Slide 1
Slide 1 text
ίʔυԽͰτΠϧ໓
2021/10/01
Technology&Design Department
Slide 2
Slide 2 text
Speaker
SRE Team(Engineering Section)ɹ
ओʹAWS৮Γͳ͕ΒΠϯϑϥߏஙπʔϧ࡞
࠷ۙࢠڙ͕า͖ճΓग़ͨ͠ӨڹͰࣗͷӡಈෆ
͕গͣͭ͠ղফ͍ͯ͠ΔΑ͏ͳؾ͕ɻɻɻ
Slide 3
Slide 3 text
Έͳ͞ΜτΠϧ(खಈɾ܁Γฦ͠࡞ۀ)
ʹ
·͞Ε͍ͯ·ͤΜ͔ʁ
Slide 4
Slide 4 text
ாථग़ྗ
ϝʔϧૹ৴
ظݶཧ
ूܭ࡞ۀ
υΩϡϝϯ
τ࡞
ੳ
άϥϑԽ
FUDʜ
Slide 5
Slide 5 text
ࠓճΠϯϑϥߏஙͱ
σϓϩΠϑϩʔΛίʔυԽͯ͠
τΠϧΛ໓͓ͨ͠
Slide 6
Slide 6 text
֓ཁ
Slide 7
Slide 7 text
τΠϧͱ
ࠓճLPڥߏங࣌ʹίʔυԽ
“ʮτΠϧͱɺख࡞ۀɺ܁Γฦ͞ΕΔɺࣗಈԽ͕Մೳɺ
ઓज़తɺظతͳՁ͕ͳ͍ɺαʔϏεͷʹൺྫͯ͠
૿Ճ͢Δɺͱ͍ͬͨಛΛ࣋ͭ࡞ۀͰ͢ɻʯ”
–ʰSite Reliability Engineeringʱͷୈ 5 ষΑΓ
Slide 8
Slide 8 text
ࠓճͷLPͷ֓ཁʹ͍ͭͯ
LPʹϝʔϧϑΥʔϜػೳΛΈࠐΜͩߏ
1. LP͔Β͓͍߹ΘͤϑΥʔϜೖྗޙૹ৴
2. DBʹॻ͖ࠐΉ
3. ཧऀଆɺϢʔβʔଆʹϝʔϧૹ৴
4. όοΫΞοϓͱͯ͠εϓϨουγʔτʹॻ͖ग़͢
ϝʔϧϑΥʔϜػೳʹؔͯ͠ผLPߏங࣌ʹ࡞ͨ͠
ͷΛྲྀ༻
όοΫΤϯυAWS SAMͰཧ
Slide 9
Slide 9 text
ࠓճͷτΠϧ
1.ϑϩϯτଆͷΠϯϑϥߏங
ɹTerraformʹΑΓίʔυԽͯ͠ߏங
2.ίϯςϯπߋ৽
ɹGitHub ActionsʹΑΓίʔυԽͯ͠σϓϩΠ
Slide 10
Slide 10 text
ݱঢ়ͷγεςϜߏ
Slide 11
Slide 11 text
ࠓճͷγεςϜߏ
Slide 12
Slide 12 text
࣮ࡍʹͬͯΈͨ
Slide 13
Slide 13 text
1.ϑϩϯτଆͷΠϯϑϥߏங
ʢTerraformฤʣ
Slide 14
Slide 14 text
Terraformͱ
IaCΛ࣮ݱ͢ΔπʔϧͷҰͭͰΠϯϑϥϦιʔε
ͷߏཧ
HCL(HashiCorp Configuration Language)ͱҰ෦
jsonͰهड़
StateϑΝΠϧʹݱঢ়ͷߏΛอ࣋ͯ͠ίʔυͷ
ࠩΛݟͳ͕ΒϦιʔε࡞ɾߋ৽ɾআΛߦ͏
Slide 15
Slide 15 text
ߏ&࣮ߦ
# tfϑΝΠϧͷ༰ΛϦϞʔτʹө
$ Terraform apply
.
"## environments
$## sample
"## backend.tf # stateϑΝΠϧͷڞ༗ઃఆ
"## cloudfront.tf
"## config.tf # providerΫϨσϯγϟϧͷઃఆใ
"## iam.tf
"## route53.tf
"## s3.tf
"## terraform.tfvars # มͷ
$## variables.tf # มͷએݴ
Slide 16
Slide 16 text
ϑϩϯτଆͷΠϯϑϥߏங
खॱॻ࡞
4όέοτ࡞
$MPVE'SPOUߏங
3PVUFʹΑΓϧʔςΟϯά
UGϑΝΠϧ࡞
ࠓճ
• ݮʢ4h1hʣ
• ΦϖϛεΛ͙
• ଐਓԽΛ͙
• मਖ਼ผڥߏங༰қ
ݱঢ় ࠓճ
ϑϩʔ
5FSSBGPSN࣮ߦ
Slide 17
Slide 17 text
2.ίϯςϯπߋ৽
ʢGitHub Actionsฤʣ
Slide 18
Slide 18 text
GitHub Actionsͱ
GithubͷϦϙδτϦͷதʹΈࠐΊΔCI/CD
αʔϏε
ΠϕϯτۦಈͰίʔυΛϏϧυɺςε
τɺσϓϩΠՄೳ
ϫʔΫϑϩʔͱ͍͏୯ҐͰߏ͞ΕYAMLϑΝ
ΠϧͰ࡞
Slide 19
Slide 19 text
ߏ&࣮ߦʢҰ෦ൈਮʣ
on:
workflow_dispatch: # Ϙλϯ࣮ߦ
jobs:
deploy:
runs-on: ubuntu-latest
steps: # ࣮ߦ͢ΔॲཧΛهड़
- name: Checkout # νΣοΫΞτ
uses: actions/checkout@v2 # ΞΫγϣϯʢॲཧͷ͔ͨ·Γʣ࣮ߦ
- name: S3 Sync for root # S3Ξοϓϩʔυ
uses: jakejarvis/s3-sync-action@be0c4ab89158cac4278689ebedd8407dd5f35a83
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Invalidate CloudFront # CloudFrontΩϟογϡΫϦΞ
ɹɹɹɹuses: chetan/invalidate-cloudfront-
action@00d50031f6b55bac485c63d8789c6c346645d1a5
Slide 20
Slide 20 text
ίϯςϯπߋ৽
ιʔείʔυͷ࠷৽ΛQVMM
"84ίϯιʔϧϩάΠϯ
4̏Ξοϓϩʔυ
$MPVE'SPOU
ΩϟογϡΫϦΞ
(JU)VC"DUJPOT࣮ߦ
ࠓճ
• ݮʢ10min1minʣ
• ΦϖϛεΛ͙
• ଐਓԽΛ͙
• ಉ༷ͳϑϩʔͷ߹ɺྲྀ༻
͍͢͠
ݱঢ় ࠓճ
ϑϩʔ
:BNMϑΝΠϧ࡞
ʢॳճͷΈʣ
Slide 21
Slide 21 text
·ͱΊ
Slide 22
Slide 22 text
·ͱΊ
ίϯςϯπɾυϝΠϯɾAWSΞΧϯτ͑͋͞Ε
ྨࣅαʔϏεߏங࣌ૉૣ্ཱͪ͛͘Մೳͱͳͬͨ
मਖ਼܁Γฦ͠࡞ۀʹݮͷޮՌ͕ߴ·Δ
ΦϖϛεଐਓԽΛ͙͜ͱܨ͛ΒΕΔ
࠷ॳͷίʔυԽʹ࣌ؒΛཁ͢Δ
Slide 23
Slide 23 text
͋ͳͨτΠϧΛ໓ͯ͠
ࣗ༝ͳ࣌ؒΛੜΈग़ͯ͠Έͯ
͍͔͕Ͱ͠ΐ͏͔ʁ
Slide 24
Slide 24 text
Thanks