Blasting Through the Clouds - Automating Cloud Foundry with Concourse CI

Blasting Through the Clouds
Automating Cloud Foundry with Concourse CI
Photo by Emiel Molenaar on Unsplash

About me
Fabian Keller
Software Engineer
Woodworker
@_fabiankeller
www.fabian-keller.de

PCF Releases
Sep‘18 Oct‘18 Nov‘18 Dec‘18 Jan‘19 Feb‘19 Mar‘19 Apr‘19 May‘19
Maintenance Release
Security Release
PCF AS
Stemcell
2.3
PCF AS
Stemcell
2.4
PCF AS
Stemcell
2.5
2019-05-22 / CF Meetup Stuttgart / Fabian Keller 3

Then add environments…
Bleeding Edge
Developers
Upgrade Test
Operators
Sandbox
Operators
Development
Developers Testing
Developers Production
Developers

Help!
We need to automate this...
Photo by Alex Knight on Unsplash

Concourse
An open-source
continuous thing-doer

Why Concourse?
And not [Jenkins | Bamboo | …]
• Automate everything!
• Controlled and reproducible builds
• Easy mechanics à Containers
• Automation as Code
• Shiny UI (and CLI)

Tasks
The basic mechanics of Concourse
---
platform: linux
image_resource:
type: docker-image
source: {repository: busybox}
run:
path: echo
args: ["Hello CF Meetup!"]

Tasks == Functions

Task Inputs / Outputs
Parameters and return values
---
platform: linux
image_resource:
type: docker-image
source: {repository: ubuntu}
inputs:
- name: name
outputs:
- name: greeting
run:
path: bash
args:
- -c
- |
echo "Hello $(cat ./name/*)!" > ./greeting/greeting.txt

Resources
Concourse can process any resource
• Check resources for new versions
• Pull resources at specific versions
• Push resources to create new
versions
• Default resource types available: git,
s3, time, semver, docker-image, …
resources:
- name: project
type: git
source:
uri: ssh://git@gitlab.com/my/repo.git
branch: master
- name: cache
type: s3
source:
access_key_id: ((s3_access_key_id))
secret_access_key: ((s3_secret_key))
endpoint: ((s3_endpoint))
region_name: ((s3_region))
bucket: ((s3_bucket))

Connecting Tasks
Pipelines connect resources with tasks…

Connecting Tasks
… in a simple YAML file
# install-pcf-pipeline.yml
resoures:
- name: pcf-pipelines
type: git
source:
# ...
jobs:
- name: create-infrastructure
plan:
- aggregate:
- get: pcf-pipelines
- get: terraform-state
- task: find-ami
# ...
- task: create-infrastructure
file: pcf-pipelines/tasks/create-infra/task.yml
# ...

Handling Secrets
• Secrets are passed to tasks as
parameters
• Concourse fetches secrets from
external credentials manager (Vault /
Credhub)
• No secrets in pipeline/task
definitions
# deploy-to-aws-pipeline.yml
jobs:
- name: create-infrastructure
plan:
- task: deploy-on-aws
config:
params:
AWS_ACCESS_KEY: ((aws-access-key))
AWS_SECRET_KEY: ((aws-secret-key))
AWS_REGION: ((aws-region))

pcf-pipelines
A collection of pipelines for installing and upgrading PCF

pcf-pipelines
Tile upgrade pipeline
Well, that was easy!
Maybe too easy?

pcf-pipelines
Ready-made tasks
PCF Installation
• config-ert
• config-opsman
• configure-ert
• configure-product
• create-initial-terraform-state
• delete-vm
Tile Upgrades
• disable-errands
• toggle-errands
• download-boshio-stemcells
• download-custom-stemcells-from-s3
• download-pivnet-stemcells
• delete-unused-products
• stage-and-apply-updates
• stage-product
• upload-product-and-stemcell
• wait-opsman-clear
• apply-changes
OpsManager Upgrade
• deploy-opsman-vm
• export-opsmgr-settings
• import-opsmgr-settings
• replace-vm

pcf-pipelines
Is deprecated unfortunately

PCF Automation pcf-pipelines
• Currently in beta: http://docs.pivotal.io/platform-automation/
• No reference pipeline for tile upgrades so far
• Improved tasks:
upload-product-and-stemcell
upload-and-stage-product
upload-product
upload-stemcell
assign-stemcell

CONCOURSE GOOD PRACTICE #1
Build reusable tasks
… and combine them to tailored pipelines

What do we
really need?
A tool operators want to
work with every day!
Photo by Todd Quackenbush on Unsplash

How to upgrade CF
Upload product, stage product, apply changes.
IaaS
Operations
Manager
Concourse
Operations
Manager
Cloud
Foundry
Application
Service
Isolation
Segment
One
MySQL for
PCF
Isolation
Segment
Two

We need environment support
Bleeding Edge
Upgrade Test
Sandbox
Development Testing Production
Operations
Manager
Cloud
Foundry
Application
Service
Isolation
Segment
One
MySQL for
PCF
Isolation
Segment
Two
Isolation
Segment
Three
RabbitMQ
for PCF
Operations
Manager
Cloud
Foundry
Application
Service
Isolation
Segment
One
MySQL for
PCF
Isolation
Segment
Two
Operations
Manager
Cloud
Foundry
Application
Service
Isolation
Segment
One
MySQL for
PCF
Isolation
Segment
Two
Operations
Manager
Cloud
Foundry
Application
Service
Isolation
Segment
One
MySQL for
PCF
Isolation
Segment
Two
Operations
Manager
Cloud
Foundry
Application
Service
Isolation
Segment
One
MySQL for
PCF
Isolation
Segment
Two
Operations
Manager
Cloud
Foundry
Application
Service
Isolation
Segment
One
MySQL for
PCF
Isolation
Segment
Two
New Relic
RabbitMQ
for PCF

We need offline support
Well, we‘re in Germany after all
Concourse
Pivotal
Network
PCF
DMZ
Download
Concourse
Pivotal
Network
S3
Upgrade
Concourse
PCF

What do we really need?
• Multi-environment
• Offline Cloud Foundry à Offline Pipelines
• Stemcells?!
• Really bleeding edge?
• Organizational Constraints

Let‘s build it
And the journey begins...
6
Photo by Will Suddreth on Unsplash

S3 Layout
The shared data of our automation setup
• Upload: Upload .pivotal tiles once
• Info: Extract required metadata and
store it for each version
• Installed: Copy the .pivotal tiles to
each environment folder when
deploying
├── upload
│ ├── cf
│ │ ├── cf-2.4.1.pivotal
│ │ └── cf-2.4.2.pivotal
│ └── p-isolation-segment
│ └── p-iso-2.4.1.pivotal
├── info
│ ├── cf
│ │ ├── 2.4.1.yml
│ │ └── 2.4.2.yml
│ └── 2.4.1.yml
└── installed
├── dev
│ ├── cf
│ │ ├── cf-2.4.1.pivotal
│ └── p-iso-2.4.1.pivotal
└── prod

Triggering Deployments
Making it simple to deploy the correct version
Operations
Manager
CF
Application
Service
2.4.1
Isolation
Segment
One
2.4.1
MySQL for
PCF
1.9.6
Isolation
Segment
Two
2.4.1
Operations
Manager
CF
Application
Service
2.4.3
Isolation
Segment
One
2.4.3
MySQL for
PCF
1.9.8
Isolation
Segment
Two
2.4.3
cf: 2.4.1
p-isoseg-one: 2.4.1
p-isoseg-two: 2.4.1
p-mysql: 1.9.6
cf: 2.4.3
p-isoseg-one: 2.4.3
p-isoseg-two: 2.4.3
p-mysql: 1.9.8
dev.yml dev.yml

CONCOURSE GOOD PRACTICE #2
Operator Experience (OX)
… making it fun and safe to use all the tools

Multi-product Upgrade Pipeline
One pipeline to upgrade a whole foundation

We have built some tasks
Tailoring the tasks that pcf-pipelines provides
Preparation Pipeline
• extract-product-info
• create-isolation-segment
Update Pipeline
• validate-versions
• product-setup
• upload-stemcell
• upload-product
• stage-product
• apply-changes

pcfup
We haven‘t open-sourced the tasks, but they are heavily using pcfup

Demo Time!
Photo by SpaceX on Unsplash

Buildpack Pipelines
Building from source and distributing accross environments

Challenges
There is still a lot to do
• Concourse resource versions
• Run pipeline with Version X not possible
• Triggers work only good with latest version
• Pipeline Complexity
• Complex tasks are harder to maintain
• At times difficult to oversee all moving parts

Thank you! Questions?
@_fabiankeller
Also check out:
https://blog.mimacom.com/tag/cloud-foundry/

Blasting Through the Clouds - Automating Cloud Foundry with Concourse CI

More Related Content

What's hot (20)

Similar to Blasting Through the Clouds - Automating Cloud Foundry with Concourse CI (20)

More from Fabian Keller (7)

Recently uploaded (20)

Blasting Through the Clouds - Automating Cloud Foundry with Concourse CI