Tweet
Tweet

Slide 1

Slide 1 text

Configuration Management 101! FOSDEM 2014

Slide 2

Slide 2 text

Sean OMeara! [email protected]! @someara

Slide 3

Slide 3 text

Sean OMeara! [email protected]! @someara

Slide 4

Slide 4 text

Sean OMeara! [email protected]! @someara

Slide 5

Slide 5 text

whoami

Slide 6

Slide 6 text

Part 1

Slide 7

Slide 7 text

The Dawn of Configuration Management

Slide 8

Slide 8 text

• What is configuration management?! • Strategies and techniques for managing configuration and its complexity! • The art of change management

Slide 9

Slide 9 text

Manual Configuration

Slide 10

Slide 10 text

• Intuitive! • How we all start out! • Log into machine, manipulate with fingers! • Make with the clicky clicky! • Long tradition

Slide 11

Slide 11 text

• Somehow feels the “safest"! • First instinct in emergencies! • This is an illusion! • Do not do this

Slide 12

Slide 12 text

• Labor intensive! • Error prone! • Difficult to reproduce! • Obviously unsustainable

Slide 13

Slide 13 text

Scripting

Slide 14

Slide 14 text

• setup.sh! • setup.pl! • setup.py! • setup.rb

Slide 15

Slide 15 text

• doit.sh! • doit.pl! • doit.py! • doit.rb

Slide 16

Slide 16 text

• Ad-hoc in nature! • Loss of history! • Lacks testing methodology! • A step in the right direction

Slide 17

Slide 17 text

File Distribution

Slide 18

Slide 18 text

• NFS! • SMB! • AFS! • SSHFS! • GlusterFS

Slide 19

Slide 19 text

• uucp! • rcp! • ftp! • http! • scp

Slide 20

Slide 20 text

•Distributed systems! •Shares often managed manually or with scripts! •Package repositories! •Pull is better than push! •Scp on a cron *

Slide 21

Slide 21 text

Execution Management

Slide 22

Slide 22 text

• Image management! • Snapshots and cloning! • Containers

Slide 23

Slide 23 text

• SSH on a for loop! • Func! • Commands on message queues! • ISConf

Slide 24

Slide 24 text

• Loss of history! • Image sprawl! • Easy to order change across nodes

Slide 25

Slide 25 text

Convergent Operators! (promises)

Slide 26

Slide 26 text

No content

Slide 27

Slide 27 text

Tools

Slide 28

Slide 28 text

• CFEngine! • Bcfg2! • Puppet! • Chef! • Salt! • Ansible

Slide 29

Slide 29 text

No content

Slide 30

Slide 30 text

Part 2

Slide 31

Slide 31 text

Policy http://www.flickr.com/photos/sfllaw/222795669/

Slide 32

Slide 32 text

• /etc/passwd should be mode 0644! • /etc/shadow should be mode 0600

Slide 33

Slide 33 text

• user ‘kermit’ should exist! • user ‘fonzi’ should exist! • group ‘muppets’ should exist! • group ‘muppets’ should contain kermit and fonzi

Slide 34

Slide 34 text

• package ‘ntpd’ should be installed! • ntpd should sync with our AD service! • service ‘ntpd’ should be running

Slide 35

Slide 35 text

• package ‘httpd’ should be installed! • httpd should be expose /mnt/software/java! • service ‘httpd’ should be running

Slide 36

Slide 36 text

• The Java JDK, version 7u45, found on an internally hosted web server, should be installed into /usr/local/jdk-7u45/

Slide 37

Slide 37 text

Polices are declarations about the state of things in a system

Slide 38

Slide 38 text

Polices are applied repeatedly and repair the system when needed

Slide 39

Slide 39 text

Policies often change

Slide 40

Slide 40 text

• package ‘widget-factory’ should be installed at version 1.2.3

Slide 41

Slide 41 text

• package ‘widget-factory’ should be installed at version 1.3.0

Slide 42

Slide 42 text

http://www.flickr.com/photos/jakepjohnson/4937767595 Repeatability

Slide 43

Slide 43 text

Repeatable -> Idempotent -> Convergent

Slide 44

Slide 44 text

• Scripts are not generally repeatable

Slide 45

Slide 45 text

No content

Slide 46

Slide 46 text

No content

Slide 47

Slide 47 text

• But they can be!

Slide 48

Slide 48 text

No content

Slide 49

Slide 49 text

! Idempotent operations can be applied infinite times and will yield the same result every time

Slide 50

Slide 50 text

No content

Slide 51

Slide 51 text

Idempotent http://www.flickr.com/photos/ian_munroe/4758240536/

Slide 52

Slide 52 text

http://www.flickr.com/photos/ian_munroe/4758240536/ Idempotent NOT GOOD ENOUGH

Slide 53

Slide 53 text

! Convergent operations test state and repair if needed

Slide 54

Slide 54 text

No content

Slide 55

Slide 55 text

No content

Slide 56

Slide 56 text

! A control loop keeps the system stable and allows for change when policy is updated

Slide 57

Slide 57 text

Autonomous agent Policy: The box should be closed

Slide 58

Slide 58 text

Convergence

Slide 59

Slide 59 text

No content

Slide 60

Slide 60 text

No content

Slide 61

Slide 61 text

No content

Slide 62

Slide 62 text

Converging with Bash

Slide 63

Slide 63 text

git clone [email protected]:someara/ cbash.git

Slide 64

Slide 64 text

No content

Slide 65

Slide 65 text

No content

Slide 66

Slide 66 text

No content

Slide 67

Slide 67 text

No content

Slide 68

Slide 68 text

No content

Slide 69

Slide 69 text

No content

Slide 70

Slide 70 text

No content

Slide 71

Slide 71 text

No content

Slide 72

Slide 72 text

No content

Slide 73

Slide 73 text

No content

Slide 74

Slide 74 text

No content

Slide 75

Slide 75 text

No content

Slide 76

Slide 76 text

No content

Slide 77

Slide 77 text

Convergence and Iteration

Slide 78

Slide 78 text

No content

Slide 79

Slide 79 text

No content

Slide 80

Slide 80 text

No content

Slide 81

Slide 81 text

No content

Slide 82

Slide 82 text

No content

Slide 83

Slide 83 text

No content

Slide 84

Slide 84 text

Does order matter?

Slide 85

Slide 85 text

YES

Slide 86

Slide 86 text

No content

Slide 87

Slide 87 text

Promises http://www.flickr.com/photos/nazzen9009/6809694353/

Slide 88

Slide 88 text

• Agents are autonomous! • A promise is a signal or message perceived by an observer.! • Promises may or may not be kept.! • Agents can observe other agents! • Agents only have local information *! • Inner workings of agents are assumed to be unknown http://markburgess.org/BookOfPromises.pdf

Slide 89

Slide 89 text

• Agents have intentions (possible behaviors)! • Agents can make assessments about other agents http://markburgess.org/BookOfPromises.pdf

Slide 90

Slide 90 text

• Configuration Management tools embody tenants of Promise Theory intentionally or not

Slide 91

Slide 91 text

Domain Specific Languages

Slide 92

Slide 92 text

! DSLs restrict machine instructions to convergent operations

Slide 93

Slide 93 text

! DSLs manage ordering

Slide 94

Slide 94 text

No content

Slide 95

Slide 95 text

type subject intentions

Slide 96

Slide 96 text

No content

Slide 97

Slide 97 text

type subject intentions

Slide 98

Slide 98 text

signal

Slide 99

Slide 99 text

No content

Slide 100

Slide 100 text

type subject intention

Slide 101

Slide 101 text

observation

Slide 102

Slide 102 text

No content

Slide 103

Slide 103 text

type subject intentions

Slide 104

Slide 104 text

No content

Slide 105

Slide 105 text

type intention subject

Slide 106

Slide 106 text

signal

Slide 107

Slide 107 text

Intermission

Slide 108

Slide 108 text

No content

Slide 109

Slide 109 text

Part 3

Slide 110

Slide 110 text

Composition

Slide 111

Slide 111 text

No content

Slide 112

Slide 112 text

Recipes

Slide 113

Slide 113 text

resource one resource two resource three

Slide 114

Slide 114 text

{ testable intent

Slide 115

Slide 115 text

recipe[http::server]

Slide 116

Slide 116 text

recipe[http::server]

Slide 117

Slide 117 text

recipes supporting files

Slide 118

Slide 118 text

Types

Slide 119

Slide 119 text

No content

Slide 120

Slide 120 text

interface implementation

Slide 121

Slide 121 text

No content

Slide 122

Slide 122 text

intentions parameters

Slide 123

Slide 123 text

No content

Slide 124

Slide 124 text

new scope intention implementation

Slide 125

Slide 125 text

new scope intention implementation

Slide 126

Slide 126 text

Artifacts

Slide 127

Slide 127 text

metadata

Slide 128

Slide 128 text

No content

Slide 129

Slide 129 text

metadata

Slide 130

Slide 130 text

No content

Slide 131

Slide 131 text

http v0.1.0 chef-server api yum v3.0.0

Slide 132

Slide 132 text

Delivery

Slide 133

Slide 133 text

• nodes request their own initial run_list

Slide 134

Slide 134 text

recipe[httpd::server] chef-server api run_list: http v0.1.0

Slide 135

Slide 135 text

recipe[httpd::server] chef-server api run_list: http v0.1.0 recipe[openssh::server] openssh v3.2.1

Slide 136

Slide 136 text

recipe[ntp::client] chef-server api run_list: http v0.1.0 recipe[openssh::server] openssh v3.2.1 recipe[httpd::server] ntp v1.0.0

Slide 137

Slide 137 text

• Push vs Pull! • Networking considerations! • Machines down for maintenance! • Machines that don’t exist yet

Slide 138

Slide 138 text

Dependencies

Slide 139

Slide 139 text

No content

Slide 140

Slide 140 text

No content

Slide 141

Slide 141 text

No content

Slide 142

Slide 142 text

No content

Slide 143

Slide 143 text

No content

Slide 144

Slide 144 text

No content

Slide 145

Slide 145 text

recipe[widgetfactory] chef-server api run_list: http v0.1.0 yum v3.0.0 widgetfactory v1.0.0

Slide 146

Slide 146 text

Integration testing

Slide 147

Slide 147 text

• Test that a set of agents has achieved their combined goal

Slide 148

Slide 148 text

• lsof -i :80! • ps -ef | grep httpd! • curl localhost 2>&1 > /dev/null

Slide 149

Slide 149 text

• Berkshelf! • Vagrant! • Kitchen.ci! • Bats! • Serverspec

Slide 150

Slide 150 text

Environments

Slide 151

Slide 151 text

• Environments constrain cookbook versions! • Environments can set data

Slide 152

Slide 152 text

No content

Slide 153

Slide 153 text

No content

Slide 154

Slide 154 text

• Environments can be used to test branches! • Environments can be used to segregate machines! • Environments can be manipulated programatically

Slide 155

Slide 155 text

No content

Slide 156

Slide 156 text

No content

Slide 157

Slide 157 text

http v0.1.0 chef-server api http v0.2.0 openssh v1.2.3 postgresql v3.2.1

Slide 158

Slide 158 text

recipe[widgetfactory] run_list: http v0.1.0 yum v3.0.0 widgetfactory v1.0.0 chef_environment: production

Slide 159

Slide 159 text

recipe[widgetfactory] run_list: http v0.2.0 yum v3.0.0 widgetfactory v1.0.0 chef_environment: staging

Slide 160

Slide 160 text

Part 4

Slide 161

Slide 161 text

Clusters http://www.flickr.com/photos/youraccount/5938852370/

Slide 162

Slide 162 text

Typical Cluster

Slide 163

Slide 163 text

loadbalancer application db-slave db-master

Slide 164

Slide 164 text

Production httpd 0.1.0

Slide 165

Slide 165 text

Production Staging httpd 0.1.0 httpd 0.1.0

Slide 166

Slide 166 text

Production Staging UUID httpd 0.1.0 httpd 0.1.0 httpd 0.2.0

Slide 167

Slide 167 text

Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

Slide 168

Slide 168 text

Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

Slide 169

Slide 169 text

Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

Slide 170

Slide 170 text

Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

Slide 171

Slide 171 text

Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

Slide 172

Slide 172 text

Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

Slide 173

Slide 173 text

Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

Slide 174

Slide 174 text

Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

Slide 175

Slide 175 text

Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

Slide 176

Slide 176 text

Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

Slide 177

Slide 177 text

Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

Slide 178

Slide 178 text

Production Staging httpd 0.2.0 httpd 0.2.0

Slide 179

Slide 179 text

Production httpd 0.2.0

Slide 180

Slide 180 text

An Ordering Problem

Slide 181

Slide 181 text

loadbalancer application

Slide 182

Slide 182 text

• Take a machine out of the pool! • Drain the connections! • Modify configuration! • Insert it back into the pool

Slide 183

Slide 183 text

loadbalancer application

Slide 184

Slide 184 text

loadbalancer application

Slide 185

Slide 185 text

loadbalancer application

Slide 186

Slide 186 text

loadbalancer application

Slide 187

Slide 187 text

loadbalancer application

Slide 188

Slide 188 text

loadbalancer application

Slide 189

Slide 189 text

loadbalancer application

Slide 190

Slide 190 text

loadbalancer application

Slide 191

Slide 191 text

loadbalancer application

Slide 192

Slide 192 text

loadbalancer application

Slide 193

Slide 193 text

Orchestration

Slide 194

Slide 194 text

• Conductor showing signals to autonomous agents (creative policy manipulation)! • External actor controlling sequencing (execution management)! • Application level sequencing (vector clocks, etc)

Slide 195

Slide 195 text

• Infrastructures are snowflakes! • Solutions are unique to applications by nature! • Configuration Management 201

Slide 196

Slide 196 text

• There is no separation between ‘infrastructure’ and ‘application’! • Distributed systems are hard! • Specialists need to work together

Slide 197

Slide 197 text

Devops

Slide 198

Slide 198 text

• Study Promise Theory! • Study distributed systems! • Develop high quality primitives! • Be excellent to each other

Slide 199

Slide 199 text

Fin