Upgrade to Pro — share decks privately, control downloads, hide ads and more …

pairsのプロビジョニング要件とInfrastructure as Code実例

takuya542
September 28, 2016

pairsのプロビジョニング要件とInfrastructure as Code実例

takuya542

September 28, 2016
Tweet

More Decks by takuya542

Other Decks in Technology

Transcript

  1. Copyright © 2009-2015 eureka, inc. All rights reserved.
    CONFIDENTIAL
    pairsͷϓϩϏδϣχϯάཁ݅ͱ
    Infrastructure as Code࣮ྫ
    5BLVZB0OEB/ eureka, inc.

    # Eureka x MTI Tech Beer

    View full-size slide

  2. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved.
    ࣗݾ঺հ
    • ໊લɿԸా୓໵
    • dגࣜձࣾσΟʔɾΤψɾΤʔ
    • dגࣜձࣾΤ΢ϨΧ
    • ͓͠͝ͱ
    • Τ΢ϨΧͷΠϯϑϥपΓશൠΛ୲౰͍ͯ͠·͢
    • ωοτϫʔΫ%#؂ࢹ෼ੳج൫ηΩϡϦςΟFUD
    • ϒϩάɿIUUQTEFWFMPQFSTFVSFKQNFNCFST
    UBLVZB@POEB

    View full-size slide

  3. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved.
    ࠓ೔ͷτϐοΫ
    • QBJSTͷαʔϏεಛੑͱٻΊΒΕΔϓϩϏδϣχϯάཁ݅
    • *OGSBTUSVDUVSFBTDPEF࣮ફʹΑΔ՝୊ղܾ
    • ࣮ྫ঺հdαʔόߏஙαʔϏεΠϯ·ͰͷྲྀΕ

    View full-size slide

  4. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved.
    pairsͷαʔϏεಛੑ
    • "84Λϑϧ׆༻
    • &$͸୯Ґ࣌ؒ I
    ຖʹ՝ۚൃੜ
    • ΦϯϓϨͱൺֱ͢Δͱαʔό୆͋ͨΓ͸ίετߴ
    • ߴස౓σϓϩΠՕॴͱ௿ස౓σϓϩΠՕॴ
    • ߴස౓ɿΞϓϦέʔγϣϯຊମ
    • ௿ස౓ɿը૾഑৴αʔόɺEFRVFVFXPSLFS
    • Θ͔Γ΍͍͢ϐʔΫλΠϜ
    • d࣌ேͷϓογϡ௨஌
    • ϝσΟΞ࿐ग़౳ʹΑΔεύΠΫ͸΄ͱΜͲͳ͍

    View full-size slide

  5. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved.
    ٻΊΒΕΔϓϩϏδϣχϯάཁ݅
    • ̍ɿ௿ίετYߴՄ༻ੑ
    • ϐʔΫλΠϜʹ߹Θͤͨ͠ͳ΍͔ͳϦιʔε૿ݮ
    • ɿߴ͍ηΩϡϦςΟཁٻ
    • αʔϏεಛੑ্ɺηΩϡϦςΟϗʔϧ͸க໋త
    • ̏ɿඇଐਓతͳϫʔΫϑϩʔ
    • Ϧιʔε࡞੒௥Ճ࡟আΛ୭Ͱ΋ग़དྷΔ࡞ۀʹ
    • φϦοδͷଐਓԽ͸σϦόϦεϐʔυΛམͱ͢
    • ʮ͋ʙɺ͜Εʓʓ͞Μ͡Όͳ͍ͱ෼͔Βͳ͍͢Θʙʯ

    View full-size slide

  6. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved.
    Infrastructure as Code࣮ફʹΑΔ՝୊ղܾ
    • ̍ɿ௿ίετYߴՄ༻ੑ
    • ଈ౤ೖՄೳͳαʔόΛ͙͢࡞ΕΔ
    • ɿߴ͍ηΩϡϦςΟཁٻ
    • ωοτϫʔΫ 71$
    ͱݖݶ؅ཧ *".
    ͷҰݩ؅ཧ
    • ̏ɿඇଐਓతͳϫʔΫϑϩʔ
    • ϓϩάϥϚϒϧඇΠϯϑϥͷਓؒͰ΋৮ΕΔ
    • ίʔυΛݟΕ͹࡞੒എܠཤྺ͕Θ͔Δ
    • (JUIVC'MPXΩϟύγςΟϓϥϯχϯά

    View full-size slide

  7. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved.
    Ϧιʔε౤ೖϙϦγʔ
    • ߴσϓϩΠՕॴ
    • ࣌ؒଳεέʔϦϯάʹΑΔϦιʔε૿ݮ
    • ௿σϓϩΠՕॴ
    • ϝτϦΫεϕʔεͷ"VUP4DBMJOH

    View full-size slide

  8. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved.
    Ϧιʔε౤ೖϙϦγʔ
    • ߴσϓϩΠՕॴ
    • ίϚϯυҰൃͰ࠷৽ͷαʔό࡞੒Ͱ͖Ε͹0,ͱׂ੾Γ
    • DSPOͱ͔Ͱ࢓ࠐΊ͹࣌ؒଳεέʔϦϯάͷग़དྷ্͕Γ
    • ௿σϓϩΠՕॴ
    • ΰʔϧσϯΠϝʔδΛอ࣋
    • ࠷৽ͷ"QQ͕ࡌͬͯΔ".*Λݩʹ"VUP4DBMJOH

    View full-size slide

  9. Ansible Serverspec
    Terraform
    Create All 

    Resources on
    AWS
    Provisioning

    And 

    Deployment
    Provisioning Process 

    (Manual / Scheduled-Scaling)
    Implement 

    Test

    View full-size slide

  10. Create server

    with tags
    Provisioning and 

    deploy current app version
    Implement test recipe 

    on each role
    cd /path/pairs/prod/jp

    terraform apply
    cd /path/to/test

    rake pairs:prod/jp/web
    cd /path/to/ansible_dir

    ansible-playbook -i hosts/pairs/prod/jp

    playbook playbook/web.yml
    exists

    servers
    Attach to 

    ELB
    Activator
    Ops




    • Scheduled Activation
    • Semi Automatic Activation

    View full-size slide

  11. cd /path/pairs/prod/jp

    terraform apply
    cd /path/to/test

    rake pairs:prod/jp/web
    Create server

    with tags
    Implement test recipe 

    on each role
    Provisioning process
    • Server creation
    • Via terraform & add tags
    • Provisioning & deploy
    • Using dynamic inventory
    • Implement test recipe
    • Using Ruby AWS SDK
    • Attach to ELB
    • Name:pairs-jp-web-xx
    • env:prod
    • regin:jp
    • role:web
    exists

    servers
    Provisioning and 

    deploy current app version
    cd /path/to/ansible_dir

    ansible-playbook -i hosts/pairs/prod/jp

    playbook playbook/web.yml



    View full-size slide

  12. • Name:pairs-jp-web-xx
    • env:prod
    • regin:jp
    • role:web
    Create server

    with tags
    Provisioning

    deploy
    Test middleware

    and app status
    cd /path/pairs/prod/jp

    terraform apply
    cd /path/to/test

    rake pairs:prod/jp/web
    cd /path/pairs/prod/jp

    ansible-playbook -i hosts/pairs/prod/jp

    playbook playbook/web.yml
    Procedure for Provisioning
    • Server creation
    • via terraform & add tags
    • Provisioning & deploy
    • Using dynamic inventory
    • Implement test recipe
    • Using Ruby AWS SDK
    # Example ) Additional App Server Recipe
    resource "aws_instance" "web_xx" {
    ami = "ami-xxxxxxx"
    instance_type = "${var.ec2.app.instance_type}"
    availability_zone = "${var.vpc.region_1a}"
    security_groups = ["${aws_security_group.app.id}"]
    subnet_id = "${aws_subnet.app_1a.id}"
    ebs_optimized = "${var.ec2.app.ebs_optimized}"
    iam_instance_profile = "${var.ec2.app.iam_instance_profile}"
    count = 1
    tags {
    Name = “pairs-jp-web-xx” # Unique name for each server
    role = “pairs-jp-web” # Group for provisioning
    region = "jp"
    env = "prod"
    }
    }

    View full-size slide

  13. cd /path/pairs/prod/jp

    terraform apply
    cd /path/to/test

    rake pairs:prod/jp/web
    Create server

    with tags
    Provisioning process
    • Server creation
    • Via terraform & add tags
    • Provisioning & deploy
    • Using dynamic inventory
    • Implement test recipe
    • Using Ruby AWS SDK
    • Attach to ELB
    Belong to 

    same env/region/role
    exists

    servers
    Provisioning and 

    deploy current app version
    cd /path/to/ansible_dir

    ansible-playbook -i hosts/pairs/prod/jp

    playbook playbook/web.yml



    • Name:pairs-jp-web-xx
    • env:prod
    • regin:jp
    • role:web
    Implement test recipe 

    on each role

    View full-size slide

  14. cd /path/pairs/prod/jp

    terraform apply
    cd /path/to/test

    rake pairs:prod/jp/web
    Create server

    with tags
    Provisioning process
    • Server creation
    • Via terraform & add tags
    • Provisioning & deploy
    • Using dynamic inventory
    • Implement test recipe
    • Using Ruby AWS SDK
    • Attach to ELB
    • Name:pairs-jp-web-xx
    • env:prod
    • regin:jp
    • role:web
    exists

    servers
    Provisioning and 

    deploy current app version
    cd /path/to/ansible_dir

    ansible-playbook -i hosts/pairs/prod/jp

    playbook playbook/web.yml



    Dynamically fetched

    via ec2.py
    Implement test recipe 

    on each role

    View full-size slide

  15. cd /path/pairs/prod/jp

    terraform apply
    cd /path/to/test

    rake pairs:prod/jp/web
    Create server

    with tags
    Provisioning process
    • Server creation
    • Via terraform & add tags
    • Provisioning & deploy
    • Using dynamic inventory
    • Implement test recipe
    • Using Ruby AWS SDK
    • Attach to ELB
    exists

    servers
    Provisioning and 

    deploy current app version
    cd /path/to/ansible_dir

    ansible-playbook -i hosts/pairs/prod/jp

    playbook playbook/web.yml
    • Name:pairs-jp-web-xx
    • env:prod
    • regin:jp
    • role:web



    Dynamically fetched

    via ruby aws
    sdk
    Implement test recipe 

    on each role

    View full-size slide

  16. cd /path/pairs/prod/jp

    terraform apply
    cd /path/to/test

    rake pairs:prod/jp/web
    Create server

    with tags
    Implement test recipe 

    on each role
    Procedure for Provisioning
    • Server creation
    • Via terraform & add tags
    • Provisioning & deploy
    • Using dynamic inventory
    • Implement test recipe
    • Using Ruby AWS SDK
    • Name:pairs-jp-web-xx
    • env:prod
    • regin:jp
    • role:web
    exists

    servers
    Provisioning and 

    deploy current app version
    cd /path/to/ansible_dir

    ansible-playbook -i hosts/pairs/prod/jp

    playbook playbook/web.yml
    # Example ) inventory-1


    [tag_role_pairs-jp-web]
    [tag_role_pairs-jp-admin]
    [tag_role_pairs-jp-batch]
    [tag_role_pairs-jp-db-master]
    [tag_role_pairs-jp-db-slave]
    [common:children]
    tag_role_pairs-jp-web
    tag_role_pairs-jp-mobile
    tag_role_pairs-jp-admin
    tag_role_pairs-jp-batch
    tag_role_pairs-jp-db-master
    tag_role_pairs-jp-db-slave
    [web:children]
    tag_role_pairs-jp-web
    # Example ) inventory-2

    [admin:children]
    tag_role_pairs-jp-admin
    [batch:children]
    tag_role_pairs-jp-batch
    [db-master:children]
    tag_role_pairs-jp-db-master
    [db-slave:children]
    tag_role_pairs-jp-db-slave
    [db-all:children]
    tag_role_pairs-jp-db-master
    tag_role_pairs-jp-db-slave

    View full-size slide

  17. cd /path/pairs/prod/jp

    terraform apply
    cd /path/to/test

    rake pairs:prod/jp/web
    Create server

    with tags
    Implement test recipe 

    on each role
    Procedure for Provisioning
    • Server creation
    • Via terraform & add tags
    • Provisioning & deploy
    • Using dynamic inventory
    • Implement test recipe
    • Using Ruby AWS SDK
    • Name:pairs-jp-web-xx
    • env:prod
    • regin:jp
    • role:web
    exists

    servers
    Provisioning and 

    deploy current app version
    cd /path/to/ansible_dir

    ansible-playbook -i hosts/pairs/prod/jp

    playbook playbook/web.yml
    # Example ) playbook for web server

    # Dynamic inventory Script : hosts/pairs/prod/jp/ec2.py

    # Var file : hosts/pairs/prod/jp/group_vars/all.yml

    ---
    # For web-server
    # Usage
    # ansible-playbook -i hosts/pairs/prod/jp playbook/web.yml
    - hosts: web
    gather_facts: yes
    vars_files:
    - "{{ inventory_dir }}/group_vars/secret.yml"
    roles:
    - { role: common, tags: common }
    - { role: mysql_client, tags: mysql_client }
    - { role: nginx, tags: nginx }
    - { role: mackerel, tags: mackerel }
    - { role: circus, tags: circus }
    - { role: td-agent, tags: td-agent }
    - { role: haproxy, tags: haproxy }

    View full-size slide

  18. cd /path/pairs/prod/jp

    terraform apply
    cd /path/to/test

    rake pairs:prod/jp/web
    cd /path/pairs/prod/jp

    ansible-playbook -i hosts/pairs/prod/jp

    playbook playbook/web.yml
    Create server

    with tags
    Implement test recipe 

    on each role
    Procedure for Provisioning
    • Server creation
    • Via terraform & add tags
    • Provisioning & deploy
    • Using dynamic inventory
    • Implement test recipe
    • Using Ruby AWS SDK
    • Name:pairs-jp-web-xx
    • env:prod
    • regin:jp
    • role:web
    exists

    servers
    Provisioning and 

    deploy current app version
    # Example ) Rakefile (Fetch active instance list)


    require 'rake'
    require 'rspec/core/rake_task'
    require 'aws-sdk-v1'
    if ENV['AWS_ACCESS_KEY_ID'] &&
    ENV['AWS_SECRET_ACCESS_KEY']
    AWS.config(
    {
    access_key_id: ENV['AWS_ACCESS_KEY_ID'],
    secret_access_key: ENV['AWS_SECRET_ACCESS_KEY'],
    region: 'ap-northeast-1'
    }
    )
    ec2_hosts = AWS.ec2.instances.select { |i| i.status == :running }
    end

    View full-size slide

  19. cd /path/pairs/prod/jp

    terraform apply
    cd /path/to/test

    rake pairs:prod/jp/web
    cd /path/pairs/prod/jp

    ansible-playbook -i hosts/pairs/prod/jp

    playbook playbook/web.yml
    Create server

    with tags
    Implement test recipe 

    on each role
    Procedure for Provisioning
    • Server creation
    • Via terraform & add tags
    • Provisioning & deploy
    • Using dynamic inventory
    • Implement test recipe
    • Using Ruby AWS SDK
    • Name:pairs-jp-web-xx
    • env:prod
    • regin:jp
    • role:web
    exists

    servers
    Provisioning and 

    deploy current app version
    # Example ) Rakefile (Define test tasks # Pseudo code)

    # test recipe : spec/prod/jp/web_spec.rb / spec/common/comon.rb

    if ec2_hosts
    ec2_hosts.each do |host|
    task_name = "#{host_env}:#{host_region}:#{host_group}"
    spec_pattern = "spec/#{host_env}/#{host_region}/#{host_group}
    _spec.rb"
    # define tasks for each roles
    desc "Run serverspec tests to ec2 #{host_name}
    (PATH=#{spec_pattern},IP=#{host_ip})"
    RSpec::Core::RakeTask.new(host_name.to_sym) do |t|
    ENV['TARGET_HOST'] = host_ip
    ENV['TARGET_HOST_NAME'] = host_name
    t.pattern = "#{spec_pattern},spec/common/*_spec.rb"
    end
    end
    end

    View full-size slide

  20. cd /path/pairs/prod/jp

    terraform apply
    cd /path/to/test

    rake pairs:prod/jp/web
    Create server

    with tags
    Provisioning process
    • Server creation
    • Via terraform & add tags
    • Provisioning & deploy
    • Using dynamic inventory
    • Implement test recipe
    • Using Ruby AWS SDK
    • Attach to ELB
    • Name:pairs-jp-web-xx
    • env:prod
    • regin:jp
    • role:web
    exists

    servers
    Attach to 

    ELB
    cd /path/to/ansible_dir

    ansible-playbook -i hosts/pairs/prod/jp

    playbook playbook/web.yml
    Provisioning and 

    deploy current app version




    Implement test recipe 

    on each role

    View full-size slide

  21. Create server

    with tags
    Provisioning and 

    deploy current app version
    Implement test recipe 

    on each role
    cd /path/pairs/prod/jp

    terraform apply
    cd /path/to/test

    rake pairs:prod/jp/web
    cd /path/to/ansible_dir

    ansible-playbook -i hosts/pairs/prod/jp

    playbook playbook/web.yml
    exists

    servers
    Attach to 

    ELB
    Activator
    Ops




    • Scheduled Activation
    • Semi Automatic Activation

    View full-size slide

  22. Destruct

    Instances
    cd /path/pairs/prod/jp

    terraform apply
    cd /path/to/test

    rake pairs:prod/jp/web
    cd /path/to/ansible_dir

    ansible-playbook -i hosts/pairs/prod/jp

    playbook playbook/web.yml
    exists

    servers
    Detach From

    ELB
    Activator
    Ops


    • Scheduled Destruction
    • Semi Automatic Destruction

    View full-size slide

  23. Scale Out Scale In
    Alert
    Monitored 

    Via Cloudwatch
    Launch New
    Instance by

    Scaling Policy
    Provisioning Process 

    (Auto Scaling)
    Terminate
    Instance to be
    Desired

    View full-size slide

  24. ᶃ ᶅ
    S-In to 

    Production
    Alert

    Firing
    Initialize

    Auto Scaling
    Launch New

    Instances

    View full-size slide

  25. ᶃ ᶅ
    S-In to 

    Production
    Alert

    Firing
    Initialize

    Auto Scaling
    Launch New

    Instances

    Notify to 

    Slack

    View full-size slide

  26. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved.
    ·ͱΊ
    • QBJST͸Ϋϥ΢υωΠςΟϒͳΠϯϑϥߏ੒
    • ͠ͳ΍͔ͳϦιʔε૿ݮηΩϡϦςΟཁ݅ଐਓੑͷഉআ
    • *OGSBTUSVDUVSFBT$PEFͷશ໘ಋೖͰղܾ ͨ͠

    View full-size slide

  27. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved.
    ͓·͚
    • ࠓ೔ͷ࿩ɺ࠷ۙॻ͍ͨϒϩάʹৄࡉॻ͍ͯͨΓ͠·͢
    • ڵຯ͋Δ͔ͨ͸Α͚Ε͹ʂ
    • IUUQTEFWFMPQFSTFVSFKQUFDIUFSSBGPSN@VQEBUF

    View full-size slide

  28. CONFIDENTIAL
    Thank you :)
    Thank you :)

    View full-size slide