Ansible と AWS Lambda/cirasu_ansible_tettei_nyumon_1

Transcript

1. Ansible ͱ AWS Lambda CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1 1 CIRASUʢ͠Β͢ʣAnsible

   పఈೖ໳ ྠಡ΋͘΋͘ձ #1

2. ͋Μͨ୭Ͷʁ • ઒ݪ ༸ฏ(͔ͬͺͱݺΜͰͶ ! ) • iret גࣜձࣾ cloudpack

   ࣄۀ෦ • AWS Πϯϑϥͷӡ༻อकΛੜۀͱ͠ ͓ͯΓ·͢ • twitter : @inokara • Facebook : inokappa • ޷͖ͳΨϯμϜ : మ݂ͷΦϧϑΣϯζ Ansible ·ͩ·ͩॳ৺ऀͰ͢... 2 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

3. CIRASU ͬͯͳΜͶʁ ෱ԬͰ Infrastructure as code ΍ Configuration as code

   ɺSite Reliability Engineering (SRE)ɺDevOps ͳͲΠϯϑϥٕज़ऀΛऔΓר ٕ͘ज़ɾӡ༻ʹ͍ͭͯͷ৘ใΛ ΏΔʙ͘ ڞ༗ɾษڧ͢Δίϛϡχ ςΟͰ͢. 3 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

4. ࠓ೔ͷ࿩͠͸ͳΜͶʁ Ansible పఈೖ໳ 7 ষΛಡΜͰ͍ͯ... • Ansible Ͱ AWS Ϧιʔε͕͍͡ΕΔͷ͔ʂ

   ͱ͍͏͜ͱͰɺAWS Lambda ͷσϓϩΠ΍ߋ৽࡞ۀʹ࢖͑ͳ͍͔ ࢼߦࡨޡͯ͠Έ·ͨ͠. 4 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

5. ͰɺͲΜͳ࿩͠Λͬ͢ͱ΍ʁ 1. AWS Lambda ΛσϓϩΠ͢Δ࣌ͷ೰Έ 2. Ansible Ͱ Lambda Λૢ࡞ͯ͠Έͨ

   ʙಋೖʙ 3. Ansible Ͱ Lambda Λૢ࡞ͯ͠Έͨ ʙ࣮૷ʙ 4. ͕࣌ؒ͋ͬͨΒ Demo 5. ·ͱΊ 5 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

6. ຊࢿྉͰར༻ͨ͠؀ڥ ຊࢿྉͰར༻ͨ͠ Python ٴͼ Ansible όʔδϣϯ͸ҎԼͷ௨Γ. $ python --version Python

   2.7.13 $ ansible --version ansible 2.2.1.0 config file = /path/to/.ansible.cfg configured module search path = Default w/o overrides 6 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

7. AWS Lambda Λ σϓϩΠ͢Δ࣌ͷ೰Έ 7 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

8. AWS Lambdaʁ • ΋͸΍આ໌ෆཁʢͩͱࢥͬͯ·͢ʣ • αʔόϨείϯϐϡʔςΟϯάͷத֩Λ୲͏ΞϓϦέʔγϣϯ ࣮ߦ؀ڥΛఏڙ͢ΔαʔϏε • ΞϓϦέʔγϣϯΛ࣮ߦͨ࣌ؒ͠ͱ࢖༻ϝϞϦ༰ྔͰ՝ۚ •

   Node.js (JavaScript)ɺPythonɺ͓Αͼ Java (Java 8 ޓ׵)ɺͦͯ͠ C# Λαϙʔτ͍ͯ͠Δ ※ ҎԼɺAWS Lambda ͸ Lambda ͱهࡌ͠·͢. 8 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

9. Lambda Λಈ͔͢·Ͱͷ todo 1. ؔ࿈ύοέʔδΛ४උ 2. ΞϓϦέʔγϣϯͱؔ࿈ύοέʔδΛ zip ͰݻΊΔ 3.

   IAM Role ͷ࡞੒(ॳճͷΈ) 4. Lambda Function ͷ࡞੒(ॳճͷΈ) 5. zip ϑΝΠϧΛΞοϓϩʔυ 6. Πϕϯτ༻ͷݖݶΛ෇༩(ॳճͷΈɺඞཁͰ͋Ε͹) 9 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

10. ͓ɺಈ͔͢ͷͬͯ ҙ֎ʹ໘౗ͩͳ͋ ※͋͘·Ͱ΋ݸਓతͳݟղͰ͢. 10 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

11. Lambda ͷ؅ཧπʔϧ ز͔ͭ OSS Ͱެ։͞Ε͍ͯΔ. • serverless/serverless(https:/ /github.com/serverless/serverless) • apex/apex(https:/

    /github.com/apex/apex) • awslabs/chalice(https:/ /github.com/awslabs/chalice) • marcy-terui/lamvery(https:/ /github.com/marcy-terui/lamvery) • rackerlabs/lambda-uploader(https:/ /github.com/rackerlabs/ lambda-uploader) 11 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

12. ͓ɺͲΕ͕ ͍͍ΜͩΖʁ ※खʹೃછΉ΋ͷΛ୳͢ఔ Lambda ͱͷؔΘΓ͕গͳ͍ͱ͍͏͜ͱ΋͋Δ͔ͳ... 12 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

13. apex ͱ͍͏ͷ͕ྑ͍ͱڭ͑ͯ௖͍ͨ ΜͰ͕͢ɺະͩࢼͤͣ. օ͞Μ͸Ͳͷ πʔϧΛར༻͞Ε͍ͯ·͢Ͱ͠ΐ͏ ͔ʁ 13 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ

    #1

14. ͱ͍͏͜ͱͰɺࠓ·Ͱ؅ཧπʔϧΛ ࢼ͢͜ͱΛͤͣɺͱΓ͋͑ͣͰ࡞ͬͨ Bash ͷԶԶσϓϩΠπʔϧΛ࡞ͬͯ ؅ཧ(σϓϩΠ)͍ͯ͠·͕͢... 14 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

15. ԶԶσϓϩΠπʔϧͷݶք • ൚༻తʹ࡞Ε͍ͯͳ͍ͷͰɺLambda Function ຖʹγΣϧεΫϦ ϓτΛ༻ҙ͠ͳ͚Ε͹... • ࣗ෼Ҏ֎ͷϝϯόʔʹ΋࿔ͬͯ΋Β͏͜ͱ΋૝ఆ͠ͳ͚Ε͹͍ ͚ͳ͍... •

    ͦ΋ͦ΋ɺႈ౳ੑ͕৺഑(ႈ౳ੑΛ୲อ͠Α͏ͱ͢Δͱπʔϧͷ ίʔυྔ΋૿͑Δ) 15 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

16. ͱ͍͏͜ͱͰ... 16 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

17. Ansible Ͱ Lambda Λૢ࡞ͯ͠Έͨ ʙಋೖʙ 17 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

18. Ansible for AWS • AWS ϞδϡʔϧͰ AWS ͷ֤छϦιʔεΛૢ࡞͢Δ͜ͱ͕ग़དྷΔ • Ansible

    2.2 Ͱ 80 छྨҎ্ͷϞδϡʔϧ͕༻ҙ͞Ε͍ͯΔ • EC2 ͸౰વͷ͜ͱͳ͕ΒɺS3 ΍ Lambda ΍ IAM ΋ૢ࡞Մೳʂ 18 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

19. AWS Ϟδϡʔϧͷ࢝Ίํ ඞཁͳ΋ͷ͸ҎԼͷ௨ΓͰ͢. • AWS SDK for Python(boto) • AWS

    API Λૢ࡞ग़དྷΔ IAM Ϣʔβʔ༻ͷΞΫηεΩʔͱγʔΫ ϨοτΞΫηεΩʔ΋͘͠͸ IAM Role 19 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

20. Playbook ͷ࣮ߦྫ(1) ؀ڥม਺ AWS_ACCESS_KEY_ID ʹೝূ৘ใΛಥͬࠐΉύλʔϯ. export AWS_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx export AWS_SECRET_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxxxxxxxxxx export

    AWS_REGION=ap-northeast-1 ansible-playbook sample-playbook.yml Playbook ࣗମʹೝূํ๏ΛຒΊࠐΉํ๏΋͋Γ·͕͢ɺඇਪ঑ͩ ͱࢥ͍ͬͯ·͢. 20 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

21. Playbook ͷ࣮ߦྫ(2) ม਺ʹ AWS_PROFILE ʹ Shared Credentials File ʹهࡌ͞Εͨ Profile

    ໊Λࢦఆ͢Δύλʔϯ. AWS_PROFILE=your-profile \ AWS_REGION=ap-northeast-1 \ ansible-playbook sample-playbook.yml ద੾ͳݖݶ͕෇༩͞Εͨ IAM Role ͕෇͍ͨ EC2 ͔Β࣮ߦ͢Δ৔߹ ʹ͸ɺ؀ڥม਺౳ʹࢦఆ͢Δඞཁ͸͋Γ·ͤΜ. 21 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

22. Playbook ͷྫ Lambda Function ࡞੒͢Δ Playbook ͷൈਮͰ͢. - name: Create

    lambda function lambda: name: '{{ lambda_name }}' zip_file: '{{ function_dir }}/lambda.zip' handler: lambda_function.lambda_handler runtime: python2.7 role: '{{ role_arn }}' timeout: '{{ lambda_timeout }}' when: not ansible_check_mode 22 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

23. Ansible Ͱ Lambda Λૢ࡞ͯ͠Έͨ ʙ࣮૷ʙ 23 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

24. ײँ ໨Ұഋࢀߟʹͤͯ͞௖͖·ͨ͠. 24 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

25. sample Playbook ΍ Lambda Function ͸ҎԼʹΞοϓ͍ͯ͠·͢. • https:/ /github.com/inokappa/ansible-sample-prj-lambda 25

    CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

26. Lambda Λಈ͔͢·Ͱͷ todo(࠶ܝ) 1. ؔ࿈ύοέʔδΛ४උ 2. ΞϓϦέʔγϣϯͱؔ࿈ύοέʔδΛ zip ͰݻΊΔ 3.

    IAM Role ͷ࡞੒(ॳճͷΈ) 4. Lambda Function ͷ࡞੒(ॳճͷΈ) 5. zip ϑΝΠϧΛΞοϓϩʔυ 6. Πϕϯτ༻ͷݖݶΛ෇༩(ॳճͷΈɺඞཁͰ͋Ε͹) 26 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

27. Role ͰͦΕͧΕΛ෼ׂ ग़དྷΔ͚ͩ൚༻తʹ͔ͨͬͨ͠ͷͰɺRole Ͱ෼ׂͯ͠Έ·ͨ͠ɻ $ tree roles roles !"" cloudwatch_event

    # $"" tasks # $"" main.yml !"" iam # $"" tasks # $"" main.yml $"" lambda $"" tasks $"" main.yml 6 directories, 3 files 27 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

28. Role Ͱར༻͢Δม਺Λ Playbook ʹ - hosts: 127.0.0.1 connection: localhost roles:

    - iam - lambda - cloudwatch_event vars: function_dir: '/path/to/sample' function_handler_name: 'sample.sample_handler' ... cloudwatch_event_schedule_expression: cron(* * * * ? *) ͜ͷ Playbook ͸ Lambda Function ຖʹ༻ҙ͢Δ͜ͱʹͳΓ·͢. 28 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

29. IAM Role ͷ Policy ͸ JSON Ͱ؅ཧ ! - name:

    Create role iam_role: name: '{{ iam_role_name }}' assume_role_policy_document: "{{ lookup( 'file' , iam_role_policy_file ) }}" state: present - name: Attatch policy iam_policy: iam_type: role iam_name: '{{ iam_role_name }}' state: present policy_name: '{{ iam_policy_name }}' policy_json: "{{ lookup( 'file', iam_policy_file) }}" 29 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

30. Ϟδϡʔϧ͕... ! • Facts Ϟδϡʔϧͷग़ྗΛղੳ͢Δͷ͕໘౗... • ϞδϡʔϧʹΑͬͯग़ྗϑΥʔϚοτ͕ҧ͏ͷ΋πϥΠ • Lambda Function

    ΍ IAM Role ͷ ARN ͚ͩΛऔಘ͢ΔϞδϡʔϧ ͕ແ͔ͬͨͷͰࣗ࡞ • Lambda Function Λ࡞ΔϞδϡʔϧ͕ݹ͔ͬͨ...(Function ͷߋ৽ ͕ग़དྷͳ͔ͬͨ) 30 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

31. Demo ࢀߟʹͤͯ͞௖͍ͨ Qiita هࣄΛਅࣅͯɺCloudWatch Event Ͱఆظ తʹ࣮ߦ͢Δ Lambda Function ΛσϓϩΠͯ͠Έ͍ͨͱࢥ͍·͢.

    AWS_PROFILE=xxxxxxxx \ AWS_REGION=ap-northeast-1 \ ansible-playbook demo.yml 31 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

32. ·ͱΊ 32 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

33. Ansible Ͱ Lambda Λ؅ཧ͢Δ ! • Ansible ͷૢ࡞ײͦͷ··Ͱૢ࡞Մೳ • Lambda

    ͷߏ੒Λ YAML Ͱ؅ཧ͢Δ͜ͱ͕ग़དྷΔ • ԶԶ؅ཧπʔϧΑΓ΋യવͱͨ҆͠৺ײ͕͋Δ • ଞͷ؅ཧπʔϧͱ͘Β΂ͯͲ͏ͳΜͩΖ... 33 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

34. Ansible Ͱ Lambda Λ؅ཧ͢Δࡍͷ ! • Ϟδϡʔϧ͕αϙʔτ͍ͯ͠ͳ͍ AWS Ϧιʔε͕͋Δ •

    ԶԶϞδϡʔϧ΍ AWS CLI Ͱิ͏ඞཁ͕͋Δ • ൚༻తʹ͠Α͏ͱ͢Ε͹͢Δఔ໘౗͍͘͞ • ສೳͰ͸ແ͍ • ग़དྷͳ͍ͱ͜Ζ͸ɺग़དྷΔٕज़ͰͳΜͱ͔͢Δ͔͠ͳ͍ 34 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

35. ࢀߟ • http:/ /www.shoeisha.co.jp/book/detail/9784798149943 ! • http:/ /qiita.com/kikusumk3/items/119bfb2da854c2b83791 ! 35

    CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1

36. ͓ΘΓ 36 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡ΋͘΋͘ձ #1