ãã¹ãŠã®äººã«è¯ãïŒ
ç§ã®ååã¯ãããŒã¿ã§ããCian ãšã³ãžãã¢ãªã³ã° ããŒã ã®ããŒã ãªãŒããŒã§ãã äŒç€Ÿã§ã®ç§ã®è²¬ä»»ã® XNUMX ã€ã¯ãæ¬çªç°å¢ã®ã€ã³ãã©ã¹ãã©ã¯ãã£ã«é¢é£ããã€ã³ã·ãã³ãã®æ°ããŒãã«æžããããšã§ãã
以äžã§èª¬æããå
容ã¯ç§ãã¡ã«å€å€§ãªèŠçããããããŸããããã®èšäºã®ç®çã¯ãä»ã®äººãç§ãã¡ã®ééããç¹°ãè¿ããªãããã«ããããå°ãªããšããã®åœ±é¿ãæå°éã«æããããšã§ãã
ããªã¢ã³ãã«
æãCian ãã¢ããªã¹ã§æ§æãããŠããããŸã ãã€ã¯ããµãŒãã¹ã®æ°é ããªãã£ãé ãç§ãã¡ã¯ 3 ïœ 5 ããŒãžããã§ãã¯ããããšã§ãªãœãŒã¹ã®å¯çšæ§ã枬å®ããŠããŸããã
圌ãã¯çããŸã - ãã¹ãŠåé¡ãããŸããããé·æéçããªãå Žå㯠- èŠåããŸãã äºä»¶ãšã¿ãªãããããã«ã©ããããã®æéä»äºãäŒãŸãªããã°ãªããªããã¯ãäŒè°ã§äººã ã決å®ããã ãšã³ãžãã¢ã®ããŒã ãåžžã«äºä»¶ã®èª¿æ»ã«é¢äžããŠããŸããã 調æ»ãå®äºãããšã圌ãã¯äºåŸåæãã€ãŸãäœãèµ·ãã£ããã調æ»ãã©ããããç¶ããããçŸæç¹ã§äœãããããå°æ¥äœãããããšãã圢åŒã®ã¬ããŒããé»åã¡ãŒã«ã§æžããŸããã
ãµã€ãã®ã¡ã€ã³ããŒãžããŸãã¯ãµã€ããæäžäœã«éããããšãã©ã®ããã«ç解ããŠããã
ãšã©ãŒã®åªå
床ãäœããã®æ¹æ³ã§ç解ããããã«ãããžãã¹æ©èœã«ãšã£ãŠæãéèŠãªãµã€ã ããŒãžãç¹å®ããŸããã ãããã䜿çšããŠãæå/倱æãããªã¯ãšã¹ããšã¿ã€ã ã¢ãŠãã®æ°ãã«ãŠã³ãããŸãã ããã皌åæéã枬å®ããæ¹æ³ã§ãã
ãµã€ãã«ã¯ãæ€çŽ¢ãšåºåã®éä¿¡ãšããäž»èŠãªãµãŒãã¹ãæ åœããéåžžã«éèŠãªã»ã¯ã·ã§ã³ãå€æ°ããããšãããã£ããšããŸãã 倱æãããªã¯ãšã¹ãã®æ°ã 1% ãè¶ ããå Žåãããã¯é倧ãªã€ã³ã·ãã³ãã§ãã ãŽãŒã«ãã³ã¿ã€ã ã® 15 å以å ã«ãšã©ãŒçã 0,1% ãè¶ ããå Žåããããã¯é倧ã€ã³ã·ãã³ããšã¿ãªãããŸãã ãããã®åºæºã¯ã»ãšãã©ã®ã€ã³ã·ãã³ããã«ããŒããŸãããæ®ãã¯ãã®èšäºã®ç¯å²å€ã§ãã
ããããã¹ãã€ã³ã·ãã³ã Cian
ãããã£ãŠãç§ãã¡ã¯äºä»¶ãèµ·ãã£ããšããäºå®ãå€æããããšãééããªãåŠã³ãŸããã
çŸåšãããããåºæ¥äºã詳现ã«èª¬æãããJira ãšããã¯ã«åæ ãããŠããŸãã ã¡ãªã¿ã«ããã®ããã«ç§ãã¡ã¯ FAIL ãšããå¥ã®ãããžã§ã¯ããéå§ããŸããããã®ãããžã§ã¯ãã§ã¯ãšããã¯ã®ã¿ãäœæã§ããŸãã
éå»æ°å¹Žéã®ãã¹ãŠã®å€±æãåéãããšããªãŒããŒã¯æ¬¡ã®ãšããã§ãã
- mssql é¢é£ã®ã€ã³ã·ãã³ãã
- å€éšèŠå ã«ãã£ãŠåŒãèµ·ããããã€ã³ã·ãã³ãã
- 管çè ã®ãšã©ãŒã
管çè ã®ééãããã®ä»ã®èå³æ·±ã倱æãããã«è©³ããèŠãŠã¿ãŸãããã
XNUMX äœ â ãDNS å ãæŽçããã
åµã®ç«ææ¥ã§ããã DNS ã¯ã©ã¹ã¿ãŒå ã®é åºã埩å ããããšã«ããŸããã
å éšDNSãµãŒããŒããã€ã³ãããpowerdnsã«è»¢éããDNS以å€ã«äœããªãå®å šã«å¥ã®ãµãŒããŒãå²ãåœãŠãããšèããŠããŸããã
DC ã®åå Žæã« XNUMX å°ã® DNS ãµãŒããŒãé 眮ãããŸãŒã³ããã€ã³ããã powerdns ã«ç§»åããã€ã³ãã©ã¹ãã©ã¯ãã£ãæ°ãããµãŒããŒã«åãæ¿ããææãæ¥ãŸããã
移åã®æäžããã¹ãŠã®ãµãŒããŒäžã®ããŒã«ã« ãã£ãã·ã¥ ãã€ã³ãã§æå®ããããã¹ãŠã®ãµãŒããŒã®ãã¡ããµã³ã¯ãããã«ãã«ã¯ã®ããŒã¿ ã»ã³ã¿ãŒã«ãã XNUMX å°ã ããæ®ããŸããã ãã® DC ã¯åœåãç§ãã¡ã«ãšã£ãŠéèŠã§ã¯ãªããšå®£èšãããŠããŸããããçªç¶åäžé害ç¹ã«ãªã£ãŠããŸããŸããã
ã¢ã¹ã¯ã¯ãšãµã³ã¯ãããã«ãã«ã¯ã®éã®éæ²³ã厩èœããã®ã¯ãã®ç§»è»¢æéäžã«ãã£ãã å®éãDNS ã䜿çšã§ããªãç¶æ
㧠XNUMX åéæŸçœ®ãããŸãããããã¹ãã£ã³ã°æ¥è
ãåé¡ã解決ãããšãã«åŸ©æ§ããŸããã
çµè«ïŒ
以åã¯ä»äºã®æºåäžã«å€éšèŠå ãç¡èŠããŠããŸããããä»ã§ã¯ããããæºåäžã®ãªã¹ãã«å«ãŸããŠããŸãã ãããŠçŸåšããã¹ãŠã®ã³ã³ããŒãã³ãã n-2 ã§äºçŽãããŠããããšã確èªããããåªããŠãããäœæ¥äžã«ãã®ã¬ãã«ã n-1 ã«äžããããšãã§ããŸãã
- ã¢ã¯ã·ã§ã³ãã©ã³ãäœæãããšãã¯ããµãŒãã¹ã倱æããå¯èœæ§ããããã€ã³ããããŒã¯ãããã¹ãŠããæªåããæªåãããã·ããªãªãäºåã«æ€èšããŠãã ããã
- å éš DNS ãµãŒããŒãããŸããŸãªå°ççäœçœ®/ããŒã¿ã»ã³ã¿ãŒ/ã©ãã¯/ã¹ã€ãã/å ¥åã«åæ£ããŸãã
- åãµãŒããŒã«ããŒã«ã« ãã£ãã·ã¥ DNS ãµãŒããŒãã€ã³ã¹ããŒã«ããŸãããã®ãµãŒããŒã¯èŠæ±ãã¡ã€ã³ DNS ãµãŒããŒã«ãªãã€ã¬ã¯ãããŸãããµãŒããŒã䜿çšã§ããªãå Žåã¯ããã£ãã·ã¥ããå¿çããŸãã
XNUMXäœ â ãNginxã§ç©äºãæŽçããã
ããæŽããæ¥ãç§ãã¡ã®ããŒã ã¯ãããã«ã¯ãã飜ããããšå€æããnginx æ§æããªãã¡ã¯ã¿ãªã³ã°ããããã»ã¹ãå§ãŸããŸããã äž»ãªç®æšã¯ãæ§æãçŽæçãªæ§é ã«ããããšã§ãã 以åã¯ããã¹ãŠããæŽå²çã«ç¢ºç«ããããŠãããäœã®è«çããããŸããã§ããã ããã§ãåserver_nameãåãååã®ãã¡ã€ã«ã«ç§»åããããã¹ãŠã®æ§æããã©ã«ããŒã«åæ£ãããŸããã ã¡ãªã¿ã«ããã®èšå®ã«ã¯ 253949 è¡ãŸã㯠7836520 æåãå«ãŸããŠãããçŽ 7 MB ãå ããŸãã æäžäœã®æ§é :
Nginxã®æ§é
âââ access
â âââ allow.list
...
â âââ whitelist.conf
âââ geobase
â âââ exclude.conf
...
â âââ geo_ip_to_region_id.conf
âââ geodb
â âââ GeoIP.dat
â âââ GeoIP2-Country.mmdb
â âââ GeoLiteCity.dat
âââ inc
â âââ error.inc
...
â âââ proxy.inc
âââ lists.d
â âââ bot.conf
...
â âââ dynamic
â âââ geo.conf
âââ lua
â âââ cookie.lua
â âââ log
â â âââ log.lua
â âââ logics
â â âââ include.lua
â â âââ ...
â â âââ utils.lua
â âââ prom
â âââ stats.lua
â âââ stats_prometheus.lua
âââ map.d
â âââ access.conf
â âââ ..
â âââ zones.conf
âââ nginx.conf
âââ robots.txt
âââ server.d
â âââ cian.ru
â â âââ cian.ru.conf
â â âââ ...
â â âââ my.cian.ru.conf
âââ service.d
â âââ ...
â âââ status.conf
âââ upstream.d
âââ cian-mcs.conf
âââ ...
âââ wafserver.conf
ããªãæ¹åãããŸããããæ§æã®ååãå€æŽããŠé åžããéçšã§ãäžéšã®æ§æã®æ¡åŒµåãééã£ãŠããã include *.conf ãã£ã¬ã¯ãã£ãã«å«ãŸããŠããŸããã§ããã ãã®çµæãäžéšã®ãã¹ããå©çšã§ããªããªããã¡ã€ã³ ããŒãžã« 301 ãè¿ãããŸããã å¿çã³ãŒãã 5xx/4xx ã§ã¯ãªãã£ããããããã¯ããã«ã¯æ°ã¥ããããæã«ãªã£ãŠåããŠæ°ã¥ããŸããã ãã®åŸãã€ã³ãã©ã¹ãã©ã¯ã㣠ã³ã³ããŒãã³ãããã§ãã¯ãããã¹ãã®äœæãéå§ããŸããã
çµè«ïŒ
- (nginx ã«éãã) æ§æãæ£ããæ§é åãããããžã§ã¯ãã®åæ段éã§ãã®æ§é ã«ã€ããŠããèããŠãã ããã ããããããšã§ããŒã ã«ãšã£ãŠç解ãããããªããçµæçã« TTM ãåæžãããŸãã
- äžéšã®ã€ã³ãã©ã¹ãã©ã¯ã㣠ã³ã³ããŒãã³ãã®ãã¹ããäœæããŸãã ããšãã°ããã¹ãŠã®ããŒã®server_nameãæ£ããã¹ããŒã¿ã¹ãšå¿çæ¬æãæäŸããŠããããšã確èªããŸãã ã³ã³ããŒãã³ãã®åºæ¬æ©èœããã§ãã¯ããã¹ã¯ãªãããããã€ãæå ã«çšæããŠããã°ãåå 3 æã«ä»ã«äœããã§ãã¯ããå¿ èŠãããããå¿ æ»ã«ãªã£ãŠæãåºãå¿ èŠããªããªããŸãã
XNUMXäœ - ãã«ãµã³ãã©ã®ã¹ããŒã¹ãçªç¶ãªããªã£ãã
ããŒã¿ã¯çå®ã«å¢å ããå§çž®ãæ©èœããªãã£ããããCassandra ã¯ã©ã¹ã¿ãŒã§å€§èŠæš¡ãªã±ãŒã¹ã¹ããŒã¹ã®ä¿®åŸ©ã倱æãå§ããç¬éãŸã§ã¯ãã¹ãŠãé 調ã§ããã
ããåµã®æ¥ãå¡ã¯ã»ãšãã©ã«ããã£ã«å€ãããŸããã
- ã¯ã©ã¹ã¿ãŒã«ã¯åèšã¹ããŒã¹ã®çŽ 20% ãæ®ã£ãŠããŸããã
- ããŒãã£ã·ã§ã³äžã®ã¹ããŒã¹äžè¶³ã«ããããŒãã®è¿œå åŸã«ã¯ãªãŒã³ã¢ãããå®è¡ãããªããããããŒããå®å šã«è¿œå ããããšã¯ã§ããŸããã
- å§çž®ãæ©èœããªããããçç£æ§ã¯åŸã ã«äœäžããŸãã
- ã¯ã©ã¹ã¿ãŒã¯ç·æ¥ã¢ãŒãã«ãªã£ãŠããŸãã
çµäº - ã¯ãªãŒã³ã¢ããããã«ããã« 5 ã€ã®ããŒããè¿œå ããŸããããã®åŸãã¹ããŒã¹ããªããªã£ã空ã®ããŒãã®ããã«ãããããã¯ã©ã¹ã¿ãŒããäœç³»çã«åé€ããŠåå
¥åãå§ããŸããã ç§ãã¡ãæãã§ãããããã¯ããã«å€ãã®æéãè²»ããããŸããã ã¯ã©ã¹ã¿ãŒãéšåçãŸãã¯å®å
šã«å©çšã§ããªããªããªã¹ã¯ããããŸããã
çµè«ïŒ
- ãã¹ãŠã® cassandra ãµãŒããŒã§ãåããŒãã£ã·ã§ã³äžã®ã¹ããŒã¹ã® 60% ãè¶ ããŠå æããŠã¯ãªããŸããã
- CPU ã® 50% 以äžã§ããŒãããå¿ èŠããããŸãã
- ãã£ãã·ãã£ãã©ã³ãã³ã°ãå¿ããã«ãã³ã³ããŒãã³ãããšã«ããã®è©³çŽ°ã«åºã¥ããŠæ€èšããå¿ èŠããããŸãã
- ã¯ã©ã¹ã¿ãŒå ã®ããŒããå€ãã»ã©è¯ãã§ãã å°éã®ããŒã¿ãå«ããµãŒããŒã¯ããã«éè² è·ã«ãªãããã®ãããªã¯ã©ã¹ã¿ãŒã¯åŸ©æŽ»ãããããªããŸãã
XNUMXäœ - ãé äºã®ããŒ/å€ã¹ãã¬ãŒãžããããŒã¿ãæ¶ããã
ãµãŒãã¹ã®çºèŠã«ã¯ãå€ãã®äººãšåæ§ã« consul ã䜿çšããŸãã ãã ããã¢ããªã¹ã®éãšç·ã®ã¬ã€ã¢ãŠãã«ããã® Key-Value ã䜿çšããŸãã ã¢ã¯ãã£ãããã³éã¢ã¯ãã£ããªã¢ããã¹ããªãŒã ã«é¢ããæ å ±ãä¿åãããå±éäžã«å Žæãå€ãããŸãã ãã®ç®çã®ããã«ãKV ãšå¯Ÿè©±ããå±éãµãŒãã¹ãäœæãããŸããã ããæç¹ã§ãKV ã®ããŒã¿ãæ¶ããŠããŸããŸããã ã¡ã¢ãªãã埩å ãããŸããããå€æ°ã®ãšã©ãŒããããŸããã ãã®çµæãã¢ããããŒãäžã«ã¢ããã¹ããªãŒã ã®è² è·ãäžåäžã«åæ£ãããããã¯ãšã³ãã® CPU ã«éè² è·ããããããã«å€ãã® 502 ãšã©ãŒãçºçããŸããã ãã®çµæãç§ãã¡ã¯ consul KV ãã postgres ã«ç§»è¡ããããããããããåé€ããã®ã¯ããã»ã©ç°¡åã§ã¯ãªããªããŸããã
çµè«ïŒ
- èš±å¯ã®ãªããµãŒãã¹ã«ã¯ããµã€ãã®éå¶ã«éèŠãªããŒã¿ãå«ãŸããŠããŠã¯ãªããŸããã ããšãã°ãES ã§æš©éããªãå Žåã¯ãå¿ èŠã®ãªããšããããã®ã¢ã¯ã»ã¹ããããã¯ãŒã¯ ã¬ãã«ã§æåŠããå¿ èŠãªãã®ã ããæ®ããããã« action.destructive_requires_name: true ãèšå®ãããšããã§ãããã
- ããã¯ã¢ãããšãªã«ããªã®ã¡ã«ããºã ãäºåã«ç·Žç¿ããŠãã ããã ããšãã°ãããã¯ã¢ãããšåŸ©å ãã§ããã¹ã¯ãªãããäºåã«ïŒããšãã° Python ã§ïŒäœæããŸãã
XNUMXäœããã£ããã³ã»ã¢ã³ãªããã¢ã¹ã
ããæç¹ã§ãããã¯ãšã³ãã« 10 å°ä»¥äžã®ãµãŒããŒãããå Žåãnginx ã¢ããã¹ããªãŒã ã®è² è·ãäžåäžã«åæ£ããŠããããšã«æ°ã¥ããŸããã ã©ãŠã³ãããã³ã§ã¯ãªã¯ãšã¹ããæåããæåŸã®ã¢ããã¹ããªãŒã ã«é çªã«éä¿¡ãããnginx ã®ãªããŒããè¡ããããã³ã«æåããããçŽãã«ãªããããæåã®ã¢ããã¹ããªãŒã ã¯åžžã«æ®ãã®ã¢ããã¹ããªãŒã ãããå€ãã®ãªã¯ãšã¹ããåä¿¡ãããã®çµæãåäœãé ããªãããµã€ãå šäœã«åœ±é¿ãçããŸããã ããã¯ããã©ãã£ãã¯éãå¢å ããã«ã€ããŠãŸããŸãé¡èã«ãªããŸããã åçŽã« nginx ãæŽæ°ããŠã©ã³ãã ãæå¹ã«ããã ãã§ã¯æ©èœããŸããã§ãããããŒãžã§ã³ 1 (çŸæç¹ã§ã¯) ã§æåããªãã£ã倧éã® lua ã³ãŒããããçŽãå¿ èŠããããŸãã nginx 1.15 ã«ããããé©çšããŠãã©ã³ãã ãªãµããŒããå°å ¥ããå¿ èŠããããŸããã ããã§åé¡ã¯è§£æ±ºããŸããã ãã®ãã°ã¯ãCaptain Non-Ovviousnessãã«ããŽãªãç²åŸããŸããã
çµè«ïŒ
ãã®ãã°ã調æ»ããã®ã¯éåžžã«èå³æ·±ããåºæ¿çã§ãã)ã
- ãã®ãããªå€åãããã«çºèŠã§ããããã«ã¢ãã¿ãªã³ã°ãæŽçããŸãã ããšãã°ãELK ã䜿çšããŠãåã¢ããã¹ããªãŒã ã®åããã¯ãšã³ãã® RPS ãç£èŠããnginx ã®èŠ³ç¹ããå¿çæéãç£èŠã§ããŸãã ãã®å Žåãããã¯åé¡ãç¹å®ããã®ã«åœ¹ç«ã¡ãŸããã
çµæãšããŠããã£ãŠããããšã«å¯Ÿãããã綿å¯ãªã¢ãããŒããããã°ãã»ãšãã©ã®å€±æã¯åé¿ã§ããã¯ãã§ãã ç§ãã¡ã¯ããŒãã£ãŒã®æ³åãåžžã«èŠããŠããå¿
èŠããããŸãã ããŸããããªãå¯èœæ§ã®ãããã®ã¯ãã¹ãŠããŸããããªããã ãããŠããã«åºã¥ããŠã³ã³ããŒãã³ããæ§ç¯ããŸãã
åºæïŒ habr.com