Terraform at Wantedly

92ce4587cc8465736433e698b1e50aaa?s=47 Daisuke Fujita
August 05, 2015
Technology
15
9.5k

Terraform at Wantedly

HashiCorp Tools Meetup #hashi_wantedly での発表資料です。

92ce4587cc8465736433e698b1e50aaa?s=128

Daisuke Fujita

August 05, 2015
Tweet

Want more?

92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
0
87
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
4
3.6k
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
3
3.1k
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
2
160
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
1
83
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
0
74
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenhchung
5
150
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
4
160
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
2
220
C35e01544a0dd94a2cf1619ee8a42ebb?s=48 clairelew
2
440
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
1
120
B3ace07412a5178ea778e7eec161fc0a?s=48 jcasabona
4
200

Transcript

  1. 1.

    TERRAFORM
 at WANTEDLY 2015-08-05 HashiCorp Tools Meetup @dtan4

  2. 2.

    Daisuke Fujita @dtan4 Πϯλʔϯ
 @ΠϯϑϥνʔϜ

  3. 3.
    None
  4. 4.

    HashiCorp in Wantedly Terraform Vagrant Packer

  5. 5.

    ࠓ೔࿩͢͜ͱ Wantedly Ͱͷ
 Terraform ӡ༻ࣄྫ

  6. 6.

    Terraform flow @ Wantedly since May 2015

  7. 7.

    Terraform Ͱ؅ཧ͍ͯ͠Δ਺ 27 resource types aws_customer_gateway aws_db_instance aws_db_security_group aws_db_subnet_group aws_elasticache_cluster

    aws_elasticache_subnet_group aws_elb aws_iam_group aws_iam_group_membership aws_iam_group_policy aws_iam_role aws_iam_role_policy aws_iam_user aws_iam_user_policy aws_instance aws_internet_gateway aws_network_acl aws_route_table aws_route_table_association aws_s3_bucket aws_security_group aws_subnet aws_vpc aws_vpn_connection aws_vpn_connection_route aws_vpn_gateway dnsimple_record
  8. 8.

    Terraform Ͱ؅ཧ͍ͯ͠Δ਺ AWS 199 DNSimple 155 354 resources

  9. 9.

    Terraform ؀ڥ GitHub wercker S3 remote backend Vagrant CoreOS Docker

    quay.io/wantedly/terraform 3FNPUF -PDBM
  10. 10.

    Terraform flow Terraform ίʔυΛॻ͍ͯ Pull Request Λग़͢

  11. 11.

    Terraform flow Terraform ίʔυΛॻ͍ͯ Pull Request Λग़͢

  12. 12.

    Terraform flow CI Ͱςετ (terraform plan) ͕૸Δ

  13. 13.

    Terraform flow CI Ͱςετ (terraform plan) ͕૸Δ

  14. 14.

    Terraform flow ΠϯϑϥνʔϜ͕ϨϏϡʔͯ͠ Merge

  15. 15.

    Terraform flow CI Ͱ࣮؀ڥ΁ͷద༻
 (terraform apply) ͕ߦΘΕΔ

  16. 16.

    Terraform flow CI Ͱ࣮؀ڥ΁ͷద༻
 (terraform apply) ͕ߦΘΕΔ

  17. 17.

    e.g. DNS Ϩίʔυ௥Ճ

  18. 18.

    e.g. IAM Ϣʔβ௥Ճ

  19. 19.

    e.g. GitHub ্Ͱ֬ೝͰ͖ͯศར

  20. 20.

    Terraform ಋೖͷաఔ

  21. 21.

    ಋೖͨ͠ܦҢ • Management Console ϙνϙνۀ͔Βͷ୤٫ • ΠϯϑϥνʔϜ΁ͷ࡞ۀूத͔Βͷ୤٫ • ߏங࡞ۀͷཤྺΛ࢒͍ͨ͠ •

    ϦιʔεҰཡΛ
 ͩΕͰ΋؆୯ʹݟΒΕΔΑ͏ʹ͍ͨ͠ • Ϧιʔεෳ੡Λָʹ͍ͨ͠
  22. 22.

    Ұ͔ΒΠϯϑϥߏங΍ϦϓϨʔεͰ͸ͳ͘ɺ
 ͍·ಈ͍͍ͯΔΠϯϑϥϦιʔε
 ΛίʔυԽ͍ͨ͠

  23. 23.

    ݱߦ؀ڥ΁ͷ Terraform ಋೖ https://github.com/hashicorp/terraform/issues/581

  24. 24.

    ݱߦ؀ڥ΁ͷ Terraform ಋೖ https://github.com/hashicorp/terraform/issues/581 طଘϦιʔεͷ Terraform ίʔυԽ͸
 ࣮૷͞Ε͍ͯͳ͍

  25. 25.

    ݱߦ؀ڥ΁ͷ Terraform ಋೖ ex: hoge ͱ͍͏ S3 bucket ͕͋ͬͨͱ͖ resource

    "aws_s3_bucket" "hoge" { bucket = "hoge" acl = "private" } { "version": 1, "serial": 1, "modules": { "path": [ "root" ], "outputs": { }, "resources": { "aws_s3_bucket.hoge": { "type": "aws_s3_bucket", "primary": { "id": "hoge", "attributes": { "acl": "private", "bucket": "hoge", "id": "hoge" } } } } } } TUG UFSSBGPSNUGTUBUF
  26. 26.

    ݱߦ؀ڥ΁ͷ Terraform ಋೖ ex: hoge ͱ͍͏ S3 bucket ͕͋ͬͨͱ͖ resource

    "aws_s3_bucket" "hoge" { bucket = "hoge" acl = "private" } { "version": 1, "serial": 1, "modules": { "path": [ "root" ], "outputs": { }, "resources": { "aws_s3_bucket.hoge": { "type": "aws_s3_bucket", "primary": { "id": "hoge", "attributes": { "acl": "private", "bucket": "hoge", "id": "hoge" } } } } } } TUG UFSSBGPSNUGTUBUF tfstate (JSON)
 ਓྗͰॻ͘ͷ͸ݫ͍͠
  27. 27.

    Export existing AWS resources to Terraform style (tf, tfstate) dtan4/terraforming

  28. 28.

    Terraforming • طଘͷ AWS / DNSimple Ϧιʔε͔Β
 Terraform ͷίʔυ (tf,

    tfstate) Λੜ੒͢Δ
 ίϚϯυϥΠϯπʔϧ • 24छྨͷ AWS ϦιʔεʹରԠ • Wantedly ͷ Terraform ίʔυͷେ൒Λੜ੒ • Issue & Pull Request ͓·ͪͯ͠·͢ʂ dtan4/terraforming $ gem install terraforming # or $ docker pull quay.io/dtan4/terraforming
  29. 29.

    Terraforming • S3 buckets ͷ tf Λੜ੒ • S3 buckets

    ͷ tfstate Λੜ੒ • S3 buckets ͷ tfstate Λੜ੒͠ɺ
 طଘͷ terraform.tfstate ͱϚʔδ $ terraforming s3 $ terraforming s3 --tfstate \ --merge=/path/to/terraform.tfstate $ terraforming s3 --tfstate dtan4/terraforming
  30. 30.

    http://qiita.com/dtan4/items/345c56281ab0e87d6646

  31. 31.

    ૺ۰ͨ͠໰୊

  32. 32.

    terraform plan ͕৴༻ग़དྷͳ͍ • HCL ͷγϯλοΫενΣοΫͱ
 Terraform ύϥϝʔλͷνΣοΫͷΈɺ
 API ͷ

    dry-run ͸͠ͳ͍ • terraform plan ͕௨ͬͯ΋ɺύϥϝʔλ͕ AWS తʹෆਖ਼Ͱ terraform apply ʹࣦഊ͢Δ • CI Ͱʮςετʯ͍ͯ͠Δҙຯ͕…
  33. 33.

    terraform plan ͕৴༻ग़དྷͳ͍ • AWS ͷυΩϡϝϯτ΋ಡ·ͳ͍ͱ͍͚ͳ͍ • terraform apply ࣦഊͯ͠΋ϦΧόϦͰ͖Δ


    ࢓૊ΈΛ࡞Δ • खݩͰ apply Ͱ͖Δ؀ڥ
  34. 34.

    ELB ഑ԼͷΠϯελϯε͕
 ҙਤͤͣஔ͖׵ΘΔ • Terraform ͷ ELB resource ͸
 ௻Δ͢ΠϯελϯεΛ໌ࣔతʹॻ͘ඞཁ͋Γ

    • Wantedly Ͱ͸ࣗલπʔϧͰ
 Πϯελϯεͷ૿ݮɺELB ΁ͷ௻Δ͠Λߦ͏ • Terraform ίʔυͱ࣮ࡍͷ؀ڥʹࠩҟ͕ग़Δ
  35. 35.

    ELB ഑ԼͷΠϯελϯε͕
 ҙਤͤͣஔ͖׵ΘΔ • සൟʹΠϯελϯε͕ஔ͖׵ΘΔ ELB ͸
 Terraform Ͱ؅ཧ͠ͳ͍͜ͱʹͨ͠ •

    ֎෦Ͱಈతͳมߋ͕͋Γ͏ΔϦιʔε͸
 ͋͑ͯ؅ཧ͠ͳ͍
  36. 36.

    IAM Ϣʔβ࡟আͰࣦഊ • IAM ϢʔβࣗମΛফ͢લʹΫϨσϯγϟϧ΍
 ϩάΠϯϓϩϑΝΠϧΛফ͢ඞཁ͕͋Δ • Terraform ͸ͦΜͳͷ͓ߏ͍ͳ͠ʹ delete-user

    ͠Α͏ͱ͢Δ • खಈͰґଘϦιʔεΛফ্ͨ͠Ͱ apply http://docs.aws.amazon.com/ja_jp/IAM/latest/UserGuide/Using_DeletingUserFromAccount.html
  37. 37.

    ·ͱΊ

  38. 38.

    ·ͱΊ • Wantedly ͷΠϯϑϥ͸
 Terraform Ͱ؅ཧ͞Ε͍ͯ·͢ʂ • ݱߦΠϯϑϥΛ Terraform Ͱ؅ཧ͢ΔͨΊʹ


    Terraforming ͱ͍͏πʔϧΛ։ൃ͠·ͨ͠ • ͢΂ͯΛ Terraform ʹ೚͖ͤͬΓʹ͠ͳ͍