Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Terraform at Wantedly (Tech-Circle #12)
Search
Daisuke Fujita
January 29, 2016
Programming
2
760
Terraform at Wantedly (Tech-Circle #12)
Tech-Circle #12 Terraform Handson での LT 発表資料です
http://techcircle.connpass.com/event/25496/
Daisuke Fujita
January 29, 2016
Tweet
Share
More Decks by Daisuke Fujita
See All by Daisuke Fujita
SREcon19 Asia/Pacific Recap
dtan4
0
150
Our Practices of Delegating Ownership in Microservices World
dtan4
4
8.8k
Kubernetes Cluster Upgrade / Mercari Meetup for Microservices Platform
dtan4
3
4.5k
KubeCon EU 2018 Recap: Multi-Tenancy in Kubernetes: Best Practices Today, and Future Directions / Kubernetes Meetup Tokyo 11 #k8sjp
dtan4
1
1.8k
Wantedly から Chef を一掃した話 / #chibadan
dtan4
24
11k
さようなら Chef こんにちは Dockerfile / Web Tech Tokyo #1
dtan4
6
7k
Docker をフル活用したインフラの紹介と成長し続けるためのインフラ戦略 / #abejameetup
dtan4
19
3.9k
Docker Compose PaaS の作り方、そして社内に導入した話 / #yapc8oji
dtan4
1
8.2k
Writing Kubenetes tools in Go
dtan4
1
3.5k
Other Decks in Programming
See All in Programming
LLM生成文章の精度評価自動化とプロンプトチューニングの効率化について
layerx
PRO
2
170
【Kaigi on Rails 2024】YOUTRUST スポンサーLT
krpk1900
1
300
Realtime API 入門
riofujimon
0
140
A Journey of Contribution and Collaboration in Open Source
ivargrimstad
0
410
Pinia Colada が実現するスマートな非同期処理
naokihaba
4
200
Quine, Polyglot, 良いコード
qnighy
4
610
Hotwire or React? ~Reactの録画機能をHotwireに置き換えて得られた知見~ / hotwire_or_react
harunatsujita
8
5k
Why Jakarta EE Matters to Spring - and Vice Versa
ivargrimstad
0
570
Content Security Policy入門 セキュリティ設定と 違反レポートのはじめ方 / Introduction to Content Security Policy Getting Started with Security Configuration and Violation Reporting
uskey512
1
480
GCCのプラグインを作る / I Made a GCC Plugin
shouth
1
160
開発効率向上のためのリファクタリングの一歩目の選択肢 ~コード分割~ / JJUG CCC 2024 Fall
ryounasso
0
420
CSC509 Lecture 09
javiergs
PRO
0
140
Featured
See All Featured
Fashionably flexible responsive web design (full day workshop)
malarkey
404
65k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
109
49k
Git: the NoSQL Database
bkeepers
PRO
427
64k
[RailsConf 2023] Rails as a piece of cake
palkan
51
4.9k
Building Better People: How to give real-time feedback that sticks.
wjessup
364
19k
KATA
mclloyd
29
14k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
32
1.8k
How to Ace a Technical Interview
jacobian
276
23k
Optimising Largest Contentful Paint
csswizardry
33
2.9k
How GitHub (no longer) Works
holman
310
140k
The Language of Interfaces
destraynor
154
24k
Transcript
TERRAFORM at WANTEDLY 2016-01-29 Tech-Circle #12 Terraform Handson @dtan4
Daisuke Fujita @dtan4 Πϯλʔϯ @ΠϯϑϥνʔϜ
None
None
Terraform flow @ Wantedly since May 2015
Terraform Ͱཧ͍ͯ͠Δ 28 resource types aws_customer_gateway aws_db_instance aws_db_parameter_group aws_db_security_group aws_db_subnet_group
aws_elasticache_cluster aws_elasticache_subnet_group aws_elb aws_iam_group aws_iam_group_membership aws_iam_group_policy aws_iam_role aws_iam_role_policy aws_iam_user aws_iam_user_policy aws_instance aws_internet_gateway aws_network_acl aws_route_table aws_route_table_association aws_s3_bucket aws_security_group aws_subnet aws_vpc aws_vpn_connection aws_vpn_connection_route aws_vpn_gateway dnsimple_record
Terraform Ͱཧ͍ͯ͠Δ AWS 224 DNSimple 169 393 resources
Terraform ڥ GitHub wercker S3 remote backend Vagrant CoreOS Docker
quay.io/wantedly/terraform 3FNPUF -PDBM
Terraform flow Terraform ίʔυΛॻ͍ͯ Pull Request Λग़͢
Terraform flow Terraform ίʔυΛॻ͍ͯ Pull Request Λग़͢
Terraform flow CI Ͱςετ (terraform plan) ͕Δ
Terraform flow CI Ͱςετ (terraform plan) ͕Δ
Terraform flow ΠϯϑϥνʔϜ͕ϨϏϡʔͯ͠ Merge
Terraform flow CI Ͱ࣮ڥͷద༻ (terraform apply) ͕ߦΘΕΔ
e.g. DNS ϨίʔυՃ
e.g. IAM ϢʔβՃ ৽͍͠։ൃϝϯόʔͷ௨աّྱ
e.g. GitHub ্Ͱ֬ೝͰ͖ͯศར
Terraform ಋೖͷաఔ
ಋೖͨ͠ܦҢ • Management Console ϙνϙνۀ͔Βͷ٫ • ΠϯϑϥνʔϜͷ࡞ۀूத͔Βͷ٫ • ߏங࡞ۀͷཤྺΛ͍ͨ͠ •
ϦιʔεҰཡΛ ͩΕͰ؆୯ʹݟΒΕΔΑ͏ʹ͍ͨ͠ • ϦιʔεෳΛָʹ͍ͨ͠ • AWS ͱ DNSimple Ұॹʹѻ͑ͯศར
Ұ͔ΒΠϯϑϥߏஙϦϓϨʔεͰͳ͘ɺ ͍·ಈ͍͍ͯΔΠϯϑϥϦιʔε ΛίʔυԽ͍ͨ͠ resource "aws_instance" "app" { count = 4
ami = "ami-408c7f28" instance_type = "t1.micro" } resource "aws_instance" "app" { count = 4 ami = "ami-408c7f28" instance_type = "t1.micro" }
ݱߦڥͷ Terraform ಋೖ https://github.com/hashicorp/terraform/issues/581
ݱߦڥͷ Terraform ಋೖ https://github.com/hashicorp/terraform/issues/581 طଘϦιʔε͔Β Terraform ίʔυ Λੜ͢Δػೳ࣮͞Ε͍ͯͳ͍
ݱߦڥͷ Terraform ಋೖ ex: hoge ͱ͍͏ S3 bucket ͕͋ͬͨͱ͖ resource
"aws_s3_bucket" "hoge" { bucket = "hoge" acl = "private" } { "version": 1, "serial": 1, "modules": { "path": [ "root" ], "outputs": { }, "resources": { "aws_s3_bucket.hoge": { "type": "aws_s3_bucket", "primary": { "id": "hoge", "attributes": { "acl": "private", "bucket": "hoge", "id": "hoge" } } } } } } TUG UFSSBGPSNUGTUBUF
ݱߦڥͷ Terraform ಋೖ ex: hoge ͱ͍͏ S3 bucket ͕͋ͬͨͱ͖ resource
"aws_s3_bucket" "hoge" { bucket = "hoge" acl = "private" } { "version": 1, "serial": 1, "modules": { "path": [ "root" ], "outputs": { }, "resources": { "aws_s3_bucket.hoge": { "type": "aws_s3_bucket", "primary": { "id": "hoge", "attributes": { "acl": "private", "bucket": "hoge", "id": "hoge" } } } } } } TUG UFSSBGPSNUGTUBUF tfstate (JSON) ਓྗͰॻ͘ͷݫ͍͠
Export existing AWS resources to Terraform style (tf, tfstate) dtan4/terraforming
Terraforming • طଘͷ AWS / DNSimple Ϧιʔε͔Β Terraform ͷίʔυ (tf,
tfstate) Λੜ͢Δ ίϚϯυϥΠϯπʔϧ • 29छྨͷ AWS ϦιʔεʹରԠ • Wantedly ͷ Terraform ίʔυͷେΛੜ • Issue & Pull Request ͓·ͪͯ͠·͢ʂ dtan4/terraforming $ gem install terraforming # or $ docker pull quay.io/dtan4/terraforming
None
Terraforming • S3 buckets ͷ tf Λੜ • S3 buckets
ͷ tfstate Λੜ • S3 buckets ͷ tfstate Λੜ͠ɺ طଘͷ terraform.tfstate ͱϚʔδ $ terraforming s3 $ terraforming s3 --tfstate \ --merge=/path/to/terraform.tfstate $ terraforming s3 --tfstate dtan4/terraforming
http://qiita.com/dtan4/items/345c56281ab0e87d6646
ૺ۰ͨ͠
terraform plan ͕৴༻ग़དྷͳ͍ • HCL ͷγϯλοΫενΣοΫͱ Terraform ύϥϝʔλͷνΣοΫͷΈɺ API ͷ
dry-run ͠ͳ͍ • terraform plan ͕௨ͬͯɺύϥϝʔλ͕ AWS తʹෆਖ਼Ͱ terraform apply ʹࣦഊ͢Δ • CI Ͱʮςετʯ͍ͯ͠Δҙຯ͕…
terraform plan ͕৴༻ग़དྷͳ͍ • AWS ͷυΩϡϝϯτಡ·ͳ͍ͱ͍͚ͳ͍ • terraform apply ࣦഊͯ͠ϦΧόϦͰ͖Δ
ΈΛ࡞Δ • खݩͰ apply Ͱ͖Δڥ
ELB ԼͷΠϯελϯε͕ ҙਤͤͣஔ͖ΘΔ • Terraform ͷ ELB resource Δ͢ΠϯελϯεΛ໌ࣔతʹॻ͘ඞཁ͋Γ
• Wantedly ͰࣗલπʔϧͰ Πϯελϯεͷ૿ݮɺELB ͷΔ͠Λߦ͏ • Terraform ίʔυͱ࣮ࡍͷڥʹࠩҟ͕ग़Δ
ELB ԼͷΠϯελϯε͕ ҙਤͤͣஔ͖ΘΔ • සൟʹΠϯελϯε͕ஔ͖ΘΔ ELB Terraform Ͱཧ͠ͳ͍͜ͱʹͨ͠ •
֎෦Ͱಈతͳมߋ͕͋Γ͏ΔϦιʔε ͋͑ͯཧ͠ͳ͍ • Terraform v0.6.4 Ͱ ignore_changes ͕ಋೖ resource "aws_elb" "foo" { lifecycle { ignore_changes = ["instances"] } }
IAM ϢʔβআͰࣦഊ • IAM ϢʔβࣗମΛফ͢લʹΫϨσϯγϟϧ ϩάΠϯϓϩϑΝΠϧΛফ͢ඞཁ͕͋Δ • Terraform ͦΜͳͷ͓ߏ͍ͳ͠ʹ delete-user
͠Α͏ͱ͢Δ • खಈͰґଘϦιʔεΛফ্ͨ͠Ͱ apply http://docs.aws.amazon.com/ja_jp/IAM/latest/UserGuide/Using_DeletingUserFromAccount.html
·ͱΊ
·ͱΊ • Wantedly ͷΠϯϑϥ Terraform Ͱཧ͞Ε͍ͯ·͢ʂ • ݱߦΠϯϑϥΛ Terraform Ͱཧ͢ΔͨΊʹ
Terraforming ͱ͍͏πʔϧΛ։ൃ͠·ͨ͠ • ͯ͢Λ Terraform ʹ͖ͤͬΓʹ͠ͳ͍