プレイブックの検証環境をdocker-composeで作った話/playbook test environment by docker-compose

Transcript

1. ϓϨΠϒοΫͷݕূ؀ڥΛ docker-composeͰ࡞ͬͨ࿩ ͋ΜͰ͌ʔ @answer_d

2. ࣗݾ঺հ • SIer • Πϯϑϥ԰͞Μ αʔόߏஙϚϯ • ʮAnsible࢖͍ͬͯ͜͏Ͷʔʯͳ৬৔͚ͩͲීٴඍົ

3. ͋Δ೔ͷͰ͖͝ͱ

4. ͋ΜͰ͌ʔ͘ΜAnsible Ͱ͖ΔΜͩΑͶʁ ͪΐͬͱ΍ͬͯΑʂ ͔͜͠·Γ

5. ։ൃ؀ڥʁ ͳ͍ΑɺඞཁͩͬͨΒԿ͔ߟ͑ͯ

6. ΦϯϓϨҊ݅͋Δ͋Δ(͔΋ʁ)

7. ຊ൪ ։ൃ ౦ ੢ ։ൃ؀ڥ(·ͩ)ͳ͍໰୊

8. ຊ൪ ։ൃ ౦ ੢ (Ծʹ͋ͬͯ΋)ߏ੒ҧ͏໰୊ 2ϊʔυΫϥελ → γϯάϧ ౦੢ܥ →

   ౦ͷΈ ػೳ͝ͱʹαʔό෼ׂ → ू໿ͯ͠1୆ IPશવҧ͏

9. ϓϨΠϒοΫͷ඼࣭֬อ Ͳ͏͠Α͏ɾɾɾ

10. Ͱ͖Ε͹ ຊ൪Ͱྲྀ͢ϓϨΠϒοΫΛ ͦͷ··ྲྀͯ͠ಈ࡞֬ೝ͍ͨ͠

11. DockerͰͰ͖ΔΜ͡ΌͶʁ

12. ΍Γ·ͨ͠

13. ΍ͬͨ͜ͱ • CentOSͷίϯςφͨ͘͞Μ → ຊ൪؀ڥ΋Ͳ͖ ɾ 1ίϯςφ = 1αʔό(ͷΑ͏ͳԿ͔) •

    docker-composeͰ·ͱΊ্ͯ͛Լ͛ • Ͱ͖Δ͚ͩຊ൪؀ڥΛ࠶ݱ ɾ ݻఆIP ɾ hostsͰ໊લղܾ

14. ࢖͍ํΠϝʔδ

15. $ docker-compose up up! ͚ͩʂ ຊ൪΋Ͳ͖ίϯςφୡ

16. ࡞ͬͨ΍ͭ

17. Dockerfile

18. FROM centos:7 RUN true \ && echo ‘proxy=http://proxygate.sample:8080' >> /etc/yum.conf

    \ && yum -y install epel-release \ && yum -y install ansible openssh-clients openssh-server \ && yum -y install libuuid.i686 libuuid.x86_64 libgcc.i686 libgcc.x86_64 \ && yum -y clean all \ && sed -i '$d' /etc/yum.conf \ && true RUN true \ && ssh-keygen -A -N '' \ && sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/ sshd_config \ && true RUN true \ && groupadd -g 1000 sampleuser \ && useradd -N -g sampleuser -u 1000 sampleuser \ && echo ‘sampleuser:$6$<ϋογϡ஋>’ | chpasswd --encrypted \ && echo ‘root:$6$<ϋογϡ஋>' | chpasswd --encrypted \ && true CMD [“/sbin/init"]

19. FROM centos:7 RUN true \ && echo ‘proxy=http://proxygate.sample:8080' >> /etc/yum.conf

    \ && yum -y install epel-release \ && yum -y install ansible openssh-clients openssh-server \ && yum -y install libuuid.i686 libuuid.x86_64 libgcc.i686 libgcc.x86_64 \ && yum -y clean all \ && sed -i '$d' /etc/yum.conf \ && true RUN true \ && ssh-keygen -A -N '' \ && sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/ sshd_config \ && true RUN true \ && groupadd -g 1000 sampleuser \ && useradd -N -g sampleuser -u 1000 sampleuser \ && echo ‘sampleuser:$6$<ϋογϡ஋>’ | chpasswd --encrypted \ && echo ‘root:$6$<ϋογϡ஋>' | chpasswd --encrypted \ && true CMD [“/sbin/init"] CentOSΠϝʔδ͕ ϕʔεͰ

20. FROM centos:7 RUN true \ && echo ‘proxy=http://proxygate.sample:8080' >> /etc/yum.conf

    \ && yum -y install epel-release \ && yum -y install ansible openssh-clients openssh-server \ && yum -y install libuuid.i686 libuuid.x86_64 libgcc.i686 libgcc.x86_64 \ && yum -y clean all \ && sed -i '$d' /etc/yum.conf \ && true RUN true \ && ssh-keygen -A -N '' \ && sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/ sshd_config \ && true RUN true \ && groupadd -g 1000 sampleuser \ && useradd -N -g sampleuser -u 1000 sampleuser \ && echo ‘sampleuser:$6$<ϋογϡ஋>’ | chpasswd --encrypted \ && echo ‘root:$6$<ϋογϡ஋>' | chpasswd --encrypted \ && true CMD [“/sbin/init"] Ansibleͱ͔ೖΕͯ ※ ࣾ಺؀ڥͷͨΊϓϩΩγܦ༝

21. FROM centos:7 RUN true \ && echo ‘proxy=http://proxygate.sample:8080' >> /etc/yum.conf

    \ && yum -y install epel-release \ && yum -y install ansible openssh-clients openssh-server \ && yum -y install libuuid.i686 libuuid.x86_64 libgcc.i686 libgcc.x86_64 \ && yum -y clean all \ && sed -i '$d' /etc/yum.conf \ && true RUN true \ && ssh-keygen -A -N '' \ && sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/ sshd_config \ && true RUN true \ && groupadd -g 1000 sampleuser \ && useradd -N -g sampleuser -u 1000 sampleuser \ && echo ‘sampleuser:$6$<ϋογϡ஋>’ | chpasswd --encrypted \ && echo ‘root:$6$<ϋογϡ஋>' | chpasswd --encrypted \ && true CMD [“/sbin/init"] sshΛຊ൪ͱಉ͡ઃ ఆʹͯ͠

22. FROM centos:7 RUN true \ && echo ‘proxy=http://proxygate.sample:8080' >> /etc/yum.conf

    \ && yum -y install epel-release \ && yum -y install ansible openssh-clients openssh-server \ && yum -y install libuuid.i686 libuuid.x86_64 libgcc.i686 libgcc.x86_64 \ && yum -y clean all \ && sed -i '$d' /etc/yum.conf \ && true RUN true \ && ssh-keygen -A -N '' \ && sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/ sshd_config \ && true RUN true \ && groupadd -g 1000 sampleuser \ && useradd -N -g sampleuser -u 1000 sampleuser \ && echo ‘sampleuser:$6$<ϋογϡ஋>’ | chpasswd --encrypted \ && echo ‘root:$6$<ϋογϡ஋>' | chpasswd --encrypted \ && true CMD [“/sbin/init"] ຊ൪ͱಉ͡Ϣʔβ ࡞ͬͯ

23. FROM centos:7 RUN true \ && echo ‘proxy=http://proxygate.sample:8080' >> /etc/yum.conf

    \ && yum -y install epel-release \ && yum -y install ansible openssh-clients openssh-server \ && yum -y install libuuid.i686 libuuid.x86_64 libgcc.i686 libgcc.x86_64 \ && yum -y clean all \ && sed -i '$d' /etc/yum.conf \ && true RUN true \ && ssh-keygen -A -N '' \ && sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/ sshd_config \ && true RUN true \ && groupadd -g 1000 sampleuser \ && useradd -N -g sampleuser -u 1000 sampleuser \ && echo ‘sampleuser:$6$<ϋογϡ஋>’ | chpasswd --encrypted \ && echo ‘root:$6$<ϋογϡ஋>' | chpasswd --encrypted \ && true CMD [“/sbin/init"] initϓϩηεΛ࣮ߦ

24. docker-compose.yml

25. version: ‘2' services: master: build: context: ./images/cent7_ansible dockerfile: Dockerfile image:

    internaltest/cent7_ansible hostname: master volumes: - ../ansible_playbook:/playbook working_dir: /playbook networks: infra_net: ipv4_address: 192.168.10.1 extra_hosts: - "master:192.168.10.1" - "target01:192.168.10.2" - "target02:192.168.10.3" - "target03:192.168.10.4" privileged: true target01: image: internaltest/cent7_ansible hostname: target01 networks: infra_net: ipv4_address: 192.168.10.2 privileged: true target02: … target03: … networks: infra_net: driver: bridge ipam: driver: default config: - subnet: 192.168.10.0/24 gateway: 192.168.10.254

26. target01: image: internaltest/cent7_ansible hostname: target01 networks: infra_net: ipv4_address: 192.168.10.2 privileged:

    true target02: … target03: … networks: infra_net: driver: bridge ipam: driver: default config: - subnet: 192.168.10.0/24 gateway: 192.168.10.254 version: ‘2' services: master: build: context: ./images/cent7_ansible dockerfile: Dockerfile image: internaltest/cent7_ansible hostname: master volumes: - ../ansible_playbook:/playbook working_dir: /playbook networks: infra_net: ipv4_address: 192.168.10.1 extra_hosts: - "master:192.168.10.1" - "target01:192.168.10.2" - "target02:192.168.10.3" - "target03:192.168.10.4" privileged: true Ansibleϗετ λʔήοτϊʔυୡ

27. version: ‘2' services: master: build: context: ./images/cent7_ansible dockerfile: Dockerfile image:

    internaltest/cent7_ansible hostname: master volumes: - ../ansible_playbook:/playbook working_dir: /playbook networks: infra_net: ipv4_address: 192.168.10.1 extra_hosts: - "master:192.168.10.1" - "target01:192.168.10.2" - "target02:192.168.10.3" - "target03:192.168.10.4" privileged: true ͖ͬ͞ͷ Dockerfile target01: image: internaltest/cent7_ansible hostname: target01 networks: infra_net: ipv4_address: 192.168.10.2 privileged: true target02: … target03: … networks: infra_net: driver: bridge ipam: driver: default config: - subnet: 192.168.10.0/24 gateway: 192.168.10.254

28. version: ‘2' services: master: build: context: ./images/cent7_ansible dockerfile: Dockerfile image:

    internaltest/cent7_ansible hostname: master volumes: - ../ansible_playbook:/playbook working_dir: /playbook networks: infra_net: ipv4_address: 192.168.10.1 extra_hosts: - "master:192.168.10.1" - "target01:192.168.10.2" - "target02:192.168.10.3" - "target03:192.168.10.4" privileged: true target01: image: internaltest/cent7_ansible hostname: target01 networks: infra_net: ipv4_address: 192.168.10.2 privileged: true target02: … target03: … networks: infra_net: driver: bridge ipam: driver: default config: - subnet: 192.168.10.0/24 gateway: 192.168.10.254 ݻఆIPׂΓ౰ͯ

29. version: ‘2' services: master: build: context: ./images/cent7_ansible dockerfile: Dockerfile image:

    internaltest/cent7_ansible hostname: master volumes: - ../ansible_playbook:/playbook working_dir: /playbook networks: infra_net: ipv4_address: 192.168.10.1 extra_hosts: - "master:192.168.10.1" - "target01:192.168.10.2" - "target02:192.168.10.3" - "target03:192.168.10.4" privileged: true hosts target01: image: internaltest/cent7_ansible hostname: target01 networks: infra_net: ipv4_address: 192.168.10.2 privileged: true target02: … target03: … networks: infra_net: driver: bridge ipam: driver: default config: - subnet: 192.168.10.0/24 gateway: 192.168.10.254

30. Α͔ͬͨ͜ͱ • ࡞Δͷ؆୯ͩͬͨͷͰ(ແ஡ৼΓʹ) ଱͑Εͨ • Docker͑͋͞Ε͹Ͳ͜Ͱ΋؀ڥ্ཱ͕͕ͪΔ • ىಈఀࢭVMΑΓૣ͍ • down→up͚ͩͰॳظঢ়ଶʹͳΔͷΊͬͪΌศར

31. ·ͱΊ

32. • docker-composeͰϓϨΠϒοΫݕূ͢Δ؀ڥ࡞ͬͨ • ؆୯ʹͰ͖ͯ͘͢͝ศརͩͬͨ • Ͱ΋ࣄલʹ։ൃ؀ڥ΋ͬͱߟ͑ͯʂʂʂʂʂ(ഭਅ)

33. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ