Itamae - Infra as Code 現状確認会

Transcript

1. Itamae !!Infra!as!Code!ݱঢ়֬ೝձ!" 1

2. ࣗݾ঺հ • ߥҪ"ྑଠ"(@ryotarai"or"@ryot_a_rai) • ΫοΫύουͷΤϯδχΞˏΠϯϑϥ෦ • ͭͬͯ͘Δ΋ͷ • Infrataster:"ΠϯϑϥͷৼΔ෣͍ςετπʔϧ •

   Itamae:"ࠓ೔࿩͠·͢ 2

3. ϓϩϏδϣχϯάπʔϧ • CFEngine • Puppet • Chef • Ansible •

   Saltstack • Itamae7←7NEW!! 3

4. Itamae&is&... Simple'and'lightweight'configura4on'management' tool'inspired'by'Chef. γϯϓϧͰܰྔͳChefΈ͍ͨͳ΍ͭ 4

5. Chefͬͯʁ • αʔόߏ੒؅ཧπʔϧ • Ruby&DSLʹΑΔߴ͍දݱྗ • ڊେͳΤίγεςϜɾπʔϧ܈ • knife,&berkshelfͳͲͳͲ •

   Ϣʔβ΋ଟ͘ɺॻ੶ɾϒϩάهࣄͳͲ΋๛෋ 5

6. Ͱ΋… • ֶशίετ͕ߴ͍ʢͱݴΘΕ͍ͯΔʣ • ػೳ๛෋Ͱศརͳ൓໘ɺ֮͑Δ͜ͱ͸ଟ͍ • খ࢝͘͞Ίͨͯ͘΋େ͖͘ͳΓ͕ͪ • σΟϨΫτϦɺϑΝΠϧɺϨϙδτϦͷࢁ… •

   ϋϚΓͲ͜Ζ΋ଟ͍ʢͱࢥ͏ʣ • BerkshelfͷϏϧυʹࣦഊͨ͠Γ…ʢChef,DK΋ 6

7. ͦ͜ͰɺItamae • ௿ֶ͍शίετ • ࠓ೔࿩͢͜ͱ͕Itamaeͷ΄΅͢΂ͯ • ݴ͍׵͑Ε͹ɺػೳ͸͔ͳΓগͳ͍ • ͕ɺ࠷௿ݶͷػೳ͸ἧ͍ͬͯΔ •

   ChefͬΆ͍ૉఢͳRuby.DSL͕͔ͭ͑Δ • YAMLʁ͍͑ɺ஌Βͳ͍ࢠͰ͢Ͷ 7

8. Chef%&>%Itamae • cookbooks • recipes • roles • environments •

   Chef3Server • Berkshelf 8

9. Chef%&>%Itamae • cookbooks • recipes • roles • environments •

   Chef3Server • Berkshelf 9

10. Itamae஀ੜൿ࿩ • ίϯηϓτϞσϧతͳײ͡Ͱࡢ೥12݄ʹܰྔChef తͳ΋ͷΛ࡞͍ͬͯͨʢLightchefͱ໋໊ʣ • ΫοΫύουͰ৽͍͠ߏ੒؅ཧπʔϧΛݕ౼͢Δ தͰɺLightchef݁ߏ͍͍ͷͰ͸ͱ͍͏࿩ʹͳͬͨ • ͦͷޙɺChef͔ࣾΒౖΒΕͦ͏ͳ໊લͩΑͶɺͱ ͍͏͜ͱͰվ໊→Itamae

    10

11. ࢖͍ํ 1.#ϨγϐΛॻ͘ # nginx.rb service "nginx" # nginxΛΠϯετʔϧ͢Δ package "nginx"

    template "/etc/nginx/nginx.conf" do source "nginx.conf.erb" # ઃఆϑΝΠϧ͕ߋ৽͞ΕͨΒɺnginxΛϦϩʔυ͢Δ notifies :reload, "service[nginx]" end 11

12. ࢖͍ํ 2.#࣮ߦ͢Δ $ gem install itamae $ itamae local nginx.rb

    12

13. SSH͝͠ʹ࣮ߦ΋Ͱ͖Δ $ itamae ssh -h 192.168.10.10 \ -p 22 -u

    user recipe.rb VagrantͰಈ͍͍ͯΔVMʹͭͳ͙ $ vagrant up $ itamae ssh --vagrant -h vm_name recipe.rb VagrantϓϥάΠϯͷvagrant(itamaeΛ࢖͏ख΋ 13

14. ͶɺγϯϓϧͰ͠ΐ 14

15. ͚ͬ͜͏͍ܰ $ time sudo chef-solo -c solo.rb -j node.json Recipe:

    hello::default * execute[echo Hello] action run - execute echo Hello 1.70s user 0.74s system 71% cpu 3.414 total $ time itamae local hello/recipes/default.rb INFO : Recipe: /private/tmp/... INFO : execute[echo Hello] INFO : action: run 0.33s user 0.12s system 87% cpu 0.516 total # ͜ͷ৔߹ɺItamae͸OhaiΛୟ͍ͯͳ͍ͷͰͪΐͬͱνʔτͬΆ͍ 15

16. ͚ͬ͜͏খ͍͞ $ gem i itamae --pre Successfully installed thor-0.19.1 Successfully

    installed net-scp-1.2.1 Successfully installed specinfra-2.0.0.beta43 Successfully installed hashie-3.3.1 Successfully installed ansi-1.4.3 Successfully installed itamae-1.0.0.beta50 6 gems installed 16

17. ϨγϐΛॻ͘ 17

18. Ϧιʔε • ઃఆର৅ͷίϯϙʔωϯτΛදݱ͢Δ ʢྫ:#execute,#templateͳͲʣ • ChefͷΑ͏ʹ๛෋ͳϦιʔε͸༻ҙͰ͖ͯͳ͍ • h1ps:/ /github.com/ryotarai/itamae/tree/master/ lib/itamae/resource

    18

19. execute&Ϧιʔε γΣϧͰίϚϯυ࣮ߦ͢Δ execute "clean up my machine" do command "rm

    -rf /" end 19

20. remote_file,*template*Ϧιʔε remote_file͸ChefͰ͍͏cookbook_file remote_file "/etc/nginx/nginx.conf" do # ϨγϐϑΝΠϧ͔Βͷ૬ରύε source "nginx.conf" end

    template "/etc/nginx/nginx.conf" do # ϨγϐϑΝΠϧ͔Βͷ૬ରύε source "nginx.conf.erb" variables(server_name: "itamae.kitchen") end 20

21. package'Ϧιʔε • OS͝ͱద౰ͳύοέʔδγεςϜͰύοέʔδΛ Πϯετʔϧ͢Δ • DebianͩͬͨΒaptɺRedHatͩͬͨΒyumͰ ύοέʔδΛૢ࡞͢Δ package "sl" do

    action :install end 21

22. ڞ௨Ͱ࢖͑ΔΞτϦϏϡʔτ package "sl" do # ΞΫγϣϯ action :install # ͋ΔίϚϯυ͕੒ޭ͚ͨ࣌ͩ͠

    only_if "test -e /tmp/you_like_sl" # ͋ΔίϚϯυ͕ࣦഊ͚ͨ࣌ͩ͠ not_if "test -e /tmp/you_do_not_like_sl" # ࣮ߦϢʔβ user "myuser" end 22

23. ͦͷଞϦιʔεʹ͍ͭͯ • h#ps:/ /github.com/ryotarai/itamae/wiki/Resources • h#ps:/ /github.com/ryotarai/itamae/tree/master/ lib/itamae/resource • define_attribute͔ΒࢦఆͰ͖ΔΞτϦ

    Ϗϡʔτ͕Θ͔Δ • action_*Ͱ࢖͑ΔΞΫγϣϯ͕Θ͔Δ 23

24. no#fies Ϧιʔε͕ߋ৽͞Εͨʢύοέʔδ͕Πϯετʔϧ ͞ΕͨɺͳͲʣ৔߹ʹɺଞͷϦιʔεͷΞΫγϣϯ Λ࣮ߦ͢Δ service "nginx" template "/etc/nginx/conf.d/site" do source

    "nginx/site.erb" notifies :reload, "service[nginx]" end 24

25. subscribes ଞͷϦιʔε͕ߋ৽͞Εͨʢύοέʔδ͕Πϯε τʔϧ͞ΕͨɺϑΝΠϧ͕ॻ͖׵Θͬͨetc.ʣ৔߹ ʹɺΞΫγϣϯΛ࣮ߦ͢Δ service "nginx" do subscribes :reload, "template[/etc/nginx/conf.d/site]"

    end template "/etc/nginx/conf.d/site" do source "nginx/site.erb" end 25

26. defini&on ෳ਺ͷϦιʔε͔Β৽͍͠ϦιʔεΛఆٛ͢Δ define :install_and_enable_package, version: nil do package params[:name] do

    version params[:version] if params[:version] action :install end service params[:name] do action :enable end end install_and_enable_package 'nginx' do version '1.6.1' end 26

27. include_recipe Ϩγϐ͔ΒଞͷϨγϐΛݺͼग़͢ # nginx.rb package "nginx" template "/etc/nginx/conf.d/hello" do source

    "nginx.erb" end # sl.rb package "sl" # web_server.rb include_recipe "nginx.rb" include_recipe "sl.rb" 27

28. ͦͷଞͰ͖Δ͜ͱ 28

29. ϊʔυΞτϦϏϡʔτ • itamae -j node.jsonͳͲͱJSONϑΝΠϧΛ ࢦఆ͢Δͱ • Ϩγϐ΍ςϯϓϨʔτ಺Ͱnode[:key]ͷΑ͏ʹ ࢀরͰ͖Δ $

    echo '{"nginx": {"domain": "itamae.kitchen"}}' \ > node.json $ itamae local -j node.json your_recipe.rb 29

30. OhaiΠϯςάϨʔγϣϯ • --ohaiΦϓγϣϯΛ౉͢ͱ • node[:cpu][:total]ͷΑ͏ʹOhaiͷ஋ΛऔΕ ΔΑ͏ʹͳΔ • ͪͳΈʹɺର৅αʔόʹohai͕ೖͬͯͳ͍৔߹ɺ ࣗಈతʹΠϯετʔϧ͞ΕΔ •

    SpecinfraʹOhaiͬΆ͍ػೳ͕ೖΓͦ͏ 30

31. OhaiΠϯςάϨʔγϣϯ Ohai? $ ohai | head { "cpu": { "real":

    4, "total": 8, "mhz": 2600, "vendor_id": "GenuineIntel\n", "model_name": "Intel(R) ...", "model": 70, "family": 6, "stepping": 1, 31

32. OhaiΠϯςάϨʔγϣϯ ྫ # bundle.rb execute "bundle install -j #{node[:cpu][:total]}" $

    itamae local --ohai bundle.rb 32

33. Dry$run • ࣮ࡍʹ͸มߋΛՃ͑ͳ͍Ͱɺมߋ͞ΕΔ಺༰ΛΈ Δ • --dry-runΦϓγϣϯ • ࣮ӡ༻ʹ͸͔ܽͤͳ͍Ͱ͢ΑͶ 33

34. ϨγϐϓϥάΠϯ • ϨγϐΛGemʹด͡ࠐΊΔ͜ͱ͕Ͱ͖Δ • BundlerͰґଘ؅ཧʂʢBerkshelfෆཁʣ # Gemfile gem 'itamae-plugin-recipe-selinux' #

    your_recipe.rb include_recipe 'selinux::enforcing' $ bundle exec itamae your_recipe.rb 34

35. ϦιʔεϓϥάΠϯ • ࣗ༝ʹϦιʔεΛఆٛͯ͠GemͰϓϥάΠϯ͔Ͱ ͖Δ # Gemfile gem 'itamae-plugin-resource-mail_alias' # your_recipe.rb

    mail_alias "alias_name" do recipient "recipient_name" end $ bundle exec itamae your_recipe.rb 35

36. ࣮૷ͷ࿩ • mizzy͞Μ࡞ͷSpecinfra1ʹ৐͔͍ͬͬͯΔ • backend:3ڞ௨ͷΠϯλʔϑΣʔεͰίϚϯυΛ ࣮ߦͰ͖ΔʢLocal,3SSHͳͲʣ • command:3OS͝ͱʹίϚϯυΛੜ੒ͯ͘͠ΕΔ `install_package('sl') #=>3"aptFget3install3sl"

    1"h$ps:/ /github.com/serverspec/specinfra 36

37. Itamae&in&Produc/on 37

38. Itamae&in&Produc/on • ΫοΫύουͷຊ൪؀ڥͰӡ༻͞Ε͍ͯΔ • ݱ࣌఺Ͱ30୆͙Β͍͸ItamaeΛ࢖ͬͯߏங͞Εͯ ͍Δ • Itamaeࣗମ͸ϨγϐΛࢦఆͯ͠ɺ࣮ߦ͢Δػೳ͠ ͔༻ҙ͍ͯ͠ͳ͍ •

    ΫοΫύουͰ͸CapistranoͰItamaeΛୟ͍͍ͯ Δ 38

39. Itamae&in&Produc/on • cap itamaeͰ • αʔόͷϩʔϧʹԠͨ͡ϨγϐΛrsyncͯ͠ • itamaeίϚϯυΛ࣮ߦ͢Δ • Itamaeʹ͸ϩʔϧͱ͍͏֓೦͸ͳ͍

    • ͕ɺಉ͡Α͏ͳ͜ͱΛϨγϐͰ࣮ݱ͍ͯ͠Δ 39

40. Itamae&in&Produc/on webϩʔϧΛ༻ҙͯ͠ΈΔ # recipes/nginx.rb package "nginx" # recipes/sl.rb package "dstat"

    # roles/web.rb include_recipe "../recipes/nginx.rb" include_recipe "../recipes/dstat.rb" 40

41. Itamae&in&Produc/on # config/deploy/itamae.rb task :apply do # 1. ͍͍ײ͡ʹ஋Λऔ͖ͬͯͯnode.jsonΛஔ͘ #

    2. Ϩγϐͱ͔/tmp/itamaeʹrsync͓ͯ͘͠ # 3. ϩʔϧΛEC2ͷλάͳͲ͔Βऔಘ͢Δ role_recipe = "/tmp/itamae/roles/#{role}.rb" sudo "itamae", "local", "-j", "node.json", role_recipe end $ cap itamae apply HOSTS=your-web-server 41

42. σϞ 42

43. ׬શʹ࣮༻ஈ֊ 43

44. It's%&me%to%release%v1.0.0%! 44

45. ࠓޙ • Ϧιʔεͷ੔උɾॆ࣮ • υΩϡϝϯςʔγϣϯ • h#ps:/ /github.com/ryotarai/itamae/wiki • Dockerfileग़ྗͰ͖ͨΒ͍͍ͳ

    45

46. ΫοΫύου͸ ΠϯϑϥΤϯδχΞΛ ืू͍ͯ͠·͢ info.cookpad.com/jobs 46