Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Taming the Modern Data Center

Taming the Modern Data Center

Today we are plagued by hundreds of choices when architecting a modern data center. Should our machines be virtual or physical? Should we use containers or Docker? Should we use a public cloud provider or a private cloud provider? Which configuration management tool is best to use? What about IaaS, PaaS, and SaaS? It would be manageable if these were binary choices; however, we often find ourselves in a hybrid environment.

As more operations choices are added to your data center, whether through company acquisitions, a growing development team, or general technical debt, managing complexity between legacy and new systems becomes a nightmare. Yet the end goal is still the same — safely deploy your application to your infrastructure. We need to tame our data centers by managing change across systems, enforcing policies, and by establishing a workflow for both developers and operations engineers to build in a collaborative environment.

This talk will discuss the problems faced in the modern data center, and how a set of innovative open source tooling can be used to tame the rising complexity curve. Join me on an adventure with Packer, Consul, and Terraform as we take your data center from chaos to control.

Seth Vargo

May 17, 2017
Tweet

More Decks by Seth Vargo

Other Decks in Technology

Transcript

  1. TAMING THE MODERN DATA CENTER
    A Hybrid Talk for a Hybrid World
    @sethvargo

    View full-size slide

  2. @sethvargo

    Seth Vargo
    Director of Technical Advocacy
    HashiCorp

    View full-size slide

  3. @sethvargo

    View full-size slide

  4. @sethvargo
    DC EVOLUTION
    How did we get here?

    View full-size slide

  5. @sethvargo

    RISING DATACENTER COMPLEXITY
    DC

    View full-size slide

  6. @sethvargo

    RISING DATACENTER COMPLEXITY
    DC

    View full-size slide

  7. @sethvargo

    RISING DATACENTER COMPLEXITY
    DC
    VM
    VM
    VM
    VM VM
    VM
    VM
    VM VM
    VM
    VM
    VM VM
    VM
    VM
    VM

    View full-size slide

  8. @sethvargo

    RISING DATACENTER COMPLEXITY
    DC
    VM
    VM
    VM
    VM VM
    VM
    VM
    VM VM
    VM
    VM
    VM VM
    VM
    VM
    VM
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C

    View full-size slide

  9. @sethvargo

    RISING DATACENTER COMPLEXITY
    DC DNS
    Database
    CDN

    View full-size slide

  10. @sethvargo

    RISING DATACENTER COMPLEXITY
    DC-01 DC-02

    View full-size slide

  11. @sethvargo

    RISING DATACENTER COMPLEXITY
    DC-01 DC-02
    VM
    VM
    VM
    VM VM
    VM
    VM
    VM
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C
    C C

    View full-size slide

  12. @sethvargo

    RISING DATACENTER COMPLEXITY
    IaaS PaaS SaaS

    View full-size slide

  13. @sethvargo
    TAMING THE DC
    Deployment + Maintenance

    View full-size slide

  14. @sethvargo
    PREVIOUSLY
    The APUD cycle

    View full-size slide

  15. ACQUIRE PROVISION UPDATE DESTROY

    View full-size slide

  16. ACQUIRE PROVISION UPDATE DESTROY
    G

    U
    VENDOR

    View full-size slide

  17. ACQUIRE PROVISION UPDATE DESTROY
    G U

    U ’
    U
    VENDOR DC OPS

    View full-size slide

  18. ACQUIRE PROVISION UPDATE DESTROY
    G U

    U ’
    U U

    U
    VENDOR DC OPS SYSADMIN

    View full-size slide

  19. ACQUIRE PROVISION UPDATE DESTROY
    G U

    U ’
    U U

    U U

    U
    VENDOR DC OPS SYSADMIN DC OPS

    View full-size slide

  20. ACQUIRE PROVISION UPDATE DESTROY
    VENDOR DC OPS SYSADMIN DC OPS
    WEEKS DAYS DAYS DAYS
    c c c c

    View full-size slide

  21. @sethvargo
    PRESENTLY
    The elastic compute and _aaS era

    View full-size slide

  22. ACQUIRE PROVISION UPDATE DESTROY
    WEEKS DAYS DAYS DAYS
    c c c c
    Elastic Compute

    View full-size slide

  23. ACQUIRE PROVISION UPDATE DESTROY
    WEEKS DAYS DAYS DAYS
    c c c c
    Elastic Compute

    View full-size slide

  24. ACQUIRE PROVISION UPDATE DESTROY
    MINUTES DAYS DAYS SECONDS
    c c c c
    Elastic Compute

    View full-size slide

  25. ACQUIRE PROVISION UPDATE DESTROY
    DAYS DAYS
    c c
    Configuration Management
    MINUTES SECONDS
    c c

    View full-size slide

  26. ACQUIRE PROVISION UPDATE DESTROY
    DAYS DAYS
    c c
    Configuration Management
    MINUTES SECONDS
    c c

    View full-size slide

  27. ACQUIRE PROVISION UPDATE DESTROY
    MINUTES SECONDS
    c c
    Configuration Management
    MINUTES SECONDS
    c c

    View full-size slide

  28. ACQUIRE PROVISION UPDATE DESTROY
    SaaS Proliferation
    ACQUIRE PROVISION UPDATE DESTROY
    https://specialized.com

    View full-size slide

  29. @sethvargo

    RISING DATACENTER COMPLEXITY
    DC DNS
    Database
    CDN
    VM
    VM
    VM
    VM
    C C
    C C
    C C

    View full-size slide

  30. @sethvargo
    WHY?
    What was our original goal?

    View full-size slide

  31. @sethvargo

    EFFECTIVELY DELIVER
    AND MAINTAIN
    APPLICATIONS

    View full-size slide

  32. @sethvargo

    MOVE FAST AND
    DON’T BREAK THINGS

    View full-size slide

  33. RUN
    Applications, Services, Jobs
    SECURE
    Applications, Infrastructure
    PROVISION
    Infrastructure, Code, Images

    View full-size slide

  34. RUN
    Applications, Services, Jobs
    SECURE
    Applications, Infrastructure
    PROVISION
    Infrastructure, Code, Images

    View full-size slide

  35. @sethvargo
    MOTIVATION
    Why Terraform?

    View full-size slide

  36. @sethvargo
    How do I provision resources?
    compute?
    storage?
    network?

    View full-size slide

  37. @sethvargo
    How do I manage resource lifecycles?

    View full-size slide

  38. @sethvargo
    How do I balance service providers
    providing core technology for my
    datacenter?

    View full-size slide

  39. @sethvargo
    How do I enforce policy across all these
    resources?

    View full-size slide

  40. @sethvargo
    How do I automate and share those
    configurations?

    View full-size slide

  41. @sethvargo

    TERRAFORM'S GOAL

    View full-size slide

  42. @sethvargo
    PROVIDE A SINGLE WORKFLOW

    View full-size slide

  43. @sethvargo
    WITH A UNIFIED VIEW

    View full-size slide

  44. @sethvargo
    USING INFRASTRUCTURE AS CODE

    View full-size slide

  45. @sethvargo
    THAT CAN BE ITERATED AND
    CHANGED SAFELY

    View full-size slide

  46. @sethvargo
    CAPABLE OF COMPLEX N-TIER
    APPLICATIONS

    View full-size slide

  47. @sethvargo
    resource "digitalocean_droplet" "web" {
    name = "tf-web"
    size = "512mb"
    image = "centos-5-8-x32"
    region = "sfo1"
    }
    resource "dnsimple_record" "hello" {
    domain = "example.com"
    name = "test"
    value = "${digitalocean_droplet.web.ipv4_address}"
    type = "A"
    }
    main.tf

    View full-size slide

  48. @sethvargo
    resource "digitalocean_droplet" "web" {
    name = "tf-web"
    size = "512mb"
    image = "centos-5-8-x32"
    region = "sfo1"
    }
    resource "dnsimple_record" "hello" {
    domain = "example.com"
    name = "test"
    value = "${digitalocean_droplet.web.ipv4_address}"
    type = "A"
    }
    main.tf

    View full-size slide

  49. @sethvargo
    resource "digitalocean_droplet" "web" {
    name = "tf-web"
    size = "512mb"
    image = "centos-5-8-x32"
    region = "sfo1"
    }
    resource "dnsimple_record" "hello" {
    domain = "example.com"
    name = "test"
    value = "${digitalocean_droplet.web.ipv4_address}"
    type = "A"
    }
    main.tf

    View full-size slide

  50. @sethvargo
    resource "digitalocean_droplet" "web" {
    name = "tf-web"
    size = "512mb"
    image = "centos-5-8-x32"
    region = "sfo1"
    }
    resource "dnsimple_record" "hello" {
    domain = "example.com"
    name = "test"
    value = "${digitalocean_droplet.web.ipv4_address}"
    type = "A"
    }
    main.tf

    View full-size slide

  51. @sethvargo
    HUMAN-FRIENDLY CONFIGURATION*

    View full-size slide

  52. @sethvargo
    VCS-FRIENDLY FORMAT

    View full-size slide

  53. @sethvargo
    ENTIRE INFRASTRUCTURE...
    CAPTURED TEXT FILES

    View full-size slide

  54. @sethvargo

    TERRAFORM PROVIDERS

    View full-size slide

  55. @sethvargo
    SINGLE INTEGRATION POINT

    View full-size slide

  56. @sethvargo
    EXPOSE ("PROVIDE") A RESOURCE

    View full-size slide

  57. @sethvargo
    CRUD API

    View full-size slide

  58. @sethvargo
    PLUGGABLE FOR INTEGRATIONS

    View full-size slide

  59. @sethvargo
    MANAGE ANYTHING WITH AN API

    View full-size slide

  60. @sethvargo
    $ terraform apply

    View full-size slide

  61. @sethvargo
    OVER 65 BUILT-IN PROVIDERS
    AND COUNTING...

    View full-size slide

  62. @sethvargo

    TERRAFORM PLAN

    View full-size slide

  63. @sethvargo
    + digitalocean_droplet.web
    backups: "" => ""
    image: "" => "centos-5-8-x32"
    ipv4_address: "" => ""
    ipv4_address_private: "" => ""
    name: "" => "tf-web"
    private_networking: "" => ""
    region: "" => "sfo1"
    size: "" => "512mb"
    status: "" => ""
    + dnsimple_record.hello
    domain: "" => "example.com"
    Terminal

    View full-size slide

  64. @sethvargo
    + digitalocean_droplet.web
    backups: "" => ""
    image: "" => "centos-5-8-x32"
    ipv4_address: "" => ""
    ipv4_address_private: "" => ""
    name: "" => "tf-web"
    private_networking: "" => ""
    region: "" => "sfo1"
    size: "" => "512mb"
    status: "" => ""
    + dnsimple_record.hello
    domain: "" => "example.com"
    Terminal

    View full-size slide

  65. @sethvargo
    + digitalocean_droplet.web
    backups: "" => ""
    image: "" => "centos-5-8-x32"
    ipv4_address: "" => ""
    ipv4_address_private: "" => ""
    name: "" => "tf-web"
    private_networking: "" => ""
    region: "" => "sfo1"
    size: "" => "512mb"
    status: "" => ""
    + dnsimple_record.hello
    domain: "" => "example.com"
    Terminal

    View full-size slide

  66. @sethvargo
    + digitalocean_droplet.web
    backups: "" => ""
    image: "" => "centos-5-8-x32"
    ipv4_address: "" => ""
    ipv4_address_private: "" => ""
    name: "" => "tf-web"
    private_networking: "" => ""
    region: "" => "sfo1"
    size: "" => "512mb"
    status: "" => ""
    + dnsimple_record.hello
    domain: "" => "example.com"
    Terminal

    View full-size slide

  67. @sethvargo
    size: "" => "512mb"
    status: "" => ""
    + dnsimple_record.hello
    domain: "" => "example.com"
    domain_id: "" => ""
    hostname: "" => ""
    name: "" => "test"
    priority: "" => ""
    ttl: "" => ""
    type: "" => "A"
    value: "" => "${digitalocean_droplet.web.ipv4_address}"
    Terminal

    View full-size slide

  68. @sethvargo
    SHOWS YOU WHAT WILL HAPPEN

    View full-size slide

  69. @sethvargo
    EXPLAINS CERTAIN ACTIONS

    View full-size slide

  70. @sethvargo
    PREVIOUSLY?

    View full-size slide

  71. @sethvargo
    STILL UNCERTAINTY…

    View full-size slide

  72. @sethvargo
    FUTURE OPS
    Managing Tomorrow's Infrastructure

    View full-size slide

  73. @sethvargo

    DEPLOY IMMUTABLE
    INFRASTRUCTURE

    View full-size slide

  74. @sethvargo

    CHANGES
    CONFIDENCE
    Mutable Infrastructure

    View full-size slide

  75. @sethvargo

    ITERATIONS
    CONSISTENCY
    Mutable Infrastructure

    View full-size slide

  76. @sethvargo

    ITERATIONS
    CONSISTENCY
    Immutable Infrastructure

    View full-size slide

  77. @sethvargo

    IMMUTABLE
    INFRASTRUCTURE
    IS FASTER

    View full-size slide

  78. @sethvargo

    IMMUTABLE
    INFRASTRUCTURE
    ALLOWS FOR
    GREATER PARITY

    View full-size slide

  79. @sethvargo

    IMMUTABLE
    INFRASTRUCTURE
    NEEDS AUTOMATION

    View full-size slide

  80. @sethvargo
    MACHINE IMAGES

    View full-size slide

  81. @sethvargo
    YUCK... IMAGES?

    View full-size slide

  82. @sethvargo
    WHY HAVE WE BEEN
    GENERALLY AGAINST
    MACHINE IMAGES?

    View full-size slide

  83. @sethvargo
    GOLDEN IMAGES
    USED TO BE THE WAY

    View full-size slide

  84. @sethvargo
    QUARTERLY,
    UNCHANGED,
    AND BLESSED
    IMAGES

    View full-size slide

  85. @sethvargo
    CHANGES WERE
    SLOW AND FRUSTRATING

    View full-size slide

  86. @sethvargo
    TOOLING WAS
    NOT MATURE
    COMPARED TO TODAY

    View full-size slide

  87. @sethvargo
    MODERN CONFIG MANAGEMENT
    CHANGED THAT

    View full-size slide

  88. @sethvargo
    OPS WITHOUT
    MACHINE IMAGES IS LIKE
    APPLICATIONS WITHOUT BINARIES

    View full-size slide

  89. @sethvargo

    APPLICATION LIFECYCLE

    View full-size slide

  90. @sethvargo

    APPLICATION LIFECYCLE
    Source Code Binary

    View full-size slide

  91. @sethvargo

    APPLICATION LIFECYCLE
    Source Code Binary
    libA 1.0 libB 1.0 libC 1.0

    View full-size slide

  92. @sethvargo

    APPLICATION LIFECYCLE
    Source Code Binary
    libA 1.0 libB 1.0 libC 1.0

    View full-size slide

  93. @sethvargo

    APPLICATION LIFECYCLE
    Source Code Binary
    libA 1.0 libB 1.0 libC 1.0

    View full-size slide

  94. @sethvargo

    MUTABLE SERVER LIFECYCLE

    View full-size slide

  95. @sethvargo

    APPLICATION LIFECYCLE
    Base Server Ready Server

    View full-size slide

  96. @sethvargo

    APPLICATION LIFECYCLE
    Base Server Ready Server
    Packages Network CM

    View full-size slide

  97. @sethvargo

    APPLICATION LIFECYCLE
    Base Server Ready Server
    Packages Network CM

    View full-size slide

  98. @sethvargo

    APPLICATION LIFECYCLE
    Base Server Ready Server
    Packages Network CM

    View full-size slide

  99. @sethvargo

    APPLICATION LIFECYCLE
    Base Server Ready Server
    Packages Network CM

    View full-size slide

  100. @sethvargo

    APPLICATION LIFECYCLE
    Base Server Ready Server
    Packages Network CM

    View full-size slide

  101. @sethvargo

    APPLICATION LIFECYCLE
    IN THE PATH OF
    DOWNTIME

    View full-size slide

  102. @sethvargo

    MACHINE IMAGE LIFECYCLE

    View full-size slide

  103. @sethvargo

    MACHINE IMAGE LIFECYCLE
    Base Server Ready Server

    View full-size slide

  104. @sethvargo

    MACHINE IMAGE LIFECYCLE
    Base Server Ready Server

    View full-size slide

  105. @sethvargo

    PACKER BUILD

    View full-size slide

  106. @sethvargo
    EMBRACES CONFIG MANAGEMENT

    View full-size slide

  107. @sethvargo
    TRANSITIONS FAILURES FROM
    RUNTIME TO BUILD-TIME

    View full-size slide

  108. @sethvargo
    ENFORCES PARITY WITH STAGING

    View full-size slide

  109. @sethvargo
    … AND EVEN DEVELOPMENT

    View full-size slide

  110. @sethvargo

    NEW CHALLENGES

    View full-size slide

  111. @sethvargo
    IT DIDN'T BELONG THERE
    IN THE FIRST PLACE

    View full-size slide

  112. @sethvargo
    LIKE TRYING TO USE LS
    TO CREATE A FILE

    View full-size slide

  113. @sethvargo
    Consul Features
    Service Discovery Health Checking
    KV Store Multi Datacenter

    View full-size slide

  114. @sethvargo
    Service Discovery

    View full-size slide

  115. @sethvargo
    Service Discovery
    DNS interface is zero-touch - no application changes are required
    HTTP API for modern applications returns rich metadata
    Allows discovery of both internal and external services

    View full-size slide

  116. @sethvargo
    $ host web.service.consul
    10.0.3.83
    10.0.1.109
    10.0.4.21
    Terminal

    View full-size slide

  117. @sethvargo
    $ curl $CONSUL_ADDR/v1/health/services/web
    [
    {
    # ...
    }
    ]
    Terminal

    View full-size slide

  118. @sethvargo
    Health Checking

    View full-size slide

  119. @sethvargo
    Health Checking
    Integrates with the service discovery layer
    DNS does not return results for unhealthy services or nodes
    HTTP endpoints can list health and query by health

    View full-size slide

  120. @sethvargo
    KV Store

    View full-size slide

  121. @sethvargo
    KV Store
    Highly available storage for configuration and feature flags
    Feature flags without big CM processes
    Supports blocking queries for "pushing" changes
    Optional ACLs to protect sensitive information at paths

    View full-size slide

  122. @sethvargo
    $ consul kv put foo bar
    Success! Data written to: foo
    Terminal

    View full-size slide

  123. @sethvargo
    $ consul kv get foo
    bar
    Terminal

    View full-size slide

  124. @sethvargo
    Multi-Datacenter

    View full-size slide

  125. @sethvargo
    Multi-Datacenter
    Usually query the local datacenter
    Can query other datacenters however you may need to
    Can view all datacenters within one OSS UI

    View full-size slide

  126. @sethvargo
    $ dig web-frontend.singapore.service.consul. +short
    10.3.3.33
    10.3.1.18
    $ dig web-frontend.germany.service.consul. +short
    10.7.3.41
    10.7.1.76
    Terminal

    View full-size slide

  127. @sethvargo
    $ curl http://localhost:8500/v1/kv/foo?raw&dc=asia
    true
    $ curl http://localhost:8500/v1/kv/foo?raw&dc=eu
    false
    Terminal

    View full-size slide

  128. @sethvargo
    ... And More!

    View full-size slide

  129. @sethvargo
    Events, Exec, and Watches
    Build powerful orchestration tools
    Implement client-side leader election
    Distributed locking and event system
    All approaches proven to scale to thousands of agents

    View full-size slide

  130. @sethvargo
    $ consul event deploy 6DF7FE
    # ...
    $ consul watch -type event -name deploy /usr/bin/deploy.sh
    # ...
    $ consul exec -service web /usr/bin/deploy.sh
    # ...
    Terminal

    View full-size slide

  131. @sethvargo
    Security
    Encrypt gossip traffic with shared key or keyring (UDP)
    Encrypt HTTP traffic with TLS (TCP)
    Advanced ACLs and token-based system allows for massive scale

    View full-size slide

  132. @sethvargo

    View full-size slide

  133. @sethvargo
    Completely Open Source

    View full-size slide

  134. @sethvargo
    Completely "Dog Fooded"

    View full-size slide

  135. @sethvargo

    Seth Vargo
    Director of Technical Advocacy
    HashiCorp
    Questions?

    View full-size slide