Upgrade to Pro — share decks privately, control downloads, hide ads and more …

構築・運用に活躍する
コマンドラインツールとの付き合い方

 構築・運用に活躍する
コマンドラインツールとの付き合い方

夜ノDevelopers.IO Sapporo 2016

687a2d350ff0a99b812085c530f54b69?s=128

Masataka Sugano

October 14, 2016
Tweet

Transcript

  1. ߏஙɾӡ༻ʹ׆༂͢Δ
 ίϚϯυϥΠϯπʔϧͱͷ෇͖߹͍ํ ໷ϊιϦϡʔγϣϯΞʔΩςΫτ ੁ໺ ণ޹ 1 2016೥10݄14೔ Developers.IO

  2. ࣗݾ঺հ ੁ໺ ণ޹ʢ͕͢ͷ ·͔ͨ͞ʣ Ϋϥεϝιουגࣜձࣾ AWS ίϯαϧςΟϯά෦ ΦϖϨʔγϣϯνʔϜʢ௨শΦϖνʔʣ ๺ւಓࡳຈࢢࡏॅɺࡳຈΦϑΟεۈ຿ AWS

    ೝఆࢿ֨ ޷͖ͳ AWS αʔϏεɿRoute 53 2
  3. ΦϖνʔͬͯԿʁɾɾɾͷલʹ ΫϥϝιͰఏڙ͍ͯ͠ΔαʔϏεʹ͍ͭͯ 3

  4. ϝϯόʔζαʔϏε AWS ͷྉ͕ۚ҆͘ͳΔ ௒͓͢͢Ί ͓໰͍߹ΘͤରԠ AWS ʹؔ͢Δ໰߹ͤͷରԠ ӡ༻ࢧԉαʔϏε AWS Λ࢖ͬͨΠϯϑϥͷ࡞ۀΛ୅ߦ

    4
  5. Φϖνʔ࡞ۀͷඪ४πʔϧ Piculet Roadworker 5

  6. Φϖνʔͱͯ͠͸ ࡞ऀͷੁݪ͞Μʹ଍Λ޲͚ͯ৸ΒΕͳ͍ 6 ͜ͷ΁ΜʹॅΜͰΔ Α͘஌Βͳ͍͚Ͳ๺ປ͡Όͳ͍͔Βଟ෼େৎ෉

  7. ·ͣ͸͜ͷೋͭͱͷ෇͖߹͍ํ ͋͘·Ͱӡ༻ͷࢹ఺ 7

  8. Piculet ͬͯԿΛ͢Δπʔϧʁ ηΩϡϦςΟάϧʔϓΛςΩετͰ؅ཧ 8 security_group "ssh only" do description "ssh

    only" ingress do permission :tcp, 22..22 do ip_ranges( "xxx.xxx.xxx.1/32" ) end end egress do permission :any do ip_ranges( "0.0.0.0/0" ) end end end
  9. Piculet ͷཧ૝తͳ࢖͍ํ ॳظߏங࣌ 1.ઃఆΛ AWS ͔ΒΤΫεϙʔτ 2.git push ͠ͱ͘ มߋ͕͋ͬͨ

    1. git pullɽ 2. ઃఆϑΝΠϧΛमਖ਼ 3. dry-run Ͱมߋ͞ΕΔ಺༰ͷνΣοΫ 4. मਖ਼ͨ͠ϑΝΠϧΛΠϯϙʔτʢAWS ΁൓өʣ 5. git push 9
  10. Φϖνʔ͕ Piculet Λ࢖͏৔໘ ͓٬༷͔Β ͜ͷ IP ͔Β͜ͷ EC2 ʹ SSH

    ઀ଓͰ͖ΔΑ͏ʹͯ͠Ͷɻ 10 git pull ͨ͠಺༰ͱ߹Θͳ͍ʂ
  11. ݱ࣮తʹ Piculet Λ࢖͓͏ ৴͡Δͷ͸ݱঢ়ͷઃఆͷΈ ׬શͳίʔυʹΑΔ؅ཧͳͲͳ͍ git pull ͖ͯͨ͠ϑΝΠϧ͸৴͡ͳ͍ ʮલճͷมߋ͔ΒԿ΋ม͑ͯ·ͤΜʯ
 ͱ͍͏ݴ༿͸৴͡ͳ͍

    11
  12. Piculet Λ࢖͓͏ʢ1ʣ ࡞ۀલʹ AWS ͔ΒΤΫεϙʔτ 12 piculet -p ϓϩϑΝΠϧ໊ -r

    ap-northeast-1 -e > Groupfile cp -a Groupfile Groupfile.old
  13. Piculet Λ࢖͓͏ʢ1ʣ Groupfile.old 13 security_group "ssh only" do description "ssh

    only" ingress do permission :tcp, 22..22 do ip_ranges( "xxx.xxx.xxx.1/32" ) end end egress do permission :any do ip_ranges( "0.0.0.0/0" ) end end end
  14. Piculet Λ࢖͓͏ʢ2ʣ Groupfile Λमਖ਼ 14 security_group "ssh only" do description

    "ssh only" ingress do permission :tcp, 22..22 do ip_ranges( "xxx.xxx.xxx.1/32", "xxx.xxx.xxx.11/32" ) end end egress do permission :any do ip_ranges( "0.0.0.0/0" ) end end end
  15. Piculet Λ࢖͓͏ʢ3ʣ dry-run ͰԿ͕มߋ͞ΕΔ͔Λ֬ೝ ݁Ռ Μɾɾɾʁ revoke xxx.xxx.xxx.2/32ͬͯͳΜͩʁͲ͔͜Β༙͍ͨʁ 15 piculet

    -p PowerUser -r ap-northeast-1 -a --dry-run Apply `Groupfile` to SecurityGroup (dry-run) Update Permission: vpc-xxxxxxxx > ssh only(ingress) > tcp 22..22 (dry-run) authorize xxx.xxx.xxx.11/32 (dry-run) revoke xxx.xxx.xxx.2/32 (dry-run) No change
  16. Piculet Λ࢖͓͏ʢ4ʣ ࢓੾Γ௚ͯ͠dry-run ͰԿ͕มߋ͞ΕΔ͔֬ೝ 16 piculet -p PowerUser -r ap-northeast-1

    -a --dry-run Apply `Groupfile` to SecurityGroup (dry-run) Update Permission: vpc-xxxxxxxx > ssh only(ingress) > tcp 22..22 (dry-run) authorize xxx.xxx.xxx.11/32 (dry-run) No change
  17. Piculet Λ࢖͓͏ʢ5ʣ ֬ೝOKɻAWS ΁൓өͤ͞·͠ΐ͏ AWS ΁ͷ൓ө׬ྃʂ 17 piculet -p PowerUser

    -r ap-northeast-1 -a Apply `Groupfile` to SecurityGroup Update Permission: vpc-xxxxxxxx > ssh only(ingress) > tcp 22..22 authorize xxx.xxx.xxx.11/32
  18. Piculet Λ࢖͓͏ʢ·ͱΊʣ ߏஙஈ֊͔Β࢖͏ࣄ͸ߟ͑ͳ͍ ςΩετͰͷ؅ཧ͸׬ᘳ͡Όແ͍લఏͰ࢖͓͏ աڈͷࣗ෼͢Β৴͡ͳ͍ ৴͡ΒΕΔͷ͸͜Ε
 ɹΤΫεϙʔτͨ͠ઃఆ಺༰
 ɹߋ৽લͷ dry-run Ͱදࣔ͞Εͨมߋ಺༰

    ߋ৽ͨ͠Β git push 18
  19. ࣍ʹ Roadworker 19

  20. Roadworker ͬͯԿ͢Δπʔϧʁ Route 53 ͷ DNS ϨίʔυΛςΩετͰ؅ཧ 20 # Export

    Route53 hosted_zone "mas_factory.com." do rrset "web.mas_factory.com.", "A" do ttl 300 resource_records( "123.234.11.1" ) end end
  21. Roadworker ͷཧ૝తͳɾɾɾ Piculet ͱ࢖͍ํ͸ಉ͡ͳͷͰলུʂ ͦͯ͠σϞ։࢝ 21

  22. ࠷ޙʹ΋͏Ұ͓ͭ͢͢Ίͷπʔϧ Kumogata2ɽ ߏங୲౰ͷํ΁͓͢͢Ί Φϖνʔͱͯ͠࢖͍ͬͯΔΘ͚Ͱ͸ͳ͍ 6݄͘Β͍ͷ JAWS-UG ࡳຈͰ஌Γ·ͨ͠ ࢲ͕ࣾ಺πʔϧͷߏஙʹ࢖ͬͯ·͢ 22

  23. Kumogata2 ͬͯԿ͢Δπʔϧʁ CloudFormation ͷςϯϓϨʔτΛ
 Ruby Ͱॻ͚Δ create ΦϓγϣϯͰελοΫΛ࡞੒Ͱ͖Δ 23

  24. ࢖Θͳ͍ཧ༝ͬͯ͋Δʁ ΫϥϝιͷதͷҰ෦ͷਓ͕ݴ͍·ͨ͠ 24 ֎෦πʔϧ͔ͩΒɺ৽͍͠Ϧιʔεʹ ରԠͯ͠ͳ͔ͬͨΓͱ͔͢ΔΑͶw

  25. Kumogata2 Λ࢖͓͏ ࣮ࡍͲ͏ͳͷʁ 25

  26. Kumogata2 Λ࢖͓͏ʢ1ʣ ࠷৽ͷϦιʔεʹ΋ରԠ͍ͯ͠ΔࣄΛ ࠓ͔Βݟͤͯ΍Δʂ 26 ͱ͍͏ࣄͰ ALB Λ࡞੒͢ΔςϯϓϨʔτ Λ࡞ͬͯΈͨ

  27. Kumogata2 Λ࢖͓͏ʢ1ʣ alb.rb 27 template do AWSTemplateFormatVersion "2010-09-09" # ύϥϝʔλ

    Parameters do KeyPair { Type "AWS::EC2::KeyPair::KeyName" } AMIID { Default "ami-374db956" Description "Input Amazon Linux Image ID" Type "AWS::EC2::Image::Id" } end # Ϧιʔε Resources do # ωοτϫʔΫ _include './alb-network.rb' # ηΩϡϦςΟάϧʔϓ _include './alb-securitygroup.rb' # EC2 _include './alb-ec2.rb' # λʔήοτάϧʔϓ albTarget do Type "AWS::ElasticLoadBalancingV2::TargetGroup" # ϓϩύςΟ Properties do Name "tg-web" Protocol "HTTP" Port "80"
  28. Kumogata2 Λ࢖͓͏ʢ2ʣ νΣοΫ kumogata2 validate -r ap-northeast-1 alb.rb JSON ʹίϯόʔτ

    kumogata2 convert -r ap-northeast-1 alb.rb > alb.json S3 ʹΞοϓϩʔυ aws s3 cp ./alb.json s3://όέοτ໊/alb.json 28
  29. Kumogata2 Λ࢖͓͏ʢ3ʣ σβΠϯςϯϓϨʔτͰಡΈࠐΜͰΈͨ 29

  30. Kumogata2 Λ࢖͓͏ʢ4ʣ ελοΫΛ࡞੒ͯ͠Έͨ 30

  31. Kumogata2 Λ࢖͓͏ʢ·ͱΊʣ ςϯϓϨʔτΛ Ruby Ͱ࡞੒Ͱ͖Δ ޷͖ͳ͚ͩίϝϯτΛॻ͚·͢ ϑΝΠϧΛࣗ༝ʹ෼ׂͰ͖Δ create ΦϓγϣϯͰελοΫ࡞੒Ͱ͖Δ ม׵ͨ͠

    JSON ΛϚωδϝϯτίϯιʔϧͷ CFn Ͱ࢖͏ 31
  32. ·ͱΊ ߏஙʹ Piculet ΍ Roadworker ͸࢖Θͳ͍
 ɹӡ༻ϑΣʔζ͕࠷దͰ͢ ݱঢ়͕શͯɻςΩετ؅ཧΛա৴͠ͳ͍
 ɹࣗ෼͚͕ͩ؅ཧɾӡ༻͍ͯ͠ΔΘ͚͡Όͳ͍ πʔϧͷશͯͷػೳΛ࢖͏ඞཁ͸ͳ͍


    ɹKumogata2 ͸ JSON ϑΝΠϧ࡞੒·Ͱ
 ɹࣗ෼ͷӡ༻ํ๏ʹ߹Θ͓͍͍ͤͯ͠ॴ͚ͩ࢖͏ 32
  33. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ ϝϯόʔζͷ͓ਃࠐΈ ͓଴ͪͯ͠·͢ 33