Ansible と AWS Lambda/cirasu_ansible_tettei_nyumon_1

Ansible ͱ
AWS Lambda
CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1
1 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

View Slide

͋Μͨ୭Ͷʁ
• ઒ݪ ༸ฏ(͔ͬͺͱݺΜͰͶ ! )
• iret גࣜձࣾ cloudpack ࣄۀ෦
• AWS Πϯϑϥͷӡ༻อकΛੜۀͱ͠
͓ͯΓ·͢
• twitter : @inokara
• Facebook : inokappa
• ޷͖ͳΨϯμϜ : మ݂ͷΦϧϑΣϯζ
Ansible ·ͩ·ͩॳ৺ऀͰ͢...

View Slide

CIRASU ͬͯͳΜͶʁ
෱ԬͰ Infrastructure as code ΍ Configuration as code ɺSite
Reliability Engineering (SRE)ɺDevOps ͳͲΠϯϑϥٕज़ऀΛऔΓר
ٕ͘ज़ɾӡ༻ʹ͍ͭͯͷ৘ใΛ ΏΔʙ͘ ڞ༗ɾษڧ͢Δίϛϡχ
ςΟͰ͢.

View Slide

ࠓ೔ͷ࿩͠͸ͳΜͶʁ
Ansible పఈೖ໳ 7 ষΛಡΜͰ͍ͯ...
• Ansible Ͱ AWS Ϧιʔε͕͍͡ΕΔͷ͔ʂ
ͱ͍͏͜ͱͰɺAWS Lambda ͷσϓϩΠ΍ߋ৽࡞ۀʹ࢖͑ͳ͍͔
ࢼߦࡨޡͯ͠Έ·ͨ͠.

View Slide

ͰɺͲΜͳ࿩͠Λͬ͢ͱ΍ʁ
1. AWS Lambda ΛσϓϩΠ͢Δ࣌ͷ೰Έ
2. Ansible Ͱ Lambda Λૢ࡞ͯ͠Έͨ ʙಋೖʙ
3. Ansible Ͱ Lambda Λૢ࡞ͯ͠Έͨ ʙ࣮૷ʙ
4. ͕࣌ؒ͋ͬͨΒ Demo
5. ·ͱΊ

View Slide

ຊࢿྉͰར༻ͨ͠؀ڥ
ຊࢿྉͰར༻ͨ͠ Python ٴͼ Ansible όʔδϣϯ͸ҎԼͷ௨Γ.
$ python --version
Python 2.7.13
$ ansible --version
ansible 2.2.1.0
config file = /path/to/.ansible.cfg
configured module search path = Default w/o overrides

View Slide

AWS Lambda Λ
σϓϩΠ͢Δ࣌ͷ೰Έ

View Slide

AWS Lambdaʁ
• ΋͸΍આ໌ෆཁʢͩͱࢥͬͯ·͢ʣ
• αʔόϨείϯϐϡʔςΟϯάͷத֩Λ୲͏ΞϓϦέʔγϣϯ
࣮ߦ؀ڥΛఏڙ͢ΔαʔϏε
• ΞϓϦέʔγϣϯΛ࣮ߦͨ࣌ؒ͠ͱ࢖༻ϝϞϦ༰ྔͰ՝ۚ
• Node.js (JavaScript)ɺPythonɺ͓Αͼ Java (Java 8 ޓ׵)ɺͦͯ͠
C# Λαϙʔτ͍ͯ͠Δ
※ ҎԼɺAWS Lambda ͸ Lambda ͱهࡌ͠·͢.

View Slide

Lambda Λಈ͔͢·Ͱͷ todo
1. ؔ࿈ύοέʔδΛ४උ
2. ΞϓϦέʔγϣϯͱؔ࿈ύοέʔδΛ zip ͰݻΊΔ
3. IAM Role ͷ࡞੒(ॳճͷΈ)
4. Lambda Function ͷ࡞੒(ॳճͷΈ)
5. zip ϑΝΠϧΛΞοϓϩʔυ
6. Πϕϯτ༻ͷݖݶΛ෇༩(ॳճͷΈɺඞཁͰ͋Ε͹)

View Slide

͓ɺಈ͔͢ͷͬͯ
ҙ֎ʹ໘౗ͩͳ͋
※͋͘·Ͱ΋ݸਓతͳݟղͰ͢.

View Slide

Lambda ͷ؅ཧπʔϧ
ز͔ͭ OSS Ͱެ։͞Ε͍ͯΔ.
• serverless/serverless(https:/
/github.com/serverless/serverless)
• apex/apex(https:/
/github.com/apex/apex)
• awslabs/chalice(https:/
/github.com/awslabs/chalice)
• marcy-terui/lamvery(https:/
/github.com/marcy-terui/lamvery)
• rackerlabs/lambda-uploader(https:/
/github.com/rackerlabs/
lambda-uploader)

View Slide

͓ɺͲΕ͕
͍͍ΜͩΖʁ
※खʹೃછΉ΋ͷΛ୳͢ఔ Lambda ͱͷؔΘΓ͕গͳ͍ͱ͍͏͜ͱ΋͋Δ͔ͳ...

View Slide

apex ͱ͍͏ͷ͕ྑ͍ͱڭ͑ͯ௖͍ͨ
ΜͰ͕͢ɺະͩࢼͤͣ. օ͞Μ͸Ͳͷ
πʔϧΛར༻͞Ε͍ͯ·͢Ͱ͠ΐ͏
͔ʁ

View Slide

ͱ͍͏͜ͱͰɺࠓ·Ͱ؅ཧπʔϧΛ
ࢼ͢͜ͱΛͤͣɺͱΓ͋͑ͣͰ࡞ͬͨ
Bash ͷԶԶσϓϩΠπʔϧΛ࡞ͬͯ
؅ཧ(σϓϩΠ)͍ͯ͠·͕͢...

View Slide

ԶԶσϓϩΠπʔϧͷݶք
• ൚༻తʹ࡞Ε͍ͯͳ͍ͷͰɺLambda Function ຖʹγΣϧεΫϦ
ϓτΛ༻ҙ͠ͳ͚Ε͹...
• ࣗ෼Ҏ֎ͷϝϯόʔʹ΋࿔ͬͯ΋Β͏͜ͱ΋૝ఆ͠ͳ͚Ε͹͍
͚ͳ͍...
• ͦ΋ͦ΋ɺႈ౳ੑ͕৺഑(ႈ౳ੑΛ୲อ͠Α͏ͱ͢Δͱπʔϧͷ
ίʔυྔ΋૿͑Δ)

View Slide

ͱ͍͏͜ͱͰ...

View Slide

Ansible Ͱ
Lambda Λૢ࡞ͯ͠Έͨ
ʙಋೖʙ

View Slide

Ansible for AWS
• AWS ϞδϡʔϧͰ AWS ͷ֤छϦιʔεΛૢ࡞͢Δ͜ͱ͕ग़དྷΔ
• Ansible 2.2 Ͱ 80 छྨҎ্ͷϞδϡʔϧ͕༻ҙ͞Ε͍ͯΔ
• EC2 ͸౰વͷ͜ͱͳ͕ΒɺS3 ΍ Lambda ΍ IAM ΋ૢ࡞Մೳʂ

View Slide

AWS Ϟδϡʔϧͷ࢝Ίํ
ඞཁͳ΋ͷ͸ҎԼͷ௨ΓͰ͢.
• AWS SDK for Python(boto)
• AWS API Λૢ࡞ग़དྷΔ IAM Ϣʔβʔ༻ͷΞΫηεΩʔͱγʔΫ
ϨοτΞΫηεΩʔ΋͘͠͸ IAM Role

View Slide

Playbook ͷ࣮ߦྫ(1)
؀ڥม਺ AWS_ACCESS_KEY_ID ʹೝূ৘ใΛಥͬࠐΉύλʔϯ.
export AWS_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
export AWS_SECRET_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxxxxxxxxxx
export AWS_REGION=ap-northeast-1
ansible-playbook sample-playbook.yml
Playbook ࣗମʹೝূํ๏ΛຒΊࠐΉํ๏΋͋Γ·͕͢ɺඇਪ঑ͩ
ͱࢥ͍ͬͯ·͢.

View Slide

Playbook ͷ࣮ߦྫ(2)
ม਺ʹ AWS_PROFILE ʹ Shared Credentials File ʹهࡌ͞Εͨ Profile
໊Λࢦఆ͢Δύλʔϯ.
AWS_PROFILE=your-proﬁle \
AWS_REGION=ap-northeast-1 \
ansible-playbook sample-playbook.yml
ద੾ͳݖݶ͕෇༩͞Εͨ IAM Role ͕෇͍ͨ EC2 ͔Β࣮ߦ͢Δ৔߹
ʹ͸ɺ؀ڥม਺౳ʹࢦఆ͢Δඞཁ͸͋Γ·ͤΜ.

View Slide

Playbook ͷྫ
Lambda Function ࡞੒͢Δ Playbook ͷൈਮͰ͢.
- name: Create lambda function
lambda:
name: '{{ lambda_name }}'
zip_ﬁle: '{{ function_dir }}/lambda.zip'
handler: lambda_function.lambda_handler
runtime: python2.7
role: '{{ role_arn }}'
timeout: '{{ lambda_timeout }}'
when: not ansible_check_mode

View Slide

Ansible Ͱ
Lambda Λૢ࡞ͯ͠Έͨ
ʙ࣮૷ʙ

View Slide

ײँ
໨Ұഋࢀߟʹͤͯ͞௖͖·ͨ͠.

View Slide

sample
Playbook ΍ Lambda Function ͸ҎԼʹΞοϓ͍ͯ͠·͢.
• https:/
/github.com/inokappa/ansible-sample-prj-lambda

View Slide

Lambda Λಈ͔͢·Ͱͷ todo(࠶ܝ)
1. ؔ࿈ύοέʔδΛ४උ
2. ΞϓϦέʔγϣϯͱؔ࿈ύοέʔδΛ zip ͰݻΊΔ
3. IAM Role ͷ࡞੒(ॳճͷΈ)
4. Lambda Function ͷ࡞੒(ॳճͷΈ)
5. zip ϑΝΠϧΛΞοϓϩʔυ
6. Πϕϯτ༻ͷݖݶΛ෇༩(ॳճͷΈɺඞཁͰ͋Ε͹)

View Slide

Role ͰͦΕͧΕΛ෼ׂ
ग़དྷΔ͚ͩ൚༻తʹ͔ͨͬͨ͠ͷͰɺRole Ͱ෼ׂͯ͠Έ·ͨ͠ɻ
$ tree roles
roles
!"" cloudwatch_event
# $"" tasks
# $"" main.yml
!"" iam
# $"" tasks
# $"" main.yml
$"" lambda
$"" tasks
$"" main.yml
6 directories, 3 ﬁles

View Slide

Role Ͱར༻͢Δม਺Λ Playbook ʹ
- hosts: 127.0.0.1
connection: localhost
roles:
- iam
- lambda
- cloudwatch_event
vars:
function_dir: '/path/to/sample'
function_handler_name: 'sample.sample_handler'
...
cloudwatch_event_schedule_expression: cron(* * * * ? *)
͜ͷ Playbook ͸ Lambda Function ຖʹ༻ҙ͢Δ͜ͱʹͳΓ·͢.

View Slide

IAM Role ͷ Policy ͸ JSON Ͱ؅ཧ !
- name: Create role
iam_role:
name: '{{ iam_role_name }}'
assume_role_policy_document: "{{ lookup( 'file' , iam_role_policy_file ) }}"
state: present
- name: Attatch policy
iam_policy:
iam_type: role
iam_name: '{{ iam_role_name }}'
state: present
policy_name: '{{ iam_policy_name }}'
policy_json: "{{ lookup( 'file', iam_policy_file) }}"

View Slide

Ϟδϡʔϧ͕... !
• Facts Ϟδϡʔϧͷग़ྗΛղੳ͢Δͷ͕໘౗...
• ϞδϡʔϧʹΑͬͯग़ྗϑΥʔϚοτ͕ҧ͏ͷ΋πϥΠ
• Lambda Function ΍ IAM Role ͷ ARN ͚ͩΛऔಘ͢ΔϞδϡʔϧ
͕ແ͔ͬͨͷͰࣗ࡞
• Lambda Function Λ࡞ΔϞδϡʔϧ͕ݹ͔ͬͨ...(Function ͷߋ৽
͕ग़དྷͳ͔ͬͨ)

View Slide

Demo
ࢀߟʹͤͯ͞௖͍ͨ Qiita هࣄΛਅࣅͯɺCloudWatch Event Ͱఆظ
తʹ࣮ߦ͢Δ Lambda Function ΛσϓϩΠͯ͠Έ͍ͨͱࢥ͍·͢.
AWS_PROFILE=xxxxxxxx \
AWS_REGION=ap-northeast-1 \
ansible-playbook demo.yml

View Slide

·ͱΊ

View Slide

Ansible Ͱ Lambda Λ؅ཧ͢Δ !
• Ansible ͷૢ࡞ײͦͷ··Ͱૢ࡞Մೳ
• Lambda ͷߏ੒Λ YAML Ͱ؅ཧ͢Δ͜ͱ͕ग़དྷΔ
• ԶԶ؅ཧπʔϧΑΓ΋യવͱͨ҆͠৺ײ͕͋Δ
• ଞͷ؅ཧπʔϧͱ͘Β΂ͯͲ͏ͳΜͩΖ...

View Slide

Ansible Ͱ Lambda Λ؅ཧ͢Δࡍͷ !
• Ϟδϡʔϧ͕αϙʔτ͍ͯ͠ͳ͍ AWS Ϧιʔε͕͋Δ
• ԶԶϞδϡʔϧ΍ AWS CLI Ͱิ͏ඞཁ͕͋Δ
• ൚༻తʹ͠Α͏ͱ͢Ε͹͢Δఔ໘౗͍͘͞
• ສೳͰ͸ແ͍
• ग़དྷͳ͍ͱ͜Ζ͸ɺग़དྷΔٕज़ͰͳΜͱ͔͢Δ͔͠ͳ͍

View Slide

ࢀߟ
• http:/
/www.shoeisha.co.jp/book/detail/9784798149943 !
• http:/
/qiita.com/kikusumk3/items/119bfb2da854c2b83791 !

View Slide

͓ΘΓ

View Slide

Ansible と AWS Lambda/cirasu_ansible_tettei_nyumon_1

Ansible と AWS Lambda/cirasu_ansible_tettei_nyumon_1

Yohei Kawahara

More Decks by Yohei Kawahara

Featured

Transcript