概要
Terraform を用いて Azure環境上に Ubuntu のVMを作成し、そこにDocker環境を構築し、Confluentの「cp-all-in-one」環境を構築することができました。これで、サクッとConfluentの検証を実施することが可能となりました。
ローカル環境
- macOS Ventura 13.0
- Azure CLI 2.49.0
- terraform 1.5.2
前提条件
- Azure環境がすでに用意されていること(テナント/サブスクリプション)
- ローカル環境に「azure cli」がインストールされていること
- ローカル環境に「terraform」環境が構成されていること
- TerraformでAzure上に環境構築するためのサービスプリンシパルが作成されており、Terraform のためのローカル環境変数が定義されていること
事前準備
ローカル環境からインターネットアクセス時に自動割当されているグローバルアドレスの取得
## 利用グローバルアドレス
$ curl inet-ip.info
155.123.22.111
構築する仮想マシンのImage情報の確認
## Image
$ az vm image list --location japaneast --offer UbuntuServer --sku 18.04-LTS --all --output table
Architecture Offer Publisher Sku Urn Version
-------------- ------------ ----------- --------- ------------------------------------------------ ---------------
:
省略
:
x64 UbuntuServer Canonical 18.04-LTS Canonical:UbuntuServer:18.04-LTS:18.04.202305010 18.04.202305010
x64 UbuntuServer Canonical 18.04-LTS Canonical:UbuntuServer:18.04-LTS:18.04.202305220 18.04.202305220
x64 UbuntuServer Canonical 18.04-LTS Canonical:UbuntuServer:18.04-LTS:18.04.202306070 18.04.202306070
Terraform で Ubuntu の VM を作成する
terraform 定義ファイルの作成
プロバイダの定義
main.tf
# プロバイダーの定義
terraform {
required_providers {
azurerm = "~> 2.33"
}
}
provider "azurerm" {
features {}
tenant_id = var.ARM_TENANT_ID
client_id = var.ARM_CLIENT_ID
client_secret = var.ARM_CLIENT_SECRET
}
# リソースグループ
resource "azurerm_resource_group" "this" {
name = var.resource_group_name
location = var.region
tags = var.tags_def
}
パラメータ定義ファイル
variables.tf
# 環境変数(Azureサービスプリンシパル)
variable ARM_TENANT_ID {}
variable ARM_CLIENT_ID {}
variable ARM_CLIENT_SECRET {}
# タグ情報
variable tags_def {
default = {
owner = "ituru"
period = "2023-09-30"
CostCenter = "PSG2"
Environment = "Demo"
Project = "DUP_IaC"
}
}
# 各種パラメータ
variable region {} // 利用リージョン
variable resource_group_name {} // リソースグループ名
variable vnet_name {} // vNet名
variable vnet_address_space {} // vNetアドレス範囲
variable subnet_name {} // サブネット名
variable subnet_address {} // サブネットアドレス
variable public_ip_name {} // パブリックIP名
variable security_group_name {} // セキュリティグループ名
variable network_interface_name {} // ネットワーク・インターフェース名
variable vm_name {} // 仮想マシン名
variable vm_size {} // 仮想マシンサイズ
variable computer_name {} // コンピュータ名
variable admin_username {} // 管理者名
パラメータ値定義ファイル
terraform.tfvars
# 環境変数の定義(Azureサービスプリンシパル)
ARM_TENANT_ID = "zzzzzzzz-cccc-4645-5757-zzzzzzzzzzzz"
ARM_CLIENT_ID = "xxxxxxxx-xxxx-4444-9922-xxxxxxxxxxxx"
ARM_CLIENT_SECRET = "hogehogehogehogehogehogehogehogege"
# パラメータ値の定義
region = "japaneast" // 利用リージョン
resource_group_name = "rg_ituru_vm02" // リソースグループ名
vnet_name = "vnet_ituru_vm02" // vNet名
vnet_address_space = "10.0.0.0/16" // vNetアドレス範囲
subnet_name = "snet_ituru_vm02" // サブネット名
subnet_address = "10.0.1.0/24" // サブネットアドレス
public_ip_name = "pip_ituru_vm02" // パブリックIP名
security_group_name = "nsg_ituru_vm02" // セキュリティグループ名
network_interface_name = "nic_ituru_vm02" // ネットワーク・インターフェース名
vm_name = "vm-ituru-ubuntu" // 仮想マシン名
vm_size = "Standard_B8ms" // 仮想マシンサイズ
computer_name = "ubuntu1804" // コンピュータ名
admin_username = "nmcadmin" // 管理者名
仮想マシン定義ファイル
computer.tf
# Linux(Ubuntu 18.04) 仮想マシン
resource "azurerm_linux_virtual_machine" "this" {
name = var.vm_name
location = azurerm_resource_group.this.location
resource_group_name = azurerm_resource_group.this.name
size = var.vm_size
computer_name = var.computer_name
admin_username = var.admin_username
network_interface_ids = [
azurerm_network_interface.this.id,
]
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
admin_ssh_key {
username = var.admin_username
public_key = tls_private_key.this.public_key_openssh
}
tags = var.tags_def
}
# SSHキーの作成
resource "tls_private_key" "this" {
algorithm = "RSA"
rsa_bits = 4096
}
ネットワーク+セキュリティ定義ファイル
network.tf
// 仮想ネットワーク
resource "azurerm_virtual_network" "this" {
name = var.vnet_name
address_space = [var.vnet_address_space]
location = azurerm_resource_group.this.location
resource_group_name = azurerm_resource_group.this.name
tags = var.tags_def
}
// サブネット
resource "azurerm_subnet" "internal" {
name = var.subnet_name
resource_group_name = azurerm_resource_group.this.name
virtual_network_name = azurerm_virtual_network.this.name
address_prefixes = [var.subnet_address]
}
// パブリック IP アドレス
resource "azurerm_public_ip" "this" {
name = var.public_ip_name
location = azurerm_resource_group.this.location
resource_group_name = azurerm_resource_group.this.name
allocation_method = "Dynamic"
tags = var.tags_def
}
// ネットワーク セキュリティ グループ
resource "azurerm_network_security_group" "this" {
name = var.security_group_name
location = azurerm_resource_group.this.location
resource_group_name = azurerm_resource_group.this.name
security_rule {
name = "SSH"
description = "Allow SSH Access"
priority = 1002
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "155.123.22.111/32"
destination_address_prefix = "*"
}
security_rule {
name = "CCC"
description = "Confluent Control Center"
priority = 1012
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "9021"
source_address_prefix = "155.123.22.111/32"
destination_address_prefix = "*"
}
tags = var.tags_def
}
// ネットワーク インターフェイス
resource "azurerm_network_interface" "this" {
name = var.network_interface_name
location = azurerm_resource_group.this.location
resource_group_name = azurerm_resource_group.this.name
ip_configuration {
name = "ipconfig"
subnet_id = azurerm_subnet.internal.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.this.id
}
tags = var.tags_def
}
// ネットワークインターフェースへのネットワークセキュリティグループの割当
resource "azurerm_network_interface_security_group_association" "this" {
network_interface_id = azurerm_network_interface.this.id
network_security_group_id = azurerm_network_security_group.this.id
}
terraform の実行
## init
$ terraform init
:
Terraform has been successfully initialized!
## plan
$ terraform plan
:
Plan: 9 to add, 0 to change, 0 to destroy.
## apply
$ terraform apply
:
Apply complete! Resources: 9 added, 0 changed, 0 destroyed.
Outputs:
admin_username = "nmcadmin"
public_ip_id = [
"/subscriptions/xxxxxxxx-1717-dada-9779-zzzzzzzzzzzz/resourceGroups/rg_ituru_vm02/providers/Microsoft.Network/publicIPAddresses/pip_ituru_vm02",
]
tls_private_key = <sensitive>
terraform 実行後の確認
仮想マシン の確認
$ az vm list -g rg_ituru_vm02 -d --output table
Name ResourceGroup PowerState PublicIps Fqdns Location Zones
--------------- --------------- ------------ -------------- ------- ---------- -------
vm-ituru-ubuntu rg_ituru_vm02 VM running 52.140.213.117 japaneast
ネットワークセキュリティグループ の確認
$ az network nsg rule list -g rg_ituru_vm02 --nsg-name nsg_ituru_vm02 -o json
[
{
"access": "Allow",
"description": "Confluent Control Center",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "9021",
"destinationPortRanges": [],
"direction": "Inbound",
"etag": "W/\"b369e596-3333-5555-0000-54a23b1b13a6\"",
"id": "/subscriptions/xxxxxxxx-1717-dada-9779-zzzzzzzzzzzz/resourceGroups/rg_ituru_vm02/providers/Microsoft.Network/networkSecurityGroups/nsg_ituru_vm02/securityRules/CCC",
"name": "CCC",
"priority": 1012,
"protocol": "Tcp",
"provisioningState": "Succeeded",
"resourceGroup": "rg_ituru_vm02",
"sourceAddressPrefix": "155.123.22.111/32",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": [],
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"access": "Allow",
"description": "Allow SSH Access",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "22",
"destinationPortRanges": [],
"direction": "Inbound",
"etag": "W/\"b369e596-3333-5555-0000-54a23b1b13a6\"",
"id": "/subscriptions/xxxxxxxx-1717-dada-9779-zzzzzzzzzzzz/resourceGroups/rg_ituru_vm02/providers/Microsoft.Network/networkSecurityGroups/nsg_ituru_vm02/securityRules/SSH",
"name": "SSH",
"priority": 1002,
"protocol": "Tcp",
"provisioningState": "Succeeded",
"resourceGroup": "rg_ituru_vm02",
"sourceAddressPrefix": "155.123.22.111/32",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": [],
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
}
]
仮想マシンへの接続
グローバルアドレスの取得
$ az vm list-ip-addresses --resource-group rg_ituru_vm02 --name vm-ituru-ubuntu --output table
VirtualMachine PublicIPAddresses PrivateIPAddresses
---------------- ------------------- --------------------
vm-ituru-ubuntu 52.140.213.117 10.0.1.4
秘密鍵の取得とパーミッションの変更
$ terraform output -raw tls_private_key > vm_ubuntu.pem
$ chmod 600 vm_ubuntu.pem
SSH接続
$ ssh -i vm_ubuntu.pem nmcadmin@52.140.213.117
The authenticity of host '52.140.213.117 (52.140.213.117)' can't be established.
ED25519 key fingerprint is SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '52.140.213.117' (ED25519) to the list of known hosts.
Welcome to Ubuntu 18.04.6 LTS (GNU/Linux 5.4.0-1109-azure x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Mon Jul 3 09:09:53 UTC 2023
System load: 0.08 Processes: 156
Usage of /: 4.5% of 28.89GB Users logged in: 0
Memory usage: 0% IP address for eth0: 10.0.1.4
Swap usage: 0%
Expanded Security Maintenance for Infrastructure is not enabled.
0 updates can be applied immediately.
Enable ESM Infra to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
nmcadmin@ubuntu1804:~$
Docker環境の構築
AzureCLIのインストール
## Azure CLI のインストール
$ curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
## Azure CLI 確認
nmcadmin@ubuntu1804:~$ az version
{
"azure-cli": "2.49.0",
"azure-cli-core": "2.49.0",
"azure-cli-telemetry": "1.0.8",
"extensions": {}
}
java のインストール
nmcadmin@ubuntu1804:~$ sudo apt install default-jre
nmcadmin@ubuntu1804:~$ sudo apt install openjdk-11-jre-headless
nmcadmin@ubuntu1804:~$ sudo apt install openjdk-8-jre-headless
Docker Engine のインストール
nmcadmin@ubuntu1804:~$ sudo apt-get install apt-transport-https ca-certificates curl software-properties-common
nmcadmin@ubuntu1804:~$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
nmcadmin@ubuntu1804:~$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
nmcadmin@ubuntu1804:~$ sudo apt-get update
nmcadmin@ubuntu1804:~$ sudo apt-get install docker-ce
nmcadmin@ubuntu1804:~$ sudo gpasswd -a nmcadmin docker
nmcadmin@ubuntu1804:~$ sudo service docker start
Docker Compose のインストール
$ sudo apt install docker-compose
Docker環境の確認
※※※ 再ログイン ※※※
## Docker Engine のバージョンの確認
nmcadmin@ubuntu1804:~$ docker --version
Docker version 24.0.2, build cb74dfc
## Docker Compose のバージョンの確認
$ docker-compose --version
docker-compose version 1.17.1, build unknown
cp-all-in-one の構築
ここから docker-compose.yml を入手する
## 作業ディレクトリの作成
nmcadmin@ubuntu1804:~$ pwd
/home/nmcadmin
nmcadmin@ubuntu1804:~$ mkdir cp_all_in_one
nmcadmin@ubuntu1804:~$ cd cp_all_in_one/
nmcadmin@ubuntu1804:~/cp_all_in_one$ touch docker-compose.yml
nmcadmin@ubuntu1804:~/cp_all_in_one$ vim docker-compose.yml <--- 上記で入手した docker-compose.yml の貼り付け
定義されているコンテナをビルドして起動させる
$ docker-compose up -d
Creating network "cpallinone_default" with the default driver
:
:
Creating zookeeper ...
Creating zookeeper ... done
Creating broker ...
Creating broker ... done
Creating schema-registry ...
Creating schema-registry ... done
Creating connect ...
Creating rest-proxy ...
Creating rest-proxy
Creating connect ... done
Creating ksqldb-server ...
Creating ksqldb-server ... done
Creating control-center ...
Creating ksql-datagen ...
Creating ksqldb-cli ...
Creating ksql-datagen
Creating ksqldb-cli
Creating control-center ... done
起動しているコンテナの確認(ステータスがすべて「Up」になっていること)
nmcadmin@ubuntu1804:~/cp_all_in_one$ docker-compose ps
Name Command State Ports
---------------------------------------------------------------------------------------------------------------------------------------------
broker /etc/confluent/docker/run Up 0.0.0.0:9092->9092/tcp,:::9092->9092/tcp, 0.0.0.0:9101->9101/tcp,:::9101->9101/tcp
connect /etc/confluent/docker/run Up 0.0.0.0:8083->8083/tcp,:::8083->8083/tcp, 9092/tcp
control-center /etc/confluent/docker/run Up 0.0.0.0:9021->9021/tcp,:::9021->9021/tcp
ksql-datagen bash -c echo Waiting for K ... Up
ksqldb-cli /bin/sh Up
ksqldb-server /etc/confluent/docker/run Up 0.0.0.0:8088->8088/tcp,:::8088->8088/tcp
rest-proxy /etc/confluent/docker/run Up 0.0.0.0:8082->8082/tcp,:::8082->8082/tcp
schema-registry /etc/confluent/docker/run Up 0.0.0.0:8081->8081/tcp,:::8081->8081/tcp
zookeeper /etc/confluent/docker/run Up 0.0.0.0:2181->2181/tcp,:::2181->2181/tcp, 2888/tcp, 3888/tcp
各コンテナにアサインされたネットワーク情報の確認
## ネットワーク一覧の表示
nmcadmin@ubuntu1804:~/cp_all_in_one$ docker network ls
NETWORK ID NAME DRIVER SCOPE
89da2d8a12e1 bridge bridge local
4671073debef cpallinone_default bridge local
ea9bdf012837 host host local
b1e7ec460fa6 none null local
## コンテナにアサインされたネットワーク
nmcadmin@ubuntu1804:~/cp_all_in_one$ docker network inspect cpallinone_default
[
{
"Name": "cpallinone_default",
"Id": "4671073debef575e22910908a36137af50816307e4e1f930318a0bfe4859be5a",
"Created": "2023-07-03T12:40:38.88793037Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"108f8088beca668f7e328bb259701b74cc1040bd892721eaae6ffd13e7063cad": {
"Name": "control-center",
"EndpointID": "432d33111d16f638779137d25d1a69bb44f040c924b8aeabe3a4d13d8b59d5c8",
"MacAddress": "02:42:ac:12:00:09",
"IPv4Address": "172.18.0.9/16",
"IPv6Address": ""
},
"390860ed2579d71ba72cb041a74416714b70c63b82883edbead435f383ee23b3": {
"Name": "broker",
"EndpointID": "7b9a8f8313fda95857037fc74b6d941bf92918261b7e0cc254988f2d394b2b22",
"MacAddress": "02:42:ac:12:00:03",
"IPv4Address": "172.18.0.3/16",
"IPv6Address": ""
},
"3a985a7f04e976b7c78aba32ed93f002a4fe54cbbc2de74113c0d98da3547333": {
"Name": "zookeeper",
"EndpointID": "359715bee2a72bc0e4a3be7b25322fe880ef44cdce6ec2b9b006fdfead875ec0",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
},
"523f98b72529eeeb32f5a134022b9d1cb1358a238cc19d6624ff435da3578b67": {
"Name": "ksql-datagen",
"EndpointID": "b1afe33c468acf6067faadcc925d84e7fc8e5475ffb1997f12ca6c81b9b5926f",
"MacAddress": "02:42:ac:12:00:08",
"IPv4Address": "172.18.0.8/16",
"IPv6Address": ""
},
"611c557d366e6a49250e0ac4527ff2a2445efebd87693ef6f978ea11be78e985": {
"Name": "schema-registry",
"EndpointID": "3671ee43032cf49c11bd8804b9b09d4897791248a0cf878153c16d8cf6e1d7ff",
"MacAddress": "02:42:ac:12:00:04",
"IPv4Address": "172.18.0.4/16",
"IPv6Address": ""
},
"729d1f679248184726be13880bfcd446bd53a9386de4b590dff289a7a20d567c": {
"Name": "ksqldb-cli",
"EndpointID": "f5024262cbd380c5e1f6cdfdd3eea91c54c561269ad464f5926a2e564265dfd5",
"MacAddress": "02:42:ac:12:00:0a",
"IPv4Address": "172.18.0.10/16",
"IPv6Address": ""
},
"7dd187537ba5ea8010a31c8bf73f632abc47211748c5bbe34f1a9ee0d4e31b2a": {
"Name": "ksqldb-server",
"EndpointID": "c26644dc4324b07d01a8a2d819a0ec856c4d6a493e30a60370a1ae63c07b1d25",
"MacAddress": "02:42:ac:12:00:07",
"IPv4Address": "172.18.0.7/16",
"IPv6Address": ""
},
"c683c0b597cb92ea6d7f906cd0d066422535f63fc031c1b9bde81f9788b3c457": {
"Name": "rest-proxy",
"EndpointID": "948816deb4f998b8617017169604a410c41e005835baaae78248ced16bf12e08",
"MacAddress": "02:42:ac:12:00:05",
"IPv4Address": "172.18.0.5/16",
"IPv6Address": ""
},
"eeca128da598cf8282e1a998762916de07deaf707088501e5c52063c9b62f95e": {
"Name": "connect",
"EndpointID": "39119f889bd5c6696e442f2fc9a642bed5390b0b4524e246c85b129ad68813cc",
"MacAddress": "02:42:ac:12:00:06",
"IPv4Address": "172.18.0.6/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
Confluent-Control-Center へのアクセス
Confluent-Control-Center へのアクセスするために、ブラウザから http://52.140.213.117:9021 でアクセスを確認する
後処理
コンテナの停止・削除
## Confluent Docker システムの停止
nmcadmin@ubuntu1804:~/cp_all_in_one$ docker-compose stop
Stopping control-center ... done
Stopping ksqldb-cli ... done
Stopping ksql-datagen ... done
Stopping ksqldb-server ... done
Stopping connect ... done
Stopping rest-proxy ... done
Stopping schema-registry ... done
Stopping broker ... done
Stopping zookeeper ... done
## Confluent Docker システムの削除
nmcadmin@ubuntu1804:~/cp_all_in_one$ docker system prune -a --volumes --filter "label=io.confluent.docker"
WARNING! This will remove:
- all stopped containers
- all networks not used by at least one container
- all volumes not used by at least one container
- all images without at least one container associated to them
- all build cache
Items to be pruned will be filtered with:
- label=io.confluent.docker
Are you sure you want to continue? [y/N] y
Deleted Containers:
:
:
Total reclaimed space: 8.033GB
仮想マシンの停止
## 仮想マシン・インスタンスの確認
$ az vm get-instance-view --resource-group rg_ituru_vm02 --name vm-ituru-ubuntu --query instanceView.statuses --output table
Code Level DisplayStatus Time
--------------------------- ------- ---------------------- --------------------------------
ProvisioningState/succeeded Info Provisioning succeeded 2023-07-03T08:53:44.572877+00:00
PowerState/running Info VM running
## 仮想マシンの停止
$ az vm stop --resource-group rg_ituru_vm02 --name vm-ituru-ubuntu
About to power off the specified VM...
It will continue to be billed. To deallocate a VM, run: az vm deallocate.
terraform による作成したリソースの削除
$ terraform destroy
まとめ
これで、Terraform で Azure環境上に Ubuntu を作成し、SSH接続後、そこにDocker環境を構築し、Confluentの「cp-all-in-one」環境を構築することができました。これで、サクッとConfluentの検証を実施することが可能となりました。
今後の展開
この手順 でデータを生成させ、Confluentの利用方法をなんとなく理解してみる。