ã“ã®ã‚¨ãƒ³ãƒˆãƒªã¯Rails developer meetup 2017ã§ç™ºè¡¨ã—ãŸå†…容をブãƒã‚°ã¨ã—ã¦æ›¸ã出ã—ãŸã‚‚ã®ã§ã™ã€‚ サンプルã®ã‚¹ãƒ‹ãƒšãƒƒãƒˆãŒå¤šã„ã®ã§è³‡æ–™ã®ä»£ã‚ã‚Šã«ã‚¨ãƒ³ãƒˆãƒªã¨ã—ã¦å…¬é–‹ã—ã¾ã™ã€‚ スライド用ã®markdownã‚’å…ƒã«èµ·ã“ã—ãŸã‚‚ã®ãªã®ã§ã€å°‘ã—èªã¿è¾›ã„ã‹ã‚‚ã—ã‚Œã¾ã›ã‚“ãŒã”容赦ãã ã•ã„。
ECSã¨ã¯
- Dockerコンテナを稼動ã™ã‚‹ãŸã‚ã®ã‚¯ãƒ©ã‚¹ã‚¿ã‚’管ç†ã—ã¦ãれるサービス
- 使ãˆã‚‹ãƒªã‚½ãƒ¼ã‚¹ã‚’計測ã—ã€è‡ªå‹•ã§ã‚³ãƒ³ãƒ†ãƒŠã®é…置先をコントãƒãƒ¼ãƒ«ã—ã¦ãれる
- kubernetesã§ã¯ãªã„。最近ã€kubernetesãŒè¦‡æ¨©å–ã£ãŸæ„ŸãŒã‚ã£ã¦å‰²ã¨è¾›ã„
- 今ã¯EC2ãŒå‰²ã¨ãƒãƒƒã‚¯ã‚¨ãƒ³ãƒ‰ã«é€ã‘ã¦è¦‹ãˆã‚‹ã®ã ãŒã€Fargateã«è¶…期待
- ECS or EKS :tired_face:
Railsアプリã®Dockerize
オススメã®æ§‹æˆ
- 実際ã«ãƒ‡ãƒ—ãƒã‚¤ã™ã‚‹imageã¯ä¸€ã¤ã«ã™ã‚‹
- 例ãˆã°stagingã‚„productionç‰ã®ãƒ‡ãƒ—ãƒã‚¤ç’°å¢ƒã®é•ã„ã¯ã‚¤ãƒ¡ãƒ¼ã‚¸ã§ã¯æ„è˜ã—ãªã„
- 手元ã§é–‹ç™ºã™ã‚‹æ§˜ã®Dockerfileã¯åˆ†ã‘ã‚‹
- ディレクトリマウントやテスト用コンãƒãƒ¼ãƒãƒ³ãƒˆã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ç‰ã®ãŸã‚
FROM ruby:2.4.2
ENV DOCKER 1
# install os package
RUN <package install>
# install yarn package
WORKDIR /yarn
COPY package.json yarn.lock /yarn/
RUN yarn install --prod --pure-lockfile && yarn cache clean
# install gems
WORKDIR /app
COPY Gemfile Gemfile.lock /app/
RUN bundle install -j3 --retry 6 --without test development --no-cache --deployment
# Rails app directory
WORKDIR /app
COPY . /app
RUN ln -sf /yarn/node_modules /app/node_modules && \
mkdir -p vendor/assets tmp/pids tmp/sockets tmp/sessions && \
cp config/unicorn.rb.production config/unicorn.rb
ENTRYPOINT [ \
"prehook", "ruby -v", "--", \
"prehook", "ruby /app/docker/setup.rb", "--" ]
CMD ["bundle", "exec", "unicorn_rails", "-c", "config/unicorn.rb"]
ARG git_sha1 # ã©ã®ã‚³ãƒŸãƒƒãƒˆãªã®ã‹ä¸ã‹ã‚‰åˆ†ã‹ã‚‹æ§˜ã«ã™ã‚‹
RUN echo "${git_sha1}" > revision.log
ENV GIT_SHA1 ${git_sha1}
docker build
- circleCI 2.0ã¨ã‹ä½¿ã†ã®ã¯ãŠæ‰‹è»½
- ã‚ャッシュã§ãƒãƒžã‚‹æ§˜ãªã‚‰ãƒ“ルドサーãƒãƒ¼ã‚’用æ„ã™ã‚‹
- https://github.com/reproio/capistrano-dockerbuild
- capistranoを利用ã—ã¦ãƒªãƒ¢ãƒ¼ãƒˆã‚µãƒ¼ãƒãƒ¼ã§docker buildã‚’è¡Œã†
- リãƒã‚¸ãƒˆãƒªã¸ã®pushç‰ã‚‚サãƒãƒ¼ãƒˆã™ã‚‹
assets:precompile
Railsã®Docker化ã«ãŠã‘る鬼門ã®ä¸€ã¤
- S3 or CDNを事å‰ã«æ•´å‚™ã—ã¦ãŠãã“ã¨
- ビルド時ã«è§£æ±ºã™ã‚‹ãŒãƒ“ルド自体ã¨ã¯ç‹¬ç«‹ã•ã›ã‚‹
- docker buildã—ãŸå¾Œã§ã€docker runã§å®Ÿè¡Œã™ã‚‹
- ビルドサーãƒãƒ¼ã®ãƒœãƒªãƒ¥ãƒ¼ãƒ をマウントã—ã€assets:precompileã®ã‚ャッシュを永続化ã™ã‚‹
- ã‚ャッシュファイルãŒæ®‹ã£ã¦ã„ã‚Œã°ã€é«˜é€Ÿã«ã‚³ãƒ³ãƒ‘イルãŒçµ‚ã‚ã‚‹
- manifestã‚’RAILS_ENV毎ã«renameã—ã¦S3ã«ä¿å˜ã—ã¦ãŠã ã“ã®æ™‚ã€ã‚³ãƒŸãƒƒãƒˆã®SHA1ã‚’åå‰ã«å«ã‚ã¦ãŠã。(build時ã«argã§ä»˜ä¸Žã—ãŸã‚‚ã®)
docker run --rm \ -e RAILS_ENV=<RAILS_ENV> -e RAILS_GROUPS=assets \ -v build_dir/tmp:/app/tmp app_image_tag \ rake \ assets:precompile \ assets:sync \ assets:manifest_upload
prehook
ENTRYPOINTã§å¼·åˆ¶çš„ã«å®Ÿè¡Œã™ã‚‹å‡¦ç†ã§ç’°å¢ƒæ¯Žã®å·®ç•°ã‚’å¸åŽã™ã‚‹
- ERBã§è¨å®šãƒ•ã‚¡ã‚¤ãƒ«ç”Ÿæˆ
- 秘匿値ã®æº–å‚™
- assets manifestã®æº–å‚™
- ã•ã£ãRAILS_ENV毎ã«åå‰ä»˜ã‘ã¦uploadã—ã¦ãŸã®ã‚’DLã—ã¦ãã‚‹
秘匿値ã®æ‰±ã„
- è¨å®šãƒ•ã‚¡ã‚¤ãƒ«è‡ªä½“ã‚’æš—å·åŒ–ã—ã¦ã‚¤ãƒ¡ãƒ¼ã‚¸ã«çªã£è¾¼ã‚€
- 環境変数ã§ç›´æŽ¥çªã£è¾¼ã‚€ã¨ECSã®consoleã«éœ²å‡ºã™ã‚‹
- 値ã®ç¨®é¡žãŒå¤šã„ã¨ç’°å¢ƒå¤‰æ•°ç®¡ç†ã™ã‚‹å ´æ‰€ãŒå¿…è¦ã«ãªã‚‹
- コンテナ起動時ã«èµ·å‹•ç’°å¢ƒã®æ¨©é™ã§è¤‡åˆåŒ–ã§ãã‚‹ã¨è‰¯ã„
- prehookã§è¤‡åˆåŒ–処ç†ã‚’è¡Œã†
yaml_vault
https://github.com/joker1007/yaml_vault
- Rails5ã§å…¥ã£ãŸã€encrypted secrets.ymlã®æ‹¡å¼µç‰ˆ
- AWS-KMS, GCP-KMSã«å¯¾å¿œã—ã¦ã„ã‚‹
- KMSを利用ã™ã‚‹ã¨ç§˜åŒ¿å€¤ã«ã‚¢ã‚¯ã‚»ã‚¹ã§ãる権é™ã‚’IAMã§ç®¡ç†ã§ãã‚‹
- クラスタã«æ‰€å±žã—ã¦ã„るノードã®IAM Roleã§è¤‡åˆåŒ–
- è¨å®šã‚’ファイルã«ä¸€å…ƒåŒ–ã—ã¤ã¤å®‰å…¨ã«ç®¡ç†ã§ãã‚‹
- Railsã®å ´åˆã€secrets.ymlをメモリ上ã§è¤‡åˆåŒ–ã—ã¦èµ·å‹•ã§ãã‚‹
- ファイルã«å±•é–‹å¾Œã®å€¤ãŒæ®‹ã‚‰ãªã„
開発環境
docker-composeã¨ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªãƒžã‚¦ãƒ³ãƒˆã§å·¥å¤«ã™ã‚‹
version: "2" services: datastore: image: busybox volumes: - mysql-data:/var/lib/mysql - vendor_bundle:/app/vendor/bundle - bundle:/app/.bundle app: build: context: . dockerfile: Dockerfile-dev environment: MYSQL_USERNAME: root MYSQL_PASSWORD: password MYSQL_HOST: mysql depends_on: - mysql volumes: - .:/app volumes_from: - datastore tmpfs: /app/tmp/pids mysql: image: mysql environment: MYSQL_ROOT_PASSWORD: password ports: - '3306:3306' volumes_from: - datastore
Macã®å ´åˆ
- ã¡ãªã¿ã«ãƒœãƒªãƒ¥ãƒ¼ãƒ マウントãŒæ»ã¬ç¨‹é…ã„ã®ã§ã€ä½•ã‚‰ã‹ã®å·¥å¤«ãŒå¿…è¦
- dinghyã‹docker-syncã§é ‘張る
- ã©ã£ã¡ã‚‚è¾›ã„
- Macæ¨ã¦ã‚‹ã®ãŒã‚ªã‚¹ã‚¹ãƒ¡
俺ã®é–‹ç™ºã‚¹ã‚¿ã‚¤ãƒ«
- 開発用Dockerfileã§zshã‚„å„種コマンドを入れã¦ãŠã
docker-compose run --service-ports app zsh- シェルスクリプトã§è‡ªåˆ†ã®.zshrcã‚„pecoç‰ã‚’コピーã—
docker exec zsh - ファイルã®ç·¨é›†ã ã‘ã¯ãƒ›ã‚¹ãƒˆãƒžã‚·ãƒ³ã§è¡Œã„ã€å¾Œã¯åŸºæœ¬çš„ã«ã‚³ãƒ³ãƒ†ãƒŠå†…ã§æ“作ã™ã‚‹
set -e container_name=$1 cp_to_container() { if ! docker exec ${container_name} test -e $2; then docker cp -L $1 ${container_name}:$2 fi } cp_to_container ~/.zshrc /root/.zshrc if ! docker exec ${container_name} test -e /usr/bin/peco; then docker exec ${container_name} sh -c "curl -L -o /root/peco.tar.gz https://github.com/peco/peco/releases/download/v0.4.5/peco_linux_amd64.tar.gz && tar xf /root/peco.tar.gz -C /root && cp /root/peco_linux_amd64/peco /usr/bin/peco" fi docker exec -it ${container_name} sh -c "export TERM=${TERM}; exec zsh"
デプãƒã‚¤ã®å‰ã«
ECSã®æ¦‚念ã«ã¤ã„ã¦
TaskDefinition
- 1ã¤ä»¥ä¸Šã®ã‚³ãƒ³ãƒ†ãƒŠèµ·å‹•å®šç¾©ã®ã‚»ãƒƒãƒˆ
- イメージã€CPUã®ãƒ¡ãƒ¢ãƒªä½¿ç”¨é‡ã€ãƒãƒ¼ãƒˆã€ãƒœãƒªãƒ¥ãƒ¼ãƒ ç‰
- 物ç†çš„ã«åŒã˜ãƒŽãƒ¼ãƒ‰ã§å‹•ä½œã™ã‚‹
- docker-composeã®è¨å®šä¸€å¼ã¿ãŸã„ãªã‚‚ã®
- kubernetesã§ã„ã†Pod
Task
- TaskDefinitionã‹ã‚‰èµ·å‹•ã•ã‚ŒãŸã‚³ãƒ³ãƒ†ãƒŠç¾¤
- åŒä¸€ã®TaskDefinitionã‹ã‚‰è¤‡æ•°èµ·å‹•ã•ã‚Œã‚‹
Service
- Taskã‚’ã©ã®ã‚¯ãƒ©ã‚¹ã‚¿ã§ã„ãã¤èµ·å‹•ã™ã‚‹ã‹ã‚’定義ã™ã‚‹
- ECSãŒè‡ªå‹•ã§ãã®æ•°ã«ãªã‚‹ã¾ã§ã€ã‚³ãƒ³ãƒ†ãƒŠã‚’ç«‹ã¦ãŸã‚Šæ®ºã—ãŸã‚Šã™ã‚‹
- コンテナã®èµ·å‹•å®šç¾©ã¯TaskDefinitionã‚’å‚ç…§ã™ã‚‹
- コンテナãŒèµ·å‹•ã—ãŸãƒŽãƒ¼ãƒ‰ã‚’ALBã¨è‡ªå‹•ã§ç´ä»˜ã‘ã‚‹
- kubernetesã«ã‚‚ä¼¼ãŸæ¦‚念ãŒã‚ã‚‹
ECSã¸ã®ãƒ‡ãƒ—ãƒã‚¤ã®åŸºæœ¬
- TaskDefinitionã‚’æ›´æ–°
- Serviceã‚’æ›´æ–°
- 後ã¯ECSã«ä»»ã›ã‚‹
ecs_deploy
https://github.com/reproio/ecs_deploy
- capistrano plugin
- TaskDefinitionã¨Serviceã®æ›´æ–°ã‚’è¡Œã†
- Service更新後デプãƒã‚¤çŠ¶æ³ãŒåŽæŸã™ã‚‹ã¾ã§å¾…æ©Ÿã™ã‚‹
- æ›´æ–°ã—ãŸTaskDefinitionã®revisionã‚’ä»–ã®ã‚¿ã‚¹ã‚¯ã§å‚ç…§ã§ãã‚‹
- TaskDefinitionã‚„Serviceã®å®šç¾©ã¯Rubyã®Hashã§è¡Œã†
Why use Capistrano
- æ—¢å˜ã®è³‡ç”£ãŒå¤šæ•°ã‚ã‚‹
- slack通知ã®ãƒ•ãƒƒã‚¯ã¨ã‹
- デプãƒã‚¤ã®ã‚³ãƒžãƒ³ãƒ‰ãŒå¤‰åŒ–ã—ãªã„
- è¨å®šãƒ•ã‚¡ã‚¤ãƒ«ã®å ´æ‰€ã‚„定義も大ãã変化ã—ãªã„
個人別ステージング環境
- アプリサーãƒãƒ¼ã ã‘ã§è‰¯ã„ãªã‚‰å®¹æ˜“ã«å®Ÿç¾å¯èƒ½
- RDBç‰ã®ãƒ‡ãƒ¼ã‚¿ã‚¹ãƒˆã‚¢ã‚’個別ã«æŒã¤ãªã‚‰è‰²ã€…難ã—ã„
- 弊社ã¯ã‚¢ãƒ—リサーãƒãƒ¼ã ã‘個別ã«ãƒ‡ãƒ—ãƒã‚¤å¯èƒ½
- ãƒ‡ãƒ¼ã‚¿ã‚¹ãƒˆã‚¢ã‚’å¼„ã‚‹å ´åˆã¯ãƒ•ãƒ«ã‚»ãƒƒãƒˆã®ç’°å¢ƒã‚’使ã„ã€ãã“ã‚’å 有ã™ã‚‹
インフラã®æº–å‚™
terraformç‰ã§ä»¥ä¸‹ã®ã‚‚ã®ã‚’準備ã™ã‚‹
- ALBを一ã¤ç”¨æ„ã™ã‚‹
- 個人別ã®ã‚µãƒ–ドメインをRoute53ã«å®šç¾©
- ALBã®Target Groupを個人別ã«å®šç¾©
- ALBã®ãƒ›ã‚¹ãƒˆãƒ™ãƒ¼ã‚¹ãƒ«ãƒ¼ãƒ†ã‚£ãƒ³ã‚°ã‚’定義
ãã®å¾Œcapistranoã«memberã¨ã„ã†ç’°å¢ƒã‚’定義ã—ã€å„メンãƒãƒ¼ãŒè‡ªåˆ†ã®åå‰ã§target_ groupã‚„TaskDefinitionã®åå‰ã‚’使ã£ã¦ãƒ‡ãƒ—ãƒã‚¤å‡ºæ¥ã‚‹æ§˜ã«è«¸ã€…を変数化ã™ã‚‹
terraformã®ä¾‹
module "acm" {
source = "../acm"
}
resource "aws_alb" "developers" {
name = "developers"
internal = false
subnets = ["your-subnet-id"]
security_groups = ["your-security-group-id"]
idle_timeout = 120
}
resource "aws_alb_target_group" "per_developer" {
count = "${length(var.users)}"
name = "${element(var.users, count.index)}"
port = 8080
protocol = "HTTP"
vpc_id = "your-vpc-id"
deregistration_delay = 0
health_check {
path = "/health_check"
interval = 45
matcher = 200
unhealthy_threshold = 8
}
}
resource "aws_alb_listener" "developers" {
load_balancer_arn = "${aws_alb.developers.arn}"
port = 443
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
certificate_arn = "your-certificate-arn"
default_action {
target_group_arn = "${element(aws_alb_target_group.per_developer.*.arn, 0)}"
type = "forward"
}
}
resource "aws_alb_listener_rule" "per_developer" {
count = "${length(var.users)}"
listener_arn = "${aws_alb_listener.developers.arn}"
priority = "${count.index + 1}"
action {
target_group_arn = "${element(aws_alb_target_group.per_developer.*.arn, count.index)}"
type = "forward"
}
condition {
field = "host-header"
values = ["${element(var.users, count.index)}-*.example.com"]
}
}
resource "aws_route53_record" "per_developer_app" {
count = "${length(var.users)}"
zone_id = "${var.zone_id}"
name = "${element(var.users, count.index)}-app.${var.domain_name}"
type = "A"
alias {
name = "${aws_alb.developers.dns_name}"
zone_id = "${aws_alb.developers.zone_id}"
evaluate_target_health = true
}
}
デプãƒã‚¤å®šç¾©ã®ä¾‹
set :rails_env, :staging set :branch, ENV["GIT_SHA1"] || (`git rev-parse HEAD`).strip set :slackistrano, false raise "require DEVELOPER env" unless ENV["DEVELOPER"] target_group_arn = Aws::ElasticLoadBalancingV2::Client.new.describe_target_groups(names: [ENV["DEVELOPER"]]).target_groups[0].target_group_arn set :ecs_services, [ { cluster: "staging-per-member", name: "#{ENV["DEVELOPER"]}-#{fetch(:rails_env)}", task_definition_name: "#{ENV["DEVELOPER"]}-staging", desired_count: 1, deployment_configuration: {maximum_percent: 100, minimum_healthy_percent: 0}, load_balancers: [ target_group_arn: target_group_arn, container_port: 8080, container_name: "nginx", ], }, ]
Autoscale (è¿‘ã„内ã«ä¸è¦ã«ãªã‚‹è©±)
Fargate Tokyoリージョンã¯ã‚ˆï¼
- ç¾æ™‚点ã§ECS Serviceã®ã‚¹ã‚±ãƒ¼ãƒ«ã¨EC2ã®ã‚¹ã‚±ãƒ¼ãƒ«ã¯ç‹¬ç«‹ã—ã¦ã„ã‚‹
- Service増やã—ã¦ã‚‚EC2ã®ãƒŽãƒ¼ãƒ‰ã‚’増やã•ãªã„ã¨ã‚³ãƒ³ãƒ†ãƒŠã‚’ç«‹ã¦ã‚‹ã¨ã“ã‚ãŒãªã„
- 増やã™ã®ã¯ç°¡å˜ã ãŒæ¸›ã‚‰ã™æ™‚ã®å¯¾è±¡ã‚’コントãƒãƒ¼ãƒ«ã§ããªã„
ã¨ã„ã†ã‚ã‘ã§ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§è‰¯ã„方法ãŒãªã„。
ecs_deploy/ecs_auto_scaler
https://github.com/reproio/ecs_deploy
- CloudWatchã‚’ãƒãƒ¼ãƒªãƒ³ã‚°ã—ã¦è‡ªåˆ†ã§ã‚ªãƒ¼ãƒˆã‚¹ã‚±ãƒ¼ãƒ«ã™ã‚‹ :cry:
- Serviceã®æ•°ã‚’制御ã—ã€EC2ã®æ•°ã¯Serviceã®æ•°ã«åˆã‚ã›ã¦è‡ªå‹•ã§åŽæŸã•ã›ã‚‹
- スケールインã®éš›ã¯ã€ã‚³ãƒ³ãƒ†ãƒŠãŒå‹•ä½œã—ã¦ã„ãªã„ノードを検出ã—ã¦è½ã¨ã™
- コンテナãŒæ¢ã¾ã‚‹ã¾ã§ã¯EC2ã®ãƒŽãƒ¼ãƒ‰ã¯è½ã¨ã•ãªã„
polling_interval: 60 auto_scaling_groups: - name: ecs-cluster-nodes region: ap-northeast-1 buffer: 1 # タスク数ã«å¯¾ã™ã‚‹ä½™å‰°ã®ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹æ•° services: - name: app-production cluster: ecs-cluster region: ap-northeast-1 auto_scaling_group_name: ecs-cluster-nodes step: 1 idle_time: 240 max_task_count: [10, 25] scheduled_min_task_count: - {from: "1:45", to: "4:30", count: 8} cooldown_time_for_reach_max: 600 min_task_count: 0 upscale_triggers: - alarm_name: "ECS [app-production] CPUUtilization" state: ALARM downscale_triggers: - alarm_name: "ECS [app-production] CPUUtilization (low)" state: OK
ecs_auto_scaler自体もコンテナã«
- ecs_auto_scalerã¯ã‚·ãƒ³ãƒ—ルãªforegroundプãƒã‚»ã‚¹
- ç°¡å˜ãªDockerfileã§ã‚³ãƒ³ãƒ†ãƒŠåŒ–å¯èƒ½
- ã“ã„ã¤è‡ªèº«ã‚‚ECSã«ãƒ‡ãƒ—ãƒã‚¤ã™ã‚‹
ã¾ã‚ã€Fargateã§ä¸è¦ã«ãªã‚‹ã¨æ€ã†
コマンド実行ã¨ãƒã‚°åŽé›†
ECSã«ãŠã„ã¦ç‰¹å®šã®ãƒŽãƒ¼ãƒ‰ã«ãƒã‚°ã‚¤ãƒ³ã™ã‚‹ã¨ã„ã†ã®ã¯è² ã‘ã§ã‚ã‚‹ rails runnerã‚„rakeã‚’SSHã§å®Ÿè¡Œã¨ã‹ã‚„ã‚‹ã¹ãã§ã¯ãªã„ ãã®ã‚µãƒ¼ãƒãƒ¼ã®é‹ç”¨ç®¡ç†ã‚’ã—ãªã‘ã‚Œã°ãªã‚‰ãªããªã‚‹
wrapbox
https://github.com/reproio/wrapbox
- ECS用ã®ã‚³ãƒžãƒ³ãƒ‰Runner
- åŠç«¯ã«æ±Žç”¨æ€§ã‚’æŒãŸã›ã‚ˆã†ã¨ã—ãŸã‚“ã§ã‚³ãƒ¼ãƒ‰ãŒå¾®å¦™ã«â€¦â€¦
- TaskDefinitionを生æˆã€ç™»éŒ²ã—ã€å³èµ·å‹•ã™ã‚‹
- 終了ã¾ã§ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ã‚’ãƒãƒ¼ãƒªãƒ³ã‚°ã—å¾…æ©Ÿã™ã‚‹
- タスク起動権é™ã¯IAMã§ã‚¯ãƒ©ã‚¹ã‚¿å˜ä½ã§ç®¡ç†ã§ãã‚‹
- 慣れるã¨SSHã¨ã‹ãƒ‡ãƒ—ãƒã‚¤ãŒä¸è¦ã§ã‚€ã—ã‚楽
default: region: ap-northeast-1 container_definition: image: "<ecr_url>/app:<%= ENV["GIT_SHA1"]&.chomp || ENV["RAILS_ENV"] %>" cpu: 704 memory: 1408 working_directory: /app entry_point: ["prehook", "ruby /app/docker/setup.rb", "--"] environment: - {name: "RAILS_ENV", value: "<%= ENV["RAILS_ENV"] %>"}
wrapboxã§å®Ÿè¡Œã—ãŸã‚³ãƒžãƒ³ãƒ‰ãƒã‚°ã®å–å¾—
- papertrailã«ãƒã‚°ã‚’転é€ã—ã€åˆ¥ã‚¹ãƒ¬ãƒƒãƒ‰ã§ãƒãƒ¼ãƒªãƒ³ã‚°ã—ã¦ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã«æµã™ã“ã¨ãŒã§ãã‚‹
- 原ç†çš„ã«ä»–ã®ãƒã‚°é›†ç´„サービスã§ã‚‚実ç¾å¯èƒ½ã ãŒã€ç¾åœ¨papertrailã—ã‹å®Ÿè£…ã¯ãªã„
default:
# çœç•¥
log_fetcher:
type: papertrail # Use PAPERTRAIL_API_TOKEN env for Authentication
group: "<%= ENV["RAILS_ENV"] %>"
query: wrapbox-default
log_configuration:
log_driver: syslog
options:
syslog-address: "tcp+tls://<papertrail-entrypoint>"
tag: wrapbox-default
db:migrate
capistranoã®hookを利用ã—wrapboxã§å®Ÿè¡Œã™ã‚‹
def execute_with_wrapbox(executions) executions.each do |execution| runner = Wrapbox::Runner::Ecs.new({ cluster: execution[:cluster], region: execution[:region], task_definition: execution[:task_definition] }) parameter = { environments: execution[:environment], task_role_arn: execution[:task_role_arn], timeout: execution[:timeout], }.compact runner.run_cmd(execution[:command], **parameter) end end desc "execution command on ECS with wrapbox gem (before deployment)" task :before_deploy do execute_with_wrapbox(Array(fetch(:ecs_executions_before_deploy))) end
set :ecs_executions_before_deploy, -> do # ecs_deployã®çµæžœã‹ã‚‰TaskDefã‚’å–å¾— rake = fetch(:ecs_registered_tasks)["ap-northeast-1"]["rake"] raise "Not registered new task" unless rake [ { cluster: "app", region: "ap-northeast-1", task_definition: { task_definition_name: "#{rake.family}:#{rake.revision}", main_container_name: "rake" }, command: ["db:ridgepole:apply"], timeout: 600, } ] end
db:migrate -> ridgepole
- migrateã®upã¨downãŒã‚ã‚“ã©ã„
- 特ã«é–‹ç™ºè€…用ステージング
- ridgepoleãªã‚‰ãƒ‡ãƒ—ãƒã‚¤æ™‚ã«å®Ÿè¡Œã™ã‚‹ã ã‘ã§ã€ã»ã¼åŽæŸã™ã‚‹
- エラーãŒèµ·ããŸã‚‰slackã«ãƒã‚°ã‚’出ã—ã¦ã€æ‰‹å‹•ã§ç›´ã™
- productionã¯diffãŒã‚ã‚Œã°ãƒªãƒªãƒ¼ã‚¹ã‚’åœæ¢ã•ã›ã‚‹
- diffを見ã¦ãƒªãƒªãƒ¼ã‚¹æ‹…当者ãŒæ‰‹å‹•ã§DDLを発行ã™ã‚‹
テストã¨CI
以下をå‚照。 https://speakerdeck.com/joker1007/dockershi-dai-falsefen-san-rspechuan-jing-falsezuo-rifang
