Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Webサーバの高集積マルチテナントアーキテクチャに関する研究 / Studies on Hig...

Webサーバの高集積マルチテナントアーキテクチャに関する研究 / Studies on Highly Integrated Multi-Tenant Architecture for Web Servers

松本亮介
2016年8月30日
2016年度 京都大学大学院 情報学研究科 博士課程 予備審査

MATSUMOTO Ryosuke

September 05, 2016
Tweet

More Decks by MATSUMOTO Ryosuke

Other Decks in Research

Transcript

  1. 8FCαʔόͷجຊతͳϞσϧ 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF $IJMEIUUQEQSPDFTT PXOFSBQBDIF $IJMEIUUQEQSPDFTT PXOFSBQBDIF $MJFOU

    ϦΫΤετ Ϩεϙϯε 6/*9ܥ04ͷ৔߹ࣄલʹϦΫΤετΛड͚Δ ϓϩηεΛෳ਺GPSL ͯ͠ϓʔϧ͓ͯ͘͠ ʢ͜ΕΒશͯΛؚΊͯʮ୯Ұͷαʔόϓϩηεʯͱఆٛʣ  ϦΫΤετ Ϩεϙϯε ϦΫΤετ Ϩεϙϯε
  2. ߴूੵͷͨΊͷΞʔΩςΫνϟ IUUQE Ϣʔβ" IUUQE Ϣʔβ# IUUQE Ϣʔβ$ IUUQE Ϣʔβ" Ϣʔβ#

    Ϣʔβ$ ޮ཰ྑ͘࢒ϦιʔεΛ࢖͑Δ ىಈʹඞཁ ͳϦιʔε ىಈʹඞཁ ͳϦιʔε ىಈʹඞཁ ͳϦιʔε ىಈʹඞཁͳϦιʔε ߴूੵ͕ཁٻ͞ΕΔ৔߹ͷ Ϛϧνςφϯτʢຊݚڀʣ ϚϧνςφϯτͷผΞϓϩʔν 
  3. $(*࣮ߦํࣜ $(*QSPDFTT QIQDHJJOEFYQIQ $(*QSPDFTT GPSL UFSNJOBUFQSPDFTT FYFDWF 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT

    PXOFSBQBDIF ϦΫΤετຖʹϓϩηεͷੜ੒ɾഁغͱ ൺֱతେ͖ͳόΠφϦʢ1)1ͩͱQIQDHJόΠφϦʣͷ FYFDWF ͕ඞཁ 
  4. $(*QSPDFTT PXOFSVTFS $(*QSPDFTT PXOFSSPPU QIQDHJJOEFYQIQ PXOFSVTFS $(*QSPDFTT PXOFSVTFS ੩తʹઃఆ͞ΕͨVJEΛݩʹTFUVJE TFUHJE

    GPSL  FYFDWF TVFYFDQSPHSBN TFUVJESPPU UFSNJOBUFQSPDFTT FYFDWF 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF ˞$(* ैདྷͷΞΫηε੍ޚख๏ ϦΫΤετຖʹ$(*༻ϓϩηεͷ ੜ੒ഁغ͕ඞཁ 
  5. 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSSPPU JOEFYQIQ PXOFSVTFS TFUVJE TFUHJE QBSTF SVO

    $IJMEIUUQEQSPDFTT PXOFSVTFS $IJMEIUUQEQSPDFTT PXOFSVTFS UFSNJOBUFQSPDFTT ϦΫΤετຖʹࢠIUUQEϓϩηεͷੜ੒ഁغ͕ඞཁ ˞%40 ैདྷͷΞΫηε੍ޚख๏ 
  6. 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSSPPU JOEFYQIQ PXOFSVTFS TFUVJE TFUHJE QBSTF SVO

    ˞%40 ैདྷͷΞΫηε੍ޚख๏ $IJMEIUUQEQSPDFTT PXOFSVTFS $IJMEIUUQEQSPDFTT PXOFSVTFS UFSNJOBUFQSPDFTT ϦΫΤετຖͷࢠIUUQEϓϩηεͷੜ੒ഁغ͕ඞཁ 
  7. $(*QSPDFTT PXOFSVTFS $(*QSPDFTT PXOFSSPPU QIQDHJJOEFYQIQ PXOFSVTFS $(*QSPDFTT PXOFSVTFS ੩తʹઃఆ͞ΕͨVJEΛݩʹTFUVJE TFUHJE

    GPSL  FYFDWF TVFYFDQSPHSBN TFUVJESPPU UFSNJOBUFQSPDFTT FYFDWF 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF ϦΫΤετຖʹ$(*༻ϓϩηεͷ ੜ੒ഁغ͕ඞཁ ˞$(* ैདྷͷΞΫηε੍ޚख๏ 
  8. $(*QSPDFTT PXOFSVTFS $(*QSPDFTT PXOFSSPPU QIQDHJJOEFYQIQ PXOFSVTFS $(*QSPDFTT PXOFSVTFS DISPPU 

    ϦΫΤετϑΝΠϧ͔ΒVJEऔಘޙ TFUVJE TFUHJE GPSL  FYFDWF TVFYFDQSPHSBN TFUVJESPPU UFSNJOBUFQSPDFTT FYFDWF 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF DISPPU&OWJSPONFOU ˞$(* ఏҊ͢ΔΞʔΩςΫνϟ 
  9. 

  10. 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSSPPU JOEFYQIQ PXOFSVTFS TFUVJE TFUHJE QBSTF SVO

    ˞%40 ैདྷͷΞΫηε੍ޚख๏ $IJMEIUUQEQSPDFTT PXOFSVTFS $IJMEIUUQEQSPDFTT PXOFSVTFS UFSNJOBUFQSPDFTT ϦΫΤετຖͷࢠIUUQEϓϩηεͷੜ੒ഁغ͕ඞཁ 
  11. 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF UISFBE PXOFSVTFS UISFBE PXOFSBQBDIF JOEFYQIQ PXOFSVTFS

    TFUVJE TFUHJE ʜ VOTFUDBQT DSFBUFUISFBE TFUDBQT EFTUSPZUISFBE QBSTF SVO QSDUM TFUVJETFUHJEDBQT UISFBE PXOFSVTFS ˞%40 ఏҊ͢ΔΞΫηε੍ޚΞʔΩςΫνϟ 
  12. 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF UISFBE PXOFSVTFS UISFBE PXOFSBQBDIF TFUVJE TFUHJE

    ʜ VOTFUDBQT DSFBUFUISFBE TFUDBQT EFTUSPZUISFBE QSDUM TFUVJETFUHJEDBQT UISFBE PXOFSVTFS ˞$(* ఏҊ͢ΔΞΫηε੍ޚΞʔΩςΫνϟ $(*QSPDFTT PXOFSVTFS QIQDHJJOEFYQIQ PXOFSVTFS $(*QSPDFTT PXOFSVTFS GPSL UFSNJOBUFQSPDFTT FYFDWF 
  13. ैདྷͷػೳ֦ு NPE@QFSM NPE@SVCZ NPE@MVB ݴޠ $ 1FSM 3VCZ -VB ΠϯλϓϦλॳظԽ

    ॲཧ ࣄલ ౎౓ ϥΠϒϥϦಡΈࠐΈ ࣄલ ౎౓ ίϯύΠϧ ࣄલ ౎౓ ౎౓ ίʔυͷมߋ ෆՄ Մ Մ άϩʔόϧঢ়ଶ ڞ༗ ڞ༗ ඇڞ༗ 
  14. w αʔόϓϩηεىಈ࣌ʹΠϯλϓ ϦλΛ֬อ w ϦΫΤετॲཧ࣌ʹΠϯλϓϦλ Λڞ༗ͯ͠εΫϦϓτΛίϯύΠϧ ͔ͯ͠Β࣮ߦ ߏจ໦ղੳ όΠτίʔυੜ੒ 7.্Ͱ࣮ߦ

    ϦΫΤετຖʹαʔόϓϩηε͕εΫϦϓτΛϑοΫ εΫϦϓτಡΈࠐΈ ΠϯλϓϦλͱ ϥΠϒϥϦΛڞ༗ όΠτίʔυɺάϩʔόϧม਺ɾΫϥεɺྫ֎ϑϥάΛ։์ ഉଞॲཧ ϚϧνεϨου8FC αʔόΞʔΩςΫνϟ ʹରԠ 
  15. ߏจ໦ղੳ όΠτίʔυੜ੒ 7.্Ͱ࣮ߦ ϦΫΤετຖʹαʔόϓϩηε͕εΫϦϓτΛϑοΫ εΫϦϓτಡΈࠐΈ ΠϯλϓϦλͱ ϥΠϒϥϦΛڞ༗ άϩʔόϧม਺ɾΫϥεɺྫ֎ϑϥάΛ։์ όΠτίʔυ ςʔϒϧ

    w όΠτίʔυΩϟογϡʹΑͬͯαʔ όϓϩηεىಈ࣌ͷίʔυมߋ͕ඞ ཁͳ͍৔߹͸ߴ଎Խ w αʔόىಈ࣌ʹίϯύΠϧͯ͠όΠ τίʔυςʔϒϧʹอଘ͓͖ͯ͠ɺ ϦΫΤετ࣌ʹऔಘ࣮ͯ͠ߦ 
  16. NPE@NSVCZઃఆྫ # Normal hook <Location /mruby-test> mrubyHandlerMiddle /path/to/test.rb </Location> #

    ByteCode Caching at Start up <Location /mruby-test-cache> mrubyHandlerMiddle /path/to/test.rb cache </Location> 
  17. NPE@NSVCZͷ#BTJD"VUIXJUI3FEJT # <Location /basic/> # AuthType basic # AuthName "Message

    for clients" # AuthBasicProvider mruby # mrubyAuthnCheckPassword /path/to/authn_basic.rb # require valid-user # </Location> anp = Apache::AuthnProvider.new redis = Redis.new "127.0.0.1”, 6379 if redis.get(anp.user) == anp.password Apache.return Apache::AuthnProvider::AUTH_GRANTED else Apache.return Apache::AuthnProvider::AUTH_DENIED end 
  18. ҟͳΔ8FCαʔόͷ౷Ұత֦ுهड़ "QBDIF "1* 3VCZTDSJQU NPE@NSVCZ 3VCZTDSJQU ɾ ɾ ɾ ɾ

     3VCZTDSJQUO /HJOY "1* OHY@NSVCZ 3VCZTDSJQU "QBDIF $PSF /HJOY $PSF 3VCZ %4- GPS8FC "QBDIF 5SB⒏D 4FSWFS "1* UT@NSVCZ "QBDIF 5SB⒏D 4FSWFS $PSF SFGIUUQTHJUIVCDPNTZVDSFBNUT@NSVCZ 
  19. ౷Ұతهड़ྫ # Output Hello World Server = get_server_calss Server.rputs "Hello

    #{Server.module_name}/ #{Server.module_version} world!" # mod_mruby => "Hello mod_mruby/1.9.3 world!" # ngx_mruby => "Hello ngx_mruby/1.3.2 world!" # ts_mruby => "Hello ts_mruby/0.0.1 world!" 
  20. ैདྷख๏ͱͷੑೳൺֱ ैདྷͷػೳ֦ ு NPE@QFSM NPE@SVCZ NPE@MVB NPE@NSVCZ NPE@NSVCZ Ωϟογϡ ݴޠ

    $ 1FSM 3VCZ -VB NSVCZ NSVCZ ΠϯλϓϦλ ॳظԽॲཧ ࣄલ ౎౓ ࣄલ ࣄલ ϥΠϒϥϦ ಡΈࠐΈ ࣄલ ౎౓ ࣄલ ࣄલ ίϯύΠϧ ࣄલ ౎౓ ౎౓ ౎౓ ࣄલ ίʔυͷมߋ ෆՄ Մ Մ Մ ෆՄ άϩʔόϧঢ়ଶ ڞ༗ ڞ༗ ඇڞ༗ ඇڞ༗ ඇڞ༗ ੑೳ 3FTQPOTFTFD       
  21. Ϧιʔε੍ޚͷઃఆྫ r = Apache::Request.new if r.filename == “/path/to/cpu.cgi” cpu =

    Cgroup::CPU.new “cpu_group” # CPU 10 cpu.cfs_quota_us = 10000 cpu.create cpu.attach end  ݫີʹ͸NTதNTͷ$16࢖༻࣌ؒΛ RVPUBͱͯ͠εέδϡʔϧ͢Δઃఆ
  22. Ϧιʔε੍ޚͷઃఆྫ r = Apache::Request.new if r.hostname == “example.com” cpu =

    Cgroup::CPU.new “cpu_group” # CPU 10 cpu.cfs_quota_us = 10000 cpu.create cpu.attach end 
  23. Ϧιʔε੍ޚͷઃఆྫ r = Apache::Request.new if r.method== “POST” cpu = Cgroup::CPU.new

    “cpu_group” # CPU 10 cpu.cfs_quota_us = 10000 cpu.create cpu.attach end 
  24. Ϧιʔε੍ޚͷઃఆྫ r = Apache::Request.new if r.finfo.user == 500 cpu =

    Cgroup::CPU.new “cpu_group” # CPU 10 cpu.cfs_quota_us = 10000 cpu.create cpu.attach end 
  25. Ϧιʔε੍ޚͷઃఆྫ r = Apache::Request.new if r.finfo.size > 3000 cpu =

    Cgroup::CPU.new “cpu_group” # CPU 10 cpu.cfs_quota_us = 10000 cpu.create cpu.attach end 
  26. 

  27. ຊ࿦จʹؚ·ΕΔൃදจݙ ࿦จࢽ࿦จ 1 দຊ྄հ, Ԭ෦ णஉ, mod_mruby: εΫϦϓτݴޠͰߴ଎͔ͭলϝϞϦʹ֦ுՄೳͳWebαʔ όͷػೳ֦ுࢧԉػߏ, ৘ใॲཧֶձ࿦จࢽɼVol.55,

    No.11, pp.2451-2460, Nov 2014. 2 দຊ྄հ, Ԭ෦णஉ,εϨου୯ҐͰݖݶ෼཭Λߦ͏WebαʔόͷΞΫηε੍ޚΞʔΩςΫνϟ, ిࢠ৘ใ௨৴ֶձ࿦จࢽ Vol.J96-B, No.10, pp.1122-1130, Oct 2013. 3 দຊ྄հ, ઒ݪক࢘, দԬً෉, େن໛ڞ༗ܕWebόʔνϟϧϗεςΟϯάج൫ͷηΩϡϦςΟ ͱӡ༻ٕज़ͷվળ, ৘ใॲཧֶձ࿦จࢽ, Vol.54, No.3, pp.1077-1086, Mar. 2013. 
  28. ຊ࿦จʹؚ·ΕΔൃදจݙ ࠃࡍձٞൃදʢࠪಡ෇͖ʣ 1 Ryosuke Matsumoto, Yasuo Okabe, Access Control Architecture

    Separating Privilege by a Thread on a Web Server, The 12th IEEE/IPSJ International Symposium on Applications and the Internet (SAINT2012), pp.178-183, July 2012.