infra_hands_on

 infra_hands_on

Infrastructure as Codeを学ぶ、実践的ハンズオンで利用したスライドです。

1b838da2065660793d5b26f2cdc32de7?s=128

Kazuhiko Yamashita

April 08, 2018
Tweet

Transcript

  1. ʙେن໛Πϯϑϥͷϊ΢ϋ΢ͱय़ͷ࠼ΓΛఴ͑ͯʙ QZBNB(.01FQBCP *OD ΠϯϑϥϋϯζΦϯ *OGSBTUSVDUVSFBT$PEFΛֶͿ ࣮ફతϋϯζΦϯ

  2. ϗεςΟϯάࣄۀ෦νʔϑςΫχΧϧϦʔυ  ࢁԼ࿨඙!QZBNB

  3. ϖύϘ෱Ԭ

  4. *OGSBTUSVDUVSFBT$PEF

  5. *OGSBTUSVDUVSFBT$PEF wιϑτ΢ΣΞ։ൃͷϊ΢ϋ΢ΛΠϯϑϥ΁ wόʔδϣϯ؅ཧ wςετۦಈ։ൃ wܧଓతΠϯςάϨʔγϣϯ wܧଓతσϦόϦʔ

  6. *OGSBTUSVDUVSFBT$PEF wιϑτ΢ΣΞ։ൃͷϊ΢ϋ΢ΛΠϯϑϥ΁ wόʔδϣϯ؅ཧ wςετۦಈ։ൃ wܧଓతΠϯςάϨʔγϣϯ wܧଓతσϦόϦʔ

  7. ࣮ફతϋϯζΦϯ

  8. ϋϯζΦϯͷΰʔϧ -# -# 1SPYZ 1SPYZ "QQ "QQ ৑௕Խ͞Εͨ8FCγεςϜΛ *OGSBTUSVDUVSFBT$PEFΛମײ͠ͳ͕Β ։ൃ͢Δ

  9. ϋϯζΦϯͰ࢖༻͢Δπʔϧɾϛυϧ΢ΣΞ ϓϩμΫτ໊ ໾ׂ WBHSBOU 7.Ϛωʔδϝϯτ JUBNBF ϓϩϏδϣχϯά 4FSFSTQFD ςετ LFFQBMJWFE

    ϩʔυόϥϯγϯά OHJOY 8&#ϓϩΩγ IUUQE ΞϓϦέʔγϣϯ
  10. WBHSBOU w3VCZͷه๏Ͱ7JSUVBM#PYͳͲͷ7.Λ؅ཧͰ͖Διϑτ΢ΣΞ w)BTIJ$PSQ IUUQTXXXIBTIJDPSQDPN IUUQTXXXWBHSBOUVQDPN

  11. JUBNBF w1SFGFSSFE/FUXPSLTͷ!SZPU@B@SBJ͕࡞੡ͨ͠044 w-JHIUDIFG wγϯϓϧͰ࢖͍΍͘͢ɺNSVCZ൛͸NJUBNBF IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBF

  12. 4FSWFSTQFD w!NJ[[Z͕࡞੡ͨ͠044 w34QFDͷه๏Ͱαʔό؀ڥΛςετͰ͖Δ IUUQTFSWFSTQFDPSH

  13. ϋϯζΦϯ؀ڥ wIUUQTHJUIVCDPNQFQBCPJOGSBTUVSVDUVSF@BT@DPEF@IBOET@PO ├── Gemfile // ར༻gemͷఆٛ ├── Gemfile.lock // gemͷόʔδϣϯݻఆϑΝΠϧ

    ├── README.md ├── Vagrantfile // VMͷఆٛ ├── bootstrap.rb // Itamaeͷ࣮ߦεΫϦϓτ ├── cookbooks // ϓϩϏδϣχϯάεΫϦϓτΛ഑ஔ͢ΔσΟϨΫτϦ └── www ├── default.rb ├── files └── templates
  14. ϋϯζΦϯ؀ڥ wIUUQTHJUIVCDPNQFQBCPJOGSBTUVSVDUVSF@BT@DPEF@IBOET@PO ├── nodes // ϩʔϧຖͷΞτϦϏϡʔτϑΝΠϧΛ഑ஔ͢ΔσΟϨΫτϦ │ └── www.yaml ├──

    roles // ϩʔϧຖͷϓϩϏδϣχϯάεΫϦϓτΛ഑ஔ͢ΔσΟϨΫτϦ │ └── www │ └── default.rb ├── spec // ServerpecͷεΫϦϓτΛ഑ஔ͢ΔσΟϨΫτϦ │ ├── spec_helper.rb │ └── www │ └── httpd_spec.rb └── vagrant_properties.yml // vagrantͷߏ੒ϑΝΠϧ
  15. ਐΊํ w888ϩʔϧ࡞Δ w1309:ϩʔϧ࡞Δ w-#ϩʔϧ࡞Δ

  16. ؆୯ʂʂʂ̍

  17. 888ϩʔϧͷཁ݅ wQIQJOGP͕දࣔͰ͖Δ w1)1͕ར༻Ͱ͖Δ

  18. 5%% wςετͰ·ͣ͋Δ΂͖ঢ়ଶΛఆ͔ٛͯ͠Βɺ։ൃΛߦ͏ $ vagrant up www-1 $ bin/rake spec:www-1

  19. BQBDIFͷΠϯετʔϧ wDPPLCPPLTXXXBQBDIFSCͷ࡞੒ wDPPLCPPLTXXXEFGBVMUSC͔ΒBQBDIFSCΛಡΈࠐΉ wSPMFTXXXEFGBVMUSC͔ΒXXXͷDPPLCPPLΛಡΈࠐΉ XXXSPMF BQBDIFDPPLCPPL qVFOUEDPPLCPPL BQBDIFSFDJQF QIQSFDJQF UEBHFOUSFDJQF

    QMVHJOSFDJQF
  20. QBDLBHF IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBFXJLJQBDLBHFSFTPVSDF package <name> do action :install version 1.0 end

    ύοέʔδͷΠϯετʔϧΛߦ͏Ϧιʔε
  21. DPPLCPPLTXXXBQBDIFSC wϨγϐ͸ϛυϧ΢ΣΞ୯ҐͰ෼ׂ͠ɺ࠶ར༻ੑΛߴΊΔ %w( apache2 php7.0 libapache2-mod-php7.0 ).each do |n| package

    n end σϑΥϧτΞΫγϣϯ͕JOTUBMMͳͷͰলུՄೳ
  22. DPPLCPPLTXXXEFGBVMUSCͷఆٛ # ઌ΄Ͳఆٛͨ͠ϨγϐΛಡΈࠐΉ include_recipe 'apache.rb' EFGBVMUSC͸ෳ਺ͷϨγϐΛଋͶΔ໾ׂʹ࢖͏

  23. SPMFTXXXEFGBVMUSCͷఆٛ # ઌ΄Ͳఆٛͨ͠ΫοΫϒοΫΛಡΈࠐΉ include_cookbook 'www' ͜ͷΑ͏ʹ͢ΔͱɺҰͭͷϩʔϧΛෳ਺ͷ ΫοΫϒοΫΛ૊Έ߹ΘͤͯߏஙͰ͖Δ

  24. -FU`T1SPWJTJPO $ vagrant provision www-1 IUUQXXXIBOETPOQCEFW VCVOUVͷσϑΥϧτϖʔδ͕ ݟ͑Ε͹0,

  25. QIQJOGPΛදࣔ͢Δ wTQFDXXXQIQJOGP@TQFDSC describe file('/var/www/html/index.php') do it { should be_file }

    it { should be_mode 755 } it { should be_owned_by 'root' } it { should be_grouped_into 'root' } end IUUQTFSWFSTQFDPSHSFTPVSDF@UZQFTIUNMpMF
  26. QIQJOGPΛදࣔ͢Δ wDPPLCPPLTXXXQIQJOGPSC remote_file '/var/www/html/index.php' do owner 'root' group 'root' mode

    '755' end IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBFXJLJSFNPUF@pMFSFTPVSDF
  27. QIQJOGPΛදࣔ͢Δ wDPPLCPPLTXXXpMFTJOEFYQIQ <?php echo phpinfo(); ˞Ұൠతʹ͸ϓϩϏδϣχϯάπʔϧͰ ίϯςϯπ഑ஔ͸΍Βͳ͍

  28. DPPLCPPLTXXXEFGBVMUSCͷఆٛ # ઌ΄Ͳఆٛͨ͠ϨγϐΛಡΈࠐΉ include_recipe ‘apache.rb' include_recipe ‘phpinfo.rb’ EFGBVMUSC͸ෳ਺ͷϨγϐΛଋͶΔ໾ׂʹ࢖͏

  29. -FU`T1SPWJTJPO $ vagrant provision www-1 IUUQXXXIBOETPOQCEFW QIQJOGPݟ͑ͳ͍ɾɾɾ

  30. TTIϩάΠϯ $ vagrant ssh www-1 ubuntu@www-1:~$ ls -ltr /var/www/html total

    16 -rw-r--r-- 1 root root 11321 Apr 3 07:13 index.html -rwxr-xr-x 1 ubuntu root 26 Apr 3 07:29 index.php JOEFYIUNMΛ࡟আ͢Δඞཁ͕͋Δ
  31. JOEFYIUNMͷ࡟আ describe file('/var/www/html/index.html') do it { should_not exist } end

    wTQFDXXXQIQJOGP@TQFDSC
  32. JOEFYIUNMͷ࡟আ wDPPLCPPLTXXXQIQJOGPSC file '/var/www/html/index.html' do action :delete end IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBFXJLJpMFSFTPVSDF

  33. -FU`T1SPWJTJPO $ vagrant provision www-1 $ bin/rake spec:www-1 IUUQXXXIBOETPOQCEFW ::

  34. ه๏νΣοΫͱDPNNJU $ bin/rake rubocop -a $ git add . $

    git commit -m “wwwͷߏங”
  35. 1309:ϩʔϧͷཁ݅ wOHJOYΛར༻ͨ͠)551ϓϩΩγ͕Ͱ͖Δ 1SPYZ 1SPYZ "QQ "QQ

  36. OHJOYΛΠϯετʔϧ͢Δ wTQFDQSPYZOHJOY@TQFDSC require 'spec_helper' %w( nginx ).each do |n| describe

    package(n) do it { should be_installed } end end describe service('nginx') do it { should be_enabled } it { should be_running } end describe port(80) do it { should be_listening } end
  37. DPPLCPPLɺSPMFͷ਽ܗΛ࡞Δ $ bin/itamae generate cookbook proxy $ bin/itamae generate role

    proxy $ echo ‘role: proxy’ > nodes/proxy.yaml $ vagrant up proxy-1 $ bin/rake spec:proxy-1
  38. OHJOYͷΠϯετʔϧ package 'nginx' service ‘nginx’ do action %w(enable start) end

    wDPPLCPPLTQSPYZOHJOYSC
  39. OHJOYͷΠϯετʔϧ include_recipe 'nginx.rb' wDPPLCPPLTQSPYZEFGBVMUSC include_cookbook 'proxy' wSPMFTQSPYZEFGBVMUSC

  40. OHJOYͷઃఆΛ͢Δ % vagrant ssh proxy-1 ubuntu@proxy-1:~$ sudo su - root@proxy-1:~#

    cd /etc/nginx/ root@proxy-1:/etc/nginx# ls -ltr root@proxy-1:/etc/nginx# more nginx.conf … include /etc/nginx/conf.d/*.conf; # nginxͷconfigʹ͸includeػߏ͕͋Δ … wQSPYZαʔόͷதΛ೷͘
  41. VQTUSFBNͷఆٛΛߦ͏ 1SPYZ 1SPYZ "QQ "QQ QSPYZαʔό͔ΒݟͯɺϓϩΩγઌͷ αʔόΛVQTUSFBNͱఆٛ

  42. VQTUSFBNͷఆٛΛߦ͏ describe file('/etc/nginx/conf.d/www.conf') do its(:content) { should match /server 172.18.1.31/

    } its(:content) { should match /server 172.18.1.32/ } end describe file('/etc/nginx/sites-enabled') do it { should_not exist } end describe file('/etc/nginx/sites-available') do it { should_not exist } end wTQFDQSPYZOHJOY@TQFDSC
  43. UFNQMBUFΛར༻͢Δ template '/etc/nginx/conf.d/www.conf' do owner 'root' group 'root' notifies :restart,

    'service[nginx]' end IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBFXJLJUFNQMBUFSFTPVSDF
  44. UFNQMBUFΛར༻͢Δ upstream app { <% node['proxy']['app']['servers'].each do |s| %> server

    <%= s %>; <% end %> } server { listen 80; server_name localhost; location / { proxy_pass http://app/; } } DPPLCPPLTQSPYZUFNQMBUFTXXXDPOGFSC
  45. ؀ڥ͝ͱͷϑΝΠϧ͸OPEFTͰ؅ཧ proxy: app: servers: - 172.18.1.31 - 172.18.1.32 OPEFTQSPYZZBNM ෳ਺؀ڥͷ৔߹͸ɺQSPYZQSPEVDUJPOZBNM΍

    QSPYZEFWFMPQNFOUZBNMͳͲΛ࡞੒͢Δ
  46. ՝୊ FUDOHJOYTJUFTFOBCMFE FUDOHJOYTJUFTBWBJMBCMF ্هͷσΟϨΫτϦΛ ࡟আ͍ͯͩ͘͠͞

  47. ਖ਼౴ྫ %w( enabled available ).each do |n| directory "/etc/nginx/sites-#{n}" do

    action :delete notifies :restart, 'service[nginx]' end end
  48. ه๏νΣοΫͱDPNNJU $ bin/rake rubocop -a $ git add . $

    git status $ git commit -m “proxyͷߏங”
  49. ՝୊ FUDOHJOYDPOGEXXXDPOG ͜ͷϨγϐΛUFNQMBUFͷ WBSJBCMFTΛར༻ͯ͠ΑΓ ࠶ར༻ੑΛߴΊΔ

  50. -#ϩʔϧͷཁ݅ w7*1Λ؅ཧͰ͖Δ w7*1Ͱड͚ͨτϥϑΟοΫΛ1SPYZαʔόʹ όϥϯγϯάͰ͖Δ -# -# 1SPYZ 1SPYZ

  51. 7*1ͱ͸

  52. LFFQBMJWFEΛΠϯετʔϧ͢Δ wTQFDMCLFFQBMJWFE@TQFDSC require 'spec_helper' %w( keepalived ).each do |n| describe

    package(n) do it { should be_installed } end end describe service('keepalived') do it { should be_enabled } it { should be_running } end describe port(80) do it { should be_listening } end
  53. ϦΞϧαʔό΋ςετ describe file(‘/etc/keepalived/keepalived.conf’) do its(:content) { should match /real_server 172.18.1.21

    80/ } its(:content) { should match /real_server 172.18.1.22 80/ } end wTQFDMCLFFQBMJWFE@TQFDSC
  54. DPPLCPPLɺSPMFͷ਽ܗΛ࡞Δ $ bin/itamae generate cookbook lb $ bin/itamae generate role

    lb $ echo ‘role: lb’ > nodes/lb.yaml $ vagrant up lb-1 $ bin/rake spec:lb-1
  55. LFFQBMJWFEͷΠϯετʔϧ package 'keepalived' service ‘keepalived’ do %w(enable start) end template

    '/etc/keepalived/keepalived.conf' do owner 'root' group 'root' notifies :restart, 'service[keepalived]' end wDPPLCPPLTMCLFFQBMJWFESC
  56. LFFQBMJWFEͷΠϯετʔϧ include_recipe ‘keepalived.rb' wDPPLCPPLTMCEFGBVMUSC include_cookbook ‘lb’ wSPMFTMCEFGBVMUSC

  57. 7*1ͷఆٛ vrrp_instance vrrp_int { interface <%= node['lb']['keepalived']['if'] %> virtual_router_id <%=

    node['lb']['keepalived']['router_id'] %> nopreempt state BACKUP priority 100 advert_int 3 garp_master_delay 5 authentication { auth_type PASS auth_pass hands_on } virtual_ipaddress { <%= node['lb']['keepalived']['vip'] %> } } wDPPLCPPLTMCUFNQMBUFTLFFQBMJWFEDPOGFSC
  58. 7*1ͷఆٛ virtual_server <%= node['lb']['keepalived']['vip'] %> 80 { delay_loop 10 lvs_sched

    lc lvs_method NAT protocol TCP <% node['lb']['keepalived']['servers'].each do |s| %> real_server <%= s %> 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 30 } } <% end %> } wDPPLCPPLTMCUFNQMBUFTLFFQBMJWFEDPOGFSC
  59. :".-ͰΞτϦϏϡʔτΛఆٛ͢Δ lb: keepalived: vip: 172.18.1.10 router_id: 100 if: enp0s8 servers:

    - 172.18.1.21 - 172.18.1.22 wOPEFTMCZBNM
  60. -FU`T1SPWJTJPO $ vagrant provision lb-1 $ bin/rake spec:lb-1

  61. αʔόͷதΛݟͯΈ·͠ΐ͏

  62. JQWTͷঢ়ଶΛݟΔ # vipΛอ͍࣋ͯ͠Δ͔ $ ip a # real serverͷঢ়ଶΛݟΔ $

    ipvsadm -L -n
  63. ه๏νΣοΫͱDPNNJU $ bin/rake rubocop -a $ git commit -m “lbͷߏங”

  64. ৑௕Խ

  65. ଴ػܥΛىಈ͢Δ -# -# 1SPYZ 1SPYZ "QQ "QQ $ vagrant up

  66. JQWTͷঢ়ଶΛݟΔ # real serverͷঢ়ଶΛݟΔ $ ipvsadm -L -n

  67. ͓΋ΉΖʹαʔόΛམͱ͢ $ vagrant halt www-1 $ vagrant halt proxy-1 $

    vagrant halt lb-1 αʔϏε͕ແఀࢭͰ͋Δ͜ͱ
  68. ·ͱΊ

  69. ࠓ೔ֶΜͩ͜ͱ w*OGSBTUSVDUVSFBT$PEF͸ιϑτ΢ΣΞ։ൃͷϊ΢ϋ΢ΛΠϯϑϥͷ ੈք΁͖࣋ͬͯͨ΋ͷ wΠϯϑϥʹ͓͍ͯ΋ςετۦಈ։ൃ w࠶ར༻͠΍ཻ͍͢౓ͰϨγϐΛ؅ཧ wΠϯϑϥ͸ָ͍͠ʂʂʂ̍