If you can't read please download the document
Upload
icinga
View
649
Download
0
Embed Size (px)
Citation preview
On the importance of
Infrastructure as Code
Kris Buytaert@krisbuytaert
Kris Buytaert
I used to be a Dev,
Then Became an Op
Chief Trolling Officer and Open Source Consultant @inuits.eu
Everything is an effing DNS Problem
Building Clouds since before the bookstore
Some books, some papers, some blogs
Evangelizing devops
Organiser of #devopsdays, #cfgmgmtcamp, #loadays, .
Part of the travelling geek circus
What's this devops thing anyhow ?
C(L)AMS
Culture
(Lean)
Automation
Measurement
SharingDamon Edwards and John Willis
Gene Kim
Why automate ?
Common Problems
Many manual changes to systems
Many undocumented changes
Emergency Administration only
Disaster Recovery site is a Disaster
Time to deliver a box is to slow
All boxen are different
Computers dont work hard enough for us
More Problems
How long does it take to reinstall a machine from 0
To the exact same point as before ?
With different Hardware ? In a different cloud ?
What about your (customer/personal data )
Security ?
Monitoring that your platform hasn't changed.Why is selinux disabled ?
Who added / dropped that firewall ?
What did this originally look like ?
Is this file really what Bernd meant it to be ?
#monitoringsucks
Monitoring is out of sync with reality
Managed manually
Can't keep up..
Do you want to ?
Install these racks manually
Over and over again ?
And can you guarantee that installs are identical ?
No simple admin taks is fun more than twice
s/twice/once/g;
Repeating installs are boring and prone to errors
Each installation is unintentionally Unique
Manual installs DO NOT scale
Challenges
Reproducability
Speed
Auditing
Keeping stuff in sync Monitoring
Security
Backup
The 10th floor test
Grab a random machine (dont take a backup before)
Throw it out a 10th floor window
Can you recover it in 10 minutes ?
Facts!
Data Backup is only a part
Sysadmin backup needs to be done also
Manual Installations = bad
Bad installations = unusable infrastructure
Bad installations = unproductive users
Bad installations = manual efforts
Manual efforts = no time
No time = no updates no patches no security
Manual work = high costs
No security + high costs = Bancrupcy
Deploying an Infrastructure
1996 : Manual Installations
2001 : Mondo rescue (reproducable single instances)
2003 : SystemImagerReproducable Infrastructure , with OVERRIDES
Fast Multicast Image deployments
Image Sprawl (thank you VMware)
Deploying an Infrastructure
1996 : Manual Installations
2001 : Mondo rescue
2003 : SystemImager
2005 : Kickstart / FAI Dreaming of Jeos + IAC (Cfengine)
Deploying an Infrastructure
1996 : Manual Installations
2001 : Mondo rescue
2003 : SystemImager
2005 : Dreaming of Jeos + IAC
2008 : Actual JeOS + IAC
2010 : Vagrant for development
Imagesprawl AND Snowflakes
Image Sparwl :Copy vm 3x
Modify 2x
Copy 21x
How the Heck did we get here ?
SnowFlakes :Don't touch this box it might break
Look how nice it is !
You never deploy something just once
Local test experiment, Vagrant box / local containers
Integration PlatformSame codebase,, different environment
Dev/ UAT/ Prod / DR
Or your customer just forgot to renew the lease on his VPS. #toldyouso
What's different in the cloud ?
Scale
Velocity
Change
Your machines as Cattle
Treat your people as pets
Configuration Mgmt
Configure 1000 nodes,
Modify 15000 files,
Think :
Cfengine,Puppet, Chef, Salt
Put configs under version control
Please don't roll your own ...
Infrastructure as Code
Treat configuration automation as code
Development best practicesModel your infrastructure
Version your cookbooks / manifests
Test your cookbooks/ manifests
Dev/ test /uat / prod for your infra
Model your infrastructure
A working service = automated ( Application Code + Infrastructure Code + Security + Monitoring )
IAC -ne scripting (or translating bash to yaml)
IAC Is a Testing Requirement
Stable reproducable starting point
Auditability
git log
git blame
Review,
authorization
File monitoring
Fixing Monitoring Fatigue
Stored Configs
Collection and Export
Export :@@resource { ... }
Collect:Resource
Clean out nodes that dissapearpuppet node clean
Use Cases:
Ssh keys
Reverse proxy configs
Monitoring resources
Measuring resources
Puppetmaster Example:
Defining a Service
profile that :Configures service using a standard module call with hiera based parameters
Configures Backup
Configures logrotation
Configures logshipping
Exports Monitoring Needs
Chronicle of a failed private cloud
Tool X provisions a VM 3 weeks from the request / can only be done by 1 team
Tool Y installs patches 2 weeks
Team Z installs backup1 day
Team A installs monitoring3 weeks
AppManual deploy on wrong JVM, return to sender
Application Included
Application = Package
Config
Service
No manual scripting
Think about your bootstrapping / scaleout
Automation of #monitoring brought back the #love
Conclusion
IAC solves a lot of problems Improves Security
Creates Monitoring Love
Creates Speed
But it still is code, and needs to be treated like code !
Contact
Kris Buytaert [email protected]
Further Reading@krisbuytaert http://www.krisbuytaert.be/blog/http://www.inuits.be/
Inuits
Essensteenweg 31BrasschaatBelgium891.514.231
+32 475 961221