How to Adopt Infrastructure as Code

MORE INFORMATION AT NGINX.COM

Who Are We?

Kief MorrisCloud Practice Lead, Thoughtworks

Formerly:• Sr. Technical Architect, Map of Medicine• Hosting Operations Manager, Syzygy• Technical Director, bitBull

Floyd SmithTechnical Marketing Writer

Formerly:• Sr. Technical Writer, Apple• Group Channel Manager, Altavista• Business Site Manager, AOL

Netscape

• First OSS release in 2004• Company founded in 2011• VC-backed by industry

leaders• 500+ customers• 75+ employees

160 milliontotal sites

running on NGINX

4Source: Netcraft June 2016 Web Server Survey

51%of the Top 10,000

most visited websites

5Source: W3Techs Web Technology Survey

36%of all sites on

Amazon Web Services

6Source: W3Techs December 2013 Web Server Survey

Where NGINX Fits

Internet

WebserverServe content from disk

Application GatewayFastCGI, uWSGI, Passenger…

Reverse ProxyCaching, Load Balancing…

HTTP traffic

Modern Web, Modern Architecture

From Monolithic...Three-tier, J2EE-style

architecturesComplex protocols (HTML, SOAP)

Persistent deploymentsFixed, static Infrastructure

Big-bang releasesSilo’ed teams (Dev, Test, Ops)

...to DynamicMicroservicesLightweight (REST, Messaging)Mutable; Containers, VMsSDN, NFV, CloudContinuous deliveryDevOps Culture

Why DevOps + NGINX =• Software load balancing goes hand-in-hand with cloud

deployments• Variety of load balancing methods gives flexibility

and performance• On-the-fly reconfiguration supports service discovery

and uptime• Application health checks give early warning of

problems• Robust, customizable monitoring increases uptime

OPEN SOURCE PLUSFEATURES

REQUEST ROUTING COMPRESSION LOAD BALANCING APP HEALTH MONITORING GUI VISUALIZATION

SSL EMBEDDED SCRIPT LANGUAGE EDGE CACHE MEDIA STREAMING MONITORING ANALYTICS CONFIGURATION RESTFUL API

What’s Inside NGINX Plus?

“NGINX Plus gives us the agility we need to anticipate and meet customers’ needs as they arise –

without fear of compromising availability or performance.”

-Serge Leschinsky, DevOps engineer at MuleSoft

Results Fit right in to current

infrastructure Simplified security Agility Around-the-Clock Support

The Challenge Wanted greater visibility into

customer traffic Needed more configuration

flexibility Too much redundant manual

Solution Upgrade from NGINX

to NGINX Plus On-the-fly DNS-based

reconfiguration Enhanced monitoring and

visibility

In Action: MuleSoft moves from open source to NGINX Plus for greater visibility & control

kief@thoughtworks.com

Cloud Practice Lead (UK)DevOps, Continuous Delivery, Agile

Twitter: @kiefBook: http://oreil.ly/1JKIBVeSite: http://infrastructure-as-code.com

SERVER SPRAWLCreating new servers is the easy part

CONFIGURATION DRIFTServers start out identical

But changes accumulate over time

AUTOMATION FEAR CYCLE

INFRASTRUCTURE AS CODE“Applying software engineering tools and practices to infrastructure”

UNATTENDED AUTOMATION

Tools run on a schedule to apply, re-apply, and update configuration

BENEFITS OF UNATTENDED:

●Discover problems quickly

●Force yourself to fix those problems

●Force yourself to improve your tools and processes

●Discourages “out of band” changes

AUTOMATE SERVER UPDATESAutomation isn’t just for new servers!

Configuration synchronization

Run Chef, Puppet, Ansible, etc. on a schedule

Immutable servers

Apply changes by rebuilding servers

Containerized servers

Apply changes by deploying new container instances

RE-USE & PROMOTE DEFINITIONSRe-use the same definition files across environments for a given application or service

DEV STAGE

PRODPlaybooks, Cookbooks, Manifests,

templates, etc.

TEST INFRASTRUCTURE CHANGESPreventing DevOops

INFRATES

DEV TEST

PIPELINESUsing Continuous Delivery pipelines to manage infrastructure

Terraform, Puppet, etc.

Changes are made and committed to VCS

Tools are run on agents to apply changes to environments

Changes are only promoted after passing tests & authorization

WHY?Validates changes to infrastructure before applying them to production

Confidence for frequent, small improvements to infrastructure

Limit direct changes to infrastructure

TESTINGCorrectness

Security policies

PerformanceStability

GOVERNANCEThe process for applying changes is auditable

Changes can be traced back to commitsAutomation ensures processes are followedAuthorization can be required as needed

VPCSubnet10.0.0.0/16

Security Group1.1.1.0/16 -> :443

DEFINING A SIMPLE ENVIRONMENT

ANSIBLE PLAYBOOKServer configuration

TERRAFORM FILEEnvironment structure

APPLICATION SOURCE

Deployable application

SIMPLE PIPELINE DESIGN

BUILD STAGE

TEST STAGE

QA STAGE

PROD STAGE

Application Ansible Terraform

Deploy application, configuration, and infrastructure

ALIGN INFRASTRUCTURE DESIGN TO TEAMSEnsure teams can make the changes they need easily and safely

COMPLEX ENVIRONMENTSInfrastructure involving multiple teams

FAN-IN PIPELINEServiceA

ServiceB

ServiceC

SYSTEM TEST QA PROD

SERVICE TEST

DECOUPLED PIPELINESServiceA

TESTBUILD

ServiceB

TESTBUILD

ServiceC

TESTBUILD

QA PROD

DEPENDENCIESServiceA

TESTBUILD

ServiceB

QA PROD

TESTBUILD QA PROD

Create test instance of

provider

Implement Consumer

Driven Contract (CDC)

Use mocks and stubs

ISSUE: SHARED ELEMENTS

ServiceAvhost

ServiceBvhost

Shared infrastructure definitions

Service-specific infrastructure

definitions

SHARING ELEMENTSAvoid monoliths - optimize to simplify making changes

OUTCOMES ● Quickly provision and evolve infrastructure

● Effortlessly roll out fixes● Keep systems

consistent and up to date

● Spend time on high value work

Book: http://oreil.ly/1JKIBVeSite: http://infrastructure-as-code.comTwitter: @kief

kief@thoughtworks.com

Cloud Practice Lead (UK)

, Continuous Delivery, Agile Ops

1. MuleSoft case study

2. Doing DevOps blog post

3. How to Manage Your Control Issues

4. Reconfiguring NGINX on the fly

5. nginx.conf 2016

6. All NGINX DevOps blog posts

ThoughtWorks

1. Infrastructure as Code – Amazon

2. Effective DevOps – Amazon

3. State of DevOps survey at ThoughtWorks

4. “Infrastructure as Code” articles at ThoughtWorks

Questions?

Thank Younginx.com | @nginx

How to Adopt Infrastructure as Code

Technology

Infrastructure as Code for Beginners

Infrastructure as Code in Practice - OSAD 2020...Infrastructure as Code (IaC) 14.10.2019 Infrastructure as Code in Practice 13 Paket wird nur installiert, falls noch nicht installiert

Infrastructure = code - 1 year later

infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code

Deep Dive - Infrastructure as Code

ICES/IMPORTS 1 - IceGateCHAs / Importers have to adopt the Code directories as maintained by Customs for Currency code, Scheme Code, Country code, Port Code, Unit Quantity Code, Package

Pipeline as code for your infrastructure as Code

AS CODE INFRASTRUCTURE - QCon New York · INFRASTRUCTURE AS CODE “Applying software engineering tools and practices to infrastructure”

Infrastructure as Code - ABUG Session

Infrastructure as Code with Chef

COULD CONTINENTAL EUROPE ADOPT A UNIFORM COMMERCIAL CODE … · · 2014-10-08COULD CONTINENTAL EUROPE ADOPT A UNIFORM COMMERCIAL CODE ARTICLE 9-TYPE ... t is now time for fundamental

Infrastructure as Code in Government

Infrastructure as a code

Adopt an Ordinance Amending Municipal Code Sections 12.28.060 08-06-13

Chef infrastructure as code - paris.rb

Patterns for Infrastructure-as-Code

Infrastructure as Code for Network

Cluj.DevOps Meetup - Code your Infrastructure

Terraform - Infrastructure as Code

Adventures in infrastructure as code