Consulはなめらかか？

Transcript

1. 
   $POTVMͷ׆༻ํ๏࠶ߟ
    GMO Pepabo, Inc. Uchio Kondo E-Zuka Tech Night @

   2016-05-18 $POTVM
   ͸
   ͳΊΒ͔͔ʁ
2. None

3. ເͷ͖ͭͮ

4. NF

5. None

6. ۙ౻͏͓ͪ  (.0ϖύϘॴଐ
    ٕज़ج൫νʔϜ
   
    ෱Ԭࢧࣾۈ຿
    'VLVPLBSC
   

   3BJMT(JSMT
   'VLVPLB
   
   ૯߹ࡶ༻ίʔν·ͱΊ
7. None

8. ࣗಈԽ

9. ӡ༻ͷࣗಈԽ

10. ൿ఻ͷλϨ

11. खॱॻ

12. खॱʹखଓ͖
    ʹϓϩάϥϛϯάͰ͖Δ

13. ࣗಈԽ

14. खॱॻˠ
    ࣗಈԽ

15. ΋ͬͱࠜຊతͳϧʔϧ
    ʢʴࣗ཯ੑʣˠ
    ͳΊΒ͔ͳγεςϜ

16. ͔ͳ❓

17. $POTVM

18. ΦʔέετϨʔγϣϯ

19. ΦʔέετϨʔγϣϯ ❓

20. *OGSBTUSVDUVSF
    BT
    $PEF  Πϯϑϥͷ͓࢓ࣄΛɺίʔυͰ
     0SDIFTUSBUJPO
     $POpHVSBUJPO
     #PPUTUSBQQJOH

21. *OGSBTUSVDUVSF
    0SDIFTUSBUJPO
    5PPMT  5FSSBGPSN
    ΍
    $MPVE'PSNBUJPO
    ͷΑ͏ͳɺ *BB4
    ্ͰαʔόωοτϫʔΫετϨʔδͱ ͍ͬͨϦιʔεΛ੍ޚ͢ΔͨΊͷπʔϧ΍αʔ Ϗε
     $POTVM
    FUDE
    ;PP,FFQFS
    ͷΑ͏ͳ
    

    $POpHVSBUJPO
    3FHJTUSZ

22. SFGT  *OGSBTUSVDUVSF
    BT
    $PEF
    ࠶ߟ
     IUUQNJ[[ZPSHCMPH
    

23. $POpHVSBUJPO
    3FHJTUSZ

24. ઃఆ߲໨Λ
    ෳ਺୆ͷαʔόͰڞ༗͢Δ

25. 3BGU
    $POTFOTVT
    "MHPSJUIN

26. None

27. ෼ࢄ߹ҙΞϧΰϦζϜ

28. 4FF
    QBQFST  IUUQTXXXVTFOJYPSHTZTUFNpMFT DPOGFSFODFBUDBUDQBQFS POHBSPQEG
     ೔ຊޠͰͷղઆ
     IUUQTHJTUHJUIVCDPNTJMF BEDFCGE
    

29. DG
    ϒϩοΫνΣʔϯ  ͯ͞ɺϒϩοΫνΣʔϯ͸૊৫త෼ࢄܕͷܥΛલఏͱͨ͠ ΋ͷͰ͢ɻͦͯ͠ɺෳ਺ͷࢀՃऀ͕ಉ͡ϒϩοΫ໦͔Βಉ ͡ϒϩοΫνΣʔϯΛܾఆ͢Δͱ͍͏ͷ͕ਖ਼ʹ߹ҙܗ੒Ͱ ͢
     SFGT
    IUUQOFYUCMPDLDIBJOOFU CMPDLDIBJOBCJMJUZ
    

30. ෼ࢄγεςϜʹ͓͚Δ߹ҙ ͱ͸

31. ެࣜͷઆ໌  )PME
    POŠXIBU
    JT
    DPOTFOTVT
     $POTFOTVT
    JOWPMWFT
    NVMUJQMF
    TFSWFST
    BHSFFJOH
    PO
    WBMVFT
     IUUQTSBGUHJUIVCJP

32. ෳ਺ͷαʔό͕
    ಉ͡஋ʹ͍ͭͯ߹ҙ͢Δ

33. ز͔ͭͷαʔό͕
    յΕ͍ͯͯ΋ɺ
    ͪΌΜͱ߹ҙͰ͖Δ DG
    2VPSVN
    IUUQTXXXDPOTVMJPEPDTJOUFSOBMTDPOTFOTVTIUNM

34. εςʔτϚγϯͷෳ੡

35. IUUQTDPNNPOTXJLJNFEJBPSHXJLJ'JMF$15'4..FBMZTWH

36. DG
    ,74

37. DG
    3BGUͷ3VCZ࣮૷  IUUQTHJUIVCDPNDFMMVMPJEqPTT
     '4.ͱͯ͠ϋογϡΛ࢖ͬͨྫ

38. $POTVMͱ͸  ߹ҙΞϧΰϦζϜΛ༻͍ͯෳ਺୆ͷαʔόؒͰ εςʔτΛڞ༗͠ɺ
     ͦΕΛ༻͍ͯαʔόӡ༻ͷࣗಈԽΛߦ͏͜ͱ΋ Ͱ͖Δπʔϧ

39. FH
    DPOTVM
    FYFDͷத਎  ίϚϯυͷத਎Λ,74Ͱڞ༗͢Δ
     ड͚औͬͨϊʔυ͸ͦΕΛ࣮ߦ͢Δ
     ऴΘͬͨΒফ͢

40. Πϕϯτ

41. Ϋϥελͷ
    ঢ়ଶͷมԽΛ؂ࢹ

42. XBUDIͰ͖Δ΋ͷ  ͬ͘͟Γͭ
     OPEFT
    
    ϊʔυͷ௥Ճ࡟আ
     TFSWJDFT
    
    ϊʔυͰಈ͘αʔϏεͷঢ়ଶ
     DIFDLT
    
    ϊʔυ্ͷαʔϏεͷϔϧενΣοΫ؂ࢹͷঢ় ଶ
    

     LFZLFZQSFpY
    
    ϊʔυؒͰڞ༗͍ͯ͠Δ,74ͷத਎
     FWFOU
    
    ೚ҙͷΠϕϯτ

43. ྫͰ͢

44. ϩʔυόϥϯαʔͷ
    ಈతϝϯόʔ௥Ճ

45. ͓खॱ  ϝϯόʔҰཡΛ؂ࢹ͢Δ
     Ұཡͷσʔλ͸+40/ͰಘΒΕΔ
     ͦΕΛ3VCZͳͲͰ৯΂ͯઃఆϑΝΠϧΛࣗಈ Ͱ࡞Ε͹0,

46. ϝϯόʔҰཡΛ؂ࢹ > consul watch -type checks -service nginx

47. Ұཡͷσʔλ͸+40/ͰಘΒΕΔ  Πϕϯτʹ
 ϊʔυͷ௥Ճ࡟আɺ
 ϔϧενΣοΫͷঢ়ଶมߋ
     Πϕϯτ͕ى͜Δͱ
 ࣗಈͰ+40/͕೚ҙͷ
 ίϚϯυʹ౉͍ͬͯ͘

48. ͦΕΛ3VCZͳͲͰ৯΂ͯ  ઃఆϑΝΠϧΛࣗಈͰ࡞Ε͹0,
     ʢੜ੒ʹ੒ޭͨ͠ΒϦϩʔυʣ

49. #!/usr/bin/env ruby require 'json' data = STDIN.read @nodes = []

    JSON.parse(data).each do |node| if node["Checks"].find {|c| c["CheckID"] == "service:nginx" && c["Status"] == "passing" } @nodes << "#{c["Node"]["Address"]}:#{c["Service"]["Port"]}" end end template = <<ERB upstream backend_apps { <% for node in @nodes %> server <%= node %>; <% end %> } server { listen 80; # .... location / { proxy_pass http://backend_apps; } } ERB require 'erb' open("/etc/nginx/dynamic.conf", "w") do |f| f.write ERB.new(template).run(binding) end

50. ࢀߟ  DPOTVMUFNQMBUFͱ͍͏΍͕ͭதͰେମಉ͡ ͜ͱΛ͍ͯ͠·͢
     IUUQTHJUIVCDPNIBTIJDPSQDPOTVM UFNQMBUF

51. ΋ͬͱ۩ମྫ

52. ྫ
    TUSFUDIFS

53. TUSFUDIFS  QVMMܕσϓϩΠϛυϧ΢ΣΞͷύΠΦχΞ
     IUUQTHJUIVCDPNGVKJXBSBTUSFUDIFS
     !GVKJXBSB
    ͞Μ࡞ɺ(P੡

54. ͓खॱ  σϓϩΠΠϕϯτΛൃՐ͢Δ
     ˠT͔ΒϚχϑΣετΛऔΔ
     ˠUBSCBMMΛऔΔ
     ˠల։ɺޙॲཧ

55. σϓϩΠΠϕϯτͷൃՐ > consul event -name deploy_production  ˞Ұճ͚ͩൃߦ͢Ε͹0,

56. ֤αʔόʔ  ͦΕͧΕͷαʔόͰ
    consul watch
    ͷίϚϯ υΛɺσʔϞϯͱ্ཱ͓ͯͪ͛ͯ͘͠
     ൃՐͨ͠ΠϕϯτΛड͚औͬͯιʔεΛQVMM
     ͦͯ͠ల։ɺඞཁʹԠ͡ΞϓϦͷϦϩʔυ
    

    αʔόʔ͕୆ʹͳͬͯ΋ඇৗʹ୹͍࣌ؒͰ ൓ө͞ΕΔΑ͏ʹͰ͖Δ

57. ྫ
    5-4
    TFTTJPO
    UJDLFU
    ͷڞ༗

58. 5-4
    TFTTJPO
    UJDLFUͱ͸  5-4ͷηογϣϯ伴Λอଘ͠ɺ࠶ར༻͢Δ࢓૊ Έ͕͋Δɻ
     ͦͷࡍɺෳ਺ͷαʔόͷ৔߹ɺ҉߸ԽͷͨΊͷ Ϛελ伴Λڞ༗͢Δඞཁ͕͋Δ
     ˠ
    લํൿಗੑͷ؍఺͔Βɺఆظߋ৽͕ඞཁ
    

    ˠ
    ͔͠΋શ୆ಉ࣌ʹʂ ࢀߟ
    CMPHLB[VIPPLVDPNGPSXBSETFDSFDZIUNM

59. ΠϕϯτΛλΠϚʔʹ࢓ֻ͚Δ  FH
    TZTUFNEͷλΠϚʔϢχοτ

60. ൃՐˠߋ৽ˠϦϩʔυ  গ͚ͩ͠λΠϜϥά͕͋Δͱͳ͓Α͠ #!/bin/bash set -x ( sleep $(($RANDOM %

    30)) && \ cat | jq -r .[-1].Payload | base64 -d > /var/lib/nginx_tls_session_ticket.key && \ systemctl reload nginx && echo reload OK ) || curl -d 'channel=#XXXX' -d "message=Failed reload: $(hostname)" notifier.local/notice

61. ࢀߟ  $POTVMΛར༻ͨ͠5-4ηογϣϯνέοτͷ ࣗಈߋ৽
     IUUQUFDINFSDBSJDPNFOUSZ 
    

62. ྫ
    DPMMFDUPS

63. DG
    7*1ʹΑΔՄ༻ੑͷ֬อ  ୆ͷαʔόͷલʹ7*1ΛׂΓৼΔྫ    GPPVE[VSBKQ
    "

64. 7*1ͷσϝϦοτ  /୆த.୆ͷ*1Λάϩʔόϧ*1ͱ͚ͯͭ͠Δɺ ͱ͍͏͜ͱ͕೉͍͠ɻ
     %/4ϥ΢ϯυϩϏϯͱͷ૬ੑ͕ѱ͍
     ͋ΔυϝΠϯ͕/ݸͷ*1Λ͍࣋ͬͯΔͱ͖ɺ
 ࣮αʔό͸/ݸҎ্ඞཁʹͳͬͯ͠·͏

65. ͡Ό͋ಈతʹ
    %/4Λߋ৽ͯ͠Έͯ͸ʁ

66. None

67. DPMMFDUPSͷத਎  ΫϥΠΞϯτ
     DPOTVMͷϔϧενΣοΫͰ࢖͏
     ίϯγϡʔϚʔ
     DPOTVM
    XBUDIͰ্ཱ͓ͪ͛ͯ͘

68. ϔϧενΣοΫʹߋ৽ͷͨΊͷ*1ΛؚΊΔ   

69. DIFDLΛ؂ࢹͯ͠มߋΛऔಘ͢Δ    check watch

70. ͦͷ಺༰͔Β%/4 3PVUF Λୟ͘    watch GPPVE[VSBKQ
    "
    
    GPPVE[VSBKQ
    "
    
    GPPVE[VSBKQ
    "
    

71. ௨஌ػೳ΋ೖΕͯ·͢

72. ઃܭࢥ૝  %/4ΩϟογϡͳͲʹΑΔҰ࣌తͳෆ௨͸ڐ༰
     ར༻ͷ্Ͱ͸ɺ55-Λ୹͘͢Δ΂͖
     සൟͳߋ৽ʹ͸޲͔ͳ͍

73. ৄࡉ͸  ࢖ͬͯΈͯͶ
     IUUQTHJUIVCDPNVE[VSBDPMMFDUPS

74. ·ͱΊ

75. $POTVM͸࣮͸γϯϓϧʂ

76. "*ͱ͸ؔ܎͕ͳ͍
    ʜ

77. "*Λۦಈ͢ΔԿ͔͠Βͷج൫ʹ
    ࢖͑Δ͔΋͠Εͳ͍͕ɺΞΠσΞ࣍ୈ

78. ͝੩ௌ
    ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ

79. օ༷ͷΑ͏ͳ
    ༏लͳएऀΛ଴ͭ

80. ը૾ʹ͍ͭͯ  ϑϦʔΞΠίϯ
     IUUQTDPNNPOTXJLJNFEJBPSHXJLJ'JMF4FSWFS NVMUJQMFTWH
     IUUQTDPNNPOTXJLJNFEJBPSHXJLJ 'JMF$PNQVUFSCMVFTWH
    

    ͦͷଞɺϩΰɺΞΠίϯ͸֤ࣾɾஂମʹݖར͕͋Γ·͢ɻ
 Ҿ༻ͷൣғͰར༻͍ͯ͠·͢ɻ