Immutable�Infrastructure

Daekwon�Kim

propellerheaven@gmail.com

nacyot

@nacyot

Ruby�programmer

http://nacyot.com

Web�Development

Ruby�on�Rails

Programming�Languages

Visualization

Translation

Deployment

Deployment

Immutable�Infrastructure

Leevi

http://leevi.co.kr/

Remotty

http://blog.remotty.com

지난�이야기

Web�Development

Server�Management

Amazon�Web�Service

오늘�이야기

Immutable�Infrastructure

Disposable�Components

Orchestration

Blue�Green�Deployment

Continuous�Delivery

새로운�툴

Chef�/�Puppet�/�Ansible

Docker

Vagrant

Packer

Serf

ServerSpec

Amazon�Web�Service

TOC

Cloud

Auto�Scaling

Image

Deploy

Immutable�Infrastructure

Disposable�Components

Configuration�Management

Docker

HashiCorp

Cloud

SaaS

PasS

IaaS

Cloud

Software�as�a�Service

Google�Apps

Adobe�Creative�Cloud

Platform�as�a�Service

Heroku

Google�App�Engine

Infrastructure�as�a�Service

Amazon�Web�Service

Ucloud�biz

Platform�as�a�Service

컴퓨터�vs�클라우드

컴퓨터(서버)

물리적�실체

공간적�제약

장소적�제약

예산적�제약

유지보수

클라우드�위의�컴퓨터

비물리적�실체

공간적�제약?

장소적�제약?

예산적�제약?

유지보수?

Delegate,�Delegate,�Delegate

공간적�제약

언제든�원하는�만큼�사용할�수�있음

물리적�서버를�설치할�필요�없음

장소적�제약

원하는�리젼(장소)에서�서비스�가능

AWS�EC2,�Digital�Ocean

원하는�위치에서�배포�가능

CDN,�AWS�CloudFront

예산적�제약

매몰비용이�거의�발생하지�않음

서버를�구입할�필요�없음

월�단위�대여할�필요�없음

사용한�만큼만�내면�됨

시간�단위�과금

유지보수

필요없음

Disposable�Components?

"Amazon�Web�Service는�인터넷의�발전소다."

타마카와�켄

디지털�오션�예제

서버�실행하기

$�tugboat�create�ContainerShip�-s�66�-i�2158507�-r�6�-k�301023$�tugboat�dropletsContainerShip�(ip:�128.199.253.99,�status:�new,�region:�6,�id:�1383635)

서버�종료하기

$�tugboat�destroy�ContainerShipDroplet�fuzzy�name�provided.�Finding�droplet�ID...done,�1383635�(ContainerShip)Warning!�Potentially�destructive�action.�Please�confirm�[y/n]:�yQueuing�destroy�for�1383635�(ContainerShip)...done

Billing

10원

Cloud�!=�Server�Hosting

RRRSpec

분산�테스트�프레임워크

RRRSpec

테스트�17000개

1대로�몇�시간�걸림

RRRSpec

1대�*�몇�시간

==

EC2�스팟�인스턴스�60대�*�8~9분

Deployment�on�Cloud

Auto�Scaling

부하가�커지면

자동적으로�인스턴스가�실행되고(Scale�Out)

부하가�작아지면

자동적으로�인스턴스가�종료됨

Auto�Scaling의�장점

유연한�대응

합리적�비용

Auto�Scaling의�조건

어플리케이션�설계

정교한�비지니스�로직�분리

서버�환경�설정�분리�및�자동화

데이터�스토어�분리

When�in�Rome,�do�as�the�Romans�do

클라우드�위에선�클라우드에�어울리는�설계가�필요

Best�Practice

CDP�클라우드�설계�원칙

The�Twelve-Factor�App

CDP�클라우드�설계�원칙

가능한�한�서비스를�이용

생각보다�행동으로

작은�규모로�시작하여�스케일�아웃

변화를�전�계층에서�처리

고장을�위한�설계

처음뿐이�아닌�주기적인�개선

Auto�Scaling을�전제로�한�컴퓨터란

어플리케이션이�가동되기�위한�환경이�구성된

인스턴스로부터�Stamp�패턴으로�생성된

AMI�이미지로부터�생성된

가상�인스턴스(컴퓨터)

Auto�Scaling을�전제로�한�컴퓨터란

어플리케이션이�가동되기�위한�환경이�구성된

인스턴스로부터�Stamp�패턴으로�생성된

AMI�이미지로부터�생성된

Disposable�Components

Disposable�Copmonent

쓰고

버리는

Disposable�Copmonent

미리�설정된

쓰고

버리는

인스턴스(컴퓨터)

Disposable�Copmonent

서버�설정?

서버�관리?

Image

Image

새로운�문제

Image

이미지는�정말로�작동�가능한가?

Image

아마도…

최초의�이미지는�어디서�오는가?

서버�설정

useradd�…

set�env

apt-get�update

apt-get�install�…(순서!!)

ufw�…

iptable�…

…

최초의�이미지는�어디서�오는가?

어플리케이션�설치

ruby�build

apt-get�…

gem�install�bundler

git�clone�…

bundle�inastll

configuration

run�application�server

server�proxy

…

어플리케이션이�업데이트�되면?

어플리케이션�업데이트

git�pull�…

apt-get�…

bundle�update

configuration

…

유지보수

The�system�becomes�a�house�of�cards.�You�fear�any�changeand�you�fear�replacing�it�since�you�don’t�know�everything

about�how�it�works.

Trash�Your�Servers�and�Burn�Your�Code:�Immutable�Infrastructure�andDisposable�Components,�Chad�Fowler

서버�관리의�본질은�전역적�환경설정

서버는

하드웨어부터

OS를�거쳐

어플리케이션까지

모든�요소들이�얽히고�섥혀있는�곳

의존성�거의�관리�불가능

Stateful�Image

그저�이미지화�했을�뿐이고

Stateful�Image

복원�불가능

검증�불가능

일단�돌아는�감

안전�불감증

Stateful�Image

Disposable�Components

from�Recycled�Image

State

프로그래머의�원죄

전역변수를�사용하지�말라

Configuration�Management

"상태�관리가�귀찮으면�관리�안하면�되잖아"

이토�나오야

Infrastructure�as�Code

이토�나오야

Configuration�Management

Chef

Puppet

Ansible

Configuration�Management

Idempotence(멱등)

Configuration�Management

복원�가능

Build

검증�가능

Serverspec

이력�관리

Infrastructure�as�Code

Build

#�Chef�Cookbook�::�MyServer#�Recipe::�Install�Apache

log�'Install�Apache'package�'httpd'�do��action�:installend

ServerSpec

require�'spec_helper'

describe�package('httpd')�do��it�{�should�be_installed�}end

describe�service('httpd')�do��it�{�should�be_enabled���}��it�{�should�be_running���}end

describe�port(80)�do��it�{�should�be_listening�}end

Configuration�Management

Deployment

Vagrant

Provisioner

Provider

Vagrant

Provisioner�=�Chef

Provider�=�Vmware

Vagrant

Provisioner�=�Chef

Provider�=�AWS�EC2

Vagrant

Provisioning�=�Chef

Provider�=�Digital�Ocean

Vagrant

HashiCorp의�야망

Vagrant

뒤에서�다시

Server�Image

Stateless

Configuration�Management

Immutable�Infrastructure

Immutable?

변경�불가능

in�Java

String�vs�StringBuffer

함수형�프로그래밍�언어

Immutable�==�Stateless

Travis�CI

커밋�할�때마다

새로운�빌드�환경�구축

Heroku

푸쉬�할�때마다

새로운�어플리케이션�이미지�생성

Immutable�Infrastructure

관리가능하고

Configuration�Management

Immutable�Infrastructure

테스트�가능한

ServerSpec

Immutable�Infrastructure

Stateless하고

Build

Immutable�Infrastructure

Scalable한

Stamp�Pattern

Immutable�Infrastructure

이미지�기반의

Lightweight,�Portable

Immutable�Infrastructure

관리가능하고

테스트�가능하며

Stateless하고

Scalable한

이미지�기반의

어플리케이션�배포

Docker

"Docker�is�an�open-source�engine�that�automates�thedeployment�of�any�application�as�a�lightweight,�portable,�self-

sufficient�container�that�will�run�virtually�anywhere"

Docker

한마디로

Build�Once,�Run�Anywhere

Docker

Docker

Image

Container

Dockerfile

Docker�Image

Build

Dockerfile

FROM�ubuntu:12.04MAINTAINER�Daekwon�Kim�

#�Run�upgradeRUN�echo�"deb�http://archive.ubuntu.com/ubuntu�precise�main�universe"�>�/etc/apt/sources.listRUN�apt-get�update

#�Install�basic�packagesRUN�apt-get�-qq�-y�install�git�curl�build-essential

#�Install�apache2RUN�apt-get�-qq�-y�install�apache2ENV�APACHE_RUN_USER�www-dataENV�APACHE_RUN_GROUP�www-dataENV�APACHE_LOG_DIR�/var/log/apache2RUN�a2enmod�rewrite

<propellerheaven@gmail.com>

Docker�Container

Run

Docker-registry

Image�Archive

예제)�Remotty�공동가계부�빌드/배포�구상도

Github�Hook

Jenkins

Local

Push�Image�to�Docker�Registry

Remote(Stage�Server)

Notify

Local(Build�Serve)

Docker�Build(test)

Docker�Build(application)

Push�Image�to�Docker�Registry

Dockerfile

FROM�nacyot-bbapiMAINTAINER�Daekwon�Kim�

ADD�.�/workspace

#�ENVENV�RAILS_ENV�test

#�BuildRUN�cd�/workspace;�echo�'gem:�--no-ri�--no-rdoc'�>�~/.gemrcRUN�cd�/workspace;�bundle�install�--without�developmentRUN�cd�/workspace;�bundle�exec�rake�db:migrate�RAILS_ENV=testRUN�cd�/workspace;�bundle�exec�rspec

<propellerheaven@gmail.com>

Dockerfile.production

#�Install�bbapiADD�.�/appADD�Procfile�/app/ProcfileENV�RAILS_ENV�productionRUN�cd�/app;�bundle�install�--without�development�testRUN�cd�/app;�bundle�exec�rake�db:createRUN�cd�/app;�bundle�exec�rake�db:migrateRUN�cd�/app;�bundle�exec�rake�db:seedRUN�cd�/app/angular;�npm�installRUN�cd�/app/angular;�mkdir�tasksRUN�cd�/app/angular;�npm�install�grunt-contrib-nodeunitRUN�mv�/app/angular/config/config.default.json�/app/angular/config/config.json

#�Run�bbapiEXPOSE�3000EXPOSE�9000WORKDIR�/appCMD�foreman�start�-f�Procfile

Push�Image�to�Dokcer�Registry

mv�Dockerfile.production�Dockerfile�export�HASH=$(git�show-ref�--head�|�grep�-h�HEAD�|�cut�-d':'�-f2�|�head�-n�1�|�head�-c�10)docker�build�-rm�-t�nacyot-bbapi:${HASH}�.docker�tag�nacyot-bbapi:${HASH}�docker-registry.remotty.com/nacyot-bbapi:${HASH}docker�tag�nacyot-bbapi:${HASH}�docker-registry.remotty.com/nacyot-bbapi:latestdocker�docker-registry.remotty/nacyot-bbapi

커밋마다�빌드되어�이미지로�Registry�저장소(S3)에�저장됨.

Remote(Stage�Server)

docker�pull�docker-registry.remotty.com/nacyot-bbapi:latestdocker�run�-d�docker-registry.remotty.com/nacyot-bbapi:latest

${HASH}.stage.bbapi.remotty.com

커밋별�스테이지�서버

E2E�Test

Remote(Stage�Server)

참고�:�도커�이미지�용량?

(1�+�1�+�1�+�1�+�1�+�1�+�1)�GB�=�7GB?

참고�:�도커�이미지�용량?

$�s3cmd�du�-H���������������������������������������������1241M����s3://remotty-docker-registry/

참고�:�도커�이미지�용량?

Notify

Slack

Github

Deployment�based�on�Docker

==�Runing�Container

!=�Managing�Server

Docker�장점

컨테이너를�싣는�플랫폼

Docker�단점

컨테이너를�싣는�플랫폼

HashiCorp

Vagrant

Packer

Serf

Packer

"Packer�is�lightweight,�runs�on�every�major�operating�system,and�is�highly�performant,�creating�machine�images�for

multiple�platforms�in�parallel."

Introduction�to�Packer

Packer

한마디로

범용적�이미지�생성기

Packer

Provisioners

Chef�Solo

Ansible

Puppet

Shell�Scripts

Builders

Amazon�EC2(AMI)

Digital�Ocean

Docker

Google�Comput�Engine

VirtualBox

VMware

Vagrant�and�Packer

Development�=�Deployment�=�Image

Serf

Orchestration

"The�Future�is�Immutable"

Mitchell�Hashimoto

감사합니다�:)