Configuration Managementツールのポリシー定義用中間言語に関する考察/Considerations about an intermediate language of configuration management tools

Transcript

1. Configuration Management πʔϧͷϙϦγʔఆٛ༻ தؒݴޠʹؔ͢Δߟ࡯ ୈ7ճWebSystemArchitectureݚڀձ 2020/11/13 1

2. ݚڀͷഎܠ • Ϛωʔδυͳίϯςφ࣮ߦ؀ڥͷීٴʹΑͬͯConfiguration Management ͷ͋Γํ͕มΘ͖ͬͯͨ • ϞόΠϧίϯϐϡʔςΟϯάɺΤοδίϯϐϡʔςΟϯάͷීٴʹΑͬͯߋ ʹ͋Γํ͕มΘΔͷͰ͸ • 2012೥ϦϦʔεͷAnsibleҎ߱͜Εͱ͍ͬͨπʔϧ͕ग़͖͍ͯͯͳ͍

   • Configuration ManagementΛҰ͔Βݟ௚͠ࠓޙͷ͋Δ΂͖࢟Λݕ౼͍ͨ͠ • ͦͯ͠ΑΓྑ͍πʔϧΛ։ൃ͍ͨ͠ ୈ7ճWebSystemArchitectureݚڀձ 2020/11/13 2

3. Configuration Management • BurgessΒ1ʹΑΔͱɺConfiguration Managementͱ͸ʮ༧ Ίఆٛ͞ΕͨϙϦγʔͱΨΠυϥΠϯʹै͍ɺࣄલʹܾΊΒ ΕͨϏδωε্ͷ໨తΛୡ੒͢ΔΑ͏ɺωοτϫʔΫ઀ଓ͞ ΕͨϚγϯͷৼΔ෣͍Λ੍ޚ͢ΔϓϩηεʯͰ͋Δ 1 Burgess,

   Mark, and Alva L. Couch. 2006. “Modeling Next Generation Configuration Management Tools.” In LISA, 131–47. static.usenix.org. (PDF) ୈ7ճWebSystemArchitectureݚڀձ 2020/11/13 3

4. Configuration Managementπʔϧ • Configuration ManagementΛߦ͏ͨΊͷιϑτ΢ΣΞ • Ҏ߱CMTͱུ͠·͢ • ୅දతͳ΋ͷʹCFEngine2, Puppet3,

   Chef4, Ansible5ͳͲ͕͋ Δ 5 Ansible is Simple IT Automation 4 Chef: Enabling the Coded Enterprise through Infrastructure, Security and Application Automation 3 Powerful infrastructure automation and delivery | Puppet 2 CFEngine ୈ7ճWebSystemArchitectureݚڀձ 2020/11/13 4

5. CMTʹڞ௨ͷ໾ׂ • ωοτϫʔΫ઀ଓ͞ΕͨϚγϯͷϙϦγʔͷఆٛ • ఆٛ͞ΕͨϙϦγʔʹجͮ͘ৼΔ෣͍ͷ੍ޚ ୈ7ճWebSystemArchitectureݚڀձ 2020/11/13 5

6. CMTͰͷϙϦγʔఆٛͱৼΔ෣੍͍ޚͷྫ ϙϦγʔఆٛ package 'nginx' do action :install end service 'nginx'

   do action [:enable, :start] end ৼΔ෣੍͍ޚ $ chef-apply nginx.rb ୈ7ճWebSystemArchitectureݚڀձ 2020/11/13 6

7. ϙϦγʔఆٛͱݴޠ • ϙϦγʔఆٛ͸ԿΒ͔ͷݴޠʹΑͬͯߦ͏ • ϙϦγʔఆٛ༻ݴޠͱ࣮૷ݴޠͷࠞಉʹ஫ҙ͕ඞཁ • CMTʹ࠾༻͞Ε͍ͯΔϙϦγʔఆٛ༻ݴޠ͸େผ͢Δͱ3ͭ • ಠࣗݴޠ •

   YAML6ͷΑ͏ͳ؆қݴޠ • ϓϩάϥϛϯάݴޠ 6 The Official YAML Web Site ୈ7ճWebSystemArchitectureݚڀձ 2020/11/13 7

8. CMTͰ޷·ΕΔݴޠ • YAML͕࠷΋ਓؾ͕͋Δ • CMTͰ͸YAMLΛ࠾༻ͨ͠Ansible͕ਓؾ • CMTҎ֎Ͱ΋Kubernetes7͕YAMLΛ࠾༻ • ਓؾͷཧ༝ •

   CMTͷैདྷͷར༻ऀͰ͋ͬͨγεςϜ؅ཧऀʹϓϩάϥϛϯάΛߦΘͳ͍ਓ͕ଟ͍ • ࢓༷͕খ͘͞ɺม਺΍ϩδοΫ͕ͳ͍ͨΊɺ֮͑΍͘͢هड़͕؆ܿͰϝϯςφϯε ͠΍͍͢ʢͱࢥΘΕ͍ͯΔʣ 7 Kubernetes ୈ7ճWebSystemArchitectureݚڀձ 2020/11/13 8

9. CMT༻ݴޠͷมભ • ݩʑ͸ಠࣗݴޠ͕ओྲྀʢCFEngine, Puppet) • Ϋϥ΢υͷීٴͰɺγεςϜ؅ཧऀҎ֎΋αʔόʔΠϯϑϥΛ৮ ΔΑ͏ʹͳͬͨ • ͜ͷΑ͏ͳਓୡ͸ɺ؆қݴޠΑΓ΋׳Ε਌͠ΜͩݴޠΛ޷Ή (Chefਓؾ͸͜ͷྲྀΕ)

   • SaltStack8, AnsibleͰYAMLΛ࠾༻ 8 Home | SaltStack ୈ7ճWebSystemArchitectureݚڀձ 2020/11/13 9

10. CMTҎ֎ͷIaC9πʔϧͷݴޠมભ • Terraform10͸ಠࣗݴޠɺCloudFormation11͸JSON/YAML • ͦͷޙϓϩάϥϛϯάݴޠ࠾༻ͷྲྀΕ • Pulumi12, CDK13ͳͲ • Kubernetes΋͜ͷྲྀΕ

    • Kubernetes with Pulumi14, CDK for Kubernetes(cdk8s)15ͳͲ 15 CDK for Kubernetes ͷ͝঺հ | Amazon Web Services ϒϩά 14 Kubernetes with Pulumi | Pulumi 13 AWS Ϋϥ΢υ։ൃΩοτ – ΞϚκϯ ΢Σϒ αʔϏε 12 Pulumi - Modern Infrastructure as Code 11 AWS CloudFormationʢςϯϓϨʔτΛ࢖ͬͨϦιʔεͷϞσϧԽͱ؅ཧʣ| AWS 10 Terraform by HashiCorp 9 Infrastructure as Codeͷུ ୈ7ճWebSystemArchitectureݚڀձ 2020/11/13 10

11. CMT/IaC༻ϙϦγʔهड़ݴޠͷมભ • ಠࣗݴޠ → ϓϩάϥϛϯάݴޠ → YAML → ϓϩάϥϛϯά ݴޠɺͱ͍ͬͨมભ͕ݟ͑Δ

    • Ͳͷݴޠ͕࠷ద͔͸ɺར༻͢Δਓ΍ͦͷਓ͕ଐ͢Δ૊৫ͷঢ় گɺར༻ऀͷεΩϧɺ޷Έɺͦͷ࣌ͷपลٕज़΍ϕετϓϥ ΫςΟεͳͲʹґଘ͢Δ • ͕ͨͬͯ͠Ͳͷݴޠ͕CMTʹ࠷ద͔͸Ұ֓ʹ͸ݴ͑ͳ͍ ୈ7ճWebSystemArchitectureݚڀձ 2020/11/13 11

12. ৼΔ෣੍͍ޚख๏ͷมભ • ݴޠಉ༷ɺৼΔ෣੍͍ޚ΋༷ʑͳख๏͕͋Δ • αʔόʔ/ΤʔδΣϯτܕ • ελϯυΞϩʔϯܕ • ΤʔδΣϯτϨεܕ •

    ݩʑɺCFEngine, Puppet, Chef͸αʔόʔ/ΤʔδΣϯτܕ • ελϯυΞϩʔϯͰ΋ར༻Մ • ͦͷޙग़͖ͯͨAnsible͸ΤʔδΣϯτϨεܕ • AnsibleͷӨڹ͔ɺMasterless Chef/Puppetͱ͍͏ϫʔυ͕ThoughtWorks Technology Radarʹొ৔16 16 Masterless Chef/Puppet | Technology Radar | ThoughtWorks ୈ7ճWebSystemArchitectureݚڀձ 2020/11/13 12

13. CMTʹ࠷దͳৼΔ෣੍͍ޚख๏ • ͦΕͧΕʹϝϦοτ/σϝϦοτ͕͋ΔͷͰɺͲΕ͕࠷ద͔͸ ݴޠಉ༷Ұ֓ʹ͸ݴ͑ͳ͍ • ϞόΠϧίϯϐϡʔςΟϯά΍ΤοδίϯϐϡʔςΟϯάͷ ීٴʹ൐͍ɺ͜ͷลΓ΋มΘ͍͖ͬͯͦ͏ ୈ7ճWebSystemArchitectureݚڀձ 2020/11/13 13

14. ଟ༷ͳϙϦγʔఆٛݴޠͱৼΔ෣੍͍ޚख๏΁ͷରԠͷඞཁੑ • ϙϦγʔఆٛ༻ݴޠ΋ৼΔ෣੍͍ޚख๏΋ɺ৚݅ʹΑΓ࠷ద ͳ΋ͷ͕ҟͳΔ • ͳͷͰɺ།Ұͷ࠷దͳCMTΛߟ͑ΔͷͰ͸ͳ͘ɺ༷ʑͳݴޠ ΍ৼΔ෣੍͍ޚ΁ରԠ͠΍͍͢CMTͱ͍͏΋ͷΛߟ͑Δ • طଘͷCMT͸ݴޠͱৼΔ෣੍͍ޚ͕ີ݁߹͍ͯ͠ΔͨΊɺݴ ޠͷΈɺ͋Δ͍͸ৼΔ෣੍͍ޚͷΈࠩ͠ସ͑Δɺͱ͍ͬͨ͜

    ͱ͕΍Γʹ͍͘ ୈ7ճWebSystemArchitectureݚڀձ 2020/11/13 14

15. ϙϦγʔఆٛ༻ݴޠͱৼΔ෣੍͍ޚ࣮૷ͷ෼཭ • ϙϦγʔఆٛ༻ݴޠͱৼΔ෣੍͍ޚ࣮૷͕ີ݁߹͍ͯ͠Δ ͱɺ෦෼తʹ࠶ར༻Ͱ͖ͳ͍ͨΊɺ։ൃʹແବ͕ੜ͡Δ • ଟ༷ͳϙϦγʔఆٛ༻ݴޠͱৼΔ෣੍͍ޚख๏ʹରԠͭͭ͠ ΋ɺ։ൃίετΛ཈͑ΔͨΊʹɺϙϦγʔఆٛ༻ݴޠͱৼΔ ෣੍͍ޚͷ࣮૷Λ෼཭͢Δ͜ͱΛఏҊ͢Δ • ఏҊํࣜ͸LLVM17ʹண૝Λಘͨ3૚ߏ଄ΛͱΔ

    17 The LLVM Compiler Infrastructure Project ୈ7ճWebSystemArchitectureݚڀձ 2020/11/13 15

16. LLVMͷΞʔΩςΫνϟ ୈ7ճWebSystemArchitectureݚڀձ 2020/11/13 16

17. 3૚ߏ଄CMTΞʔΩςΫνϟ ୈ7ճWebSystemArchitectureݚڀձ 2020/11/13 17

18. 3૚ΞʔΩςΫνϟͷΩʔͱͳΔதؒݴޠ • ֤छϙϦγʔఆٛ༻ݴޠͱNର1ͰରԠ͢Δ΋ͷͰ͋ΔͷͰɺ தؒݴޠࣗ਎΋ϙϦγʔఆٛ༻ݴޠͰ͋Δ • ͱ͍͏͜ͱ͸ɺ͜ͷதؒݴޠ͕͋Δҙຯ࠷దͳϙϦγʔఆٛ ༻ݴޠɺͱ͍͑Δ͔΋͠Εͳ͍ • தؒݴޠͱͯ͠࠷దͳϙϦγʔఆٛ༻ݴޠͱ͸ͲΜͳ΋ͷ ͔ʁʹ͍ͭͯ͸ݱࡏߟ࡯த

    ୈ7ճWebSystemArchitectureݚڀձ 2020/11/13 18

19. ࠓޙͷݚڀͷਐΊํ • ·ͣ͸ݴޠΑΓ΋Configuration Managementશൠʹ͍ͭͯϦαʔνΛ͔ͬ͠Γߦ͍͍ͨ • ಛʹɺMark Burgessࢯ΍Alva CouchࢯΒ͕90೥୅͔ΒConfiguration Managementؔ࿈ ͷ࿦จΛग़͍ͯ͠ΔͷͰɺ·ͣ͸͔ͦ͜Β

    • CMT༻ݴޠʹؔͯ͠͸ɺઌߦݚڀ͕͍͔ͭ͋͘Δ18 19͕ɺConfiguration Managementͱ ͸ผͷྖҬ͔Β΋Ϧαʔνͨ͠ํ͕ྑͦ͞͏ 19 Ngoupé, Éric Lunaud, Clément Parisot, Sylvan Stoesel, Petko Valtchev, Roger Villemaire, Omar Cherkaoui, Pierre Boucher, and Sylvain Hallé. 2017. “A Declarative Approach to Network Device Configuration Correctness.” Journal of Network and Systems Management 25 (1): 180–209. 18 Delaet, Thomas, and Wouter Joosen. 2007. “PoDIM: A Language for High-Level Configuration Management.” In Proceedings of the 21st Large Installation System Administration Conference (USENIX LISA’07), 261–73. Usenix Association. ୈ7ճWebSystemArchitectureݚڀձ 2020/11/13 19