introduction to devops
TRANSCRIPT
Infrastructure as Code
Infrastructure As CodeInfrastructure as Code
Introduction to DevOps and Infrastructure as Code
Rolands Mekšs
A/S 4finance
< 80s Mainframes
Infrastructure Complexity
80s - 90s ClientServer
< 80s Mainframes
Infrastructure Complexity
80s - 90s Client Server
< 80s Mainframes
90sMulti-Tier apps
Infrastructure Complexity
2000sData Centers
90sMulti-Tier apps
80s - 90s Client Server
< 80s Mainframes
Infrastructure Complexity
Client Data CenterCloud Provider
Internet
Infrastructure Complexity in 2010s
19901991
19921993
19941995
19961997
19981999
20002001
20022003
20042005
20062007
20082009
20102011
20122013
20142015
Virtual Nodes
Physical Hardware
Infrastructure Complexity
Concept of physical hardware blurs
Everything as a Service
Soon will hit 100 production server count (DB/Application/Web Proxies)
Not counting testing / staging / UAT / DR environments
Agile development
Quick reaction to requirements and change
Short development sprints
Develop small, incremental releases
Continuous integration
Continious delivery of working software
Agile software delivery
Develop
Dep
loy
Develop
Dep
loy
Time
Risk
Risk
Continuous delivery
Develop
Time
Risk
Risk
Risk
Risk
Develop
Develop
Develop
Dep
loy
Dep
loy
Dep
loy
Dep
loy
Challenging if not impossible without serious CI, testing and automated deployments
Separate teams
Development Operations
Separate teams
Development Operations
We want change
Separate teams, distinct goals
Development Operations
We want change The answer is NO
Wall of confusion
Development Operations
We want change The answer is NO
Merge of concerns
DevOps
What is DevOps
More like an idea or collaborative culture/philosophy between technical teams
Often stated as «Agile for Operations»
Unified processes, unified tools for faster end-to-end delivery of quality software
Automate all the things!
Not a job description, same way as there is no such job «Agile Developer»
It’s just a way of work
DevOps team in 4finance
Provide teams with processes and tools for better day to day project activities
Automate environment creation
Enable automated deployment process
Enable freely available performance monitoring and log viewing
Provide support in infrastrucure related questions
Enable DevOps
Infrastructure as code
How do you provision new server?
Adhoc actions – hack while it works
SNOWFLAKES ARE SPECIAL, SERVERS ARE NOT
Adhoc actions – hack while it works
How do you provision new server?
How do you provision new server?
Follow some documented instructions
Doing changes to servers manually involves
PEOPLE
Doing changes to servers manually involves
PEOPLE
Terrible of doing things repeatedly
Doing changes to servers manually involves
PEOPLE
Terrible of doing things repeatedly
More than 80% of all mission-critical IT service outages are
due to PEOPLE and process errors
How do you provision new server?
Use self written shell scripts
+ Some sort of automation+ Version control possible+ Works fine if you have 5 or so servers
How do you provision new server?
Use self written shell scripts
+ Some sort of automation+ Version control possible+ Works fine if you have 5 or so servers
- Does not handle change during server lifecycle
True story
Simple change as timezone setting
Options:
• Log in each affected server and change manually• SSH for loop could do the trick
True story
Simple change as timezone setting
Options:
• Log in each affected server and change manually• SSH for loop could do the trick
Configuration drift!
There got to be better way
We know how to handle change in software development
Code and configuration is in verison control system
Unit and integration tests
Safe acceptance testing in test/stage environments
Code review
Infrastructure should be treated like a code
Packages installed, versionsServer and application configuration (such as timezone settings)Relationships with other servers and services
Infrastructure should be treated like a code
Packages installed, versionsServer and application configuration (such as timezone settings)Relationships with other servers and services
We want
Automated , repeatable operationsPredictable outcomeRemove manual, error prone stepsManage change during server lifecycleAbility to test outcomes
"Enable the reconstruction of the business from nothing but a source code repository, an application data backup, and bare metal resources"
Adam Jacob
Infrastructure as Code
Netflix Chaos Monkey
Configuration management
Declarative specifications or policies
Setting the Policy
Executing the policy
Auditing the policy
Report the policy
Configuration management systems
How Puppet Works
Manage infrastructure throughout its lifecycle
Puppet Resources
Resources – Puppet building blocks
user { 'dave': ensure => present, uid => '507', gid => 'admin', shell => '/bin/zsh', home => '/home/dave', }
Resources – Puppet building blocks
package { 'apache2':ensure=>'installed'
}
Resources – Puppet building blocks
package { 'apache2':ensure=>'installed'
}service { 'apache2': ensure=>'running'}
Resources – Puppet building blocks
package { 'apache2':ensure=>'installed'
}service { 'apache2': ensure=>'running'}
cron { cleanup: command=>'/test/cleanup.sh', user=>test, hour=>5, minute=>0}
Resources – Puppet building blocks
package { 'apache2':ensure=>'installed'
}service { 'apache2': ensure=>'running'}
cron { cleanup: command=>'/test/cleanup.sh', user=>test, hour=>5, minute=>0}
file { ‘/tmp/helloPuppet': content=>‘Hello!'}
package { "openssh": ensure => present, }
service { "sshd": ensure => running, hasstatus => true, hasrestart => true, enable => true, require => Package["openssh"],}
Puppet manifests
Puppet templatespackage { "openssh": ensure => present, }
service { "sshd": ensure => running, hasstatus => true, hasrestart => true, enable => true, require => Package["openssh"],}
$listen_port=2222
file { "/etc/ssh/sshd_config": path => "/etc/ssh/sshd_config", owner => root, group => root, mode => 444, content => teplate("sshdconf/sshd_config.erb"), notify => Service[sshd],}
Port <%= listen_port%>Protocol 2SyslogFacility AUTHPRIVPermitRootLogin noPasswordAuthentication noChallengeResponseAuthentication noGSSAPIAuthentication yesGSSAPICleanupCredentials yesUsePAM yesX11Forwarding yesBanner /etc/motd
sshd_config.erb
Reusable Configuration Modules
How Puppet Enforces Desired State
node base { include openssh include mymanifest.pp }
node { ‘my.prod.server.com’ inherits base $apacheversion = "2.0.33" package { "apache2": ensure => $apacheversion, }}
Node definitions in Puppet
Development practices applied to infrastructure
Version control & source code management
IDEs, editors, refactoring tools
Environments
Self-documentation
Testing
BDD with Puppet
Puppet development with Vagrant
A tool for building virtualized environments in your PC
Actually works as command line wrapper for VirutalBox
Shared filesystem between host and guest
Allows to spin up virtual machine with preinstalled Puppet/Chef
$ vagrant box add lucid32 http://files.vagrantup.com
Vagrant::Config.run do |config| # Setup the box config.vm.box = "lucid32"
config.vm.provision :puppet do |puppet| puppet.module_path = "puppet/modules"
puppet.manifests_path = "puppet/manifests" end
end
Vagrant – boxes and environments
Vagrant – boxes and environments
$ vagrant up
$ vagrant provision
$ vagrant ssh
$ vagrant destroy
Modeling environment systems with Vagrant
Q&A