Chef SoloからItamaeに完全移行した話＋

$IFG4PMP͔Β*UBNBF ʹ׬શҠߦͨ͠࿩ʴ *UBNBF.FFUVQ !UPSJUPSJ

ࣗݾ঺հ w ௗډɹ߶࢘ !UPSJUPSJΞϧύΧେ໌ਆ w גࣜձࣾ)"30J% w IUUQXXXIBSPJEDPKQ w
αʔόΦϖϨʔγϣϯΤϯδχΞ w -VB(PMBOH1ZUIPO/PEFKT1FSM3VCZ w ೋࣇͷ෕

*UBNBF

ΞδΣϯμ w ฐࣾͷࣄ৘ w Πϯϑϥ w ։ൃϑϩʔ w ՝୊ w
$IFG4PMP͔Β*UBNBF΁ͷҠߦ w Ҡߦͨ݁͠Ռ w ·ͱΊ

ฐࣾͷΠϯϑϥࣄ৘

։ൃϑϩʔ

։ൃϑϩʔ w ࣄલ४උ w ಠࣗDPOpHʹWN৘ใ௥هOPEFTKTPO࡞Δʜ w ".*࡞੒ w SBLFBXTVQWNWN w
SBLFBXTQSPWJTJPOWNWN w SBLFBXTTQFDWNWN w SBLFBXTDSFBUF@BNJWNWN w Ϋϥελૢ࡞ w SBLFBXTDGDSFBUF@TUBDLFOWFOW w SBLFBXTDGVQEBUF@TUBDLFOWFOWQBSBNTQBSBNT w SBLFBXTDGEFMFUF@TUBDLFOWFOW

πʔϧ w 7BHSBOU w 7BHSBOUBXT w 7BHSBOUBNJ w $IFG4PMP w
#FSLTIFMG *UBNBF (FNpMF

$IFG4PMP࣌୅ͷ՝୊

$IFG4PMP #FSLTIFMGͷ൥ࡶԽ w ίϛϡχςΟΫοΫϒοΫଟ༻ w ϓϩϏδϣχϯά͕஗͍ w $IFG4PMPͷऴᖼʁ w ͦͯ͠$IFG;FSP΁ʜ

ʊਓਓਓਓਓਓਓਓʊ ʼɹಥવͷ*UBNBFɹʻ ʉ:?:?:?:?:?:?:ʉ

γϯϓϧͳ$IFG # install gem install itamae # ద౰ͳϨγϐ࡞Δ echo "package
'sl'" > recipe.rb # itamae࣮ߦʢϩʔΧϧϗετʣ itamae local recipe.rb # itamae࣮ߦʢϦϞʔτϗετʣ itamae ssh -u hogeuser -h xxx.xxx.xxx.xxx recipe.rb # itamae࣮ߦʢVagrantʣ itamae ssh --vagrant --host vm_name recipe.rb

γϯϓϧͳ$IFG # attributeΛఆٛͨ͠jsonΛࢦఆ࣮ͯ͠ߦ itamae local -j node.json recipe.rb # ϨγϐΛෳ਺ͭͳ࣮͛ͯߦ
itamae local recipe01.rb recipe02.rb recipe03.rb # dry-run itamae local --dry-run recipe.rb # ohai৘ใΛࢀর itamae local --ohai recipe.rb

ʊਓਓਓਓਓਓʊ ʼɹ͜Εͩʂɹʻ ʉ:?:?:?:?:ʉ

$IFG4PMP͔ΒͷҠߦ ͨͩ͠طଘͷϑϩʔ΍ߏ଄͸ʢ΄΅ʣͦͷ··Ͱ

σΟϨΫτϦʗϑΝΠϧߏ଄ $IFG4PMP 130+&$5@3005 DPPLCPPLT#FSLTpMFΫοΫϒοΫ܈ TJUFDPPLCPPLTϓϩδΣΫτݻ༗ΫοΫϒοΫ܈ SPMFTϩʔϧ܈ OPEFTWNຖͷOPEFKTPO WN@BQQKTPO WN@ECKTPO
EBUB@CBHTൿີ৘ใ #FSLTpMF#FSLTpMF 7BHSBOUpMF7BHSBOUpMF

σΟϨΫτϦʗϑΝΠϧߏ଄ ʢ*UBNBFʣ 130+&$5@3005 DPPLCPPLTϓϩδΣΫτݻ༗ΫοΫϒοΫ܈ CBTFDPPLCPPLTڞ௨ΫοΫϒοΫ܈ SPMFTϩʔϧ܈ OPEFTWNຖͷOPEFKTPO WN@BQQKTPO WN@ECKTPO
TFDSFUൿີ৘ใ FOUSZQPJOUSC*UBNBF͔Β࣮ߦ͞ΕΔϨγϐͷΤϯτϦϙΠϯτ (FNpMF*UBNBFϓϥάΠϯͳͲͷґଘ͕ॻ͔Εͨ(FNpMF 7BHSBOUpMF7BHSBOUpMF

OPEFTKTPO $IFG4PMP { "td_agent": { "plugins": [ "config-expander", "redeliver", "map",
"forest", "multi-format-parser" ] }, "environment": "development", "recipes": [ "role[base]", "role[app]", "recipe[td-agent::install]" ] }

OPEFTKTPO *UBNBF { "td_agent": { "plugins": [ "config-expander", "redeliver", "map",
"forest", "multi-format-parser" ] }, "environment": "environments/development.rb", "recipes": [ "./roles/base.rb", "./roles/app.rb", "./cookbooks/td-agent/install.rb" ] }

FOUSZQPJOUSC # entrypoint.rb # nodes.jsonʹهड़͞Ε͍ͯΔrecipeΛॱ൪ʹಡΉ͚ͩͷϑΝΠϧ node["recipes"] = node["recipes"] || []
node["recipes"].each do |recipe| include_recipe recipe end # itamae࣮ߦ࣌ʹentrypoint.rbΛࢦఆ itamae local -j node.json entrypoint.rb

ΫοΫϒοΫ $IFG4PMP DPPLCPPL@OBNF $)"/(&-0(NE 3&"%.&NE BUUSJCVUFT EFGBVMUSC EFpOJUJPOT pMFT MJCSBSJFT
NFUBEBUBSC QSPWJEFST SFDJQFT EFGBVMUSC ͏ͬʜ

ΫοΫϒοΫ *UBNBF DPPLCPPL@OBNF BUUSJCVUFTSCBUUSJCVUFTΛ·ͱΊͨϑΝΠϧ YYY@SFDJQFSCͳΜ͔Ϩγϐ UFNQMBUFTςϯϓϨʔτϑΝΠϧ YYYDPOGFSC

#FSLTIFMG(FNpMF # itamae gem 'json' gem 'itamae' gem 'itamae-secrets' #
plugins gem 'itamae-plugin-recipe-supervisor', \ :github => 'toritori0318/itamae-plugin-recipe-supervisor' gem 'itamae-plugin-recipe-consul', \ :github => 'toritori0318/itamae-plugin-recipe-consul' (FNpMF

3PMF include_recipe "../cookbooks/nginx/install.rb" include_recipe "../cookbooks/app/deploy.rb" include_recipe "../cookbooks/app/supervisor.rb" SPMFTBQQSC

BUUSJCVUFT # include͢Δ͚ͩ include_recipe './attributes.rb' BUUSJCVUFTSC # σϑΥϧτ஋ࢦఆ node.reverse_merge!( td_agent:
{ includes: [], plugins: %w{ forest }, }, ) SFDJQFSC

2JJUBॻ͍ͨ࣌ʹ ՝୊ʹͳͬͯͨ͜ͱ

%BUBCBHT ˣ JUBNBFTFDSFUT

JUBNBFTFDSFUT # Πϯετʔϧ gem install itamae-secrets # ϕʔεσΟϨΫτϦΛઃఆϑΝΠϧʹॻ͍ͱ͘ echo 'base:
./secret' >> .itamae-secrets.yml # ൿີ伴ੜ੒ > ‘<basedir>/keys/default’ itamae-secrets newkey --method=aes-passphrase (ύεϑϨʔζೖྗ) # ஋อଘ itamae-secrets set itakey itavalue # ஋औಘ itamae-secrets get itakey

JUBNBFTFDSFUT # require require 'itamae/secrets' # ൿີ৘ใ֨ೲσΟϨΫτϦࢦఆ node[:secrets] = Itamae::Secrets(File.join(__dir__,
'secret')) # ஋औಘ itakey = node[:secrets][:itakey] SFDJQFSC

JUBNBFTFDSFUT w HJUJHOPSFʹൿີ伴σΟϨΫτϦࢦఆ͢ΔͷΛ๨ Εͣʹʂ echo 'secret/keys' >> .gitignore

$IFG4FSWFS ˣ $POTVM

FY $POTVMͱ૊Έ߹Θͤͯ ϩʔϧ୯ҐʹϨγϐ࣮ߦ # 1. ֤ϊʔυ͸Πϕϯτwatch͠ͱ͘ consul watch -type event
-name itamae /path/to/watch_itamae.sh # 2. ϨγϐΛgit(or S3)ʹΞοϓϩʔυ͓ͯ͘͠ # 3. ϓϩϏδϣχϯά͍ͨ͠λΠϛϯάͰeventൃߦ consul event -name itamae -service web 'vm=web recipe=nginx'

XBUDI@FWFOU@JUBNBFTI # ඪ४ೖྗ͔ΒϖΠϩʔυड͚औΓ STDIN_STR=$(cat -) PAYLOAD=`echo $STDIN_STR | jq -r
'.[0] .Payload' | base64 -d` # key=value ͷ૊Λύʔεͯ͠vm໊΍recipeΛಘΔ (snip) # ϦϙδτϦ(or S3) ͔Βμ΢ϯϩʔυ git clone http://hogehoge/itamae-recipes.git /tmp/itamae-recipes # itamae࣮ߦ itamae local --node-json nodes/${VM}.json ${RECIPE} ˞΍͍ͬͯΔ͜ͱ IUUQTHJTUHJUIVCDPNUPSJUPSJBEBBCDGFBG

*UBNBFҠߦޙ

1SPT w શମతʹεϦϜԽ w Ϩγϐߏ଄͕εοΩϦ w JODMVEF@SFDJQFQBDLBHFUFNQMBUFTFSWJDFFYFDVUF Ͱେ఍৯͍͚ͬͯΔ w ϓϩϏδϣχϯά͕ܰ͘ʗ଎͘ͳͬͨ
w ໰୊ղܾ͠΍͘͢ͳͬͨ w Ϩγϐͷ໰୊ w πʔϧࣗମͷڍಈ

$POT w ΤίγεςϜ w 4OJQQFUTαΠτ͕͋Δͱྑ͍ͷ͔΋ʜʁ

·ͱΊ

·ͱΊ w $IFG4PMP͔ΒҠߦͯ͠޾ͤʹͳͬͨ࿩ w جຊతͳ࢖͍ํͰ͋Ε͹Ҡߦͯ͠ࠔΔ৔໘͸গͳ͍͸ͣ w Ҡߦࣗମ΋ࢥ͍ͬͯͨΑΓ؆୯ w ΋ͪΖΜ$IFG͕࠷దͳ؀ڥ΋͋ΔͷͰదࡐదॴ w
Ή͠Ζ*UBNBFʼ$IFG͸े෼͋Γ w ΤίγεςϜ͸΋͏গ͠ʜ w Ϩγϐ͸ͲΜͲΜγΣΞ͠·͠ΐ͏

IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBFXJLJ#FTU 1SBDUJDF ݱࡏ͸ΦϑΟγϟϧ8JLJʹ ϕετϓϥΫςΟε͕ܝࡌ͞Ε͍ͯ·͢ ࢀߟ

ࢀߟ w ࠓճͷϓϩδΣΫτߏ੒αϯϓϧ w ϕʔγοΫ w IUUQTHJUIVCDPNUPSJUPSJJUBNBFTBNQMFQSPKFDU w FOWJSPONFOUTόʔδϣϯ w
IUUQTHJUIVCDPNUPSJUPSJJUBNBFTBNQMFQSPKFDU USFFFOWJSPONFOUT@WFSTJPO w JUBNBFTFDSFUTόʔδϣϯ w IUUQTHJUIVCDPNUPSJUPSJJUBNBFTBNQMFQSPKFDU USFFJUBNBFTFDSFUTWFSTJPO

͝ਗ਼ௌ ͋Γ͕ͱ͏͍͟͝·ͨ͠

Chef SoloからItamaeに完全移行した話＋

Chef SoloからItamaeに完全移行した話＋

More Decks by Tsuyoshi Torii

Other Decks in Technology

Featured

Transcript