2010幎ã«å瀟ã¯
ãµãŒããŒã 16 å°ãã£ããšããéåžžã«å€ãã®ç°çš®ã»ã°ã¡ã³ãããããããæ¶ãæµããã«äœæ¥ããããšã¯äžå¯èœã«ãªããŸããã ããã§ç§ãã¡ã¯å¥ã®è§£æ±ºçãèãåºããŸããã Netfilter ã¹ã¿ãã¯ãååŸããããã« Consul ãããŒã¿ ãœãŒã¹ãšããŠè¿œå ããé«éåæ£ãã¡ã€ã¢ãŠã©ãŒã«ãå®çŸããŸããã 圌ãã¯ã«ãŒã¿ãŒã® ACL ã眮ãæããå€éšããã³å éšã®ãã¡ã€ã¢ãŠã©ãŒã«ãšããŠäœ¿çšããŸããã ããŒã«ãåçã«ç®¡çããããã«ã補åãããã¯ãŒã¯ãžã®ãŠãŒã¶ãŒ ã¢ã¯ã»ã¹ã®ç®¡çãããããã¯ãŒã¯ ã»ã°ã¡ã³ãéã®åé¢ã«è³ããŸã§ãããããå Žæã§äœ¿çšããã BEFW ã·ã¹ãã ãéçºããŸããã
圌ã¯ããããã©ã®ããã«æ©èœããã®ãããããŠãªããã®ã·ã¹ãã ã詳ããèŠãå¿
èŠãããã®ãââã説æããŸãã ã€ã¯ã³ã»ã¢ã¬ã«ã³ã (
æŽå²çæ å ±
ç§ãã¡ãã©ã®ããã«ãããè¡ã£ããã説æããåã«ãããããã©ã®ããã«ããŠããã«è³ã£ãã®ãããããŠãªããããå¿ èŠã ã£ãã®ãã説æããŸãã ãããè¡ãã«ã¯ã9 幎åã«æ»ã£ãŠã¿ãŸãããã2010 幎ãWorld of Tanks ãç»å Žããã°ããã§ãã Wargaming ã«ã¯çŽ 50 å°ã®ãµãŒããŒããããŸããã
äŒæ¥ãµãŒããŒã®æé·ã°ã©ãã
ãããã¯ãŒã¯ã¢ãã«ããããŸããã åœæãšããŠã¯æé©ã§ããã
2010幎ãããã¯ãŒã¯ã¢ãã«ã
ããã³ããšã³ãã«ã¯ç§ãã¡ãå£ãããšããæªè ãããŸããããã¡ã€ã¢ãŠã©ãŒã«ããããŸãã ããã¯ãšã³ãã«ã¯ãã¡ã€ã¢ãŠã©ãŒã«ã¯ãããŸããããããã«ã¯ 50 å°ã®ãµãŒããŒãããããããã¯ãã¹ãŠææ¡ãããŠããŸãã ãã¹ãŠãããŸããããŸãã
4 幎éã§ããµãŒã㌠ããªãŒã㯠100 åã® 5000 ã«å¢å ããŸãããæåã®åé¢ããããããã¯ãŒã¯ãåºçŸããŸãã - ã¹ããŒãžã³ã°: æ¬çªç°å¢ã«ç§»è¡ã§ãããå±éºãªå¯èœæ§ã®ãããã®ãããã§å®è¡ãããŠããããšããããããŸããã
2014幎ãããã¯ãŒã¯ã¢ãã«ã
æ £æ§ã«ãããç§ãã¡ã¯åãããŒããŠã§ã¢ã䜿çšãããã¹ãŠã®äœæ¥ã¯åé¢ããã VLAN äžã§å®è¡ãããŸãããACL 㯠VLAN ã«æžã蟌ãŸããããçš®ã®æ¥ç¶ãèš±å¯ãŸãã¯æåŠããŸãã
2016 幎ã«ã¯ãµãŒããŒã®æ°ã 8000 ã«éããWargaming ãä»ã®ã¹ã¿ãžãªãåžåããè¿œå ã®ã¢ãã£ãªãšã€ã ãããã¯ãŒã¯ãç»å ŽããŸããã ãããã¯ç§ãã¡ã®ãã®ã§ããããã«èŠããŸãããå®å šã§ã¯ãããŸãããVLAN ã¯ããŒãããŒã«å¯ŸããŠæ©èœããªãããšãå€ããVRF ãåãã VPN ã䜿çšããå¿ èŠããããåé¢ã¯ããè€éã«ãªããŸãã ACL 絶çžæ··åç©ãæé·ããŸããã
2016幎ãããã¯ãŒã¯ã¢ãã«ã
2018 幎ã®åããŸã§ã«ããã·ã³ã®ããªãŒã㯠16 å°ã«å¢å ããŸãããã»ã°ã¡ã³ã㯠000 ã€ãããŸãããã財åããŒã¿ãä¿åãããŠããééãããã»ã°ã¡ã³ããå«ãæ®ãã®ã»ã°ã¡ã³ãã¯ã«ãŠã³ããããŠããŸããã§ããã IVS ãªã©ãã VPN çµç±ã§æ¥ç¶ãããã³ã³ãã ãããã¯ãŒã¯ (Kubernetes)ãDevOpsãã¯ã©ãŠã ãããã¯ãŒã¯ãç»å ŽããŠããŸãã ã«ãŒã«ãå€ããŠå€§å€ã§ããã
2018 幎ã®ãããã¯ãŒã¯ ã¢ãã«ãšåé¢æ¹æ³ã
åé¢ã«ã¯ãL2 㧠ACL ãåãã VLANãL3 㧠ACL ãåãã VRFãVPN ãªã©ã䜿çšããŸããã é床ã«ã
åé¡
誰ãã ACL ãš VLAN ã䜿çšããŠç掻ããŠããŸãã ã©ãããã®ïŒ ãã®è³ªåã«ã¯ãããã«ããçã¿ãé ããªããçããŸãã
åé¡ã¯ãããããããŸãããã倧ããªåé¡ã¯ XNUMX ã€ãããŸããã
- æ°ããã«ãŒã«ã«ãã幟äœåŠçãªäŸ¡æ Œäžæã æ°ããã«ãŒã«ãè¿œå ãããã³ã«ããã®ãããªã«ãŒã«ããã§ã«ååšãããã©ãããæåã«ç¢ºèªããå¿ èŠããã£ããããåã®ã«ãŒã«ãããæéãããããŸããã
- ã»ã°ã¡ã³ãå ã«ãã¡ã€ã¢ãŠã©ãŒã«ã¯ãããŸããã ã»ã°ã¡ã³ãã¯ã©ããããããäºãã«åé¢ãããŠãããå éšã«ã¯ãã§ã«ååãªãªãœãŒã¹ããããŸããã§ããã
- ã«ãŒã«ã¯é·æéã«ããã£ãŠé©çšãããŸããã ãªãã¬ãŒã¿ãŒã¯ XNUMX æé㧠XNUMX ã€ã®ããŒã«ã« ã«ãŒã«ãææžãã§ããŸãã ã°ããŒãã«ãªãã®ã¯æ°æ¥ããããŸããã
- ç£æ»ã«ãŒã«ã®é£ããã ããæ£ç¢ºã«èšãã°ãããã¯äžå¯èœã§ããã æåã®ã«ãŒã«ãæžãããã®ã¯ 2010 幎ã§ããã®äœæè ã®ã»ãšãã©ã¯ããå瀟ã§åããŠããŸããã§ããã
- äœã¬ãã«ã®ã€ã³ãã©ã¹ãã©ã¯ãã£å¶åŸ¡ã ãããæ倧ã®åé¡ã§ããç§ãã¡ã¯èªåã®åœã§äœãèµ·ãã£ãŠããã®ãããç¥ããŸããã§ããã
ããã¯ã2018 幎ã«ãACL ãããå°ãå¿ èŠã ããšèãããããã¯ãŒã¯ ãšã³ãžãã¢ã®æ§åã§ãã
РеÑеМОÑ
2018幎ã®åãã«ãããã«ã€ããŠäœããããããšã決å®ãããŸããã
çµ±åã®äŸ¡æ Œã¯åžžã«äžæããŠããŸãã åºçºç¹ã¯ãããã€ã¹ã®ã¡ã¢ãªãäžè¶³ããããã倧èŠæš¡ãªããŒã¿ã»ã³ã¿ãŒãåé¢ VLAN ãš ACL ã®ãµããŒããåæ¢ããããšã§ããã
解決ç: 人çèŠå ãæé€ããã¢ã¯ã»ã¹ã®æäŸãæ倧éã«èªååããŸããã
æ°ããã«ãŒã«ãé©çšããããŸã§ã«ã¯é·ãæéãããããŸãã 解決ç: ã«ãŒã«ã®é©çšãé«éåããåæ£åããŠäžŠååããŸãã ããã«ã¯ãrsync ã SFTP ã䜿çšããã«ã«ãŒã«èªäœãåã®ã·ã¹ãã ã«é ä¿¡ãããåæ£ã·ã¹ãã ãå¿ èŠã§ãã
ã»ã°ã¡ã³ãå ã«ãã¡ã€ã¢ãŠã©ãŒã«ã¯ãããŸããã ã»ã°ã¡ã³ãå ã®ãã¡ã€ã¢ãŠã©ãŒã«ã¯ãåããããã¯ãŒã¯å ã«ç°ãªããµãŒãã¹ãç»å Žãããšãã«ç»å Žãå§ããŸããã 解決ç: ãã¹ã ã¬ãã«ã§ãã¡ã€ã¢ãŠã©ãŒã«ãã€ãŸããã¹ãããŒã¹ã®ãã¡ã€ã¢ãŠã©ãŒã«ã䜿çšããŸãã Linux ãååšããã»ãšãã©ãã¹ãŠã®å Žæãããã³ iptables ãååšããå Žæã§ã¯ãããã¯åé¡ã«ãªããŸããã
ç£æ»ã«ãŒã«ã®åé¡ã 解決ç: ã¬ãã¥ãŒãšç®¡çã®ããã«ãã¹ãŠã®ã«ãŒã«ã XNUMX ãæã«ä¿ç®¡ãããã¹ãŠãç£æ»ã§ããããã«ããŸãã
ã€ã³ãã©ã¹ãã©ã¯ãã£ã«å¯Ÿããå¶åŸ¡ã¬ãã«ãäœãã 解決ç: ãã¹ãŠã®ãµãŒãã¹ãšãµãŒãã¹éã®ã¢ã¯ã»ã¹ã®ã€ã³ãã³ããªãäœæããŸãã
ããã¯æè¡çãªããã»ã¹ãšããããã管çããã»ã¹ã«è¿ããã®ã§ãã ç¹ã«ããã¢ãŒã·ã§ã³ãããªããŒã·ãŒãºã³ã«ã¯ãé±ã« 200 ïœ 300 ã®æ°ãããªãªãŒã¹ããªãªãŒã¹ãããããšããããŸãã ããã«ããã㯠DevOps ã® XNUMX ã€ã®ããŒã ã«ã®ã¿é©çšãããŸãã ãªãªãŒã¹ãéåžžã«å€ããããã©ã®ããŒããIPãçµ±åãå¿ èŠãªã®ãã確èªããããšã¯äžå¯èœã§ãã ãã®ãããç¹å¥ãªèšç·ŽãåãããµãŒãã¹ ãããŒãžã£ãŒãå¿ èŠã§ãããŒã ã«ãäžäœäœãããã®ã§ãã? ãªããããæã¡åºããã®ã§ãã?ããšå°ããŸããã
ç§ãã¡ãç«ã¡äžãããã¹ãŠãçµãŠã2019 幎ã®ãããã¯ãŒã¯ ãšã³ãžãã¢ã¯æ¬¡ã®ããã«ãªããŸããã
é äº
ç§ãã¡ã¯ããµãŒãã¹ ãããŒãžã£ãŒã®å©ããåããŠèŠã€ãããã®ããã¹ãŠ Consul ã«å ¥ãããããã iptables ã«ãŒã«ãäœæããããšã«ããŸããã
ã©ã®ããã«ããŠãããè¡ãããšã«ããã®ã§ãããã?
- ãã¹ãŠã®ãµãŒãã¹ããããã¯ãŒã¯ããŠãŒã¶ãŒãåéããŸãã
- ãããã«åºã¥ã㊠iptables ã«ãŒã«ãäœæããŸãããã
- å¶åŸ¡ãèªååããŸãã
- ....
- å©çã
Consul ã¯ãªã¢ãŒã API ã§ã¯ãªãããã¹ãŠã®ããŒãã§å®è¡ã§ããiptables ã«æžã蟌ãããšãã§ããŸãã ããšã¯äžèŠãªãã®ãæé€ããèªåå¶åŸ¡ãèãåºãã ãã§ãã»ãšãã©ã®åé¡ã¯è§£æ±ºããŸãã æ®ãã¯ãããªãã解決ããŠãããŸãã
ãªãé äºãªã®ãïŒ
ããèªäœã¯ååã«èšŒæãããŠããŸãã 2014 幎ãã 15 幎ã«ãããŠããã¹ã¯ãŒããä¿åãã Vault ã®ããã¯ãšã³ããšããŠããã䜿çšããŸããã
ããŒã¿ã倱ããªãã Consul ã®äœ¿çšäžãäžåºŠã®äºæ ã§ããŒã¿ã倱ãããããšã¯ãããŸããã§ããã ããã¯ãã¡ã€ã¢ãŠã©ãŒã«ç®¡çã·ã¹ãã ã«ãšã£ãŠå€§ããªå©ç¹ã§ãã
P2P æ¥ç¶ã¯å€åã®æ¡æ£ãå éããŸãã P2P ã䜿çšãããšããã¹ãŠã®å€æŽãããã«åæ ããããããäœæéãåŸ ã€å¿ èŠã¯ãããŸããã
䟿å©ãªREST APIã Apache ZooKeeper ãæ€èšããŸããããããã«ã¯ REST API ããªããããæŸèæãã€ã³ã¹ããŒã«ããå¿ èŠããããŸãã
Key Vault (KV) ãšãã£ã¬ã¯ã㪠(ãµãŒãã¹æ€åº) ã®äž¡æ¹ãšããŠæ©èœããŸããã ãµãŒãã¹ãã«ã¿ãã°ãããŒã¿ã»ã³ã¿ãŒãäžåºŠã«ä¿åã§ããŸãã ããã¯ãç§ãã¡ã ãã§ãªããè¿é£ã®ããŒã ã«ãšã£ãŠã䟿å©ã§ãããªããªããç§ãã¡ã¯ã°ããŒãã« ãµãŒãã¹ãæ§ç¯ãããšãã«å€§ããªããšãèããããã§ãã
Wargaming ã¹ã¿ãã¯ã®äžéšã§ãã Go ã§æžãããŠããŸãã ç§ãã¡ã¯ãã®èšèªã倧奜ãã§ãå€ãã® Go éçºè ãããŸãã
匷åãªACLã·ã¹ãã ã Consul ã§ã¯ãACL ã䜿çšããŠã誰ãäœãæžãããå¶åŸ¡ã§ããŸãã ãã¡ã€ã¢ãŠã©ãŒã« ã«ãŒã«ãä»ã®ãã®ãšéè€ãããããã«é¢ããŠåé¡ãçºçããªãããšãä¿èšŒããŸãã
ããããConsul ã«ã¯æ¬ ç¹ããããŸãã
- ããžãã¹ ããŒãžã§ã³ã䜿çšããªãéããããŒã¿ ã»ã³ã¿ãŒå ã§æ¡åŒµã§ããŸããã ãã§ãã¬ãŒã·ã§ã³ã«ãã£ãŠã®ã¿æ¡åŒµå¯èœã§ãã
- ãããã¯ãŒã¯ã®å質ãšãµãŒããŒã®è² è·ã«å€§ããäŸåããŸãã Consul ã¯ãé床ãåäžã§ãªããªã©ããããã¯ãŒã¯ã«é 延ãããå ŽåãããžãŒç¶æ ã®ãµãŒããŒäžã®ãµãŒããŒãšããŠé©åã«åäœããŸããã ããã¯ãP2P æ¥ç¶ãšæŽæ°é åžã¢ãã«ã«ãããã®ã§ãã
- å¯çšæ§ã®ç£èŠãé£ããã é äºã®å°äœã«ãã圌ã¯ãã¹ãŠãé 調ã§ãããšèšããŸããã圌ã¯ãã£ãšåã«äº¡ããªã£ãŠããŸãã
ãããã®åé¡ã®ã»ãšãã©ã¯ Consul ã䜿çšããããšã§è§£æ±ºã§ããã®ã§ãConsul ãéžæããŸããã äŒç€Ÿã¯ä»£æ¿ããã¯ãšã³ãã®èšç»ãç«ãŠãŠããŸãããç§ãã¡ã¯åé¡ãžã®å¯ŸåŠæ¹æ³ãåŠã³ãçŸåšã¯ Consul ãšäœµçšããŠããŸãã
é äºã®ä»çµã¿
æ¡ä»¶ä»ãããŒã¿ã»ã³ã¿ãŒã«XNUMXå°ããXNUMXå°ã®ãµãŒããŒãèšçœ®ããŸãã XNUMX å°ã XNUMX å°ã®ãµãŒããŒã§ã¯æ©èœããŸãããããŒã¿ãäžèŽããªãå Žåãã¯ã©ãŒã©ã ãæ§æããŠã誰ãæ£ããã誰ãééã£ãŠããã®ããå€æããããšãã§ããŸããã XNUMX ã€ãè¶ ãããšæå³ããªããçç£æ§ãäœäžããŸãã
ã¯ã©ã€ã¢ã³ãã¯ä»»æã®é åºã§ãµãŒããŒã«æ¥ç¶ããŸããåããšãŒãžã§ã³ãããã©ã°ã䜿çšããŠã®ã¿æ¥ç¶ããŸãã server = false
.
ãã®åŸãã¯ã©ã€ã¢ã³ã㯠P2P æ¥ç¶ã®ãªã¹ããåãåããã¯ã©ã€ã¢ã³ãéã§æ¥ç¶ãæ§ç¯ããŸãã
ã°ããŒãã«ã¬ãã«ã§ã¯ãè€æ°ã®ããŒã¿ã»ã³ã¿ãŒãæ¥ç¶ããŠããŸãã ãŸããP2P ã«æ¥ç¶ããŠéä¿¡ããŸãã
å¥ã®ããŒã¿ã»ã³ã¿ãŒããããŒã¿ãååŸãããå Žåããªã¯ãšã¹ãã¯ãµãŒããŒãããµãŒããŒãžãšéãããŸãã ãã®ã¹ããŒã ã¯ãšåŒã°ããŸã ãµãŒããããã³ã«ã Serf ãããã³ã«ã¯ãConsul ãšåæ§ã« HashiCorp ã«ãã£ãŠéçºãããŠããŸãã
Consul ã«é¢ããéèŠãªäºå®
Consul ã«ã¯ããã®ä»çµã¿ã説æããããã¥ã¡ã³ãããããŸãã ç¥ã£ãŠãã䟡å€ã®ããäºå®ã ããå³éžããŠçŽ¹ä»ããŸãã
é äºãµãŒããŒã¯æ祚è ã®äžãããã¹ã¿ãŒãéžæããŸãã Consul ã¯åããŒã¿ã»ã³ã¿ãŒã®ãµãŒããŒã®ãªã¹ããããã¹ã¿ãŒãéžæãããµãŒããŒã®æ°ã«é¢ä¿ãªãããã¹ãŠã®ãªã¯ãšã¹ãã¯ãã®ãã¹ã¿ãŒã«ã®ã¿éä¿¡ãããŸãã ãã¹ã¿ãŒåçµã¯åéžã«ã¯ç¹ãããªãã ãã¹ã¿ãŒãéžæãããŠããªãå Žåããªã¯ãšã¹ãã¯èª°ã«ãã£ãŠãåŠçãããŸããã
æ°Žå¹³æ¹åã®ã¹ã±ãŒãªã³ã°ãå¿ èŠã§ããã? ç³ãèš³ãããŸãããããããã
å¥ã®ããŒã¿ã»ã³ã¿ãŒãžã®ãªã¯ãšã¹ãã¯ãã©ã®ãµãŒããŒã«éä¿¡ããããã«é¢ä¿ãªãããã¹ã¿ãŒãããã¹ã¿ãŒãžãšéä¿¡ãããŸãã éžæããããã¹ã¿ãŒã¯ã転éãªã¯ãšã¹ãã®è² è·ãé€ããè² è·ã® 100% ãåãåããŸãã ããŒã¿ ã»ã³ã¿ãŒå ã®ãã¹ãŠã®ãµãŒããŒã«ã¯ããŒã¿ã®ææ°ã®ã³ããŒããããŸãããå¿çããã®ã¯ XNUMX å°ã ãã§ãã
ã¹ã±ãŒãªã³ã°ããå¯äžã®æ¹æ³ã¯ãã¯ã©ã€ã¢ã³ãã§å€ãã¢ãŒããæå¹ã«ããããšã§ãã
stale ã¢ãŒãã§ã¯ãã¯ã©ãŒã©ã ãªãã§å¿çã§ããŸãã ããã¯ãããŒã¿ã®äžè²«æ§ãæŸæ£ããŸãããéåžžãããå°ãéãèªã¿åããã©ã®ãµãŒããŒãå¿çããã¢ãŒãã§ãã åœç¶ãªãããã¹ã¿ãŒçµç±ã®ã¿ã§ã®é²é³ãšãªããŸãã
Consul ã¯ããŒã¿ã»ã³ã¿ãŒéã§ããŒã¿ãã³ããŒããŸããã ãã§ãã¬ãŒã·ã§ã³ãæ§ç¯ããããšãåãµãŒããŒã«ã¯ç¬èªã®ããŒã¿ã®ã¿ãå«ãŸããŸãã ä»ã®äººã®ããã«ã圌ã¯ãã€ãä»ã®äººã«é ŒããŸãã
æäœã®ã¢ãããã¯æ§ã¯ãã©ã³ã¶ã¯ã·ã§ã³å€ã§ã¯ä¿èšŒãããŸããã ç©äºãå€ããããšãã§ããã®ã¯ããªãã ãã§ã¯ãªãããšãå¿ããªãã§ãã ããã å¥ã®æ¹æ³ãå¿ èŠãªå Žåã¯ãããã¯ã䜿çšããŠãã©ã³ã¶ã¯ã·ã§ã³ãå®è¡ããŸãã
ãããã¯æäœã¯ããã¯ãä¿èšŒããŸããã ãªã¯ãšã¹ãã¯çŽæ¥ã§ã¯ãªããã¹ã¿ãŒãããã¹ã¿ãŒã«éä¿¡ããããããããšãã°å¥ã®ããŒã¿ã»ã³ã¿ãŒã§ãããã¯ãããšãã«ãããã¯ãæ©èœãããšããä¿èšŒã¯ãããŸããã
ACL ãã¢ã¯ã»ã¹ãä¿èšŒããŸãã (å€ãã®å Žå)ã ACL 㯠XNUMX ã€ã®ãã§ãã¬ãŒã·ã§ã³ ããŒã¿ ã»ã³ã¿ãŒ (ACL ããŒã¿ ã»ã³ã¿ãŒ (ãã©ã€ã㪠DC)) ã«ä¿åãããŠãããããæ©èœããªãå¯èœæ§ããããŸãã DC ãå¿çããªãå ŽåãACL ã¯æ©èœããŸããã
XNUMX ã€ã®ãã¹ã¿ãŒãããªãŒãºãããšããã§ãã¬ãŒã·ã§ã³å šäœãããªãŒãºããŸãã ããšãã°ããã§ãã¬ãŒã·ã§ã³å ã« 10 ã®ããŒã¿ ã»ã³ã¿ãŒãããããã®ãã¡ã® XNUMX ã€ã®ãããã¯ãŒã¯ã«äžè¯ããããXNUMX ã€ã®ãã¹ã¿ãŒã«é害ãçºçãããšããŸãã 圌ãšéä¿¡ãã人ã¯çãèŠæ±ããããããã«å¯Ÿããçãããªããã¹ã¬ãããããªãŒãºãããšãã埪ç°ã«é¥ãããšã«ãªããŸãã ããããã€èµ·ããããç¥ãæ¹æ³ã¯ãªããã»ãã®XNUMXãXNUMXæé以å ã«é£éŠå šäœã厩å£ããã§ãããã ããã«ã€ããŠã¯äœãã§ããŸããã
ã¹ããŒã¿ã¹ãå®è¶³æ°ãéžåºã¯å¥ã®ã¹ã¬ããã§åŠçãããŸãã åéžã¯è¡ããããã¹ããŒã¿ã¹ã«ã¯äœã衚瀺ãããŸããã ããªãã¯çããŠããå·æ¿å®ããããšæã£ãŠå°ããŸãããäœãèµ·ãããŸãã - çãã¯ãããŸããã åæã«ãã¹ããŒã¿ã¹ã¯ãã¹ãŠãæ£åžžã§ããããšã瀺ããŸãã
ç§ãã¡ã¯ãã®åé¡ã«ééãããããåé¿ããããã«ããŒã¿ã»ã³ã¿ãŒã®ç¹å®ã®éšåãåæ§ç¯ããå¿ èŠããããŸããã
Consul Enterprise ã®ããžãã¹ ããŒãžã§ã³ã«ã¯ãäžèšã®ããã€ãã®æ¬ ç¹ããããŸãããã æ祚è ã®éžæãé åžãã¹ã±ãŒãªã³ã°ãªã©ãå€ãã®äŸ¿å©ãªæ©èœããããŸãã ãããããã XNUMX ã€ã ããããŸããåæ£ã·ã¹ãã ã®ã©ã€ã»ã³ã¹ ã·ã¹ãã ã¯éåžžã«é«äŸ¡ã§ãã
ã©ã€ããããã³ã°ïŒ rm -rf /var/lib/consul
- ãšãŒãžã§ã³ãã®ãã¹ãŠã®ç
æ°ã®æ²»çæ³ã åé¡ã解決ããªãå Žåã¯ãããŒã¿ãåé€ããã³ããŒããããŒã¿ãããŠã³ããŒãããŠãã ããã ããããé äºãæ©èœããã ããã
BEFW
次ã«ãConsul ã«è¿œå ããå 容ã«ã€ããŠèª¬æããŸãã
ã«ãŒã«ãã³ãã¬ãŒã
ã«ãŒã«ã¯ iptables æ§æã§èšè¿°ãããŸãã
- -N BEFW
- -P å ¥åãããã
- -A INPUT -m ç¶æ âç¶æ RELATED,ESTABLISHED -j ACCEPT
- -A å ¥å -i lo -j ACCEPT
- -A å ¥å -j BEFW
äŸå€ãé€ãããã¹ãŠã BEFW ãã§ãŒã³ã«å
¥ããŸãã ESTABLISHED
, RELATED
ãããŠããŒã«ã«ãã¹ãã ãã³ãã¬ãŒãã¯äœã§ãæ§ããŸããããããã¯åãªãäŸã§ãã
BEFW ã¯ã©ã®ããã«åœ¹ç«ã¡ãŸãã?
ãµãŒãã¹
ãµãŒãã¹ã«ã¯åžžã«ããŒããã€ãŸããµãŒãã¹ãå®è¡ãããããŒãããããŸãã ç§ãã¡ã®ããŒãããããŒã«ã«ã§ãšãŒãžã§ã³ãã«åãåãããŠãäœããã®ãµãŒãã¹ãããããšã確èªã§ããŸãã ã¿ã°ãä»ããããŸãã
å®è¡äžã§ Consul ã«ç»é²ãããŠãããµãŒãã¹ã¯ãã¹ãŠ iptables ã«ãŒã«ã«ãªããŸãã SSH ã䜿çšããŠããŸã - ããŒã 22 ãéããŸããBash ã¹ã¯ãªããã¯åçŽã§ããcurl ãš iptables ã ãã§ãä»ã«ã¯äœãå¿
èŠãããŸããã
ã¯ã©ã€ã¢ã³ã
å šå¡ã§ã¯ãªãéžæçã«ã¢ã¯ã»ã¹ãéãã«ã¯ã©ãããã°ããã§ãããã? ãµãŒãã¹åããšã« IP ãªã¹ãã KV ã¹ãã¬ãŒãžã«è¿œå ããŸãã
ããšãã°ã22 çªç®ã®ãããã¯ãŒã¯äžã®å
šå¡ã SSH_TCP_XNUMX ãµãŒãã¹ã«ã¢ã¯ã»ã¹ã§ããããã«ããããšããŸãã å°ã㪠TTL ãã£ãŒã«ãã XNUMX ã€è¿œå ããŸãã? ãããŠä»ã§ã¯ãäŸãã°XNUMXæ¥ã®äžæçãªèš±å¯ãåŸãããŸãã
ã¢ã¯ã»ã¹
åœç€Ÿã¯ãµãŒãã¹ãšã¯ã©ã€ã¢ã³ããæ¥ç¶ããŸããåœç€Ÿã«ã¯ãµãŒãã¹ããããKV ã¹ãã¬ãŒãžã¯ããããã«å¯Ÿå¿ããŠããŸãã çŸåšã¯å šå¡ã«ã§ã¯ãªããéžæçã«ã¢ã¯ã»ã¹ãèš±å¯ããŠããŸãã
ã°ã«ãŒã
æ¯åã¢ã¯ã»ã¹ããããã«äœåãã® IP ãæžããŠãããç²ããŠããŸããŸãã ã°ã«ãŒãåãã€ãŸã KV ã®å¥ã®ãµãã»ãããèããŠã¿ãŸãããã ããããšã€ãªã¢ã¹ïŒãŸãã¯ã°ã«ãŒãïŒãšåŒã³ãåãååã«åŸã£ãŠããã«ã°ã«ãŒããä¿åããŸãããã
æ¥ç¶ããŸããã: ããã§ãç¹ã« P2P ã«å¯ŸããŠã§ã¯ãªããã°ã«ãŒãå
šäœãŸãã¯è€æ°ã®ã°ã«ãŒãã«å¯Ÿã㊠SSH ãéãããšãã§ããããã«ãªããŸããã åæ§ã«ãTTL ããããã°ã«ãŒãã«è¿œå ããããã°ã«ãŒãããäžæçã«åé€ãããã§ããŸãã
ÐÐœÑегÑаÑОÑ
ç§ãã¡ã®åé¡ã¯äººçèŠçŽ ãšèªååã§ãã ãããŸã§ã®ãšããããã®æ¹æ³ã§è§£æ±ºããŠããŸãã
ç§ãã¡ã¯ Puppet ãšé£æºããã·ã¹ãã (ã¢ããªã±ãŒã·ã§ã³ ã³ãŒã) ã«é¢é£ãããã¹ãŠã®ãã®ã Puppet ã«è»¢éããŸãã Puppetdb (éåžžã® PostgreSQL) ã«ã¯ãããã§å®è¡ãããŠãããµãŒãã¹ã®ãªã¹ããä¿åãããŠããããªãœãŒã¹ ã¿ã€ãããšã«èŠã€ããããšãã§ããŸãã ããã§èª°ãã©ãã«å¿åããŠããã®ããç¥ãããšãã§ããŸãã ãã®ããã®ãã« ãªã¯ãšã¹ããšããŒãž ãªã¯ãšã¹ã ã·ã¹ãã ããããŸãã
ç§ãã¡ã¯ãããŒã¿è»¢éãæ¯æŽããã·ã³ãã«ãªãœãªã¥ãŒã·ã§ã³ã§ãã befw-sync ãäœæããŸããã ãŸããåæ Cookie 㯠puppetdb ã«ãã£ãŠã¢ã¯ã»ã¹ãããŸãã ãã㧠HTTP API ãæ§æãããŸããã©ã®ãããªãµãŒãã¹ãããããäœãè¡ãå¿ èŠããããããªã¯ãšã¹ãããŸãã ãããŠåœŒãã¯é äºã«èŠè«ãåºããŸãã
çµ±åã¯ãããŸãã? ã¯ã: 圌ãã¯ã«ãŒã«ãäœæãããã« ãªã¯ãšã¹ãã®åãå ¥ããèš±å¯ããŸããã ç¹å®ã®ããŒããå¿ èŠã§ããããããšããã¹ããã°ã«ãŒãã«è¿œå ããŸãã? ãã« ãªã¯ãšã¹ããã¬ãã¥ãŒ - ãä»ã® 200 åã® ACL ãèŠã€ããŠãããã«ã€ããŠäœããããŠã¿ãããšããäœæ¥ã¯ããå¿ èŠãããŸããã
æé©å
空ã®ã«ãŒã« ãã§ãŒã³ã䜿çšã㊠localhost ã« ping ãå®è¡ãããšã0,075 ããªç§ããããŸãã
ãã®ãã§ãŒã³ã« 10 ã® iptables ã¢ãã¬ã¹ãè¿œå ããŸãããã ãã®çµæãping 㯠000 åã«å¢å ããŸããiptables ã¯å®å
šã«ç·åœ¢ã§ãããåã¢ãã¬ã¹ã®åŠçã«ã¯æéãããããŸãã
æ°åã® ACL ã移è¡ãããã¡ã€ã¢ãŠã©ãŒã«ã«ã¯å€ãã®ã«ãŒã«ããããããã«ããé
延ãçºçããŸãã ããã¯ã²ãŒã ãããã³ã«ã«ãšã£ãŠå¥œãŸãããããŸããã
ãããã ipset å ã® 10 ã®ã¢ãã¬ã¹ pingãäžãããŸãã
éèŠãªã®ã¯ãã«ãŒã«ã®æ°ã«é¢ä¿ãªããipset ã®ãOãïŒã¢ã«ãŽãªãºã ã®è€éãïŒã¯åžžã« 1 ã«çãããšããããšã§ãã 確ãã«ãå¶éã¯ãããŸã - 65535 åãè¶
ããã«ãŒã«ã¯ååšã§ããŸããããä»ã®ãšããã¯ããã§å¯Ÿå¿ããŠããŸã: ã«ãŒã«ãçµã¿åãããããæ¡åŒµããããXNUMX ã€ã® ipset ã XNUMX ã€ã«äœæãããã§ããŸãã
ã¹ãã¬ãŒãž
å埩ããã»ã¹ã®è«ççãªç¶ç¶ã¯ããµãŒãã¹ã®ã¯ã©ã€ã¢ã³ãã«é¢ããæ å ±ã ipset ã«ä¿åããããšã§ãã
ããã§ãåã SSH ã䜿çšããäžåºŠã« 100 åã® IP ãæžã蟌ãã®ã§ã¯ãªããéä¿¡ããå¿
èŠããã IPset ã®ååãšæ¬¡ã®ã«ãŒã«ãèšå®ããŸãã DROP
ã ããã¯ãããã«ããªã人㯠DROPããšãã XNUMX ã€ã®ã«ãŒã«ã«å€æã§ããŸãããããæ確ã§ãã
ããã§ã«ãŒã«ãšã»ãããã§ããŸããã äž»ãªã¿ã¹ã¯ã¯ãã«ãŒã«ãèšè¿°ããåã«ã»ãããäœæããããšã§ããããããªããšãiptables ãã«ãŒã«ãæžã蟌ããªãããã§ãã
äžè¬ã¹ããŒã
ç§ãèšã£ãããšãå³ã«è¡šããšæ¬¡ã®ããã«ãªããŸãã
ç§ãã¡ã¯ Puppet ã«ã³ããããããã¹ãŠããã¹ãã«éä¿¡ããããµãŒãã¹ã¯ããã«ãipset ã¯ããã«éä¿¡ãããããã«ç»é²ãããŠããªã人ã¯èš±å¯ãããŸããã
èš±å¯ãšæåŠ
ããã«äžçãæã£ããã誰ããããã«ç¡å¹ã«ãããããããã«ããã¹ãŠã®ãã§ãŒã³ã®æåã« XNUMX ã€ã® ipset ãäœæããŸããã rules_allow
О rules_deny
ã 䜿ãæ¹ïŒ
ããšãã°ã誰ãããããã䜿çšã㊠Web ã«è² è·ãäžããŠãããšããŸãã 以åã¯ããã°ãã圌㮠IP ãèŠã€ããŠãããã¯ãŒã¯ ãšã³ãžãã¢ã«äŒãããã©ãã£ãã¯ã®çºä¿¡å ãç¹å®ããŠåœŒãçŠæ¢ããå¿ èŠããããŸããã ä»ã¯éã£ãŠèŠããŸãã
ãããé äºã«éä¿¡ãã2,5 ç§åŸ
ã£ãŠå®äºã§ãã Consul 㯠P2P ãéããŠè¿
éã«é
åžã§ãããããäžçäžã®ã©ãã§ãæ©èœããŸãã
äžåºŠããã¡ã€ã¢ãŠã©ãŒã«ã®ãã¹ã§ãªããWOTãå®å
šã«åæ¢ããŠããŸããŸããã rules_allow
- ããã¯ãã®ãããªå Žåã«åããåœç€Ÿã®ä¿éºã§ãã ãã¡ã€ã¢ãŠã©ãŒã«ã®ã©ããã§ééããç¯ããå Žåãã©ããã§äœãããããã¯ãããŠããå Žåããã€ã§ãæ¡ä»¶ä»ãã¡ãã»ãŒãžãéä¿¡ã§ããŸãã 0.0/0
ãã¹ãŠãããã«æŸãããšã åŸã§ãã¹ãŠãæäœæ¥ã§ä¿®æ£ããŸãã
ãã®ä»ã®ã»ãã
ã¹ããŒã¹ã«ä»ã®ã»ãããè¿œå ã§ããŸã $IPSETS$
.
äœã®ããã«ïŒ ããšãã°ãã¯ã©ã¹ã¿ãŒã®äžéšã®ã·ã£ããããŠã³ããšãã¥ã¬ãŒãããããã«ãipset ãå¿
èŠã«ãªãå ŽåããããŸãã 誰ã§ãä»»æã®ã»ãããæã¡èŸŒãããšãã§ããååãä»ããã°é äºããåãåããŸãã åæã«ãã»ãã㯠iptables ã«ãŒã«ã«åå ããããšããããŒã ãšããŠæ©èœããããšãã§ããŸãã NOOP
: äžè²«æ§ã¯ããŒã¢ã³ã«ãã£ãŠç¶æãããŸãã
ã¡ã³ããŒ
以åã¯ããŠãŒã¶ãŒã¯ãããã¯ãŒã¯ã«æ¥ç¶ãããã¡ã€ã³çµç±ã§ãã©ã¡ãŒã¿ãåä¿¡ããŠââããŸããã æ°äžä»£ãã¡ã€ã¢ãŠã©ãŒã«ãç»å ŽãããŸã§ãã·ã¹ã³ã¯ãŠãŒã¶ãã©ãã«ããã®ãããã㊠IP ãã©ãã«ããã®ããç解ããæ¹æ³ãç¥ããŸããã§ããã ãããã£ãŠãã¢ã¯ã»ã¹ã¯ãã·ã³ã®ãã¹ãåãä»ããŠã®ã¿èš±å¯ãããŸããã
ç§ãã¡ãäœãããã®ã§ããïŒ ç§ãã¡ã¯ã¢ãã¬ã¹ãåãåã£ãç¬éã«è¡ãè©°ãŸã£ãŠããŸããŸããã éåžžããã㯠dot1xãWi-FiããŸã㯠VPN ã§ããããã¹ãŠã RADIUS ãçµç±ããŸãã ãŠãŒã¶ãŒããšã«ããŠãŒã¶ãŒåããšã«ã°ã«ãŒããäœæãããã®äžã« dhcp.lease ãšåã TTL ãæ〠IP ãé 眮ããŸããæå¹æéãåãããšããã«ãã«ãŒã«ã¯æ¶ããŸãã
ããã§ãä»ã®ã°ã«ãŒããšåæ§ã«ããŠãŒã¶ãŒåã«ãã£ãŠãµãŒãã¹ãžã®ã¢ã¯ã»ã¹ãéãããšãã§ããŸãã ãã¹ãåãå€æŽããéã®ç
©ããããã解æŸãããCisco ãäžèŠã«ãªã£ããããã¯ãŒã¯ ãšã³ãžãã¢ã®è² æ
ã軜æžããŸããã çŸåšã§ã¯ããšã³ãžãã¢èªèº«ããµãŒããŒã«ã¢ã¯ã»ã¹ãç»é²ããŠããŸãã
æç±
åæã«æç±æã®è§£äœãå§ããŸããã ãµãŒãã¹ ãããŒãžã£ãŒãæ£åžããè¡ããç§ãã¡ã¯ãã¹ãŠã®ãããã¯ãŒã¯ãåæããŸããã ããããåãã°ã«ãŒãã«åå²ããå¿ èŠãªãµãŒããŒäžã§ãããšãã°æåŠããã°ã«ãŒããè¿œå ããŸãããã çŸåšãåãã¹ããŒãžã³ã°åé¢ã¯ãããã¯ã·ã§ã³ã® rules_deny ã«å«ãŸããŸããããããã¯ã·ã§ã³èªäœã«ã¯å«ãŸããŸããã
ãã®ã¹ããŒã ã¯è¿
éãã€ç°¡åã«æ©èœããŸãããµãŒããŒãããã¹ãŠã® ACL ãåé€ããããŒããŠã§ã¢ãã¢ã³ããŒãããŠãåé¢ããã VLAN ã®æ°ãæžãããŸãã
å®å šæ§ç®¡ç
以åã¯ã誰ãããã¡ã€ã¢ãŠã©ãŒã« ã«ãŒã«ãæåã§å€æŽãããšãã«å ±åããç¹å¥ãªããªã¬ãŒããããŸããã ãã¡ã€ã¢ãŠã©ãŒã« ã«ãŒã«ããã§ãã¯ããããã®å·šå€§ãªãªã³ã¿ãŒãäœæããŠããŸããããããã¯å°é£ã§ããã æŽåæ§ã¯ BEFW ã«ãã£ãŠç®¡çãããããã«ãªããŸããã 圌ã¯èªåãäœã£ãã«ãŒã«ãå€æŽãããªãããã«ç±å¿ã«åªããŠããŸãã 誰ãããã¡ã€ã¢ãŠã©ãŒã« ã«ãŒã«ãå€æŽãããšããã¹ãŠãå ã«æ»ããŸãã ãèªå® ã§ä»äºãã§ããããã«ãããã«ãããã·ãèšå®ããŸãããââãã®ãããªéžæè¢ã¯ãããããŸããã
BEFW ã¯ãBEFW ãã§ãŒã³å ã®ãµãŒãã¹ã®ã«ãŒã«ã§ãã befw.conf å ã®ãµãŒãã¹ãšãªã¹ããã ipset ãå¶åŸ¡ããŸãã ãã ããä»ã®ãã§ãŒã³ãã«ãŒã«ãããã³ä»ã® ipset ã¯ç£èŠããŸããã
è¡çªä¿è·
BEFW ã¯åžžã«ãæåŸã«ç¢ºèªãããæ£åžžãªç¶æ ã state.bin ãã€ããªæ§é ã«çŽæ¥ä¿åããŸãã äœãåé¡ãçºçããå Žåã¯ãåžžã«ãã® state.bin ã«ããŒã«ããã¯ãããŸãã
ããã¯ãConsul ãããŒã¿ãéä¿¡ããªãã£ããã誰ããééããç¯ããŠé©çšã§ããªãã«ãŒã«ã䜿çšãããããå Žåã®ãäžå®å®ãª Consul ã®åäœã«å¯Ÿããä¿éºã§ãã ãã¡ã€ã¢ãŠã©ãŒã«ããªãç¶æ
ã«ãªããªãããã«ãããããã®æ®µéã§ãšã©ãŒãçºçããå ŽåãBEFW ã¯ææ°ã®ç¶æ
ã«ããŒã«ããã¯ããŸãã
ããã«ãããå±æ©çãªç¶æ³ã«ãããŠããã¡ã€ã¢ãŠã©ãŒã«ãæ©èœããããšãä¿èšŒãããŸãã 管çè ãæ¥ãŠä¿®æ£ããŠãããããšãæåŸ ããŠãç°è²ã®ãããã¯ãŒã¯ããã¹ãŠéããŸãã ãã€ããããèšå®ã«å ¥ããã€ããã§ãããä»ã¯ 10 ã€ã®ç°è²ã®ãããã¯ãŒã¯ (8/172ã12/192.168ã16/XNUMX) ã ãããããŸãã ç§ãã¡ã®é äºå ã§ã¯ãããã¯ç§ãã¡ãããã«çºå±ããã®ã«åœ¹ç«ã€éèŠãªæ©èœã§ãã
ãã¢: ã¬ããŒãäžã«ãIvan 㯠BEFW ã®ã㢠ã¢ãŒããå®æŒããŸãã ãã¢ã³ã¹ãã¬ãŒã·ã§ã³ãèŠããããªããŸã
èœãšãç©Ž
ç§ãã¡ãééãããã°ã«ã€ããŠã話ããŸãã
ipset è¿œå ã»ãã 0.0.0.0/0ã ipset ã« 0.0.0.0/0 ãè¿œå ãããšã©ããªããŸãã? ãã¹ãŠã® IP ãè¿œå ãããŸãã? ã€ã³ã¿ãŒãããã¢ã¯ã»ã¹ã¯å©çšå¯èœã«ãªããŸãã?
ãããããã°ãçºçã㊠2016 æéã®ããŠã³ã¿ã€ã ãçºçããŸãã ããã«ããã®ãã°ã¯ 1297092 幎以éæ©èœããŠããŸããããã®ãã°ã¯ RedHat Bugzilla ã®çªå· #XNUMX ã«ãããéçºè ã®ã¬ããŒãããå¶ç¶çºèŠããŸããã
çŸåšãBEFW ã§ã¯æ¬¡ã®ããšãå³æ Œãªã«ãŒã«ãšãªã£ãŠããŸãã 0.0.0.0/0
㯠XNUMX ã€ã®ã¢ãã¬ã¹ã«ãªããŸãã 0.0.0.0/1
О 128.0.0.0/1
.
ipset 埩å
ã»ãã < ãã¡ã€ã«ã ipset ã«æ瀺ãããšäœãããŸãã restore
? iptables ãšåãããã«æ©èœãããšæããŸãã? ããŒã¿ã¯åŸ©æ§ããã®ã§ããããïŒ
ãã®ãããªããšã¯ãããŸãããããŒãžãè¡ãããå€ãã¢ãã¬ã¹ã¯ã©ãã«ãè¡ãããã¢ã¯ã»ã¹ã¯ãããã¯ãããŸããã
åé¢ã®ãã¹ãäžã«ãã°ãèŠã€ãããŸããã çŸåšãããªãè€éãªã·ã¹ãã ãååšããŸã - 代ããã« restore
ãã³ããã«ã create temp
ãããã restore flush temp
О restore temp
ã ã¹ã¯ããã®çµäºæ: ååæ§ã®ãããæåã«å®è¡ãããš flush
ãããŠãã®ç¬éã«ãã±ãããå°çãããšãããã¯ç Žæ£ãããäœãåé¡ãçºçããŸãã ã€ãŸããããã«ã¯ã¡ãã£ãšããé»éè¡ããããŸãã
consul kv get -datacenter=other. å ã»ã©ãè¿°ã¹ãããã«ãäœããã®ããŒã¿ãèŠæ±ããŠãããšèããããŸãããããŒã¿ãååŸããããšã©ãŒãçºçãããã®ã©ã¡ããã§ãã Consul ãä»ããŠããŒã«ã«ã§ãããè¡ãããšãã§ããŸããããã®å Žåã¯äž¡æ¹ãšãããªãŒãºããŸãã
ããŒã«ã« Consul ã¯ã©ã€ã¢ã³ãã¯ãHTTP API ã®ã©ãããŒã§ãã ããããããã¯ãã ãã³ã°ããCtrl + CãCtrl + ZããŸãã¯ãã®ä»ã®ãã®ã«å¿çããŸããã kill -9
次ã®ã³ã³ãœãŒã«ã§ã 倧èŠæš¡ãªã¯ã©ã¹ã¿ãŒãæ§ç¯ããŠãããšãã«ãã®åé¡ãçºçããŸããã ãããããŸã 解決çã¯ãªããConsul ã§ãã®ãšã©ãŒãä¿®æ£ããæºåãããŠããŸãã
é äºãªãŒããŒã¯å¿çããŠããŸããã ããŒã¿ã»ã³ã¿ãŒã®ãã¹ã¿ãŒãå¿çããªããããããããããããåéžæã¢ã«ãŽãªãºã ãæ©èœããããã«ãªãã®ã§ã¯ãªããïŒããšèããŸãã
ããããæ©èœããŸãããç£èŠããŠãäœã衚瀺ãããŸãããé äºã¯ãã³ãããã¡ã³ãææšãããããªãŒããŒãèŠã€ããããã¹ãŠãé 調ã§ãããšèšãã§ãããã
ããã«ã©ã察åŠããã°ããã§ãããã? service consul restart
cronã§50æéããšã«ã ãµãŒããŒã 16 å°ããå Žåã¯ã倧ããªåé¡ã¯ãããŸããã 000 åãããã°ããããã©ã®ããã«æ©èœããããããããŸãã
ãŸãšã
ãã®çµæã以äžã®ãããªã¡ãªãããåŸãããŸããã
- ãã¹ãŠã® Linux ãã·ã³ã 100% ã«ããŒããŸãã
- ã¹ããŒãã
- ãªãŒãã¡ãŒã·ã§ã³ã
- ç§ãã¡ã¯ããŒããŠã§ã¢ãšãããã¯ãŒã¯ã®ãšã³ãžãã¢ã奎é·ç¶æ ãã解æŸããŸããã
- KubernetesãAnsibleãPython ãªã©ãã»ãŒç¡éã®çµ±åã®å¯èœæ§ãçŸããŠããŸãã
ã³ã³ãº: é äºãç§ãã¡ã¯ããããäžç·ã«æ®ãããªããã°ãªããŸããããããŠééãã®éåžžã«é«ã代åã äŸãšããŠãããæãååŸ 6 æ (ãã·ã¢ã®ãŽãŒã«ãã³ã¿ã€ã ) ã«ãããã¯ãŒã¯ã®ãªã¹ãã§äœããç·šéããŠããŸããã åœæãBEFW ã§ã¯ã¡ããã©æç±æãæ§ç¯ããŠãããšããã§ããã ã©ããã§ééããŠãééã£ããã¹ã¯ãæå®ããããã§ããããã¹ãŠãXNUMXç§ã§çµãããŸããã ã¢ãã¿ãŒãç¹ç¯ããåœçªã®ãµããŒãæ åœè ãé§ãã€ããŸããããã¹ãŠæã£ãŠããŸãïŒã éšéé·ã¯ããªããã®ãããªããšãèµ·ãã£ãã®ããäŒæ¥ã«èª¬æãããšãé¡é¢èŒçœã«ãªã£ãã
ãšã©ãŒã®ä»£åã¯éåžžã«å€§ãããããåœç€Ÿã§ã¯ç¬èªã®è€éãªé²æ¢æé ãèæ¡ããŸããã ããã倧èŠæš¡ãªéçšãµã€ãã«å®è£ ããå ŽåãConsul ã®ãã¹ã¿ãŒ ããŒã¯ã³ãå šå¡ã«äžããå¿ èŠã¯ãããŸããã ããã¯æªãçµæã«çµãããŸãã
ã³ã¹ãã äžäººã§400æéã³ãŒããæžããŸããã ç§ã®ããŒã 㯠4 人ã§ãããæã« 10 æéãå šå¡ã®ãµããŒãã«è²»ãããŠããŸãã æ°äžä»£ãã¡ã€ã¢ãŠã©ãŒã«ã®äŸ¡æ Œãšæ¯èŒãããšãããã¯ç¡æã§ãã
èšç»ã é·æèšç»ã¯ãé äºã«ä»£ããããŸãã¯è£å®ãã代æ¿äº€éæ©é¢ãèŠã€ããããšã§ãã ããããããã¯ã«ãã«ãããã«äŒŒããã®ã«ãªãã§ãããã ããããä»åŸæ°å¹Žéãç§ãã¡ã¯Consulã§çããŠããããšã«ãªãã§ãããã
åœé¢ã®èšç»: Fail2banãã¢ãã¿ãªã³ã°ãnftables ãšã®çµ±åãå Žåã«ãã£ãŠã¯ä»ã®ãã£ã¹ããªãã¥ãŒã·ã§ã³ãã¡ããªã¯ã¹ãé«åºŠãªã¢ãã¿ãªã³ã°ãæé©åãšã®çµ±åã çŸåšãããã€ãã®ã¯ã©ã¹ã¿ãŒãããããã®èŠæããããããKubernetes ã®ãµããŒããèšç»ã®ã©ããã«å«ãŸããŠããŸãã
èšç»ã®è©³çŽ°:
- ãã©ãã£ãã¯ã®ç°åžžãæ€çŽ¢ããŸãã
- ãããã¯ãŒã¯ããã管çã
- Kubernetes ã®ãµããŒãã
- ãã¹ãŠã®ã·ã¹ãã ã®ããã±ãŒãžãçµã¿ç«ãŠãã
- ãŠã§ãUIã
ç§ãã¡ã¯æ§æã®æ¡åŒµãã¡ããªã¯ã¹ã®å¢å ãæé©åã«åžžã«åãçµãã§ããŸãã
ãããžã§ã¯ãã«åå ããŠãã ããã ãã®ãããžã§ã¯ãã¯çŽ æŽããããã®ã«ãªããŸããããæ®å¿µãªããšã«ããŸã äžäººã®ãããžã§ã¯ãã§ãã ã«æ¥ãŠãã ãã
ãã®éã«ç§ãã¡ã¯æºåãé²ããŠããŸã
ã»ã€ã³ããã€ããŒã++ 6 æ 7 æ¥ãš XNUMX æ¥ã«ãµã³ã¯ãããã«ãã«ã¯ã§éå¬ãããé«è² è·ã·ã¹ãã ã®éçºè ãæåŸ ããŸããã¬ããŒããç³è«ãã ã çµéšè±å¯ãªã¹ããŒã«ãŒã¯ãã§ã«äœããã¹ãããç¥ã£ãŠããŸãããã¹ããŒã«ãŒã®åå¿è ã«ã¯å°ãªããšã次ã®ããšããå§ãããŸããè©Šãããã« ã è¬æŒè ãšããŠã«ã³ãã¡ã¬ã³ã¹ã«åå ãããšãå€ãã®ã¡ãªããããããŸãã ããšãã°æåŸã«ã©ãããèªãããšãã§ããŸããã®èšäº .
åºæïŒ habr.com