Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Terraform at Wantedly

Daisuke Fujita
August 05, 2015
Technology
15
10k

Terraform at Wantedly

HashiCorp Tools Meetup #hashi_wantedly での発表資料です。

Daisuke Fujita

August 05, 2015
Tweet

More Decks by Daisuke Fujita

See All by Daisuke Fujita
SREcon19 Asia/Pacific Recap
dtan4
0
140
Our Practices of Delegating Ownership in Microservices World
dtan4
4
8.6k
Kubernetes Cluster Upgrade / Mercari Meetup for Microservices Platform
dtan4
3
4.1k
KubeCon EU 2018 Recap: Multi-Tenancy in Kubernetes: 
Best Practices Today, and Future Directions / Kubernetes Meetup Tokyo 11 #k8sjp
dtan4
1
1.7k
Wantedly から Chef を一掃した話 / #chibadan
dtan4
24
11k
さようなら Chef こんにちは Dockerfile / Web Tech Tokyo #1
dtan4
6
6.8k
Docker をフル活用したインフラの紹介と成長し続けるためのインフラ戦略 / #abejameetup
dtan4
19
3.8k
Docker Compose PaaS の作り方、そして社内に導入した話 / #yapc8oji
dtan4
1
7.6k
Writing Kubenetes tools in Go
dtan4
1
3.2k

Other Decks in Technology

See All in Technology
仲間から嫌われがちだった私が、アジャイルに出会い、仲間から慕われるようになるまでの道のり / I was often disliked by my peers, but then I met Agile, How I came to be admired by my peers
pauli
0
380
1人目の専任SREがポストモーテム文化を改善したらエンジニア以外にも広まり、 他部門との連携も強化された話+
tk3fftk
0
390
Designing an Incident Response Process at Scale
opeonikute
0
140
Introduction to mcl-wasm
herumi
1
280
Jetpack Glanceではじめる Material 3のColor
mochico
0
530
フロントエンドの開発生産性とは
yosuke_furukawa
PRO
5
2.8k
[PHPカンファレンス沖縄2023]【実践編】良いプロダクト作りのための組織育成 健全なコードは健全な組織、健全なチームから
ikezoemakoto
0
160
JPOUG#7 Oracle Database 23c New Features
nori_shinoda
1
760
深いドメインと統合型経営プラットフォームを支えるモジュラモノリスの事例 / Modular Monolith That Support Deep Domains And Integrated Management Platform
ogugu9
16
5.1k
KARTEのAPIサーバ化
line_developers
PRO
1
110
モジュラモノリスにおけるトランザクション設計の考え方 / transaction design on modular monolith
nazonohito51
14
4.9k
自作WASMランタイムをKernelに改造する試み.pdf
riru
2
450

Featured

See All Featured
GraphQLの誤解/rethinking-graphql
sonatard
44
8.5k
Code Review Best Practice
trishagee
53
13k
Writing Fast Ruby
sferik
615
59k
Fontdeck: Realign not Redesign
paulrobertlloyd
74
4.6k
Rails Girls Zürich Keynote
gr2m
90
12k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
112
17k
No one is an island. Learnings from fostering a developers community.
thoeni
14
1.8k
The Language of Interfaces
destraynor
149
22k
Embracing the Ebb and Flow
colly
77
3.8k
Building Adaptive Systems
keathley
29
1.6k
Art, The Web, and Tiny UX
lynnandtonic
285
18k
A Tale of Four Properties
chriscoyier
150
21k

Transcript

  1. TERRAFORM

    at WANTEDLY
    2015-08-05
    HashiCorp Tools Meetup
    @dtan4

    View Slide

  2. Daisuke Fujita
    @dtan4
    Πϯλʔϯ

    @ΠϯϑϥνʔϜ

    View Slide

  3. View Slide

  4. HashiCorp in Wantedly
    Terraform Vagrant Packer

    View Slide

  5. ࠓ೔࿩͢͜ͱ
    Wantedly Ͱͷ

    Terraform ӡ༻ࣄྫ

    View Slide

  6. Terraform flow
    @ Wantedly
    since May 2015

    View Slide

  7. Terraform Ͱ؅ཧ͍ͯ͠Δ਺
    27 resource types
    aws_customer_gateway
    aws_db_instance
    aws_db_security_group
    aws_db_subnet_group
    aws_elasticache_cluster
    aws_elasticache_subnet_group
    aws_elb
    aws_iam_group
    aws_iam_group_membership
    aws_iam_group_policy
    aws_iam_role
    aws_iam_role_policy
    aws_iam_user
    aws_iam_user_policy
    aws_instance
    aws_internet_gateway
    aws_network_acl
    aws_route_table
    aws_route_table_association
    aws_s3_bucket
    aws_security_group
    aws_subnet
    aws_vpc
    aws_vpn_connection
    aws_vpn_connection_route
    aws_vpn_gateway
    dnsimple_record

    View Slide

  8. Terraform Ͱ؅ཧ͍ͯ͠Δ਺
    AWS
    199
    DNSimple
    155
    354 resources

    View Slide

  9. Terraform ؀ڥ
    GitHub wercker S3 remote backend
    Vagrant CoreOS Docker
    quay.io/wantedly/terraform
    3FNPUF
    -PDBM

    View Slide

  10. Terraform flow
    Terraform ίʔυΛॻ͍ͯ Pull Request Λग़͢

    View Slide

  11. Terraform flow
    Terraform ίʔυΛॻ͍ͯ Pull Request Λग़͢

    View Slide

  12. Terraform flow
    CI Ͱςετ (terraform plan) ͕૸Δ

    View Slide

  13. Terraform flow
    CI Ͱςετ (terraform plan) ͕૸Δ

    View Slide

  14. Terraform flow
    ΠϯϑϥνʔϜ͕ϨϏϡʔͯ͠ Merge

    View Slide

  15. Terraform flow
    CI Ͱ࣮؀ڥ΁ͷద༻

    (terraform apply) ͕ߦΘΕΔ

    View Slide

  16. Terraform flow
    CI Ͱ࣮؀ڥ΁ͷద༻

    (terraform apply) ͕ߦΘΕΔ

    View Slide

  17. e.g. DNS Ϩίʔυ௥Ճ

    View Slide

  18. e.g. IAM Ϣʔβ௥Ճ

    View Slide

  19. e.g. GitHub ্Ͱ֬ೝͰ͖ͯศར

    View Slide

  20. Terraform ಋೖͷաఔ

    View Slide

  21. ಋೖͨ͠ܦҢ
    • Management Console ϙνϙνۀ͔Βͷ୤٫

    • ΠϯϑϥνʔϜ΁ͷ࡞ۀूத͔Βͷ୤٫

    • ߏங࡞ۀͷཤྺΛ࢒͍ͨ͠

    • ϦιʔεҰཡΛ

    ͩΕͰ΋؆୯ʹݟΒΕΔΑ͏ʹ͍ͨ͠

    • Ϧιʔεෳ੡Λָʹ͍ͨ͠

    View Slide

  22. Ұ͔ΒΠϯϑϥߏங΍ϦϓϨʔεͰ͸ͳ͘ɺ

    ͍·ಈ͍͍ͯΔΠϯϑϥϦιʔε

    ΛίʔυԽ͍ͨ͠

    View Slide

  23. ݱߦ؀ڥ΁ͷ Terraform ಋೖ
    https://github.com/hashicorp/terraform/issues/581

    View Slide

  24. ݱߦ؀ڥ΁ͷ Terraform ಋೖ
    https://github.com/hashicorp/terraform/issues/581
    طଘϦιʔεͷ Terraform ίʔυԽ͸

    ࣮૷͞Ε͍ͯͳ͍

    View Slide

  25. ݱߦ؀ڥ΁ͷ Terraform ಋೖ
    ex: hoge ͱ͍͏ S3 bucket ͕͋ͬͨͱ͖
    resource "aws_s3_bucket" "hoge" {
    bucket = "hoge"
    acl = "private"
    }
    {
    "version": 1,
    "serial": 1,
    "modules": {
    "path": [
    "root"
    ],
    "outputs": {
    },
    "resources": {
    "aws_s3_bucket.hoge": {
    "type": "aws_s3_bucket",
    "primary": {
    "id": "hoge",
    "attributes": {
    "acl": "private",
    "bucket": "hoge",
    "id": "hoge"
    }
    }
    }
    }
    }
    }
    TUG
    UFSSBGPSNUGTUBUF

    View Slide

  26. ݱߦ؀ڥ΁ͷ Terraform ಋೖ
    ex: hoge ͱ͍͏ S3 bucket ͕͋ͬͨͱ͖
    resource "aws_s3_bucket" "hoge" {
    bucket = "hoge"
    acl = "private"
    }
    {
    "version": 1,
    "serial": 1,
    "modules": {
    "path": [
    "root"
    ],
    "outputs": {
    },
    "resources": {
    "aws_s3_bucket.hoge": {
    "type": "aws_s3_bucket",
    "primary": {
    "id": "hoge",
    "attributes": {
    "acl": "private",
    "bucket": "hoge",
    "id": "hoge"
    }
    }
    }
    }
    }
    }
    TUG
    UFSSBGPSNUGTUBUF
    tfstate (JSON)

    ਓྗͰॻ͘ͷ͸ݫ͍͠

    View Slide

  27. Export existing AWS resources to Terraform style (tf, tfstate)
    dtan4/terraforming

    View Slide

  28. Terraforming
    • طଘͷ AWS / DNSimple Ϧιʔε͔Β

    Terraform ͷίʔυ (tf, tfstate) Λੜ੒͢Δ

    ίϚϯυϥΠϯπʔϧ

    • 24छྨͷ AWS ϦιʔεʹରԠ

    • Wantedly ͷ Terraform ίʔυͷେ൒Λੜ੒

    • Issue & Pull Request ͓·ͪͯ͠·͢ʂ
    dtan4/terraforming
    $ gem install terraforming # or
    $ docker pull quay.io/dtan4/terraforming

    View Slide

  29. Terraforming
    • S3 buckets ͷ tf Λੜ੒

    • S3 buckets ͷ tfstate Λੜ੒

    • S3 buckets ͷ tfstate Λੜ੒͠ɺ

    طଘͷ terraform.tfstate ͱϚʔδ
    $ terraforming s3
    $ terraforming s3 --tfstate \
    --merge=/path/to/terraform.tfstate
    $ terraforming s3 --tfstate
    dtan4/terraforming

    View Slide

  30. http://qiita.com/dtan4/items/345c56281ab0e87d6646

    View Slide

  31. ૺ۰ͨ͠໰୊

    View Slide

  32. terraform plan ͕৴༻ग़དྷͳ͍
    • HCL ͷγϯλοΫενΣοΫͱ

    Terraform ύϥϝʔλͷνΣοΫͷΈɺ

    API ͷ dry-run ͸͠ͳ͍

    • terraform plan ͕௨ͬͯ΋ɺύϥϝʔλ͕
    AWS తʹෆਖ਼Ͱ terraform apply ʹࣦഊ͢Δ

    • CI Ͱʮςετʯ͍ͯ͠Δҙຯ͕…

    View Slide

  33. terraform plan ͕৴༻ग़དྷͳ͍
    • AWS ͷυΩϡϝϯτ΋ಡ·ͳ͍ͱ͍͚ͳ͍

    • terraform apply ࣦഊͯ͠΋ϦΧόϦͰ͖Δ

    ࢓૊ΈΛ࡞Δ

    • खݩͰ apply Ͱ͖Δ؀ڥ

    View Slide

  34. ELB ഑ԼͷΠϯελϯε͕

    ҙਤͤͣஔ͖׵ΘΔ
    • Terraform ͷ ELB resource ͸

    ௻Δ͢ΠϯελϯεΛ໌ࣔతʹॻ͘ඞཁ͋Γ

    • Wantedly Ͱ͸ࣗલπʔϧͰ

    Πϯελϯεͷ૿ݮɺELB ΁ͷ௻Δ͠Λߦ͏

    • Terraform ίʔυͱ࣮ࡍͷ؀ڥʹࠩҟ͕ग़Δ

    View Slide

  35. ELB ഑ԼͷΠϯελϯε͕

    ҙਤͤͣஔ͖׵ΘΔ
    • සൟʹΠϯελϯε͕ஔ͖׵ΘΔ ELB ͸

    Terraform Ͱ؅ཧ͠ͳ͍͜ͱʹͨ͠

    • ֎෦Ͱಈతͳมߋ͕͋Γ͏ΔϦιʔε͸

    ͋͑ͯ؅ཧ͠ͳ͍

    View Slide

  36. IAM Ϣʔβ࡟আͰࣦഊ
    • IAM ϢʔβࣗମΛফ͢લʹΫϨσϯγϟϧ΍

    ϩάΠϯϓϩϑΝΠϧΛফ͢ඞཁ͕͋Δ

    • Terraform ͸ͦΜͳͷ͓ߏ͍ͳ͠ʹ delete-user
    ͠Α͏ͱ͢Δ

    • खಈͰґଘϦιʔεΛফ্ͨ͠Ͱ apply
    http://docs.aws.amazon.com/ja_jp/IAM/latest/UserGuide/Using_DeletingUserFromAccount.html

    View Slide

  37. ·ͱΊ

    View Slide

  38. ·ͱΊ
    • Wantedly ͷΠϯϑϥ͸

    Terraform Ͱ؅ཧ͞Ε͍ͯ·͢ʂ

    • ݱߦΠϯϑϥΛ Terraform Ͱ؅ཧ͢ΔͨΊʹ

    Terraforming ͱ͍͏πʔϧΛ։ൃ͠·ͨ͠

    • ͢΂ͯΛ Terraform ʹ೚͖ͤͬΓʹ͠ͳ͍

    View Slide