Infrastructure as Code - Speaker Deck

Slide 1

Slide 1 text

www.ﬂickr.com/photos/mugley/5013931959/ Infrastructure as Code Cloud East 28th June 2012 gareth rushgrove | morethanseven.net

Slide 2

Slide 2 text

Slide 3

Slide 3 text

Gareth Rushgrove gareth rushgrove | morethanseven.net

Slide 4

Slide 4 text

Blog at morethanseven.net gareth rushgrove | morethanseven.net

Slide 5

Slide 5 text

Curate devopsweekly.com gareth rushgrove | morethanseven.net

Slide 6

Slide 6 text

Work at UK Government Digital Service Text gareth rushgrove | morethanseven.net

Slide 7

Slide 7 text

Serious Government Business gareth rushgrove | morethanseven.net

Slide 8

Slide 8 text

http://www.ﬂickr.com/photos/iancarroll/5027441664 Deﬁnitions (What we mean by...)

Slide 9

Slide 9 text

gareth rushgrove | morethanseven.net Infrastructure in·fra·struc·ture /ˈinfrəˌstrəkCHər/ An underlying base or foundation especially for an organisation or system.

Slide 10

Slide 10 text

gareth rushgrove | morethanseven.net Infrastructure

Slide 11

Slide 11 text

gareth rushgrove | morethanseven.net Code code /kōd/ A system of symbols and rules used to represent instructions to a computer; a computer program.

Slide 12

Slide 12 text

gareth rushgrove | morethanseven.net Code

Slide 13

Slide 13 text

http://www.ﬂickr.com/photos/iancarroll/5027441664 Not as code (What lots of people do now)

Slide 14

Slide 14 text

gareth rushgrove | morethanseven.net Manual www.ﬂickr.com/photos/swisscan/4860653795

Slide 15

Slide 15 text

gareth rushgrove | morethanseven.net Often error prone www.ﬂickr.com/photos/almondbutterscotch/6160016599

Slide 16

Slide 16 text

gareth rushgrove | morethanseven.net Slow www.ﬂickr.com/photos/swisscan/3250054769

Slide 17

Slide 17 text

gareth rushgrove | morethanseven.net Time consuming www.ﬂickr.com/photos/swisscan/1545202070

Slide 18

Slide 18 text

gareth rushgrove | morethanseven.net Process heavy www.ﬂickr.com/photos/postsumptio/5994581987

Slide 19

Slide 19 text

http://www.ﬂickr.com/photos/iancarroll/5027441664 Some Code (I know, lets write bash scripts)

Slide 20

Slide 20 text

gareth rushgrove | morethanseven.net SSH for loops #!/bin/bash NODES="webserver.example.com database.example.com" for n in $NODES do ssh $n uptime done

Slide 21

Slide 21 text

gareth rushgrove | morethanseven.net Tests, what tests? www.ﬂickr.com/photos/swisscan/2918682767

Slide 22

Slide 22 text

gareth rushgrove | morethanseven.net (Yes, I know about shUnit) #!/bin/sh testEquality() { assertEquals 1 1 } . ../src/shell/shunit2

Slide 23

Slide 23 text

gareth rushgrove | morethanseven.net Unique snow ﬂake problem www.ﬂickr.com/photos/swisscan/2264972703

Slide 24

Slide 24 text

www.ﬂickr.com/photos/swisscan/2308034084 gareth rushgrove | morethanseven.net Ignoring software engineering practices

Slide 25

Slide 25 text

http://www.ﬂickr.com/photos/iancarroll/5027441664 Conﬁguration Management (and cloud APIs)

Slide 26

Slide 26 text

gareth rushgrove | morethanseven.net Not new - 1993 CFEngine - 2003 Puppet - 2006 Amazon EC2 - 2009 Chef

Slide 27

Slide 27 text

gareth rushgrove | morethanseven.net Examples as code www.ﬂickr.com/photos/thomashawk/130601225

Slide 28

Slide 28 text

gareth rushgrove | morethanseven.net CFEngine cfengine.com

Slide 29

Slide 29 text

gareth rushgrove | morethanseven.net CFEngine code example bundle agent test { packages: redhat:: "wget" package_policy => "addupdate", package_method => yum, package_select => ">=", package_version => "1.11.4-2.el5_4.1", package_architectures => { "x86_64" }; }

Slide 30

Slide 30 text

gareth rushgrove | morethanseven.net Puppet puppetlabs.com

Slide 31

Slide 31 text

gareth rushgrove | morethanseven.net Puppet code example package { 'web-facter': ensure => latest, provider => gem, } service { 'web-facter': ensure => running, provider => upstart, require => Package['web-facter'] }

Slide 32

Slide 32 text

gareth rushgrove | morethanseven.net Chef opscode.com

Slide 33

Slide 33 text

gareth rushgrove | morethanseven.net Chef code example cookbook_file "#{home_dir}/.ssh/authorized_keys" do source "authorized_keys" mode "0600" owner username group username end group "sysadmin" do members ["garethr"] end

Slide 34

Slide 34 text

gareth rushgrove | morethanseven.net Pallet palletops.com

Slide 35

Slide 35 text

gareth rushgrove | morethanseven.net Pallet code example (use 'pallet.crate.java) (defnode webserver {} :configure (phase (java :openjdk))) (converge {webserver 10} :compute service)

Slide 36

Slide 36 text

gareth rushgrove | morethanseven.net Development tools www.ﬂickr.com/photos/swisscan/2286781443

Slide 37

Slide 37 text

gareth rushgrove | morethanseven.net Rspec-puppet require_relative '../../spec_helper' describe 'development', :type => :class do let(:facts) { { :govuk_class => "development" } } it { should create_package("nginx") } it { should_not raise_error(Puppet::ParseError) } end

Slide 38

Slide 38 text

gareth rushgrove | morethanseven.net Rspec-puppet results govuk should include Class[puppet] should include Class[cron] should not raise Puppet::ParseError puppet should contain File[/etc/puppet/puppet.conf] should schedule regular puppet updates Finished in 3.42 seconds 12 examples, 0 failures

Slide 39

Slide 39 text

gareth rushgrove | morethanseven.net Puppet lint Evaluating manifests/classes/development.pp 14:double_quoted_strings:WARNING:double quoted string containing no variables 37:arrow_alignment:WARNING:=> on line isn't properly aligned for resource

Slide 40

Slide 40 text

gareth rushgrove | morethanseven.net Geppetto Puppet IDE

Slide 41

Slide 41 text

gareth rushgrove | morethanseven.net Foodcritic for Chef

Slide 42

Slide 42 text

gareth rushgrove | morethanseven.net Metrics

Slide 43

Slide 43 text

gareth rushgrove | morethanseven.net Chef examples thanks @portertech

Slide 44

Slide 44 text

gareth rushgrove | morethanseven.net Multiple nodes www.ﬂickr.com/photos/wecand/4862594210

Slide 45

Slide 45 text

gareth rushgrove | morethanseven.net Puppet master

Slide 46

Slide 46 text

gareth rushgrove | morethanseven.net Puppet cloud provisioner puppet node_aws create \ --image ami-2d4aa444 \ --type m1.small \ --keypair puppetlabs.admin

Slide 47

Slide 47 text

gareth rushgrove | morethanseven.net Chef Server

Slide 48

Slide 48 text

knife ec2 server create \ -r "role[webserver]" \ -I ami-2d4aa444 \ --flavor m1.small gareth rushgrove | morethanseven.net Chef Knife EC2

Slide 49

Slide 49 text

{ "Description" : "Create an EC2 instance running Amazon Linux 32" "Parameters" : { "KeyPair" : { "Description" : "The EC2 Key Pair to allow SSH access", "Type" : "String" } }, "Resources" : { "Ec2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "KeyName" : { "Ref" : "KeyPair" }, "ImageId" : "ami-75g0061f" } } }, "Outputs" : { "InstanceId" : { "Description" : "The InstanceId of the created EC2 instance", "Value" : { "Ref" : "Ec2Instance" } } }, "AWSTemplateFormatVersion" : "2010-09-09" } gareth rushgrove | morethanseven.net Amazon CloudFormation

Slide 50

Slide 50 text

http://www.ﬂickr.com/photos/iancarroll/5027441664 Case Study (the day job)

Slide 51

Slide 51 text

GOV.UK gareth rushgrove | morethanseven.net

Slide 52

Slide 52 text

gareth rushgrove | morethanseven.net Deﬁne infrastructure components early www.ﬂickr.com/photos/swisscan/2151073152

Slide 53

Slide 53 text

www.ﬂickr.com/photos/swisscan/2292829724 gareth rushgrove | morethanseven.net Deﬁne infrastructure implementation later

Slide 54

Slide 54 text

www.ﬂickr.com/photos/swisscan/651760224 gareth rushgrove | morethanseven.net Part of development activities

Slide 55

Slide 55 text

gareth rushgrove | morethanseven.net High level primitives apache2::vhost::passenger { "app1.$::govuk_platform.internal":; "app2.$::govuk_platform.internal":; }

Slide 56

Slide 56 text

gareth rushgrove | morethanseven.net Under the hood - Create Apache Virtual host - Setup Ruby web application server - Reload Apache if needed - Setup monitoring checks in Nagios - Send log ﬁles to Ganglia and Greylog

Slide 57

Slide 57 text

gareth rushgrove | morethanseven.net Bootstrap new machines 1. Bring up new instance using Fog 2. Install Ruby and Puppet 3. Let instance know what type of node it is 4. Register new instance with puppet master 5. Let Puppet install the rest of required software 6. Collected puppet resources add monitoring

Slide 58

Slide 58 text

gareth rushgrove | morethanseven.net Fog fog.io

Slide 59

Slide 59 text

{ "role": "client", "platform": "preview", "class": "frontend", "security_groups": ["preview-frontend", "preview"], "key": "preview.pem", "flavor": "m1.large", "image": "ami-5c417128", "master": "puppet.example.com", "debug": true, "log_level": 0 } gareth rushgrove | morethanseven.net Describe machine types

Slide 60

Slide 60 text

Slide 61

Slide 61 text

bundle exec bin/provision --file=frontend.json -n 5 gareth rushgrove | morethanseven.net Summon 5 new web servers

Slide 62

Slide 62 text

www.ﬂickr.com/photos/swisscan/2110710885 gareth rushgrove | morethanseven.net Local development environment

Slide 63

Slide 63 text

http://www.ﬂickr.com/photos/iancarroll/5027441664 Takeaway (if all you remember is)

Slide 64

Slide 64 text

gareth rushgrove | morethanseven.net Infrastructure can be described in code - Domain speciﬁc - Readable - Reviewable - Testable - Reusable

Slide 65

Slide 65 text

gareth rushgrove | morethanseven.net It’s easy, just start simple - Just manage users - Just manage cron jobs - Just manage the web server - Just manage your database conﬁguration

Slide 66

Slide 66 text

http://www.ﬂickr.com/photos/lkanies/5996581482 gareth rushgrove | morethanseven.net Engage the community

Slide 67

Slide 67 text

gareth rushgrove | morethanseven.net Talk to people (on IRC) - #puppet - #chef - #cfengine - #infratalk all on irc.freenode.net

Slide 68

Slide 68 text

The End

Slide 69

Slide 69 text

http://www.ﬂickr.com/photos/benterrett/6852348725/ One more thing, we’re hiring gareth rushgrove | morethanseven.net

Slide 70

Slide 70 text

Questions? gareth rushgrove | morethanseven.net http://ﬂickr.com/photos/psd/102332391/