$30 off During Our Annual Pro Sale. View Details »

infra_hands_on

 infra_hands_on

Infrastructure as Codeを学ぶ、実践的ハンズオンで利用したスライドです。

Kazuhiko Yamashita

April 08, 2018
Tweet

More Decks by Kazuhiko Yamashita

Other Decks in Technology

Transcript

  1. ʙେن໛Πϯϑϥͷϊ΢ϋ΢ͱय़ͷ࠼ΓΛఴ͑ͯʙ
    QZBNB(.01FQBCP *OD
    ΠϯϑϥϋϯζΦϯ
    *OGSBTUSVDUVSFBT$PEFΛֶͿ
    ࣮ફతϋϯζΦϯ

    View Slide

  2. ϗεςΟϯάࣄۀ෦νʔϑςΫχΧϧϦʔυ

    ࢁԼ࿨඙!QZBNB

    View Slide

  3. ϖύϘ෱Ԭ

    View Slide

  4. *OGSBTUSVDUVSFBT$PEF

    View Slide

  5. *OGSBTUSVDUVSFBT$PEF
    wιϑτ΢ΣΞ։ൃͷϊ΢ϋ΢ΛΠϯϑϥ΁
    wόʔδϣϯ؅ཧ
    wςετۦಈ։ൃ
    wܧଓతΠϯςάϨʔγϣϯ
    wܧଓతσϦόϦʔ

    View Slide

  6. *OGSBTUSVDUVSFBT$PEF
    wιϑτ΢ΣΞ։ൃͷϊ΢ϋ΢ΛΠϯϑϥ΁
    wόʔδϣϯ؅ཧ
    wςετۦಈ։ൃ
    wܧଓతΠϯςάϨʔγϣϯ
    wܧଓతσϦόϦʔ

    View Slide

  7. ࣮ફతϋϯζΦϯ

    View Slide

  8. ϋϯζΦϯͷΰʔϧ
    -# -#
    1SPYZ 1SPYZ
    "QQ "QQ
    ৑௕Խ͞Εͨ8FCγεςϜΛ
    *OGSBTUSVDUVSFBT$PEFΛମײ͠ͳ͕Β
    ։ൃ͢Δ

    View Slide

  9. ϋϯζΦϯͰ࢖༻͢Δπʔϧɾϛυϧ΢ΣΞ
    ϓϩμΫτ໊ ໾ׂ
    WBHSBOU 7.Ϛωʔδϝϯτ
    JUBNBF ϓϩϏδϣχϯά
    4FSFSTQFD ςετ
    LFFQBMJWFE ϩʔυόϥϯγϯά
    OHJOY 8ϓϩΩγ
    IUUQE ΞϓϦέʔγϣϯ

    View Slide

  10. WBHSBOU
    w3VCZͷه๏Ͱ7JSUVBM#PYͳͲͷ7.Λ؅ཧͰ͖Διϑτ΢ΣΞ
    w)BTIJ$PSQ IUUQTXXXIBTIJDPSQDPN

    IUUQTXXXWBHSBOUVQDPN

    View Slide

  11. JUBNBF
    w1SFGFSSFE/FUXPSLTͷ!SZPU@B@SBJ͕࡞੡ͨ͠044
    w-JHIUDIFG
    wγϯϓϧͰ࢖͍΍͘͢ɺNSVCZ൛͸NJUBNBF
    IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBF

    View Slide

  12. 4FSWFSTQFD
    w!NJ[[Z͕࡞੡ͨ͠044
    w34QFDͷه๏Ͱαʔό؀ڥΛςετͰ͖Δ
    IUUQTFSWFSTQFDPSH

    View Slide

  13. ϋϯζΦϯ؀ڥ
    wIUUQTHJUIVCDPNQFQBCPJOGSBTUVSVDUVSF@BT@DPEF@IBOET@PO
    ├── Gemfile // ར༻gemͷఆٛ
    ├── Gemfile.lock // gemͷόʔδϣϯݻఆϑΝΠϧ
    ├── README.md
    ├── Vagrantfile // VMͷఆٛ
    ├── bootstrap.rb // Itamaeͷ࣮ߦεΫϦϓτ
    ├── cookbooks // ϓϩϏδϣχϯάεΫϦϓτΛ഑ஔ͢ΔσΟϨΫτϦ
    └── www
    ├── default.rb
    ├── files
    └── templates

    View Slide

  14. ϋϯζΦϯ؀ڥ
    wIUUQTHJUIVCDPNQFQBCPJOGSBTUVSVDUVSF@BT@DPEF@IBOET@PO
    ├── nodes // ϩʔϧຖͷΞτϦϏϡʔτϑΝΠϧΛ഑ஔ͢ΔσΟϨΫτϦ
    │ └── www.yaml
    ├── roles // ϩʔϧຖͷϓϩϏδϣχϯάεΫϦϓτΛ഑ஔ͢ΔσΟϨΫτϦ
    │ └── www
    │ └── default.rb
    ├── spec // ServerpecͷεΫϦϓτΛ഑ஔ͢ΔσΟϨΫτϦ
    │ ├── spec_helper.rb
    │ └── www
    │ └── httpd_spec.rb
    └── vagrant_properties.yml // vagrantͷߏ੒ϑΝΠϧ

    View Slide

  15. ਐΊํ
    w888ϩʔϧ࡞Δ
    w1309:ϩʔϧ࡞Δ
    w-#ϩʔϧ࡞Δ

    View Slide

  16. ؆୯ʂʂʂ̍

    View Slide

  17. 888ϩʔϧͷཁ݅
    wQIQJOGP͕දࣔͰ͖Δ
    w1)1͕ར༻Ͱ͖Δ

    View Slide

  18. 5%%
    wςετͰ·ͣ͋Δ΂͖ঢ়ଶΛఆ͔ٛͯ͠Βɺ։ൃΛߦ͏
    $ vagrant up www-1
    $ bin/rake spec:www-1

    View Slide

  19. BQBDIFͷΠϯετʔϧ
    wDPPLCPPLTXXXBQBDIFSCͷ࡞੒
    wDPPLCPPLTXXXEFGBVMUSC͔ΒBQBDIFSCΛಡΈࠐΉ
    wSPMFTXXXEFGBVMUSC͔ΒXXXͷDPPLCPPLΛಡΈࠐΉ
    XXXSPMF
    BQBDIFDPPLCPPL
    qVFOUEDPPLCPPL
    BQBDIFSFDJQF
    QIQSFDJQF
    UEBHFOUSFDJQF
    QMVHJOSFDJQF

    View Slide

  20. QBDLBHF
    IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBFXJLJQBDLBHFSFTPVSDF
    package do
    action :install
    version 1.0
    end
    ύοέʔδͷΠϯετʔϧΛߦ͏Ϧιʔε

    View Slide

  21. DPPLCPPLTXXXBQBDIFSC
    wϨγϐ͸ϛυϧ΢ΣΞ୯ҐͰ෼ׂ͠ɺ࠶ར༻ੑΛߴΊΔ
    %w(
    apache2
    php7.0
    libapache2-mod-php7.0
    ).each do |n|
    package n
    end
    σϑΥϧτΞΫγϣϯ͕JOTUBMMͳͷͰলུՄೳ

    View Slide

  22. DPPLCPPLTXXXEFGBVMUSCͷఆٛ
    # ઌ΄Ͳఆٛͨ͠ϨγϐΛಡΈࠐΉ
    include_recipe 'apache.rb'
    EFGBVMUSC͸ෳ਺ͷϨγϐΛଋͶΔ໾ׂʹ࢖͏

    View Slide

  23. SPMFTXXXEFGBVMUSCͷఆٛ
    # ઌ΄Ͳఆٛͨ͠ΫοΫϒοΫΛಡΈࠐΉ
    include_cookbook 'www'
    ͜ͷΑ͏ʹ͢ΔͱɺҰͭͷϩʔϧΛෳ਺ͷ
    ΫοΫϒοΫΛ૊Έ߹ΘͤͯߏஙͰ͖Δ

    View Slide

  24. -FU`T1SPWJTJPO
    $ vagrant provision www-1
    IUUQXXXIBOETPOQCEFW
    VCVOUVͷσϑΥϧτϖʔδ͕
    ݟ͑Ε͹0,

    View Slide

  25. QIQJOGPΛදࣔ͢Δ
    wTQFDXXXQIQJOGP@TQFDSC
    describe file('/var/www/html/index.php') do
    it { should be_file }
    it { should be_mode 755 }
    it { should be_owned_by 'root' }
    it { should be_grouped_into 'root' }
    end
    IUUQTFSWFSTQFDPSHSFTPVSDF@UZQFTIUNMpMF

    View Slide

  26. QIQJOGPΛදࣔ͢Δ
    wDPPLCPPLTXXXQIQJOGPSC
    remote_file '/var/www/html/index.php' do
    owner 'root'
    group 'root'
    mode '755'
    end
    IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBFXJLJSFNPUF@pMFSFTPVSDF

    View Slide

  27. QIQJOGPΛදࣔ͢Δ
    wDPPLCPPLTXXXpMFTJOEFYQIQ
    echo phpinfo();
    ˞Ұൠతʹ͸ϓϩϏδϣχϯάπʔϧͰ
    ίϯςϯπ഑ஔ͸΍Βͳ͍

    View Slide

  28. DPPLCPPLTXXXEFGBVMUSCͷఆٛ
    # ઌ΄Ͳఆٛͨ͠ϨγϐΛಡΈࠐΉ
    include_recipe ‘apache.rb'
    include_recipe ‘phpinfo.rb’
    EFGBVMUSC͸ෳ਺ͷϨγϐΛଋͶΔ໾ׂʹ࢖͏

    View Slide

  29. -FU`T1SPWJTJPO
    $ vagrant provision www-1
    IUUQXXXIBOETPOQCEFW
    QIQJOGPݟ͑ͳ͍ɾɾɾ

    View Slide

  30. TTIϩάΠϯ
    $ vagrant ssh www-1
    ubuntu@www-1:~$ ls -ltr /var/www/html
    total 16
    -rw-r--r-- 1 root root 11321 Apr 3 07:13 index.html
    -rwxr-xr-x 1 ubuntu root 26 Apr 3 07:29 index.php
    JOEFYIUNMΛ࡟আ͢Δඞཁ͕͋Δ

    View Slide

  31. JOEFYIUNMͷ࡟আ
    describe file('/var/www/html/index.html') do
    it { should_not exist }
    end
    wTQFDXXXQIQJOGP@TQFDSC

    View Slide

  32. JOEFYIUNMͷ࡟আ
    wDPPLCPPLTXXXQIQJOGPSC
    file '/var/www/html/index.html' do
    action :delete
    end
    IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBFXJLJpMFSFTPVSDF

    View Slide

  33. -FU`T1SPWJTJPO
    $ vagrant provision www-1
    $ bin/rake spec:www-1
    IUUQXXXIBOETPOQCEFW
    ::

    View Slide

  34. ه๏νΣοΫͱDPNNJU
    $ bin/rake rubocop -a
    $ git add .
    $ git commit -m “wwwͷߏங”

    View Slide

  35. 1309:ϩʔϧͷཁ݅
    wOHJOYΛར༻ͨ͠)551ϓϩΩγ͕Ͱ͖Δ
    1SPYZ 1SPYZ
    "QQ "QQ

    View Slide

  36. OHJOYΛΠϯετʔϧ͢Δ
    wTQFDQSPYZOHJOY@TQFDSC
    require 'spec_helper'
    %w(
    nginx
    ).each do |n|
    describe package(n) do
    it { should be_installed }
    end
    end
    describe service('nginx') do
    it { should be_enabled }
    it { should be_running }
    end
    describe port(80) do
    it { should be_listening }
    end

    View Slide

  37. DPPLCPPLɺSPMFͷ਽ܗΛ࡞Δ
    $ bin/itamae generate cookbook proxy
    $ bin/itamae generate role proxy
    $ echo ‘role: proxy’ > nodes/proxy.yaml
    $ vagrant up proxy-1
    $ bin/rake spec:proxy-1

    View Slide

  38. OHJOYͷΠϯετʔϧ
    package 'nginx'
    service ‘nginx’ do
    action %w(enable start)
    end
    wDPPLCPPLTQSPYZOHJOYSC

    View Slide

  39. OHJOYͷΠϯετʔϧ
    include_recipe 'nginx.rb'
    wDPPLCPPLTQSPYZEFGBVMUSC
    include_cookbook 'proxy'
    wSPMFTQSPYZEFGBVMUSC

    View Slide

  40. OHJOYͷઃఆΛ͢Δ
    % vagrant ssh proxy-1
    ubuntu@proxy-1:~$ sudo su -
    root@proxy-1:~# cd /etc/nginx/
    root@proxy-1:/etc/nginx# ls -ltr
    root@proxy-1:/etc/nginx# more nginx.conf

    include /etc/nginx/conf.d/*.conf; # nginxͷconfigʹ͸includeػߏ͕͋Δ

    wQSPYZαʔόͷதΛ೷͘

    View Slide

  41. VQTUSFBNͷఆٛΛߦ͏
    1SPYZ 1SPYZ
    "QQ "QQ
    QSPYZαʔό͔ΒݟͯɺϓϩΩγઌͷ
    αʔόΛVQTUSFBNͱఆٛ

    View Slide

  42. VQTUSFBNͷఆٛΛߦ͏
    describe file('/etc/nginx/conf.d/www.conf') do
    its(:content) { should match /server 172.18.1.31/ }
    its(:content) { should match /server 172.18.1.32/ }
    end
    describe file('/etc/nginx/sites-enabled') do
    it { should_not exist }
    end
    describe file('/etc/nginx/sites-available') do
    it { should_not exist }
    end
    wTQFDQSPYZOHJOY@TQFDSC

    View Slide

  43. UFNQMBUFΛར༻͢Δ
    template '/etc/nginx/conf.d/www.conf' do
    owner 'root'
    group 'root'
    notifies :restart, 'service[nginx]'
    end
    IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBFXJLJUFNQMBUFSFTPVSDF

    View Slide

  44. UFNQMBUFΛར༻͢Δ
    upstream app {
    <% node['proxy']['app']['servers'].each do |s| %>
    server <%= s %>;
    <% end %>
    }
    server {
    listen 80;
    server_name localhost;
    location / {
    proxy_pass http://app/;
    }
    }
    DPPLCPPLTQSPYZUFNQMBUFTXXXDPOGFSC

    View Slide

  45. ؀ڥ͝ͱͷϑΝΠϧ͸OPEFTͰ؅ཧ
    proxy:
    app:
    servers:
    - 172.18.1.31
    - 172.18.1.32
    OPEFTQSPYZZBNM
    ෳ਺؀ڥͷ৔߹͸ɺQSPYZQSPEVDUJPOZBNM΍
    QSPYZEFWFMPQNFOUZBNMͳͲΛ࡞੒͢Δ

    View Slide

  46. ՝୊
    FUDOHJOYTJUFTFOBCMFE
    FUDOHJOYTJUFTBWBJMBCMF
    ্هͷσΟϨΫτϦΛ
    ࡟আ͍ͯͩ͘͠͞

    View Slide

  47. ਖ਼౴ྫ
    %w(
    enabled
    available
    ).each do |n|
    directory "/etc/nginx/sites-#{n}" do
    action :delete
    notifies :restart, 'service[nginx]'
    end
    end

    View Slide

  48. ه๏νΣοΫͱDPNNJU
    $ bin/rake rubocop -a
    $ git add .
    $ git status
    $ git commit -m “proxyͷߏங”

    View Slide

  49. ՝୊
    FUDOHJOYDPOGEXXXDPOG
    ͜ͷϨγϐΛUFNQMBUFͷ
    WBSJBCMFTΛར༻ͯ͠ΑΓ
    ࠶ར༻ੑΛߴΊΔ

    View Slide

  50. -#ϩʔϧͷཁ݅
    w7*1Λ؅ཧͰ͖Δ
    w7*1Ͱड͚ͨτϥϑΟοΫΛ1SPYZαʔόʹ
    όϥϯγϯάͰ͖Δ
    -# -#
    1SPYZ 1SPYZ

    View Slide

  51. 7*1ͱ͸

    View Slide

  52. LFFQBMJWFEΛΠϯετʔϧ͢Δ
    wTQFDMCLFFQBMJWFE@TQFDSC
    require 'spec_helper'
    %w(
    keepalived
    ).each do |n|
    describe package(n) do
    it { should be_installed }
    end
    end
    describe service('keepalived') do
    it { should be_enabled }
    it { should be_running }
    end
    describe port(80) do
    it { should be_listening }
    end

    View Slide

  53. ϦΞϧαʔό΋ςετ
    describe file(‘/etc/keepalived/keepalived.conf’) do
    its(:content) { should match /real_server 172.18.1.21 80/ }
    its(:content) { should match /real_server 172.18.1.22 80/ }
    end
    wTQFDMCLFFQBMJWFE@TQFDSC

    View Slide

  54. DPPLCPPLɺSPMFͷ਽ܗΛ࡞Δ
    $ bin/itamae generate cookbook lb
    $ bin/itamae generate role lb
    $ echo ‘role: lb’ > nodes/lb.yaml
    $ vagrant up lb-1
    $ bin/rake spec:lb-1

    View Slide

  55. LFFQBMJWFEͷΠϯετʔϧ
    package 'keepalived'
    service ‘keepalived’ do
    %w(enable start)
    end
    template '/etc/keepalived/keepalived.conf' do
    owner 'root'
    group 'root'
    notifies :restart, 'service[keepalived]'
    end
    wDPPLCPPLTMCLFFQBMJWFESC

    View Slide

  56. LFFQBMJWFEͷΠϯετʔϧ
    include_recipe ‘keepalived.rb'
    wDPPLCPPLTMCEFGBVMUSC
    include_cookbook ‘lb’
    wSPMFTMCEFGBVMUSC

    View Slide

  57. 7*1ͷఆٛ
    vrrp_instance vrrp_int {
    interface <%= node['lb']['keepalived']['if'] %>
    virtual_router_id <%= node['lb']['keepalived']['router_id'] %>
    nopreempt
    state BACKUP
    priority 100
    advert_int 3
    garp_master_delay 5
    authentication {
    auth_type PASS
    auth_pass hands_on
    }
    virtual_ipaddress {
    <%= node['lb']['keepalived']['vip'] %>
    }
    }
    wDPPLCPPLTMCUFNQMBUFTLFFQBMJWFEDPOGFSC

    View Slide

  58. 7*1ͷఆٛ
    virtual_server <%= node['lb']['keepalived']['vip'] %> 80 {
    delay_loop 10
    lvs_sched lc
    lvs_method NAT
    protocol TCP
    <% node['lb']['keepalived']['servers'].each do |s| %>
    real_server <%= s %> 80 {
    weight 1
    TCP_CHECK {
    connect_port 80
    connect_timeout 30
    }
    }
    <% end %>
    }
    wDPPLCPPLTMCUFNQMBUFTLFFQBMJWFEDPOGFSC

    View Slide

  59. :".-ͰΞτϦϏϡʔτΛఆٛ͢Δ
    lb:
    keepalived:
    vip: 172.18.1.10
    router_id: 100
    if: enp0s8
    servers:
    - 172.18.1.21
    - 172.18.1.22
    wOPEFTMCZBNM

    View Slide

  60. -FU`T1SPWJTJPO
    $ vagrant provision lb-1
    $ bin/rake spec:lb-1

    View Slide

  61. αʔόͷதΛݟͯΈ·͠ΐ͏

    View Slide

  62. JQWTͷঢ়ଶΛݟΔ
    # vipΛอ͍࣋ͯ͠Δ͔
    $ ip a
    # real serverͷঢ়ଶΛݟΔ
    $ ipvsadm -L -n

    View Slide

  63. ه๏νΣοΫͱDPNNJU
    $ bin/rake rubocop -a
    $ git commit -m “lbͷߏங”

    View Slide

  64. ৑௕Խ

    View Slide

  65. ଴ػܥΛىಈ͢Δ
    -# -#
    1SPYZ 1SPYZ
    "QQ "QQ
    $ vagrant up

    View Slide

  66. JQWTͷঢ়ଶΛݟΔ
    # real serverͷঢ়ଶΛݟΔ
    $ ipvsadm -L -n

    View Slide

  67. ͓΋ΉΖʹαʔόΛམͱ͢
    $ vagrant halt www-1
    $ vagrant halt proxy-1
    $ vagrant halt lb-1
    αʔϏε͕ແఀࢭͰ͋Δ͜ͱ

    View Slide

  68. ·ͱΊ

    View Slide

  69. ࠓ೔ֶΜͩ͜ͱ
    w*OGSBTUSVDUVSFBT$PEF͸ιϑτ΢ΣΞ։ൃͷϊ΢ϋ΢ΛΠϯϑϥͷ
    ੈք΁͖࣋ͬͯͨ΋ͷ
    wΠϯϑϥʹ͓͍ͯ΋ςετۦಈ։ൃ
    w࠶ར༻͠΍ཻ͍͢౓ͰϨγϐΛ؅ཧ
    wΠϯϑϥ͸ָ͍͠ʂʂʂ̍

    View Slide