Ansible and Cloudformation Mark Wolfe DevOps @ Versent 

Welcome • Who is this guy? • @wolfeidau on twitter and Github • Who is Versent? • Yes we are hiring 

Overview • Reproducible and supported way to create an environment using a number of resources within an AWS account • Maintain many of these environments in parallel • Update these environments based on changing requirements • Hand over this code to others to maintain 

kubernetes • Container schedular with lots of amazing features and contributors • Orchestrate Containers across a number of hosts • Requires a bit of infrastructure to bootstrap • VPC to hosts the cluster • etcd cluster • controllers • workers 

Cloudformation • JSON representation of AWS infrastructure • Not a lot of Logic • Verbose and cumbersome to refactor • Use a DSL • cloudformation-ruby-dsl 

Cloudformation Layers • Like an onion • Has layers • These layers build a number a resources then output attributes • Subsequent layers build use outputted attributes • Strategies for re-usable CloudFormation Templates 

Code • Lets review the code 

Ansible 

Ansible • Run Cloudformation • Manage different environment configuration • Generate and upload certificates • Executed from CI server • Discover and retrieve attributes / settings from other stacks 

Cloudformation Module • Build a stack • Discover a stack and retrieve it’s outputs • Export these as facts • Use them in subsequent layers 

AWS CLI • Ansible used to execute aws CLI tasks such as: • Update Route53 to switch CNAMES during deployments • Generate and store Secrets • unicreds Store secrets using DynamoDB + KMS • Upload UserData bundles to S3 • requirements.yml • playbook.yml 

CI/CD • Builds environments • Used to manage parameters / environments • Ansible used to perform adhoc automation tasks • Run backup Jobs across a number of hosts using dynamic inventory • Sync data between S3 buckets across accounts and report any issues • Reusable roles used to build these jobs 

• Decomposed into reusable Roles • docker • etcd • kubernetes controllers • kubernetes workers UserData 

• Using molecule • makes testing ansible roles really simple • docker • serverspec Testing 

Questions • Thanks for listening • @wolfeidau on twitter • github.com/wolfeidau • [email protected] 

References • http://awsadvent.tumblr.com/post/38685647817/ strategies-reusable-cfn-templates • https://github.com/wolfeidau/k8sdev SOON • https://github.com/metacloud/molecule • https://github.com/retr0h/ansible-etcd/blob/master/ Makefile • https://github.com/kelseyhightower/kubernetes-the- hard-way 

Images • Image from banff collection by TJ Holowaychuk • "Snowstorm" by Beaulawrence