Infrastructure as Code

Infrastructure As CodeInfrastructure as Code

Introduction to DevOps and Infrastructure as Code

Rolands Mekšs

A/S 4finance

< 80s Mainframes

Infrastructure Complexity

80s - 90s ClientServer

< 80s Mainframes

Infrastructure Complexity

80s - 90s Client Server

< 80s Mainframes

90sMulti-Tier apps

Infrastructure Complexity

2000sData Centers

90sMulti-Tier apps

80s - 90s Client Server

< 80s Mainframes

Infrastructure Complexity

Client Data CenterCloud Provider

Internet

Infrastructure Complexity in 2010s

19901991

19921993

19941995

19961997

19981999

20002001

20022003

20042005

20062007

20082009

20102011

20122013

20142015

Virtual Nodes

Physical Hardware

Infrastructure Complexity

Concept of physical hardware blurs

Everything as a Service

Soon will hit 100 production server count (DB/Application/Web Proxies)

Not counting testing / staging / UAT / DR environments

Agile development

Quick reaction to requirements and change

Short development sprints

Develop small, incremental releases

Continuous integration

Continious delivery of working software

Agile software delivery

Develop

Dep

loy

Develop

Dep

loy

Time

Risk

Risk

Continuous delivery

Develop

Time

Risk

Risk

Risk

Risk

Develop

Develop

Develop

Dep

loy

Dep

loy

Dep

loy

Dep

loy

Challenging if not impossible without serious CI, testing and automated deployments

Separate teams

Development Operations

Separate teams

Development Operations

We want change

Separate teams, distinct goals

Development Operations

We want change The answer is NO

Wall of confusion

Development Operations

We want change The answer is NO

Merge of concerns

DevOps

What is DevOps

More like an idea or collaborative culture/philosophy between technical teams

Often stated as «Agile for Operations»

Unified processes, unified tools for faster end-to-end delivery of quality software

Automate all the things!

Not a job description, same way as there is no such job «Agile Developer»

It’s just a way of work

DevOps team in 4finance

Provide teams with processes and tools for better day to day project activities

Automate environment creation

Enable automated deployment process

Enable freely available performance monitoring and log viewing

Provide support in infrastrucure related questions

Enable DevOps

Infrastructure as code

How do you provision new server?

Adhoc actions – hack while it works

SNOWFLAKES ARE SPECIAL, SERVERS ARE NOT

Adhoc actions – hack while it works

How do you provision new server?

How do you provision new server?

Follow some documented instructions

Doing changes to servers manually involves

PEOPLE

Doing changes to servers manually involves

PEOPLE

Terrible of doing things repeatedly

Doing changes to servers manually involves

PEOPLE

Terrible of doing things repeatedly

More than 80% of all mission-critical IT service outages are

due to PEOPLE and process errors

How do you provision new server?

Use self written shell scripts

+ Some sort of automation+ Version control possible+ Works fine if you have 5 or so servers

How do you provision new server?

Use self written shell scripts

+ Some sort of automation+ Version control possible+ Works fine if you have 5 or so servers

- Does not handle change during server lifecycle

True story

Simple change as timezone setting

Options:

• Log in each affected server and change manually• SSH for loop could do the trick

True story

Simple change as timezone setting

Options:

• Log in each affected server and change manually• SSH for loop could do the trick

Configuration drift!

There got to be better way

We know how to handle change in software development

Code and configuration is in verison control system

Unit and integration tests

Safe acceptance testing in test/stage environments

Code review

Infrastructure should be treated like a code

Packages installed, versionsServer and application configuration (such as timezone settings)Relationships with other servers and services

Infrastructure should be treated like a code

Packages installed, versionsServer and application configuration (such as timezone settings)Relationships with other servers and services

We want

Automated , repeatable operationsPredictable outcomeRemove manual, error prone stepsManage change during server lifecycleAbility to test outcomes

"Enable the reconstruction of the business from nothing but a source code repository, an application data backup, and bare metal resources"

Adam Jacob

Infrastructure as Code

Netflix Chaos Monkey

Configuration management

Declarative specifications or policies

Setting the Policy

Executing the policy

Auditing the policy

Report the policy

Configuration management systems

How Puppet Works

Manage infrastructure throughout its lifecycle

Puppet Resources

Resources – Puppet building blocks

user { 'dave': ensure => present, uid => '507', gid => 'admin', shell => '/bin/zsh', home => '/home/dave', }

Resources – Puppet building blocks

package { 'apache2':ensure=>'installed'

}

Resources – Puppet building blocks

package { 'apache2':ensure=>'installed'

}service { 'apache2': ensure=>'running'}

Resources – Puppet building blocks

package { 'apache2':ensure=>'installed'

}service { 'apache2': ensure=>'running'}

cron { cleanup: command=>'/test/cleanup.sh', user=>test, hour=>5, minute=>0}

Resources – Puppet building blocks

package { 'apache2':ensure=>'installed'

}service { 'apache2': ensure=>'running'}

cron { cleanup: command=>'/test/cleanup.sh', user=>test, hour=>5, minute=>0}

file { ‘/tmp/helloPuppet': content=>‘Hello!'}

package { "openssh": ensure => present, }

service { "sshd": ensure => running, hasstatus => true, hasrestart => true, enable => true, require => Package["openssh"],}

Puppet manifests

Puppet templatespackage { "openssh": ensure => present, }

service { "sshd": ensure => running, hasstatus => true, hasrestart => true, enable => true, require => Package["openssh"],}

$listen_port=2222

file { "/etc/ssh/sshd_config": path => "/etc/ssh/sshd_config", owner => root, group => root, mode => 444, content => teplate("sshdconf/sshd_config.erb"), notify => Service[sshd],}

Port <%= listen_port%>Protocol 2SyslogFacility AUTHPRIVPermitRootLogin noPasswordAuthentication noChallengeResponseAuthentication noGSSAPIAuthentication yesGSSAPICleanupCredentials yesUsePAM yesX11Forwarding yesBanner /etc/motd

sshd_config.erb

Reusable Configuration Modules

How Puppet Enforces Desired State

node base { include openssh include mymanifest.pp }

node { ‘my.prod.server.com’ inherits base $apacheversion = "2.0.33" package { "apache2": ensure => $apacheversion, }}

Node definitions in Puppet

Development practices applied to infrastructure

Version control & source code management

IDEs, editors, refactoring tools

Environments

Self-documentation

Testing

BDD with Puppet

Puppet development with Vagrant

A tool for building virtualized environments in your PC

Actually works as command line wrapper for VirutalBox

Shared filesystem between host and guest

Allows to spin up virtual machine with preinstalled Puppet/Chef

$ vagrant box add lucid32 http://files.vagrantup.com

Vagrant::Config.run do |config| # Setup the box config.vm.box = "lucid32"

config.vm.provision :puppet do |puppet| puppet.module_path = "puppet/modules"

puppet.manifests_path = "puppet/manifests" end

end

Vagrant – boxes and environments

Vagrant – boxes and environments

$ vagrant up

$ vagrant provision

$ vagrant ssh

$ vagrant destroy

Modeling environment systems with Vagrant

Q&A