My Redmine Gen.2を支えるインフラストラクチャー

Transcript

1. .Z
   3FENJOF
   (FO
   Λ
   ࢧ͑ΔΠϯϑϥετϥΫνϟʔ 'BS
   &OE
   5FDIOPMPHJFT
   $PSQPSBUJPO

2. ࣗݾ঺հɾձࣾ঺հ
   αʔϏε঺հ

3. ٢Ԭ
   ོߦ
   5BLBZVLJ
   :PTIJPLB ॴଐ
   ϑΝʔΤϯυςΫϊϩδʔʢגʣ
   ίϛϡχςΟʔ
   .BUTVFSC
   +"846(
   4IJNBOF
   ޷͖ͳαʔϏε
   "84
   "NQMJGZ

4. ϑΝʔΤϯυςΫϊϩδʔגࣜձࣾ ॴࡏ஍ ίΞϏδωε 044ؔ࿈ ౡࠜݝদߐࢢʢ೥݄ઃཱʣ 4BB4ఏڙ 3FENJOFվળ׆ಈɺ3FENJOF+1
   ͷӡӦ

5. w೥݄
   αʔϏε։࢝
   wࠃ಺໿༷ࣾʹ͝ఏڙ
   w3FENJOFͷίϛολʔ͕ࡏ੶
   w࠾༻ύονͷ൒਺Ҏ্͕ฐࣾ։ൃ

6. None

7. ֓ཁ w ೥݄͔Β.Z
   3FENJOFͷΠϯϑϥ؀ڥΛ࠶ߏங͠ ͖ͯ·ͨ͠ɻͦͯ͠೥݄ʹ.Z
   3FENJOF
   (FOͱ ͯ͠ϦϦʔε͞Εͯ൒೥͕ܦա͠·ͨ͠ɻ
   w ࠓճ͸Πϯϑϥʹ࢖༻͞Ε͍ͯΔٕज़ͱαʔϏεʢओʹ "84ʣͷ͍͔ͭ͘ΛϐοΫΞοϓ͠ɺօ༷ʹ͝঺հͰ͖ Ε͹ͱࢥ͍·͢ɻ
   w

   ஫ҙʣίϯςφʢ%PDLFSʣؔ࿈ͷ࿩͕ଟ͘ͳΔ͔ͱࢥ͍ ·͕͢͝ཧղ͍ͩ͘͞ɻ

8. ΞδΣϯμ  શମߏ੒
    ར༻αʔϏε
    ߏஙͷϙΠϯτ
    3FENJOF 3BJMT

   ͷίϯςφԽ
    Ϛϧνςφϯτʹ͍ͭͯ

9. શମߏ੒

10. SBJMT
    DPOTPMF
    SBLF
    UBTL
    ʜ

11. None

12. ར༻αʔϏε

13. .BOBHFE
    4FSWJDF "84ͷ੹೚ൣғͷͳΔ΂͘޿͍αʔϏεΛબ୒ αʔόʢ෺ཧʣ ωοτϫʔΫʢ෺ཧʣ 04ͷ؅ཧ ϛυϧ΢ΣΞ ৑௕ԽɾόοΫΞοϓ ΞϓϦέʔγϣϯ ར༻ʢ"1*ʣ &$

    'BSHBUF
    -BNCEB
    FUDʜ 3%4
    3PVUF
    4
    FUDʜ ͳΔ΂͘͜ͷลΓͷαʔϏεΛ࢖͏

14. ίϯςφʢ%PDLFSʣͷ
    ΦʔέετϨʔγϣϯαʔϏεͷબ୒

15. "84
    &$4ʢ"NB[PO
    &MBTUJD
    $POUBJOFS
    4FSWJDFʣ $MVTUFS
    
    'BSHBUFͷ৔߹͸ωʔϜεϖʔεͷΑ͏ͳ΋ͷ
    4FSWJDF
    
    λεΫͷ؅ཧɺεέδϡʔϧϯάͳͲ
    5BTL
    
    
    
    
    
    σϓϩΠͷ࠷খ୯Ґʢෳ਺ͷίϯςφΛ؅ཧʣ 'BSHBUF

16. 'BSHBUFͷಛ௃ w αʔόʔϨεͳͷͰϗετ04ͷ؅ཧෆཁɻ
    ʢηΩϡϦςΟͷύον౰ͯͳͲʣ
    w εέʔϧ࣌ͷΩϟύγςΟʔΛ༨෼ʹ࣋ͨͳͯ͘΋ྑ͍ɻ
    w 44)ͰϩάΠϯͰ͖ͳ͍ɻ

17. ͦͷଞɺओཁαʔϏε Step Functions EC2 Lambda Aurora CodeBuild CodeCommit CodePipeline CloudFormation

    S3 S3 Glacier CloudWatch SNS SQS 3FENJOF पลγεςϜ Athena Kinesis Data Firehose AppSync Elastic Container Registry Application Auto Scaling CloudTrail Systems Manager API Gateway Amplify Secrets Manager AWS WAF Fargate ECS ELB Route53 DynamoDB RDS σϓϩΠɾ$*$%
    αʔϏεΞΧ΢ϯτ؅ཧ

18. ߏஙͷϙΠϯτ 3FENJOFʢ3BJMTʣͷίϯςφԽ ϚϧνςφϯτͷΞʔΩςΫνϟ

19. ߏஙͷϙΠϯτ 3FENJOFʢ3BJMTʣͷίϯςφԽ ϚϧνςφϯτͷΞʔΩςΫνϟ

20. ίϯςφʹ͍ͭͯ

21. 3FENJOFΛಈ͔ͨ͢Ίʹ
    ඞཁͳ΋ͷ w 3VCZ
    ϥϯλΠϜʢ3VCZ
    ʣ
    w ґଘϛυϧ΢ΣΞʢ*NBHF.BHJD
    1PTUHSF42-ʣ
    w ґଘϥΠϒϥϦʢSBJMT
    SNBHJDL

    
    QHʣ ґଘؔ܎ΛؚΊ࣮ͨߦ؀ڥΛҰͭͷΠϝʔδʹ·ͱΊͯ͠·͏ɻ
    Πϝʔδ͝ͱσϓϩΠͰ͖Δʂ

22. ग़యɿIUUQTXXXEPDLFSDPNSFTPVSDFTXIBUDPOUBJOFS ίϯςφͱԾ૝Ϛγϯͷൺֱ

23. ίϯςφͷϝϦοτ  ։ൃ؀ڥͱຊ൪؀ڥͷҧ͍͕ͳ͘ͳΔ
     *OGSBTUSVDUVSF
    BT
    $PEF
    ʹ޲͍͍ͯΔ
     $*$%ͱ૬ੑ͕ྑ͍ʢ%FW0QTʹ޲͍͍ͯΔʣ

24. ίϯςφͷར༻ͷ஫ҙ఺ 
    ΠϝʔδΛCVJME͢Δ࡞ۀ΍؅ཧର৅͕૿͑Δ 
    ঢ়ଶΛ࣋ͨͤΔߏ੒͸೉͍͠ʢσʔλͷӬଓԽʣ

25. 3FENJOFίϯςφԽ

26. 3FENJOFͰߟྀ͕ඞཁͳ͜ͱ
    ʢӬଓԽ͕ඞཁͳσʔλʣ w%#ʢσʔλϕʔεʣ
    wϩά
    wఴ෇ϑΝΠϧ

27. %#ʢσʔλϕʔεʣʹ͍ͭͯ 3%4
    "VSPSB
    1PTUHSF42-
    ޓ׵ΤσΟγϣϯ

28. -PHͷѻ͍ 4JEFDBS
    1BUUFSOʢίϯςφΛೋͭ࢖༻ʣͰ
    ϩάऩू༻ίϯςφʢqVFOUEʣΛ࢖༻ͯ͠ϩάͷऩू

29. ఴ෇ϑΝΠϧ "NB[PO
    4 "NB[PO
    &'4 ΞϓϦέʔγϣϯͷมߋ͕ෆཁ ΞϓϦέʔγϣϯͷมߋ͕ඞཁ
    ʢϓϥάΠϯͳͲʣ ϥϯχϯάίετ͕͍҆ ϥϯχϯάίετ͕ߴΊ ͦ΋ͦ΋։ൃ౰࣌'BSHBUFͰ͸&'4࿈ܞ͕Ͱ͖ͳ͔ͬͨɻ ީิͷൺֱ

30. ఴ෇ϑΝΠϧ ఴ෇ϑΝΠϧͷอଘઌΛ4ʹͰ͖Δ
    1MVHJOΛ։ൃʢSFENJDB@Tʣ

31. ։ൃ
    ཪ࿩ʢۤ࿑࿩ʣ pMFT
    ఴ෇ϑΝΠϧ͕อଘ
    UNQUIVNCOBJMT
    ఴ෇ϑΝΠϧͷαϜωΠϧ͕อଘɻ
    UNQJNQPSUT
    $47Πϯϙʔτ࣌ʹҰ࣌ϑΝΠϧ͕อଘɻ ᵓᴷᴷ
    BQQ
    ᴹ
    
    
    ᵓᴷᴷ
    DPOUSPMMFST
    ᴹ
    
    
    ᵓᴷᴷ
    IFMQFST
    

    ᴹ
    
    
    ᵓᴷᴷ
    NPEFMT
    ᴹ
    
    
    ᵋᴷᴷ
    WJFXT
    ᵓᴷᴷ
    pMFT
    ᴹ
    
    
    ᵓᴷᴷ
    YYYYYYY
    ᴹ
    
    
    ᵓᴷᴷ
    YYYYYYY
    ᴹ
    
    
    ᵋᴷᴷ
    YYYYYYY
    ᵋᴷᴷ
    UNQ
    
    
    
    
    
    
    ᵓᴷᴷ
    DBDIF
    
    
    
    
    
    
    ᵓᴷᴷ
    JNQPSUT
    
    
    
    
    
    
    ᵋᴷᴷ
    UIVNCOBJMT

32. https://github.com/redmica/redmica_s3

33. ߏஙͷϙΠϯτ 3FENJOFʢ3BJMTʣͷίϯςφԽ ϚϧνςφϯτͷΞʔΩςΫνϟ

34. ϗεςΟϯάαʔϏε
    ʢ4BB4ʣ
    ϏδωεϞσϧͷ࿩ γϯάϧςφϯτΑΓϚϧνςφϯτͰ୯ՁΛ཈͍͑ͨ
    ʢސ٬αʔό͸ݫ͍͠ɻෳ਺ͷސ٬ͰαʔόΛڞ༗͢Δʣ

35. ࣮૷ํ๏ "QBDIF
    
    1BTTFOHFS
    Λબ୒ ϓϩηε͝ͱʹ؀ڥม਺Λ੾ସ͑Δʂ

36. Ϛϧνςφϯτ  3FENJOFΛεςʔτϨεʹઃܭ
     %#αʔόΛར༻ɻϩάͱఴ෇ϑΝΠϧΛ4΁อଘ
     ઃఆ৘ใʢEBUBCBTFZNM
    TZNMʣʹ஋͸؀ڥม਺Λར༻͢Δɻ
     "QBDIFͷࢠϓϩηε͝ͱʢυϝΠϯ͝ͱʣʹઃఆ৘ใʢ؀ڥม਺ʣ͕มΘΔɻ
    

    ʢ઀ଓ͢Δ%#ɺఴ෇ϑΝΠϧͷอଘઌ͕มΘΔʣ ιʔείʔυͷڞ༗Խ͕࣮ݱ

37. ߏ੒ਤ

38. ߏ੒ਤ 
    %PDLFSىಈ࣌ʹ4͔Β
    
    
    
    
    ؀ڥม਺౳ͷ৘ใΛऔಘ

39. db: name: [db_name] user: [user_name] password: [password] s3: bucket: [user_bucket]

    folder: [user_folder] property: sub_domain: [sub_domain] limit_ips: - ‘192.168.xx.xx' - '192.168.xx.xx' ઃఆ৘ใ͸4ʹอଘ ˞αϯϓϧΠϝʔδ

40. ߏ੒ਤ 
    %PDLFSىಈ࣌ʹ4͔Β
    
    
    
    
    ؀ڥม਺౳ͷ৘ใΛऔಘ

41. $POGϑΝΠϧΛੜ੒ ˞αϯϓϧΠϝʔδ <VirtualHost *:80> ServerName siteA.example.jp DocumentRoot /var/lib/siteA/public RailsEnv production

    PassengerEnabled on SetEnv RAILS_DB db001 SetEnv RAILS_DB_USERNAME dbuser001 SetEnv RAILS_DB_PASSWORD xxxxxxxx SetEnv S3_FOLDER_NAME user001 ... </VirtualHost>

42. ߏ੒ਤ 
    %PDLFSىಈ࣌ʹ4͔Β
    
    
    
    
    ؀ڥม਺౳ͷ৘ใΛऔಘ 
    4JUF"΁ΞΫηε

43. 3FENJOFͷઃఆϑΝΠϧͷมߋ # database.yml production: adapter: postgresql database: <%= ENV['RAILS_DB'] %>

    username: <%= ENV['RAILS_DB_USERNAME'] %> password: <%= ENV['RAILS_DB_PASSWORD'] %> host: <%= ENV['RAILS_DB_HOST'] %> # s3.yml production: bucket: <%= ENV['S3_BUCKET_NAME'] %> folder: <%= ENV['S3_FOLDER_NAME'] %> ˞αϯϓϧΠϝʔδ

44. ߏ੒ਤ 
    %PDLFSىಈ࣌ʹ4͔Β
    
    
    
    
    ؀ڥม਺౳ͷ৘ใΛऔಘ 
    4JUF"΁ΞΫηε

45. ༨ஊ

46. ӡ༻ฤ w ΞϓϦέʔγϣϯͷσϓϩΠํ๏ʢখن໛ͳมߋʣ
    w ΞϓϦέʔγϣϯͷσϓϩΠํ๏ʢ.JHSBUJPO
    ͋Γͷେن໛ͳมߋʣ
    w αʔϏεΞΧ΢ϯτʢ͓٬༷ʣͷ৽نొ࿥ɾมߋɾఀࢭɾσʔλ࡟আ

47. ·ͱΊ  ར༻αʔϏε
    ˠ
    αʔόϨεɺϑϧϚωʔδυαʔϏεΛબ୒ɻ
     3FENJOF 3BJMT ͷίϯςφԽ
    ˠ
    ఴ෇ϑΝΠϧͷѻ͍͸4ϓϥάΠϯͰղܾɻ
    

    Ϛϧνςφϯτʹ͍ͭͯ
    ˠ
    ݻ༗ͷσʔλͷഉআͱιʔείʔυͷڞ༗Խɻ

48. w೥݄
    αʔϏε։࢝
    wࠃ಺໿༷ࣾʹ͝ఏڙ
    w3FENJOFͷίϛολʔ͕ࡏ੶
    w࠾༻ύονͷ൒਺Ҏ্͕ฐࣾ։ൃ

49. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ