【トレタ×プレイド】TechBlog Deep Dive Meetup #1 〜インフラ編〜 http://plaidtech.connpass.com/event/33511/
での発表内容。 Terraform, Packer, Roadworker, Ansible, Serverspec, Circle CIなどをトレタでどう使っているか?何が罠か?など。
τϨλͷΠϯϑϥӡ༻ʲτϨλºϓϨΠυʳ5FDI#MPH%FFQ%JWF.FFUVQ)JSPBLJ4BOP
View Slide
NF• Name:• ࠤ༟ষ(Hiroaki Sano)• Personal website:• https://hiroakis.com/blog/• Company:• NEC Soft, Ltd. (2006/4-)• CyberAgent, Inc. (2011/3-)• Toreta, Inc. (2014/11-)
τϨλ• ҿ৯ళ͚༧ཧΞϓϦέʔγϣϯΛiPadΞϓϦͱͯ͠ఏڙ• ҰൠϢʔβ͚ʹΣϒ༧ఏڙ• ސ٬ɿϨετϥϯɺډञͳͲͷҿ৯ళ• ྫ͑…• Զͷגࣜձ༷ࣾ(ԶͷΠλϦΞϯɺԶͷϑϨϯν…etc)• גࣜձࣾେঙ༷(ঙɺΔ͖…etc)• ΤʔɾϐʔΧϯύχʔ༷(௩ా…etc)• ϩʔετϗʔε༷• etc• ϩʔϯν201312݄• ಋೖళฮɿ6000ళฮʙ• ళฮ͋ͨΓͷֹ݄՝ۚ• ίʔϙϨʔτΧϥʔ• ΦϑΟεौ୩ -> ࠇ -> ܙൺण -> ޒా
͜ΕΛCONFIDENTIAL - Toreta Inc., All Right Reserved.Toreta Inc., All Right Reserved.
͜͏CONFIDENTIAL - Toreta Inc., All Right Reserved.Toreta Inc., All Right Reserved.
τϨλͷίϯηϓτ• ҿ৯ళͷ༧ཧɺސ٬ཧΛITԽ• ҿ৯ళͰಇ͘ਓͷۀͷࣗಈԽ• ༧ࣄނΛ͙
ࠓٕज़ϒϩάਂ۷Γձͱ͍͏͜ͱͰʜ
τϨλ։ൃऀϒϩάIUUQUFDIUPSFUBJO
ࢲͷॻ͍ͨهࣄ• Raspberry PiͱԹɾ࣪ɾޫηϯαʔͰΦϑΟεͷঢ়گΛՄࢹԽ͢Δ• http://tech.toreta.in/entry/2016/02/15/153203• τϨλͷΠϯϑϥӡ༻ɺࢧ͍͑ͯΔಓ۩(Packer, Terraform,Serverspec, Ansible, Roadworker, Circle CI)ɺߟ͑ํ• http://tech.toreta.in/entry/2016/04/14/143248• ϝʔϧͷ৴ঢ়گΛՄࢹԽɺ͢Δ• http://tech.toreta.in/entry/2016/04/20/153852• Engineyard͔ΒAWSʹҠઃͯ͠Auroraͷӡ༻Λ։࢝ͨ͠• http://tech.toreta.in/entry/2016/06/16/114919
ࠓ͢͜ͱ• ओʹAWSͰͷΠϯϑϥӡ༻ʹ͍ͭͯ• τϨλͷAPIαʔόͷΤίγεςϜ• ओʹϒϩάωλʹొͨ͠ࣄฑΛத৺ʹ…• Terraform• Roadworker• Packer• Ansible• Serverspec• Aurora• Circle CI• ࠓޙʹ͍ͭͯ• ٕज़తʹਅ৽͍͠ͷͳ͍Ͱ͕͢ࢀߟʹ͍͚ͯͨͩ͠Ε…
τϨλ"1*ͱͦͷपลͷΤίγεςϜ
AmazonRoute 53AmazonRDS(Aurora)api workerRedismemcachedAmazonSNSAmazon SQSτϨλ"1*ͱͦͷपลͷΤίγεςϜFAX/SMS…AmazonS3ը૾/Ի…ଞαϒγεςϜͷ௨ϩάϝʔϧfax, smsAPIworkerfluentd
τϨλ"1*ͱͦͷपลͷΤίγεςϜ• Amazon Web Services• 5݄ʹEngineyard͔ΒҠઃ(ϒϩάهࣄͷ௨Γ)• Appαʔό: APIɺWorkerಉډ. nginx, Rails(unicorn), sidekiqͰ࣮.• Redis: WorkerͷΩϡʔΠϯά༻• memcached: Ωϟογϡ• RDS Aurora: ϝΠϯͷσʔλϕʔε• Google Cloud Platform• BigQuery: fluentd͔Βϩάͷసૹ• ιʔϦʔαʔόҰ෦ͷόοναʔό: GCEͷݕূΛ݉Ͷͯͪ͜Βʹߏஙͯ͋͠Δ• Monitoring• Mackerel: ϦιʔεࢹɺϝτϦΫε• Pingdom: ΤϯυϙΠϯτࢹ• Pagerduty: ΞϥʔτରԠͷεέδϡʔϦϯάɺి௨• CI• Circle CI: CI͓ΑͼσϓϩΠɺ͓ΑͼΦϖϨʔγϣϯͷத৺
app workerRedisAuroraWritermemcachedapp workerRedis memcachedAvailability Zone A71$ઃܭpublic subnetAvailability Zone CAuroraReaderpublic subnet10.0.0.0/1610.0.0.0/24 10.0.1.0/24
71$ઃܭ• ֤ίϯϙʔωϯτϚϧνAZͰஔ• 10.0.X.0/24 -> AZ-A• 10.0.Y.0/24 -> AZ-C• ύϒϦοΫαϒωοτͷΈ• RDSͳͲύϒϦοΫαϒωοτʹஔ͘• ݎ࿚ੑηΩϡϦςΟάϧʔϓͰ୲อ• ࡶ͡Όͳ͍͔ʁͱͨ·ʹݴΘΕΔ• ݱঢ়ͷ࡞ΓͰผʹࠔ͍ͬͯͳ͍• ࠔͬͨΒ࡞Γͳ͓͢
5FSSBGPSN
5FSSBGPSN• https://www.terraform.io/• HashicorpϓϩμΫτ• AWSGCPͳͲ֤छΫϥυͷঢ়ଶΛίʔυͰهड़͢Δͷ• HCLͱ͍͏jsonϥΠΫͳϑΥʔϚοτͰهड़ग़య: https://www.terraform.io/
5FSSBGPSN• VPC, SecurityGroup, EC2Λཧରͱ͍ͯ͠Δ• EC2ߏங࣌Environment, Role, ServiceλάΛ༩͢Δ• ͜ΕΒσϓϩΠϓϩϏδϣχϯάͰ͏• AWSͷ͍ํͱͯ͠యܕతͱ͍͏͔ݹయతͳखஈ
ͳͥ5FSSBGPSN͔ʁ• CloudFormationΑΓ׳Ε͍͔ͯͨΒ• Google Cloud Platform͍͔ͬͯͨΒ• ͪͳΈʹࣅͨΑ͏ͳπʔϧʹ͜Μͳͷ͋Γ·͢• Apache Libcloud• https://libcloud.apache.org/index.html• छʑͷΫϥυʹରԠͨ͠boto(aws sdk for Python)ͷΑ͏ͳͷ
؊UGTUBUFϑΝΠϧͷѻ͍• terraform࣮ߦޙͷঢ়ଶ͕هड़͞Ε͍ͯΔϑΝΠϧ• terraform͜ͷϑΝΠϧͷঢ়ଶΛਖ਼ͱͯ͠มߋΛద༻͢Δ• terraform࣮ߦ࣌ʹ͜ͷϑΝΠϧ͕յΕͨΓઌฦΓͨ͠ঢ়ଶͰ࣮ߦ͢ΔͱࣄނΔ• ͜ͷϑΝΠϧ͕յΕͨΒʁר͖ͬͯ͠·ͬͨΒʁ => ؤு࣏ͬͯͦ͏:(ʀƄƅ’Тƅ'):• खݩ͔Β࣮ߦ͢Δ߹githubͳͲͰཧͭͭ͠࡞ۀऀ֤Ґ͕ඞͣ࠷৽ͷͷΛpull͔ͯ͠Β͏• τϨλͰ…• S3ʹஔ͖ͭͭɺCircle CI͔ΒterraformΛ࣮ߦ• ΦϖϨʔγϣϯΛ࣮ߦ͢ΔਓҰਓ(Circle CI)ʹ͢ΔͨΊ• ඞͣ࠷৽ͷtfstateϑΝΠϧΛ͏Α͏ͳΈʹ͢ΔͨΊ
؊ESZSVO͕௨͔ͬͨΒͱ͍ͬͯʜ• ࣮ߦ͕ޭ͢ΔͱݶΒͳ͍• ͜ͷ߹མͪண͍ͯΤϥʔ༰ΛݟΔ• τϨλͰAWSϦιʔεͷ্ݶʹୡͨ͠߹ͳͲʹ໘ͨ͠(EC2Πϯελϯεͷ্ݶ…etc)
؊ͯ͢ΛUFSSBGPSNཧԼʹஔ͔ͳ͍• tfstateϑΝΠϧΛਖ਼ͱͯ͠ಈ͘ͷͰঢ়ଶ͕มԽ͢ΔASGͳͲʹෆ͖(ͩͱࢥ͍ͬͯ·͢)• ͦΕͱ…ͩͬͯා͍ΜͩΜ
࣮ࡍੲ݁ߏා͔ͬͨ• ͔ͭͯ༧ظͤ͵ഁյతͳڍಈ͕͋ͬͨ
3PBEXPSLFS
3PBEXPSLFS• https://github.com/winebarrel/• Route53ͷϨίʔυઃఆΛRubyͷDSLͰهड़Ͱ͖Δ
3PBEXPSLFS• Engineyard࣌EngineyardͱAWSͷϋΠϒϦουӡ༻• Engineyard: EC2Πϯελϯε(App, Redis, MySQL…)• AWS: Route53, S3…• ೖࣾ࣌ʹAWS্ͷͷͷίʔυԽʹணखͨ͠• ࠷ॳ͔ΒTerraformʹ͠ͳ͔ͬͨͷ࣌ͷTerraformطଘͷDNSϨίʔυͷexport͕Ͱ͖ͳ͔ͬͨ• RoadworkerͰ͖ͨ
1BDLFS
1BDLFS• https://www.packer.io/• HashicorpϓϩμΫτ• AMI(AWS), Virtualbox, dockerͳͲ֤छΠϝʔδΛϓϩάϥϚϒϧʹ࡞Ͱ͖Δ• jsonͰهड़
1BDLFS• τϨλͰͷ༻్• ϕʔεͱͳΔAMIͷ࡞• ։ൃڥ༻Vagrant boxͷ࡞• Packerʹ͍ͭͯ͜ΕʹΘΔͷແ͍(ͣ)
1BDLFSͰ͍ͬͯΔ͜ͱ• OSͷॳظઃఆ• RubyͷΠϯετʔϧ• ϛυϧΣΞͷΠϯετʔϧίϯϑΟάͷAnsibleʹΒ͍ͤͯΔ• ҎલϛυϧΣΞͷΠϯετʔϧPackerʹΒͤͯશ෦ೖΓͷAMIΛ࡞͍ͬͯͨ(ϒϩάهࣄΑΓ↓)
શ෦ೖΓͷ".*ʹ͢Δ͖͔ʁ• શ෦ೖΓʹͨ͠߹ͷ…• ϝϦοτ• ىಈ͢Δ͚ͩͰαʔϏεೖՄೳͱͳΔ• σϝϦοτ• ίϯϑΟάมߋͷͨͼʹAMIΛࣽࠐΉඞཁ͕͋Δ• ·ͨͦͷͨͼʹΠϯελϯεશೖΕସ͑• ͜ͷΈΛࣗಈԽ͢ΕσϝϦοτͳ͘ͳΔ͔͠Εͳ͍• ͨͩࣽ͜͠Ή࣌ؒΛͭͷ͕μϧ͍ͱ͖͋Δ…
શ෦ೖΓͷ".*ʹ͢Δ͖͔ʁ• શ෦ೖΓͷํ͕ΫϥυతͰ͋Δ• ίϯςφͷӡ༻ͱۙ͘ͳΔͣ• ͭ·Γঢ়ଶͷมߋ = ΠϯελϯεΛ৽͘͠࡞ΔˍೖΕସ͑Δ• ίϯϑΟάྨͷมߋΛAnsible/chefͳͲͰద༻Λ܁Γฦ͢ͷݩΦϯϓϨͷߟ͑ํ• ͭ·Γಉ͡αʔόΛ͍ճ͢ͱ͍͏લఏͷιϦϡʔγϣϯ• ͍ΘΏΔႈੑ• Ϋϥυ”ࣺͯΔ”ͱ͍͏બࢶ͕͋Δ• ࣺͯΔ->࠶ߏங͕࣌ؒͰՄೳ• ͪΖΜΠϯελϯε͕յΕΔ·Ͱ͍ճ͢͜ͱͰ͖Δ
"OTJCMF
"OTJCMF• https://www.ansible.com/• αʔόߏஙͷࣗಈԽɺႈੑͷ୲อ• ಉͷπʔϧʹchefitamaepuppet͕͋Δ• yamlͰهड़
ͳͥ"OTJCMF͔ʁ• ผʹͳΜͰྑ͔ͬͨ• Α͋͘Δ(?)ࣄҊ• αʔόߏஙεΫϦϓτ͕ൿͷλϨͩᵆ( :^o^)ᵒ• αʔόߏஙखॱॻ͕ոจॻͩᵎ(^o^; )ᵊ• chef/ansibleΛಋೖͩ(^q^)• cookbook/playbook͕ݹจॻʹͳͬͨʗ(^o^)ʘ• ͜ͷखͷπʔϧͲΕͬͯهड़ϧʔϧӡ༻ϧʔϧΛܾΊ͓͔ͯͳ͍ͱυπϘʹϋϚΔ(ܦݧ্)• ΠϯϑϥίʔυͪΌΜͱϨϏϡʔ͢Δʢ͋ͨΓ·͑Ͱ͕͢…ʣ• ςετɺServerspecΛॻ͍͓ͯ͜͏• ʮ༨ܭͳ͜ͱ͕Ͱ͖ͳ͍puppet͕Ұ൪ྑ͍ʯbyಉۀऀͷ༑ਓ ͱ͍͏ҙݟ͋Δ
"OTJCMF• τϨλͰ…• EC2ʹରͯ͠ϛυϧΣΞͷΠϯετʔϧɺίϯϑΟάͷΛߦ͍ͬͯΔ• μΠφϛοΫΠϯϕϯτϦΛར༻• EC2ʹ༩ͨ͠ServiceλάͱRoleλάͰϓϩϏδϣχϯάରͷϗετͱϩʔϧΛಈతʹऔಘ• ϗετͷ૿ݮɺIPͷมԽΛҙࣝͤͣʹϓϩϏδϣχϯάͰ͖Δ
4FSWFSTQFD
4FSWFSTQFD• http://serverspec.org/• ίϯϑΟάͷςετϑϨʔϜϫʔΫ• ϦϑΝΫλϦϯά͕ओతͷιϑτΣΞ• RSpecͰهड़
4FSWFSTQFD• τϨλͰΠϯϑϥίʔυΛϦϑΝΫλϦϯά͘͢͢͠ΔͨΊʹॻ͍͍ͯΔ• Serverspec͕ॻ͍ͯ͋Εྫ͑ansible->chefͷΓ͑(ͨͿΜΒͳ͍͚Ͳ)Γ͍͢
"VSPSB
"VSPSB• RDSͷΤϯδϯͷҰͭ• MySQLޓ• GUIϙνϙνͰߏஙͯ͠·͢• ↓ͱ͍͏ߟ͑(ݴ͍༁ʁ)
"VSPSB• ಋೖʹ͋ͨͬͯݕূͨ͜͠ͱ• Ҡߦલ(MySQL on Engineyard)ͱ࣮ߦܭը͕มΘΒͳ͍͜ͱͷ֬ೝ• ͪΌΜͱࠓ·Ͱ௨ΓʹΠϯσοΫεΛͬͯ͘ΕΔ͔• ίϯϑΟάϨʔγϣϯͷਫ਼ࠪ• MySQL͓͡͞Μͱͯ͠ඇৗʹؾʹͳͬͨ…• Ͳ͜ΛͲ͏มߋ͔ͨ͠ϒϩάهࣄΛࢀর͍ͯͩ͘͠͞• εέʔϧΞοϓɺσʔλϦΧόϦ…ͳͲͷΦϖखॱɺཁ͢Δ࣌ؒͳͲ• ༗ࣄʹඋ͑ͯखॱΛཱ͓֬ͯͨ͘͠Ί• ཁૉৼΓɻ࿅शɻ
"VSPSB• ੑೳࢼݧͬͯͳ͍ɻͱ͍͏͔Βͳ͍ɻ• sysbenchͳͲͷࢼݧʹ͍ͭͯ͢Ͱʹଟ͘ͷهࣄ͕ωοτʹ্͕͍ͬͯΔɻਓͱಉ͜͡ͱΛͯ͠ҙຯ͕ͳ͍ɻ• ͠ΔͳΒຊ൪૬ͷσʔλྔɺSQLɺτϥϑΟοΫ• όονॲཧͷࢀরܥΛAuroraʹ͚ͯෛՙঢ়گΛ֬ೝ• ΦϯϥΠϯॲཧʹ͍ͭͯલεϥΠυͷ௨Γ࣮ߦܭըͷ֬ೝΛߦͬͯMySQLͱಉͰ͋Δ͜ͱΛ֬ೝͯ͠OKͱͨ͠
"VSPSBͰ࣮ݱͰ͖ͳ͍͜ͱ• θϩμϯλΠϜ• ϝϯςφϯεΟϯυ͕͋ΔͷͰ͍͔ͭ࠶ىಈ͠ͳ͖ΌͳΒͳ͍ͱ͖͕དྷΔɻ• ͰϑΣΠϧΦʔόͰ1ఔͰ• 1ࢭΊͨ͘ͳ͍߹…• MySQL on EC2 with MHA• ࢲͷهԱͰMHAͷํ͕ϑΣΠϧΦʔόૣ͍• શθϩμϯλΠϜΛࢦ͔ͨͬͨ͠ΒϚϧνϚελͳࢄDBͰ…Cassandraͱ͔Ͱ…ؤுͬͯ…͍ͩ͘͞…
$JSDMF$*
$JSDMF$*• ஶ໊ͳCIαʔϏεͷҰͭ• RailsΞϓϦέʔγϣϯͷCI/σϓϩΠج൫ͱͯ͠׆༻• ΠϯϑϥΦϖϨʔγϣϯͷ࣮ߦج൫ͱͯ͠׆༻
$JSDMF$*͔ΒͷσϓϩΠ• EC2ʹ༩͞ΕͨServiceλάͱRoleλάͰରͷϗετΛಛఆͯ͠CapistranoAnsibleΛ࣮ߦ• ·͋ී௨ͷΓํͰ͢• θϩμϯλΠϜσϓϩΠͷ࣮ݱʁ• unicornϗοτσϓϩΠ͕ޮ͘• ࠓͷنͰ͜ΕͰे
ࠓޙ
ࠓޙ• ίϯςφʁ• ΔͳΒ৽نαʔϏε։ൃ࣌• ։ൃख๏ɺσϓϩΠํ๏ɺӡ༻ख๏͕มԽ͢ΔɺଞΤϯδχΞʹͦΕΛͬͯΒ͏ඞཁ͕͋Δ• طଘͷαʔϏεΛίϯςφԽ͢Δ͜ͱࠓߟ͍͑ͯͳ͍• ৽نαʔϏεͰίϯςφಋೖͷޮՌ͕ग़ͨΒΔ͔• ASGʁ• ͕૿͑ͯඇϐʔΫ࣌ͷίετݮޮՌ͕ݟ͑ͦ͏ʹͳͬͨΒ• ͨͩ͠Terraformͱͷ૬ੑ͕ѱͦ͏ͩ
͓ΘΓ
hiroakis
kazukihayase
naohachi89
route06
hygradme
kazuhitotakahashi
sansantech
oracle4engineer
ikumatadokoro
lemiorhan
lwug
orimanabu
k1low
eitanlees
dougneiner
notwaldorf
ddemaree
thekraken
cromwellryan
moore
samlambert
maggiecrowley
smashingmag
soudai
colly