On the importance of
Infrastructure as Code

Kris Buytaert@krisbuytaert

Kris Buytaert

I used to be a Dev,

Then Became an Op

Chief Trolling Officer and Open Source Consultant @inuits.eu

Everything is an effing DNS Problem

Building Clouds since before the bookstore

Some books, some papers, some blogs

Evangelizing devops

Organiser of #devopsdays, #cfgmgmtcamp, #loadays, .

Part of the travelling geek circus

What's this devops thing anyhow ?

C(L)AMS

Culture

(Lean)

Automation

Measurement

SharingDamon Edwards and John Willis

Gene Kim

Why automate ?

Common Problems

Many manual changes to systems

Many undocumented changes

Emergency Administration only

Disaster Recovery site is a Disaster

Time to deliver a box is to slow

All boxen are different

Computers dont work hard enough for us

More Problems

How long does it take to reinstall a machine from 0

To the exact same point as before ?

With different Hardware ? In a different cloud ?

What about your (customer/personal data )

Security ?

Monitoring that your platform hasn't changed.Why is selinux disabled ?

Who added / dropped that firewall ?

What did this originally look like ?

Is this file really what Bernd meant it to be ?

#monitoringsucks

Monitoring is out of sync with reality

Managed manually

Can't keep up..

Do you want to ?

Install these racks manually

Over and over again ?

And can you guarantee that installs are identical ?

No simple admin taks is fun more than twice

s/twice/once/g;

Repeating installs are boring and prone to errors

Each installation is unintentionally Unique

Manual installs DO NOT scale

Challenges

Reproducability

Speed

Auditing

Keeping stuff in sync Monitoring

Security

Backup

The 10th floor test

Grab a random machine (dont take a backup before)

Throw it out a 10th floor window

Can you recover it in 10 minutes ?

Facts!

Data Backup is only a part

Sysadmin backup needs to be done also

Manual Installations = bad

Bad installations = unusable infrastructure

Bad installations = unproductive users

Bad installations = manual efforts

Manual efforts = no time

No time = no updates no patches no security

Manual work = high costs

No security + high costs = Bancrupcy

Deploying an Infrastructure

1996 : Manual Installations

2001 : Mondo rescue (reproducable single instances)

2003 : SystemImagerReproducable Infrastructure , with OVERRIDES

Fast Multicast Image deployments

Image Sprawl (thank you VMware)

Deploying an Infrastructure

1996 : Manual Installations

2001 : Mondo rescue

2003 : SystemImager

2005 : Kickstart / FAI Dreaming of Jeos + IAC (Cfengine)

Deploying an Infrastructure

1996 : Manual Installations

2001 : Mondo rescue

2003 : SystemImager

2005 : Dreaming of Jeos + IAC

2008 : Actual JeOS + IAC

2010 : Vagrant for development

Imagesprawl AND Snowflakes

Image Sparwl :Copy vm 3x

Modify 2x

Copy 21x

How the Heck did we get here ?

SnowFlakes :Don't touch this box it might break

Look how nice it is !

You never deploy something just once

Local test experiment, Vagrant box / local containers

Integration PlatformSame codebase,, different environment

Dev/ UAT/ Prod / DR

Or your customer just forgot to renew the lease on his VPS. #toldyouso

What's different in the cloud ?

Scale

Velocity

Change

Your machines as Cattle

Treat your people as pets

Configuration Mgmt

Configure 1000 nodes,

Modify 15000 files,

Think :

Cfengine,Puppet, Chef, Salt

Put configs under version control

Please don't roll your own ...

Infrastructure as Code

Treat configuration automation as code

Development best practicesModel your infrastructure

Version your cookbooks / manifests

Test your cookbooks/ manifests

Dev/ test /uat / prod for your infra

Model your infrastructure

A working service = automated ( Application Code + Infrastructure Code + Security + Monitoring )

IAC -ne scripting (or translating bash to yaml)

IAC Is a Testing Requirement

Stable reproducable starting point

Auditability

git log

git blame

Review,

authorization

File monitoring

Fixing Monitoring Fatigue

Stored Configs

Collection and Export

Export :@@resource { ... }

Collect:Resource

Clean out nodes that dissapearpuppet node clean

Use Cases:

Ssh keys

Reverse proxy configs

Monitoring resources

Measuring resources

Puppetmaster Example:

Defining a Service

profile that :Configures service using a standard module call with hiera based parameters

Configures Backup

Configures logrotation

Configures logshipping

Exports Monitoring Needs

Chronicle of a failed private cloud

Tool X provisions a VM 3 weeks from the request / can only be done by 1 team

Tool Y installs patches 2 weeks

Team Z installs backup1 day

Team A installs monitoring3 weeks

AppManual deploy on wrong JVM, return to sender

Application Included

Application = Package

Config

Service

No manual scripting

Think about your bootstrapping / scaleout

Automation of #monitoring brought back the #love

Conclusion

IAC solves a lot of problems Improves Security

Creates Monitoring Love

Creates Speed

But it still is code, and needs to be treated like code !

Contact

Kris Buytaert Kris.Buytaert@inuits.be

Further Reading@krisbuytaert http://www.krisbuytaert.be/blog/http://www.inuits.be/

Inuits

Essensteenweg 31BrasschaatBelgium891.514.231

+32 475 961221