Upgrade to Pro — share decks privately, control downloads, hide ads and more …

pairsのプロビジョニング要件とInfrastructure as Code実例

7890032b748bfc156d75aca46db99562?s=47 takuya542
September 28, 2016

pairsのプロビジョニング要件とInfrastructure as Code実例

7890032b748bfc156d75aca46db99562?s=128

takuya542

September 28, 2016
Tweet

Transcript

  1. Copyright © 2009-2015 eureka, inc. All rights reserved. CONFIDENTIAL pairsͷϓϩϏδϣχϯάཁ݅ͱ

    Infrastructure as Code࣮ྫ 5BLVZB0OEB/ eureka, inc.
 # Eureka x MTI Tech Beer
  2. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved. ࣗݾ঺հ

    • ໊લɿԸా୓໵ • dגࣜձࣾσΟʔɾΤψɾΤʔ • dגࣜձࣾΤ΢ϨΧ • ͓͠͝ͱ • Τ΢ϨΧͷΠϯϑϥपΓશൠΛ୲౰͍ͯ͠·͢ • ωοτϫʔΫ%#؂ࢹ෼ੳج൫ηΩϡϦςΟFUD • ϒϩάɿIUUQTEFWFMPQFSTFVSFKQNFNCFST UBLVZB@POEB
  3. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved. ࠓ೔ͷτϐοΫ

    • QBJSTͷαʔϏεಛੑͱٻΊΒΕΔϓϩϏδϣχϯάཁ݅ • *OGSBTUSVDUVSFBTDPEF࣮ફʹΑΔ՝୊ղܾ • ࣮ྫ঺հdαʔόߏஙαʔϏεΠϯ·ͰͷྲྀΕ
  4. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved. pairsͷαʔϏεಛੑ

    • "84Λϑϧ׆༻ • &$͸୯Ґ࣌ؒ I ຖʹ՝ۚൃੜ • ΦϯϓϨͱൺֱ͢Δͱαʔό୆͋ͨΓ͸ίετߴ • ߴස౓σϓϩΠՕॴͱ௿ස౓σϓϩΠՕॴ • ߴස౓ɿΞϓϦέʔγϣϯຊମ • ௿ස౓ɿը૾഑৴αʔόɺEFRVFVFXPSLFS • Θ͔Γ΍͍͢ϐʔΫλΠϜ • d࣌ ேͷϓογϡ௨஌ • ϝσΟΞ࿐ग़౳ʹΑΔεύΠΫ͸΄ͱΜͲͳ͍
  5. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved. ٻΊΒΕΔϓϩϏδϣχϯάཁ݅

    • ̍ɿ௿ίετYߴՄ༻ੑ • ϐʔΫλΠϜʹ߹Θͤͨ͠ͳ΍͔ͳϦιʔε૿ݮ • ɿߴ͍ηΩϡϦςΟཁٻ • αʔϏεಛੑ্ɺηΩϡϦςΟϗʔϧ͸க໋త • ̏ɿඇଐਓతͳϫʔΫϑϩʔ • Ϧιʔε࡞੒௥Ճ࡟আΛ୭Ͱ΋ग़དྷΔ࡞ۀʹ • φϦοδͷଐਓԽ͸σϦόϦεϐʔυΛམͱ͢ • ʮ͋ʙɺ͜Εʓʓ͞Μ͡Όͳ͍ͱ෼͔Βͳ͍͢Θʙʯ
  6. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved. Infrastructure

    as Code࣮ફʹΑΔ՝୊ղܾ • ̍ɿ௿ίετYߴՄ༻ੑ • ଈ౤ೖՄೳͳαʔόΛ͙͢࡞ΕΔ • ɿߴ͍ηΩϡϦςΟཁٻ • ωοτϫʔΫ 71$ ͱݖݶ؅ཧ *". ͷҰݩ؅ཧ • ̏ɿඇଐਓతͳϫʔΫϑϩʔ • ϓϩάϥϚϒϧඇΠϯϑϥͷਓؒͰ΋৮ΕΔ • ίʔυΛݟΕ͹࡞੒എܠཤྺ͕Θ͔Δ • (JUIVC'MPXΩϟύγςΟϓϥϯχϯά
  7. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved. Ϧιʔε౤ೖϙϦγʔ

    • ߴσϓϩΠՕॴ • ࣌ؒଳεέʔϦϯάʹΑΔϦιʔε૿ݮ • ௿σϓϩΠՕॴ • ϝτϦΫεϕʔεͷ"VUP4DBMJOH
  8. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved. Ϧιʔε౤ೖϙϦγʔ

    • ߴσϓϩΠՕॴ • ίϚϯυҰൃͰ࠷৽ͷαʔό࡞੒Ͱ͖Ε͹0,ͱׂ੾Γ • DSPOͱ͔Ͱ࢓ࠐΊ͹࣌ؒଳεέʔϦϯάͷग़དྷ্͕Γ • ௿σϓϩΠՕॴ • ΰʔϧσϯΠϝʔδΛอ࣋ • ࠷৽ͷ"QQ͕ࡌͬͯΔ".*Λݩʹ"VUP4DBMJOH
  9. Ansible Serverspec Terraform Create All 
 Resources on AWS Provisioning


    And 
 Deployment Provisioning Process 
 (Manual / Scheduled-Scaling) Implement 
 Test
  10. Create server
 with tags Provisioning and 
 deploy current app

    version Implement test recipe 
 on each role cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml exists
 servers Attach to 
 ELB Activator Ops ᶃ ᶄ ᶅ ᶆ • Scheduled Activation • Semi Automatic Activation
  11. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Implement test recipe 
 on each role Provisioning process • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Attach to ELB • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Provisioning and 
 deploy current app version cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml ᶃ ᶄ ᶅ
  12. • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web Create server


    with tags Provisioning
 deploy Test middleware
 and app status cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web cd /path/pairs/prod/jp
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml Procedure for Provisioning • Server creation • via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK # Example ) Additional App Server Recipe resource "aws_instance" "web_xx" { ami = "ami-xxxxxxx" instance_type = "${var.ec2.app.instance_type}" availability_zone = "${var.vpc.region_1a}" security_groups = ["${aws_security_group.app.id}"] subnet_id = "${aws_subnet.app_1a.id}" ebs_optimized = "${var.ec2.app.ebs_optimized}" iam_instance_profile = "${var.ec2.app.iam_instance_profile}" count = 1 tags { Name = “pairs-jp-web-xx” # Unique name for each server role = “pairs-jp-web” # Group for provisioning region = "jp" env = "prod" } }
  13. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Provisioning process • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Attach to ELB Belong to 
 same env/region/role exists
 servers Provisioning and 
 deploy current app version cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml ᶃ ᶄ ᶅ • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web Implement test recipe 
 on each role
  14. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Provisioning process • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Attach to ELB • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Provisioning and 
 deploy current app version cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml ᶃ ᶄ ᶅ Dynamically fetched
 via ec2.py Implement test recipe 
 on each role
  15. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Provisioning process • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Attach to ELB exists
 servers Provisioning and 
 deploy current app version cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web ᶃ ᶄ ᶅ Dynamically fetched
 via ruby aws sdk Implement test recipe 
 on each role
  16. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Implement test recipe 
 on each role Procedure for Provisioning • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Provisioning and 
 deploy current app version cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml # Example ) inventory-1
 
 [tag_role_pairs-jp-web] [tag_role_pairs-jp-admin] [tag_role_pairs-jp-batch] [tag_role_pairs-jp-db-master] [tag_role_pairs-jp-db-slave] [common:children] tag_role_pairs-jp-web tag_role_pairs-jp-mobile tag_role_pairs-jp-admin tag_role_pairs-jp-batch tag_role_pairs-jp-db-master tag_role_pairs-jp-db-slave [web:children] tag_role_pairs-jp-web # Example ) inventory-2 
 [admin:children] tag_role_pairs-jp-admin [batch:children] tag_role_pairs-jp-batch [db-master:children] tag_role_pairs-jp-db-master [db-slave:children] tag_role_pairs-jp-db-slave [db-all:children] tag_role_pairs-jp-db-master tag_role_pairs-jp-db-slave
  17. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Implement test recipe 
 on each role Procedure for Provisioning • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Provisioning and 
 deploy current app version cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml # Example ) playbook for web server
 # Dynamic inventory Script : hosts/pairs/prod/jp/ec2.py
 # Var file : hosts/pairs/prod/jp/group_vars/all.yml
 --- # For web-server # Usage # ansible-playbook -i hosts/pairs/prod/jp playbook/web.yml - hosts: web gather_facts: yes vars_files: - "{{ inventory_dir }}/group_vars/secret.yml" roles: - { role: common, tags: common } - { role: mysql_client, tags: mysql_client } - { role: nginx, tags: nginx } - { role: mackerel, tags: mackerel } - { role: circus, tags: circus } - { role: td-agent, tags: td-agent } - { role: haproxy, tags: haproxy }
  18. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web cd /path/pairs/prod/jp


    ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml Create server
 with tags Implement test recipe 
 on each role Procedure for Provisioning • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Provisioning and 
 deploy current app version # Example ) Rakefile (Fetch active instance list)
 
 require 'rake' require 'rspec/core/rake_task' require 'aws-sdk-v1' if ENV['AWS_ACCESS_KEY_ID'] && ENV['AWS_SECRET_ACCESS_KEY'] AWS.config( { access_key_id: ENV['AWS_ACCESS_KEY_ID'], secret_access_key: ENV['AWS_SECRET_ACCESS_KEY'], region: 'ap-northeast-1' } ) ec2_hosts = AWS.ec2.instances.select { |i| i.status == :running } end
  19. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web cd /path/pairs/prod/jp


    ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml Create server
 with tags Implement test recipe 
 on each role Procedure for Provisioning • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Provisioning and 
 deploy current app version # Example ) Rakefile (Define test tasks # Pseudo code)
 # test recipe : spec/prod/jp/web_spec.rb / spec/common/comon.rb
 if ec2_hosts ec2_hosts.each do |host| task_name = "#{host_env}:#{host_region}:#{host_group}" spec_pattern = "spec/#{host_env}/#{host_region}/#{host_group} _spec.rb" # define tasks for each roles desc "Run serverspec tests to ec2 #{host_name} (PATH=#{spec_pattern},IP=#{host_ip})" RSpec::Core::RakeTask.new(host_name.to_sym) do |t| ENV['TARGET_HOST'] = host_ip ENV['TARGET_HOST_NAME'] = host_name t.pattern = "#{spec_pattern},spec/common/*_spec.rb" end end end
  20. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Provisioning process • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Attach to ELB • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Attach to 
 ELB cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml Provisioning and 
 deploy current app version ᶃ ᶄ ᶅ ᶆ Implement test recipe 
 on each role
  21. Create server
 with tags Provisioning and 
 deploy current app

    version Implement test recipe 
 on each role cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml exists
 servers Attach to 
 ELB Activator Ops ᶃ ᶄ ᶅ ᶆ • Scheduled Activation • Semi Automatic Activation
  22. Destruct
 Instances cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web

    cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml exists
 servers Detach From
 ELB Activator Ops ᶄ ᶃ • Scheduled Destruction • Semi Automatic Destruction
  23. Scale Out Scale In Alert Monitored 
 Via Cloudwatch Launch

    New Instance by
 Scaling Policy Provisioning Process 
 (Auto Scaling) Terminate Instance to be Desired
  24. ᶃ ᶅ S-In to 
 Production Alert
 Firing Initialize
 Auto

    Scaling Launch New
 Instances ᶄ
  25. ᶃ ᶅ S-In to 
 Production Alert
 Firing Initialize
 Auto

    Scaling Launch New
 Instances ᶄ Notify to 
 Slack
  26. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved. ·ͱΊ

    • QBJST͸Ϋϥ΢υωΠςΟϒͳΠϯϑϥߏ੒ • ͠ͳ΍͔ͳϦιʔε૿ݮηΩϡϦςΟཁ݅ଐਓੑͷഉআ • *OGSBTUSVDUVSFBT$PEFͷશ໘ಋೖͰղܾ ͨ͠
  27. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved. ͓·͚

    • ࠓ೔ͷ࿩ɺ࠷ۙॻ͍ͨϒϩάʹৄࡉॻ͍ͯͨΓ͠·͢ • ڵຯ͋Δ͔ͨ͸Α͚Ε͹ʂ • IUUQTEFWFMPQFSTFVSFKQUFDIUFSSBGPSN@VQEBUF
  28. CONFIDENTIAL Thank you :) Thank you :)