的なクラウドコスト削減の実践論
delta_tech
4
180
マーケットプレイス版Oracle WebCenter Content For OCI
oracle4engineer
PRO
3
970
ポストコロナ時代の SaaS におけるコスト削減の意義
izzii
1
130
公開初日に Gemini CLI を試した話や FFmpeg と組み合わせてみた話など / Gemini CLI 初学者勉強会(#AI道場)
you
PRO
0
250
マネジメントって難しい、けどおもしろい / Management is tough, but fun! #em_findy
ar_tama
7
1.2k
SREのためのeBPF活用ステップアップガイド
egmc
1
370
american airlines®️ USA Contact Numbers: Complete 2025 Support Guide
supportflight
1
110
衛星運用をソフトウェアエンジニアに依頼したときにできあがるもの
sankichi92
1
170
AWS認定を取る中で感じたこと
siromi
1
220
AWS CDK 開発を成功に導くトラブルシューティングガイド
wandora58
3
130
【あのMCPって、どんな処理してるの?】 AWS CDKでの開発で便利なAWS MCP Servers特集
yoshimi0227
6
430
Featured
See All Featured
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
830
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
10
970
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
48
2.9k
4 Signs Your Business is Dying
shpigford
184
22k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.8k
YesSQL, Process and Tooling at Scale
rocio
173
14k
GitHub's CSS Performance
jonrohan
1031
460k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.9k
Into the Great Unknown - MozCon
thekraken
40
1.9k
The Art of Programming - Codeland 2020
erikaheidi
54
13k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
357
30k
Transcript
ຊ൪αʔόͷ࣮ӡ༻PO($1 RPMҎ֎औΓࠐΉ࣮ӡ༻Ͱͷʹ͍ͭͯ
ϚογϡΞοϓͰ͢ʂ ؾָʹฉ͍ͯԼ͍͞ʂ
ࣗݾհ facebook: yusuke.exzm ࢯ໊ ୩ ༞հ ܦྺ GMO, Yahoo Japan,
Squere Enix etc… 2010ʹgms(gloopsͷલ)ೖࣾ גࣜձࣾgrasysͷදΛΓͳ͕ΒΤϯδχΞͬͯ·͢ɻ ৬छ ΠϯϑϥΤϯδχΞ Google Developer Expert, GCPUG Admin publish Fusion-IOΛ2011ʹຊ൪ಋೖ͠Fusion-IOࣾʹऔΓ্͛ΒΕΔ SoftwareDesign2012.03هࣄ 2012DellͷCMग़ԋʢςϨϏ౦ژ ϫʔϧυϏδωεαςϥΠτʣ IcingaʢnagiosͷforkʣͷϢʔβʔίϛϡχςΟʹܝࡌ ຊॻ͖࢝Ί·ͨ͠
ձࣾհ ໊ࣾ גࣜձࣾgrasys ઃཱ 201411݄13 ද ୩༞հ ࣄۀ༰ Cloud Facilitator
ςΫχΧϧ/ϦηϦϯάύʔτφʔ ਓ 8໊
γεςϜߏʢͬ͘͟Γʣ ࠓͷओvulsͳͷͰ ΄Μͱʹͬ͘͟Γ
جຊతͳߏ ops product servers monitor Google Cloud Platform Compute Engine
Firewall QPSU ssh opsͱ͍͏Πϯελϯε͕த৺ SSH౿Έ ΦʔέετϨʔγϣϯ vulsͷ࣮ߦ͜͜Ͱ
ࢹ ΦʔέετϨʔγϣϯ ίʔσΟωʔλʔ ݴޠ XXenv ཁ݅ͰVersionࢦఆͳͲʹରԠ͢ΔͨΊ ϛυϧΣΞ ιʔε͔ΒίϯύΠϧٴͼBinary൛Λར༻ ཁ݅ͰVersionࢦఆͳͲʹରԠ͢ΔͨΊ ϥΠϒϥϦ
ඞཁ͋Ειʔε͔ΒίϯύΠϧ ཁ݅ͰVersionࢦఆͳͲʹରԠ͢ΔͨΊ Πϯελϯε෦ consulͬͯΔΑʂίϯύΠϧ͚ͬ͜͏ͯ͠ΔΑʂ
twemproxy supervisord vuls ͍Ζ͍Ζͳݴޠ ͍Ζ͍ΖͳϛυϧΣΞ ͍Ζ͍ΖͳతͷγεςϜ
γεςϜʹ͍Ζ͍Ζ͋Δɾɾɾ ɾzݹ͍ͷzΒɾɾɾ ɾzྺ࢙zΒɾɾɾ ɾzഎܠzΒɾɾɾ ɾzࣄzΒɾɾɾ 31.͚ͩͰߏ͢Δ͜ͱ΄΅ͳ͍ɾɾɾ ৽نͷઃܭɾߏஙग़དྷΔݶΓ࠷৽൛Ͱ
લஔ͖͜͜·Ͱʂ
ຊ 31.ʹؔͳ͍ͷ Ͳ͏ͬͯTDBOͨ͠Β͍͍͔ɾɾɾ
WVMTDPOpHUPNM [servers.HOSTNAME] host = "HOSTNAME" cpeNames = [ "cpe:/a:djangoproject:django:1.6", ]
↑ ඥ͚ͳ͍ͱ͍͚ͳ͍ ͋͞Ͳ͏ͬͯ͜ͷใΛɾɾɾ cpeNamesͰ ֦ுͰ͖Δ͕ɾɾɾ ↓
DWFTRMJUFDQFTUBCMF CREATE TABLE "cpes" ( "id" integer primary key autoincrement,
"created_at" datetime, "updated_at" datetime, "deleted_at" datetime, "jvn_id" integer, "nvd_id" integer, "cpe_name" varchar(255), "part" varchar(255), "vendor" varchar(255), "product" varchar(255), "version" varchar(255), "update" varchar(255), "edition" varchar(255), "language" varchar(255) ); ←͜ΕͰselect͢Εʂ
31.Ҏ֎ͷऩू kv vuls/[hostname] /usr/local, /optԼͷঢ়ଶΛऩू cronͰconsulͷkey value storeʹJSONͷܗͰอଘ
KTPOGPSNBU { "middleware": [ { "name":"[middleware name]", "version":"[version]", "update":"[patch version]"
} ], "update_time": "YYYY-MM-DD HH:MM:MM", "host": { "Πϯελϯεใ͍Ζ͍Ζ", "node_name": "yusuke" } } ඞཁͳใΛϦετͰ
8FC"QQMJDBUJPO'SBNFXPSLͱ͔ʁ middleware: - name: [product name] version: [version num] update:
[patch version] ↑ औಘͰ͖ͳ͍ͷʹ͍ͭͯYAMLͰҙʹ֦ு ͱ͍ͬͯϑϨʔϜϫʔΫ͕ΆΜΆΜมΘΔ͜ͱͳ͍ͷͰɾɾɾ ͕͢͞ʹ͍Ζ͍Ζ͋ͬͯࣗಈऩूϜϦͩͬͨ͆
࣮ࡍͷσʔλ͜Μͳײ͡ /opt/envutils/utils.pl middleware
WVMTͷUPNMੜ 1. consul HTTP API /v1/catalog/nodes 2. consul KV vuls/[hostname]
JSONऔಘ 3. HostใͷTagΛར༻֦ͯ͠ுͷYAMLऔಘ 4. cve sqliteʹJSONͷproduct, version, updateͰselect 5. Template EngineͰvulsͷtomlΛग़ྗ consul kv vuls/[instance name] cve.sqlite3 script vuls config.toml extend YAML Instance Tagʹඥͮ͘:".- 100͘Β͍Ͱ 10ඵͰྃʂ
͋ͱTDBOΛճ͚ͩ͢ʂ ࣮ࡍcronͰճͯͨ͠Γ͢Δʂ
ΊͰͨ͠ΊͰͨ͠
QIQΒɺOHJOYΒɺSFEJTΒ ख์͠Ͱ͍Ζ͍Ζ੬ऑੑใΛݕ͠ ରࡦ͢Δ͜ͱ͕Մೳʹʂ ͋Δݹ͍γεςϜΛTDBOͨ͠Β ͻͱͭͷαʔόͰ݅Ҏ্ͰͯϏϏͬͨʂ
*OJU4DSJQUʹΑΔӡ༻ͷ؆қԽ /etc/init.d/vuls /etc/init.d/vuls: vuls init script help: example: /etc/init.d/vuls [sub
command] sub command: start: start server stop: stop server restart restart server status server status 1st_setup setup, update_week, reconfig, prepare, start full_setup setup, update_full, reconfig, prepare, start reconfig: make config setup: setup cve/nve database prepare: prepare instance scan: scan history: scan history report: for consul service report tui: Terminal User Interface update cve database update_entire: dictionary entire update update_month: dictionary month update update_week: dictionary week update update_full: dictionary full update go-cve-dictionaly/vulsͷ ىಈͱαϙʔτεΫϦϓτͱͯ͠ configੜͳͲͷϥούʔͱ͔ σΟϨΫτϦπϦʔͷੜͱ͔ ΖΖɾɾɾ ·ΔͬͱͬͯΔͷͰ ࣾͷΤϯδχΞʹઆ໌ཁΒͣ
ൃදҎ্ʂ
ΑΖ͓͘͠ئ͍͠·͢ʂ
͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ ࣭͋͝Γ·ͨ͠Β͓ؾܰʹʂ ୩ ༞հ facebook: yusuke.exzm