Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Terraform at Wantedly (Tech-Circle #12)

92ce4587cc8465736433e698b1e50aaa?s=47 Daisuke Fujita
January 29, 2016
Programming
2
570

Terraform at Wantedly (Tech-Circle #12)

Tech-Circle #12 Terraform Handson での LT 発表資料です
http://techcircle.connpass.com/event/25496/

92ce4587cc8465736433e698b1e50aaa?s=128

Daisuke Fujita

January 29, 2016
Tweet

More Decks by Daisuke Fujita

See All by Daisuke Fujita
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
0
110
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
4
6.4k
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
3
3.5k
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
1
1.6k
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
24
10k
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
6
6.5k
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
19
3.6k
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
1
7k
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
1
2.8k

Other Decks in Programming

See All in Programming
1a1d418bdf51cbf8fce1317f6c80a907?s=48 satoshi0212
3
280
D5744e72b6a5e6673f991cab987a31ab?s=48 siketyan
2
140
44f37c1fe3a6a56376bb41a338741355?s=48 ring
2
570
0b26590a0a8b0f1da140ed5de9b68379?s=48 usamik26
3
220
9f33218af7ae5c04e102fcc3076f2f5c?s=48 yhkaplan
0
420
D07d36d7d3263da869c7d030ba4a64a6?s=48 y__mattu
1
440
5e511bb6d01d856b4ec7a0e5b1f6a2f0?s=48 syumai
6
860
78d39160a56e4a71b1c4a2d0cbfda223?s=48 jlkiri
0
480
75f5fb3ddda052e46f1daed314ae69ab?s=48 beberlei
0
160
583e920a7e9238a1c21e923025f8f641?s=48 elainenaomi
4
170
82d6167c4d14393c2e20b37a74b363c5?s=48 kasacchiful
0
250
7850a83d81b034248782d63e7dcf7974?s=48 tatsuya4451
0
490

Featured

See All Featured
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
17
2.1k
39488f9d172ab92fd352f2cd7b73258d?s=48 mza
82
4.4k
245cee81a9c424266e5e401d844ea881?s=48 lara
175
10k
4394ceb8b277f35ee3da7030384efb5d?s=48 davidbonilla
75
3.8k
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
15
1k
4262b9cfacfb6b2c77f23e1d0310cd3e?s=48 myddelton
110
11k
1519587b1a0febb658c36c94f6272b0d?s=48 roundedbygravity
85
8.1k
F383c6a4dc55e331bbe2987b622cee6b?s=48 stephaniewalter
263
11k
E76911cbe088e5b850d966de3fc7435b?s=48 robhawkes
55
3k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
122
16k
C0b42577cfc2b321be3474618107e933?s=48 samanthasiow
61
6.7k
95d9f37115fbb0d13135d0f77132f856?s=48 morganepeng
30
1.7k

Transcript

  1. TERRAFORM
 at WANTEDLY 2016-01-29 Tech-Circle #12 Terraform Handson @dtan4

  2. Daisuke Fujita @dtan4 Πϯλʔϯ
 @ΠϯϑϥνʔϜ

  3. None
  4. None

  5. Terraform flow @ Wantedly since May 2015

  6. Terraform Ͱ؅ཧ͍ͯ͠Δ਺ 28 resource types aws_customer_gateway aws_db_instance aws_db_parameter_group aws_db_security_group aws_db_subnet_group

    aws_elasticache_cluster aws_elasticache_subnet_group aws_elb aws_iam_group aws_iam_group_membership aws_iam_group_policy aws_iam_role aws_iam_role_policy aws_iam_user aws_iam_user_policy aws_instance aws_internet_gateway aws_network_acl aws_route_table aws_route_table_association aws_s3_bucket aws_security_group aws_subnet aws_vpc aws_vpn_connection aws_vpn_connection_route aws_vpn_gateway dnsimple_record

  7. Terraform Ͱ؅ཧ͍ͯ͠Δ਺ AWS 224 DNSimple 169 393 resources

  8. Terraform ؀ڥ GitHub wercker S3 remote backend Vagrant CoreOS Docker

    quay.io/wantedly/terraform 3FNPUF -PDBM

  9. Terraform flow Terraform ίʔυΛॻ͍ͯ Pull Request Λग़͢

  10. Terraform flow Terraform ίʔυΛॻ͍ͯ Pull Request Λग़͢

  11. Terraform flow CI Ͱςετ (terraform plan) ͕૸Δ

  12. Terraform flow CI Ͱςετ (terraform plan) ͕૸Δ

  13. Terraform flow ΠϯϑϥνʔϜ͕ϨϏϡʔͯ͠ Merge

  14. Terraform flow CI Ͱ࣮؀ڥ΁ͷద༻
 (terraform apply) ͕ߦΘΕΔ

  15. e.g. DNS Ϩίʔυ௥Ճ

  16. e.g. IAM Ϣʔβ௥Ճ ৽͍͠։ൃϝϯόʔͷ௨աّྱ

  17. e.g. GitHub ্Ͱ֬ೝͰ͖ͯศར

  18. Terraform ಋೖͷաఔ

  19. ಋೖͨ͠ܦҢ • Management Console ϙνϙνۀ͔Βͷ୤٫ • ΠϯϑϥνʔϜ΁ͷ࡞ۀूத͔Βͷ୤٫ • ߏங࡞ۀͷཤྺΛ࢒͍ͨ͠ •

    ϦιʔεҰཡΛ
 ͩΕͰ΋؆୯ʹݟΒΕΔΑ͏ʹ͍ͨ͠ • Ϧιʔεෳ੡Λָʹ͍ͨ͠ • AWS ͱ DNSimple Ұॹʹѻ͑ͯศར

  20. Ұ͔ΒΠϯϑϥߏங΍ϦϓϨʔεͰ͸ͳ͘ɺ
 ͍·ಈ͍͍ͯΔΠϯϑϥϦιʔε
 ΛίʔυԽ͍ͨ͠ resource "aws_instance" "app" { count = 4

    ami = "ami-408c7f28" instance_type = "t1.micro" } resource "aws_instance" "app" { count = 4 ami = "ami-408c7f28" instance_type = "t1.micro" }

  21. ݱߦ؀ڥ΁ͷ Terraform ಋೖ https://github.com/hashicorp/terraform/issues/581

  22. ݱߦ؀ڥ΁ͷ Terraform ಋೖ https://github.com/hashicorp/terraform/issues/581 طଘϦιʔε͔Β Terraform ίʔυ Λੜ੒͢Δػೳ͸࣮૷͞Ε͍ͯͳ͍

  23. ݱߦ؀ڥ΁ͷ Terraform ಋೖ ex: hoge ͱ͍͏ S3 bucket ͕͋ͬͨͱ͖ resource

    "aws_s3_bucket" "hoge" { bucket = "hoge" acl = "private" } { "version": 1, "serial": 1, "modules": { "path": [ "root" ], "outputs": { }, "resources": { "aws_s3_bucket.hoge": { "type": "aws_s3_bucket", "primary": { "id": "hoge", "attributes": { "acl": "private", "bucket": "hoge", "id": "hoge" } } } } } } TUG UFSSBGPSNUGTUBUF

  24. ݱߦ؀ڥ΁ͷ Terraform ಋೖ ex: hoge ͱ͍͏ S3 bucket ͕͋ͬͨͱ͖ resource

    "aws_s3_bucket" "hoge" { bucket = "hoge" acl = "private" } { "version": 1, "serial": 1, "modules": { "path": [ "root" ], "outputs": { }, "resources": { "aws_s3_bucket.hoge": { "type": "aws_s3_bucket", "primary": { "id": "hoge", "attributes": { "acl": "private", "bucket": "hoge", "id": "hoge" } } } } } } TUG UFSSBGPSNUGTUBUF tfstate (JSON)
 ਓྗͰॻ͘ͷ͸ݫ͍͠

  25. Export existing AWS resources to Terraform style (tf, tfstate) dtan4/terraforming

  26. Terraforming • طଘͷ AWS / DNSimple Ϧιʔε͔Β
 Terraform ͷίʔυ (tf,

    tfstate) Λੜ੒͢Δ
 ίϚϯυϥΠϯπʔϧ • 29छྨͷ AWS ϦιʔεʹରԠ • Wantedly ͷ Terraform ίʔυͷେ൒Λੜ੒ • Issue & Pull Request ͓·ͪͯ͠·͢ʂ dtan4/terraforming $ gem install terraforming # or $ docker pull quay.io/dtan4/terraforming
  27. None

  28. Terraforming • S3 buckets ͷ tf Λੜ੒ • S3 buckets

    ͷ tfstate Λੜ੒ • S3 buckets ͷ tfstate Λੜ੒͠ɺ
 طଘͷ terraform.tfstate ͱϚʔδ $ terraforming s3 $ terraforming s3 --tfstate \ --merge=/path/to/terraform.tfstate $ terraforming s3 --tfstate dtan4/terraforming

  29. http://qiita.com/dtan4/items/345c56281ab0e87d6646

  30. ૺ۰ͨ͠໰୊

  31. terraform plan ͕৴༻ग़དྷͳ͍ • HCL ͷγϯλοΫενΣοΫͱ
 Terraform ύϥϝʔλͷνΣοΫͷΈɺ
 API ͷ

    dry-run ͸͠ͳ͍ • terraform plan ͕௨ͬͯ΋ɺύϥϝʔλ͕ AWS తʹෆਖ਼Ͱ terraform apply ʹࣦഊ͢Δ • CI Ͱʮςετʯ͍ͯ͠Δҙຯ͕…

  32. terraform plan ͕৴༻ग़དྷͳ͍ • AWS ͷυΩϡϝϯτ΋ಡ·ͳ͍ͱ͍͚ͳ͍ • terraform apply ࣦഊͯ͠΋ϦΧόϦͰ͖Δ


    ࢓૊ΈΛ࡞Δ • खݩͰ apply Ͱ͖Δ؀ڥ

  33. ELB ഑ԼͷΠϯελϯε͕
 ҙਤͤͣஔ͖׵ΘΔ • Terraform ͷ ELB resource ͸
 ௻Δ͢ΠϯελϯεΛ໌ࣔతʹॻ͘ඞཁ͋Γ

    • Wantedly Ͱ͸ࣗલπʔϧͰ
 Πϯελϯεͷ૿ݮɺELB ΁ͷ௻Δ͠Λߦ͏ • Terraform ίʔυͱ࣮ࡍͷ؀ڥʹࠩҟ͕ग़Δ

  34. ELB ഑ԼͷΠϯελϯε͕
 ҙਤͤͣஔ͖׵ΘΔ • සൟʹΠϯελϯε͕ஔ͖׵ΘΔ ELB ͸
 Terraform Ͱ؅ཧ͠ͳ͍͜ͱʹͨ͠ •

    ֎෦Ͱಈతͳมߋ͕͋Γ͏ΔϦιʔε͸
 ͋͑ͯ؅ཧ͠ͳ͍ • Terraform v0.6.4 Ͱ ignore_changes ͕ಋೖ resource "aws_elb" "foo" { lifecycle { ignore_changes = ["instances"] } }

  35. IAM Ϣʔβ࡟আͰࣦഊ • IAM ϢʔβࣗମΛফ͢લʹΫϨσϯγϟϧ΍
 ϩάΠϯϓϩϑΝΠϧΛফ͢ඞཁ͕͋Δ • Terraform ͸ͦΜͳͷ͓ߏ͍ͳ͠ʹ delete-user

    ͠Α͏ͱ͢Δ • खಈͰґଘϦιʔεΛফ্ͨ͠Ͱ apply http://docs.aws.amazon.com/ja_jp/IAM/latest/UserGuide/Using_DeletingUserFromAccount.html

  36. ·ͱΊ

  37. ·ͱΊ • Wantedly ͷΠϯϑϥ͸
 Terraform Ͱ؅ཧ͞Ε͍ͯ·͢ʂ • ݱߦΠϯϑϥΛ Terraform Ͱ؅ཧ͢ΔͨΊʹ


    Terraforming ͱ͍͏πʔϧΛ։ൃ͠·ͨ͠ • ͢΂ͯΛ Terraform ʹ೚͖ͤͬΓʹ͠ͳ͍