Learn how the Obama campaign leveraged Amazon Web Services (AWS) and Puppet to rapidly scale their infrastructure up for the needs of the election in a sustainable manner. Using the automation that AWS and Puppet enabled -- the Obama campaign build a significant AWS infrastructure (http://awsofa.info) while having a lean DevOps team, tight deadlines and applications that needed to be highly available. Learn about using bootstrapping puppet on Amazon EC2 instances with CloudInit, using it with autoscaling groups and secure handling of credentials in manifests. Find out how to scale puppet masters and take advantage of Amazon S3 backed RPM/Debian repos with them.
Leo Zhadanovsky
Senior Solutions Architect, Amazon Web Services
Leo Zhadanovsky is a Senior Solutions Architect at Amazon Web Services. He helps customers best leverage AWS services, in order to help them succeed in building highly-available, scalable and elastic architectures for their business needs. He was previously the Director of Systems Engineering at the Democratic National Committee. From 2009 to early 2013, he ran the DNC's physical server and cloud footprint and supported infrastructure which was in use by the Obama campaign, state and local Democratic parties. In 2010, the DNC successfully ran and deployed many applications, such as a Call Tool and Voter Registration website, that were written in Ruby and ran on AWS. In 2012, the DNC supported the Obama campaign with various backend APIs, web sites, voter file databases and a large data warehouse.
Ensuring Technical Readiness For Copilot in Microsoft 365
The Road to the White House with Puppet & AWS
1. The Road to the White House
with Puppet & AWS
Leo Zhadanovsky – Solutions Architect – leo@amazon.com
@leozh
2. What am I talking about today?
What was OFA Tech?
• Who did it?
• What did they build?
How did they do that?
• Technologies and Tradeoffs
• Services vs. Software
How did they leverage puppet?
What did they learn from building something so big?
3. Who Am I?
I work for AWS
I worked for the DNC 2009-2012
I was embedded at OFA
AWS does not endorse
political candidates
I love Star Trek (TNG is the best)
4. So here’s the Idea
~30th biggest E-commerce operation, globally
~200 distinct new applications, many mobile
Hundreds of new, untested analytical approaches
Processing hundreds of TB of data on thousands of servers
Spikes of hundreds of thousands of concurrent users
FUN FUN FUN
5. a few constraints…
~30th biggest E-commerce operation, globally
~200 distinct applications, many mobile
Hundreds of new, untested analytical approaches
Processing hundreds of TB of data on thousands of servers
Spikes of hundreds of thousands of concurrent users
Critically compressed budget
Less than a year to execute
Volunteer and near-volunteer development team
Core systems will be used for a single critical day
Constitutionally-mandated completion date
NOT
NOT
16. No Up-Front
Capital Expense
Pay Only for
What You Use
Self-Service
Infrastructure
Easily Scale
Up and Down
Improve Agility &
Time-to-Market
Low Cost
Cloud Computing Benefits
Deploy
25. Configuration Management: Puppet
In mid-2011, we look at options for configuration
management and chose Puppet
We needed to make it scale, and to get it to work with state-
less, horizontally scalable infrastructure
How did we do this?
26. Bootstrapping Puppet with CloudInit
CloudInit is built
into Ubuntu and
Amazon Linux
• Allows you to
pass bootstrap
parameters in
Amazon EC2
user-data field, in
YAML format
27. Bootstrapping Puppet with CloudInit
Don’t store creds in puppet manifests, store them in private
Amazon S3 buckets
Either pass Amazon S3 creds through CloudInit:
Even better – avoid this by using AWS Identity and Access
Management (IAM) roles and the version of s3cmd in github
28. Bootstrapping Puppet with CloudInit
Built-in puppet support
Use certname with %i for instance id to name the node
Puppetmaster must have auto sign turned on
• Use security groups and/or NACLs for network-level security
In nodes.pp, use regex to match node names
30. Use runstages
Don’t store credentials in puppet, store them in private
Amazon S3 buckets
• Use AWS IAM to secure the credentials bucket/folders within that
bucket
Puppet Tips
31. Puppet Tips
Use puppet only for configuration files and what makes your
apps unique
For undifferentiated parts of apps, use Amazon S3 backed
RPM/Debian repositories
• Can be either public or private repos, depending on your needs
• Amazon S3 Private RPM Repos: http://git.io/YAcsbg
• Amazon S3 Private Debian Repos: http://git.io/ecCjWQ
32. Puppet Tips
By using packages for applications deploys, you can set ensure
=> latest, and just bump the package in the repo to update
Log everything with rsyslog/graylog/loggly/NewRelic/splunk
33. Scaling the Puppet Masters
Use an Auto Scaling group for puppet masters
• Min size => 2, use multiple Availability Zones
Either have them build themselves off of existing puppet
masters in the group or off packages storied in Amazon S3 and
bootstrapped through user-data
Auto-sign must be on
35. Technology Choice
Polyglot Development
Cloud Hosting
Diverse, App-centered
Databases
SOA, queue-based system
integrations
Expected Tradeoff
More Complex Ops
Less Infra Control,
performance
More Complex Ops,
Fragility, Data Corruption
Dev Complexity, slower
system performance
36. Technology Choice
Polyglot
Development
Cloud Hosting
Diverse, App-
centered Databases
SOA, queue-based
system integrations
Expected Tradeoff
More Complex
Ops
Less Infra Control,
performance
More Complex
Ops, Fragility,
Data Corruption
Dev Complexity,
slower system
performance
Upside
Build as little as
possible, rev-1 faster,
reuse dev skills
Scale, Speed, Cost
Heterogeneous
Resilience, right
tools for the job
Scalability,
serviceability,
operational
flexibility, and
substantially faster
in aggregate
40. 2012
OFA
Produced 8.4 Billion
Amazon SQS Queued
Events
Amazon Simple
Queuing Service
(SQS)
Thousands of customers
A whole lot of servers
Over 5 Billion Queued
Events
2006-8
41. 2012
OFA
Produced 8.4 Billion
Amazon SQS Queued
Events
Just the last month of
the campaign
2006-8
Amazon Simple
Queuing Service
(SQS)
Thousands of customers
A whole lot of servers
Over 5 Billion Queued
Events
45. This applies to lots of services!
Elastic Load Balancing
Amazon ElastiCache
Amazon RDS
Amazon CloudSearch
Amazon Route53
Amazon S3
Amazon CloudFront
Amazon DynamoDB
You can mostly
do these on your
own…
But do you have extra:
focus, expertise, time, research,
money, risk-tolerance, staff, dedication to
innovate, operations coverage, scalability in design...
49. They had this built for the previous 3
months, all on the East Coast.
50. They had this built for the previous 3
months, all on the East Coast.
We built this
part in 9 hours
to be safe.
AWS +
Puppet +
Netflix Asgard +
CloudOpt +
DevOps =
Cross-Continent Fault-
Tolerance On-Demand
51.
52.
53. Replication across the continent..
http://tsunami-udp.sourceforge.net/
478.18 Mbps
cross-continental data transit
rate for a single cc2.8xlarge
instance
1.72 Tb an hour
27 Tb of data to move
3.92 Hours
required to move the data
across the continent with
four cc2.8xlarge instances
54. So what did they learn?
HA in Depth: Amazon S3 static pages, de-coupled UI,
jekyll/hyde
Game Day: Practice failures so you know what to do.
( http://www.awsgameday.com )
Loose-Coupling: Ops easy, scale easy, test easy, fix easy…
Fail-Forward: features, quality, and focus are all critical.
Cloud works.
61. Register Now!
reinvent.awsevents.com
$200 Off Discount Code:
Zoltan2013
Gain New Skills & Knowledge
Choose from 175+ technical sessions,
training bootcamps, hands-on labs,
and hackathons.
Dive Deeper into AWS
Dive deep into foundational AWS
services and learn about the latest
services and features.
Get Your Questions Answered
Get your technical questions answered
by AWS architects, engineers, and
product leads.
Learn Best Practices
Discover best practices, tips and
tricks, and lessons learned from
expert customers.
62. Thank you!
Questions?
• Come talk to an AWS Solutions Architect at Table 22
Contact me!
• @leozh
• leo@amazon.com
Notes de l'éditeur
Not your normal technology professionals
Not your normal office environment
A few friends in high places
Cloud computing is a better way to run your business. The cloud helps companies of all sizesbecome moreagile. Instead of running your applications yourself you can run them on the cloud where IT infrastructure is offered as a service like a utility. With the cloud, your company saves money: there are no up-front capital expenses as you don’t have to buy hardware for your projects. The massive scale and fast pace of innovation of the cloud drive the costs down for you. In the cloud, you pay only for what you use just like electricity.The cloud can also help your company save time and improve agility – it’s faster to get started: you can build new environments in minutes as you don’t need to wait for new servers to arrive. The elastic nature of the cloud makes it easy to scale up and down as needed. At the end of the day you have more resources left for innovation which allows you to focus on projects that can really impact your businesses like building and deploying more applications. “With the high growth nature of our business, we were looking for a cloud solution to enable us to scale fast. Think twice before buying your next server. Cloud computing is the way forward.” - Sami Lababidi, CTO, Playfish