pairsのプロビジョニング要件とInfrastructure as Code実例

Transcript

1. Copyright © 2009-2015 eureka, inc. All rights reserved. CONFIDENTIAL pairsͷϓϩϏδϣχϯάཁ݅ͱ

   Infrastructure as Code࣮ྫ 5BLVZB
   0OEB
   / eureka, inc.
 # Eureka x MTI Tech Beer

2. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved. ࣗݾ঺հ

   • ໊લɿԸా୓໵
   • 
   d
   גࣜձࣾσΟʔɾΤψɾΤʔ
   • 
   d
   גࣜձࣾΤ΢ϨΧ
   •
   ͓͠͝ͱ
   • Τ΢ϨΧͷΠϯϑϥपΓશൠΛ୲౰͍ͯ͠·͢
   • ωοτϫʔΫ%#؂ࢹ෼ੳج൫ηΩϡϦςΟFUD
   • ϒϩάɿIUUQTEFWFMPQFSTFVSFKQNFNCFST UBLVZB@POEB

3. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved. ࠓ೔ͷτϐοΫ

   • QBJSTͷαʔϏεಛੑͱٻΊΒΕΔϓϩϏδϣχϯάཁ݅
   • *OGSBTUSVDUVSF
   BT
   DPEF࣮ફʹΑΔ՝୊ղܾ
   • ࣮ྫ঺հ
   d
   αʔόߏங
   
   αʔϏεΠϯ·ͰͷྲྀΕ

4. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved. pairsͷαʔϏεಛੑ

   • "84Λϑϧ׆༻
   
   • &$͸୯Ґ࣌ؒ I ຖʹ՝ۚൃੜ
   • ΦϯϓϨͱൺֱ͢Δͱαʔό୆͋ͨΓ͸ίετߴ
   • ߴස౓σϓϩΠՕॴͱ௿ස౓σϓϩΠՕॴ
   • ߴස౓ɿΞϓϦέʔγϣϯຊମ
   • ௿ස౓ɿը૾഑৴αʔόɺEFRVFVF
   XPSLFS
   • Θ͔Γ΍͍͢ϐʔΫλΠϜ
   • 
   d
   ࣌
   
   ேͷϓογϡ௨஌
   • ϝσΟΞ࿐ग़౳ʹΑΔεύΠΫ͸΄ͱΜͲͳ͍

5. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved. ٻΊΒΕΔϓϩϏδϣχϯάཁ݅

   • ̍ɿ௿ίετ
   Y
   ߴՄ༻ੑ
   • ϐʔΫλΠϜʹ߹Θͤͨ͠ͳ΍͔ͳϦιʔε૿ݮ
   • ɿߴ͍ηΩϡϦςΟཁٻ
   • αʔϏεಛੑ্ɺηΩϡϦςΟϗʔϧ͸க໋త
   • ̏ɿඇଐਓతͳϫʔΫϑϩʔ
   • Ϧιʔε࡞੒
   
   ௥Ճ
   
   ࡟আΛ୭Ͱ΋ग़དྷΔ࡞ۀʹ
   • φϦοδͷଐਓԽ͸σϦόϦεϐʔυΛམͱ͢
   • ʮ͋ʙɺ͜Εʓʓ͞Μ͡Όͳ͍ͱ෼͔Βͳ͍͢Θʙʯ

6. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved. Infrastructure

   as Code࣮ફʹΑΔ՝୊ղܾ • ̍ɿ௿ίετ
   Y
   ߴՄ༻ੑ
   • ଈ౤ೖՄೳͳαʔόΛ͙͢࡞ΕΔ
   • ɿߴ͍ηΩϡϦςΟཁٻ
   • ωοτϫʔΫ 71$ ͱݖݶ؅ཧ *". ͷҰݩ؅ཧ
   • ̏ɿඇଐਓతͳϫʔΫϑϩʔ
   • ϓϩάϥϚϒϧ
   
   ඇΠϯϑϥͷਓؒͰ΋৮ΕΔ
   • ίʔυΛݟΕ͹࡞੒എܠ
   
   ཤྺ͕Θ͔Δ
   • (JUIVC'MPX
   
   ΩϟύγςΟϓϥϯχϯά

7. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved. Ϧιʔε౤ೖϙϦγʔ

   • ߴσϓϩΠՕॴ
   • ࣌ؒଳεέʔϦϯάʹΑΔϦιʔε૿ݮ
   • ௿σϓϩΠՕॴ
   • ϝτϦΫεϕʔεͷ"VUP
   4DBMJOH

8. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved. Ϧιʔε౤ೖϙϦγʔ

   • ߴσϓϩΠՕॴ
   • ίϚϯυҰൃͰ࠷৽ͷαʔό࡞੒Ͱ͖Ε͹0,ͱׂ੾Γ
   • DSPOͱ͔Ͱ࢓ࠐΊ͹࣌ؒଳεέʔϦϯάͷग़དྷ্͕Γ
   • ௿σϓϩΠՕॴ
   • ΰʔϧσϯΠϝʔδΛอ࣋
   • ࠷৽ͷ"QQ͕ࡌͬͯΔ".*Λݩʹ"VUP4DBMJOH

9. Ansible Serverspec Terraform Create All 
 Resources on AWS Provisioning


   And 
 Deployment Provisioning Process 
 (Manual / Scheduled-Scaling) Implement 
 Test

10. Create server
 with tags Provisioning and 
 deploy current app

    version Implement test recipe 
 on each role cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml exists
 servers Attach to 
 ELB Activator Ops ᶃ ᶄ ᶅ ᶆ • Scheduled Activation • Semi Automatic Activation

11. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Implement test recipe 
 on each role Provisioning process • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Attach to ELB • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Provisioning and 
 deploy current app version cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml ᶃ ᶄ ᶅ

12. • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web Create server


    with tags Provisioning
 deploy Test middleware
 and app status cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web cd /path/pairs/prod/jp
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml Procedure for Provisioning • Server creation • via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK # Example ) Additional App Server Recipe resource "aws_instance" "web_xx" { ami = "ami-xxxxxxx" instance_type = "${var.ec2.app.instance_type}" availability_zone = "${var.vpc.region_1a}" security_groups = ["${aws_security_group.app.id}"] subnet_id = "${aws_subnet.app_1a.id}" ebs_optimized = "${var.ec2.app.ebs_optimized}" iam_instance_profile = "${var.ec2.app.iam_instance_profile}" count = 1 tags { Name = “pairs-jp-web-xx” # Unique name for each server role = “pairs-jp-web” # Group for provisioning region = "jp" env = "prod" } }

13. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Provisioning process • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Attach to ELB Belong to 
 same env/region/role exists
 servers Provisioning and 
 deploy current app version cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml ᶃ ᶄ ᶅ • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web Implement test recipe 
 on each role

14. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Provisioning process • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Attach to ELB • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Provisioning and 
 deploy current app version cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml ᶃ ᶄ ᶅ Dynamically fetched
 via ec2.py Implement test recipe 
 on each role

15. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Provisioning process • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Attach to ELB exists
 servers Provisioning and 
 deploy current app version cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web ᶃ ᶄ ᶅ Dynamically fetched
 via ruby aws sdk Implement test recipe 
 on each role

16. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Implement test recipe 
 on each role Procedure for Provisioning • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Provisioning and 
 deploy current app version cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml # Example ) inventory-1
 
 [tag_role_pairs-jp-web] [tag_role_pairs-jp-admin] [tag_role_pairs-jp-batch] [tag_role_pairs-jp-db-master] [tag_role_pairs-jp-db-slave] [common:children] tag_role_pairs-jp-web tag_role_pairs-jp-mobile tag_role_pairs-jp-admin tag_role_pairs-jp-batch tag_role_pairs-jp-db-master tag_role_pairs-jp-db-slave [web:children] tag_role_pairs-jp-web # Example ) inventory-2 
 [admin:children] tag_role_pairs-jp-admin [batch:children] tag_role_pairs-jp-batch [db-master:children] tag_role_pairs-jp-db-master [db-slave:children] tag_role_pairs-jp-db-slave [db-all:children] tag_role_pairs-jp-db-master tag_role_pairs-jp-db-slave

17. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Implement test recipe 
 on each role Procedure for Provisioning • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Provisioning and 
 deploy current app version cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml # Example ) playbook for web server
 # Dynamic inventory Script : hosts/pairs/prod/jp/ec2.py
 # Var file : hosts/pairs/prod/jp/group_vars/all.yml
 --- # For web-server # Usage # ansible-playbook -i hosts/pairs/prod/jp playbook/web.yml - hosts: web gather_facts: yes vars_files: - "{{ inventory_dir }}/group_vars/secret.yml" roles: - { role: common, tags: common } - { role: mysql_client, tags: mysql_client } - { role: nginx, tags: nginx } - { role: mackerel, tags: mackerel } - { role: circus, tags: circus } - { role: td-agent, tags: td-agent } - { role: haproxy, tags: haproxy }

18. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web cd /path/pairs/prod/jp


    ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml Create server
 with tags Implement test recipe 
 on each role Procedure for Provisioning • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Provisioning and 
 deploy current app version # Example ) Rakefile (Fetch active instance list)
 
 require 'rake' require 'rspec/core/rake_task' require 'aws-sdk-v1' if ENV['AWS_ACCESS_KEY_ID'] && ENV['AWS_SECRET_ACCESS_KEY'] AWS.config( { access_key_id: ENV['AWS_ACCESS_KEY_ID'], secret_access_key: ENV['AWS_SECRET_ACCESS_KEY'], region: 'ap-northeast-1' } ) ec2_hosts = AWS.ec2.instances.select { |i| i.status == :running } end

19. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web cd /path/pairs/prod/jp


    ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml Create server
 with tags Implement test recipe 
 on each role Procedure for Provisioning • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Provisioning and 
 deploy current app version # Example ) Rakefile (Define test tasks # Pseudo code)
 # test recipe : spec/prod/jp/web_spec.rb / spec/common/comon.rb
 if ec2_hosts ec2_hosts.each do |host| task_name = "#{host_env}:#{host_region}:#{host_group}" spec_pattern = "spec/#{host_env}/#{host_region}/#{host_group} _spec.rb" # define tasks for each roles desc "Run serverspec tests to ec2 #{host_name} (PATH=#{spec_pattern},IP=#{host_ip})" RSpec::Core::RakeTask.new(host_name.to_sym) do |t| ENV['TARGET_HOST'] = host_ip ENV['TARGET_HOST_NAME'] = host_name t.pattern = "#{spec_pattern},spec/common/*_spec.rb" end end end

20. cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web Create server


    with tags Provisioning process • Server creation • Via terraform & add tags • Provisioning & deploy • Using dynamic inventory • Implement test recipe • Using Ruby AWS SDK • Attach to ELB • Name:pairs-jp-web-xx • env:prod • regin:jp • role:web exists
 servers Attach to 
 ELB cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml Provisioning and 
 deploy current app version ᶃ ᶄ ᶅ ᶆ Implement test recipe 
 on each role

21. Create server
 with tags Provisioning and 
 deploy current app

    version Implement test recipe 
 on each role cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml exists
 servers Attach to 
 ELB Activator Ops ᶃ ᶄ ᶅ ᶆ • Scheduled Activation • Semi Automatic Activation

22. Destruct
 Instances cd /path/pairs/prod/jp
 terraform apply cd /path/to/test
 rake pairs:prod/jp/web

    cd /path/to/ansible_dir
 ansible-playbook -i hosts/pairs/prod/jp
 playbook playbook/web.yml exists
 servers Detach From
 ELB Activator Ops ᶄ ᶃ • Scheduled Destruction • Semi Automatic Destruction

23. Scale Out Scale In Alert Monitored 
 Via Cloudwatch Launch

    New Instance by
 Scaling Policy Provisioning Process 
 (Auto Scaling) Terminate Instance to be Desired

24. ᶃ ᶅ S-In to 
 Production Alert
 Firing Initialize
 Auto

    Scaling Launch New
 Instances ᶄ

25. ᶃ ᶅ S-In to 
 Production Alert
 Firing Initialize
 Auto

    Scaling Launch New
 Instances ᶄ Notify to 
 Slack

26. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved. ·ͱΊ

    • QBJST͸Ϋϥ΢υωΠςΟϒͳΠϯϑϥߏ੒
    • ͠ͳ΍͔ͳϦιʔε૿ݮ
    
    ηΩϡϦςΟཁ݅
    
    ଐਓੑͷഉআ
    • *OGSBTUSVDUVSF
    BT
    $PEFͷશ໘ಋೖͰղܾ ͨ͠

27. CONFIDENTIAL Copyright © 2009-2015 eureka, inc. All rights reserved. ͓·͚

    • ࠓ೔ͷ࿩ɺ࠷ۙॻ͍ͨϒϩάʹৄࡉॻ͍ͯͨΓ͠·͢
    • ڵຯ͋Δ͔ͨ͸Α͚Ε͹ʂ
    • IUUQTEFWFMPQFSTFVSFKQUFDIUFSSBGPSN@VQEBUF

28. CONFIDENTIAL Thank you :) Thank you :)