dRubyをSSL越しに、クライアント認証付きで使う
http://segment7.net/projects/ruby/drb/DRbSSL/を参考に。
SSL/クライアント認証を使わない場合に比べどれくらいのオーバヘッドが生じるのかを簡単にベンチマークしてみた。
500回「new_with_uriして there_object.hello("")する」ベンチマークスクリプトを10回実行した平均。
SSLなし | SSL/cauthあり |
1.25[ms/req] | 1.75[ms/req] |
オーバヘッドは40%ぐらい?
テストコードは次のとおり。
#!/usr/bin/ruby -Ku require 'drb' here = 'druby://localhost:3457' class HelloWorld include DRbUndumped def hello(name) "Hello, #{name}" end end DRb.start_service(here, HelloWorld.new) DRb.thread.join
SSL/クライアント認証 dRubyサーバ drbssl_cauth_s.rb:
#!/usr/bin/ruby -Ku require 'drb' require 'drb/ssl' here = 'drbssl://localhost:3456' cert_base_path = "/path/to/cert" privkey_file = "#{cert_base_path}/drubyserver.key" cert_file = "#{cert_base_path}/drubyserver.pem" ca_cert_file = "#{cert_base_path}/cacert.pem" class HelloWorld include DRbUndumped def hello(name) "Hello, #{name}" end end config = { :SSLVerifyMode => OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT, :SSLPrivateKey => OpenSSL::PKey::RSA.new(File.read(privkey_file)), :SSLCertificate => OpenSSL::X509::Certificate.new(File.read(cert_file)), :SSLCACertificateFile => ca_cert_file } DRb.start_service(here, HelloWorld.new, config) DRb.thread.join
ベンチマーク用 dRubyクライアント drbssl_bench.rb:
#!/usr/bin/ruby -Ku require 'drb' require 'drb/ssl' require 'benchmark' there_plain = "druby://localhost:3457" there_ssl = "drbssl://localhost:3456" cert_base_path = "/path/to/cert" privkey_file = "#{cert_base_path}/drubyclient.key" cert_file = "#{cert_base_path}/drubyclient.pem" ca_cert_file = "#{cert_base_path}/cacert.pem" config = { :SSLVerifyMode => OpenSSL::SSL::VERIFY_PEER, :SSLCACertificateFile => ca_cert_file, :SSLPrivateKey => OpenSSL::PKey::RSA.new(File.read(privkey_file)), :SSLCertificate => OpenSSL::X509::Certificate.new(File.read(cert_file)) } DRb.start_service(nil, nil, config) there = (ARGV[0]=="ssl") ? there_ssl : there_plain count = ARGV[1].to_i puts "mode: #{ARGV[0]} / #{count} times trial start." puts Benchmark::CAPTION puts Benchmark.measure{ count.times do h = DRbObject.new_with_uri(there) h.hello("") end }