Docker + serverspecで作る configspec CI

Transcript

1. DMBTTNFUIPEKQ %PDLFS
   
   TFSWFSTQFDͰ࡞Δ
   DPOGJHTQFD
   $* %PDLFS
   .FFUVQ
   5PLZP
      Ϋϥεϝιουגࣜձࣾ
   ࠤʑ໦ɹେี

2. classmethod.jp 2 ! ! ࣗݾ঺հ

3. 3 @smokeymonkey

4. classmethod.jp 4 ࣗݾ঺հ ࠤʑ໦ɹେี
   !TNPLFZNPOLFZ
   ! Ϋϥεϝιουגࣜձࣾ
   "84ίϯαϧςΟϯά෦
   ιϦϡʔγϣϯΞʔΩςΫτ

5. classmethod.jp 5 ! ๺ւಓੜ·Ε
   ๺ւಓҭͪ

6. classmethod.jp 6

7. classmethod.jp 7 ͸͡Ίʹ w๻ʮ%PDLFS৮Γ࢝Ί·ͨ͠ɺ໘ ന͍Ͱ͢Ͷʯ
   ! w!UBLJQPOʮࠓ౓%PDLFSͷษڧձ ΍Δ͚Ͳ-5΍Δʁʯ
   ! w๻ʮ͸͊ɺ͡Ό͋΍Γ·͢ʯ

8. classmethod.jp 8 ((((  ；ﾟДﾟ)))ｶﾞｸｶﾞｸﾌﾞﾙﾌﾞﾙ

9. classmethod.jp 9 ͸͡Ίʹ w%PDLFSͰϓϩϏδϣχ ϯάπʔϧΛ$*͢Δͷ͸ ͋Γ͕ͪ
   w1VQQFU
   $IFG
   "OTJCMF
   ʜ

10. classmethod.jp 10 ͸͡Ίʹ wઌ೔ͷ+"84
    %":4
    ͰٶԼ߶ี͞Μͷ ൃදΛฉ͍ͯDPOGJHTQFD ʹڵຯΛ࣋ͬͨ

11. classmethod.jp 11 ͸͡Ίʹ w΍ͬͯΈͨ

12. classmethod.jp 12 ͝ΊΜͳ͍͞ w$*͸ݴ͍ա͗·ͨ͠
    wDPOGJHTQFDͰ؀ڥ࡞Δ
    wTFSWFSTQFDͰςετ͢Δ
    wͦΕΛ࢖͍ࣺͯίϯςφ Ͱ΍Δ
    w͍ͭͰʹࣗಈԽ͢Δ

13. classmethod.jp 13 ΍ͬͨ͜ͱ  w"NB[PO
    -JOVYͰ&$Λ-BVODI
    w%PDLFSΛΠϯετʔϧ
    w"NB[PO
    -JOVYͷ%PDLFS
    *NBHF Λ࡞੒
    wެ։伴ೝূͰ
    
    
    TTI઀ଓग़དྷΔ
    

    
    
    Α͏ʹ͓ͯ͘͠ Amazon   Linux   Docker  Image Docker

14. classmethod.jp 14 ΍ͬͨ͜ͱ  wDPOGJHTQFDˠTFSWFSTQFDΛҰؾ ௨؏Ͱ࣮ߦ͢Δ3BLFGJMFΛ࡞੒
    wHJU
    QVTI͓ͯ͘͠

15. classmethod.jp 15 ΍ͬͨ͜ͱ  Amazon  Linux     Container (1)git

     push (2)webhook (3)rake  -‐‑‒>  docker-‐‑‒api (4)Launch          Container (5)rake  -‐‑‒>            configspec (6)rake  -‐‑‒>            serverspecspec

16. classmethod.jp 16 "NB[PO
    -JOVY
    %PDLFS
    *NBHF wૉͷ"NB[PO
    -JOVY
    &$Λ-BVODI
    
    4UPQ
    w&#4
    7PMVNFΛ%PDLFS͕Πϯετʔϧ͞Εͨ&$ʹ "UUBDIɺNPVOU
    wҎԼͷϑΥϧμɺϑΝΠϧΛ࡟আ
    wWBSMPH
    CZUFʹ

    
    wWBSDBDIFZVN
    wIPNFFDVTFSTTIBVUIPSJ[FE@LFZT
    wJNQPSU͢Δ 
    UBS
    OVNFSJDPXOFS
    DKQ
    
    c
    EPDLFS
    JNQPSU
    
    MPDBMBN[O

17. classmethod.jp 17 "NB[PO
    -JOVY
    %PDLFS
    *NBHF
    XJUI
    44) w%PDLFSGJMF
    ! ! ! ! ! !

    ! ! ! ! ! w EPDLFS
    CVJME
    U
    MPDBMBN[OTTI
     FROM  local/amzn   ! #  PAM設定を変えておかないとsshがいきなり切切れる   RUN  sed  -‐‑‒ri  's/UsePAM  yes/#UsePAM  yes/g'  /etc/ssh/sshd_̲config   RUN  sed  -‐‑‒ri  's/#UsePAM  no/UsePAM  no/g'  /etc/ssh/sshd_̲config   RUN  passwd  -‐‑‒f  -‐‑‒u  ec2-‐‑‒user   ! #  start-‐‑‒stopしてhost_̲keyを作る   RUN  service  sshd  start   RUN  service  sshd  stop   ! ADD  ./authorized_̲keys  /home/ec2-‐‑‒user/.ssh/authorized_̲keys   ! EXPOSE  22

18. classmethod.jp 18 TNPLFZNPOLFZTQFDDJ wUSFF . ├── README.md ├── Rakefile └──

    spec ├── configspec_helper.rb ├── serverspec_helper.rb ├── web_config │ └── nginx_spec.rb └── web_test └── nginx_spec.rb Roleのconfig Roleのtest

19. classmethod.jp 19 3BLFGJMF  require 'rake' require 'rspec/core/rake_task' require 'docker'

    ! hosts = [ { :name => 'docker', :roles => %w( web ), :image => 'local/amznssh' } ] ! hosts = hosts.map do |host| { :name => host[:name], :short_name => host[:name].split('.')[0], :roles => host[:roles], :image => host[:image], } docker-‐‑‒api 対象Hostの指定の中で Docker  Imageを指定

20. classmethod.jp 20 3BLFGJMF  namespace :spec do task :all =>

    hosts.map {|h| 'spec:' + h[:short_name] } hosts.each do |host| container = Docker::Container.create( 'Cmd' => ['/usr/sbin/sshd', '- D'], 'Image' => host[:image], 'PortSpecs' => '22' ) container.start('PortBindings' => {'22/tcp' => [{'HostIp' => '0.0.0.0'},{'HostPort' => '54322'}]}) host毎にsshdを実⾏行行して   ContainerをCreate

21. classmethod.jp 21 3BLFGJMF  # configspec RSpec::Core::RakeTask.new(host[:short_name].to_sym) do |t| t.pattern

    = 'spec/{' + host[:roles].join(',') + '} _config/*_spec.rb' end ! # serverspec RSpec::Core::RakeTask.new(host[:short_name].to_sym) do |t| t.pattern = 'spec/{' + host[:roles].join(',') + '} _test/*_spec.rb' end container.stop configspec実⾏行行 serverspec実⾏行行 Containerをstop

22. classmethod.jp 22 DPOGJHTQFD@IFMQFSSC require 'configspec' require 'net/ssh' require 'net/scp' !

    include SpecInfra::Helper::Ssh include SpecInfra::Helper::RedHat ! RSpec.configure do |c| c.sudo_password = '' c.host = ENV['TARGET_HOST'] options = Net::SSH::Config.for(c.host) user = options[:user] || Etc.getlogin c.ssh = Net::SSH.start(c.host, user, options) c.scp = Net::SCP.start(c.host, user, options) end

23. classmethod.jp 23 TFSWFSTQFD@IFMQFSSC require 'serverspec' require 'pathname' require 'net/ssh' !

    include SpecInfra::Helper::Ssh include SpecInfra::Helper::RedHat ! RSpec.configure do |c| c.sudo_password = '' c.host = ENV['TARGET_HOST'] options = Net::SSH::Config.for(c.host) user = options[:user] || Etc.getlogin c.ssh = Net::SSH.start(c.host, user, options) end

24. classmethod.jp 24 TVEP
    SBLF /usr/bin/ruby2.0 -S rspec spec/web_config/ nginx_spec.rb . !

    Finished in 0.52104 seconds 1 example, 0 failures /usr/bin/ruby2.0 -S rspec spec/web_test/ nginx_spec.rb . ! Finished in 0.09493 seconds 1 example, 0 failures

25. classmethod.jp 25 +FOLJOTͷઃఆ w(JU
    1MVHJOΛ࢖ͬͯ·͢

26. classmethod.jp 26 (JUIVCଆͷઃఆ w8FCIPPLT

27. 27 ΍ͬͯΈΔ wHJU
    QVTI

28. 28 ΍ͬͯΈΔ wFSSPSʹͳΔ৔߹

29. 29 ΍ͬͯΈΔ w͋ͱ͸ @TQFDSCΛ࡞ͬͨΓ मਖ਼ͨ͠Γͯ͠HJU
    QVTI͢Δ ͚ͩ
    w׬੒ͨ͠Β"NB[PO
    -JOVY
    &$ͷϓϩϏδϣχϯάʹ࢖ ͑͹ྑ͍

30. classmethod.jp 30 ·ͱΊ w ௒ٱ͠ͿΓʹ3VCZॻ͍ͨ
    w "NB[PO
    -JOVY
    ".*
    Ͱ %PDLFS
    (Pʹͳͬͨ
    w "84
    

    
    $POUBJOFS
    %FQMPZ͕zී௨z ʹͳΔͷ΋͍ۙʁ
    w ΋ͪΖΜ(PPHMF
    $MPVE
    1MBUGPSN Ͱ΋Ͷʂ
    w ࠓޙͷۀ຿ʹ׆͔ͤΔͱ͍͍ͳ͊
31. None