Infrastructure as code
1 like315 views
Safespring has moved from a first generation infrastructure as code approach using Puppet for centralized configuration management to a second generation approach. The new approach uses Smie to build artifacts from templates, Naust to store and version artifacts, and Seter to describe deployment of artifacts to heterogeneous targets including physical, virtual, and container environments. This distributed architecture allows faster updates, lower barriers to change, and easier reproducibility of systems.
Infrastructure as code
- 1. www.safespring.com Anders Bruvik Infrastructure engineer at Safespring Infrastructure as Code 2019-04-01 @bruvik
- 2. Infrastructure The basic physical and organizational structures and facilities (e.g. buildings, roads, power supplies) needed for the operation of a society or enterprise.
- 3. DASHBOARD Horizon THE INTERNET OpenStack Overview Access Control Function BLOCK STORAGE Cinder IDENTITY Keystone IMAGE Glance NETWORKING Neutron OBJECT STORAGE Ceph COMPUTING Nova
- 5. Devops
- 6. What is NOT Devops? ● A tool ● A role ● A job description ● A team
- 7. CAMS ● Culture ● Automation ● Measurement ● Sharing
- 8. DEVOPS A culture where people, regardless of title or background, work together to imagine, develop, deploy and operate a system – Ken Mugrage
- 9. Automation
- 10. Why? ● Faster to production ● Lower risk of human errors ● Spending more time on valuable tasks ● Support change ● Quicker recovery from failures ● Self documenting ● Continuous improvements
- 12. First generation Infrastructure as Code – Puppet ● Puppet Master holds all facts in Puppet DB ● All machines must have Puppet master access ● IPtables, DNS names, certificates generated from Puppet Master ● Facts describing node type (compute, storage or control) in Puppet DB ● Optimized for fleet management (large group homogenous nodes) ● If you do not know exact state of the node Puppet can help you streamline all nodes
- 13. Monolithic stacks… …are not inherently bad — in fact, they are often the best choice for an organization early in a product life cycle.
- 14. Operators working with code When doing a change the operator must find out how to reach the goal of the operation without unwanted side effects Puppet - Workflow Repo/DB Target: all servers
- 15. First generation Infrastructure as Code – Problems ● Configuration drift – machines out of sync ● Hard to make small changes ● Puppet is declarative and not imperative - in which order will the commands be run? ● Hard to bootstrap new sites since there are some circular dependencies
- 16. Breaking up the monolith As systems grow – a monolithic stack become an antipattern
- 17. Antifragile ● Systems that grow stronger during testing. ● The default response to incidents is improvement. ● Minimizing the number of changes will not make a system more robust.
- 18. Safespring DevOps- Architecture VirtualPhysical ContainerBinary
- 19. Second generation Infrastructure as Code – Workflow What is needed? ● A mechanism to build (Smie - Forge). ● A place to store artefacts - could be image, container or binary (Naust - boat house) ● Mechanism for deployment (Seter - settlement) that could describe different runtime environments
- 20. Second generation Infrastructure as Code – Smie What is Smie? ● Wrapper around Packer (Hashicorp) ● Produces artefacts ● All artefacts can be built separately ● Role: service, endpoint or component
- 21. Second generation Infrastructure as Code – Naust What is Naust? ● Both source and destination for Smie (cut dependencies to Internet repos) ● Full control over everything built for production ● Protocols: ○ HTTPS/file, S3, Docker Registry ● Protocols depend on target systems ● Everything built get an URI with metadata (type, version, date)
- 22. Second generation Infrastructure as Code – Seter What is Seter? ● Provisioning mechanism ● Wrapper around Ansible and Terraform ● Describes a set of artefacts needed to get a component running ● Also describes target: Physical node, virtual node or container System art 2 Physical art 1 Virtual Container art 1
- 23. Immutable infrastructure ● Changes done at templating stage ● New deployment preferred over change at host ● Easier to implement testing ● Simpler configuration management tooling
- 24. ● Ceph Object Storage backend needs a set of OSD and RadosGW role images ● Træfik as load balancer – role reused across different stacks Ceph Træfik Physical OSD Container Radosgw Virtual Example
- 25. ● Key/Value lookups against pluggable data stores ● Allows defining global values, and override at different levels of a hierarchy ● Open source project – Contributions from Safespring
- 26. Pipelines Continuous delivery is the ability to get changes of all types - including new features, configuration changes, bug fixes and experiments - into production, or into the hands of users, safely and quickly in a sustainable way. — Jez Humble
- 27. UNIT tests Functional tests Staging environment Deploy Production Security tests Compliance tests
- 29. Second generation Infrastructure as Code – Advantages ● Update systems faster ● Lower barrier to changes ● Reproduce systems as needed ● Build everything with as few dependencies as possible ● Add or change easily ● Target the affected nodes easily ● Verify that software works as intended ● Scales better with many operators
- 30. Testing ● It’s difficult to write automated tests for an existing, legacy system ● Restructuring a systems design in a way that facilitates independently testing components ● Test in production!
- 31. 1. generation IaC versus 2. generation IaC Homogenous targets Heterogenous targets
- 33. Know-how Technical expertise Domain expertiseSubject expertise
- 34. Technical Expertise Safespring core competency User Business Technology
- 35. Closing words 1. Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based solution 3. Safespring offers Private Cloud solution for best practices solution in-house