TerraformでAWSのインフラ構成構築を自動化する(入門) at 第130回 PHP勉強会＠東京 by @Khigashiguchi

Transcript

1. TerraformͰ AWSͷΠϯϑϥߏ੒ߏஙΛ ࣗಈԽ͢Δʢೖ໳ʣ 2018/9/26 (Wed) ୈ130ճ PHPษڧձ@౦ژ @Khigashiguchi

2. ࣗݾ঺հ • ౦ޱ ࿨ᏻ @Khigashiguchi • Server Side EngineerʢPHP /

   Goʣ • BASE, Inc / BASE Product Division • Blog: http:// khigashigashi.hatenablog.com/

3. 5FSSBGPSNͰ"84ͷΠϯϑϥߏ੒ߏஙΛࣗಈԽ͢Δ ೖ໳
   IUUQLIJHBTIJHBTIJIBUFOBCMPHDPNFOUSZ

4. None

5. What is Terraform? • HashiCorp͕࡞͍ͬͯΔίʔυ͔ΒΠϯϑ ϥϦιʔεΛ࡞੒ɾ؅ཧ͢ΔͨΊͷπʔϧ • Infrastructure as Code

   • AWS, GCP, Azure, Heroku ͳͲଟ͘ͷSaaS ʹ෯޿͘ରԠ

6. Providers https://www.terraform.io/docs/providers/

7. Terraform Merit for PHPer Work • SREνʔϜͳͲͱͷΠϯϑϥʹؔ͢Δձ࿩ ͷ५׈Խ • TerraformͷϑΝΠϧΛϕʔεʹͨ͠ߏ੒

   ৘ใڞ༗ • ϕϯμʔʹറΒΕͳ͍πʔϧ • ಛఆϕϯμʔͷΈͰ͸ͳ͍ͷͰԣల͕͖ ͘

8. Terraform Merit for PHPer Hobby • ݸਓΞϓϦ΍ֶश࣌ͷΠϯϑϥߏங • Ұ౓ίʔυͱͯ͠อଘ͓͚ͯ͠Δ͜ͱʹ ΑΔ࠶ར༻ੑ

9. Getting started Terraform: Example case • ʮEIP(Elastic IP)Λඥ͚ͮͨEC2 InstanceΛ ࡞Δʯ

   1. Configuration fileʢ֦ுࢠ .tfʣͷ࡞੒ 2. ॳظԽʢterraform initʣ 3. ߏஙʢterraform applyʣ 4. ࡟আʢterraform destroyʣ

10. IUUQTHJUIVCDPN,IJHBTIJHVDIJUFSSBGPSNTOJQQFUTUSFFNBTUFS TJNQMFEFNP Demonstration

11. Configuration fileʢ֦ுࢠ .tfʣͷ࡞੒ $ ls main.tf variables.tf terraform.tfvars .tf ֦ுࢠ

12. Configuration fileʢ֦ுࢠ .tfʣͷ࡞੒ provider "aws" { access_key = "${var.aws_access_key}" secret_key

    = "${var.aws_secret_key}" region = "${var.aws_region}" } resource "aws_instance" "example" { ami = "ami-08847abae18baa040" // Amazon Linux 2 AMI (HVM), SSD Volume Type instance_type = "t2.micro" } resource "aws_eip" "ip" { instance = "${aws_instance.example.id}" } output "ip" { value = "${aws_eip.ip.public_ip}" } main.tf

13. Configuration fileʢ֦ுࢠ .tfʣͷ࡞੒ provider "aws" { access_key = "${var.aws_access_key}" secret_key

    = "${var.aws_secret_key}" region = "${var.aws_region}" } resource "aws_instance" "example" { ami = "ami-08847abae18baa040" // Amazon Linux 2 AMI (HVM), SSD Volume Type instance_type = "t2.micro" } resource "aws_eip" "ip" { instance = "${aws_instance.example.id}" } output "ip" { value = "${aws_eip.ip.public_ip}" } providerࢦఆɺࠓճ͸”aws”Λઃఆ ${var.xxx}ʹ͍ͭͯ͸࣍ʹvariables.tfϑΝΠϧʹͯ main.tf

14. Configuration fileʢ֦ுࢠ .tfʣͷ࡞੒ provider "aws" { access_key = "${var.aws_access_key}" secret_key

    = "${var.aws_secret_key}" region = "${var.aws_region}" } resource "aws_instance" "example" { ami = "ami-08847abae18baa040" // Amazon Linux 2 AMI (HVM), SSD Volume Type instance_type = "t2.micro" } resource "aws_eip" "ip" { instance = "${aws_instance.example.id}" } output "ip" { value = "${aws_eip.ip.public_ip}" } EC2 InstanceΛཱͯΔɻ ແྉ࿮Ͱ࢖͑ΔAMIɾInstance TypeΛࢦఆ main.tf

15. Configuration fileʢ֦ுࢠ .tfʣͷ࡞੒ provider "aws" { access_key = "${var.aws_access_key}" secret_key

    = "${var.aws_secret_key}" region = "${var.aws_region}" } resource "aws_instance" "example" { ami = "ami-08847abae18baa040" // Amazon Linux 2 AMI (HVM), SSD Volume Type instance_type = "t2.micro" } resource "aws_eip" "ip" { instance = "${aws_instance.example.id}" } output "ip" { value = "${aws_eip.ip.public_ip}" } EIP (Elastic IP)Λ࡞੒͠ɺ ্هͰ࡞੒͢ΔEC2 Instanceʹؔ࿈෇͚Δɻ main.tf

16. Configuration fileʢ֦ுࢠ .tfʣͷ࡞੒ variable "aws_access_key" {} variable "aws_secret_key" {} variable

    "aws_region" { default = "ap-northeast-1" } variables.tf

17. Configuration fileʢ֦ுࢠ .tfʣͷ࡞੒ variable "aws_access_key" {} variable "aws_secret_key" {} variable

    "aws_region" { default = "ap-northeast-1" } variables.tf Input variablesͱͯ͠ఆٛ .tfvars ϑΝΠϧ͕༗Ε͹ͦ͜ʹهࡌ͞Εͨ஋Λࢀরɻ ͳ͚Ε͹ίϚϯυΠϯλʔϑΣʔεʹͯೖྗɻ

18. Configuration fileʢ֦ுࢠ .tfʣͷ࡞੒ aws_access_key = "YOUR-ACCESS-KEY" aws_secret_key = "YOUR-SECRET-KEY" aws_region

    = "ap-northeast-1" terreform.tfvars variablesʹ୅ೖ͍ͨ͠஋Λઃఆ͢Δ

19. ॳظԽʢterraform initʣ -> % terraform init Initializing provider plugins... -

    Checking for available provider plugins on https:// releases.hashicorp.com... - Downloading plugin for provider "aws" (1.37.0)... The following providers do not have any version constraints in configuration, so the latest version was installed. To prevent automatic upgrades to new major versions that may contain breaking changes, it is recommended to add version = "..." constraints to the corresponding provider blocks in configuration, with the constraint strings suggested below. * provider.aws: version = "~> 1.37" Terraform has been successfully initialized!

20. ߏஙʢterraform applyʣ -> % terraform apply An execution plan has

    been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: (omit) Plan: 2 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value:

21. ߏஙʢterraform applyʣ -> % terraform apply An execution plan has

    been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: (omit) Plan: 2 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes ConfigurationϑΝΠϧ͔Β࣮ߦPlan͕࡞੒͞ΕΔɻ ࣮ߦPlanʹ໰୊͕ͳ͚Ε͹࣮ࡍʹ࣮ߦ͢Δɻ

22. ߏஙʢterraform applyʣ -> % terraform apply (omit) Apply complete! Resources:

    2 added, 0 changed, 0 destroyed. Outputs: ip = xx.xxx.xxx.xxx ࣮ߦ׬ྃޙ݁Ռ͕දࣔ͞ΕΔ

23. ࡟আʢterraform destroyʣ -> % terraform destroy aws_instance.example: Refreshing state... (ID:

    i-027c1c02033735238) aws_eip.ip: Refreshing state... (ID: eipalloc-02ca8955cb6dd27e3) An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: - aws_eip.ip - aws_instance.example Plan: 0 to add, 0 to change, 2 to destroy. Do you really want to destroy all resources? Terraform will destroy all your managed infrastructure, as shown above. There is no undo. Only 'yes' will be accepted to confirm. Enter a value: yes

24. ࡟আʢterraform destroyʣ -> % terraform destroy aws_instance.example: Refreshing state... (ID:

    i-027c1c02033735238) aws_eip.ip: Refreshing state... (ID: eipalloc-02ca8955cb6dd27e3) An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: - aws_eip.ip - aws_instance.example Plan: 0 to add, 0 to change, 2 to destroy. Do you really want to destroy all resources? Terraform will destroy all your managed infrastructure, as shown above. There is no undo. Only 'yes' will be accepted to confirm. Enter a value: yes applyͱಉ༷ʹ࣮ߦplan͕࡞੒͞ΕΔ ໰୊ͳ͚Ε͹࣮ߦ͢Δ

25. ࡟আʢterraform destroyʣ -> % terraform destroy (omit) aws_instance.example: Destruction complete

    after 1m20s ࣮ߦ׬ྃޙ݁Ռ͕දࣔ͞ΕΔ

26. How to entrance Terraform • Terraform͸ɺΠϯϑϥߏ੒ɾߏஙΛίʔ υͱͯ͠දݱ͢Δπʔϧ • →Πϯϑϥߏ੒ɾߏஙʹ͍ͭͯͷجૅ஌ ͕ࣝඞཁ

27. 
    Step5: ECSλεΫఆٛ ʮAmazon Web Services جૅ͔ΒͷωοτϫʔΫˍαʔ όʔߏஙɹվగ൛ʯ IUUQTXXXOJLLFJCQDPKQBUDMQVCNLUCPPL

28. How to entrance Terraform • 1. TerraformͷงғؾΛެࣜIntroduction͔ Β஌Δ • https://www.terraform.io/intro/

    index.html • ެࣜυΩϡϝϯτͰɺTerraformͷ࢖͍ ํ͸େ࿮೺ѲͰ͖Δ

29. How to entrance Terraform • 2. TerraformͰ࣮ݱ͍ͨ͠Πϯϑϥߏ੒ʹ ͍ͭͯߟ͑ΔɾֶͿ • Consoleը໘ͰҰճ࡞ͬͨ΋ͷΛίʔυ

    ͱͯ͠࠶ݱ͢ΔΞϓϩʔν͕΍Γ΍͔ͬ͢ ͨ

30. 5FSSBGPSNͰ"84ͷΠϯϑϥߏ੒ߏஙΛࣗಈԽ͢Δ ೖ໳
    IUUQLIJHBTIJHBTIJIBUFOBCMPHDPNFOUSZ ʮAmazon Web Services جૅ͔Βͷωοτ ϫʔΫˍαʔόʔߏஙɹվగ൛ʯͰͷ಺༰Λ 5FSSBGPSNͰ࣮ݱ͢Δ

31. ·ͱΊ • TerraformʹΑͬͯΠϯϑϥΛίʔυͱͯ͠ఆ ٛ • TerraformΛ࢖͍ͬͯΔݱ৔Ͱ͋Ε͹ɺΠϯϑ ϥʹ͍ͭͯ࿩͢५׈༉ͱͯ͠༗ޮ • ݸਓ؀ڥͱͯ͠࢖͏ʹ΋ྑ޷

32. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·͠ ͨɻ @Khigashiguchi