Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Driving Mercari with 50+ custom plugins / Macke...

kazeburo
October 06, 2017

Driving Mercari with 50+ custom plugins / Mackerel DAY

Driving Mercari with 50+ custom plugins
Mackerel Day 2017/10/05
#mackerelday

kazeburo

October 06, 2017
Tweet

More Decks by kazeburo

Other Decks in Technology

Transcript

  1. Me • Masahiro Nagano / ௕໺խ޿ • id:kazeburo • Mercari,

    Inc
 Principal Engineer
 Site Reliability Engineering (SRE) Team • BASE, Inc Technical Advisor
  2. Serviceઃܭ • αʔϏεΛߦ͏Region͝ͱʹServiceΛ෼͚Δ • mercari, mercari-us, mercari-gb • ֎ܗ؂ࢹ͸ผService •

    mercari-jp-exetenal, mercari-us-external, mercari-gb-external • ௨஌νϟϯωϧΛ෼͚ΔͨΊ • QA؀ڥɾϚΠΫϩαʔϏε
  3. Roleઃܭ • Role໊ͷPrefixʹҙຯΛ࣋ͨͤΔ • role- αʔόͷجຊతͳ໾ׂɻrole-mysqlɺrole-applicationͳͲ • z- ڞ௨ͷ໾ׂɻଟ͘ͷαʔό͸z-commonʹଐ͠ɺphp͕ೖ͍ͬͯΔαʔό͸z-phpΛ࣋ͭ •

    x- ؂ࢹ্ͷϑϥάɻrole-mysql͸ϨϓϦέʔγϣϯ؂ࢹΛߦ͏͕ɺx-mysql-masterΛ௥Ճ͢ Δ͜ͱͰ؂ࢹআ֎͢Δ • x- ͸ख࡞ۀͰ௥ՃΛߦ͏͜ͱ͕ଟ͍
  4. ⚙mackerel-agent.conf $ cat mackerel-agent.conf apikey = “AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaa=" include = “/etc/mackerel-agent/conf.d/*.conf"

    $ ls -1 conf.d/ role-mysql.conf z-common-jp.conf z-postfix.conf => mackerel-agent.conf ʹ͸ಛʹઃఆ͸ॻ͔ͳ͍ αʔόʹΑͬͯ഑෍͢Δconf͕ҟͳΔ role໊ͱ΄΅Ұக͕ͩ׬શʹҰॹͰ͸ͳ͍ αʔόʹ෇༩͢ΔRoleΛͲ͔͜ͰࣗಈͰઃఆ͍ͨ͠
  5. Roleͷࣗಈ෇༩ $ cat /etc/sysconfig/mackerel-agent ROLES=$(grep -h role-def: /etc/mackerel-agent/conf.d/*.conf \ |awk

    -F: '{printf "-role=mercari:" $2 " “}') OTHER_OPTS=$ROLES conf.d ҎԼͷϑΝΠϧʹ #role-def:ϩʔϧ໊ Λ௥Ճ͢Δͱ ىಈ࣌ʹಡΈࠐΈɺagentͷىಈΦϓγϣϯͱͯ͠ར༻ /usr/bin/mackerel-agent --pidfile=/var/run/mackerel-agent.pid --root=/var/lib/mackerel-agent \ -role=mercari:role-mysql -role=mercari:z-common -role=mercari:z-postfix
  6. Role ͷ࣮ࡍྫ $ head -1 role-mysql.conf z-common-jp.conf z-postfix.conf ==> role-mysql.conf

    <== ## role-def:role-mysql ==> z-common-jp.conf <== #role-def:z-common ==> z-postfix.conf <== #role-def:z-postfix ࣮ࡍʹ͸role-def͸ෳ਺ߦͰ΋ߏΘͳ͍
  7. ؂ࢹʹ·ͭΘΔ਺ࣈ • ؂ࢹϧʔϧ਺: 265 • Hostຖͷ؂ࢹϧʔϧ਺ • MySQL: 34 •

    Application: 39 • Search: 36 • Custom Plugin: 50+ (check + metrics + utils)
  8. z-common-jp Ͱߦ͏؂ࢹ • unbound ͷϓϩηε؂ࢹ • unbound Λ࢖໊ͬͨલղܾ • crond

    ͷϓϩηε؂ࢹ • sshd ͷϙʔτ؂ࢹ • /etc/passwd ϑΝΠϧͷมߋ؂ࢹ • Global IPͱiptable • unameͷมߋ؂ࢹ • hostnameͷมߋ؂ࢹ • uptime؂ࢹ • inode؂ࢹ • ϝϞϦΤϥʔ • HW-RAID؂ࢹ • [metrics] NTP • [metrics] Linux Lite (CPU, Load avg, Process, Memory) • [ඪ४] File System • [ඪ४] Swap
  9. Custom PluginʹΑΔ؂ࢹ • unbound ͷϓϩηε؂ࢹ • unbound Λ࢖໊ͬͨલղܾ • resolv.confΛಡΜͰ໊લղܾ

    • crond ͷϓϩηε؂ࢹ • sshd ͷϙʔτ؂ࢹ • /etc/passwd ϑΝΠϧͷมߋ؂ࢹ • Global IPͱiptable • unameͷมߋ؂ࢹ • hostnameͷมߋ؂ࢹ • uptime؂ࢹ • inode؂ࢹ • ϝϞϦΤϥʔ • HW-RAID؂ࢹ • [metrics] NTP • [metrics] Linux Lite (CPU, Load avg, Process, Memory) • [ඪ४] File System • [ඪ४] Swap
  10. check_resolver • resolv.conf ΛಠࣗʹಡΈࠐΜͰ໊લղܾ͢Δ • resolv.conf ͕ॻ͖׵Θ໊ͬͯલղܾʹࣦഊ͢ΔࣄނΛ๷͙ • @kazuho͞Μͷ Net::DNS::Lite

    Λར༻(pure-perlͳDNSΫϥΠΞϯτ) $ /etc/mackerel-agent/commands/check-resolver --host alive.local -w 2 -c 2 OK: elapsed_time 0.000888 sec (alive.local IN A 10.0.0.1)
  11. diff-detector • ίϚϯυ݁ՌͷมԽ͕͋ΔͱΞϥʔτ • `cat /etc/passwd`ɺ`uname -a`ɺ`hostname` Λݟ͍ͯΔ • https://github.com/kazeburo/diff-detector

    $ diff-detector -- date NG: detect difference: ```@@ -1 +1 @@ -Tue May 10 08:11:42 UTC 2016 +Tue May 10 08:11:43 UTC 2016```
  12. check-iptables • ͘͞Βͷઐ༻αʔό͸શͯglobal ipΛ࣋ͭɻෆඞཁͳαʔό͸disableʹͯ͠ӡ༻ • global ip͕༗ޮ: ip6?tables_filter͕load͞Εͯͳ͚Ε͹Ξϥʔτ • global

    ip͕ແޮ: ip6?tables_filter͕load͞Ε͍ͯΔͱΞϥʔτ • ෆ༻ҙͳ iptables --list Ͱiptables_filter͕ಡΈࠐ·ΕɺύϑΥʔϚϯεʹӨڹ͢ΔͷΛൃݟ $ /etc/mackerel-agent/commands/check-iptables OK: does not have global-ip and iptables(iptable_filter) is disabled
  13. check-iptables #!/bin/sh set -e if ( ip addr | grep

    'inet ' | fgrep -v 'inet 127.0.0.1' | grep -v -E '^ *inet (10\.| 192\.168|10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.)' > /dev/null 2>&1 ); then if ( lsmod |egrep 'ip6?table_filter' > /dev/null 2>&1 ); then echo "OK: have global-ip and iptables(iptable_filter) is enabled" exit 0 else echo "NG: have global-ip. but iptables(iptable_filter) is disabled" exit 2 fi else ... fi
  14. check-inode • inode ރׇ๷ࢭ • OSɺRoleʹΑͬͯpartitionͷαΠζ͕एׯҟͳΔɻׂ߹Ͱ؂ࢹ͠ɺҰͭͰ ΋ᮢ஋Λ্ճΔͱΞϥʔτ • mackerel-plugin-inode ͸؂ࢹର৅ϝτϦοΫʹ

    wildcard ͕࢖͑ͳ͍ $ /etc/mackerel-agent/commands/check-inode -w 80 -c 90 OK: /:1%, /dev:1%, /dev/shm:1%, /run:1%, /sys/fs/cgroup:1%, /boot:1%, /run/ user/1037:1%
  15. check-machine-exceptions ... sbridge: HANDLING MCE MEMORY ERROR CPU 0: Machine

    Check Exception: 0 Bank 8: cc0427c000010090 TSC 0 ADDR 37805ac0 MISC 45048ce86 PROCESSOR 0:406f1 TIME 1495654896 SOCKET 0 APIC 0 [Hardware Error]: Machine check events logged EDAC MC1: CE row 0, channel 0, label "CPU_SrcID#0_Ha#0_Channel#0_DIMM": 4255 Unknown error(s): memory read on FATAL area OVERFLOW: cpu=0 Err=0001:0090 (ch=0), addr = 0x37805ac0 => socket=0, ha=1, Channel=0(mask=1), rank=0 ...
  16. check-raid-disk (MegaRAID) • MegaCLI Λ࢖͍֤෺ཧDiskͷঢ়ଶΛ؂ࢹ Spun UpͰͳ͚Ε͹Ξϥʔτ • ͘͞Βͷઐ༻αʔόͷStorage͸ඞͣRAIDߏ੒Ͱఏڙ͞ΕɺGlobalଆͷ͘͞Βͷઐ༻ αʔό͔ΒSNMPͰ؂ࢹ͞Ε͍ͯΔ

    • GlobalΛด͍ͯͨ͡ΓɺSNMPΛfilter͍ͯ͠Δͱ؂ࢹ͞Εͳ͍ɻࣗલͰ؂ࢹ͠໰୊͕͋Ε͹อकΛґཔ • SSD͸յΕͨ͜ͱͳ͍ $ /etc/mackerel-agent/commands/check-raid-disk Firmware state: Online, Spun Up Firmware state: Online, Spun Up
  17. mackerel-plugin-ntpq • offset(ઈର஋)ͱϦϞʔτͱͷSyncঢ়گͷՄࢹԽ • Sync < 0.1ɺoffset > 300 ͰΞϥʔτ

    • ঃʑʹ͕࣌ؒͣΕ͍ͯ͘αʔό͕͋Γɺntp.confͷௐ੔ʹՄࢹԽ͕ศར
  18. check-spf-and-reserve-lookup-all • αʔό͕͍࣋ͬͯΔGlobal IPશͯ֬ೝ #!/bin/bash set -e for ip in

    $(ip addr | grep 'inet ' | fgrep -v 'inet 127.0.0.1' | grep -v -E '^ *inet (10\.|192\.168|10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.)' | sort | awk '{print $2}' | awk -F / '{print $1}') do /usr/local/bin/check-spf-and-reserve-lookup $ip mercari.jp done echo "OK: ALL"
  19. check-mysql-slave-sql-error • ʮϨϓϦέʔγϣϯ͕ࢭ·ͬͨ࣌ʹɺͦͷཧ༝΋௨஌ͯ͘͠ΕΔͱศརʯ Ͱ࡞ͬͨplugin • Multi Source ReplicationରԠ $ /usr/local/bin/check-mysql-slave-sql-error

    --user=monitor --password=xxx mysql-slave-sql-error - MySQL slave SQL error CRITICAL: Last_SQL_Error found: Error 'Table 'tmp_replication_stop' already exists' on query. Default database: 'mercari'. Query: 'CREATE TABLE tmp_replication_stop ...
  20. check-mysql-msr • MySQLͷMulti Source Replicationͷ؂ࢹ • 1ͭͰ΋ࢭ·͍ͬͯͨΓɺᮢ஋ΑΓ஗Ԇ͍ͯͨ͠ΒΞϥʔτ $ /usr/local/bin/check-mysql-msr --host=127.0.0.1

    --port=3306 -- user=monitor --password=xxx -w 1 -c 1 MySQL Multi Source Replication OK: [O]
 admin-db=io:Yes,sql:Yes,behind:0
 main-db=io:Yes,sql:Yes,behind:0
 web-db=io:Yes,sql:Yes,behind:0 (࣮ࡍ͸1ߦ)