Terraform at Wantedly

TERRAFORM  at WANTEDLY 2015-08-05 HashiCorp Tools Meetup @dtan4

Daisuke Fujita @dtan4 Πϯλʔϯ  @ΠϯϑϥνʔϜ

HashiCorp in Wantedly Terraform Vagrant Packer

ࠓ೔࿩͢͜ͱ Wantedly Ͱͷ  Terraform ӡ༻ࣄྫ

Terraform ﬂow @ Wantedly since May 2015

Terraform Ͱ؅ཧ͍ͯ͠Δ਺ 27 resource types aws_customer_gateway aws_db_instance aws_db_security_group aws_db_subnet_group aws_elasticache_cluster
aws_elasticache_subnet_group aws_elb aws_iam_group aws_iam_group_membership aws_iam_group_policy aws_iam_role aws_iam_role_policy aws_iam_user aws_iam_user_policy aws_instance aws_internet_gateway aws_network_acl aws_route_table aws_route_table_association aws_s3_bucket aws_security_group aws_subnet aws_vpc aws_vpn_connection aws_vpn_connection_route aws_vpn_gateway dnsimple_record

Terraform Ͱ؅ཧ͍ͯ͠Δ਺ AWS 199 DNSimple 155 354 resources

Terraform ؀ڥ GitHub wercker S3 remote backend Vagrant CoreOS Docker
quay.io/wantedly/terraform 3FNPUF -PDBM

Terraform ﬂow Terraform ίʔυΛॻ͍ͯ Pull Request Λग़͢

Terraform ﬂow CI Ͱςετ (terraform plan) ͕૸Δ

Terraform ﬂow ΠϯϑϥνʔϜ͕ϨϏϡʔͯ͠ Merge

Terraform ﬂow CI Ͱ࣮؀ڥ΁ͷద༻  (terraform apply) ͕ߦΘΕΔ

e.g. DNS Ϩίʔυ௥Ճ

e.g. IAM Ϣʔβ௥Ճ

e.g. GitHub ্Ͱ֬ೝͰ͖ͯศར

Terraform ಋೖͷաఔ

ಋೖͨ͠ܦҢ • Management Console ϙνϙνۀ͔Βͷ୤٫ • ΠϯϑϥνʔϜ΁ͷ࡞ۀूத͔Βͷ୤٫ • ߏங࡞ۀͷཤྺΛ࢒͍ͨ͠ •
ϦιʔεҰཡΛ  ͩΕͰ΋؆୯ʹݟΒΕΔΑ͏ʹ͍ͨ͠ • Ϧιʔεෳ੡Λָʹ͍ͨ͠

Ұ͔ΒΠϯϑϥߏங΍ϦϓϨʔεͰ͸ͳ͘ɺ  ͍·ಈ͍͍ͯΔΠϯϑϥϦιʔε  ΛίʔυԽ͍ͨ͠

ݱߦ؀ڥ΁ͷ Terraform ಋೖ https://github.com/hashicorp/terraform/issues/581

ݱߦ؀ڥ΁ͷ Terraform ಋೖ https://github.com/hashicorp/terraform/issues/581 طଘϦιʔεͷ Terraform ίʔυԽ͸  ࣮૷͞Ε͍ͯͳ͍

ݱߦ؀ڥ΁ͷ Terraform ಋೖ ex: hoge ͱ͍͏ S3 bucket ͕͋ͬͨͱ͖ resource
"aws_s3_bucket" "hoge" { bucket = "hoge" acl = "private" } { "version": 1, "serial": 1, "modules": { "path": [ "root" ], "outputs": { }, "resources": { "aws_s3_bucket.hoge": { "type": "aws_s3_bucket", "primary": { "id": "hoge", "attributes": { "acl": "private", "bucket": "hoge", "id": "hoge" } } } } } } TUG UFSSBGPSNUGTUBUF

ݱߦ؀ڥ΁ͷ Terraform ಋೖ ex: hoge ͱ͍͏ S3 bucket ͕͋ͬͨͱ͖ resource
"aws_s3_bucket" "hoge" { bucket = "hoge" acl = "private" } { "version": 1, "serial": 1, "modules": { "path": [ "root" ], "outputs": { }, "resources": { "aws_s3_bucket.hoge": { "type": "aws_s3_bucket", "primary": { "id": "hoge", "attributes": { "acl": "private", "bucket": "hoge", "id": "hoge" } } } } } } TUG UFSSBGPSNUGTUBUF tfstate (JSON)  ਓྗͰॻ͘ͷ͸ݫ͍͠

Export existing AWS resources to Terraform style (tf, tfstate) dtan4/terraforming

Terraforming • طଘͷ AWS / DNSimple Ϧιʔε͔Β  Terraform ͷίʔυ (tf,
tfstate) Λੜ੒͢Δ  ίϚϯυϥΠϯπʔϧ • 24छྨͷ AWS ϦιʔεʹରԠ • Wantedly ͷ Terraform ίʔυͷେ൒Λੜ੒ • Issue & Pull Request ͓·ͪͯ͠·͢ʂ dtan4/terraforming $ gem install terraforming # or $ docker pull quay.io/dtan4/terraforming

Terraforming • S3 buckets ͷ tf Λੜ੒ • S3 buckets
ͷ tfstate Λੜ੒ • S3 buckets ͷ tfstate Λੜ੒͠ɺ  طଘͷ terraform.tfstate ͱϚʔδ $ terraforming s3 $ terraforming s3 --tfstate \ --merge=/path/to/terraform.tfstate $ terraforming s3 --tfstate dtan4/terraforming

http://qiita.com/dtan4/items/345c56281ab0e87d6646

ૺ۰ͨ͠໰୊

terraform plan ͕৴༻ग़དྷͳ͍ • HCL ͷγϯλοΫενΣοΫͱ  Terraform ύϥϝʔλͷνΣοΫͷΈɺ  API ͷ
dry-run ͸͠ͳ͍ • terraform plan ͕௨ͬͯ΋ɺύϥϝʔλ͕ AWS తʹෆਖ਼Ͱ terraform apply ʹࣦഊ͢Δ • CI Ͱʮςετʯ͍ͯ͠Δҙຯ͕…

terraform plan ͕৴༻ग़དྷͳ͍ • AWS ͷυΩϡϝϯτ΋ಡ·ͳ͍ͱ͍͚ͳ͍ • terraform apply ࣦഊͯ͠΋ϦΧόϦͰ͖Δ 
࢓૊ΈΛ࡞Δ • खݩͰ apply Ͱ͖Δ؀ڥ

ELB ഑ԼͷΠϯελϯε͕  ҙਤͤͣஔ͖׵ΘΔ • Terraform ͷ ELB resource ͸  ௻Δ͢ΠϯελϯεΛ໌ࣔతʹॻ͘ඞཁ͋Γ
• Wantedly Ͱ͸ࣗલπʔϧͰ  Πϯελϯεͷ૿ݮɺELB ΁ͷ௻Δ͠Λߦ͏ • Terraform ίʔυͱ࣮ࡍͷ؀ڥʹࠩҟ͕ग़Δ

ELB ഑ԼͷΠϯελϯε͕  ҙਤͤͣஔ͖׵ΘΔ • සൟʹΠϯελϯε͕ஔ͖׵ΘΔ ELB ͸  Terraform Ͱ؅ཧ͠ͳ͍͜ͱʹͨ͠ •
֎෦Ͱಈతͳมߋ͕͋Γ͏ΔϦιʔε͸  ͋͑ͯ؅ཧ͠ͳ͍

IAM Ϣʔβ࡟আͰࣦഊ • IAM ϢʔβࣗମΛফ͢લʹΫϨσϯγϟϧ΍  ϩάΠϯϓϩϑΝΠϧΛফ͢ඞཁ͕͋Δ • Terraform ͸ͦΜͳͷ͓ߏ͍ͳ͠ʹ delete-user
͠Α͏ͱ͢Δ • खಈͰґଘϦιʔεΛফ্ͨ͠Ͱ apply http://docs.aws.amazon.com/ja_jp/IAM/latest/UserGuide/Using_DeletingUserFromAccount.html

·ͱΊ

·ͱΊ • Wantedly ͷΠϯϑϥ͸  Terraform Ͱ؅ཧ͞Ε͍ͯ·͢ʂ • ݱߦΠϯϑϥΛ Terraform Ͱ؅ཧ͢ΔͨΊʹ 
Terraforming ͱ͍͏πʔϧΛ։ൃ͠·ͨ͠ • ͢΂ͯΛ Terraform ʹ೚͖ͤͬΓʹ͠ͳ͍

Terraform at Wantedly

Terraform at Wantedly

More Decks by Daisuke Fujita

Other Decks in Technology

Featured

Transcript