動的ホスト管理を使い倒す！
pairsのプロビジョニング要件とInfrastructure as Code実例

Transcript

1. Copyright © 2009-2015 eureka, inc. All rights reserved. CONFIDENTIAL ಈతϗετ؅ཧΛ࢖͍౗͢ʂ


   pairsͷϓϩϏδϣχϯάཁ݅ͱ Infrastructure as Code࣮ྫ 5BLVZB
   0OEB
   / eureka, inc.
 # Ansible Meetup in Tokyo 2016.

2. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved. ࣗݾ঺հ

   • ໊લɿԸా୓໵
   • ೥౓৽ଔͰ%F/"ʹೖࣾ
   • ೥݄ʹגࣜձࣾΤ΢ϨΧ΁
   •
   ͓͠͝ͱ
   • ฐࣾαʔϏε
   zϖΞʔζz
   ͷΠϯϑϥपΓΛ୲౰͍ͯ͠·͢
   • ϒϩάɿIUUQTEFWFMPQFSTFVSFKQNFNCFST UBLVZB@POEB

3. Τ΢ϨΧʹ͍ͭͯ About eureka

4. גࣜձࣾΤ΢ϨΧ ઐ໳෼໺Ҏ֎ͷྖҬ Ͱ΋׆༂Ͱ͖Δ ΤϯδχΞ ɹ 55ਓ SalesɾCSɾBO
   ɹ 37ਓ

   ࣄۀ಺༰ ࣗࣾαʔϏεͷاըɾ։ൃɾӡӦ ɾ ΦϯϥΠϯɾσʔςΟϯάɾαʔϏεʮpairsʯ ɾ Χοϓϧઐ༻ΞϓϦʮCouplesʯ ւ֎ڌ఺ ɾ །ྷՈވ㟨༗ݶެ࢘ʢ୆࿷ʣ ɾ EUREKA SG Pte. Ltd.ʢγϯΨϙʔϧʣ ࣾһ਺: 105໊ Πϯλʔϯɾۀ຿ҕୗؚΉ D/P
   15ਓ σβΠφʔ
   8ਓ
5. None

6. ΦϯϥΠϯɾσʔςΟϯάɾαʔϏεʮpairsʯ 12೥9݄ 13೥3݄ 13೥9݄ 14೥3݄ 14೥9݄ 15೥3݄ 15೥9݄ 16೥3݄ 360ສ

   Ňƅ+ʘ\390ສձһಥഁ/ʗ+ƅ ϦϦʔε 2012೥ 10݄ ձһ਺ 390ສਓ ϓϥοτϑΥʔϜ PC/SP/iOS/Android 180ສ 90ສ 270ສ 3೥൒Ͱ 390ສਓ

7. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved. ࠓ೔ͷτϐοΫ

   • QBJST ϖΞʔζ ͷϦΫΤετಛੑͱϓϩϏδϣχϯάཁ݅
   • ϓϩϏδϣχϯά޻ఔʹ͓͚Δ%ZOBNJD
   JOWFOUPSZ׆༻ࣄྫ
   • αʔόαʔϏεΠϯ·ͰͷྲྀΕ࣮ྫ

8. pairsͷϦΫΤετಛੑ • ϐʔΫλΠϜ͕͸͖ͬΓ͍ͯ͠Δ
   • ேͷϓογϡ௨஌
   • ໷ؒ
   d
   ࣌
   • ϝσΟΞ࿐ग़౳ʹΑΔεύΠΫ͸গͳ͍
   •

   ϩάΠϯඞਢ
   • ϝοηʔδར༻ʹ͸՝ۚ
   
   ೥ྸ֬ೝඞཁ
   • "84Λϑϧ׆༻
   • &$͸୯Ґ࣌ؒ I ຖʹ՝ۚൃੜ
   • ΦϯϓϨͱൺֱ͢Δͱαʔό୆͋ͨΓ͸ίετߴ

9. pairsͷαʔόϓϩϏδϣχϯάཁ݅ • αʔό૿ڧ
   
   ॖୀΛසൟʹ܁Γฦ͍ͨ͠
   • Ϧιʔε࢖ͬͯͳ͍࣌ؒ͸αʔόམͱ͢ અ໿େࣄ
   • ಉҰͳঢ়ଶͷαʔόΛଈαʔϏεΠϯग़དྷΔ࢓૊Έ
   

   • ࣌ؒଳεέʔϦϯά
   
   ൒ࣗಈαʔό৳ॖ
   • "VUP
   4DBMJOH
   (SPVQ͸".*؅ཧେมͳͷͰ࢖Θͳ͍
   • αʔϏεΠϯͯ͠ΔΠϯελϯεͱಉҰͳঢ়ଶͷ
 ᝑମ͕͙͢౤ೖͰ͖Δ࢓૊Έ͕͋Ε͹0,ͱׂΓ੾Δ
   • ΠϯϑϥͷίʔυԽ
   
   ಈతͳϗετ؅ཧ͕ඞཁ
   • සൟʹൃੜ͢Δ࡞ۀ
   
   ࣗಈԽ͍ͨ͠
   • %ZOBNJD
   *OWFOUPSZʹΑΔϗετ؅ཧͱ૬ੑΑ͠

10. Ansible Serverspec Terraform Create Instances
 Tagging for grouping Fetch Instance


    Via Dynamic Inventory Provisioning process

11. Create server
 with tags Provisioning and 
 deploy current app

    version Implement test recipe 
 on each role cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml exists
 servers Attach to 
 ELB Activator Ops ᶃ ᶄ ᶅ ᶆ • Scheduled Activation • Semi Automatic Activation

12. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Implement test recipe 
 on each role Provisioning process • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Attach to ELB • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Provisioning and 
 deploy current app version cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml ᶃ ᶄ ᶅ

13. • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web Create server


    with tags Provisioning
 deploy Test middleware
 and app status cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web cd /path/pairs/prod/jp
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml Procedure for Provisioning • Server creation • via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK # Example ) Additional App Server Recipe resource "aws_instance" "web_xx" { ami = "ami-xxxxxxx" instance_type = "${var.ec2.app.instance_type}" availability_zone = "${var.vpc.region_1a}" security_groups = ["${aws_security_group.app.id}"] subnet_id = "${aws_subnet.app_1a.id}" ebs_optimized = "${var.ec2.app.ebs_optimized}" iam_instance_profile = "${var.ec2.app.iam_instance_profile}" count = 1 tags { Name = “pairs-jp-web-xx” # Unique name for each server role = “pairs-jp-web” # Group for provisioning region = "jp" env = "prod" } }

14. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Provisioning process • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Attach to ELB Belong to 
 same env/region/role exists
 servers Provisioning and 
 deploy current app version cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml ᶃ ᶄ ᶅ • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web Implement test recipe 
 on each role

15. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Provisioning process • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Attach to ELB • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Provisioning and 
 deploy current app version cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml ᶃ ᶄ ᶅ Dynamically fetched
 via ec2.py Implement test recipe 
 on each role

16. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Provisioning process • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Attach to ELB exists
 servers Provisioning and 
 deploy current app version cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web ᶃ ᶄ ᶅ Dynamically fetched
 via ruby aws sdk Implement test recipe 
 on each role

17. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Implement test recipe 
 on each role Procedure for Provisioning • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Provisioning and 
 deploy current app version cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml # Example ) inventory-1
 
 [tag_role_pairs-jp-web] [tag_role_pairs-jp-admin] [tag_role_pairs-jp-batch] [tag_role_pairs-jp-db-master] [tag_role_pairs-jp-db-slave] [common:children] tag_role_pairs-jp-web tag_role_pairs-jp-mobile tag_role_pairs-jp-admin tag_role_pairs-jp-batch tag_role_pairs-jp-db-master tag_role_pairs-jp-db-slave [web:children] tag_role_pairs-jp-web # Example ) inventory-2 
 [admin:children] tag_role_pairs-jp-admin [batch:children] tag_role_pairs-jp-batch [db-master:children] tag_role_pairs-jp-db-master [db-slave:children] tag_role_pairs-jp-db-slave [db-all:children] tag_role_pairs-jp-db-master tag_role_pairs-jp-db-slave

18. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Implement test recipe 
 on each role Procedure for Provisioning • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Provisioning and 
 deploy current app version cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml # Example ) playbook for web server
 # Dynamic inventory Script : hosts/pairs/prod/jp/ec2.py
 # Var file : hosts/pairs/prod/jp/group_vars/all.yml
 --- # For web-server # Usage # ansible-playbook -i hosts/pairs/prod/jp playbook/web.yml - hosts: web gather_facts: yes vars_files: - "{{ inventory_dir }}/group_vars/secret.yml" roles: - { role: common, tags: common } - { role: mysql_client, tags: mysql_client } - { role: nginx, tags: nginx } - { role: mackerel, tags: mackerel } - { role: circus, tags: circus } - { role: td-agent, tags: td-agent } - { role: haproxy, tags: haproxy }

19. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web cd /path/pairs/prod/jp


    ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml Create server
 with tags Implement test recipe 
 on each role Procedure for Provisioning • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Provisioning and 
 deploy current app version # Example ) Rakefile (Fetch active instance list)
 
 require 'rake' require 'rspec/core/rake_task' require 'aws-sdk-v1' if ENV['AWS_ACCESS_KEY_ID'] && ENV['AWS_SECRET_ACCESS_KEY'] AWS.config( { access_key_id: ENV['AWS_ACCESS_KEY_ID'], secret_access_key: ENV['AWS_SECRET_ACCESS_KEY'], region: 'ap-northeast-1' } ) ec2_hosts = AWS.ec2.instances.select { |i| i.status == :running } end

20. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web cd /path/pairs/prod/jp


    ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml Create server
 with tags Implement test recipe 
 on each role Procedure for Provisioning • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Provisioning and 
 deploy current app version # Example ) Rakefile (Define test tasks # Pseudo code)
 # test recipe : spec/prod/jp/web_spec.rb / spec/common/comon.rb
 if ec2_hosts ec2_hosts.each do |host| task_name = "#{host_env}:#{host_region}:#{host_group}" spec_pattern = "spec/#{host_env}/#{host_region}/#{host_group} _spec.rb" # define tasks for each roles desc "Run serverspec tests to ec2 #{host_name} (PATH=#{spec_pattern},IP=#{host_ip})" RSpec::Core::RakeTask.new(host_name.to_sym) do |t| ENV['TARGET_HOST'] = host_ip ENV['TARGET_HOST_NAME'] = host_name t.pattern = "#{spec_pattern},spec/common/*_spec.rb" end end end

21. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Provisioning process • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Attach to ELB • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Attach to 
 ELB cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml Provisioning and 
 deploy current app version ᶃ ᶄ ᶅ ᶆ Implement test recipe 
 on each role

22. Create server
 with tags Provisioning and 
 deploy current app

    version Implement test recipe 
 on each role cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml exists
 servers Attach to 
 ELB Activator Ops ᶃ ᶄ ᶅ ᶆ • Scheduled Activation • Semi Automatic Activation

23. Destruct
 Instances cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web

    cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml exists
 servers Detach From
 ELB Activator Ops ᶄ ᶃ • Scheduled Destruction • Semi Automatic Destruction

24. ·ͱΊ • QBJST͸αʔό૿ڧ
    
    ॖୀΛසൟʹ܁Γฦ͢
    • ΠϯϑϥͷίʔυԽ
    
    ಈతʹมΘΔϗετͷӡ༻
    • ඇϐʔΫ࣌ؒ͸ΠϯελϯεΛUFSNJOBUF
    • ϓϩϏδϣχϯάશ޻ఔͰಈతϗετऔಘΛલఏʹӡ༻
    

    • 5FSSBGPSN
    
    αʔό࡞੒
    
    λάʹΑΔάϧʔϐϯά
    • "OTJCMF
    
    %ZOBNJD
    *OWFOUPSZʹΑΔϗετऔಘ
    • 4FSWFSTQFD
    
    3VCZ
    "84
    4%,ʹΑΔϗετऔಘ

25. CONFIDENTIAL Thank you :) Thank you :)