Kris Buytaert discusses the importance of treating infrastructure as code using automation tools like Puppet, Chef, and Salt. This allows organizations to deploy and manage infrastructure in a reproducible, versioned manner. Manual infrastructure management is prone to errors, difficult to audit, and does not scale. Infrastructure as code helps solve problems like security, monitoring, backups and speeds up deployment times by treating infrastructure like application code.
2. Kris BuytaertKris Buytaert● I used to be a Dev,I used to be a Dev,
● Then Became an OpThen Became an Op
● Chief Trolling Officer and Open SourceChief Trolling Officer and Open Source
Consultant @Consultant @inuits.euinuits.eu
● Everything is an effing DNS ProblemEverything is an effing DNS Problem
● Building Clouds since before the bookstoreBuilding Clouds since before the bookstore
● Some books, some papers, some blogsSome books, some papers, some blogs
● Evangelizing devopsEvangelizing devops
● Organiser of #devopsdays, #cfgmgmtcamp,Organiser of #devopsdays, #cfgmgmtcamp,
#loadays, ….#loadays, ….
● Part of the travelling geek circusPart of the travelling geek circus
6. Common ProblemsCommon Problems
● Many manual changes to systems
● Many undocumented changes
● Emergency Administration only
● Disaster Recovery site is a Disaster
● Time to deliver a box is to slow
● All boxen are different
● Computers don’t work hard enough for us
7. More ProblemsMore Problems
● How long does it take to reinstall a machine from 0
● To the exact same point as before ?
● With different Hardware ? In a different cloud ?
● What about your (customer/personal data )
8. Security ?Security ?
● Monitoring that your platform hasn't changed.Monitoring that your platform hasn't changed.
•
Why is selinux disabled ?Why is selinux disabled ?
•
Who added / dropped that firewall ?Who added / dropped that firewall ?
•
What did this originally look like ?What did this originally look like ?
•
Is this file really what Bernd meant it to be ?Is this file really what Bernd meant it to be ?
10. Do you want to ?Do you want to ?
● Install these racks manuallyInstall these racks manually
● Over and over again ?Over and over again ?
● And can you guarantee that installs areAnd can you guarantee that installs are
identical ?identical ?
● ““No simple admin taks is fun more thanNo simple admin taks is fun more than
twice”twice”
● s/twice/once/g;s/twice/once/g;
● Repeating installs are boring and prone toRepeating installs are boring and prone to
errorserrors
● Each installation is unintentionally UniqueEach installation is unintentionally Unique
● Manual installs DO NOT scaleManual installs DO NOT scale
12. The 10The 10thth
floor testfloor test
● Grab a random machine (don’t take a backup before)
● Throw it out a 10th
floor window
● Can you recover it in 10 minutes ?
13. Facts!Facts!
● Data Backup is only a part
● Sysadmin backup needs to be done
also
● Manual Installations = bad
● Bad installations = unusable
infrastructure
● Bad installations = unproductive users
● Bad installations = manual efforts
● Manual efforts = no time
● No time = no updates no patches no
security
● Manual work = high costs
14. Deploying an InfrastructureDeploying an Infrastructure
● 1996 : Manual Installations1996 : Manual Installations
● 2001 : Mondo rescue2001 : Mondo rescue (reproducable single instances)(reproducable single instances)
● 2003 : SystemImager2003 : SystemImager
•
Reproducable Infrastructure , withReproducable Infrastructure , with
“OVERRIDES”“OVERRIDES”
•
Fast Multicast Image deploymentsFast Multicast Image deployments
•
Image Sprawl (thank you VMware)Image Sprawl (thank you VMware)
15. Deploying an InfrastructureDeploying an Infrastructure
● 1996 : Manual Installations1996 : Manual Installations
● 2001 : Mondo rescue2001 : Mondo rescue
● 2003 : SystemImager2003 : SystemImager
● 2005 :2005 : Kickstart / FAIKickstart / FAI
•
Dreaming of Jeos + IAC (Cfengine)Dreaming of Jeos + IAC (Cfengine)
16. Deploying an InfrastructureDeploying an Infrastructure
● 1996 : Manual Installations1996 : Manual Installations
● 2001 : Mondo rescue2001 : Mondo rescue
● 2003 : SystemImager2003 : SystemImager
● 2005 : Dreaming of Jeos + IAC2005 : Dreaming of Jeos + IAC
● 2008 : Actual JeOS + IAC2008 : Actual JeOS + IAC
● 2010 : Vagrant for development2010 : Vagrant for development
17. Imagesprawl ANDImagesprawl AND
SnowflakesSnowflakes
● Image Sparwl :Image Sparwl :
•
Copy vm 3xCopy vm 3x
•
Modify 2xModify 2x
•
Copy 21xCopy 21x
•
How the Heck did we get here ?How the Heck did we get here ?
● SnowFlakes :SnowFlakes :
•
Don't touch this box it might breakDon't touch this box it might break
•
Look how nice it is !Look how nice it is !
18. You never deployYou never deploy
something “just” oncesomething “just” once
● Local test … experiment,Local test … experiment,
•
Vagrant box / local containersVagrant box / local containers
● Integration PlatformIntegration Platform
•
Same codebase,, different environmentSame codebase,, different environment
● Dev/ UAT/ Prod / DR …Dev/ UAT/ Prod / DR …
● Or your customer just forgot to renew the leaseOr your customer just forgot to renew the lease
on his VPS. #toldyousoon his VPS. #toldyouso
19. What's different in the cloud ?What's different in the cloud ?
● ScaleScale
● VelocityVelocity
● ChangeChange
22. Configuration MgmtConfiguration Mgmt
● Configure 1000 nodes,Configure 1000 nodes,
● Modify 15000 files,Modify 15000 files,
● Think :Think :
•Cfengine,Puppet, Chef, SaltCfengine,Puppet, Chef, Salt
● Put configs under version controlPut configs under version control
● Please don't roll your own ...Please don't roll your own ...
23. Infrastructure as CodeInfrastructure as Code
● Treat configuration automation as codeTreat configuration automation as code
● Development best practicesDevelopment best practices
•
Model your infrastructureModel your infrastructure
•
Version your cookbooks / manifestsVersion your cookbooks / manifests
•
Test your cookbooks/ manifestsTest your cookbooks/ manifests
•
Dev/ test /uat / prod for your infraDev/ test /uat / prod for your infra
● Model your infrastructureModel your infrastructure
● A working service = automated ( Application Code + InfrastructureA working service = automated ( Application Code + Infrastructure
Code + Security + Monitoring )Code + Security + Monitoring )
● IAC -ne scripting (or translating bash to yaml)IAC -ne scripting (or translating bash to yaml)
24. IAC Is a TestingIAC Is a Testing
RequirementRequirement
● Stable reproducable starting pointStable reproducable starting point
32. Defining a ServiceDefining a Service
● profile that :profile that :
•
Configures service using a standardConfigures service using a standard
module call with hiera based parametersmodule call with hiera based parameters
•
Configures BackupConfigures Backup
•
Configures logrotationConfigures logrotation
•
Configures logshippingConfigures logshipping
•
Exports Monitoring NeedsExports Monitoring Needs
33. Chronicle of a failedChronicle of a failed
private cloudprivate cloud● Tool X provisions a VMTool X provisions a VM
•
3 weeks from the request / can only be done by 1 team3 weeks from the request / can only be done by 1 team
● Tool Y installs patchesTool Y installs patches
•
2 weeks2 weeks
● Team Z installs backupTeam Z installs backup
•
1 day1 day
● Team A installs monitoringTeam A installs monitoring
•
3 weeks3 weeks
● AppApp
•
Manual deploy on wrong JVM, return to senderManual deploy on wrong JVM, return to sender
34. Application IncludedApplication Included
● Application =Application =
•
PackagePackage
•
ConfigConfig
•
ServiceService
● No manual scriptingNo manual scripting
● Think about your bootstrapping / scaleoutThink about your bootstrapping / scaleout
36. ConclusionConclusion
● IAC solves a lot of problemsIAC solves a lot of problems
•
Improves SecurityImproves Security
•
Creates Monitoring LoveCreates Monitoring Love
•
Creates SpeedCreates Speed
● But it still is code, and needs to be treated likeBut it still is code, and needs to be treated like
code !code !