Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
vuls
Search
Yusuke Hasegawa
September 26, 2016
Technology
0
990
vuls
本番サーバの実運用 on GCP
RPM以外も取り込む実運用での工夫について
Yusuke Hasegawa
September 26, 2016
Tweet
Share
More Decks by Yusuke Hasegawa
See All by Yusuke Hasegawa
ゲームインフラとGoogle Cloud Platformと酒!
yusukeh
0
86
Other Decks in Technology
See All in Technology
Deep Security Conference 2025:生成AI時代のセキュリティ監視 /dsc2025-genai-secmon
mizutani
4
3k
(HackFes)米国国防総省のDevSecOpsライフサイクルをAWSのセキュリティサービスとOSSで実現
syoshie
5
360
Data Engineering Study#30 LT資料
tetsuroito
1
270
「Chatwork」のEKS環境を支えるhelmfileを使用したマニフェスト管理術
hanayo04
1
410
american aa airlines®️ USA Contact Numbers: Complete 2025 Support Guide
aaguide
0
500
P2P通信の標準化 WebRTCを知ろう
faithandbrave
1
480
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
2.7k
〜『世界中の家族のこころのインフラ』を目指して”次の10年”へ〜 SREが導いたグローバルサービスの信頼性向上戦略とその舞台裏 / Towards the Next Decade: Enhancing Global Service Reliability
kohbis
3
1.5k
QuickSight SPICE の効果的な運用戦略~S3 + Athena 構成での実践ノウハウ~/quicksight-spice-s3-athena-best-practices
emiki
0
290
安定した基盤システムのためのライブラリ選定
kakehashi
PRO
3
140
対話型音声AIアプリケーションの信頼性向上の取り組み
ivry_presentationmaterials
3
1.1k
ソフトウェアQAがハードウェアの人になったの
mineo_matsuya
3
220
Featured
See All Featured
RailsConf 2023
tenderlove
30
1.1k
Git: the NoSQL Database
bkeepers
PRO
430
65k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
15
1.6k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
8
340
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.8k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3.1k
Practical Orchestrator
shlominoach
189
11k
Optimizing for Happiness
mojombo
379
70k
The Invisible Side of Design
smashingmag
301
51k
It's Worth the Effort
3n
185
28k
How GitHub (no longer) Works
holman
314
140k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
Transcript
ຊ൪αʔόͷ࣮ӡ༻PO($1 RPMҎ֎औΓࠐΉ࣮ӡ༻Ͱͷʹ͍ͭͯ
ϚογϡΞοϓͰ͢ʂ ؾָʹฉ͍ͯԼ͍͞ʂ
ࣗݾհ facebook: yusuke.exzm ࢯ໊ ୩ ༞հ ܦྺ GMO, Yahoo Japan,
Squere Enix etc… 2010ʹgms(gloopsͷલ)ೖࣾ גࣜձࣾgrasysͷදΛΓͳ͕ΒΤϯδχΞͬͯ·͢ɻ ৬छ ΠϯϑϥΤϯδχΞ Google Developer Expert, GCPUG Admin publish Fusion-IOΛ2011ʹຊ൪ಋೖ͠Fusion-IOࣾʹऔΓ্͛ΒΕΔ SoftwareDesign2012.03هࣄ 2012DellͷCMग़ԋʢςϨϏ౦ژ ϫʔϧυϏδωεαςϥΠτʣ IcingaʢnagiosͷforkʣͷϢʔβʔίϛϡχςΟʹܝࡌ ຊॻ͖࢝Ί·ͨ͠
ձࣾհ ໊ࣾ גࣜձࣾgrasys ઃཱ 201411݄13 ද ୩༞հ ࣄۀ༰ Cloud Facilitator
ςΫχΧϧ/ϦηϦϯάύʔτφʔ ਓ 8໊
γεςϜߏʢͬ͘͟Γʣ ࠓͷओvulsͳͷͰ ΄Μͱʹͬ͘͟Γ
جຊతͳߏ ops product servers monitor Google Cloud Platform Compute Engine
Firewall QPSU ssh opsͱ͍͏Πϯελϯε͕த৺ SSH౿Έ ΦʔέετϨʔγϣϯ vulsͷ࣮ߦ͜͜Ͱ
ࢹ ΦʔέετϨʔγϣϯ ίʔσΟωʔλʔ ݴޠ XXenv ཁ݅ͰVersionࢦఆͳͲʹରԠ͢ΔͨΊ ϛυϧΣΞ ιʔε͔ΒίϯύΠϧٴͼBinary൛Λར༻ ཁ݅ͰVersionࢦఆͳͲʹରԠ͢ΔͨΊ ϥΠϒϥϦ
ඞཁ͋Ειʔε͔ΒίϯύΠϧ ཁ݅ͰVersionࢦఆͳͲʹରԠ͢ΔͨΊ Πϯελϯε෦ consulͬͯΔΑʂίϯύΠϧ͚ͬ͜͏ͯ͠ΔΑʂ
twemproxy supervisord vuls ͍Ζ͍Ζͳݴޠ ͍Ζ͍ΖͳϛυϧΣΞ ͍Ζ͍ΖͳతͷγεςϜ
γεςϜʹ͍Ζ͍Ζ͋Δɾɾɾ ɾzݹ͍ͷzΒɾɾɾ ɾzྺ࢙zΒɾɾɾ ɾzഎܠzΒɾɾɾ ɾzࣄzΒɾɾɾ 31.͚ͩͰߏ͢Δ͜ͱ΄΅ͳ͍ɾɾɾ ৽نͷઃܭɾߏஙग़དྷΔݶΓ࠷৽൛Ͱ
લஔ͖͜͜·Ͱʂ
ຊ 31.ʹؔͳ͍ͷ Ͳ͏ͬͯTDBOͨ͠Β͍͍͔ɾɾɾ
WVMTDPOpHUPNM [servers.HOSTNAME] host = "HOSTNAME" cpeNames = [ "cpe:/a:djangoproject:django:1.6", ]
↑ ඥ͚ͳ͍ͱ͍͚ͳ͍ ͋͞Ͳ͏ͬͯ͜ͷใΛɾɾɾ cpeNamesͰ ֦ுͰ͖Δ͕ɾɾɾ ↓
DWFTRMJUFDQFTUBCMF CREATE TABLE "cpes" ( "id" integer primary key autoincrement,
"created_at" datetime, "updated_at" datetime, "deleted_at" datetime, "jvn_id" integer, "nvd_id" integer, "cpe_name" varchar(255), "part" varchar(255), "vendor" varchar(255), "product" varchar(255), "version" varchar(255), "update" varchar(255), "edition" varchar(255), "language" varchar(255) ); ←͜ΕͰselect͢Εʂ
31.Ҏ֎ͷऩू kv vuls/[hostname] /usr/local, /optԼͷঢ়ଶΛऩू cronͰconsulͷkey value storeʹJSONͷܗͰอଘ
KTPOGPSNBU { "middleware": [ { "name":"[middleware name]", "version":"[version]", "update":"[patch version]"
} ], "update_time": "YYYY-MM-DD HH:MM:MM", "host": { "Πϯελϯεใ͍Ζ͍Ζ", "node_name": "yusuke" } } ඞཁͳใΛϦετͰ
8FC"QQMJDBUJPO'SBNFXPSLͱ͔ʁ middleware: - name: [product name] version: [version num] update:
[patch version] ↑ औಘͰ͖ͳ͍ͷʹ͍ͭͯYAMLͰҙʹ֦ு ͱ͍ͬͯϑϨʔϜϫʔΫ͕ΆΜΆΜมΘΔ͜ͱͳ͍ͷͰɾɾɾ ͕͢͞ʹ͍Ζ͍Ζ͋ͬͯࣗಈऩूϜϦͩͬͨ͆
࣮ࡍͷσʔλ͜Μͳײ͡ /opt/envutils/utils.pl middleware
WVMTͷUPNMੜ 1. consul HTTP API /v1/catalog/nodes 2. consul KV vuls/[hostname]
JSONऔಘ 3. HostใͷTagΛར༻֦ͯ͠ுͷYAMLऔಘ 4. cve sqliteʹJSONͷproduct, version, updateͰselect 5. Template EngineͰvulsͷtomlΛग़ྗ consul kv vuls/[instance name] cve.sqlite3 script vuls config.toml extend YAML Instance Tagʹඥͮ͘:".- 100͘Β͍Ͱ 10ඵͰྃʂ
͋ͱTDBOΛճ͚ͩ͢ʂ ࣮ࡍcronͰճͯͨ͠Γ͢Δʂ
ΊͰͨ͠ΊͰͨ͠
QIQΒɺOHJOYΒɺSFEJTΒ ख์͠Ͱ͍Ζ͍Ζ੬ऑੑใΛݕ͠ ରࡦ͢Δ͜ͱ͕Մೳʹʂ ͋Δݹ͍γεςϜΛTDBOͨ͠Β ͻͱͭͷαʔόͰ݅Ҏ্ͰͯϏϏͬͨʂ
*OJU4DSJQUʹΑΔӡ༻ͷ؆қԽ /etc/init.d/vuls /etc/init.d/vuls: vuls init script help: example: /etc/init.d/vuls [sub
command] sub command: start: start server stop: stop server restart restart server status server status 1st_setup setup, update_week, reconfig, prepare, start full_setup setup, update_full, reconfig, prepare, start reconfig: make config setup: setup cve/nve database prepare: prepare instance scan: scan history: scan history report: for consul service report tui: Terminal User Interface update cve database update_entire: dictionary entire update update_month: dictionary month update update_week: dictionary week update update_full: dictionary full update go-cve-dictionaly/vulsͷ ىಈͱαϙʔτεΫϦϓτͱͯ͠ configੜͳͲͷϥούʔͱ͔ σΟϨΫτϦπϦʔͷੜͱ͔ ΖΖɾɾɾ ·ΔͬͱͬͯΔͷͰ ࣾͷΤϯδχΞʹઆ໌ཁΒͣ
ൃදҎ্ʂ
ΑΖ͓͘͠ئ͍͠·͢ʂ
͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ ࣭͋͝Γ·ͨ͠Β͓ؾܰʹʂ ୩ ༞հ facebook: yusuke.exzm