Docker + serverspecで作る configspec CI

DMBTTNFUIPEKQ %PDLFS TFSWFSTQFDͰ࡞Δ DPOGJHTQFD$* %PDLFS.FFUVQ5PLZP Ϋϥεϝιουגࣜձࣾ ࠤʑ໦ɹେี

classmethod.jp 2 ! ! ࣗݾ঺հ

3 @smokeymonkey

classmethod.jp 4 ࣗݾ঺հ ࠤʑ໦ɹେี !TNPLFZNPOLFZ ! Ϋϥεϝιουגࣜձࣾ "84ίϯαϧςΟϯά෦ ιϦϡʔγϣϯΞʔΩςΫτ

classmethod.jp 5 ! ๺ւಓੜ·Ε ๺ւಓҭͪ

classmethod.jp 6

classmethod.jp 7 ͸͡Ίʹ w๻ʮ%PDLFS৮Γ࢝Ί·ͨ͠ɺ໘ ന͍Ͱ͢Ͷʯ ! w!UBLJQPOʮࠓ౓%PDLFSͷษڧձ ΍Δ͚Ͳ-5΍Δʁʯ ! w๻ʮ͸͊ɺ͡Ό͋΍Γ·͢ʯ

classmethod.jp 8 (((( ；ﾟДﾟ)))ｶﾞｸｶﾞｸﾌﾞﾙﾌﾞﾙ

classmethod.jp 9 ͸͡Ίʹ w%PDLFSͰϓϩϏδϣχ ϯάπʔϧΛ$*͢Δͷ͸ ͋Γ͕ͪ w1VQQFU $IFG "OTJCMFʜ

classmethod.jp 10 ͸͡Ίʹ wઌ೔ͷ+"84%":4 ͰٶԼ߶ี͞Μͷ ൃදΛฉ͍ͯDPOGJHTQFD ʹڵຯΛ࣋ͬͨ

classmethod.jp 11 ͸͡Ίʹ w΍ͬͯΈͨ

classmethod.jp 12 ͝ΊΜͳ͍͞ w$*͸ݴ͍ա͗·ͨ͠ wDPOGJHTQFDͰ؀ڥ࡞Δ wTFSWFSTQFDͰςετ͢Δ wͦΕΛ࢖͍ࣺͯίϯςφ Ͱ΍Δ w͍ͭͰʹࣗಈԽ͢Δ

classmethod.jp 13 ΍ͬͨ͜ͱ w"NB[PO-JOVYͰ&$Λ-BVODI w%PDLFSΛΠϯετʔϧ w"NB[PO-JOVYͷ%PDLFS*NBHF Λ࡞੒ wެ։伴ೝূͰ TTI઀ଓग़དྷΔ
Α͏ʹ͓ͯ͘͠ Amazon Linux Docker Image Docker

classmethod.jp 14 ΍ͬͨ͜ͱ wDPOGJHTQFDˠTFSWFSTQFDΛҰؾ ௨؏Ͱ࣮ߦ͢Δ3BLFGJMFΛ࡞੒ wHJUQVTI͓ͯ͘͠

classmethod.jp 15 ΍ͬͨ͜ͱ Amazon Linux Container (1)git
push (2)webhook (3)rake -‐‑‒> docker-‐‑‒api (4)Launch Container (5)rake -‐‑‒> configspec (6)rake -‐‑‒> serverspecspec

classmethod.jp 16 "NB[PO-JOVY%PDLFS*NBHF wૉͷ"NB[PO-JOVY&$Λ-BVODI4UPQ w&#47PMVNFΛ%PDLFS͕Πϯετʔϧ͞Εͨ&$ʹ "UUBDIɺNPVOU wҎԼͷϑΥϧμɺϑΝΠϧΛ࡟আ wWBSMPH CZUFʹ
wWBSDBDIFZVN wIPNFFDVTFSTTIBVUIPSJ[FE@LFZT wJNQPSU͢Δ UBSOVNFSJDPXOFSDKQcEPDLFSJNQPSUMPDBMBN[O

classmethod.jp 17 "NB[PO-JOVY%PDLFS*NBHFXJUI44) w%PDLFSGJMF ! ! ! ! ! !
! ! ! ! ! w EPDLFSCVJMEUMPDBMBN[OTTI FROM local/amzn ! # PAM設定を変えておかないとsshがいきなり切切れる RUN sed -‐‑‒ri 's/UsePAM yes/#UsePAM yes/g' /etc/ssh/sshd_̲config RUN sed -‐‑‒ri 's/#UsePAM no/UsePAM no/g' /etc/ssh/sshd_̲config RUN passwd -‐‑‒f -‐‑‒u ec2-‐‑‒user ! # start-‐‑‒stopしてhost_̲keyを作る RUN service sshd start RUN service sshd stop ! ADD ./authorized_̲keys /home/ec2-‐‑‒user/.ssh/authorized_̲keys ! EXPOSE 22

classmethod.jp 18 TNPLFZNPOLFZTQFDDJ wUSFF . ├── README.md ├── Rakefile └──
spec ├── configspec_helper.rb ├── serverspec_helper.rb ├── web_config │ └── nginx_spec.rb └── web_test └── nginx_spec.rb Roleのconfig Roleのtest

classmethod.jp 19 3BLFGJMF require 'rake' require 'rspec/core/rake_task' require 'docker'
! hosts = [ { :name => 'docker', :roles => %w( web ), :image => 'local/amznssh' } ] ! hosts = hosts.map do |host| { :name => host[:name], :short_name => host[:name].split('.')[0], :roles => host[:roles], :image => host[:image], } docker-‐‑‒api 対象Hostの指定の中で Docker Imageを指定

classmethod.jp 20 3BLFGJMF namespace :spec do task :all =>
hosts.map {|h| 'spec:' + h[:short_name] } hosts.each do |host| container = Docker::Container.create( 'Cmd' => ['/usr/sbin/sshd', '- D'], 'Image' => host[:image], 'PortSpecs' => '22' ) container.start('PortBindings' => {'22/tcp' => [{'HostIp' => '0.0.0.0'},{'HostPort' => '54322'}]}) host毎にsshdを実⾏行行して ContainerをCreate

classmethod.jp 21 3BLFGJMF # configspec RSpec::Core::RakeTask.new(host[:short_name].to_sym) do |t| t.pattern
= 'spec/{' + host[:roles].join(',') + '} _config/*_spec.rb' end ! # serverspec RSpec::Core::RakeTask.new(host[:short_name].to_sym) do |t| t.pattern = 'spec/{' + host[:roles].join(',') + '} _test/*_spec.rb' end container.stop configspec実⾏行行 serverspec実⾏行行 Containerをstop

classmethod.jp 22 DPOGJHTQFD@IFMQFSSC require 'configspec' require 'net/ssh' require 'net/scp' !
include SpecInfra::Helper::Ssh include SpecInfra::Helper::RedHat ! RSpec.configure do |c| c.sudo_password = '' c.host = ENV['TARGET_HOST'] options = Net::SSH::Config.for(c.host) user = options[:user] || Etc.getlogin c.ssh = Net::SSH.start(c.host, user, options) c.scp = Net::SCP.start(c.host, user, options) end

classmethod.jp 23 TFSWFSTQFD@IFMQFSSC require 'serverspec' require 'pathname' require 'net/ssh' !
include SpecInfra::Helper::Ssh include SpecInfra::Helper::RedHat ! RSpec.configure do |c| c.sudo_password = '' c.host = ENV['TARGET_HOST'] options = Net::SSH::Config.for(c.host) user = options[:user] || Etc.getlogin c.ssh = Net::SSH.start(c.host, user, options) end

classmethod.jp 24 TVEPSBLF /usr/bin/ruby2.0 -S rspec spec/web_config/ nginx_spec.rb . !
Finished in 0.52104 seconds 1 example, 0 failures /usr/bin/ruby2.0 -S rspec spec/web_test/ nginx_spec.rb . ! Finished in 0.09493 seconds 1 example, 0 failures

classmethod.jp 25 +FOLJOTͷઃఆ w(JU1MVHJOΛ࢖ͬͯ·͢

classmethod.jp 26 (JUIVCଆͷઃఆ w8FCIPPLT

27 ΍ͬͯΈΔ wHJUQVTI

28 ΍ͬͯΈΔ wFSSPSʹͳΔ৔߹

29 ΍ͬͯΈΔ w͋ͱ͸ @TQFDSCΛ࡞ͬͨΓ मਖ਼ͨ͠Γͯ͠HJUQVTI͢Δ ͚ͩ w׬੒ͨ͠Β"NB[PO-JOVY &$ͷϓϩϏδϣχϯάʹ࢖ ͑͹ྑ͍

classmethod.jp 30 ·ͱΊ w ௒ٱ͠ͿΓʹ3VCZॻ͍ͨ w "NB[PO-JOVY".*Ͱ %PDLFS(Pʹͳͬͨ w "84
$POUBJOFS%FQMPZ͕zී௨z ʹͳΔͷ΋͍ۙʁ w ΋ͪΖΜ(PPHMF$MPVE1MBUGPSN Ͱ΋Ͷʂ w ࠓޙͷۀ຿ʹ׆͔ͤΔͱ͍͍ͳ͊

Docker + serverspecで作る configspec CI

Docker + serverspecで作る configspec CI

smokeymonkey

More Decks by smokeymonkey

Other Decks in Programming

Featured

Transcript

DMBTTNFUIPEKQ %PDLFS TFSWFSTQFDͰ࡞Δ DPOGJHTQFD$* %PDLFS.FFUVQ5PLZP Ϋϥεϝιουגࣜձࣾ ࠤʑ໦ɹେี

classmethod.jp 2 ! ! ࣗݾ঺հ

3 @smokeymonkey

classmethod.jp 4 ࣗݾ঺հ ࠤʑ໦ɹେี !TNPLFZNPOLFZ ! Ϋϥεϝιουגࣜձࣾ "84ίϯαϧςΟϯά෦ ιϦϡʔγϣϯΞʔΩςΫτ

classmethod.jp 5 ! ๺ւಓੜ·Ε ๺ւಓҭͪ

classmethod.jp 6

classmethod.jp 7 ͸͡Ίʹ w๻ʮ%PDLFS৮Γ࢝Ί·ͨ͠ɺ໘ ന͍Ͱ͢Ͷʯ ! w!UBLJQPOʮࠓ౓%PDLFSͷษڧձ ΍Δ͚Ͳ-5΍Δʁʯ ! w๻ʮ͸͊ɺ͡Ό͋΍Γ·͢ʯ

classmethod.jp 8 (((( ；ﾟДﾟ)))ｶﾞｸｶﾞｸﾌﾞﾙﾌﾞﾙ

classmethod.jp 9 ͸͡Ίʹ w%PDLFSͰϓϩϏδϣχ ϯάπʔϧΛ$*͢Δͷ͸ ͋Γ͕ͪ w1VQQFU $IFG "OTJCMFʜ

classmethod.jp 10 ͸͡Ίʹ wઌ೔ͷ+"84%":4 ͰٶԼ߶ี͞Μͷ ൃදΛฉ͍ͯDPOGJHTQFD ʹڵຯΛ࣋ͬͨ

classmethod.jp 11 ͸͡Ίʹ w΍ͬͯΈͨ

classmethod.jp 12 ͝ΊΜͳ͍͞ w$*͸ݴ͍ա͗·ͨ͠ wDPOGJHTQFDͰ؀ڥ࡞Δ wTFSWFSTQFDͰςετ͢Δ wͦΕΛ࢖͍ࣺͯίϯςφ Ͱ΍Δ w͍ͭͰʹࣗಈԽ͢Δ

classmethod.jp 13 ΍ͬͨ͜ͱ w"NB[PO-JOVYͰ&$Λ-BVODI w%PDLFSΛΠϯετʔϧ w"NB[PO-JOVYͷ%PDLFS*NBHF Λ࡞੒ wެ։伴ೝূͰ TTI઀ଓग़དྷΔ

classmethod.jp 14 ΍ͬͨ͜ͱ wDPOGJHTQFDˠTFSWFSTQFDΛҰؾ ௨؏Ͱ࣮ߦ͢Δ3BLFGJMFΛ࡞੒ wHJUQVTI͓ͯ͘͠

classmethod.jp 15 ΍ͬͨ͜ͱ Amazon Linux Container (1)git

classmethod.jp 16 "NB[PO-JOVY%PDLFS*NBHF wૉͷ"NB[PO-JOVY&$Λ-BVODI4UPQ w&#47PMVNFΛ%PDLFS͕Πϯετʔϧ͞Εͨ&$ʹ "UUBDIɺNPVOU wҎԼͷϑΥϧμɺϑΝΠϧΛ࡟আ wWBSMPH CZUFʹ

classmethod.jp 17 "NB[PO-JOVY%PDLFS*NBHFXJUI44) w%PDLFSGJMF ! ! ! ! ! !

classmethod.jp 18 TNPLFZNPOLFZTQFDDJ wUSFF . ├── README.md ├── Rakefile └──

classmethod.jp 19 3BLFGJMF require 'rake' require 'rspec/core/rake_task' require 'docker'

classmethod.jp 20 3BLFGJMF namespace :spec do task :all =>

classmethod.jp 21 3BLFGJMF # configspec RSpec::Core::RakeTask.new(host[:short_name].to_sym) do |t| t.pattern

classmethod.jp 22 DPOGJHTQFD@IFMQFSSC require 'configspec' require 'net/ssh' require 'net/scp' !

classmethod.jp 23 TFSWFSTQFD@IFMQFSSC require 'serverspec' require 'pathname' require 'net/ssh' !

classmethod.jp 24 TVEPSBLF /usr/bin/ruby2.0 -S rspec spec/web_config/ nginx_spec.rb . !

classmethod.jp 25 +FOLJOTͷઃఆ w(JU1MVHJOΛ࢖ͬͯ·͢

classmethod.jp 26 (JUIVCଆͷઃఆ w8FCIPPLT

27 ΍ͬͯΈΔ wHJUQVTI

28 ΍ͬͯΈΔ wFSSPSʹͳΔ৔߹

29 ΍ͬͯΈΔ w͋ͱ͸ @TQFDSCΛ࡞ͬͨΓ मਖ਼ͨ͠Γͯ͠HJUQVTI͢Δ ͚ͩ w׬੒ͨ͠Β"NB[PO-JOVY &$ͷϓϩϏδϣχϯάʹ࢖ ͑͹ྑ͍

classmethod.jp 30 ·ͱΊ w ௒ٱ͠ͿΓʹ3VCZॻ͍ͨ w "NB[PO-JOVY".*Ͱ %PDLFS(Pʹͳͬͨ w "84