The document discusses infrastructure provisioning and configuration management using tools like Terraform. It describes how Terraform allows infrastructure to be defined code and enables infrastructure as code practices. Key benefits of Terraform mentioned are that it supports many cloud providers, allows for flexible and reusable infrastructure configurations, and provides execution plans to preview changes before applying them. The document also provides an overview of the Terraform workflow which involves writing configuration files, running execution plans, and applying templates to create resources.

1. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Vagrant, Terraform, Ansible을
활용한 클라우드 인프라 관리법
taewan kim (@taewanme)
Principal Sales Consultant
Infrastructure, Cloud Plamform
August 30, 2017
Confidential – Oracle Internal/Restricted/Highly Restricted

2. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, and timing of any features or
functionality described for Oracle’s products remains at the sole discretion of Oracle.
Confidential – Oracle Internal/Restricted/Highly Restricted 2

3. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Program Agenda
Control of Cloud Resources
Provisioning & IaC(Infrastructure as Code)
Infrastructure Provisioning
Configuration Management
Infrastructure Validation
1
2
3
4
5
Confidential – Oracle Internal/Restricted/Highly Restricted 3

4. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
How to Control
Cloud Resources.
Confidential – Oracle Internal/Restricted/Highly Restricted 4

5. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Before Cloud
Confidential – Oracle Internal/Restricted/Highly Restricted 5
Server Network Storage Server
운영체제(Operating System)
미들웨어(WAS)
Web
APP
Web
APP
Web
APP

6. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Before Cloud
Confidential – Oracle Internal/Restricted/Highly Restricted 6
Server Network Storage Server
운영체제(Operating System)
미들웨어(WAS)
Web
APP
Web
APP
Web
APP
Hardware
OS
Middleware
Software

7. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
After Cloud
Confidential – Oracle Internal/Restricted/Highly Restricted 7
Server Network Storage Server
운영체제(Operating System)
미들웨어(WAS)
Web
APP
Web
APP
Web
APP
인프라 엔지니어
시스템 엔지니어
개발자

8. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Before Cloud
Confidential – Oracle Internal/Restricted/Highly Restricted 8
Server Network Storage Server
운영체제(Operating System)
미들웨어(WAS)
Web
APP
Web
APP
Web
APP
인프라 엔지니어
Configuration
Management
Backup &
Recovery 시스템 엔지니어
개발자
Disaster Recovery

9. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 9
Controllable?
Configuration Management
Version Management
Version Determination

10. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Before Cloud
Confidential – Oracle Internal/Restricted/Highly Restricted 10
Server Network Storage Server
운영체제(Operating System)
미들웨어(WAS)
Web
APP
Web
APP
Web
APP Controllable

11. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Before Cloud
Confidential – Oracle Internal/Restricted/Highly Restricted 11
Network StorageServer
Web
APP
Web
APP
Web
APPControllable
Version Control build tool Lib Repository Unit Test CI/CD

12. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Server Network Storage Server
운영체제(Operating System)
Hypervisor
VM
VM
클라우드 컴퓨팅
Confidential – Oracle Internal/Restricted/Highly Restricted 12
VM VM
VM
VMVM VM
VM
VMVM

13. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
클라우드 컴퓨팅
Confidential – Oracle Internal/Restricted/Highly Restricted 13
Server Network Storage Server
운영체제(Operating System)
Hypervisor
VM
VMVM VM
VM
VMVM VM
VM
VMVM

14. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
클라우드 컴퓨팅
Confidential – Oracle Internal/Restricted/Highly Restricted 14
Server Network Storage Server
운영체제(Operating System)
Hypervisor
VM
VMVM VM
Identity Domain
VM
VMVM VM
VM
VMVM
Identity Domain Identity Domain
Software-
Defined Security
Software-
Defined Network

15. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
클라우드 컴퓨팅
Confidential – Oracle Internal/Restricted/Highly Restricted 15
Server Network Storage Server
운영체제(Operating System)
Hypervisor
VM
VMVM VM
Identity Domain
VM
VMVM VM
VM
VMVM
Identity Domain Identity Domain
Software-
Defined Security
Software-
Defined Network
Software

16. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
클라우드 컴퓨팅
Confidential – Oracle Internal/Restricted/Highly Restricted 16
VM
VMVM VM
Identity Domain
VM
VMVM VM
VM
VMVM
Identity Domain Identity Domain
Software-
Defined Security
Software-
Defined Network
Software
All Resources in cloud
can be Controlled.

17. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
클라우드 리소스
Confidential – Oracle Internal/Restricted/Highly Restricted 17
VM
VMVM VM
Identity Domain
VM
VMVM VM
VM
VMVM
Identity Domain Identity Domain
Software-
Defined Security
Software-
Defined Network
Software
Controllable
Infra Build Configuration Agile Testing Version CI

18. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
클라우드 리소스
Confidential – Oracle Internal/Restricted/Highly Restricted 18
VM
VMVM VM
Identity Domain
VM
VMVM VM
VM
VMVM
Identity Domain Identity Domain
Software-
Defined Security
Software-
Defined Network
Software
Controllable
Infra Build Configuration Agile Testing Version CI
*
*
*
*

19. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Provisioning & IaC (Infrastructure as Code)
Confidential – Oracle Internal/Restricted/Highly Restricted 19

20. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
“프로비저닝(provisioning)은 사용자의
요구에 맞게 시스템 자원을 할당, 배치,
배포해 두었다가 필요 시 시스템을
즉시 사용할 수 있는 상태로 미리
준비해 두는 것을 말한다. ”
– https://en.wikipedia.org/wiki/Provisioning
Confidential – Oracle Internal/Restricted/Highly Restricted 20

21. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Provisioning 컴퓨터 자원을 할당 받아 사용 가능
Confidential – Oracle Internal/Restricted/Highly Restricted 21

22. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Provisioning 컴퓨터 자원을 할당 받아 라이브러리와
소프트웨어를 설치하고 관리
Confidential – Oracle Internal/Restricted/Highly Restricted 22
• 할당 받은 클라우드 자원의 형상
관리
• Deployment를 포함
• VM 환경변수, 라이브러리,
패키지, 서비스 설정, Account
Infrastructure Provisioning Configuration Management
• 배포할 소프트웨어가 사용할
클라우드 자원을 생성하고
자원의 상태를 형상 관리
• VM Shape, 네트워크 토폴로지,
스토리지
• PaaS 서비스: DNS, LBS, CDN

23. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Provisioning
Confidential – Oracle Internal/Restricted/Highly Restricted 23
Infrastructure Provisioning Configuration Management
Controllable Cloud Resource
Infrastructure as Code

24. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
“Infrastructure as Code는 인프라 구성을
코드로 표현하고 빌드, 마치
소프트웨어를 프로그래밍하는 것처럼
처리하는 방식입니다”
– https://en.wikipedia.org/wiki/Infrastructure_as_Code
Confidential – Oracle Internal/Restricted/Highly Restricted 24
Infrastructure
as code
Version
Control
Controllalbe Resources
DevOps
Automation
Documentation
Test Review
Reuse

25. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Tools for Infrastructure as Code (IaS)
Confidential – Oracle Internal/Restricted/Highly Restricted 25
Infrastructure Provisioning Configuration Management

26. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Infrastructure Provisioning
Confidential – Oracle Internal/Restricted/Highly Restricted 26

27. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Infrastructure “Information technology infrastructure is
composed of physical and virtual resources
that support the flow, storage, processing
and analysis of data.”
Confidential – Oracle Internal/Restricted/Highly Restricted 27
http://searchdatacenter.techtarget.com/definition/infrastructure

28. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Infrastructure in cloud computing
Confidential – Oracle Internal/Restricted/Highly Restricted 28
IaaS PaaS External Service

29. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Infrastructure Provisioning
Confidential – Oracle Internal/Restricted/Highly Restricted 29

30. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform
Confidential – Oracle Internal/Restricted/Highly Restricted 30
Alicloud, AWS, Bitbucket, Cloudflare,
CloudStack, DigitalOcean, Docker,
Dyn, GitHub, Gitlab, Google Cloud,
Grafana, Heroku, HTTP, Icinga2,
Ignition, InfluxDB, Kubernetes, New
Relic, Microsoft Azure, MySQL,
Oracle Public Cloud, OpenStack,
PagerDuty, PostgreSQL, RabbitMQ,
Rancher, SoftLayer, VMware vSphere
Provider
Terraform is a tool for building,
changing, and versioning
infrastructure safely and efficiently.
Terraform can manage existing and
popular service providers as well as
custom in-house solutions.

31. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform: Infrastructure as Code
Confidential – Oracle Internal/Restricted/Highly Restricted 31
Oracle Cloud
접속 정보
Public IP 생성
VM 생성

32. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 32
Terraform 특징
1. 다양한 Vendor를 지원
2. 유연한 인프라 구성 & Resue
3. 오픈소스 생태계
4. 적용 전 변경사항 미리보기 가능 (Plan)
5. 리소스간 의존성을 그래프로 확인
6. 설치가 용이 (go-lang)
7. 속도 와 안전
8. 문서화리뷰 및 테스트

33. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 33
Terraform 주요 기능
1. Infrastructure as a code
2. Execution Plan
3. Resource Graph
4. Change Automation

34. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 34
Terraform 작업 절차
1. tf 파일작성
2. Execution Plan 실행(Dry run)
3. Template 실행(자원 생성)
4. 결과 및 자원 생성 확인

35. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 35
Terraform command
• terraform plan (Dry run)
• terraform apply
• terraform show
• terraform graph
• terraform destroy
• -

36. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 36

37. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Configuration Management
Subtitle
Confidential – Oracle Internal/Restricted/Highly Restricted 37

38. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Configuration Management
Confidential – Oracle Internal/Restricted/Highly Restricted 38
No Agent Python Red hat
SSH Parallel YML
Ruby Enterprise Opscode
Recipe Server DSL
Ruby Agile Report
Module Testing DSL

39. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Configuration Management
Confidential – Oracle Internal/Restricted/Highly Restricted 39
No Agent Python Red hat
SSH Parallel YML
Ruby Enterprise Opscode
Recipe Server DSL
Ruby Agile Report
Module Testing DSL

40. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Configuration Management
Confidential – Oracle Internal/Restricted/Highly Restricted 40
No Agent Python Red hat
SSH Parallel YAML
Ruby Enterprise Opscode
Recipe Server DSL
Ruby Agile Report
Module Testing DSL

41. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Demo
VM
Haproxy
VM
Apache
VM
Apache
VM
MySQL
VM
Nagios

42. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Ansible Playbook

43. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Ansible Template

44. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Ansible Directory Layout
[webservers]
129.150.82.135
129.150.76.149
[dbservers]
129.150.85.162
[lbservers]
129.150.85.87
[monitoring]
129.150.85.99

45. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Layout

46. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform & Ansible

47. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Infrastructure Validation
Testing
Confidential – Oracle Internal/Restricted/Highly Restricted 47

48. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 48
Infrastructure Testing Framework

49. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Testinfra
90%
Brief caption or descriptive
statement relating to
infographic
10
Brief caption or descriptive
statement relating to
infographic
Confidential – Oracle Internal/Restricted/Highly Restricted 49
FILE PACKAGE
SERVICE
testinfra --connection=ssh
--hosts=129.150.76.149
--sudo test.py

50. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Testinfra 단위 테스트 실행 결과
Confidential – Oracle Internal/Restricted/Highly Restricted 50

51. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Testing + CI/CD
Confidential – Oracle Internal/Restricted/Highly Restricted 51
Infrastructure Testing Framework Continuous Integration

52. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Agile Development - IaC
Subtitle
Confidential – Oracle Internal/Restricted/Highly Restricted 52

53. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Vagrant
Confidential – Oracle Internal/Restricted/Highly Restricted 53

54. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
OS 레파지토리: http://app.vagrantup.com
Confidential – Oracle Internal/Restricted/Highly Restricted 54

55. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Vagrant Command & Vagrant File
• vagrant box add precise32 http://files.vagrantup.com/precise32.box
• vagrant init precise32
• vagrant up
• vagrant ssh
• vagrant destroy
Confidential – Oracle Internal/Restricted/Highly Restricted 55
Vagrantfile

56. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Vagrant + Ansible + Testinfra
Confidential – Oracle Internal/Restricted/Highly Restricted 56
vagrant provison
after saving playbook
Validation
Unit test
by Python

57. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 57
Summary: How to Control Cloud Resources.

58. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 58
infra provisioning
Summary: How to Control Cloud Resources.

59. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 59
infra provisioning
Config Mngt
Summary: How to Control Cloud Resources.

60. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 60
infra provisioning
Config Mngt
Summary: How to Control Cloud Resources.

61. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 61
Testing
in Dev Stage
infra provisioning
Config Mngt
Summary: How to Control Cloud Resources.

62. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 62
Summary: How to Control Cloud Resources.
Continuous
ValidationTesting
in Dev Stage
Testing
in Local
infra provisioning
Config Mngt

63. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 63
Summary: How to Control Cloud Resources.
Continuous
ValidationTesting
in Dev Stage
Testing
in Local
infra provisioning
Config Mngt

64. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 64
Summary: How to Control Cloud Resources.
Continuous
ValidationTesting
in Dev Stage
Testing
in Local
infra provisioning
Config Mngt

65. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 65
http://www.oracloud.kr

66. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 66

67. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 67

68. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Agile Development - IaC
Subtitle
Confidential – Oracle Internal/Restricted/Highly Restricted 68