OpsWorks で簡単プロビジョニング

Transcript

1. OpsWorks Ͱ ؆୯ϓϩϏδϣχϯά 2014/10/06 @tendon0

2. “bashͷ੬ऑੑʹ͍ͭͯ”

3. “bashͷ੬ऑੑʹ͍ͭͯ” “LinuxͳͲͷUNIXܥOSͰඪ४తʹ࢖ΘΕ͍ͯΔγΣϧ ʮbashʯʹۃΊͯॏେͳ੬ऑੑ͕ݟ͔ͭΓɺ9݄24೔ʹमਖ਼ ύον͕ެ։͞Εͨɻ߈ܸऀ͕bashʹίϚϯυΛૹͬͯ೚ҙ ͷίʔυΛ࣮ߦͰ͖ΔՄೳੑ͕ࢦఠ͞Ε͓ͯΓɺถηΩϡϦ ςΟػؔͷSANS Internet Storm CenterͳͲ͸ύονద༻Λٸ ͙Α͏ݺͼֻ͚͍ͯΔɻ”

   ʮbashʯγΣϧʹॏେͳ੬ऑੑɺओཁLinuxͰύον͕ެ։ http://www.itmedia.co.jp/enterprise/articles/1409/25/news042.html

4. ύονͷ͋ͨͬͨ bash Λ yum update ͢Ε͹OK $ env x='() {

   :;}; echo vulnerable' bash -c "echo this is a test"! vulnerable! this is a test $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"! bash: warning: x: ignoring function definition attempt! bash: error importing function definition for `x'! this is a test $ sudo yum update bash ※౰࣌໰୊͕ىͬͨ͜௚ޙ͸ɺAmazonLinux 2014.09 ҎલͰ͸ --releasever ΦϓγϣϯΛར༻ͯ͠ ϦϦʔεόʔδϣϯΛ 2014.09 ʹِ૷͢Δඞཁ͕͋Γ·ͨ͠ʢࠓ͸ڪΒ͘େৎ෉͔ͱʣ

5. ύονΛ౰ͯΔͱ͖ʹؾʹͳΔ͜ͱ αʔό୆਺͕ଟ͍ͱɺखͰ౰ͯΔͷ͸ݫ͍͠ ఀࢭঢ়ଶʹ͋Δαʔό͸ɺ͍͍ͪͪىಈͯ͠ύονΛ౰ͯͳ͍ ͱ͍͚ͳ͍ʢͰͳ͍ͱ๨ΕΔʣ AMI ӡ༻Λ͍ͯ͠ΔͱɺͲͷ AMI ·Ͱύον͕౰͍ͨͬͯΔͷ ͔෼͔Βͳ͘ͳͬͯ͠·͏ɻ࢖͍͍ͬͯͷ͔ྑ͘ͳ͍ͷ͔෼͔ Βͳ͍

   αʔόͷ๬·͍͠ঢ়ଶΛָʹ؅ཧ͍ͨ͠

6. ύονΛ౰ͯΔͱ͖ʹؾʹͳΔ͜ͱ αʔό୆਺͕ଟ͍ͱɺखͰ౰ͯΔͷ͸ݫ͍͠ ఀࢭঢ়ଶʹ͋Δαʔό͸ɺ͍͍ͪͪىಈͯ͠ύονΛ౰ͯͳ͍ ͱ͍͚ͳ͍ʢͰͳ͍ͱ๨ΕΔʣ AMI ӡ༻Λ͍ͯ͠ΔͱɺͲͷ AMI ·Ͱύον͕౰͍ͨͬͯΔͷ ͔෼͔Βͳ͘ͳͬͯ͠·͏ɻ࢖͍͍ͬͯͷ͔ྑ͘ͳ͍ͷ͔෼͔ Βͳ͍

   αʔόͷ๬·͍͠ঢ়ଶΛָʹ؅ཧ͍ͨ͠ ϓϩϏδϣχϯάπʔϧΛ࢖͓͏ʂ

7. 1. ϓϩϏδϣχϯάπʔϧͱ͸ 2. OpsWorks ͱ͸ 3. ࣮ࡍʹ OpsWorks Λ࢖ͬͯΈͯ

8. 1. ϓϩϏδϣχϯάπʔϧͱ͸ 2. OpsWorks ͱ͸ 3. ࣮ࡍʹ OpsWorks Λ࢖ͬͯΈͯ

9. “Provisioning”: ຊདྷ͸ʮ४උɺఏڙɺઃඋʯͳͲͷҙຯͰ͋ΓɺݱࡏͰ͸௨ৗɺԻ੠௨৴΍ί ϯϐϡʔλͳͲͷ෼໺ʹ͓͚ΔɺϢʔβʔ΍ސ٬΁ͷαʔϏεఏڙͷ࢓૊ΈΛ ࢦ͢ɻ ར༻Մೳͳαʔό܈ʢαʔόϑΝʔϜʣ͔ΒαʔόΛબͼग़͠ɺద੾ͳιϑτ ΢ΣΞʢΦϖϨʔςΟϯάγεςϜɺσόΠευϥΠόɺϛυϧ΢ΣΞɺΞϓϦ έʔγϣϯιϑτ΢ΣΞʣΛϩʔυ͠ɺγεςϜΛద੾ʹઃఆͨ͠Γɺαʔό ݻ༗ͷઃఆʢIPΞυϨεͳͲʣΛͨ͠Γɺͱ͍ͬͨ࡞ۀΛαʔόɾϓϩϏδϣ χϯάͱݺͿɻ 㱺

   ͜͜Ͱ͸ʮαʔό؀ڥͷߏஙΛߦ͏͜ͱʯͱ͠·͢ http://ja.wikipedia.org/wiki/ϓϩϏδϣχϯά

10. “Provisioning Framework”: etc etc…

11. “Provisioning Framework”: etc etc…

12. http://docs.getchef.com/ (ཁ఺) Chef ͸Ϋϥ΢υͷΠϯϑϥΛࣗಈԽ͢ΔͨΊͷγεςϜٴͼϑϨʔϜϫʔΫͰ͋ Γɺαʔό΍ΞϓϦέʔγϣϯͷσϓϩΠΛ༰қʹ͠·͢ɻ σϓϩΠର৅͸෺ཧαʔόɺԾ૝αʔόɺΫϥ΢υΛ໰͍·ͤΜɻ Πϯϑϥͷن໛΋খن໛ͳ΋ͷ͔Βେن໛ͳ΋ͷ·ͰରԠՄೳ Cookbooks (ͱ recipes)

    ͸ɺ֤ϊʔυ͕ͲͷΑ͏ʹ͋Δ΂͖͔Λ఻͑ΔͨΊʹར༻ ͞Ε·͢ɻ

13. Chefͷಛ௃: Ruby Λ࢖ͬͯઃఆΛهड़͢Δ Ruby ࣗମ΋ॻ͖΍͍͢ݴޠͰɺؾܰʹม਺બ୒΍৚݅෼ذ͕ߦ͑Δ Ansible ͸ YAML Ͱهड़͢ΔͨΊɺ΍΍ࣗ༝౓͕௿͍ Puppet

    ͸ಠࣗݴޠͰهड़͢ΔͨΊɺशಘ΁ͷෑډ͕ߴ͍͔ هड़ͨ͠ॱ൪ʹॲཧ͕࣮ߦ͞ΕΔ ґଘؔ܎Λఆٛ͢Δ͜ͱ΋Մೳ ΫοΫϒοΫͱݺ͹ΕΔ୯ҐͰ؅ཧ͢ΔͨΊɺཧղɾ؅ཧ͕͠΍͍͢ ୈࡾऀ͕࡞੒ͨ͠ΫοΫϒοΫΛ࠶ར༻͢Δ͜ͱͰੜ࢈ੑΛߴΊΔ ࣾ಺Ͱ΋ɺϓϩδΣΫτؒͷΫοΫϒοΫͷڞ༗͸༗ޮ Facebook, αΠόʔΤʔδΣϯτ, Preziʢͦͯ͠ࠓճ঺հ͢Δ OpsWorks ͳ Ͳʣɺར༻ࣄྫ΋๛෋

14. m(_ _)m ࠓճ͸࣌ؒͷؔ܎ͰɺChef ͷৄ͍͠આ໌͸͠ ·ͤΜ ͜ͷޙͰઆ໌͢Δ OpsWorks Λར༻͢Δ্Ͱ ͸ Chef

    ͷཧղ͕ෆՄܽͰ͢ͷͰɺӈͷຊ͕Φ εεϝͰ͢ OpsWorks ͸ Chef Solo Λར༻ͨ͠ AWS αʔ ϏεͰɺػೳ੍ݶ͕͋Γ·͢ʢޙड़ʣɻطʹ Chef ʹৄ͍͠ํ͸͝஫ҙ͍ͩ͘͞

15. 1. ϓϩϏδϣχϯάπʔϧͱ͸ 2. OpsWorks ͱ͸ 3. ࣮ࡍʹ OpsWorks Λ࢖ͬͯΈͯ

16. AWS ͷαʔϏεͰ͢

17. OpsWorks(1) -֓ཁ- “AWS OpsWorks ͸ɺ͢΂ͯͷछྨ͓ΑͼαΠζͷΞϓϦέʔγϣϯΛ༰қʹσϓ ϩΠ͓Αͼӡ༻Ͱ͖ΔΫϥ΢υΞϓϦέʔγϣϯ؅ཧαʔϏεͰ͢ɻ” Peritor ࣾͷ Scalarium Λ

    Amazon ͕ങऩ͠ 2013೥2݄ʹ OpsWorks ͱͯ͠ϩʔϯν Chef Solo ΛɺOpsWorks ಠࣗͷ֓೦Ͱ͋Δ LifeCycleEvents, Layer ্Ͱಈ͔͢ ϓϩϏδϣχϯάΑΓΦʔέετϨʔγϣϯʹ͍ۙαʔϏε ଞͷ AWS αʔϏεͰະରԠͷ΋ͷ΋͋Δ͕ɺগͣͭ͠૿͍͑ͯΔɿ σϑΥϧτVPC Ҏ֎ͷ VPC ͷར༻ RDS ͷར༻ ΧελϜ AMI ͷར༻ ELB ΁ͷରԠ

18. OpsWorks(2) -ಛ௃- Πϯελϯε͸ 24/h, Time-based, Load-based ͕બ୒Մೳ Time-based ͸ܾ·ͬͨ࣌ؒʹͷΈىಈ͢ΔΠϯελϯε Load-based

    ͸ϨΠϠ಺ͷෛՙฏۉͷঢ়گʹԠͯ͡ىಈɾఀࢭ͢ΔΠϯελ ϯε
 OpsWorks Ͱ͸ AutoScaling ͕࢖͑ͳ͍ͨΊɺ͜Ε͕ AutoScaling ͷ୅ΘΓͱ ͳΔ ΞϓϦέʔγϣϯͷϩʔϧόοΫ͕Մೳʢະ֬ೝʣ Chef ʹ͸ͳ͍ػೳɻ5ੈ୅෼·ͰՄೳͱ͔ ଞΠϯελϯεͷ৘ใ͕ DataBagʢ࿈૝഑ྻʣʹ֨ೲ͞Ε͍ͯΔͨΊɺAWS ͷ API ͔Βλά৘ใͰΠϯελϯεΛߜΓࠐΜͰIPΞυϨεΛऔಘ… ͱ͍ͬͨΑ͏ ͳ໘౗ͳ࡞ۀ͕ཁΒͳ͍

19. OpsWorks(3) -Chefؔ࿈- ΧελϜϨγϐ͸ site-cookbooks/ ഑Լʹ֨ೲ͢Δ΋ͷΛࢦఆ͢ΔͨΊɺ data_bags, environments, nodes, roles ͳͲͷػೳ͸Ϩγϐ಺͔Β͸ઃఆͰ͖ͳ͍

    nodes ͸ /var/lib/aws/opsworks/data/nodes ഑ԼʹΠϯελϯε͝ͱ ͷ json ͕֨ೲ͞Ε͍ͯΔʢOpsWorks ͕ੜ੒ͨ͠΋ͷʣ data_bags ͸ελοΫ͝ͱʹ OpsWorks ଆͰઃఆՄೳ

20. Layer: ΠϯελϯεͷଐੑΛܾΊΔΑ͏ͳ֓೦ʢWebαʔόɺόοναʔόͳͲʣ αϒωοτɺηΩϡϦςΟάϧʔϓɺChef ͷϨγϐΛׂΓ౰ͯΔ ELB ͸ϨΠϠ͝ͱʹ෇༩Ͱ͖Δ Πϯετʔϧ͢Δύοέʔδ΋ࢦఆՄೳʢChef Solo ͱ؅ཧ͕෼ࢄ͠ͳ͍Α͏ʹ ஫ҙʣ

21. LifeCycleEvents: શ෦Ͱ5ͭͷϥΠϑαΠΫϧ͕͋ΓɺΠϯελϯεͷঢ়گʹ Ԡͯ͡ɺϨΠϠʔ͝ͱʹઃఆ͞ΕͨϨγϐ͕࣮ߦ͞ΕΔɿ Setup
 Πϯελϯεىಈ࣌ʹ1౓ͷΈ࣮ߦ͞ΕΔ Configure
 ଞͷΠϯελϯε͕ىಈɾఀࢭ͞Εͨ৔߹ʹ࣮ߦ͞ΕΔ
 ॳճىಈ࣌ʹ΋࣮ߦ͞ΕΔ Deploy
 ΞϓϦέʔγϣϯͷσϓϩΠ࣌ʹ࣮ߦ͞ΕΔ


    ॳճىಈ࣌ʹ΋࣮ߦ͞ΕΔ Undeploy
 ΞϓϦέʔγϣϯͷ࡟আ࣌ʹ࣮ߦ͞ΕΔ Shutdown
 Πϯελϯεͷఀࢭ࣌ʹ࣮ߦ͞ΕΔ

22. 1. ϓϩϏδϣχϯάπʔϧͱ͸ 2. OpsWorks ͱ͸ 3. ࣮ࡍʹ OpsWorks Λ࢖ͬͯΈͯ

23. ✅ Α͔ͬͨͱ͜Ζ Πϯελϯεͷঢ়گ΍ɺϨΠϠʹׂΓ౰͍ͨͬͯΔ ELB ͕ՄࢹԽ͞ΕΔ ͲͷΠϯελϯεʹ໰୊͕͋Δ͔ɺҰ໨Ͱ෼͔Δ νʔϜʹ৽͍͠ਓ͕ՃΘͬͨࡍ΋ɺݹ͍υΩϡϝϯτΛݟΔΑΓ෼͔Γ΍͍͢͸ͣ ʢωοτϫʔΫਤ͸ผͰ͢ʣ Configure ΠϕϯτͰଞΠϯελϯεʹ௨஌Ͱ͖Δͷ͕໘ന͍

    ελοΫશମͰ1ͭͷΞϓϦέʔγϣϯΛߏங͢Δɺ༗ػతͳಈ͖ʹͳΔ Deploy, Undeploy Πϕϯτ΋͋ΔͷͰɺOpsWorks ࢖ͬͯΕ͹ଞͷΦʔέετϨʔγϣϯ πʔϧʢSerf ͳͲʣ͸ཁΒͳ͍͔΋ ؂ࢹ΍ϞχλϦϯάର৅Λ௥͏ͷʹศར ELB Λܦ༝ͤͣɺઃఆϑΝΠϧͰෛՙ෼ࢄͤ͞Δ৔߹ʹ΋ॏๅʢfluentd ͷ forward ͳͲʣ ϨΠϠʹ஫ҙ͕޲͘ͷͰɺΠϯελϯεΛେࣄʹ͠ͳ͘ͳΔ ॊೈʹΠϯελϯε͕ೖΕସ͑Մೳͳӡ༻ʹʢAMI ӡ༻͔Βͷ୤٫ʣ AWS ͸ڧ੍ϝϯςφϯε͕͋ΔͷͰɺΠϯελϯεೖΕସ͕͑ग़དྷΔͱศར શϨγϐ͕ͨͼͨͼ࣮ߦ͞ΕΔͱɺϨγϐʹᆍ͕͔ͿΒͳ͍

24. ❌ ΠϚΠνͳͱ͜Ζ Ϩγϐͷಈ࡞֬ೝதͷ଴͕ͪଟ͍ ৽ن Amazon AMI ͔ΒॳظઃఆΛߦ͏ͨΊɺॳճىಈ͸5෼ʙ10෼͔͔Δ ىಈதͷΠϯελϯε΁ͷϨγϐ࣮ߦ΋ɺݻఆͰ਺෼͸ֻ͔Δ ΧελϜ AMI

    ͕࢖͑ΔͷͰɺ࠷௿ݶͷॳظઃఆΛͨ͠΋ͷΛ༻ҙ͓ͯ͘͠ͷ΋Α͍͔΋ Load-based Πϯελϯεͷઃఆ͕ݪ࢝త ىಈڐՄ͢Δ࠷େΠϯελϯε਺·Ͱ͋Β͔͡Ίొ࿥͢Δͱ͍͏Ṗͷઃఆ ॳճىಈ͸5෼10෼ֻ͔ΔͷͰɺSetup Πϕϯτ͚ͩࡁ·͓ͤͯ͘ͷ͕Α͍Β͍͕͠ɺ࠷ େෛՙΛֻ͚Δඞཁ͕͋ΔͷͰ͔ͳΓΊΜͲ͍͘͞ AutoScaling ࢖͍͍ͨͰ͢ EIPʢݻఆIPʣ Λؒҧͬͯফͯ͠͠·͏͜ͱ͕͋Δ EC2 ͩͱΠϯελϯεΛ terminate ͯ͠΋ EIP ͸ফ͑ͳ͍͕ɺOpsWorks Ͱ͸ফ͑Δ ελοΫΛލ͍ͩҰׅσϓϩΠ͸Ͱ͖ͳ͍ ૉ௚ʹ API ࢖͍·͠ΐ͏

25. ͝ਗ਼ௌ ͋Γ͕ͱ͏͍͟͝·ͨ͠ m(_ _)m

26. ࢀߟจݙ ChefͱOpsWorksͰ EC2 ָνϯΫοΩϯά! / Ϋϥεϝιουגࣜձࣾ
 http://www.slideshare.net/classmethod/20130513-21235033?related=1 Πϯϑϥܥٕज़ͷྲྀΕ / @gosukenator

    ࢯ
 http://mizzy.org/blog/2013/10/29/1/ What is AWS OpsWorks?
 http://docs.aws.amazon.com/opsworks/latest/userguide/welcome.html ʲAWSൃදʳAWS OpsWorks - ChefΛ࢖ͬͯॊೈʹΫϥ΢υ಺ͷΞϓϦέʔγϣϯ؅ཧ͕Ͱ͖ Δ৽αʔϏεΛൃද
 http://aws.typepad.com/aws_japan/2013/02/aws-opsworks-flexible-application-management-in- the-cloud.html