堅牢性を高めるためのinfrastructure as code
TRANSCRIPT
![Page 1: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/1.jpg)
![Page 2: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/2.jpg)
{
“名前” : “真壁徹(まかべ とおる)”,
“所属” : “日本マイクロソフト株式会社”,
“役割” : “クラウド ソリューションアーキテクト”,
“経歴” : “大和総研 HP Enterprise”,
“特技” : [ “クラウド”, “OSS”, “ビール” ]
}
![Page 3: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/3.jpg)
「このクラウドに載るシステムは
非常に重要であるため
プロビジョニング申請受領後
Hardeningなどの作業に
3営業日を要します」
![Page 4: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/4.jpg)
むしろ「脆い」かもしれない
![Page 5: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/5.jpg)
![Page 6: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/6.jpg)
![Page 7: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/7.jpg)
{ "$schema":
"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0","parameters": { "adminUsername":
{ "type": "string", "defaultValue": "azureuser", "metadata": { "description": "User name for the Virtual Machine." } }…
- hosts: webserversvars: http_port: 80max_clients: 200remote_user: roottasks:- name: ensure apache is at the latest
versionyum: name=httpd state=latest
- name: write the apache config file template: src=/srv/httpd.j2…
「実現したい環境」をコードにできる -> 技術者の働き方が変わる
GUIがうれしいのは
3回目まで
![Page 8: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/8.jpg)
![Page 9: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/9.jpg)
![Page 10: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/10.jpg)
バージョニング、テスト、コラボレーション、etc
みなが専門家ではないので、楽に適用できるようにする
「実環境はコードの通りです」
うちのシステムはどっちかって言うと「守り」モードなんですよね
えっ、守りにも効くんすか
![Page 11: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/11.jpg)
![Page 12: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/12.jpg)
![Page 13: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/13.jpg)
![Page 14: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/14.jpg)
いやもうほんと、ちょっとだけですから
勇気をもって、システムに任せましょう
• 変更作業は必ず自動化ツール経由で
• まず開発・検証環境やPoCで自信をつける
![Page 15: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/15.jpg)
システムA システムB システムC
共通インフラチーム
http://slide.meguro.ryuzee.com/slides/75
![Page 16: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/16.jpg)
Dynamic Static
![Page 17: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/17.jpg)
Frontend subnet
Backend Subnet踏み台 Subnet
resource "azurerm_network_security_rule" "frontend_web80" {
name = "frontend_web80“
priority = 100
direction = "Inbound"
access = "Allow“
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "80"
…VPN
Gateway
![Page 18: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/18.jpg)
![Page 19: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/19.jpg)
![Page 20: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/20.jpg)
![Page 21: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/21.jpg)
![Page 22: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/22.jpg)
![Page 23: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/23.jpg)
![Page 24: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/24.jpg)
Dynamic Resources
DatastoreLogging&AnalyticsService
Datastore
Static Resources
![Page 25: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/25.jpg)
![Page 26: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/26.jpg)
ToolsAzure
Dynamic Static Utilities
Code
PowerShell/Azure CLI
Terraform
Packer
Ansible
(ローカル/オンプレミス/Azure VMを要件に合わせて選択) (オンプレミス
/AzureのVMにGitlabなどを配置してもよい)
Jenkins
![Page 27: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/27.jpg)
PowerShell/Azure CLI
https://channel9.msdn.com/Events/de-code/2016/INF-011
![Page 29: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/29.jpg)
https://www.terraform.io/docs/index.html
Dynamic & Static
Resources
Terraform
![Page 30: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/30.jpg)
![Page 31: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/31.jpg)
![Page 32: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/32.jpg)
リソースにアクセスできる Active Directory アプリケーションを作成するhttps://azure.microsoft.com/ja-jp/documentation/articles/resource-group-authenticate-service-principal/
![Page 33: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/33.jpg)
http://torumakabe.github.io/post/azure_auditlog_alert/
カジュアルにVMでも作ってみよう
あー、エージェント入れるの、めんどくせー
監査ログアラート
Azure Automation
例: OMS(ログ管理エージェントの導入)
![Page 34: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/34.jpg)
https://azure.microsoft.com/ja-jp/documentation/articles/role-based-access-control-what-is/
![Page 35: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/35.jpg)
http://torumakabe.github.io/post/azure_cli_resourcepolicy/
気分転換に欧州でGシリーズを起動してみよう
あれっ
![Page 36: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/36.jpg)
![Page 37: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/37.jpg)
Jackie Stewart, the Formula 1 racing legend
これまで培ったインフラの知識は、クラウドでも無駄になりません。むしろ武器です。
![Page 38: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/38.jpg)
![Page 39: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/39.jpg)
“Infrastructure as Code”
(O’Reilly Media, June 2016)概念の整理と言葉使いで、とても参考になりました
![Page 40: 堅牢性を高めるためのInfrastructure as Code](https://reader030.vdocuments.pub/reader030/viewer/2022021506/5871adcd1a28abda6a8b5fcb/html5/thumbnails/40.jpg)