Puppet Camp Paris 2014: Achieving Continuous Delivery and DevOps with Puppet

Achieving Continuous Delivery with puppet

Laurent Bernaille, D2SI

#PuppetCampParis

@D2SI @D2SI #PuppetCampParis

Past (current?) situation

Why do we need continuous delivery ?

Applications do not answer business needs well

Long development cycle

Difficult to get clear specifications

Market can shift quickly

June





June

What the end user say he needs in January

January

What the dev team delivers in June

June






January

What the dev team delivers in June

June

What the end user needs in June





June


January

Development processes are inefficient

Bug are detected too late Code TEST Other work Fix


Bug are detected too late

Integration Hell

Code TEST Other work Fix

Start integration


Bug are detected too late

Integration Hell

A lot of wasted time

Code TEST Other work Fix

Request Approve

& Prioritize

Technical Assessment

Code & Test

Verify & Fix

Deploy

20 min 2 min 15 min 2 h 4 h 3 min

½ week 2 weeks 2 weeks 1week ½ week

Processing Time = 6 h 40 min

Waiting Time = 6 weeks

Adapted from Implementing Lean Software Development: From Concept to Cash, Mary & Tom Poppendieck.

Start integration

OPS view

Relationship with OPS can be “difficult”

Application deployment is a nightmare

OPS view


Performance is not only related to hardware

« Make my website faster in Asia»


OPS view

?





« Our application is too slow because of your servers»

OPS view

?


DEV view





OPS view

?


DEV view





Identical servers are always “slightly” different

OPS view

?


DEV view





Identical servers are always “slightly” different

OPS always say “no”

Standards do not evolve

10 deploys per day, Dev & ops cooperation at Flickr John Allspaw & Paul Hammond (Velocity 2009)

6+ months to setup a new environment

Infrastructure is not very agile

Server “hoarding”



Resources are heavily

shared

Most environments

are underutilized





shared

Most environments

are underutilized


Production

Infra setup

Deploy Deploy Deploy Deploy

Utilization : 100%




shared

Most environments

are underutilized


Production

Infra setup


Utilization : 100%

Preproduction Utilization : 10%




shared

Most environments

are underutilized


Production

Infra setup


Utilization : 100%

Preproduction Utilization : 10%

Test Utilization : 40%




shared

Most environments

are underutilized


Business

Development

Operations

• Applications do not answer business needs well • Too long to get new features

• Integration and bug fixing is painful • A lot of wasted time

• Deployments are very painful • A lot of misunderstanding

• Environment setup is too slow • No on-demand resources

Summary of the issues

WHAT?

IT should be easier

Continuous Delivery

Agile Manifesto, 2001 Individuals and interactions over processes and tools Working software over comprehensive documentation Customer collaboration over contract negotiation Responding to change over following a plan

Agile Development

Business

Development

Operations

AG I L E

Test

Discover

Design

Develop

Waterfall method

Developing Incrementally and Iteratively

Long cycles

High-risk

Adaptation is very difficult

6-12 month

2-4 weeks

Test

Discover

Design

Develop Discover

Design

Develop

Test

Discover

Design

Develop

Test

Discover

Design

Develop

Test

Waterfall method

Developing Incrementally and Iteratively

Agile method

Long cycles

High-risk

Adaptation is very difficult

6-12 month

Low-risk

Many short cycles

Adaptation is much easier

VS

Maintain a single source repository

Automate the build

Make your build self-testing

Every commit should build on an integration machine

Keep the build fast

Test in a clone of the production environment

Make it easy for anyone to get the latest executable

Everyone can see what’s happening

Detect problems early and solve them quickly

Continuous Integration

CI

Business

Development

Operations


Discover

Design

Develop

Test

Repository

Version Control System

Source Code


Feedback

Source Code

Build Analyze

Code Test


Agile

DevOps : bring the wall down

Business

Development

Operations

DEVOPS

Measure, Analyze & Describe

Constraints (from DEV and OPS) Best practices, methods

Automation

Measure

Share

Culture Align objectives on business needs Innovate

Automate application delivery

Continuous Delivery

Discover

Design

Develop

Test

Repository


Source Code


Feedback

Source Code

Build Analyze

Code Test

Deploy

Env

Measure & analyze


Agile DevOps

Agi

le

infr

a Control resources

Configure resources

Deploy applications

Create, Delete, start, stop Servers (physical, virtual, in the cloud) Storage volumes, networks

Define system states, when possible Verify system states Reconfigure systems when necessary

Provide a service to deploy applications Automated, with rollbacks

Agile Infrastructure

Business

Development

Operations

Agi

le

infr

a Control resources

Configure resources

Deploy applications

Create, Delete, start, stop Servers (physical, virtual, in the cloud) Storage volumes, networks

Define system states, when possible Verify system states Reconfigure systems when necessary

Provide a service to deploy applications Automated, with rollbacks

Au

tom

atio

n

API

API

API

Agile Infrastructure

Business

Development

Operations

Continuous Delivery

Discover

Design

Develop

Test

Repository


Source Code


Feedback

Source Code

Build Analyze

Code Test

Deploy

Env

Measure & analyze


Agile DevOps

Configure Provision

Agile infrastructure

What about puppet ?

Discover

Design

Develop

Test

Repository


Source Code


Feedback

Source Code

Build Analyze

Code Test

Deploy

Env

Measure & analyze


Agile DevOps

Configure Provision

Agile infrastructure

Puppet use cases

Puppet Master

• Resolvers, time servers, standard packages

• Authentication, security

• Monitoring,…

Use case 1 : core OS configuration

Hiera

Modules

Console

ENC / API

1:Create modules Define variables Assign classes to nodes

Server team uses puppet as a configuration tool

Puppet Master



• Monitoring,…


Hiera

Modules

Console

ENC / API


4: apply/test catalog

Puppet agent Puppet agent Puppet agent


Puppet Master



• Monitoring,…


Hiera

Modules

Console

ENC / API



Mcollective Get info on nodes

Run agent on subset of nodes



Puppet Master



• Monitoring,…


Hiera

Modules

Console

ENC / API



Mcollective Get info on nodes

Run agent on subset of nodes


Most common puppet usage.

Proven for large scale deployment.

Very “Infra oriented”: not opened to applications.


Binaries of the application

• Puppet manifests and modules describing deployments

Repository

Binaries

Manifest Modules

1: put

Use case 2 : deploy applications

Developers supply :



Dev servers

Test servers

Dev servers Other env

Repository

Binaries

Manifest Modules

1: put 2: get

4: run


• Chooses servers (env) where the deployment should happen • Runs puppet and gathers reports; if run fails, forwards to DEV

Developers supply :

OPS team :



Dev servers

Test servers

Dev servers Other env

Repository

Binaries

Manifest Modules

1: put 2: get

4: run


• Chooses servers (env) where the deployment should happen • Runs puppet and gathers reports; if run fails, forwards to DEV

Much more efficient than written deployment processes.

Much easier to understand what fails.

Developers supply :

OPS team :

Configuration as a service

Profils Levels

Configuration Report

Tools

Using a “configuration service”

Env

Configuration service

Deploy

API

GUI

• Associate “profiles” to nodes, define variables • Run configuration and get reports

Give application teams the possibility to configure servers 1

Using a “configuration service”

Env

Configuration service

Deploy

API

GUI

• Associate “profiles” to nodes, define variables • Run configuration and get reports

Give application teams the possibility to configure servers 1

Different levels of configuration, different responsibilities 2

Base OS configuration

Standard middlewares

Application middlewares

Application

Can we do that with puppet?

Sure, but tricky with classic DEV / OPS model



DEV cannot execute anything as root

SURE, but tricky with classic DEV / OPS model




Application 2

1


Some options :


• Second puppet master, or puppet apply (non root) • Other tool

Tool separation 1






Application 2

1


Some options :



Tool separation 1

Ok to run as root but under full control 2

• Custom “profile” facts (facts.d) and hiera • Run with mcollective (limit to some tags) • Read-only console access






Application 2

1


Some options :



Tool separation 1

Ok to run as root but under full control 2

• Custom “profile” facts (facts.d) and hiera • Run with mcollective (limit to some tags) • Read-only console access

Many other ways 3



Approach 1 : OPS write all modules


I need a mongodb module CI Puppet

master

mongodb module

What if DEV need custom modules (they will)


Impossible to scale Not efficient



master

mongodb module






master

mongodb module


Approach 2 : Pull request

mongodb module


CI Puppet master

Pull request


validated module





master

mongodb module

Very limited scalabity



mongodb module


CI Puppet master

Pull request


validated module





master

mongodb module




Approach 3: DEV can push to some repositories

mongodb module


CI Puppet master

mongodb module


CI Puppet master

Pull request


validated module





master

mongodb module


Complex permissions DEV are still basically root



Approach 3: DEV can push to some repositories

mongodb module


CI Puppet master

mongodb module


CI Puppet master

Pull request


validated module

Sure, we can tweak puppet


Is this this the way??


Maybe we should adapt processes and not just tools

Is this this the way??

A NEW relationship between DEV & OPS

• Provide application • Ask for env

From separation and control to shared responsiblities

Storage / Network

Servers


• Provide env • Run production


Strict separation of roles

Storage / Network

Servers





Storage / Network

Servers



• Provide programmable resources • Provide advice • Delegate some Prod responsability

Storage

Servers

Servers Network



Storage / Network

Servers




Storage

Servers

Servers Network

• Provide application • Consume environments • Share responsibility



Storage / Network

Servers




Storage

Servers

Servers Network

• Provide application • Consume environments • Share responsibility

Shared responsibilities


“Designing Puppet: Roles / Profiles Design Pattern Puppet Camp Stockholm, Feb 2013 (Craig Dunn Puppet Labs)

Resources

What it could look like with the profile/role pattern


Resources

ssh ntp

dns ldap

Modules

OPS provide core OS modules



Resources

ssh ntp

dns ldap

Modules

mysql

apache


OPS provide middleware modules



Resources

ssh ntp

dns ldap

Modules

mysql

apache

OS Base Profiles



OPS provide Base profile



Resources

ssh ntp

dns ldap

Modules

mysql

apache

OS Base Profiles Wordpress




DEV create profiles using modules



Resources

word press

ssh ntp

dns ldap

Modules

mysql

apache






DEV create some custom modules



Resources

word press

ssh ntp

dns ldap

Modules

mysql

apache


Roles Roles Wordpress-server OPS provide core OS modules





DEV & OPS define roles



Resources

word press

ssh ntp

dns ldap

Modules

mysql

apache








DEV & OPS define variables

Hiera



Resources

word press

ssh ntp

dns ldap

Modules

mysql

apache








DEV & OPS associate roles to nodes

DEV & OPS define variables

Hiera

Classifier


Final words

• Automate configuration

• Declare state, keep configuration on track

• Puppet syntax is very expressive

• Variable management with hiera is very efficient

Our feedback on puppet

Puppet is an amazing tool





Time

Exp

ecta

tio

ns







Time

Exp

ecta

tio

ns

Puppet???







Time

Exp

ecta

tio

ns

Puppet???

OK, looks interesting First puppet apply







Time

Exp

ecta

tio

ns

Puppet???


What the hell are: * Modules (and classes) * Hiera * erb * spaceships??







Time

Exp

ecta

tio

ns

Puppet???



First modules







Time

Exp

ecta

tio

ns

Puppet???



First modules

Wow this is big







Time

Exp

ecta

tio

ns

Puppet???



First modules

Wow this is big

Ok not that simple







Time

Exp

ecta

tio

ns

Puppet???



First modules

Wow this is big

Ok not that simple

Too big! We are lost * Variables? * Classification * Module conflicts







Time

Exp

ecta

tio

ns

Puppet???



First modules

Wow this is big

Ok not that simple


Best practices * Roles / Profiles * Variable location







Time

Exp

ecta

tio

ns

Puppet???



First modules

Wow this is big

Ok not that simple


Best practices * Roles / Profiles * Variable location


• Setups can be complex

• Many solutions to a problem

• Use it for what it does best

Try adapting processes first

• Look for best practices


You can do (almost) anything with puppet, but

The pace of innovation in IT is accelerating

New time-to-market challenges will require continuous delivery

We will not get continuous delivery without DEVOPS

Puppet is an amazing DEVOPS tool and will help you

Conclusion





Conclusion

But tools cannot do everything: puppet is not a magic solution





Conclusion

• Finding the best way to use puppet for you will take time

• Providing a configuration service will be a challenge

• Processes will need to change

DEV and OPS roles are evolving and Organizations will need to adapt

But tools cannot do everything: puppet is not a magic solution

Thank you

Laurent Bernaille, D2SI

@lbernail

@D2SI #PuppetCampParis

Technology

Puppet Camp Paris 2014: Achieving Continuous Delivery and DevOps with Puppet