Upgrade to Pro — share decks privately, control downloads, hide ads and more …

構築・運用に活躍する
コマンドラインツールとの付き合い方

 構築・運用に活躍する
コマンドラインツールとの付き合い方

夜ノDevelopers.IO Sapporo 2016

Masataka Sugano

October 14, 2016
Tweet

More Decks by Masataka Sugano

Other Decks in Technology

Transcript

  1. Piculet ͬͯԿΛ͢Δπʔϧʁ ηΩϡϦςΟάϧʔϓΛςΩετͰ؅ཧ 8 security_group "ssh only" do description "ssh

    only" ingress do permission :tcp, 22..22 do ip_ranges( "xxx.xxx.xxx.1/32" ) end end egress do permission :any do ip_ranges( "0.0.0.0/0" ) end end end
  2. Piculet ͷཧ૝తͳ࢖͍ํ ॳظߏங࣌ 1.ઃఆΛ AWS ͔ΒΤΫεϙʔτ 2.git push ͠ͱ͘ มߋ͕͋ͬͨ

    1. git pullɽ 2. ઃఆϑΝΠϧΛमਖ਼ 3. dry-run Ͱมߋ͞ΕΔ಺༰ͷνΣοΫ 4. मਖ਼ͨ͠ϑΝΠϧΛΠϯϙʔτʢAWS ΁൓өʣ 5. git push 9
  3. Φϖνʔ͕ Piculet Λ࢖͏৔໘ ͓٬༷͔Β ͜ͷ IP ͔Β͜ͷ EC2 ʹ SSH

    ઀ଓͰ͖ΔΑ͏ʹͯ͠Ͷɻ 10 git pull ͨ͠಺༰ͱ߹Θͳ͍ʂ
  4. Piculet Λ࢖͓͏ʢ1ʣ ࡞ۀલʹ AWS ͔ΒΤΫεϙʔτ 12 piculet -p ϓϩϑΝΠϧ໊ -r

    ap-northeast-1 -e > Groupfile cp -a Groupfile Groupfile.old
  5. Piculet Λ࢖͓͏ʢ1ʣ Groupfile.old 13 security_group "ssh only" do description "ssh

    only" ingress do permission :tcp, 22..22 do ip_ranges( "xxx.xxx.xxx.1/32" ) end end egress do permission :any do ip_ranges( "0.0.0.0/0" ) end end end
  6. Piculet Λ࢖͓͏ʢ2ʣ Groupfile Λमਖ਼ 14 security_group "ssh only" do description

    "ssh only" ingress do permission :tcp, 22..22 do ip_ranges( "xxx.xxx.xxx.1/32", "xxx.xxx.xxx.11/32" ) end end egress do permission :any do ip_ranges( "0.0.0.0/0" ) end end end
  7. Piculet Λ࢖͓͏ʢ3ʣ dry-run ͰԿ͕มߋ͞ΕΔ͔Λ֬ೝ ݁Ռ Μɾɾɾʁ revoke xxx.xxx.xxx.2/32ͬͯͳΜͩʁͲ͔͜Β༙͍ͨʁ 15 piculet

    -p PowerUser -r ap-northeast-1 -a --dry-run Apply `Groupfile` to SecurityGroup (dry-run) Update Permission: vpc-xxxxxxxx > ssh only(ingress) > tcp 22..22 (dry-run) authorize xxx.xxx.xxx.11/32 (dry-run) revoke xxx.xxx.xxx.2/32 (dry-run) No change
  8. Piculet Λ࢖͓͏ʢ4ʣ ࢓੾Γ௚ͯ͠dry-run ͰԿ͕มߋ͞ΕΔ͔֬ೝ 16 piculet -p PowerUser -r ap-northeast-1

    -a --dry-run Apply `Groupfile` to SecurityGroup (dry-run) Update Permission: vpc-xxxxxxxx > ssh only(ingress) > tcp 22..22 (dry-run) authorize xxx.xxx.xxx.11/32 (dry-run) No change
  9. Piculet Λ࢖͓͏ʢ5ʣ ֬ೝOKɻAWS ΁൓өͤ͞·͠ΐ͏ AWS ΁ͷ൓ө׬ྃʂ 17 piculet -p PowerUser

    -r ap-northeast-1 -a Apply `Groupfile` to SecurityGroup Update Permission: vpc-xxxxxxxx > ssh only(ingress) > tcp 22..22 authorize xxx.xxx.xxx.11/32
  10. Roadworker ͬͯԿ͢Δπʔϧʁ Route 53 ͷ DNS ϨίʔυΛςΩετͰ؅ཧ 20 # Export

    Route53 hosted_zone "mas_factory.com." do rrset "web.mas_factory.com.", "A" do ttl 300 resource_records( "123.234.11.1" ) end end
  11. Kumogata2 Λ࢖͓͏ʢ1ʣ alb.rb 27 template do AWSTemplateFormatVersion "2010-09-09" # ύϥϝʔλ

    Parameters do KeyPair { Type "AWS::EC2::KeyPair::KeyName" } AMIID { Default "ami-374db956" Description "Input Amazon Linux Image ID" Type "AWS::EC2::Image::Id" } end # Ϧιʔε Resources do # ωοτϫʔΫ _include './alb-network.rb' # ηΩϡϦςΟάϧʔϓ _include './alb-securitygroup.rb' # EC2 _include './alb-ec2.rb' # λʔήοτάϧʔϓ albTarget do Type "AWS::ElasticLoadBalancingV2::TargetGroup" # ϓϩύςΟ Properties do Name "tg-web" Protocol "HTTP" Port "80"
  12. Kumogata2 Λ࢖͓͏ʢ2ʣ νΣοΫ kumogata2 validate -r ap-northeast-1 alb.rb JSON ʹίϯόʔτ

    kumogata2 convert -r ap-northeast-1 alb.rb > alb.json S3 ʹΞοϓϩʔυ aws s3 cp ./alb.json s3://όέοτ໊/alb.json 28