SlideShare a Scribd company logo

On the Importance of Infrastructure as Code

Download as ODP, PDF
Kris Buytaert
Kris Buytaert

Kris Buytaert discusses the importance of treating infrastructure as code using automation tools like Puppet, Chef, and Salt. This allows organizations to deploy and manage infrastructure in a reproducible, versioned manner. Manual infrastructure management is prone to errors, difficult to audit, and does not scale. Infrastructure as code helps solve problems like security, monitoring, backups and speeds up deployment times by treating infrastructure like application code.

Technology
1 of 37
On theimportanceof InfrastructureasCode Kris Buytaert @krisbuytaert
Kris BuytaertKris Buytaert● I used to be a Dev,I used to be a Dev, ● Then Became an OpThen Became an Op ● Chief Trolling Officer and Open SourceChief Trolling Officer and Open Source Consultant @Consultant @inuits.euinuits.eu ● Everything is an effing DNS ProblemEverything is an effing DNS Problem ● Building Clouds since before the bookstoreBuilding Clouds since before the bookstore ● Some books, some papers, some blogsSome books, some papers, some blogs ● Evangelizing devopsEvangelizing devops ● Organiser of #devopsdays, #cfgmgmtcamp,Organiser of #devopsdays, #cfgmgmtcamp, #loadays, ….#loadays, …. ● Part of the travelling geek circusPart of the travelling geek circus
What's this devopsWhat's this devops thing anyhow ?thing anyhow ?
C(L)AMSC(L)AMS ● CultureCulture ● (Lean)(Lean) ● AutomationAutomation ● MeasurementMeasurement ● SharingSharing Damon Edwards and John WillisDamon Edwards and John Willis Gene KimGene Kim
Why automate ?Why automate ?
Common ProblemsCommon Problems ● Many manual changes to systems ● Many undocumented changes ● Emergency Administration only ● Disaster Recovery site is a Disaster ● Time to deliver a box is to slow ● All boxen are different ● Computers don’t work hard enough for us
More ProblemsMore Problems ● How long does it take to reinstall a machine from 0 ● To the exact same point as before ? ● With different Hardware ? In a different cloud ? ● What about your (customer/personal data )
Security ?Security ? ● Monitoring that your platform hasn't changed.Monitoring that your platform hasn't changed. • Why is selinux disabled ?Why is selinux disabled ? • Who added / dropped that firewall ?Who added / dropped that firewall ? • What did this originally look like ?What did this originally look like ? • Is this file really what Bernd meant it to be ?Is this file really what Bernd meant it to be ?
#monitoringsucks#monitoringsucks ● Monitoring is out of sync with realityMonitoring is out of sync with reality ● Managed manuallyManaged manually ● Can't keep up..Can't keep up..
Do you want to ?Do you want to ? ● Install these racks manuallyInstall these racks manually ● Over and over again ?Over and over again ? ● And can you guarantee that installs areAnd can you guarantee that installs are identical ?identical ? ● ““No simple admin taks is fun more thanNo simple admin taks is fun more than twice”twice” ● s/twice/once/g;s/twice/once/g; ● Repeating installs are boring and prone toRepeating installs are boring and prone to errorserrors ● Each installation is unintentionally UniqueEach installation is unintentionally Unique ● Manual installs DO NOT scaleManual installs DO NOT scale
ChallengesChallenges ● ReproducabilityReproducability ● SpeedSpeed ● AuditingAuditing ● Keeping stuff in syncKeeping stuff in sync • MonitoringMonitoring • SecuritySecurity • BackupBackup
The 10The 10thth floor testfloor test ● Grab a random machine (don’t take a backup before) ● Throw it out a 10th floor window ● Can you recover it in 10 minutes ?
Facts!Facts! ● Data Backup is only a part ● Sysadmin backup needs to be done also ● Manual Installations = bad ● Bad installations = unusable infrastructure ● Bad installations = unproductive users ● Bad installations = manual efforts ● Manual efforts = no time ● No time = no updates no patches no security ● Manual work = high costs
Deploying an InfrastructureDeploying an Infrastructure ● 1996 : Manual Installations1996 : Manual Installations ● 2001 : Mondo rescue2001 : Mondo rescue (reproducable single instances)(reproducable single instances) ● 2003 : SystemImager2003 : SystemImager • Reproducable Infrastructure , withReproducable Infrastructure , with “OVERRIDES”“OVERRIDES” • Fast Multicast Image deploymentsFast Multicast Image deployments • Image Sprawl (thank you VMware)Image Sprawl (thank you VMware)
Deploying an InfrastructureDeploying an Infrastructure ● 1996 : Manual Installations1996 : Manual Installations ● 2001 : Mondo rescue2001 : Mondo rescue ● 2003 : SystemImager2003 : SystemImager ● 2005 :2005 : Kickstart / FAIKickstart / FAI • Dreaming of Jeos + IAC (Cfengine)Dreaming of Jeos + IAC (Cfengine)
Deploying an InfrastructureDeploying an Infrastructure ● 1996 : Manual Installations1996 : Manual Installations ● 2001 : Mondo rescue2001 : Mondo rescue ● 2003 : SystemImager2003 : SystemImager ● 2005 : Dreaming of Jeos + IAC2005 : Dreaming of Jeos + IAC ● 2008 : Actual JeOS + IAC2008 : Actual JeOS + IAC ● 2010 : Vagrant for development2010 : Vagrant for development
Imagesprawl ANDImagesprawl AND SnowflakesSnowflakes ● Image Sparwl :Image Sparwl : • Copy vm 3xCopy vm 3x • Modify 2xModify 2x • Copy 21xCopy 21x • How the Heck did we get here ?How the Heck did we get here ? ● SnowFlakes :SnowFlakes : • Don't touch this box it might breakDon't touch this box it might break • Look how nice it is !Look how nice it is !
You never deployYou never deploy something “just” oncesomething “just” once ● Local test … experiment,Local test … experiment, • Vagrant box / local containersVagrant box / local containers ● Integration PlatformIntegration Platform • Same codebase,, different environmentSame codebase,, different environment ● Dev/ UAT/ Prod / DR …Dev/ UAT/ Prod / DR … ● Or your customer just forgot to renew the leaseOr your customer just forgot to renew the lease on his VPS. #toldyousoon his VPS. #toldyouso
What's different in the cloud ?What's different in the cloud ? ● ScaleScale ● VelocityVelocity ● ChangeChange
Your machines as CattleYour machines as Cattle
Treat your people as petsTreat your people as pets
Configuration MgmtConfiguration Mgmt ● Configure 1000 nodes,Configure 1000 nodes, ● Modify 15000 files,Modify 15000 files, ● Think :Think : •Cfengine,Puppet, Chef, SaltCfengine,Puppet, Chef, Salt ● Put configs under version controlPut configs under version control ● Please don't roll your own ...Please don't roll your own ...
Infrastructure as CodeInfrastructure as Code ● Treat configuration automation as codeTreat configuration automation as code ● Development best practicesDevelopment best practices • Model your infrastructureModel your infrastructure • Version your cookbooks / manifestsVersion your cookbooks / manifests • Test your cookbooks/ manifestsTest your cookbooks/ manifests • Dev/ test /uat / prod for your infraDev/ test /uat / prod for your infra ● Model your infrastructureModel your infrastructure ● A working service = automated ( Application Code + InfrastructureA working service = automated ( Application Code + Infrastructure Code + Security + Monitoring )Code + Security + Monitoring ) ● IAC -ne scripting (or translating bash to yaml)IAC -ne scripting (or translating bash to yaml)
IAC Is a TestingIAC Is a Testing RequirementRequirement ● Stable reproducable starting pointStable reproducable starting point
AuditabilityAuditability ● git loggit log ● git blamegit blame ● Review,Review, ● authorizationauthorization
File monitoringFile monitoring
Fixing Monitoring FatigueFixing Monitoring Fatigue
Stored ConfigsStored Configs
Collection and ExportCollection and Export Export :Export : @@resource {@@resource { ... }... } Collect:Collect: Resource <<| query |Resource <<| query | >>>> Clean out nodes that dissapearClean out nodes that dissapear puppet node cleanpuppet node clean
Use Cases:Use Cases: ● Ssh keysSsh keys ● Reverse proxy configsReverse proxy configs ● Monitoring resourcesMonitoring resources ● Measuring resourcesMeasuring resources
Puppetmaster Example:Puppetmaster Example:
Defining a ServiceDefining a Service ● profile that :profile that : • Configures service using a standardConfigures service using a standard module call with hiera based parametersmodule call with hiera based parameters • Configures BackupConfigures Backup • Configures logrotationConfigures logrotation • Configures logshippingConfigures logshipping • Exports Monitoring NeedsExports Monitoring Needs
Chronicle of a failedChronicle of a failed private cloudprivate cloud● Tool X provisions a VMTool X provisions a VM • 3 weeks from the request / can only be done by 1 team3 weeks from the request / can only be done by 1 team ● Tool Y installs patchesTool Y installs patches • 2 weeks2 weeks ● Team Z installs backupTeam Z installs backup • 1 day1 day ● Team A installs monitoringTeam A installs monitoring • 3 weeks3 weeks ● AppApp • Manual deploy on wrong JVM, return to senderManual deploy on wrong JVM, return to sender
Application IncludedApplication Included ● Application =Application = • PackagePackage • ConfigConfig • ServiceService ● No manual scriptingNo manual scripting ● Think about your bootstrapping / scaleoutThink about your bootstrapping / scaleout
Automation ofAutomation of #monitoring#monitoring brought backbrought back thethe #love#love
ConclusionConclusion ● IAC solves a lot of problemsIAC solves a lot of problems • Improves SecurityImproves Security • Creates Monitoring LoveCreates Monitoring Love • Creates SpeedCreates Speed ● But it still is code, and needs to be treated likeBut it still is code, and needs to be treated like code !code !
ContactContact Kris BuytaertKris Buytaert Kris.Buytaert@inuits.beKris.Buytaert@inuits.be Further ReadingFurther Reading @krisbuytaert@krisbuytaert http://www.krisbuytaert.be/blog/http://www.krisbuytaert.be/blog/ http://www.inuits.be/http://www.inuits.be/ InuitsInuits Essensteenweg 31Essensteenweg 31 BrasschaatBrasschaat BelgiumBelgium 891.514.231891.514.231 +32 475 961221+32 475 961221

Recommended

Continous Delivery of your Infrastructure
Continous Delivery of your InfrastructureContinous Delivery of your Infrastructure
Continous Delivery of your Infrastructure
Kris Buytaert
 
The influence of "Distributed platforms" on #devops
The influence of "Distributed platforms" on #devopsThe influence of "Distributed platforms" on #devops
The influence of "Distributed platforms" on #devops
Kris Buytaert
 
Another 7 tools for your #devops stack
Another 7 tools for your #devops stackAnother 7 tools for your #devops stack
Another 7 tools for your #devops stack
Kris Buytaert
 
Monitoring Drupal In an Infrastructure as Code Age
Monitoring Drupal In an Infrastructure as Code AgeMonitoring Drupal In an Infrastructure as Code Age
Monitoring Drupal In an Infrastructure as Code Age
Kris Buytaert
 
No, we can't do continuous delivery
No, we can't do continuous deliveryNo, we can't do continuous delivery
No, we can't do continuous delivery
Kris Buytaert
 
devops is a reorg
devops is a reorgdevops is a reorg
devops is a reorg
Kris Buytaert
 
Groovy there's a docker in my application pipeline
Groovy there's a docker in my application pipelineGroovy there's a docker in my application pipeline
Groovy there's a docker in my application pipeline
Kris Buytaert
 
Nightmare on Docker street
Nightmare on Docker streetNightmare on Docker street
Nightmare on Docker street
Kris Buytaert
 

Recommended

Continous Delivery of your Infrastructure
Continous Delivery of your InfrastructureContinous Delivery of your Infrastructure
Continous Delivery of your Infrastructure
Kris Buytaert
 
The influence of "Distributed platforms" on #devops
The influence of "Distributed platforms" on #devopsThe influence of "Distributed platforms" on #devops
The influence of "Distributed platforms" on #devops
Kris Buytaert
 
Another 7 tools for your #devops stack
Another 7 tools for your #devops stackAnother 7 tools for your #devops stack
Another 7 tools for your #devops stack
Kris Buytaert
 
Monitoring Drupal In an Infrastructure as Code Age
Monitoring Drupal In an Infrastructure as Code AgeMonitoring Drupal In an Infrastructure as Code Age
Monitoring Drupal In an Infrastructure as Code Age
Kris Buytaert
 
No, we can't do continuous delivery
No, we can't do continuous deliveryNo, we can't do continuous delivery
No, we can't do continuous delivery
Kris Buytaert
 
devops is a reorg
devops is a reorgdevops is a reorg
devops is a reorg
Kris Buytaert
 
Groovy there's a docker in my application pipeline
Groovy there's a docker in my application pipelineGroovy there's a docker in my application pipeline
Groovy there's a docker in my application pipeline
Kris Buytaert
 
Nightmare on Docker street
Nightmare on Docker streetNightmare on Docker street
Nightmare on Docker street
Kris Buytaert
 
Dod is not done
Dod is not doneDod is not done
Dod is not done
Kris Buytaert
 
Closing the gap between Distros(devs) and their Users(ops)
Closing the gap between Distros(devs) and their Users(ops)Closing the gap between Distros(devs) and their Users(ops)
Closing the gap between Distros(devs) and their Users(ops)
Kris Buytaert
 
Monitoring in an Infrastructure as Code Age
Monitoring in an Infrastructure as Code AgeMonitoring in an Infrastructure as Code Age
Monitoring in an Infrastructure as Code Age
Kris Buytaert
 
From MonitoringSucks to Monitoring Love , 2016 Edition
From MonitoringSucks to Monitoring Love , 2016 EditionFrom MonitoringSucks to Monitoring Love , 2016 Edition
From MonitoringSucks to Monitoring Love , 2016 Edition
Kris Buytaert
 
Adopting Devops , Stories from the trenches
Adopting Devops , Stories from the trenchesAdopting Devops , Stories from the trenches
Adopting Devops , Stories from the trenches
Kris Buytaert
 
From devoops to devops
From devoops to devopsFrom devoops to devops
From devoops to devops
Kris Buytaert
 
Dev secops opsec, devsec, devops ?
Dev secops opsec, devsec, devops ?Dev secops opsec, devsec, devops ?
Dev secops opsec, devsec, devops ?
Kris Buytaert
 
Open Source Monitoring in 2015
Open Source Monitoring in 2015Open Source Monitoring in 2015
Open Source Monitoring in 2015
Kris Buytaert
 
Moby is killing your devops efforts
Moby is killing your devops effortsMoby is killing your devops efforts
Moby is killing your devops efforts
Kris Buytaert
 
Run stuff, Deploy Stuff
Run stuff, Deploy StuffRun stuff, Deploy Stuff
Run stuff, Deploy Stuff
Kris Buytaert
 
Is there a future for devops ?
Is there a future for devops ?Is there a future for devops ?
Is there a future for devops ?
Kris Buytaert
 
Devops, The future is here, it's just not evenly distributed
Devops, The future is here, it's just not evenly distributedDevops, The future is here, it's just not evenly distributed
Devops, The future is here, it's just not evenly distributed
Kris Buytaert
 
Devops is a Security Requirement
Devops is a Security RequirementDevops is a Security Requirement
Devops is a Security Requirement
Kris Buytaert
 
The Return of the Dull Stack Engineer
The Return of the Dull Stack EngineerThe Return of the Dull Stack Engineer
The Return of the Dull Stack Engineer
Kris Buytaert
 
Devops 101 QA with Kris Buytaert
Devops 101 QA with Kris BuytaertDevops 101 QA with Kris Buytaert
Devops 101 QA with Kris Buytaert
Kris Buytaert
 
Docker is killing your #devops Efforts
Docker is killing your #devops EffortsDocker is killing your #devops Efforts
Docker is killing your #devops Efforts
Kris Buytaert
 
Pipeline as Code
Pipeline as CodePipeline as Code
Pipeline as Code
Kris Buytaert
 
Devops is dead, Long Live Devops
Devops is dead, Long Live DevopsDevops is dead, Long Live Devops
Devops is dead, Long Live Devops
Kris Buytaert
 
Automating MySQL operations with Puppet
Automating MySQL operations with PuppetAutomating MySQL operations with Puppet
Automating MySQL operations with Puppet
Kris Buytaert
 
Devops is not about Tooling
Devops is not about ToolingDevops is not about Tooling
Devops is not about Tooling
Kris Buytaert
 
Looking back at 7 years of #devopsdays
Looking back at 7 years of #devopsdaysLooking back at 7 years of #devopsdays
Looking back at 7 years of #devopsdays
Kris Buytaert
 
PuppetConf 2016: Keynote: Pulling the Strings to Containerize Your Life - Sco...
PuppetConf 2016: Keynote: Pulling the Strings to Containerize Your Life - Sco...PuppetConf 2016: Keynote: Pulling the Strings to Containerize Your Life - Sco...
PuppetConf 2016: Keynote: Pulling the Strings to Containerize Your Life - Sco...
Puppet
 

More Related Content

What's hot

What's hot (20)

Dod is not done
Dod is not doneDod is not done
Dod is not done
 
Closing the gap between Distros(devs) and their Users(ops)
Closing the gap between Distros(devs) and their Users(ops)Closing the gap between Distros(devs) and their Users(ops)
Closing the gap between Distros(devs) and their Users(ops)
 
Monitoring in an Infrastructure as Code Age
Monitoring in an Infrastructure as Code AgeMonitoring in an Infrastructure as Code Age
Monitoring in an Infrastructure as Code Age
 
From MonitoringSucks to Monitoring Love , 2016 Edition
From MonitoringSucks to Monitoring Love , 2016 EditionFrom MonitoringSucks to Monitoring Love , 2016 Edition
From MonitoringSucks to Monitoring Love , 2016 Edition
 
Adopting Devops , Stories from the trenches
Adopting Devops , Stories from the trenchesAdopting Devops , Stories from the trenches
Adopting Devops , Stories from the trenches
 
From devoops to devops
From devoops to devopsFrom devoops to devops
From devoops to devops
 
Dev secops opsec, devsec, devops ?
Dev secops opsec, devsec, devops ?Dev secops opsec, devsec, devops ?
Dev secops opsec, devsec, devops ?
 
Open Source Monitoring in 2015
Open Source Monitoring in 2015Open Source Monitoring in 2015
Open Source Monitoring in 2015
 
Moby is killing your devops efforts
Moby is killing your devops effortsMoby is killing your devops efforts
Moby is killing your devops efforts
 
Run stuff, Deploy Stuff
Run stuff, Deploy StuffRun stuff, Deploy Stuff
Run stuff, Deploy Stuff
 
Is there a future for devops ?
Is there a future for devops ?Is there a future for devops ?
Is there a future for devops ?
 
Devops, The future is here, it's just not evenly distributed
Devops, The future is here, it's just not evenly distributedDevops, The future is here, it's just not evenly distributed
Devops, The future is here, it's just not evenly distributed
 
Devops is a Security Requirement
Devops is a Security RequirementDevops is a Security Requirement
Devops is a Security Requirement
 
The Return of the Dull Stack Engineer
The Return of the Dull Stack EngineerThe Return of the Dull Stack Engineer
The Return of the Dull Stack Engineer
 
Devops 101 QA with Kris Buytaert
Devops 101 QA with Kris BuytaertDevops 101 QA with Kris Buytaert
Devops 101 QA with Kris Buytaert
 
Docker is killing your #devops Efforts
Docker is killing your #devops EffortsDocker is killing your #devops Efforts
Docker is killing your #devops Efforts
 
Pipeline as Code
Pipeline as CodePipeline as Code
Pipeline as Code
 
Devops is dead, Long Live Devops
Devops is dead, Long Live DevopsDevops is dead, Long Live Devops
Devops is dead, Long Live Devops
 
Automating MySQL operations with Puppet
Automating MySQL operations with PuppetAutomating MySQL operations with Puppet
Automating MySQL operations with Puppet
 
Devops is not about Tooling
Devops is not about ToolingDevops is not about Tooling
Devops is not about Tooling
 

Viewers also liked

All Things Open : Crash Course in Open Source Cloud Computing
All Things Open : Crash Course in Open Source Cloud Computing All Things Open : Crash Course in Open Source Cloud Computing
All Things Open : Crash Course in Open Source Cloud Computing
Mark Hinkle
 
DevOps on AWS: Deep Dive on Infrastructure as Code - Toronto
DevOps on AWS: Deep Dive on Infrastructure as Code - TorontoDevOps on AWS: Deep Dive on Infrastructure as Code - Toronto
DevOps on AWS: Deep Dive on Infrastructure as Code - Toronto
Amazon Web Services
 
Pragmatic Security and Rugged DevOps - SXSW 2015
Pragmatic Security and Rugged DevOps - SXSW 2015Pragmatic Security and Rugged DevOps - SXSW 2015
Pragmatic Security and Rugged DevOps - SXSW 2015
James Wickett
 

Viewers also liked (19)

Looking back at 7 years of #devopsdays
Looking back at 7 years of #devopsdaysLooking back at 7 years of #devopsdays
Looking back at 7 years of #devopsdays
 
PuppetConf 2016: Keynote: Pulling the Strings to Containerize Your Life - Sco...
PuppetConf 2016: Keynote: Pulling the Strings to Containerize Your Life - Sco...PuppetConf 2016: Keynote: Pulling the Strings to Containerize Your Life - Sco...
PuppetConf 2016: Keynote: Pulling the Strings to Containerize Your Life - Sco...
 
Creating SaltStack State data with Pyobjects
Creating SaltStack State data with PyobjectsCreating SaltStack State data with Pyobjects
Creating SaltStack State data with Pyobjects
 
Event-driven Infrastructure - Mike Place, SaltStack - DevOpsDays Tel Aviv 2016
Event-driven Infrastructure - Mike Place, SaltStack - DevOpsDays Tel Aviv 2016Event-driven Infrastructure - Mike Place, SaltStack - DevOpsDays Tel Aviv 2016
Event-driven Infrastructure - Mike Place, SaltStack - DevOpsDays Tel Aviv 2016
 
ContentCal AutoPilot
ContentCal AutoPilotContentCal AutoPilot
ContentCal AutoPilot
 
Intelligent infrastructure with SaltStack
Intelligent infrastructure with SaltStackIntelligent infrastructure with SaltStack
Intelligent infrastructure with SaltStack
 
OpenStack Journey in Tieto Elastic Cloud
OpenStack Journey in Tieto Elastic CloudOpenStack Journey in Tieto Elastic Cloud
OpenStack Journey in Tieto Elastic Cloud
 
Looking back at 6.5 years of #devopsdays
Looking back at 6.5 years of #devopsdaysLooking back at 6.5 years of #devopsdays
Looking back at 6.5 years of #devopsdays
 
Técnicas de gestión del tiempo para Administradores de Sistemas
Técnicas de gestión del tiempo para Administradores de SistemasTécnicas de gestión del tiempo para Administradores de Sistemas
Técnicas de gestión del tiempo para Administradores de Sistemas
 
DevOps Transformations
DevOps TransformationsDevOps Transformations
DevOps Transformations
 
Operators experience and perspective on SDN with VLANs and L3 Networks
Operators experience and perspective on SDN with VLANs and L3 NetworksOperators experience and perspective on SDN with VLANs and L3 Networks
Operators experience and perspective on SDN with VLANs and L3 Networks
 
Using SaltStack to Auto Triage and Remediate Production Systems
Using SaltStack to Auto Triage and Remediate Production SystemsUsing SaltStack to Auto Triage and Remediate Production Systems
Using SaltStack to Auto Triage and Remediate Production Systems
 
Why to docker
Why to dockerWhy to docker
Why to docker
 
Automate your development environment with Jira and Saltstack
Automate your development environment with Jira and SaltstackAutomate your development environment with Jira and Saltstack
Automate your development environment with Jira and Saltstack
 
All Things Open : Crash Course in Open Source Cloud Computing
All Things Open : Crash Course in Open Source Cloud Computing All Things Open : Crash Course in Open Source Cloud Computing
All Things Open : Crash Course in Open Source Cloud Computing
 
Shirt Ops: How to make awesome t-shirts for your conference
Shirt Ops: How to make awesome t-shirts for your conferenceShirt Ops: How to make awesome t-shirts for your conference
Shirt Ops: How to make awesome t-shirts for your conference
 
DevOps on AWS: Deep Dive on Infrastructure as Code - Toronto
DevOps on AWS: Deep Dive on Infrastructure as Code - TorontoDevOps on AWS: Deep Dive on Infrastructure as Code - Toronto
DevOps on AWS: Deep Dive on Infrastructure as Code - Toronto
 
SaltStack Configuration Management
SaltStack Configuration ManagementSaltStack Configuration Management
SaltStack Configuration Management
 
Pragmatic Security and Rugged DevOps - SXSW 2015
Pragmatic Security and Rugged DevOps - SXSW 2015Pragmatic Security and Rugged DevOps - SXSW 2015
Pragmatic Security and Rugged DevOps - SXSW 2015
 

Similar to On the Importance of Infrastructure as Code

Monitoring in an Infrastructure as Code Age
Monitoring in an Infrastructure as Code AgeMonitoring in an Infrastructure as Code Age
Monitoring in an Infrastructure as Code Age
Puppet
 

Similar to On the Importance of Infrastructure as Code (20)

When traditional configuration management is to slow for your needs
When traditional configuration management is to slow for your needsWhen traditional configuration management is to slow for your needs
When traditional configuration management is to slow for your needs
 
From Config Management Sucks to #cfgmgmtlove
From Config Management Sucks to #cfgmgmtlove From Config Management Sucks to #cfgmgmtlove
From Config Management Sucks to #cfgmgmtlove
 
Continuous Delivery of (y)our infrastructure.
Continuous Delivery of (y)our infrastructure.Continuous Delivery of (y)our infrastructure.
Continuous Delivery of (y)our infrastructure.
 
Run stuff, Deploy Stuff, Jax London 2017 Edition
Run stuff, Deploy Stuff, Jax London 2017 EditionRun stuff, Deploy Stuff, Jax London 2017 Edition
Run stuff, Deploy Stuff, Jax London 2017 Edition
 
Pipeline as code for your infrastructure as Code
Pipeline as code for your infrastructure as CodePipeline as code for your infrastructure as Code
Pipeline as code for your infrastructure as Code
 
Continuous Infrastructure First
Continuous Infrastructure FirstContinuous Infrastructure First
Continuous Infrastructure First
 
Monitoring in an Infrastructure as Code Age
Monitoring in an Infrastructure as Code AgeMonitoring in an Infrastructure as Code Age
Monitoring in an Infrastructure as Code Age
 
OSMC 2017 | Groovy There is a Docker in my Dashing Pipeline by Kris Buytaert
OSMC 2017 | Groovy There is a Docker in my Dashing Pipeline by Kris Buytaert OSMC 2017 | Groovy There is a Docker in my Dashing Pipeline by Kris Buytaert
OSMC 2017 | Groovy There is a Docker in my Dashing Pipeline by Kris Buytaert
 
OSDC 2016 - Another 7 Tools for your #devops Stack by Kris Buytaert
OSDC 2016 - Another 7 Tools for your #devops Stack by Kris BuytaertOSDC 2016 - Another 7 Tools for your #devops Stack by Kris Buytaert
OSDC 2016 - Another 7 Tools for your #devops Stack by Kris Buytaert
 
Continuous Infrastructure First Ignite Edition
Continuous Infrastructure First Ignite EditionContinuous Infrastructure First Ignite Edition
Continuous Infrastructure First Ignite Edition
 
DevOps Days Kyiv 2019 -- continuous Infrafirstructure First //Kris buytaert
DevOps Days Kyiv 2019 -- continuous Infrafirstructure First //Kris buytaertDevOps Days Kyiv 2019 -- continuous Infrafirstructure First //Kris buytaert
DevOps Days Kyiv 2019 -- continuous Infrafirstructure First //Kris buytaert
 
Deploying your SaaS stack OnPrem
Deploying your SaaS stack OnPremDeploying your SaaS stack OnPrem
Deploying your SaaS stack OnPrem
 
OSDC 2015: Kris Buytaert | From ConfigManagementSucks to ConfigManagementLove
OSDC 2015: Kris Buytaert | From ConfigManagementSucks to ConfigManagementLoveOSDC 2015: Kris Buytaert | From ConfigManagementSucks to ConfigManagementLove
OSDC 2015: Kris Buytaert | From ConfigManagementSucks to ConfigManagementLove
 
Repositories as Code
Repositories as CodeRepositories as Code
Repositories as Code
 
Building and Deploying MediaSalsa, a drupal-based DAM as a Service
Building and Deploying MediaSalsa, a drupal-based DAM as a ServiceBuilding and Deploying MediaSalsa, a drupal-based DAM as a Service
Building and Deploying MediaSalsa, a drupal-based DAM as a Service
 
Cloud Needs Devops
Cloud Needs DevopsCloud Needs Devops
Cloud Needs Devops
 
Open Source Monitoring in 2019
Open Source Monitoring in 2019 Open Source Monitoring in 2019
Open Source Monitoring in 2019
 
Future of Sysadmin 2014
Future of Sysadmin 2014Future of Sysadmin 2014
Future of Sysadmin 2014
 
Can we fix dev-oops ?
Can we fix dev-oops ?Can we fix dev-oops ?
Can we fix dev-oops ?
 
Devops at Startup Weekend BXL
Devops at Startup Weekend BXLDevops at Startup Weekend BXL
Devops at Startup Weekend BXL
 

More from Kris Buytaert

More from Kris Buytaert (17)

Years of (not) learning , from devops to devoops
Years of (not) learning , from devops to devoopsYears of (not) learning , from devops to devoops
Years of (not) learning , from devops to devoops
 
Observability will not fix your Broken Monitoring ,Ignite
Observability will not fix your Broken Monitoring ,IgniteObservability will not fix your Broken Monitoring ,Ignite
Observability will not fix your Broken Monitoring ,Ignite
 
Infrastructure as Code Patterns
Infrastructure as Code PatternsInfrastructure as Code Patterns
Infrastructure as Code Patterns
 
From devoops to devops 13 years of (not) learning
From devoops to devops 13 years of (not) learningFrom devoops to devops 13 years of (not) learning
From devoops to devops 13 years of (not) learning
 
Pipeline all the Dashboards as Code
Pipeline all the Dashboards as CodePipeline all the Dashboards as Code
Pipeline all the Dashboards as Code
 
Help , My Datacenter is on fire
Help , My Datacenter is on fireHelp , My Datacenter is on fire
Help , My Datacenter is on fire
 
GitOps , done Right
GitOps , done RightGitOps , done Right
GitOps , done Right
 
Devops is Dead, Long live Devops
Devops is Dead, Long live DevopsDevops is Dead, Long live Devops
Devops is Dead, Long live Devops
 
10 years of #devopsdays, but what have we really learned ?
10 years of #devopsdays, but what have we really learned ? 10 years of #devopsdays, but what have we really learned ?
10 years of #devopsdays, but what have we really learned ?
 
Continuous Infrastructure First
Continuous Infrastructure FirstContinuous Infrastructure First
Continuous Infrastructure First
 
Is there a Future for devops ?
Is there a Future for devops ? Is there a Future for devops ?
Is there a Future for devops ?
 
10 Years of #devopsdays weirdness
10 Years of #devopsdays weirdness10 Years of #devopsdays weirdness
10 Years of #devopsdays weirdness
 
ADDO 2019: Looking back at over 10 years of Devops
ADDO 2019: Looking back at over 10 years of DevopsADDO 2019: Looking back at over 10 years of Devops
ADDO 2019: Looking back at over 10 years of Devops
 
Migrating to Puppet 5
Migrating to Puppet 5Migrating to Puppet 5
Migrating to Puppet 5
 
Looking back at 5 years of #cfgmgmtcamp
Looking back at 5 years of #cfgmgmtcampLooking back at 5 years of #cfgmgmtcamp
Looking back at 5 years of #cfgmgmtcamp
 
Looking back at 7.5 years of Devopsdays , DOd PDX
Looking back at 7.5 years of Devopsdays , DOd PDXLooking back at 7.5 years of Devopsdays , DOd PDX
Looking back at 7.5 years of Devopsdays , DOd PDX
 
Devopsdays Amsterdam 2017 Keynote, looking back at 5 years of AMS
Devopsdays Amsterdam 2017 Keynote, looking back at 5 years of AMSDevopsdays Amsterdam 2017 Keynote, looking back at 5 years of AMS
Devopsdays Amsterdam 2017 Keynote, looking back at 5 years of AMS
 

Recently uploaded

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

On the Importance of Infrastructure as Code

  • 2. Kris BuytaertKris Buytaert● I used to be a Dev,I used to be a Dev, ● Then Became an OpThen Became an Op ● Chief Trolling Officer and Open SourceChief Trolling Officer and Open Source Consultant @Consultant @inuits.euinuits.eu ● Everything is an effing DNS ProblemEverything is an effing DNS Problem ● Building Clouds since before the bookstoreBuilding Clouds since before the bookstore ● Some books, some papers, some blogsSome books, some papers, some blogs ● Evangelizing devopsEvangelizing devops ● Organiser of #devopsdays, #cfgmgmtcamp,Organiser of #devopsdays, #cfgmgmtcamp, #loadays, ….#loadays, …. ● Part of the travelling geek circusPart of the travelling geek circus
  • 3. What's this devopsWhat's this devops thing anyhow ?thing anyhow ?
  • 4. C(L)AMSC(L)AMS ● CultureCulture ● (Lean)(Lean) ● AutomationAutomation ● MeasurementMeasurement ● SharingSharing Damon Edwards and John WillisDamon Edwards and John Willis Gene KimGene Kim
  • 5. Why automate ?Why automate ?
  • 6. Common ProblemsCommon Problems ● Many manual changes to systems ● Many undocumented changes ● Emergency Administration only ● Disaster Recovery site is a Disaster ● Time to deliver a box is to slow ● All boxen are different ● Computers don’t work hard enough for us
  • 7. More ProblemsMore Problems ● How long does it take to reinstall a machine from 0 ● To the exact same point as before ? ● With different Hardware ? In a different cloud ? ● What about your (customer/personal data )
  • 8. Security ?Security ? ● Monitoring that your platform hasn't changed.Monitoring that your platform hasn't changed. • Why is selinux disabled ?Why is selinux disabled ? • Who added / dropped that firewall ?Who added / dropped that firewall ? • What did this originally look like ?What did this originally look like ? • Is this file really what Bernd meant it to be ?Is this file really what Bernd meant it to be ?
  • 9. #monitoringsucks#monitoringsucks ● Monitoring is out of sync with realityMonitoring is out of sync with reality ● Managed manuallyManaged manually ● Can't keep up..Can't keep up..
  • 10. Do you want to ?Do you want to ? ● Install these racks manuallyInstall these racks manually ● Over and over again ?Over and over again ? ● And can you guarantee that installs areAnd can you guarantee that installs are identical ?identical ? ● ““No simple admin taks is fun more thanNo simple admin taks is fun more than twice”twice” ● s/twice/once/g;s/twice/once/g; ● Repeating installs are boring and prone toRepeating installs are boring and prone to errorserrors ● Each installation is unintentionally UniqueEach installation is unintentionally Unique ● Manual installs DO NOT scaleManual installs DO NOT scale
  • 11. ChallengesChallenges ● ReproducabilityReproducability ● SpeedSpeed ● AuditingAuditing ● Keeping stuff in syncKeeping stuff in sync • MonitoringMonitoring • SecuritySecurity • BackupBackup
  • 12. The 10The 10thth floor testfloor test ● Grab a random machine (don’t take a backup before) ● Throw it out a 10th floor window ● Can you recover it in 10 minutes ?
  • 13. Facts!Facts! ● Data Backup is only a part ● Sysadmin backup needs to be done also ● Manual Installations = bad ● Bad installations = unusable infrastructure ● Bad installations = unproductive users ● Bad installations = manual efforts ● Manual efforts = no time ● No time = no updates no patches no security ● Manual work = high costs
  • 14. Deploying an InfrastructureDeploying an Infrastructure ● 1996 : Manual Installations1996 : Manual Installations ● 2001 : Mondo rescue2001 : Mondo rescue (reproducable single instances)(reproducable single instances) ● 2003 : SystemImager2003 : SystemImager • Reproducable Infrastructure , withReproducable Infrastructure , with “OVERRIDES”“OVERRIDES” • Fast Multicast Image deploymentsFast Multicast Image deployments • Image Sprawl (thank you VMware)Image Sprawl (thank you VMware)
  • 15. Deploying an InfrastructureDeploying an Infrastructure ● 1996 : Manual Installations1996 : Manual Installations ● 2001 : Mondo rescue2001 : Mondo rescue ● 2003 : SystemImager2003 : SystemImager ● 2005 :2005 : Kickstart / FAIKickstart / FAI • Dreaming of Jeos + IAC (Cfengine)Dreaming of Jeos + IAC (Cfengine)
  • 16. Deploying an InfrastructureDeploying an Infrastructure ● 1996 : Manual Installations1996 : Manual Installations ● 2001 : Mondo rescue2001 : Mondo rescue ● 2003 : SystemImager2003 : SystemImager ● 2005 : Dreaming of Jeos + IAC2005 : Dreaming of Jeos + IAC ● 2008 : Actual JeOS + IAC2008 : Actual JeOS + IAC ● 2010 : Vagrant for development2010 : Vagrant for development
  • 17. Imagesprawl ANDImagesprawl AND SnowflakesSnowflakes ● Image Sparwl :Image Sparwl : • Copy vm 3xCopy vm 3x • Modify 2xModify 2x • Copy 21xCopy 21x • How the Heck did we get here ?How the Heck did we get here ? ● SnowFlakes :SnowFlakes : • Don't touch this box it might breakDon't touch this box it might break • Look how nice it is !Look how nice it is !
  • 18. You never deployYou never deploy something “just” oncesomething “just” once ● Local test … experiment,Local test … experiment, • Vagrant box / local containersVagrant box / local containers ● Integration PlatformIntegration Platform • Same codebase,, different environmentSame codebase,, different environment ● Dev/ UAT/ Prod / DR …Dev/ UAT/ Prod / DR … ● Or your customer just forgot to renew the leaseOr your customer just forgot to renew the lease on his VPS. #toldyousoon his VPS. #toldyouso
  • 19. What's different in the cloud ?What's different in the cloud ? ● ScaleScale ● VelocityVelocity ● ChangeChange
  • 20. Your machines as CattleYour machines as Cattle
  • 21. Treat your people as petsTreat your people as pets
  • 22. Configuration MgmtConfiguration Mgmt ● Configure 1000 nodes,Configure 1000 nodes, ● Modify 15000 files,Modify 15000 files, ● Think :Think : •Cfengine,Puppet, Chef, SaltCfengine,Puppet, Chef, Salt ● Put configs under version controlPut configs under version control ● Please don't roll your own ...Please don't roll your own ...
  • 23. Infrastructure as CodeInfrastructure as Code ● Treat configuration automation as codeTreat configuration automation as code ● Development best practicesDevelopment best practices • Model your infrastructureModel your infrastructure • Version your cookbooks / manifestsVersion your cookbooks / manifests • Test your cookbooks/ manifestsTest your cookbooks/ manifests • Dev/ test /uat / prod for your infraDev/ test /uat / prod for your infra ● Model your infrastructureModel your infrastructure ● A working service = automated ( Application Code + InfrastructureA working service = automated ( Application Code + Infrastructure Code + Security + Monitoring )Code + Security + Monitoring ) ● IAC -ne scripting (or translating bash to yaml)IAC -ne scripting (or translating bash to yaml)
  • 24. IAC Is a TestingIAC Is a Testing RequirementRequirement ● Stable reproducable starting pointStable reproducable starting point
  • 25. AuditabilityAuditability ● git loggit log ● git blamegit blame ● Review,Review, ● authorizationauthorization
  • 27. Fixing Monitoring FatigueFixing Monitoring Fatigue
  • 29. Collection and ExportCollection and Export Export :Export : @@resource {@@resource { ... }... } Collect:Collect: Resource <<| query |Resource <<| query | >>>> Clean out nodes that dissapearClean out nodes that dissapear puppet node cleanpuppet node clean
  • 30. Use Cases:Use Cases: ● Ssh keysSsh keys ● Reverse proxy configsReverse proxy configs ● Monitoring resourcesMonitoring resources ● Measuring resourcesMeasuring resources
  • 32. Defining a ServiceDefining a Service ● profile that :profile that : • Configures service using a standardConfigures service using a standard module call with hiera based parametersmodule call with hiera based parameters • Configures BackupConfigures Backup • Configures logrotationConfigures logrotation • Configures logshippingConfigures logshipping • Exports Monitoring NeedsExports Monitoring Needs
  • 33. Chronicle of a failedChronicle of a failed private cloudprivate cloud● Tool X provisions a VMTool X provisions a VM • 3 weeks from the request / can only be done by 1 team3 weeks from the request / can only be done by 1 team ● Tool Y installs patchesTool Y installs patches • 2 weeks2 weeks ● Team Z installs backupTeam Z installs backup • 1 day1 day ● Team A installs monitoringTeam A installs monitoring • 3 weeks3 weeks ● AppApp • Manual deploy on wrong JVM, return to senderManual deploy on wrong JVM, return to sender
  • 34. Application IncludedApplication Included ● Application =Application = • PackagePackage • ConfigConfig • ServiceService ● No manual scriptingNo manual scripting ● Think about your bootstrapping / scaleoutThink about your bootstrapping / scaleout
  • 35. Automation ofAutomation of #monitoring#monitoring brought backbrought back thethe #love#love
  • 36. ConclusionConclusion ● IAC solves a lot of problemsIAC solves a lot of problems • Improves SecurityImproves Security • Creates Monitoring LoveCreates Monitoring Love • Creates SpeedCreates Speed ● But it still is code, and needs to be treated likeBut it still is code, and needs to be treated like code !code !
  • 37. ContactContact Kris BuytaertKris Buytaert Kris.Buytaert@inuits.beKris.Buytaert@inuits.be Further ReadingFurther Reading @krisbuytaert@krisbuytaert http://www.krisbuytaert.be/blog/http://www.krisbuytaert.be/blog/ http://www.inuits.be/http://www.inuits.be/ InuitsInuits Essensteenweg 31Essensteenweg 31 BrasschaatBrasschaat BelgiumBelgium 891.514.231891.514.231 +32 475 961221+32 475 961221