infra_hands_on

Transcript

1. ʙେن໛Πϯϑϥͷϊ΢ϋ΢ͱय़ͷ࠼ΓΛఴ͑ͯʙ QZBNB
   
   (.0
   1FQBCP
   *OD
   
   ΠϯϑϥϋϯζΦϯ *OGSBTUSVDUVSF
   BT
   $PEFΛֶͿ ࣮ફతϋϯζΦϯ

2. ϗεςΟϯάࣄۀ෦
   νʔϑςΫχΧϧϦʔυ
   ࢁԼ
   ࿨඙
   
   !QZBNB

3. ϖύϘ෱Ԭ

4. *OGSBTUSVDUVSF
   BT
   $PEF

5. *OGSBTUSVDUVSF
   BT
   $PEF wιϑτ΢ΣΞ։ൃͷϊ΢ϋ΢ΛΠϯϑϥ΁
   wόʔδϣϯ؅ཧ
   wςετۦಈ։ൃ
   wܧଓతΠϯςάϨʔγϣϯ
   wܧଓతσϦόϦʔ

6. *OGSBTUSVDUVSF
   BT
   $PEF wιϑτ΢ΣΞ։ൃͷϊ΢ϋ΢ΛΠϯϑϥ΁
   wόʔδϣϯ؅ཧ
   wςετۦಈ։ൃ
   wܧଓతΠϯςάϨʔγϣϯ
   wܧଓతσϦόϦʔ

7. ࣮ફతϋϯζΦϯ

8. ϋϯζΦϯͷΰʔϧ -# -# 1SPYZ 1SPYZ "QQ "QQ ৑௕Խ͞Εͨ8FCγεςϜΛ
   *OGSBTUSVDUVSF
   BT
   $PEFΛମײ͠ͳ͕Β
   ։ൃ͢Δ

9. ϋϯζΦϯͰ࢖༻͢Δπʔϧɾϛυϧ΢ΣΞ ϓϩμΫτ໊ ໾ׂ WBHSBOU 7.Ϛωʔδϝϯτ JUBNBF ϓϩϏδϣχϯά 4FSFSTQFD ςετ LFFQBMJWFE

   ϩʔυόϥϯγϯά OHJOY 8&#ϓϩΩγ IUUQE ΞϓϦέʔγϣϯ

10. WBHSBOU w3VCZͷه๏Ͱ7JSUVBM#PYͳͲͷ7.Λ؅ཧͰ͖Διϑτ΢ΣΞ
    w)BTIJ$PSQ IUUQTXXXIBTIJDPSQDPN IUUQTXXXWBHSBOUVQDPN

11. JUBNBF w
    1SFGFSSFE
    /FUXPSLT
    ͷ
    !SZPU@B@SBJ
    ͕࡞੡ͨ͠044
    w-JHIU
    DIFG
    wγϯϓϧͰ࢖͍΍͘͢ɺNSVCZ൛͸NJUBNBF IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBF

12. 4FSWFSTQFD w
    !NJ[[Z
    ͕࡞੡ͨ͠044
    w34QFDͷه๏Ͱαʔό؀ڥΛςετͰ͖Δ IUUQTFSWFSTQFDPSH

13. ϋϯζΦϯ؀ڥ wIUUQTHJUIVCDPNQFQBCPJOGSBTUVSVDUVSF@BT@DPEF@IBOET@PO ├── Gemfile // ར༻gemͷఆٛ ├── Gemfile.lock // gemͷόʔδϣϯݻఆϑΝΠϧ

    ├── README.md ├── Vagrantfile // VMͷఆٛ ├── bootstrap.rb // Itamaeͷ࣮ߦεΫϦϓτ ├── cookbooks // ϓϩϏδϣχϯάεΫϦϓτΛ഑ஔ͢ΔσΟϨΫτϦ └── www ├── default.rb ├── files └── templates

14. ϋϯζΦϯ؀ڥ wIUUQTHJUIVCDPNQFQBCPJOGSBTUVSVDUVSF@BT@DPEF@IBOET@PO ├── nodes // ϩʔϧຖͷΞτϦϏϡʔτϑΝΠϧΛ഑ஔ͢ΔσΟϨΫτϦ │ └── www.yaml ├──

    roles // ϩʔϧຖͷϓϩϏδϣχϯάεΫϦϓτΛ഑ஔ͢ΔσΟϨΫτϦ │ └── www │ └── default.rb ├── spec // ServerpecͷεΫϦϓτΛ഑ஔ͢ΔσΟϨΫτϦ │ ├── spec_helper.rb │ └── www │ └── httpd_spec.rb └── vagrant_properties.yml // vagrantͷߏ੒ϑΝΠϧ

15. ਐΊํ w888ϩʔϧ࡞Δ
    w1309:ϩʔϧ࡞Δ
    w-#ϩʔϧ࡞Δ

16. ؆୯ʂʂʂ̍

17. 888ϩʔϧͷཁ݅ wQIQJOGP͕දࣔͰ͖Δ
    w1)1͕ར༻Ͱ͖Δ

18. 5%% wςετͰ·ͣ͋Δ΂͖ঢ়ଶΛఆ͔ٛͯ͠Βɺ։ൃΛߦ͏ $ vagrant up www-1 $ bin/rake spec:www-1

19. BQBDIFͷΠϯετʔϧ wDPPLCPPLTXXXBQBDIFSCͷ࡞੒
    wDPPLCPPLTXXXEFGBVMUSC͔ΒBQBDIFSCΛಡΈࠐΉ
    wSPMFTXXXEFGBVMUSC͔ΒXXXͷDPPLCPPLΛಡΈࠐΉ XXX
    SPMF BQBDIF
    DPPLCPPL qVFOUE
    DPPLCPPL BQBDIF
    SFDJQF QIQ
    SFDJQF UEBHFOU
    SFDJQF

    QMVHJO
    SFDJQF

20. QBDLBHF IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBFXJLJQBDLBHFSFTPVSDF package <name> do action :install version 1.0 end

    ύοέʔδͷΠϯετʔϧΛߦ͏Ϧιʔε

21. DPPLCPPLTXXXBQBDIFSC wϨγϐ͸ϛυϧ΢ΣΞ୯ҐͰ෼ׂ͠ɺ࠶ར༻ੑΛߴΊΔ %w( apache2 php7.0 libapache2-mod-php7.0 ).each do |n| package

    n end σϑΥϧτΞΫγϣϯ͕
    JOTUBMM
    ͳͷͰলུՄೳ

22. DPPLCPPLTXXXEFGBVMUSCͷఆٛ # ઌ΄Ͳఆٛͨ͠ϨγϐΛಡΈࠐΉ include_recipe 'apache.rb' EFGBVMUSC͸ෳ਺ͷϨγϐΛଋͶΔ໾ׂʹ࢖͏

23. SPMFTXXXEFGBVMUSCͷఆٛ # ઌ΄Ͳఆٛͨ͠ΫοΫϒοΫΛಡΈࠐΉ include_cookbook 'www' ͜ͷΑ͏ʹ͢ΔͱɺҰͭͷϩʔϧΛෳ਺ͷ
    ΫοΫϒοΫΛ૊Έ߹ΘͤͯߏஙͰ͖Δ

24. -FU`T
    1SPWJTJPO $ vagrant provision www-1 IUUQXXXIBOETPOQCEFW VCVOUVͷσϑΥϧτϖʔδ͕
    ݟ͑Ε͹0,

25. QIQJOGPΛදࣔ͢Δ wTQFDXXXQIQJOGP@TQFDSC
    
    describe file('/var/www/html/index.php') do it { should be_file }

    it { should be_mode 755 } it { should be_owned_by 'root' } it { should be_grouped_into 'root' } end IUUQTFSWFSTQFDPSHSFTPVSDF@UZQFTIUNMpMF

26. QIQJOGPΛදࣔ͢Δ wDPPLCPPLTXXXQIQJOGPSC
    
    remote_file '/var/www/html/index.php' do owner 'root' group 'root' mode

    '755' end IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBFXJLJSFNPUF@pMFSFTPVSDF

27. QIQJOGPΛදࣔ͢Δ wDPPLCPPLTXXXpMFTJOEFYQIQ <?php echo phpinfo(); ˞Ұൠతʹ͸ϓϩϏδϣχϯάπʔϧͰ
    ίϯςϯπ഑ஔ͸΍Βͳ͍

28. DPPLCPPLTXXXEFGBVMUSCͷఆٛ # ઌ΄Ͳఆٛͨ͠ϨγϐΛಡΈࠐΉ include_recipe ‘apache.rb' include_recipe ‘phpinfo.rb’ EFGBVMUSC͸ෳ਺ͷϨγϐΛଋͶΔ໾ׂʹ࢖͏

29. -FU`T
    1SPWJTJPO $ vagrant provision www-1 IUUQXXXIBOETPOQCEFW QIQJOGPݟ͑ͳ͍ɾɾɾ

30. TTIϩάΠϯ $ vagrant ssh www-1 ubuntu@www-1:~$ ls -ltr /var/www/html total

    16 -rw-r--r-- 1 root root 11321 Apr 3 07:13 index.html -rwxr-xr-x 1 ubuntu root 26 Apr 3 07:29 index.php JOEFYIUNMΛ࡟আ͢Δඞཁ͕͋Δ

31. JOEFYIUNMͷ࡟আ describe file('/var/www/html/index.html') do it { should_not exist } end

    wTQFDXXXQIQJOGP@TQFDSC
    
    

32. JOEFYIUNMͷ࡟আ wDPPLCPPLTXXXQIQJOGPSC
    
    file '/var/www/html/index.html' do action :delete end IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBFXJLJpMFSFTPVSDF

33. -FU`T
    1SPWJTJPO $ vagrant provision www-1 $ bin/rake spec:www-1 IUUQXXXIBOETPOQCEFW ::

34. ه๏νΣοΫͱDPNNJU $ bin/rake rubocop -a $ git add . $

    git commit -m “wwwͷߏங”

35. 1309:ϩʔϧͷཁ݅ wOHJOYΛར༻ͨ͠)551ϓϩΩγ͕Ͱ͖Δ 1SPYZ 1SPYZ "QQ "QQ

36. OHJOYΛΠϯετʔϧ͢Δ wTQFDQSPYZOHJOY@TQFDSC
    
    require 'spec_helper' %w( nginx ).each do |n| describe

    package(n) do it { should be_installed } end end describe service('nginx') do it { should be_enabled } it { should be_running } end describe port(80) do it { should be_listening } end

37. DPPLCPPLɺSPMFͷ਽ܗΛ࡞Δ $ bin/itamae generate cookbook proxy $ bin/itamae generate role

    proxy $ echo ‘role: proxy’ > nodes/proxy.yaml $ vagrant up proxy-1 $ bin/rake spec:proxy-1

38. OHJOYͷΠϯετʔϧ package 'nginx' service ‘nginx’ do action %w(enable start) end

    wDPPLCPPLTQSPYZOHJOYSC

39. OHJOYͷΠϯετʔϧ include_recipe 'nginx.rb' wDPPLCPPLTQSPYZEFGBVMUSC include_cookbook 'proxy' wSPMFTQSPYZEFGBVMUSC

40. OHJOYͷઃఆΛ͢Δ % vagrant ssh proxy-1 ubuntu@proxy-1:~$ sudo su - root@proxy-1:~#

    cd /etc/nginx/ root@proxy-1:/etc/nginx# ls -ltr root@proxy-1:/etc/nginx# more nginx.conf … include /etc/nginx/conf.d/*.conf; # nginxͷconfigʹ͸includeػߏ͕͋Δ … wQSPYZαʔόͷதΛ೷͘

41. VQTUSFBNͷఆٛΛߦ͏ 1SPYZ 1SPYZ "QQ "QQ QSPYZαʔό͔ΒݟͯɺϓϩΩγઌͷ
    αʔόΛVQTUSFBNͱఆٛ

42. VQTUSFBNͷఆٛΛߦ͏ describe file('/etc/nginx/conf.d/www.conf') do its(:content) { should match /server 172.18.1.31/

    } its(:content) { should match /server 172.18.1.32/ } end describe file('/etc/nginx/sites-enabled') do it { should_not exist } end describe file('/etc/nginx/sites-available') do it { should_not exist } end wTQFDQSPYZOHJOY@TQFDSC
    
    

43. UFNQMBUFΛར༻͢Δ template '/etc/nginx/conf.d/www.conf' do owner 'root' group 'root' notifies :restart,

    'service[nginx]' end IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBFXJLJUFNQMBUFSFTPVSDF

44. UFNQMBUFΛར༻͢Δ upstream app { <% node['proxy']['app']['servers'].each do |s| %> server

    <%= s %>; <% end %> } server { listen 80; server_name localhost; location / { proxy_pass http://app/; } } DPPLCPPLTQSPYZUFNQMBUFTXXXDPOGFSC

45. ؀ڥ͝ͱͷϑΝΠϧ͸OPEFTͰ؅ཧ proxy: app: servers: - 172.18.1.31 - 172.18.1.32 OPEFTQSPYZZBNM ෳ਺؀ڥͷ৔߹͸ɺQSPYZQSPEVDUJPOZBNM΍
    

    QSPYZEFWFMPQNFOUZBNMͳͲΛ࡞੒͢Δ

46. ՝୊ FUDOHJOYTJUFTFOBCMFE
    FUDOHJOYTJUFTBWBJMBCMF
    ্هͷσΟϨΫτϦΛ
    ࡟আ͍ͯͩ͘͠͞

47. ਖ਼౴ྫ %w( enabled available ).each do |n| directory "/etc/nginx/sites-#{n}" do

    action :delete notifies :restart, 'service[nginx]' end end

48. ه๏νΣοΫͱDPNNJU $ bin/rake rubocop -a $ git add . $

    git status $ git commit -m “proxyͷߏங”

49. ՝୊ FUDOHJOYDPOGEXXXDPOG
    ͜ͷϨγϐΛUFNQMBUFͷ WBSJBCMFTΛར༻ͯ͠ΑΓ
    ࠶ར༻ੑΛߴΊΔ

50. -#ϩʔϧͷཁ݅ w7*1Λ؅ཧͰ͖Δ
    w7*1Ͱड͚ͨτϥϑΟοΫΛ1SPYZαʔόʹ όϥϯγϯάͰ͖Δ -# -# 1SPYZ 1SPYZ

51. 7*1ͱ͸

52. LFFQBMJWFEΛΠϯετʔϧ͢Δ wTQFDMCLFFQBMJWFE@TQFDSC
    
    require 'spec_helper' %w( keepalived ).each do |n| describe

    package(n) do it { should be_installed } end end describe service('keepalived') do it { should be_enabled } it { should be_running } end describe port(80) do it { should be_listening } end

53. ϦΞϧαʔό΋ςετ describe file(‘/etc/keepalived/keepalived.conf’) do its(:content) { should match /real_server 172.18.1.21

    80/ } its(:content) { should match /real_server 172.18.1.22 80/ } end wTQFDMCLFFQBMJWFE@TQFDSC
    
    

54. DPPLCPPLɺSPMFͷ਽ܗΛ࡞Δ $ bin/itamae generate cookbook lb $ bin/itamae generate role

    lb $ echo ‘role: lb’ > nodes/lb.yaml $ vagrant up lb-1 $ bin/rake spec:lb-1

55. LFFQBMJWFEͷΠϯετʔϧ package 'keepalived' service ‘keepalived’ do %w(enable start) end template

    '/etc/keepalived/keepalived.conf' do owner 'root' group 'root' notifies :restart, 'service[keepalived]' end wDPPLCPPLTMCLFFQBMJWFESC

56. LFFQBMJWFEͷΠϯετʔϧ include_recipe ‘keepalived.rb' wDPPLCPPLTMCEFGBVMUSC include_cookbook ‘lb’ wSPMFTMCEFGBVMUSC

57. 7*1ͷఆٛ vrrp_instance vrrp_int { interface <%= node['lb']['keepalived']['if'] %> virtual_router_id <%=

    node['lb']['keepalived']['router_id'] %> nopreempt state BACKUP priority 100 advert_int 3 garp_master_delay 5 authentication { auth_type PASS auth_pass hands_on } virtual_ipaddress { <%= node['lb']['keepalived']['vip'] %> } } wDPPLCPPLTMCUFNQMBUFTLFFQBMJWFEDPOGFSC

58. 7*1ͷఆٛ virtual_server <%= node['lb']['keepalived']['vip'] %> 80 { delay_loop 10 lvs_sched

    lc lvs_method NAT protocol TCP <% node['lb']['keepalived']['servers'].each do |s| %> real_server <%= s %> 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 30 } } <% end %> } wDPPLCPPLTMCUFNQMBUFTLFFQBMJWFEDPOGFSC

59. :".-ͰΞτϦϏϡʔτΛఆٛ͢Δ lb: keepalived: vip: 172.18.1.10 router_id: 100 if: enp0s8 servers:

    - 172.18.1.21 - 172.18.1.22 wOPEFTMCZBNM

60. -FU`T
    1SPWJTJPO $ vagrant provision lb-1 $ bin/rake spec:lb-1

61. αʔόͷதΛݟͯΈ·͠ΐ͏

62. JQWTͷঢ়ଶΛݟΔ # vipΛอ͍࣋ͯ͠Δ͔ $ ip a # real serverͷঢ়ଶΛݟΔ $

    ipvsadm -L -n

63. ه๏νΣοΫͱDPNNJU $ bin/rake rubocop -a $ git commit -m “lbͷߏங”

64. ৑௕Խ

65. ଴ػܥΛىಈ͢Δ -# -# 1SPYZ 1SPYZ "QQ "QQ $ vagrant up

66. JQWTͷঢ়ଶΛݟΔ # real serverͷঢ়ଶΛݟΔ $ ipvsadm -L -n

67. ͓΋ΉΖʹαʔόΛམͱ͢ $ vagrant halt www-1 $ vagrant halt proxy-1 $

    vagrant halt lb-1 αʔϏε͕ແఀࢭͰ͋Δ͜ͱ

68. ·ͱΊ

69. ࠓ೔ֶΜͩ͜ͱ w*OGSBTUSVDUVSF
    BT
    $PEF͸ιϑτ΢ΣΞ։ൃͷϊ΢ϋ΢ΛΠϯϑϥͷ ੈք΁͖࣋ͬͯͨ΋ͷ
    wΠϯϑϥʹ͓͍ͯ΋ςετۦಈ։ൃ
    w࠶ར༻͠΍ཻ͍͢౓ͰϨγϐΛ؅ཧ
    wΠϯϑϥ͸ָ͍͠ʂʂʂ̍