こんにちは。beaglesoftの真鍋です。
前回のblog.beaglesoft.netに続き、サーバ/インフラエンジニア養成読本 DevOps編 [Infrastructure as Code を実践するノウハウが満載! ] (Software Design plus)の特集2 第3章の前半部分を進めたいと思います。
第3章
第3章の前半は主にDigitalOceanの設定とTerraformの設定を行います。内容はサーバ/インフラエンジニア養成読本 DevOps編 [Infrastructure as Code を実践するノウハウが満載! ] (Software Design plus)に書いてある内容を実際に試していますので、書籍を参考にしてください。
DigitalOceanへのアカウント登録
DigitalOceanへアカウントを登録します。一緒に以下の設定も行いました。
- Two-Factor認証
- BillingAlertの設定
- APIキーの取得
- 公開鍵の登録
公開鍵に対応する番号の取得
DigitalOceanでは取得したAPIキーを利用して公開鍵に対応する番号を取得できます。
╭─ymanabe@Yoichiro-no-MacBook-Pro ~ ‹2.2.4› ╰─$ export DIGITALOCEAN_TOKEN=API_KEY ╭─ymanabe@Yoichiro-no-MacBook-Pro ~ ‹2.2.4› ╰─$ curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer ${DIGITALOCEAN_TOKEN}" "https://api.digitalocean.com/v2/account/keys" | jq % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 541 0 541 0 0 473 0 --:--:-- 0:00:01 --:--:-- 474 { "ssh_keys": [ { "id": xxxxxx, "fingerprint": "finger print...", "public_key": "public key...", "name": "mac-book-pro" } ], "links": {}, "meta": { "total": 1 } }
DigitalOcean.tfを編集する
Terraformの設定ファイルを作成します。
variable "ssh_keys_id" {} resource "digitalocean_droplet" "webapp" { image = "centos-7-0-x64" name = "webapp" region = "sgp1" size = "512mb" ssh_keys = [ "${var.ssh_keys_id}" ] provisioner "local-exec" { command = "echo ${digitalocean_droplet.webapp.ipv4_address} ${digitalocean_droplet.webapp.name} >> /tmp/hosts.txt" } }
ssh_keys_id
は環境変数に設定したTF_VAR_ssh_keys_id
の値を取得します。
※RubyMineでのTFファイル編集について RubyMineでTFファイルを編集する場合、JetBrains Plugin Repository :: HCL language supportがソースコードハイライトとして利用できます。
設定内容の確認
作成したTerraformの設定内容を確認するため、terraform plan
を実行します。
╭─ymanabe@Yoichiro-no-MacBook-Pro ~/infra-ci-cookbooks ‹2.2.4› ‹master*› ╰─$ terraform plan Refreshing Terraform state prior to plan... The Terraform execution plan has been generated and is shown below. Resources are shown in alphabetical order for quick scanning. Green resources will be created (or destroyed and then created if an existing resource exists), yellow resources are being changed in-place, and red resources will be destroyed. Note: You didn't specify an "-out" parameter to save this plan, so when "apply" is called, Terraform can't guarantee this is what will execute. + digitalocean_droplet.webapp image: "" => "centos-7-0-x64" ipv4_address: "" => "<computed>" ipv4_address_private: "" => "<computed>" ipv6_address: "" => "<computed>" ipv6_address_private: "" => "<computed>" locked: "" => "<computed>" name: "" => "webapp" region: "" => "sgp1" size: "" => "512mb" ssh_keys.#: "" => "1" ssh_keys.0: "" => "1789271" status: "" => "<computed>" Plan: 1 to add, 0 to change, 0 to destroy.
DigitalOceanにVMを構築する
terraform apply
を実行してDigitalOcean上にVMを作成します。
╭─ymanabe@Yoichiro-no-MacBook-Pro ~/infra-ci-cookbooks ‹2.2.4› ‹master*› ╰─$ terraform apply digitalocean_droplet.webapp: Creating... image: "" => "centos-7-0-x64" ipv4_address: "" => "<computed>" ipv4_address_private: "" => "<computed>" ipv6_address: "" => "<computed>" ipv6_address_private: "" => "<computed>" locked: "" => "<computed>" name: "" => "webapp" region: "" => "sgp1" size: "" => "512mb" ssh_keys.#: "" => "1" ssh_keys.0: "" => "1789271" status: "" => "<computed>" digitalocean_droplet.webapp: Provisioning with 'local-exec'... digitalocean_droplet.webapp (local-exec): Executing: /bin/sh -c "echo 128.199.136.159 webapp >> /tmp/hosts.txt" digitalocean_droplet.webapp: Creation complete Apply complete! Resources: 1 added, 0 changed, 0 destroyed. The state of your infrastructure has been saved to the path below. This state is required to modify and destroy your infrastructure, so keep it safe. To inspect the complete state use the `terraform show` command. State path: terraform.tfstate
DigitalOceanで作成中の状態はこんな感じになります。
作成したVMの情報を確認する
作成したVMの情報を確認するためterraform show
を実行します。
╭─ymanabe@Yoichiro-no-MacBook-Pro ~/infra-ci-cookbooks ‹2.2.4› ‹master*› ╰─$ terraform show digitalocean_droplet.webapp: id = 12770104 image = centos-7-0-x64 ipv4_address = 128.199.136.159 locked = false name = webapp region = sgp1 size = 512mb ssh_keys.# = 1 ssh_keys.0 = 1789271 status = active
また、作成したVMへsshでアクセスしてみます。
╭─ymanabe@Yoichiro-no-MacBook-Pro ~/infra-ci-cookbooks ‹2.2.4› ‹master*› ╰─$ ssh root@128.199.136.159 The authenticity of host '128.199.136.159 (128.199.136.159)' can't be established. RSA key fingerprint is da:3c:ec:20:96:5c:cf:27:f9:95:75:1f:a7:92:4e:1f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '128.199.136.159' (RSA) to the list of known hosts. [root@webapp ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) [root@webapp ~]# exit ログアウト Connection to 128.199.136.159 closed.
作成したVMを削除する
作成したVMを削除するためterraform plan -destroy
を実行し削除対象を確認します。
╭─ymanabe@Yoichiro-no-MacBook-Pro ~/infra-ci-cookbooks ‹2.2.4› ‹master*› ╰─$ terraform plan -destroy Refreshing Terraform state prior to plan... digitalocean_droplet.webapp: Refreshing state... (ID: 12770104) The Terraform execution plan has been generated and is shown below. Resources are shown in alphabetical order for quick scanning. Green resources will be created (or destroyed and then created if an existing resource exists), yellow resources are being changed in-place, and red resources will be destroyed. Note: You didn't specify an "-out" parameter to save this plan, so when "apply" is called, Terraform can't guarantee this is what will execute. - digitalocean_droplet.webapp Plan: 0 to add, 0 to change, 1 to destroy.
今回削除する対象のVMであることが確認できたので、terraform destroy
により削除を実行します。
╭─ymanabe@Yoichiro-no-MacBook-Pro ~/infra-ci-cookbooks ‹2.2.4› ‹master*› ╰─$ terraform destroy Do you really want to destroy? Terraform will delete all your managed infrastructure. There is no undo. Only 'yes' will be accepted to confirm. Enter a value: yes digitalocean_droplet.webapp: Refreshing state... (ID: 12770104) digitalocean_droplet.webapp: Destroying... digitalocean_droplet.webapp: Destruction complete Apply complete! Resources: 0 added, 0 changed, 1 destroyed.
DegitalOceanのウェブサイトからも削除されました。
まとめ
このあとCircleCIを利用した連携へと進むのですが、一休みしたいと思います。
DigitalOceanを利用するメリットは一言で言って安いでしょう。AWSを利用するとやはり料金面での負担が大きいと感じるのですが、1時間1円程度というわかりやすい料金プランはとてもありがたいと思います。
また、Terraformがとても便利です。Vagrantでも同じように感じましたが、、、