Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Wantedly から Chef を一掃した話 / #chibadan
Search
Daisuke Fujita
October 25, 2016
Programming
24
11k
Wantedly から Chef を一掃した話 / #chibadan
サービス開発の現場を語る! #chibadan の発表資料です
http://chibadan.connpass.com/event/41625/
Daisuke Fujita
October 25, 2016
Tweet
Share
More Decks by Daisuke Fujita
See All by Daisuke Fujita
SREcon19 Asia/Pacific Recap
dtan4
0
190
Our Practices of Delegating Ownership in Microservices World
dtan4
4
8.9k
Kubernetes Cluster Upgrade / Mercari Meetup for Microservices Platform
dtan4
3
4.7k
KubeCon EU 2018 Recap: Multi-Tenancy in Kubernetes: Best Practices Today, and Future Directions / Kubernetes Meetup Tokyo 11 #k8sjp
dtan4
1
1.9k
さようなら Chef こんにちは Dockerfile / Web Tech Tokyo #1
dtan4
6
7.2k
Docker をフル活用したインフラの紹介と成長し続けるためのインフラ戦略 / #abejameetup
dtan4
19
4k
Docker Compose PaaS の作り方、そして社内に導入した話 / #yapc8oji
dtan4
1
8.5k
Writing Kubenetes tools in Go
dtan4
1
3.6k
最近の wercker 便利って話 #tqrk10
dtan4
2
940
Other Decks in Programming
See All in Programming
CI_CD「健康診断」のススメ。現場でのボトルネック特定から、健康診断を通じた組織的な改善手法
teamlab
PRO
0
160
Learn CPU architecture with Assembly
akkeylab
1
1.3k
AIを活用したレシート読み取り機能の開発から得られた実践知 / AI Receipt Scan Practice
rockname
2
1.5k
Swift Concurrency - 状態監視の罠
objectiveaudio
2
400
defer f()とdefer fの挙動を 誤解していた話
kogamochiduki
2
160
議事録の要点整理を自動化! サーバレス Bot 構築術
penpeen
3
1.6k
アメ車でサンノゼを走ってきたよ!
s_shimotori
0
110
パフォーマンスチューニングで Web 技術を深掘り直す
progfay
18
4.8k
CSC305 Lecture 01
javiergs
PRO
1
380
大規模アプリのDIフレームワーク刷新戦略 ~過去最大規模の並行開発を止めずにアプリ全体に導入するまで~
mot_techtalk
0
330
Swiftビルド弾丸ツアー - Swift Buildが作る新しいエコシステム
giginet
PRO
0
1.6k
SpecKitでどこまでできる? コストはどれくらい?
leveragestech
0
420
Featured
See All Featured
How to Ace a Technical Interview
jacobian
280
23k
Git: the NoSQL Database
bkeepers
PRO
431
66k
The Invisible Side of Design
smashingmag
301
51k
Bash Introduction
62gerente
615
210k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
54
3k
Embracing the Ebb and Flow
colly
88
4.8k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
Rails Girls Zürich Keynote
gr2m
95
14k
Code Review Best Practice
trishagee
72
19k
Docker and Python
trallard
46
3.6k
Documentation Writing (for coders)
carmenintech
75
5k
The Pragmatic Product Professional
lauravandoore
36
6.9k
Transcript
8BOUFEMZ͔Β $IFGΛҰͨ͠ 2016-10-25 αʔϏε։ൃͷݱΛޠΔʂ Daisuke Fujita (@dtan4) https://flic.kr/p/rU5bCU
Daisuke Fujita / @dtan4 Engineer, Infrastructure Team @ Wantedly, Inc.
AWS, Terraform / Terraforming, Developer Productivity
8BOUFEMZ͔Β $IFGΛҰͨͭͭ͠ %PDLFSपΓΛஔ͖͑ͨ 2016-10-25 αʔϏε։ൃͷݱΛޠΔʂ Daisuke Fujita (@dtan4) https://flic.kr/p/rU5bCU
Infrastructure at Wantedly AWS + DNSimple શαʔϏε͕ Docker ίϯςφͰՔಇ EC2
Πϯελϯεͷ OS CoreOS ੲ Ubuntu + Chef Capistrano ΛͬͨಠࣗͷσϓϩΠγεςϜ + Heroku CLI ಉ༷ͷΠϯλʔϑΣΠεΛ࣋ͭ CLI https://speakerdeck.com/dtan4/number-abejameetup
Web (Rails) Docker image 2ஈߏ ࠩͷΈͷ fetch + bundle install
Ͱ σϓϩΠΛߴԽ intermediate Chef + Packer ΠϝʔδαΠζ 3GB bundle install git clone wantedly/wantedly Ruby FROM Ubuntu 14.04 rake assets:precompile bundle install git checkout <branch> git fetch FROM intermediate web (Dockerfile) intermediate (Chef)
Web (Rails) Docker image 2ஈߏ ࠩͷΈͷ fetch + bundle install
Ͱ σϓϩΠΛߴԽ intermediate Chef + Packer ΠϝʔδαΠζ 3GB bundle install git clone wantedly/wantedly Ruby FROM Ubuntu 14.04 rake assets:precompile bundle install git checkout <branch> git fetch FROM intermediate web (Dockerfile) intermediate (Chef)
pull :intermediate push :production pull :production build :production $ sap
prod deploy (3:00 am) docker push :intermediate
Chef + Packer AWS Ҡߦॳ͔Β2Ҏ্Ҿ͖ܧ͕Ε͖ͯͨൿͷ Chef Ϩγϐ Packer Ͱ ubuntu:14.04
Πϝʔδ্ʹϓϩϏδϣχϯά => Private Registry ʹ push
Chef + Packer ??? ઐ༻ͷ EC2 Πϯελϯε1ͷΈͰՔಇ͍ͯͨ͠ ਓؒͷ Macbook ͰϓϩϏδϣχϯάͰ͖ͳ͘ͳ͍ͬͯͨ
Chef ʢͷΠϯετʔϧํ๏ʣͷਐԽʹैͦ͜͠Ͷͨ
Chef + Packer ??? 1Πϝʔδ࡞Δͷʹ1࣌ؒҎ্ Ͱ͖͕͋ͬͨΠϝʔδ 3GB Ruby ͷόʔδϣϯΞοϓ
apt ύοέʔδՃ͕໘ ΠϯϑϥνʔϜҎ֎͕৮Γʹ͍͘ σϓϩΠ࣌ͷ docker build ֤Πϯελϯεͷ͕͍
Chef + Packer => ??? ΠϝʔδαΠζΛͬͱখ͍ͨ͘͞͠… ଞͷϝϯόʔ৮Γ͍͢ߏʹ͍ͨ͠… σϓϩΠ͍ͨ͘͠… Dockerfile Ͱॻ͖͍ͨ…ʂ
Private Registry => ??? Docker Private Registry V1 (Python) ʹຊؾͰٽ͔͞Εͨ
Docker Distribution (Go) ͍ͩͿϚγʹͳ͚ͬͨͲ Registry ίϯςφ͕ࢮ͵ڪා૬มΘΒͣ ϚωʔδυαʔϏεʹҠߦ͍ͨ͠…ʂ ECR ౦ژʹདྷͨ͠
2016/10
2016/10 Wantedly, Inc. ͔Β Chef ΛҰ
2016/10 Chef + Packer -> Dockerfile + Docker Compose Ubuntu
14.04 -> Ubuntu 16.04, Alpine Linux 3.4 Private Docker Registry -> Amazon ECR Wantedly, Inc. ͔Β Chef ΛҰ
(3:00 am) docker push :intermediate pull :intermediate push :production pull
:production build :production $ sap prod deploy
None
Dockerfile Chef Ϩγϐ -> Dockerfile 1ຕʹू
Dockerfile αʔϏε͝ͱʹ1ຕͷ Dockerfile FROM ubuntu 16.04 / alpine:3.4 Dockerfile ϕετϓϥΫςΟε
Λ࣮ફͯ͠μΠΤοτ
Dockerfile Ruby, Node.js ͷΠϯετʔϧ ಉ͡ Dockerfile ʹॻ͘ ެࣜͷ -alpine Dockerfile
͔Βഈआ Alpine ͷόʔδϣϯ ࣗͨͪͰ੍ޚ αʔϏεʹ߹Θͤͨݴޠόʔδϣϯ
Dockerfile λΠϜελϯϓΛૠೖͯ͠ ҎԼຖճڧ੍తʹϏϧυ ιʔείʔυΛ git clone Access Token Λͬͨೝূ bundle
install -> assets:precompile ARG BUILD_DATE --build-args BUILD_DATE=$(date +%Y%m%d%H%M%S)
Docker Compose શΠϝʔδ Docker Compose ܦ༝Ͱ build & push build
args ΛҰׅཧ Ruby ͷόʔδϣϯΞοϓ ͔͜͜Β awesome: extends: base build: context: awesome args: - RUBY_MAJOR=2.3 - RUBY_VERSION=2.3.0 - RUBYGEMS_VERSION=2.6.6 - BUNDLER_VERSION=1.13.1 - NODE_VERSION=5.11.1 - NPM_VERSION=3.3.12 awesome-production: extends: awesome build: args: - RAILS_ENV=production image: ${AWS_ECR_DOMAIN}/awesome:intermediate
Alpine Linux busybox + α ͷܰྔσΟετϦ (~ 5MB) ύοέʔδϚωʔδϟ apk
͍͍ͨͯͳ͘ಈ͘ɻ ͳΜ͔Μ apk ʹϥΠϒϥϦҰ௨ΓἧͬͯΔɻ
Alpine Linux ʹҠߦ͢Δҙ ֎෦ίϚϯυݺͼग़͠ҙ `...` ͱ͔ os.Exec(...) ͱ͔ ݺͼग़͢όΠφϦ͕ Alpine
Linux ্ͩͱ ಈ͔ͳ͍Մೳੑ͕͋Δ (ex. wkhtmltopdf) ඪ४ίϚϯυ (ex. timeout) busybox ͳͷͰ Ubuntu ͷʹൺͯύϥϝʔλগͳ͔ͬͨΓ
None
Alpine Linux ʹҠߦ͢Δҙ όΠφϦΛ static link ͰϏϧυ͢Δ alpine-pkg-glibc, coreutils ΛೖΕΔ
֎෦ίϚϯυݺͼग़͠Ίͯ Pure ͳखஈʹ ͩΊͳΒૉʹ Ubuntu CentOS ͱ͍ͬͨ ϝδϟʔͳσΟετϦΛ͏ దʹαʔϏεΛఏڙͰ͖Δͷ͕͋͘·Ͱେલఏ
intermediate-build-server intermediate image Λఆظతʹ build ͢Δαʔό CoreOS on EC2 +
IAM Role ຖਂʹશ intermediate image Λ docker-compose build -> docker-compose push
intermediate-build-server #!/bin/bash set -eu metadata=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/intermediate-build-server/) export AWS_ACCESS_KEY_ID=$(echo $metadata
| jq -r .AccessKeyId) export AWS_SECRET_ACCESS_KEY=$(echo $metadata | jq -r .SecretAccessKey) export AWS_SECURITY_TOKEN=$(echo $metadata | jq -r .Token) document=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document) account_id=$(echo $document | jq -r .accountId) region=$(echo $document | jq -r .region) export AWS_ECR_DOMAIN=$account_id.dkr.ecr.$region.amazonaws.com export BUILD_DATE=$(date +%Y%m%d%H%M%S) cd intermediate-dockerfiles if [[ $# -eq 1 ]]; then /opt/bin/docker-compose build $1 else for app in $(cat docker-compose.yml | grep -E '^ [a-z-]+:' | grep -E -- '-(production|qa)' | sed -E 's/^ ([a-z-]*):/\1/'); do echo "[`date`] Building $app..." /opt/bin/docker-compose build $app done fi
intermediate-build-server ? ຊ CI as a Service ্ͰΓ͔ͨͬͨ image pull
-> build -> push Docker 1.10 ͔Β Docker image ͷΈ͕มΘͬͯɺ pull ͖ͯͨ͠Πϝʔδͷʮ్த·ͰΛʯΩϟογϡͱͯ͠ ͏͜ͱ͕Ͱ͖ͳ͘ͳͬͨ https://docs.docker.com/engine/userguide/storagedriver/ imagesandcontainers/#/content-addressable-storage
None
intermediate-build-server Docker 1.13 Ͱղফ༧ఆ
ECR AWS ECS ଐͷ ϑϧϚωʔδυ Docker Registry Terraform ͰϦϙδτϦΛཧ ϩάΠϯ͢ΔεΫϦϓτΛ
1͓͖࣌ؒʹఆظ࣮ߦ
ECR 1ϨϙδτϦ࠷େ1000Πϝʔδ 80 - 90Πϝʔδ / week ϖʔεͰ૿Ճ Lambda Ͱλά͍ͯͳ͍ΠϝʔδΛఆظతʹ͓আ
ECR dtan4/ecr-gc
Ҡߦ݁Ռ
Ҡߦ݁Ռ ΠϝʔδαΠζ 3.307 GB -> 2.24 GB -> 2.43 GB
Ϗϧυ࣌ؒ 48 m -> 16 m 5 s Alpine Linux Ubuntu
TODO Serverspec ॻ͍͚ͨͲ CI ͕ͳ͍ shallow clone ͰΠϝʔδΛ͞ΒʹμΠΤοτ ͱ͔ͱ͔…
Recap
None