Upgrade to Pro — share decks privately, control downloads, hide ads and more …

プレイブックの検証環境をdocker-composeで作った話/playbook test environment by docker-compose

プレイブックの検証環境をdocker-composeで作った話/playbook test environment by docker-compose

E329c2e119f97cc394a4d494fc96edc4?s=128

あんでぃー

February 12, 2020
Tweet

More Decks by あんでぃー

Other Decks in Technology

Transcript

  1. ϓϨΠϒοΫͷݕূ؀ڥΛ docker-composeͰ࡞ͬͨ࿩ ͋ΜͰ͌ʔ @answer_d

  2. ࣗݾ঺հ • SIer • Πϯϑϥ԰͞Μ αʔόߏஙϚϯ • ʮAnsible࢖͍ͬͯ͜͏Ͷʔʯͳ৬৔͚ͩͲීٴඍົ

  3. ͋Δ೔ͷͰ͖͝ͱ

  4. ͋ΜͰ͌ʔ͘ΜAnsible Ͱ͖ΔΜͩΑͶʁ ͪΐͬͱ΍ͬͯΑʂ ͔͜͠·Γ

  5. ։ൃ؀ڥʁ ͳ͍ΑɺඞཁͩͬͨΒԿ͔ߟ͑ͯ

  6. ΦϯϓϨҊ݅͋Δ͋Δ(͔΋ʁ)

  7. ຊ൪ ։ൃ ౦ ੢ ։ൃ؀ڥ(·ͩ)ͳ͍໰୊

  8. ຊ൪ ։ൃ ౦ ੢ (Ծʹ͋ͬͯ΋)ߏ੒ҧ͏໰୊ 2ϊʔυΫϥελ → γϯάϧ ౦੢ܥ →

    ౦ͷΈ ػೳ͝ͱʹαʔό෼ׂ → ू໿ͯ͠1୆ IPશવҧ͏
  9. ϓϨΠϒοΫͷ඼࣭֬อ Ͳ͏͠Α͏ɾɾɾ

  10. Ͱ͖Ε͹ ຊ൪Ͱྲྀ͢ϓϨΠϒοΫΛ ͦͷ··ྲྀͯ͠ಈ࡞֬ೝ͍ͨ͠

  11. DockerͰͰ͖ΔΜ͡ΌͶʁ

  12. ΍Γ·ͨ͠

  13. ΍ͬͨ͜ͱ • CentOSͷίϯςφͨ͘͞Μ → ຊ൪؀ڥ΋Ͳ͖ ɾ 1ίϯςφ = 1αʔό(ͷΑ͏ͳԿ͔) •

    docker-composeͰ·ͱΊ্ͯ͛Լ͛ • Ͱ͖Δ͚ͩຊ൪؀ڥΛ࠶ݱ ɾ ݻఆIP ɾ hostsͰ໊લղܾ
  14. ࢖͍ํΠϝʔδ

  15. $ docker-compose up up! ͚ͩʂ ຊ൪΋Ͳ͖ίϯςφୡ

  16. ࡞ͬͨ΍ͭ

  17. Dockerfile

  18. FROM centos:7 RUN true \ && echo ‘proxy=http://proxygate.sample:8080' >> /etc/yum.conf

    \ && yum -y install epel-release \ && yum -y install ansible openssh-clients openssh-server \ && yum -y install libuuid.i686 libuuid.x86_64 libgcc.i686 libgcc.x86_64 \ && yum -y clean all \ && sed -i '$d' /etc/yum.conf \ && true RUN true \ && ssh-keygen -A -N '' \ && sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/ sshd_config \ && true RUN true \ && groupadd -g 1000 sampleuser \ && useradd -N -g sampleuser -u 1000 sampleuser \ && echo ‘sampleuser:$6$<ϋογϡ஋>’ | chpasswd --encrypted \ && echo ‘root:$6$<ϋογϡ஋>' | chpasswd --encrypted \ && true CMD [“/sbin/init"]
  19. FROM centos:7 RUN true \ && echo ‘proxy=http://proxygate.sample:8080' >> /etc/yum.conf

    \ && yum -y install epel-release \ && yum -y install ansible openssh-clients openssh-server \ && yum -y install libuuid.i686 libuuid.x86_64 libgcc.i686 libgcc.x86_64 \ && yum -y clean all \ && sed -i '$d' /etc/yum.conf \ && true RUN true \ && ssh-keygen -A -N '' \ && sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/ sshd_config \ && true RUN true \ && groupadd -g 1000 sampleuser \ && useradd -N -g sampleuser -u 1000 sampleuser \ && echo ‘sampleuser:$6$<ϋογϡ஋>’ | chpasswd --encrypted \ && echo ‘root:$6$<ϋογϡ஋>' | chpasswd --encrypted \ && true CMD [“/sbin/init"] CentOSΠϝʔδ͕ ϕʔεͰ
  20. FROM centos:7 RUN true \ && echo ‘proxy=http://proxygate.sample:8080' >> /etc/yum.conf

    \ && yum -y install epel-release \ && yum -y install ansible openssh-clients openssh-server \ && yum -y install libuuid.i686 libuuid.x86_64 libgcc.i686 libgcc.x86_64 \ && yum -y clean all \ && sed -i '$d' /etc/yum.conf \ && true RUN true \ && ssh-keygen -A -N '' \ && sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/ sshd_config \ && true RUN true \ && groupadd -g 1000 sampleuser \ && useradd -N -g sampleuser -u 1000 sampleuser \ && echo ‘sampleuser:$6$<ϋογϡ஋>’ | chpasswd --encrypted \ && echo ‘root:$6$<ϋογϡ஋>' | chpasswd --encrypted \ && true CMD [“/sbin/init"] Ansibleͱ͔ೖΕͯ ※ ࣾ಺؀ڥͷͨΊϓϩΩγܦ༝
  21. FROM centos:7 RUN true \ && echo ‘proxy=http://proxygate.sample:8080' >> /etc/yum.conf

    \ && yum -y install epel-release \ && yum -y install ansible openssh-clients openssh-server \ && yum -y install libuuid.i686 libuuid.x86_64 libgcc.i686 libgcc.x86_64 \ && yum -y clean all \ && sed -i '$d' /etc/yum.conf \ && true RUN true \ && ssh-keygen -A -N '' \ && sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/ sshd_config \ && true RUN true \ && groupadd -g 1000 sampleuser \ && useradd -N -g sampleuser -u 1000 sampleuser \ && echo ‘sampleuser:$6$<ϋογϡ஋>’ | chpasswd --encrypted \ && echo ‘root:$6$<ϋογϡ஋>' | chpasswd --encrypted \ && true CMD [“/sbin/init"] sshΛຊ൪ͱಉ͡ઃ ఆʹͯ͠
  22. FROM centos:7 RUN true \ && echo ‘proxy=http://proxygate.sample:8080' >> /etc/yum.conf

    \ && yum -y install epel-release \ && yum -y install ansible openssh-clients openssh-server \ && yum -y install libuuid.i686 libuuid.x86_64 libgcc.i686 libgcc.x86_64 \ && yum -y clean all \ && sed -i '$d' /etc/yum.conf \ && true RUN true \ && ssh-keygen -A -N '' \ && sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/ sshd_config \ && true RUN true \ && groupadd -g 1000 sampleuser \ && useradd -N -g sampleuser -u 1000 sampleuser \ && echo ‘sampleuser:$6$<ϋογϡ஋>’ | chpasswd --encrypted \ && echo ‘root:$6$<ϋογϡ஋>' | chpasswd --encrypted \ && true CMD [“/sbin/init"] ຊ൪ͱಉ͡Ϣʔβ ࡞ͬͯ
  23. FROM centos:7 RUN true \ && echo ‘proxy=http://proxygate.sample:8080' >> /etc/yum.conf

    \ && yum -y install epel-release \ && yum -y install ansible openssh-clients openssh-server \ && yum -y install libuuid.i686 libuuid.x86_64 libgcc.i686 libgcc.x86_64 \ && yum -y clean all \ && sed -i '$d' /etc/yum.conf \ && true RUN true \ && ssh-keygen -A -N '' \ && sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/ sshd_config \ && true RUN true \ && groupadd -g 1000 sampleuser \ && useradd -N -g sampleuser -u 1000 sampleuser \ && echo ‘sampleuser:$6$<ϋογϡ஋>’ | chpasswd --encrypted \ && echo ‘root:$6$<ϋογϡ஋>' | chpasswd --encrypted \ && true CMD [“/sbin/init"] initϓϩηεΛ࣮ߦ
  24. docker-compose.yml

  25. version: ‘2' services: master: build: context: ./images/cent7_ansible dockerfile: Dockerfile image:

    internaltest/cent7_ansible hostname: master volumes: - ../ansible_playbook:/playbook working_dir: /playbook networks: infra_net: ipv4_address: 192.168.10.1 extra_hosts: - "master:192.168.10.1" - "target01:192.168.10.2" - "target02:192.168.10.3" - "target03:192.168.10.4" privileged: true target01: image: internaltest/cent7_ansible hostname: target01 networks: infra_net: ipv4_address: 192.168.10.2 privileged: true target02: … target03: … networks: infra_net: driver: bridge ipam: driver: default config: - subnet: 192.168.10.0/24 gateway: 192.168.10.254
  26. target01: image: internaltest/cent7_ansible hostname: target01 networks: infra_net: ipv4_address: 192.168.10.2 privileged:

    true target02: … target03: … networks: infra_net: driver: bridge ipam: driver: default config: - subnet: 192.168.10.0/24 gateway: 192.168.10.254 version: ‘2' services: master: build: context: ./images/cent7_ansible dockerfile: Dockerfile image: internaltest/cent7_ansible hostname: master volumes: - ../ansible_playbook:/playbook working_dir: /playbook networks: infra_net: ipv4_address: 192.168.10.1 extra_hosts: - "master:192.168.10.1" - "target01:192.168.10.2" - "target02:192.168.10.3" - "target03:192.168.10.4" privileged: true Ansibleϗετ λʔήοτϊʔυୡ
  27. version: ‘2' services: master: build: context: ./images/cent7_ansible dockerfile: Dockerfile image:

    internaltest/cent7_ansible hostname: master volumes: - ../ansible_playbook:/playbook working_dir: /playbook networks: infra_net: ipv4_address: 192.168.10.1 extra_hosts: - "master:192.168.10.1" - "target01:192.168.10.2" - "target02:192.168.10.3" - "target03:192.168.10.4" privileged: true ͖ͬ͞ͷ Dockerfile target01: image: internaltest/cent7_ansible hostname: target01 networks: infra_net: ipv4_address: 192.168.10.2 privileged: true target02: … target03: … networks: infra_net: driver: bridge ipam: driver: default config: - subnet: 192.168.10.0/24 gateway: 192.168.10.254
  28. version: ‘2' services: master: build: context: ./images/cent7_ansible dockerfile: Dockerfile image:

    internaltest/cent7_ansible hostname: master volumes: - ../ansible_playbook:/playbook working_dir: /playbook networks: infra_net: ipv4_address: 192.168.10.1 extra_hosts: - "master:192.168.10.1" - "target01:192.168.10.2" - "target02:192.168.10.3" - "target03:192.168.10.4" privileged: true target01: image: internaltest/cent7_ansible hostname: target01 networks: infra_net: ipv4_address: 192.168.10.2 privileged: true target02: … target03: … networks: infra_net: driver: bridge ipam: driver: default config: - subnet: 192.168.10.0/24 gateway: 192.168.10.254 ݻఆIPׂΓ౰ͯ
  29. version: ‘2' services: master: build: context: ./images/cent7_ansible dockerfile: Dockerfile image:

    internaltest/cent7_ansible hostname: master volumes: - ../ansible_playbook:/playbook working_dir: /playbook networks: infra_net: ipv4_address: 192.168.10.1 extra_hosts: - "master:192.168.10.1" - "target01:192.168.10.2" - "target02:192.168.10.3" - "target03:192.168.10.4" privileged: true hosts target01: image: internaltest/cent7_ansible hostname: target01 networks: infra_net: ipv4_address: 192.168.10.2 privileged: true target02: … target03: … networks: infra_net: driver: bridge ipam: driver: default config: - subnet: 192.168.10.0/24 gateway: 192.168.10.254
  30. Α͔ͬͨ͜ͱ • ࡞Δͷ؆୯ͩͬͨͷͰ(ແ஡ৼΓʹ) ଱͑Εͨ • Docker͑͋͞Ε͹Ͳ͜Ͱ΋؀ڥ্ཱ͕͕ͪΔ • ىಈఀࢭVMΑΓૣ͍ • down→up͚ͩͰॳظঢ়ଶʹͳΔͷΊͬͪΌศར

  31. ·ͱΊ

  32. • docker-composeͰϓϨΠϒοΫݕূ͢Δ؀ڥ࡞ͬͨ • ؆୯ʹͰ͖ͯ͘͢͝ศརͩͬͨ • Ͱ΋ࣄલʹ։ൃ؀ڥ΋ͬͱߟ͑ͯʂʂʂʂʂ(ഭਅ)

  33. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ