Slide 1
Slide 1 text
Axion meets HashiCorp
@atty303 / AdTech Core Development Group
© 2016 CyberAgent, Inc. 1
Slide 2
Slide 2 text
ࣗݾհ
Ѩ ߞ࢘
4 2016-02 ʙ ج൫։ൃάϧʔϓ
© 2016 CyberAgent, Inc. 2
Slide 3
Slide 3 text
Agenda
4 Consul : Service Discovery
4 Nomad : Container Scheduling
4 Terraform : Infrastructure as a Code
© 2016 CyberAgent, Inc. 3
Slide 4
Slide 4 text
Axion Overview
© 2016 CyberAgent, Inc. 4
Slide 5
Slide 5 text
What's Axion ?
4 ͚ࣾ(ϚΠΫϩ)αʔϏε
4 σʔλϕʔεͷΑ͏ͳͷ
4 ൺֱతߴ͍ࢀরස (10k ops/s ~)
4 εϥΠυͷ IP ݻ༗໊ࢺͳͲμϛʔͰ͢
© 2016 CyberAgent, Inc. 5
Slide 6
Slide 6 text
Axion ։ൃʹ͓͚Δ
ٕज़తઓ
© 2016 CyberAgent, Inc. 6
Slide 7
Slide 7 text
Docker ͱ
͖߹͏!
(AWS/GCP ʹཔΒͣ)
© 2016 CyberAgent, Inc. 7
Slide 8
Slide 8 text
Docker - Technology Radar
4 Technology Radar
2016-04 1 Ͱ ADOPT(࠾
༻ͤΑ)
4 ADOPT = ͜ͷτϨϯυ
ʹࠓ͙͢Δ͖
1 https://www.thoughtworks.com/radar/tools/
docker
© 2016 CyberAgent, Inc. 8
Slide 9
Slide 9 text
Docker ͱ͖߹͏ͨΊʹ…
Nomad ΫϥελʹΞϓϦΛσϓϩΠͯ͠ɺ
σϓϩΠͨ͠ΞϓϦͷΤϯυϙΠϯτཧʹ
Consul ͕ඞཁͰɺ͜ΕΒͷڥߏஙΛ
Terraform ʹΒͤΑ͏ɻ
© 2016 CyberAgent, Inc. 9
Slide 10
Slide 10 text
Consul
Service Discovery
© 2016 CyberAgent, Inc. 10
Slide 11
Slide 11 text
What's Consul ?
4 Service ͷཧͱݕࡧ
4 Key-Value Storage
4 ߴ͍Մ༻ੑΛඋ͑ͨࢄγεςϜ
© 2016 CyberAgent, Inc. 11
Slide 12
Slide 12 text
Technology Radar
4 Technology Radar
2016-04 2 Ͱ ADOPT(࠾
༻ͤΑ)
4 ADOPT = ͜ͷτϨϯυ
ʹࠓ͙͢Δ͖
2 https://www.thoughtworks.com/radar/tools/
consul
© 2016 CyberAgent, Inc. 12
Slide 13
Slide 13 text
Service Discovery
ωοτϫʔΫΛ௨ͯ͠ػೳΛఏڙ͢Δ Service Λ
ൃݟ͢Δػߏ
4 Service ͷྫ: api, mysql, kafka
4 Service ͷϝϯόʔ IP:PORT ͷϦετ
4 ϔϧενΣοΫͰϝϯόʔͷࢮ׆ࢹ
4 HTTP ͱ DNS Ͱ͍߹Θ͕ͤͰ͖Δ
© 2016 CyberAgent, Inc. 13
Slide 14
Slide 14 text
DNS Ͱ A Ϩίʔυ͍߹Θͤ
$ dig @127.0.0.1 -p 8600 kafka.service.consul
;; QUESTION SECTION:
;kafka.service.consul. IN A
;; ANSWER SECTION:
kafka.service.consul. 0 IN A 192.168.0.21
kafka.service.consul. 0 IN A 192.168.0.20
kafka.service.consul. 0 IN A 192.168.0.19
© 2016 CyberAgent, Inc. 14
Slide 15
Slide 15 text
DNS Ͱ A Ϩίʔυ͍߹Θͤ
4 Consul agent Λ DNS αʔόʹࢦఆ͍ͯ͠߹
Θͤ
4 *.service.consul Λղܾ͢ΔͱαʔϏεͷϝ
ϯόʔ͕ฦͬͯ͘Δ
4 ϦετͷฒͼϥϯμϜ (DNS ϥϯυϩϏϯ)
4 ϔϧενΣοΫΛ௨ͬͨੜ͖͍ͯΔϝϯόʔͩ
ؚ͚͕·ΕΔ
© 2016 CyberAgent, Inc. 15
Slide 16
Slide 16 text
DNS Ͱ SRV Ϩίʔυ͍߹Θͤ
$ dig @127.0.0.1 -p 8600 axion-api-admin.service.consul SRV
;; QUESTION SECTION:
;axion-api-admin.service.consul. IN SRV
;; ANSWER SECTION:
axion-api-admin.service.consul. 0 IN SRV 1 1 42319
acd-stg-axion-dock-y002.node.openstack-stg.consul.
axion-api-admin.service.consul. 0 IN SRV 1 1 38475
acd-stg-axion-dock-y001.node.openstack-stg.consul.
;; ADDITIONAL SECTION:
acd-stg-axion-dock-y002.node.openstack-stg.consul. 0 IN A 192.168.0.26
acd-stg-axion-dock-y001.node.openstack-stg.consul. 0 IN A 192.168.0.27
© 2016 CyberAgent, Inc. 16
Slide 17
Slide 17 text
DNS Ͱ SRV Ϩίʔυ͍߹Θͤ
4 SRV ϨίʔυͰ͋Εϙʔτ·Ͱ͔Δ
4 ϙʔτΛಈతׂΓͯ͢Δͱ͖ʹ༗༻
4 ͨͩ͠ར༻ଆͰ SRV ͷϨκϧό͕ඞཁ
4 طʹ SRV ΛಡΉ࣮͕ͳ͚Ε HTTP API
ΛಡΉ࣮Λॻ͍ͨ΄͏ָ͕͔ͱ
© 2016 CyberAgent, Inc. 17
Slide 18
Slide 18 text
HTTP Ͱͷ͍߹Θͤ
$ curl -s http://localhost:8500/v1/catalog/service/kafka | jq .
[
{
"Node": "acd-stg-axion-kafka-y001.local",
"Address": "192.168.0.19",
"ServiceID": "kafka",
"ServiceName": "kafka",
"ServiceTags": [],
"ServiceAddress": "",
"ServicePort": 9092,
"ServiceEnableTagOverride": false,
"CreateIndex": 55508,
"ModifyIndex": 151479
},
...
]
© 2016 CyberAgent, Inc. 18
Slide 19
Slide 19 text
HTTP Ͱͷ͍߹Θͤ
4 ී௨ʹ JSON Ͱฦͬͯ͘Δ
4 DNS ͱҧͬͯࢮΜͰΔϝϯόʔΛΔ͜ͱ͕
Ͱ͖Δ
© 2016 CyberAgent, Inc. 19
Slide 20
Slide 20 text
HTTP Blocking Query
4 HTTP API Ͱఏڙ͞Ε͍ͯΔσʔλͷมߋΛ
ࢹͰ͖Δ
4 DNS HTTP ΛϙʔϦϯάͤͣʹଈ࠲ʹϝϯ
όʔมߋΛݕͰ͖Δ
4 ͍ΘΏΔ Server Push (HTTP Long Polling)
4 Non-Blocking ͳ HTTP Client Ͱ͏͜ͱ
© 2016 CyberAgent, Inc. 20
Slide 21
Slide 21 text
αʔϏεͷొ
4 ઃఆϑΝΠϧͰ੩తʹొ
4 ϗετʹΠϯετʔϧ͞Ε͍ͯΔϛυϧ
ΣΞͳͲ
4 HTTP API Ͱಈతʹొ
4 ಈతʹσϓϩΠ͢ΔΞϓϦέʔγϣϯͳͲ
4 Docker registrator Nomad ͱ౷߹
© 2016 CyberAgent, Inc. 21
Slide 22
Slide 22 text
ྫ͑ Kafka Λొ͢Δ
{ "service": {
"name": "kafka-broker",
"port": 9092,
"checks": [ {
"id": "kakfa-broker",
"tcp": "localhost:9092",
"interval": "5s",
"timeout": "1s"
} ]
} }
4 Kafka ͕ಈ͍͍ͯΔϗετͰ Consul ͷઃఆϑΝΠϧʹهड़
4 tcp/9200 ΛϔϧενΣοΫ
© 2016 CyberAgent, Inc. 22
Slide 23
Slide 23 text
Docker ͱͷ࿈ܞ (registrator 3)
docker run --name=registrator -d --net=host
--restart=unless-stopped --log-driver=journald \
-v /var/run/docker.sock:/tmp/docker.sock \
gliderlabs/registrator:v6 \
-tags registrator -resync 3600 \
-ip $(curl -s http://169.254.169.254/2009-04-04/meta-data/local-ipv4) \
consul://localhost:8500
4 Docker ίϯςφΛࣗಈతʹ Consul
Service ͱͯ͠ొͯ͘͠ΕΔπʔϧ
3 https://github.com/gliderlabs/registrator
© 2016 CyberAgent, Inc. 23
Slide 24
Slide 24 text
Docker registrator
docker run --name=cadvisor -d \
--restart=unless-stopped --log-driver=journald \
--dns=192.168.168.1 --privileged=true \
-p 9101:8080 \
-e "SERVICE_NAME=cadvisor" \
-e "SERVICE_CHECK_HTTP=/" \
-e "SERVICE_CHECK_INTERVAL=30s" \
google/cadvisor:v0.22.0
4 ڥม SERVICE_* ʹ Service ͷఆٛΛॻ͍ͯίϯςφΛىಈ
4 registrator ͕ίϯςφىಈΛݕग़ͯ͠ Consul ొ
4 ίϯςφ͕ࢭ·ͬͨͱ͖ Consul ͔Βআ
© 2016 CyberAgent, Inc. 24
Slide 25
Slide 25 text
Key-Value Storage
$ curl -X PUT -d 'test' http://localhost:8500/v1/kv/web/key1
true
$ curl http://localhost:8500/v1/kv/web/key1
[ {
"CreateIndex":97,
"ModifyIndex":97,
"Key":"web/key1",
"Flags":0,
"Value":"dGVzdA=="
} ]
© 2016 CyberAgent, Inc. 25
Slide 26
Slide 26 text
Key-Value Storage
4 ֊Խ͞ΕͨΩʔͷ GET/PUT/DELETE
4 Blocking Query Ͱ watch Ͱ͖Δ͠ɺ CAS
͋Δ
4 εέʔϥϏϦςΟແ͍ͷͰҙ
4 ϗετΞϓϦͷઃఆͳͲࢀরසͷ͍
σʔλͷΈ֨ೲ
© 2016 CyberAgent, Inc. 26
Slide 27
Slide 27 text
consul-template
4 Service KVS ͷมߋΛݕͯ͠ςϯϓϨʔ
τϑΝΠϧΛߋ৽ɺίϚϯυΛ࣮ߦͯ͘͠ΕΔ
πʔϧ
4 Consul ʹରԠ͍ͯ͠ͳ͍πʔϧ/ϛυϧΣΞ
ͱ Consul ͷΪϟοϓΛຒΊΔ
© 2016 CyberAgent, Inc. 27
Slide 28
Slide 28 text
consul-template ͱ HAProxy ͷྫ
global
daemon
maxconn {{key "service/haproxy/maxconn"}}
listen mysql-slave
bind *:3306{{range service "mysql-slave"}}
server {{.Node}} {{.Address}}:{{.Port}}{{end}}
4 haproxy.conf ͷςϯϓϨʔτΛ४උ
$ consul-template -consul localhost:8500 -template \
haproxy.ctmpl:/etc/haproxy/haproxy.conf:systemctl reload haproxy
4 consul-template Λىಈ͓ͯ͘͠
© 2016 CyberAgent, Inc. 28
Slide 29
Slide 29 text
consul-template ͱ HAProxy ͷྫ
global
daemon
maxconn 128
listen mysql-slave
bind *:3306
server dbslave01 10.0.0.1:3306
server dbslave02 10.0.0.2:3306
4 Service ͷมߋΛݕͯ͠ HAProxy ͷઃఆϑΝΠ
ϧΛߋ৽ͯ͠Ϧϩʔυͯ͘͠ΕΔ
© 2016 CyberAgent, Inc. 29
Slide 30
Slide 30 text
Consul ͷΞʔΩςΫνϟ
4 Server(Master) ઐ༻ϗετΛ 3 or 5
4 ଞͷશͯͷϗετͰ Agent(Client) Λ࣮ߦ
© 2016 CyberAgent, Inc. 30
Slide 31
Slide 31 text
Axion ͱ Consul
© 2016 CyberAgent, Inc. 31
Slide 32
Slide 32 text
Consul ͱ dnsmasq
# /etc/resolv.conf
nameserver 127.0.0.1
# /etc/dnsmasq.conf
server=/consul/127.0.0.1#8600
4 શͯͷϗετͰ Consul ͱ dnsmasq Λ࣮ߦ
4 Consul ͷଘࡏΛҙࣝ͠ͳͯ͘ *.consul Λ
໊લղܾͰ͖Δ
© 2016 CyberAgent, Inc. 32
Slide 33
Slide 33 text
Service
4 શͯͷωοτϫʔΫαʔϏεΛ Consul ʹొ
© 2016 CyberAgent, Inc. 33
Slide 34
Slide 34 text
ϛυϧΣΞͷଓ
4 ΞϓϦ͔ΒͷϛυϧΣΞͷଓͰ Consul
ͷ DNS Λࢀর
// Aerospike
new com.aerospike.client.async.AsyncClient(
policy, "aerospike.service.consul", 3000)
// Kafka Consumer
kafka.consumer.bootstrap.servers = "kafka.service.consul:9092"
// ࣮ࡍ Configurable Ͱ͢
© 2016 CyberAgent, Inc. 34
Slide 35
Slide 35 text
ΫϥελϦϯάͱ Consul
4 Kafka, Aerospike, Cassandra, Redis Cluster ͷ
Α͏ͳΫϥελΛΉϛυϧΣΞͰଓઌͱͯ͠
ࢦఆ͢Δͷ ΫϥελʔͷίϯλΫτϙΠϯτ
4 ΫϥΠΞϯτੜ͖͍ͯΔϊʔυʹଓͰ͖Εɺ
͔ͦ͜ΒΫϥελʔϝϯόʔΛऔಘ͢Δ
4 Consul ͷ DNS ੜ͖͍ͯΔϝϯόʔ͚ͩฦ͢ͷ
ͰɺՄ༻ੑͷͨΊʹෳϗετΛྻڍ͢Δඞཁ͕ແ
͘ͳΔ
© 2016 CyberAgent, Inc. 35
Slide 36
Slide 36 text
axion-client
4 Axion ͷ API αʔόʹଓ͢ΔΫϥΠΞϯτϥΠϒϥϦ
4 τϥϯεϙʔτʹ Scala ͷ RPC ϥΠϒϥϦͰ͋Δ finagle Λ
ར༻
4 finagle ͕ΫϥΠΞϯταΠυͷϩʔυόϥϯαʔΛ͍࣋ͬͯ
ΔͨΊɺͦͷϝϯόʔΛ Consul ͷαʔϏεͱಉظ͢Δίʔυ
Λ࣮ͯ͠ར༻
4 Finagle Resolver ͷॻ͖ํ finagle-consul 4 Λࢀߟʹ
Blocking Query Λར༻࣮ͯ͠
4 https://github.com/kachayev/finagle-consul
© 2016 CyberAgent, Inc. 36
Slide 37
Slide 37 text
axcsync
4 Consul ͷ Service ͱ BIG-IP ͷ Pool
Member Λಉظ
4 consul-template + axc 5 + python εΫϦϓ
τͰ࣮
5 https://adtech.cyberagent.io/techblog/archives/59
© 2016 CyberAgent, Inc. 37
Slide 38
Slide 38 text
Prometheus
4 Pull ܕͷࢹγεςϜ Prometheus Λ͍ͬͯΔ
4 ࢹରΛऔಘ͢Δͷʹ Consul Service Λར༻ (૬ੑൈ܈ !)
scrape_configs:
- job_name: 'consul'
consul_sd_configs:
- server: '192.168.168.1:8500'
services:
- prometheus-pushgateway
- prometheus-node-exporter
- prometheus-consul-exporter
- prometheus-burrow
- cadvisor
- axion-api-admin
© 2016 CyberAgent, Inc. 38
Slide 39
Slide 39 text
Consul Λ࠾༻ͨ͠ཧ༝
Docker ίϯςφͷಈతஔ͢Δ߹ɺαʔϏε
ͷஔΛܾΊଧͪͰ͖ͳ͍ͷͰ Service
Discovery ػߏ͕ඞਢʹͳΔ
4 ZooKeeper ʹͳ͍ DNS ͱ HTTP ʹΑΔ؆
୯ͳΞΫηε
4 etcd ʹͳ͍ Service ͷϔϧενΣοΫ
4 HashiCorp ͱ͍͏ϒϥϯυ
© 2016 CyberAgent, Inc. 39
Slide 40
Slide 40 text
Consul ·ͱΊ
4 Service Discovery ͕͋Δ͜ͱΛલఏʹγες
ϜΛΉ͜ͱͰίϯϙʔωϯτͷґଘؔΛ៉
ྷʹදݱͰ͖Δ
4 αʔϏεͷಈతͳมԽͷରԠ͕ඇৗʹߦ͍
͍͢
4 Docker ʹؔͳ͘༗༻
© 2016 CyberAgent, Inc. 40
Slide 41
Slide 41 text
Consul ·ͱΊ
4 Consul ϋϚΓͲ͜Ζ͕ͳ͘ૉʹ͑ͨ !
4 ඞཁ࠷খݶͷγϯϓϧͳػೳηοτͰ͋Γͳ͕
ΒԠ༻ੑ͕ߴ͍
4 ಋೖͷϦεΫ͕ແ͍Α͏ʹࢥ͑Δ
4 Kubernetes ͳͲ SD Λ͍࣋ͬͯΔͷΛ͏
߹ඞཁͳ͍͔
© 2016 CyberAgent, Inc. 41
Slide 42
Slide 42 text
Nomad
Container Scheduling
© 2016 CyberAgent, Inc. 42
Slide 43
Slide 43 text
What's Nomad ?
4 Docker Ϋϥελͷཧπʔϧ
4 AWS ECS, Kubernetes, Docker Swarm,
Mesos ͱಉׂ͡
4 Ϋϥελʹίϯςφ(ΞϓϦ)Λεέδϡʔϧ
(σϓϩΠ)͢Δ
4 Consul ͱͷΠϯςάϨʔγϣϯ
© 2016 CyberAgent, Inc. 43
Slide 44
Slide 44 text
Technology Radar
4 Technology Radar 2016-04 6 Ͱ
ASSESS(ௐࠪͤΑ)
4 ASSESS = ࠓ͙͢࠾༻͖͢ͱ
ݴΘͳ͍͕ɺ͓ͯ͘͠
͖
4 ͪͳΈʹ Kubernetes
TRIAL(ࢼߦͤΑ)
4 TRIAL = ϦεΫͷ͍ϓϩδΣ
ΫτͰ࠾༻ͯ͠ΈΔ͜ͱΛਪ
͢Δ
6 https://assets.thoughtworks.com/assets/
technology-radar-apr-2016-en.pdf
© 2016 CyberAgent, Inc. 44
Slide 45
Slide 45 text
Nomad ͷΞʔΩςΫνϟ
4 Server ઐ༻ϗετΛ 3 or 5
4 Docker Ϋϥελʹ͢ΔϗετͰ Client Λ࣮ߦ
© 2016 CyberAgent, Inc. 45
Slide 46
Slide 46 text
Job ఆٛ
job "axion-api" {
type = "service" # or "batch" or "system"
group "api" {
count = 2
task "api" {
driver = "docker"
config {
image = "internal-repository/axion-api:$TAG"
port_map {
thrift = 8000
}
}
}
}
}
© 2016 CyberAgent, Inc. 46
Slide 47
Slide 47 text
ϦιʔεׂΓͯ
task "api" {
resources {
cpu = 8000 # MHz
memory = 4096 # MB
disk = 20000 # MB
network {
mbits = 100 # MBits
port "thrift" {
static = 8888
}
}
}
}
© 2016 CyberAgent, Inc. 47
Slide 48
Slide 48 text
Consul Service ొ
task "api" {
service {
name = "axion-api-thrift"
port = "thrift"
check {
type = "tcp"
interval = "2s"
timeout = "1s"
}
}
}
© 2016 CyberAgent, Inc. 48
Slide 49
Slide 49 text
Job ͷ࣮ߦ
$ nomad run axion-api.nomad
==> Monitoring evaluation "50f80881"
Evaluation triggered by job "axion-api"
Allocation "73526b78" created: node "0cc2a12f", group "api"
Evaluation status changed: "pending" -> "complete"
==> Evaluation "50f80881" finished with status "complete"
© 2016 CyberAgent, Inc. 49
Slide 50
Slide 50 text
Job ͷঢ়ଶ
$ nomad status axion-api
ID = axion-api
Name = axion-api
Type = service
Priority = 50
Datacenters = openstack-stg
Status = running
Periodic = false
==> Evaluations
ID Priority Triggered By Status
3bc903ef 50 rolling-update complete
3b772796 50 job-register complete
==> Allocations
ID Eval ID Node ID Task Group Desired Status
45f2e143 3bc903ef 7a6b1272 api run running
546a9c55 3b772796 8959a37c api run running
© 2016 CyberAgent, Inc. 50
Slide 51
Slide 51 text
ஔ(Alloc)ͷঢ়ଶ
$ nomad alloc-status 45f2e143
ID = 45f2e143
Eval ID = 3bc903ef
Name = axion-api.api[1]
Node ID = 7a6b1272
Job ID = axion-api
Client Status = running
==> Task Resources
Task: "api"
CPU Memory MB Disk MB IOPS Addresses
8000 4096 20000 0 admin: 10.4.85.27:40660
thrift: 10.4.85.27:9999
==> Task "api" is "running"
Recent Events:
Time Type Description
07/07/16 16:38:49 JST Started Task started by client
07/07/16 16:38:45 JST Received Task received by client
© 2016 CyberAgent, Inc. 51
Slide 52
Slide 52 text
ϩάͷ֬ೝ
$ nomad fs ls 45f2e143 alloc/logs
Mode Size Modfied Time Name
-rw-r--r-- 3.5 kB 07/07/16 16:38:52 JST api.stderr.0
-rw-r--r-- 4.6 kB 08/07/16 09:14:31 JST api.stdout.0
# nomad fs cat 45f2e143 alloc/logs/api.stdout.0
© 2016 CyberAgent, Inc. 52
Slide 53
Slide 53 text
શ Job ͷ֬ೝ
$ nomad status
ID Type Priority Status
axion-api service 50 running
axion-another-service service 50 running
axion-foo-batch batch 50 running
axion-foo-batch/periodic-1467924600 batch 50 dead
axion-foo-batch/periodic-1467928200 batch 50 dead
axion-foo-batch/periodic-1467931800 batch 50 dead
axion-foo-batch/periodic-1467935400 batch 50 dead
© 2016 CyberAgent, Inc. 53
Slide 54
Slide 54 text
Axion ͱ Nomad
© 2016 CyberAgent, Inc. 54
Slide 55
Slide 55 text
λεΫͷஔ
4 Nomad Ϋϥελ 1 ͚ͭͩ
4 ͲͷϊʔυʹλεΫ͕ஔ͞ΕΔ͔͔Βͳ
͍
4 ύϑΥʔϚϯεʹහײͳ api ϊʔυΛ༗͠
͍ͨ
4 ֤छ worker όονదʹۭ͍͍ͯΔϊ
ʔυͰಈ͍ͯ͘ΕΕ͍͍
© 2016 CyberAgent, Inc. 55
Slide 56
Slide 56 text
Job constraint
constraint {
attribute = "${meta.role}"
value = "api"
}
4 Nomad ͷϊʔυʹઃఆͰ͖Δ meta มΛ
ͱʹλεΫஔΛ੍ݶ
© 2016 CyberAgent, Inc. 56
Slide 57
Slide 57 text
Nomad ͷ meta ઃఆ
4 Consul ͷ KVS ͰϊʔυʹରԠ͢ΔΩʔʹΛઃఆ͢Δͱ consul-template ͕Ԡ
ͯ͠ Nomad ͷઃఆΛม͑Δ
© 2016 CyberAgent, Inc. 57
Slide 58
Slide 58 text
Nomad Λͬͨ
Axion ͷσϓϩΠϑϩʔ
© 2016 CyberAgent, Inc. 58
Slide 59
Slide 59 text
1). Bot ʹϦϦʔε४උΛґཔ
© 2016 CyberAgent, Inc. 59
Slide 60
Slide 60 text
2). ϦϦʔε PR ͕࡞͞ΕΔ
4 master -> deployment/release ͷϚʔδ
© 2016 CyberAgent, Inc. 60
Slide 61
Slide 61 text
master ʹϚʔδ͞Εͨ PR Λऩूͯ͠Ϧετ
Խ
© 2016 CyberAgent, Inc. 61
Slide 62
Slide 62 text
֤ PR ͷ ## Release Notes ηΫγϣϯΛ
ू
© 2016 CyberAgent, Inc. 62
Slide 63
Slide 63 text
3). PR ϚʔδͰ CircleCI ͕Ϗϧυ
deployment:
release:
branch: deployment/release
commands:
- tar zcf deploy.tar.gz deploy/*
- slack-post.sh @beckyy: deploy acd-axion #$CIRCLE_BUILD_NUM
using deploy.tar.gz with deploy/deploy.sh stg
general:
artifacts:
- deploy.tar.gz
4 ϦϙδτϦͷ deploy εΫϦϓτͳͲΛ artifact
ͱͯ͠อଘ
4 Bot ͷσϓϩΠίϚϯυΛ Slack ϙετ
© 2016 CyberAgent, Inc. 63
Slide 64
Slide 64 text
4). Bot ͕ stg σϓϩΠΛ࣮ߦ
4 CircleCI ͔Β deploy artifact Λऔಘͯ͠ίϚϯυΛ࣮ߦ
© 2016 CyberAgent, Inc. 64
Slide 65
Slide 65 text
5). ୲͕ prd σϓϩΠΛࢦࣔ
4 stg Ͱͷ֬ೝͱϦϦʔεͷ߹ҙΛͱ͔ͬͯΒ࣮
ߦ
© 2016 CyberAgent, Inc. 65
Slide 66
Slide 66 text
deploy.sh
# Copy job spec to deploy server
scp -pq *.nomad centos@deploy:/home/centos/axion/$ENV/nomad
# Run new job spec on deploy server
cat <
Slide 67
Slide 67 text
Nomad Λ࠾༻ͨ͠ཧ༝
4 Kubernetes ͱ໎ͬͨ
4 Nomad / Kubernetes ͱʹ΄΅͕ࣝແ͍
ঢ়ଶ
4 طʹ Consul Λ͏͜ͱܾΊ͍ͯͨ
4 ߏ͕γϯϓϧͰػೳগͳ͍͜ͱ͔Βֶशί
ετͷͦ͏ͳ Nomad Λબ
© 2016 CyberAgent, Inc. 67
Slide 68
Slide 68 text
Nomad Ͱࠔͬͨͱ͜Ζ
4 Web UI (μογϡϘʔυ)͕ͳ͍
4 Docker ͷ Volume Λαϙʔτ͍ͯ͠ͳ͍
4 Rolling Upadte ͱϔϧενΣοΫ͕౷߹͞Ε
͍ͯͳ͍
2015-09 ͷϦϦʔε͔Β·ͩ 1 ܦ͍ͬͯͳ͍ͷ
Ͱํͳ͍໘…
© 2016 CyberAgent, Inc. 68
Slide 69
Slide 69 text
Nomad ·ͱΊ
4 খ͞ͳࣄΛ࣮֬ʹ͜ͳͯ͘͠ΕΔϠπͰ͋
Δ
4 ΞϓϦͷஔ͚ͩɺͳͲͱখ͘͞ར༻͢Δʹ
ྑ͍
4 ͓ͯͳ͠ײͳ͍
4 ے͍͍ͷͰࠓޙͷख़ʹظ
© 2016 CyberAgent, Inc. 69
Slide 70
Slide 70 text
Terraform
Infrastructure as a Code
© 2016 CyberAgent, Inc. 70
Slide 71
Slide 71 text
What's Terraform ?
4 Πϯϑϥͷ࡞ɾมߋɾόʔδϣϯཧͷͨΊ
ͷπʔϧ
4 ΠϯϑϥͷߏཁૉΛશͯίʔυͰهड़
4 ༷ʑͳϦιʔεͷཧʹରԠ
4 AWS CloudFormation OpenStack Heat
ʹ૬͢Δπʔϧ
© 2016 CyberAgent, Inc. 71
Slide 72
Slide 72 text
Technology Radar
4 Technology Rader 2015-01 7 Ͱ ASSESS
(ௐࠪͤΑ)
7 https://www.thoughtworks.com/radar/tools/terraform
© 2016 CyberAgent, Inc. 72
Slide 73
Slide 73 text
Resource Providers
Atlas / AWS / Azure (Service Management) / Azure (Resource
Manager)
Chef / CenturyLinkCloud / CloudFlare / CloudStack / Cobbler /
Consul
Datadog / DigitalOcean / DNSMadeEasy / DNSimple / Docker /
Dyn
GitHub / Fastly / Google Cloud / Heroku / InfluxDB / Librato
Mailgun / MySQL / OpenStack / Packet / PostgreSQL /
PowerDNS
Rundeck / StatusCake / SoftLayer / Template / Terraform / TLS
Triton / UltraDNS / VMware vCloud Director / VMware vSphere
© 2016 CyberAgent, Inc. 73
Slide 74
Slide 74 text
ఆٛϑΝΠϧ
resource "openstack_compute_instance_v2" "dock" {
region = "${var.region}"
name = "${format("acd-${var.env}-axion-dock-y%03d", count.index + 1)}"
count = "10"
image_name = "centos-7.2.1511"
flavor_name = "s2.medium"
security_groups = ["default"]
network {
name = "${var.network_name}"
access_network = true
}
user_data = "${template_cloudinit_config.dock_cloudinit.rendered}"
lifecycle {
ignore_changes = ["user_data"]
}
}
© 2016 CyberAgent, Inc. 74
Slide 75
Slide 75 text
terraform plan
$ terraform plan
+ module.axion.openstack_compute_instance_v2.dock.1
access_ip_v4: "" => ""
flavor_name: "" => "s2.medium"
image_name: "" => "centos-7.2.1511"
name: "" => "acd-stg-axion-dock-y001"
security_groups.#: "" => "1"
security_groups.3814588639: "" => "default"
user_data: "" => "4a068b7a5a43f31d9bd280a20a04823bbf4082d8"
© 2016 CyberAgent, Inc. 75
Slide 76
Slide 76 text
terraform apply
$ terraform apply -parallelism=1
module.axion.openstack_compute_instance_v2.dock.1: Creating...
access_ip_v4: "" => ""
flavor_name: "" => "s2.medium"
image_name: "" => "centos-7.2.1511"
name: "" => "acd-stg-axion-dock-y001"
security_groups.#: "" => "1"
security_groups.3814588639: "" => "default"
user_data: "" => "b0f6c60d289b151ef07f89fe543ee6edb46f0f1a"
module.axion.openstack_compute_instance_v2.dock.1: Still creating... (10s elapsed)
module.axion.openstack_compute_instance_v2.dock.1: Still creating... (20s elapsed)
module.axion.openstack_compute_instance_v2.dock.1: Still creating... (30s elapsed)
module.axion.openstack_compute_instance_v2.dock.1: Creation complete
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
© 2016 CyberAgent, Inc. 76
Slide 77
Slide 77 text
Axion ͱ Terraform
© 2016 CyberAgent, Inc. 77
Slide 78
Slide 78 text
ཧରʹ͍ͯ͠ΔϦιʔε
4 openstack_compute_instance_v2
4 openstack_compute_servergroup_v2
ηΩϡϦςΟάϧʔϓωοτϫʔΫ
Terraform ͷཧର֎ͱ͠ɺCIA ͕༻ҙͨ͠
ͷΛ ID ໊લͰࢀর͢ΔΑ͏ʹ͍ͯ͠ΔɻΑͬ
ͯɺεΫϥον͔Β Terraform ͚ͩͰߏஙͰ͖
ΔΘ͚Ͱͳ͍ɻ
© 2016 CyberAgent, Inc. 78
Slide 79
Slide 79 text
Terraform ઃఆͷϨΠΞτ
|-- modules
| `-- axion
| |-- main.tf | ڞ௨Ϧιʔεఆٛ
| |-- dock.tf | dock ϩʔϧఆٛ
| |-- council.tf | council ϩʔϧఆٛ
| `-- variables.tf | Ϟδϡʔϧมఆٛ
|-- dev
| |-- .envrc | OpenStack ڥม (not in repository)
| `-- main.tf | dev ڥઃఆ
|-- stg
| |-- .envrc
| `-- main.tf | stg ڥઃఆ
`-- prd
|-- .envrc
`-- main.tf | prd ڥઃఆ
ࢀߟ: https://atlas.hashicorp.com/help/intro/use-cases/multiple-
environments
© 2016 CyberAgent, Inc. 79
Slide 80
Slide 80 text
Terraform ͷ࣮ߦڥ
$ cd ~/axion/terraform
$ ls
dev modules prd stg
4 ཧαʔόʹ Terraform ϦϙδτϦΛνΣο
ΫΞτ
4 ߋ৽࣌ʹ pull ͨ͠Γ͢Δͷखಈ… !
© 2016 CyberAgent, Inc. 80
Slide 81
Slide 81 text
Terraform ͷ࣮ߦ
$ cd stg
direnv: loading .envrc
direnv: export +OS_PROJECT_NAME +OS_REGION_NAME +OS_TENANT_ID
$ terraform plan
4 ૢ࡞ରͷڥͷσΟϨΫτϦʹೖΔͱ
direnv ʹΑͬͯ OpenStack ڥม͕ઃఆ
͞ΕΔ
4 terraform ίϚϯυΛ࣮ߦखಈ… !
© 2016 CyberAgent, Inc. 81
Slide 82
Slide 82 text
OpenStack ڥม
$ cat .envrc
export OS_AUTH_URL="http://openstack.local/v2.0/"
export OS_TENANT_ID=****
export OS_TENANT_NAME=****
export OS_PROJECT_NAME=****
export OS_USERNAME=****
export OS_PASSWORD=****
export OS_REGION_NAME=****
4 OpenStack ͷ API Λୟ͘πʔϧΛ͏ͱ͖ʹඞཁͳڥม
4 OpenStack ͷ Dashboard ͔ΒςϯϓϨʔτΛμϯϩʔυ
Մೳ
© 2016 CyberAgent, Inc. 82
Slide 83
Slide 83 text
.tfstate ʹ͍ͭͯ
$ cd dev; ls -1
main.tf
terraform.tfstate <-- ͜Ε
terraform.tfstate.backup
4 ࠷ޙʹ apply ͨ͠ͱ͖ͷΠϯϑϥͷঢ়ଶΛه
4 ద༻͖͢มߋͷࠩΛܭࢉ͢ΔͨΊʹ ඞਢ
4 refresh Ͱ࣮Πϯϑϥ͔Β͋Δఔ࠶ߏஙͰ͖Δ
͕ɺखಈͰϦιʔεঢ়ଶͷ߹ੑΛऔΔඞཁ͕͋Δ
4 Terraform Λӡ༻͢Δ্ͰͷΈͲ͜Ζ
© 2016 CyberAgent, Inc. 83
Slide 84
Slide 84 text
.tfstate ͷཧ
4 ͻͱ·ͣ terraform ͷ࣮ߦΛཧαʔόʹݶ
ఆͯ͠ɺͦͷ··ϩʔΧϧσΟεΫʹஔ͍͍ͯ
Δ
4 Πϯϑϥͷมߋස͕͍ͷͰʮӡ༻Ͱ
Χόʔʯ
4 ֎෦ετϨʔδ(s3, artifactory ͳͲ)ʹஔ
͢Δ͜ͱՄೳ
© 2016 CyberAgent, Inc. 84
Slide 85
Slide 85 text
Axion ͷॳظߏங
4 ݸਓڥΛαϯυϘοΫεʹઃఆΛॻ͘
4 ͻͨ͢Β apply and destroy !
4 ͋Δఔݻ·ͬͨΒຊ൪Ϧʔδϣϯ༻ʹมͩ
͚มߋͯ͠ద༻
4 dev ڥͰ࠷ऴௐ
4 stg / prd ͷߏங apply ͢Δ͚ͩͰྃ
© 2016 CyberAgent, Inc. 85
Slide 86
Slide 86 text
Axion ͷ cloud-init
4 Πϯελϯε໊͔Β hostname ઃఆ
4 ෦ DNS ͷϨίʔυొ
4 LDAP ϩάΠϯͷηοτΞοϓ
4 chef-client ࣮ߦ
4 CIA ཧͷجຊ Cookbook ͷ࣮ߦ
4 ϛυϧΣΞͷΠϯετʔϧ
4 ϩʔϧݻ༗ͷηοτΞοϓ
4 ϛυϧΣΞ Docker ίϯςφͷىಈ
cloud-init ͚ͩͰηοτΞοϓ͕݁͢ΔΑ͏ʹ͍ͯ͠Δ
© 2016 CyberAgent, Inc. 86
Slide 87
Slide 87 text
Terraform ӡ༻ͷཧ
4 ΞϓϦͱಉ͘͡ GitHub Ͱมߋ͔ΒσϓϩΠ
·ͰͷαΠΫϧΛճ͍ͨ͠
4 PR ʹ plan ͷ݁ՌΛࣗಈతʹϙετͯ͠มߋ
ΛϨϏϡʔ
4 Ϛʔδ͢Δͱ CI ͕ͬͯมߋΛద༻
© 2016 CyberAgent, Inc. 87
Slide 88
Slide 88 text
Terraform ·ͱΊ
4 ࠓ·ͰΠϯελϯεͷ෦ Chef ͳͲͰߏཧͰ͖͍ͯͨ
͕ɺΠϯελϯεͦͷͷγΣϧεΫϦϓτΛୟ͍ͯ࡞͠
͍ͯͨ
4 Adhoc ͳૢ࡞ + ࡞ۀϩά
4 ࣗಈԽͱ͍͏จ຺Ͱ͞΄ͲखؒมΘΒͳ͍͔͠Εͳ͍
4 ΠϯϑϥΛίʔυͱͯ͠දݱ͢ΔϝϦοτ
4 ࠶ݱੑͷ୲อ
4 ҉ͷഉআ
4 ཤྺͷཧ (git log)
© 2016 CyberAgent, Inc. 88
Slide 89
Slide 89 text
Terraform ·ͱΊ
4 Terraform ͦͷͷಛʹͳ͘ѻ͑ͨ !
4 Πϯελϯε෦Λ cloud-init Ͱߏங͢Δ
ͱ͜Ζେมͩͬͨ… "
4 มߋద༻લʹ plan Λ֬ೝͰ͖Δͷྑ͍
4 ੲͷ CloudFormation dry-run ͕Ͱ͖
ͳͯ͘ා͔ͬͨ
© 2016 CyberAgent, Inc. 89
Slide 90
Slide 90 text
Terraform ·ͱΊ
4 ॳظߏஙޙͷӡ༻͕ઙ͍ͷͰࠓޙͭΒ͍͜ͱ͕͋
Δ͔͠Εͳ͍ !
4 ϓϩάϥϛϯάͱಉ͘͡ɺಡΈ͍͢ίʔυΛॻ
͘৺ֻ͚͕ඞཁ
4 Axion cloud-init ·ΘΓ͕͔ͳΓԚͳ͍…
4 શͳ Container ϕʔεͷੈքͰ͋ΕΠϯελ
ϯεཧͱͯ͠ͷ Terraform ෆཁʹͳΓͦ͏
© 2016 CyberAgent, Inc. 90
Slide 91
Slide 91 text
Axion Πϯϑϥͷ
શମ૾
© 2016 CyberAgent, Inc. 91
Slide 92
Slide 92 text
© 2016 CyberAgent, Inc. 92
Slide 93
Slide 93 text
ΦϨΑ͏͘
ͷ΅Γ͡Ίͨ
͔Γ͔ͩΒͳ
͜ͷͯ͠ͳ͘ԕ͍
Docker ࡔΛΑ…
© 2016 CyberAgent, Inc. 93