Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Terraform at Wantedly

92ce4587cc8465736433e698b1e50aaa?s=47 Daisuke Fujita
August 05, 2015
Technology
15
9.8k

Terraform at Wantedly

HashiCorp Tools Meetup #hashi_wantedly での発表資料です。

92ce4587cc8465736433e698b1e50aaa?s=128

Daisuke Fujita

August 05, 2015
Tweet

More Decks by Daisuke Fujita

See All by Daisuke Fujita
SREcon19 Asia/Pacific Recap
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
0
120
Our Practices of Delegating Ownership in Microservices World
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
4
8k
Kubernetes Cluster Upgrade / Mercari Meetup for Microservices Platform
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
3
3.7k
KubeCon EU 2018 Recap: Multi-Tenancy in Kubernetes: 
Best Practices Today, and Future Directions / Kubernetes Meetup Tokyo 11 #k8sjp
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
1
1.6k
Wantedly から Chef を一掃した話 / #chibadan
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
24
11k
さようなら Chef こんにちは Dockerfile / Web Tech Tokyo #1
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
6
6.6k
Docker をフル活用したインフラの紹介と成長し続けるためのインフラ戦略 / #abejameetup
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
19
3.7k
Docker Compose PaaS の作り方、そして社内に導入した話 / #yapc8oji
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
1
7.3k
Writing Kubenetes tools in Go
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
1
3k

Other Decks in Technology

See All in Technology
漫画で使えそうな背景画像をblenderを使って作ってみた!
64482468d2ccebb9284315b8af68c0a1?s=48 nokonoko1203
1
290
Istioを活用したセキュアなマイクロサービスの実現/Secure Microservices with Istio
00851927294532e0742c2c174730dff0?s=48 ido_kara_deru
3
420
〇〇みたいな検索作ってと言われたときに考えること / thinking before developing search system like that one
E96c81ea6ec9fc4258a1fba04ae7ca5e?s=48 ryook
5
2.7k
増田亨さんによる 「設計の考え方とやり方」勉強会オープニング
8ccb6288c8b9f34d6917a14d42e66cbe?s=48 tsuyok
0
210
DMMプラットフォーム ゼロから始めるKubernetes運用 課題と改善
F91225895fc7411d415604147af75cab?s=48 pospome
0
410
Trusted Web プロトタイプ
525442fc70ca92f82ae503f826956137?s=48 finengine
0
330
Learning to Solve Hard Minimal Problems
2c88806cbaab6024dc95b9a654c99d86?s=48 takmin
1
430
品質特性のすすめ
95d0e8ddf4a989d9734c25bd6b1af295?s=48 honamin09
0
170
eBPF-based Container Networking
98b5759510e487ade4145247bc856366?s=48 johnlin
2
1.1k
質の良い”カイゼン”の為の質の良い「振り返り」
Bf7fe621f4fe1615c228ef8a79b87282?s=48 shirayanagiryuji
0
130
JAWS-UG 朝会 #36 登壇資料
08dd0b93e011904f40d60d5a1b54c671?s=48 takakuni
1
560
やってみたLT会 Fleet Managerのススメ
3282faa17a370dd254382f4bf2c7ba3a?s=48 yukiiiiikuma
PRO
0
400

Featured

See All Featured
Fashionably flexible responsive web design (full day workshop)
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
396
62k
Designing with Data
F57e2136eb9895eb95ff5dc8a1c02677?s=48 zakiwarfel
91
4k
Large-scale JavaScript Application Architecture
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
499
110k
VelocityConf: Rendering Performance Case Studies
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
316
22k
The Invisible Side of Design
B3d6434763caa0ef5dc4b792662c49f7?s=48 smashingmag
290
48k
The Pragmatic Product Professional
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
19
3.1k
For a Future-Friendly Web
F68cb25ae3e5c2106997454b13b7737d?s=48 brad_frost
166
7.5k
Infographics Made Easy
282d599b414022eba5096510f675b6e2?s=48 chrislema
233
17k
What's in a price? How to price your products and services
Dad095ea7038f89f760419ce475d5d14?s=48 michaelherold
229
9.4k
WebSockets: Embracing the real-time Web
E76911cbe088e5b850d966de3fc7435b?s=48 robhawkes
57
5.6k
Documentation Writing (for coders)
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenintech
48
2.6k
The Language of Interfaces
Fde6c3a50ca518a909ef35c22c0ee0e4?s=48 destraynor
148
21k

Transcript

  1. TERRAFORM
 at WANTEDLY 2015-08-05 HashiCorp Tools Meetup @dtan4

  2. Daisuke Fujita @dtan4 Πϯλʔϯ
 @ΠϯϑϥνʔϜ

  3. None

  4. HashiCorp in Wantedly Terraform Vagrant Packer

  5. ࠓ೔࿩͢͜ͱ Wantedly Ͱͷ
 Terraform ӡ༻ࣄྫ

  6. Terraform flow @ Wantedly since May 2015

  7. Terraform Ͱ؅ཧ͍ͯ͠Δ਺ 27 resource types aws_customer_gateway aws_db_instance aws_db_security_group aws_db_subnet_group aws_elasticache_cluster

    aws_elasticache_subnet_group aws_elb aws_iam_group aws_iam_group_membership aws_iam_group_policy aws_iam_role aws_iam_role_policy aws_iam_user aws_iam_user_policy aws_instance aws_internet_gateway aws_network_acl aws_route_table aws_route_table_association aws_s3_bucket aws_security_group aws_subnet aws_vpc aws_vpn_connection aws_vpn_connection_route aws_vpn_gateway dnsimple_record

  8. Terraform Ͱ؅ཧ͍ͯ͠Δ਺ AWS 199 DNSimple 155 354 resources

  9. Terraform ؀ڥ GitHub wercker S3 remote backend Vagrant CoreOS Docker

    quay.io/wantedly/terraform 3FNPUF -PDBM

  10. Terraform flow Terraform ίʔυΛॻ͍ͯ Pull Request Λग़͢

  11. Terraform flow Terraform ίʔυΛॻ͍ͯ Pull Request Λग़͢

  12. Terraform flow CI Ͱςετ (terraform plan) ͕૸Δ

  13. Terraform flow CI Ͱςετ (terraform plan) ͕૸Δ

  14. Terraform flow ΠϯϑϥνʔϜ͕ϨϏϡʔͯ͠ Merge

  15. Terraform flow CI Ͱ࣮؀ڥ΁ͷద༻
 (terraform apply) ͕ߦΘΕΔ

  16. Terraform flow CI Ͱ࣮؀ڥ΁ͷద༻
 (terraform apply) ͕ߦΘΕΔ

  17. e.g. DNS Ϩίʔυ௥Ճ

  18. e.g. IAM Ϣʔβ௥Ճ

  19. e.g. GitHub ্Ͱ֬ೝͰ͖ͯศར

  20. Terraform ಋೖͷաఔ

  21. ಋೖͨ͠ܦҢ • Management Console ϙνϙνۀ͔Βͷ୤٫ • ΠϯϑϥνʔϜ΁ͷ࡞ۀूத͔Βͷ୤٫ • ߏங࡞ۀͷཤྺΛ࢒͍ͨ͠ •

    ϦιʔεҰཡΛ
 ͩΕͰ΋؆୯ʹݟΒΕΔΑ͏ʹ͍ͨ͠ • Ϧιʔεෳ੡Λָʹ͍ͨ͠

  22. Ұ͔ΒΠϯϑϥߏங΍ϦϓϨʔεͰ͸ͳ͘ɺ
 ͍·ಈ͍͍ͯΔΠϯϑϥϦιʔε
 ΛίʔυԽ͍ͨ͠

  23. ݱߦ؀ڥ΁ͷ Terraform ಋೖ https://github.com/hashicorp/terraform/issues/581

  24. ݱߦ؀ڥ΁ͷ Terraform ಋೖ https://github.com/hashicorp/terraform/issues/581 طଘϦιʔεͷ Terraform ίʔυԽ͸
 ࣮૷͞Ε͍ͯͳ͍

  25. ݱߦ؀ڥ΁ͷ Terraform ಋೖ ex: hoge ͱ͍͏ S3 bucket ͕͋ͬͨͱ͖ resource

    "aws_s3_bucket" "hoge" { bucket = "hoge" acl = "private" } { "version": 1, "serial": 1, "modules": { "path": [ "root" ], "outputs": { }, "resources": { "aws_s3_bucket.hoge": { "type": "aws_s3_bucket", "primary": { "id": "hoge", "attributes": { "acl": "private", "bucket": "hoge", "id": "hoge" } } } } } } TUG UFSSBGPSNUGTUBUF

  26. ݱߦ؀ڥ΁ͷ Terraform ಋೖ ex: hoge ͱ͍͏ S3 bucket ͕͋ͬͨͱ͖ resource

    "aws_s3_bucket" "hoge" { bucket = "hoge" acl = "private" } { "version": 1, "serial": 1, "modules": { "path": [ "root" ], "outputs": { }, "resources": { "aws_s3_bucket.hoge": { "type": "aws_s3_bucket", "primary": { "id": "hoge", "attributes": { "acl": "private", "bucket": "hoge", "id": "hoge" } } } } } } TUG UFSSBGPSNUGTUBUF tfstate (JSON)
 ਓྗͰॻ͘ͷ͸ݫ͍͠

  27. Export existing AWS resources to Terraform style (tf, tfstate) dtan4/terraforming

  28. Terraforming • طଘͷ AWS / DNSimple Ϧιʔε͔Β
 Terraform ͷίʔυ (tf,

    tfstate) Λੜ੒͢Δ
 ίϚϯυϥΠϯπʔϧ • 24छྨͷ AWS ϦιʔεʹରԠ • Wantedly ͷ Terraform ίʔυͷେ൒Λੜ੒ • Issue & Pull Request ͓·ͪͯ͠·͢ʂ dtan4/terraforming $ gem install terraforming # or $ docker pull quay.io/dtan4/terraforming

  29. Terraforming • S3 buckets ͷ tf Λੜ੒ • S3 buckets

    ͷ tfstate Λੜ੒ • S3 buckets ͷ tfstate Λੜ੒͠ɺ
 طଘͷ terraform.tfstate ͱϚʔδ $ terraforming s3 $ terraforming s3 --tfstate \ --merge=/path/to/terraform.tfstate $ terraforming s3 --tfstate dtan4/terraforming

  30. http://qiita.com/dtan4/items/345c56281ab0e87d6646

  31. ૺ۰ͨ͠໰୊

  32. terraform plan ͕৴༻ग़དྷͳ͍ • HCL ͷγϯλοΫενΣοΫͱ
 Terraform ύϥϝʔλͷνΣοΫͷΈɺ
 API ͷ

    dry-run ͸͠ͳ͍ • terraform plan ͕௨ͬͯ΋ɺύϥϝʔλ͕ AWS తʹෆਖ਼Ͱ terraform apply ʹࣦഊ͢Δ • CI Ͱʮςετʯ͍ͯ͠Δҙຯ͕…

  33. terraform plan ͕৴༻ग़དྷͳ͍ • AWS ͷυΩϡϝϯτ΋ಡ·ͳ͍ͱ͍͚ͳ͍ • terraform apply ࣦഊͯ͠΋ϦΧόϦͰ͖Δ


    ࢓૊ΈΛ࡞Δ • खݩͰ apply Ͱ͖Δ؀ڥ

  34. ELB ഑ԼͷΠϯελϯε͕
 ҙਤͤͣஔ͖׵ΘΔ • Terraform ͷ ELB resource ͸
 ௻Δ͢ΠϯελϯεΛ໌ࣔతʹॻ͘ඞཁ͋Γ

    • Wantedly Ͱ͸ࣗલπʔϧͰ
 Πϯελϯεͷ૿ݮɺELB ΁ͷ௻Δ͠Λߦ͏ • Terraform ίʔυͱ࣮ࡍͷ؀ڥʹࠩҟ͕ग़Δ

  35. ELB ഑ԼͷΠϯελϯε͕
 ҙਤͤͣஔ͖׵ΘΔ • සൟʹΠϯελϯε͕ஔ͖׵ΘΔ ELB ͸
 Terraform Ͱ؅ཧ͠ͳ͍͜ͱʹͨ͠ •

    ֎෦Ͱಈతͳมߋ͕͋Γ͏ΔϦιʔε͸
 ͋͑ͯ؅ཧ͠ͳ͍

  36. IAM Ϣʔβ࡟আͰࣦഊ • IAM ϢʔβࣗମΛফ͢લʹΫϨσϯγϟϧ΍
 ϩάΠϯϓϩϑΝΠϧΛফ͢ඞཁ͕͋Δ • Terraform ͸ͦΜͳͷ͓ߏ͍ͳ͠ʹ delete-user

    ͠Α͏ͱ͢Δ • खಈͰґଘϦιʔεΛফ্ͨ͠Ͱ apply http://docs.aws.amazon.com/ja_jp/IAM/latest/UserGuide/Using_DeletingUserFromAccount.html

  37. ·ͱΊ

  38. ·ͱΊ • Wantedly ͷΠϯϑϥ͸
 Terraform Ͱ؅ཧ͞Ε͍ͯ·͢ʂ • ݱߦΠϯϑϥΛ Terraform Ͱ؅ཧ͢ΔͨΊʹ


    Terraforming ͱ͍͏πʔϧΛ։ൃ͠·ͨ͠ • ͢΂ͯΛ Terraform ʹ೚͖ͤͬΓʹ͠ͳ͍