ゼロから創る横断SREチーム 挑戦と進化の軌跡

Transcript

1. θϩ͔Β૑ΔԣஅSREνʔϜ ~௅ઓͱਐԽͷي੻~ ʮ2024/12/18 ौ୩ͰSREେ๨೥ձiʯ ϑΝΠϯσΟגࣜձࣾ ϓϩμΫτ։ൃ෦/SRE ҆ୡ ྋ(@adachin0817)

2. ࣗݾ঺հ

3. 3 ࣗݾ঺հ ҆ୡ ྋ/ @adachin0817 ɾϑΝΠϯσΟ(ג) / ϓϩμΫτ։ൃ෦/SRE ɾBlog: blog.adachin.me/wiki.adachin.me

   ɾTechBull(ٕज़ίϛϡχςΟ) techbull.cloud ɹɾʮSRE/ۦ͚ग़͠ΤϯδχΞͷϝϯλϦϯά ྦྷܭ300໊↑ʯ ɾ͔ͭͯ͸OSS൛VulsͷίϯτϦϏϡʔλʔ΍Πϕϯτओ࠵ͳͲ ɾ89೥ੜ·Εɺ౦ژ౎଍ཱ۠ग़਎Ͱ࡛ۄݝय़೔෦ࢢ͕஍ݩ ɾ࠺ͱϑϨϯνϒϧυοάͷࣂ͍ओͰ΋͋Δ

4. ձࣾ঺հ

5. 5

6. ͪͳΈʹ

7. srestͷॴײϒϩάॻ͍͍ͯΔͷͰࢀߟʹʂ

8. ͋Ε͔Β൒೥ܦͪ·ͨ͠ ৼΓฦΓ·͢ʂ✊

9. ԣஅSREνʔϜൃ଍

10. ԣஅSREνʔϜ্ཱͪ͛ʹ͍ͭͯ • ڈ೥·ͰόοΫΤϯυνʔϜ͕ΠϯϑϥΛ୲౰͍ͯͨ͠(~2023) ◦ αʔϏεͷ֦େʹ൐͍ɺόοΫΤϯυνʔϜͷϦιʔε͕ෆ଍ ◦ SREతͳվળ͕े෼ʹߦ͑ͳ͍ঢ়گ͕ଓ͍͍ͯͨͨΊɺԣஅSREνʔϜ͕ൃ଍ ◦ ݩʑόοΫΤϯυͰΠϯϑϥ୲౰͍ͯͨ͠ϝϯόʔ͸Embedded SREͱͯ͠ࢀՃ

    • ԣஅSREνʔϜ͸ݱࡏ4໊Ͱ׆ಈ(2024~) ◦ ϦʔμʔɺγχΞ໊̎ɺδϡχΞ1໊🎉 ◦ Embedded SRE͸4໊ ◦ GitHubͷΧϯόϯํࣜͰλεΫ؅ཧ͓ͯ͠Γɺேձ͸30෼Ͱ׬݁ ◦ Findy Team+ͷ׆༻ 10

11. ԣஅSREνʔϜͷҐஔ͚ͮͱϛογϣϯ • SREͷଘࡏҙٛ ◦ SRE͸ಓΛ࡞ΔͨΊʹଘࡏ͢Δ(։ൃͷεϐʔυͱ҆શੑΛཱ྆) ◦ ϦεΫΛड͚ೖΕɺ؅ཧ͢Δ(ো֐ͷϦεΫΛ࠷খݶʹ཈͑ͭͭɺޮ཰తͳӡ༻Λ໨ࢦ͢) ◦ SLOΛܭଌ͢Δ(৴པੑͷόϥϯεΛऔΔͨΊͷج४Λࡦఆ) ◦

    τΠϧͷ࡟ݮͱࣗಈԽ(Ձ஋ͷߴ͍ۀ຿ʹूதͰ͖Δ؀ڥΛఏڙ) ◦ ϓϩμΫτͷࢧԉ(։ൃεϐʔυͱ৴པੑͷόϥϯεΛอͭͨΊʹٕज़ࢧԉ) ◦ ηΩϡϦςΟͷՄࢹԽͱڧԽ(଺ࡏతͳϦεΫΛൃݟ͠ɺγεςϜΛΑΓ҆શͳঢ়ଶʹอͭ) • ୹ظϛογϣϯ ◦ ʮϑΝΠϯσΟͷࣄۀ੒௕Λࢧ͑ΔͨΊʹɺSRE૊৫ͷ͋Γํͷཱ֬ʯ • தظϛογϣϯ ◦ ʮࣾһશһ͕ࣄۀ੒௕ʹूதͰ͖ΔΑ͏ͳ࢓૊ΈΛߏங͠ɺ҆શʹఏڙʯ 11

12. ԣஅSREνʔϜ͕ҙ͍ࣝͯ͠Δ͜ͱ • ։ൃνʔϜͱͷ৴པؔ܎ͷߏங ◦ Ͱ͖ͨͯͷνʔϜ͸Φʔϓϯͳίϛϡχέʔγϣϯ͕ॏཁ ◦ ໰୊΍ෆ҆Λڞ༗͠΍͍ؔ͢܎ੑΛங͖ɺ৴པੑ͸ձ࿩͔Β࢝ΊΔ͜ͱ • Embedded SREͱͷڠಇ

    ◦ Embedded SREͱີʹ࿈ܞ͠ɺݱ৔Ͱͷ՝୊ײΛٵ্͍͛Δ • จԽͷৢ੒ͱνʔϜͷҰମײ ◦ ຖि༵ۚ೔ʹৼΓฦΓձΛߦ͍ɺKibelaͰશΤϯδχΞʹڞ༗ͱೝ஌౓Λ޲্ ◦ νʔϜͷ੒Ռ΍՝୊ղܾʹ͸ɺ࣭ͷߴ͍ίϛϡχέʔγϣϯ͕ॏཁ ◦ εϐʔυײΛॏࢹͭͭ͠ɺཱࣗͨ͠νʔϜͷҭ੒Λ໨ࢦ͢ 12

13. Findy ToolsΠϯϑϥվળ

14. Findy ToolsΠϯϑϥվળ • Aurora ϚΠφʔόʔδϣϯΞοϓ ◦ 8.0.mysql_aurora.3.07.0ʹόʔδϣϯΞοϓ • ΦϒβʔόϏϦςΟपΓڧԽ ◦

    Πϯϑϥ/ΞϓϦέʔγϣϯϦιʔε͢΂ͯΛϞχλϦϯά ◦ SLO΋൒೥Ͱ99%Ҏ্Λҡ࣋ ◦ ִिͰͷৼΓฦΓͷ࣮ࢪʹΑͬͯSLI/SLOͷվળ͕Ͱ͖ͯ ͍Δ • ։ൃ؀ڥͷվળ ◦ JustfileԽΛਪਐ͠ɺগͣͭ͠શϓϩμΫτಋೖ༧ఆ ◦ ࠷ۙDocker for Mac͕ߴ଎Խ͞Ε͖ͯͨ ◦ ϨεϙϯεؚΊͯݕূ༧ఆ • CloudFrontಋೖ ◦ ϨεϙϯελΠϜ͕20ഒߴ଎Խʹʂ 14

15. શ؀ڥͷTerraform importԽ

16. શ؀ڥͷTerraform importԽ • ࠓ·Ͱ͸׬શʹIaC͞Ε͍ͯͳ͍ঢ়ଶͩͬͨ ◦ Πϯϑϥ͕׬શʹίʔυ؅ཧ͞Ε͓ͯΒͣɺखಈઃఆ͕ଟ͔ͬͨ ◦ ͢΂ͯͷϦιʔεΛίʔυԽ͠ɺҰݩ؅ཧΛ࣮ݱ ◦ ੔߹ੑ͕อͨΕɺকདྷมߋ΍֦ு͕༰қʹͳͬͨ

    • Terraform Cloudͷ׆༻ ◦ S3Ͱ؅ཧ͍ͯͨ͠tfstateΛTerraform CloudʹҠߦ ◦ ՝୊ ◦ ৽نߏங࣌ʹطଘઃఆΛ࢖͍·Θ͍ͯ͠ΔͨΊɺ޻਺͕͔͔Δ ◦ ൚༻ੑ͕ͳ͍ͨΊɺڞ௨ԽΛਐΊΔ΂͘moduleԽΛݕ౼ 16

17. ʮFindy Team+ʯΦϒβʔόϏϦςΟपΓڧԽ

18. ʮFindy Team+ʯΦϒβʔόϏϦςΟपΓڧԽ • DatadogΞϥʔτͷ୨Է͠ ◦ खಈͰઃఆ͞ΕͨΞϥʔτ͕ଟ਺͋ΓɺඞཁੑΛEmbeddedͱձ࿩ͯ͠ਫ਼ࠪ ◦ ͢΂ͯͷΞϥʔτΛTerraformͰ؅ཧ ◦ ͖͍͠஋ΛςϯϓϨʔτԽ͠ɺଞϓϩδΣΫτ΁ͷద༻Λ༰қʹͨ͠

    ◦ Database Monitoringͷಋೖ • SLOͷࡦఆ ◦ Findy ToolsͷࣄྫΛࢀߟʹਐΊͭͭɺ࠶ࡦఆ ◦ APIϨεϙϯελΠϜ΍όονॲཧঢ়گΛ৽ͨʹSLIͱͯ͠૊ΈࠐΜͩ ◦ SLOͷ໌֬ԽʹΑΓɺؔ܎ऀؒͰͷ߹ҙܗ੒͕εϜʔζʹ 18

19. ʮFindy FreelanceʯΦϒβʔόϏϦςΟपΓڧԽ

20. ʮFindy FreelanceʯΦϒβʔόϏϦςΟपΓڧԽ • DatadogΞϥʔτͷ୨Է͠ ◦ ΞϥʔτपΓ͸TerraformԽ͍ͯ͠Δঢ়گ ◦ EmbeddedͱΞϥʔτपΓͷ୨Է͠Λ࢝Ίͨ ◦ Anormaly

    DetectʹΑΓɺΞϥʔτͷස౓͕ ଟ͔ͬͨͨΊطଘʹ໭ͨ͠ • SLI/SLOৼΓฦΓձ ◦ SLI/SLO͸طʹࡦఆ͞Ε͍͕ͯͨɺਁಁ͸͠ ͍ͯͳ͔ͬͨ ◦ ִिͰৼΓฦΓΛߦ͏ 20

21. AWSηΩϡϦςΟपΓ޲্

22. AWSηΩϡϦςΟपΓ޲্ • Shisho Cloudͷಋೖ ◦ ϚϧνΫϥ΢υͷҰݩ؅ཧ ◦ ηΩϡϦςΟઐ໳஌͕ࣝͳͯ͘΋ରԠՄೳ ◦ ϦεΫͷଈ࣌ՄࢹԽ

    ◦ ೔ຊޠରԠͷஸೡͳϨϙʔτ ◦ ಋೖͷ༰қ͞ͱݕग़݁Ռͷ଎͞ ◦ े෼ʹ४උ͞ΕͯΔϚωʔδυϙϦγʔ ◦ ΧελϚΠζੑͷߴ͞ ◦ Ձ֨ͷ҆͞ 22

23. Amazon Security Lakeͷ࣮૷

24. Amazon Security Lakeͷ࣮૷ • Amazon Security Lakeͷݕূ ◦ AWS OrganizationsͰӡ༻͍ͯ͠ΔͨΊɺ؂ࠪप

    ΓͰԿ͕ى͖͍ͯΔ͔ෆ໌ ◦ CloudTrailɺWAFɺVPC Flow Logɺ Route53(DNS Query)Λର৅ ◦ Security Lake͸݄਺ສԁఔ౓ ◦ Security LakeͰ؆୯ʹҰݩ؅ཧΛ࣮૷͢Δ͜ͱ ͕Մೳ ◦ Amazon Managed GrafanaͰμογϡϘʔυԽ ◦ ࠓޙ͸SQLͷ݁Ռ͔ΒBedrockͰ෼ੳ༧ఆʂ 24

25. WordPressΛShifterʹҠߦ

26. WordPressΛShifterʹҠߦ • ShifterҠߦݕূ ◦ ࠓ·Ͱ͸Amazon LightsailͰෳ਺αΠτΛӡ༻͍ͯͨ͠ ◦ όʔδϣϯ؅ཧͱAWSͰӡ༻ͨ͘͠ͳ͍ͨΊɺShifterʹҠߦݕূΛ࢝Ίͨ • ։ൃ؀ڥͷߏங

    ◦ ιʔυίʔυϦϙδτϦԽͱDocker(Nginx,php-fpm,MySQL)Ͱ؅ཧ ◦ ެࣜ͸PHP8.1Ͱಈ࡞͍ͯ͠Δ໛༷ • Ҡߦํ๏ ◦ All-in-One WP MigrationͰ؆୯Ҡߦ͕Մೳ • ςʔϚσϓϩΠ ◦ Shifter Github Plugin/Theme Installer 26

27. ·ͱΊ/དྷظ΍Δ͜ͱ

28. ·ͱΊ • ࠓظৼΓฦΓ ◦ ൒೥ײͰ༷ʑͳνϟϨϯδ͕Ͱ͖ͨ(ΈΜͳͷ͓͔͛Ͱ͢ʂ) ◦ ԣஅSREνʔϜͷࡏΓํΛਁಁ͢Δ͜ͱ͕Ͱ͖ɺେ͖ͳҰาΛ౿Έग़ͤͨ ◦ ٯʹ৭Μͳͱ͜ΖʹಥͬࠐΈա͗ͯλεΫͷྔ͕૿͑ͯ͠·ͬͨ(΍Δ͔͠ͳ͍) ◦

    ϕετϓϥΫςΟεΛ໛ࡧ͍ͯ͠ΔͷͰɺ՝୊ͩΒ͚ • དྷظ΍Δ͜ͱ ◦ ηΩϡϦςΟڧԽ ◦ ج൫͸Ͱ͖͕ͨɺWAF΍ίϯςφपΓ΋ରԠ͍ͯ͘͠ ◦ AWSίετ࡟ݮ ◦ ARMԽɺReserved InstanceɺFargate Spot ◦ ·ͩ·ͩ΍Δ͜ͱ͕ͨ͘͞Μ͋Γ·͢ 28

29. গ͠Ͱ΋ϑΝΠϯσΟͰಇ͘͜ͱʹ͝ڵຯ͋Ε͹ɺؾܰʹ͝࿈བྷ͍ͩ͘͞ʂ Ͳ͕͜దਖ਼͔Θ͔Βͳ͍ͱ͍͏ํ΋ؚΊͯɺΦʔϓϯϙδγϣϯ(ॻྨબߟ΍໘ஊ࣌ʹϙδγϣϯ͢Γ߹Θͤ)΍ΧδϡΞϧ໘ஊͷਃࠐΈΛߦ͍ͬͯ·͢ʂ 29 ※ืूঢ়گʹΑͬͯมಈ͠·͢ ։ൃνʔϜɾσβΠφʔ • CTOީิ • EM •

    ϑϩϯτΤϯυ • ػցֶशΤϯδχΞ • όοΫΤϯυ •σʔλΤϯδχΞ • SRE • UIσβΠφʔ Findy Career • ࣄۀ෦௕ީิ • ϚʔέςΟϯά • ࣄ຿Ξγελϯτ • PdM • ΧελϚʔαΫηε ◦ Ϧʔμʔީิ / ϝϯόʔ • ϢʔβʔαΫηε ◦ Ϧʔμʔީิ / ϝϯόʔ Findy Team+ • ৽نࣄۀ։ൃ • ηʔϧε • ΧελϚʔαΫηε • PdM ւ֎ਪਐ • ্ཱͪ͛ϝϯόʔ ◦ ϢʔβʔରԠ ◦ اըରԠ ࣾ௕ࣨ • ࣾ௕ࣨ௕ީิ • ࠾༻૊৫ਓࣄϦʔμʔ • ޿ใ୲౰ ίʔϙϨʔτଞ • CFOީิ • ܦӦاը • ๏຿ • ্৔४උ୲౰ • ࣄۀاը • ܦཧ ืूதͷϙδγϣϯ

30. γχΞSREΛେืूதʂ🥹 ڵຯ͋Δํʂͥͻ๻ͱ͓࿩͠·͠ΐ͏ʂʂ🤝 \ ಛ ʹ ʂ/

31. ࠂ஌ʂ

32. None

33. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ