Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to Infrastructure as Code & Automa...

Introduction to Infrastructure as Code & Automation / Introduction to Chef

Your customers expect you to continuously deliver delightful experiences. This means that you'll need to continuously deliver application and infrastructure updates. Hand-crafted servers lovingly built and maintained by a system administrator are a thing of the past. Golden images are fine for initial provisioning but will quickly fail as your configuration requirements change over time.

It's time for you to fully automate the provisioning and management of your infrastructure components. Welcome to the world of infrastructure as code! In this new world, you'll be able to programmatically provision and configure the components of your infrastructure.

Disposable infrastructure whose provisioning, configuration, and on-going maintenance is fully automated allow you to change the way you build and deliver applications. Move your applications and infrastructure towards continuous delivery.

In this talk, we'll explore the ideas behind "infrastructure as code" and, specifically, look at how Chef allows you to fully automate your infrastructure. If you're brave enough, we'll even let you get your hands on some Chef and experience the delight of using Chef to build and deploy some infrastructure components.

Nathen Harvey

April 03, 2014
Tweet

More Decks by Nathen Harvey

Other Decks in Technology

Transcript

  1. Introduction to Infrastructure as Code & Automation / Introduction to

    Chef 1 Nathen Harvey @nathenharvey [email protected] github.com/nathenharvey
  2. Nathen Harvey • Director, Community and #learnchef • Co-host of

    the Food Fight Show Podcast • Meetup Organizer • DevOpsDC • @nathenharvey • [email protected]
  3. Who are you? • Were you in Isaac’s talk? •

    Were you in my talk yesterday? 4
  4. Who are you? • Which version control system do you

    use? •cp foo foo.bak •cp foo{,.`date +%Y%m%d%H%M`} 12
  5. Who are you? • Which version control system do you

    use? •cp foo foo.bak •cp foo{,.`date +%Y%m%d%H%M`-`$USER`} 13
  6. Managing Complexity 17 • SSH, make with the typey typey

    • Keep notes in ~/server.txt • Move notes to the wiki
  7. Managing Complexity 18 • SSH, make with the typey typey

    • Keep notes in ~/server.txt • Move notes to the wiki • Custom scripts (setup.sh)
  8. Managing Complexity 19 • SSH, make with the typey typey

    • Keep notes in ~/server.txt • Move notes to the wiki • Custom scripts (setup.sh) • Golden Images
  9. Golden Images are not the answer • Gold is heavy

    • Hard to transport • Hard to mold • Easy to lose configuration detail http://www.flickr.com/photos/garysoup/2977173063/
  10. New Compliance Mandate! 22 Jboss App Memcache Postgres Slaves Postgres

    Master Nagios Graphite • Move SSH off port 22 • Lets put it on 2022
  11. 6 Golden Image Updates 23 Jboss App Memcache Postgres Slaves

    Postgres Master Nagios Graphite • edit /etc/ssh/sshd_config 1 2 3 4 5 6
  12. 12 Instance Replacements 24 Jboss App Memcache Postgres Slaves Postgres

    Master Nagios Graphite • Delete, launch 1 2 3 4 5 6 7 8 9 10 11 12 • Repeat • Typically manually
  13. Done in Maintenance Windows 25 • Don’t break anything! •

    Bob just got fired =( 5 Jboss App Memcache Postgres Slaves Postgres Master Nagios Graphite 1 2 4 5 6 7 8 9 10 11 12 3
  14. Managing Complexity 27 • SSH, make with the typey typey

    • Keep notes in ~/server.txt • Move notes to the wiki • Custom scripts (setup.sh) • Golden Images • Policy-driven configuration management
  15. Policies 28 • Declarations about the state of thing in

    a system • applied repeatedly and repair the system when needed • often change
  16. Repeatable Operations • Idempotent • can be applied an infinite

    number of times and yield the same result every time • Convergent • test state and repair if needed 29
  17. Following Policy • A control loop keeps the system stable

    and allows for change when policy is updated 32
  18. What is Chef? • Open source framework for managing complexity

    • Infrastructure as code • a domain-specific language (DSL) for describing convergent operations • A community of professionals • A company 34
  19. How does Chef work? • Ensure desired state by continually

    testing and repairing individual resources in the system • Compose policies using a series of abstractions 35
  20. Desired Configuration Node Chef Server chef-client What policy should I

    follow? "recipe[ntp::client]" "recipe[users]" "role[webserver]" 37
  21. Desired Configuration Chef Server chef-client What policy should I follow?

    "recipe[ntp::client]" "recipe[users]" "role[webserver]" 38
  22. Recipes package "apache2" template "/etc/apache2/apache2.conf" do source "apache2.conf.erb" owner "root"

    group "root" mode "0644" variables(:allow_override => "All") notifies :reload, "service[apache2]" end 41 resource one resource two
  23. Recipes package "apache2" template "/etc/apache2/apache2.conf" do source "apache2.conf.erb" owner "root"

    group "root" mode "0644" variables(:allow_override => "All") notifies :reload, "service[apache2]" end service "apache2" do action [:enable,:start] supports :reload => true end 42 resource one resource two resource three
  24. Built-in Resources • package • template • service • cron

    • directory • mount • user • group • registry_key • remote_directory • route • ...and many more! 46
  25. Managing Complexity • Organizations • Environments • Roles • Nodes

    • Recipes • Cookbooks • Search • Data 48
  26. Search • Search for nodes with Roles • Find Topology

    Data • IP addresses • Hostnames • FQDNs http://www.flickr.com/photos/kathycsus/2686772625 54
  27. Search for Nodes pool_members = search("node","role:webserver") template "/etc/haproxy/haproxy.cfg" do source

    "haproxy-app_lb.cfg.erb" owner "root" group "root" mode 0644 variables :pool_members => pool_members.uniq notifies :restart, "service[haproxy]" end 55
  28. Search for Nodes pool_members = search("node","role:webserver") template "/etc/haproxy/haproxy.cfg" do source

    "haproxy-app_lb.cfg.erb" owner "root" group "root" mode 0644 variables :pool_members => pool_members.uniq notifies :restart, "service[haproxy]" end 56
  29. Pass results into Templates # Set up application listeners here.

    listen application 0.0.0.0:80 balance roundrobin <% @pool_members.each do |member| -%> server <%= member[:hostname] %> <%= member[:ipaddress] %>:> weight 1 maxconn 1 check <% end -%> <% if node["haproxy"]["enable_admin"] -%> listen admin 0.0.0.0:22002 mode http stats uri / <% end -%> 57
  30. Pass results into Templates # Set up application listeners here.

    listen application 0.0.0.0:80 balance roundrobin <% @pool_members.each do |member| -%> server <%= member[:hostname] %> <%= member[:ipaddress] %>:> weight 1 maxconn 1 check <% end -%> <% if node["haproxy"]["enable_admin"] -%> listen admin 0.0.0.0:22002 mode http stats uri / <% end -%> 58
  31. # Set up application listeners here. listen application 0.0.0.0:80 balance

    roundrobin <% @pool_members.each do |member| -%> server <%= member[:hostname] %> <%= member[:ipaddress] %>:> weight 1 maxconn 1 check <% end -%> <% if node["haproxy"]["enable_admin"] -%> listen admin 0.0.0.0:22002 mode http stats uri / <% end -%> Pass results into Templates 59
  32. Memcache Postgres Slaves Postgres Master Nagios Graphite Jboss App Memcache

    Postgres Slaves Postgres Master Nagios Graphite ...this can happen automatically 62
  33. Nagios Graphite Nagios Graphite Memcache Postgres Slaves • Load balancer

    config • Nagios host ping • Nagios host ssh • Nagios host HTTP • Nagios host app health • Graphite CPU • Graphite Memory • Graphite Disk • Graphite SNMP • Memcache firewall • Postgres firewall • Postgres authZ config • 12+ resource changes for 1 node addition Count the Resources Jboss App 63
  34. Build Anything • Simple internal applications • Complex external applications

    • Workstations • Hadoop clusters • IaaS infrastructure • PaaS infrastructure • SaaS applications • Storage systems • You name it 64 http://www.flickr.com/photos/hyku/245010680/
  35. And Manage it Simply • Automatically reconfigure everything • Linux,

    Windows, Unixes, BSDs • Load balancers • Metrics collection systems • Monitoring systems • Cloud migrations become trivial • 65 http://www.flickr.com/photos/helico/404640681/
  36. Community • Apache 2.0 Licensed • 1500+ Individual Contributors •

    200+ Corporate Contributors • 1500+ Cookbooks 67