Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Configuration Management 101

Ea72b50eef37ebe730c37d96c5b5dd51?s=47 someara
February 04, 2014
Programming
3
510

Configuration Management 101

Given at FOSDEM 2014

Ea72b50eef37ebe730c37d96c5b5dd51?s=128

someara

February 04, 2014
Tweet

More Decks by someara

See All by someara
Docker Docker Docker Chef
Ea72b50eef37ebe730c37d96c5b5dd51?s=48 someara
0
190
Hand Crafted Artisinal Chef Resources
Ea72b50eef37ebe730c37d96c5b5dd51?s=48 someara
0
270
Configuration Management Camp 2015
Ea72b50eef37ebe730c37d96c5b5dd51?s=48 someara
1
280
Cookbook Reusability
Ea72b50eef37ebe730c37d96c5b5dd51?s=48 someara
0
250
TDI with ChefDK 0.0.1
Ea72b50eef37ebe730c37d96c5b5dd51?s=48 someara
2
320
Configuration Management 101 @ Scale12x
Ea72b50eef37ebe730c37d96c5b5dd51?s=48 someara
2
590
Introduction to Chef - Scale 10x
Ea72b50eef37ebe730c37d96c5b5dd51?s=48 someara
2
350
Introduction to Chef - NYLUG Jan 2012
Ea72b50eef37ebe730c37d96c5b5dd51?s=48 someara
2
240
Introduction to Chef - LISA11
Ea72b50eef37ebe730c37d96c5b5dd51?s=48 someara
10
6k

Other Decks in Programming

See All in Programming
Update from the Elixir team - 2022
Faafc04d9e69b73b9f49995fd4c94d4d?s=48 whatyouhide
0
200
職場にPythonistaを増やす方法
86b349524dfba1c635e944f2a9c92e91?s=48 soogie
0
330
機能横断型チームにおける技術改善
63b77df425b26126961817a39969a660?s=48 takeshiakutsu
3
510
読みやすいコードを書こう
A7048be18b1c2e712e5b564b1adb1f7e?s=48 yutorin
0
440
偏見と妄想で語るスクリプト言語としての Swift / Swift as a Scripting Language
Af64bc38c0ffcfcabdf430759ee491ce?s=48 lovee
2
300
WindowsコンテナDojo:第3回 ASP.NET 入門、これまでの技術とCore Blazor
E5eb221d34d4ffbe973f8542b4c3a00e?s=48 oniak3ibm
PRO
0
100
Oculus Interaction SDK 概説 / xrdnk-caunity-LT4
270b0c7883545117a9a618dc7ca7cc83?s=48 xrdnk
0
300
競プロへの誘 -いざな-
Efbc292fd2e2c4caa0ede1d1532804a9?s=48 u76ner
0
380
プログラミングを勉強したいと言われたら
6dd39716ef7dde18a609703e8e26b7ec?s=48 yuba_4
0
430
Cloud-Conference-Day-Spring Cloud + Spring Webflux: como desenvolver seu primeiro microsserviço reativo em Java?
102398563fd1bf878b35dc2d5ee67cbe?s=48 kamilahsantos
1
170
Unboxing Rails 7
0722f1ff8d0a69bce57ebdb93dafc395?s=48 claudiob
1
120
LegalForceの契約データを脅かすリスクの排除と 開発速度の向上をどうやって両立したか
Db8ec54bcaba4695821acf233a25afe9?s=48 aibou
0
650

Featured

See All Featured
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
651dcfe41723207fbb0aa044a4f7c07f?s=48 dotmariusz
100
5.9k
Designing the Hi-DPI Web
C157b16234f1e75e8eac3698c1d4414a?s=48 ddemaree
272
32k
Code Reviewing Like a Champion
C7393b7ba7ec9c8890dd77d209fbb3c9?s=48 maltzj
506
37k
Become a Pro
828ace851b606e1206900f26459f55ad?s=48 speakerdeck
PRO
3
790
Ruby is Unlike a Banana
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
91
9.2k
Atom: Resistance is Futile
7fa6101cd43067653cf4ac6c7ca54305?s=48 akmur
255
20k
5 minutes of I Can Smell Your CMS
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
196
18k
Gamification - CAS2011
4394ceb8b277f35ee3da7030384efb5d?s=48 davidbonilla
75
3.9k
Large-scale JavaScript Application Architecture
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
499
110k
Facilitating Awesome Meetings
245cee81a9c424266e5e401d844ea881?s=48 lara
29
3.9k
Debugging Ruby Performance
D47656e20ff5e42f125fc5ea0fd636c6?s=48 tmm1
65
10k
Automating Front-end Workflow
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
1351
200k

Transcript

  1. Configuration Management 101! FOSDEM 2014

  2. Sean OMeara! someara@opscode.com! @someara

  3. Sean OMeara! someara@opscode.com! @someara

  4. Sean OMeara! someara@getchef.com! @someara

  5. whoami

  6. Part 1

  7. The Dawn of Configuration Management

  8. • What is configuration management?! • Strategies and techniques for

    managing configuration and its complexity! • The art of change management

  9. Manual Configuration

  10. • Intuitive! • How we all start out! • Log

    into machine, manipulate with fingers! • Make with the clicky clicky! • Long tradition

  11. • Somehow feels the “safest"! • First instinct in emergencies!

    • This is an illusion! • Do not do this

  12. • Labor intensive! • Error prone! • Difficult to reproduce!

    • Obviously unsustainable

  13. Scripting

  14. • setup.sh! • setup.pl! • setup.py! • setup.rb

  15. • doit.sh! • doit.pl! • doit.py! • doit.rb

  16. • Ad-hoc in nature! • Loss of history! • Lacks

    testing methodology! • A step in the right direction

  17. File Distribution

  18. • NFS! • SMB! • AFS! • SSHFS! • GlusterFS

  19. • uucp! • rcp! • ftp! • http! • scp

  20. •Distributed systems! •Shares often managed manually or with scripts! •Package

    repositories! •Pull is better than push! •Scp on a cron *

  21. Execution Management

  22. • Image management! • Snapshots and cloning! • Containers

  23. • SSH on a for loop! • Func! • Commands

    on message queues! • ISConf

  24. • Loss of history! • Image sprawl! • Easy to

    order change across nodes

  25. Convergent Operators! (promises)

  26. None

  27. Tools

  28. • CFEngine! • Bcfg2! • Puppet! • Chef! • Salt!

    • Ansible
  29. None

  30. Part 2

  31. Policy http://www.flickr.com/photos/sfllaw/222795669/

  32. • /etc/passwd should be mode 0644! • /etc/shadow should be

    mode 0600

  33. • user ‘kermit’ should exist! • user ‘fonzi’ should exist!

    • group ‘muppets’ should exist! • group ‘muppets’ should contain kermit and fonzi

  34. • package ‘ntpd’ should be installed! • ntpd should sync

    with our AD service! • service ‘ntpd’ should be running

  35. • package ‘httpd’ should be installed! • httpd should be

    expose /mnt/software/java! • service ‘httpd’ should be running

  36. • The Java JDK, version 7u45, found on an internally

    hosted web server, should be installed into /usr/local/jdk-7u45/

  37. Polices are declarations about the state of things in a

    system

  38. Polices are applied repeatedly and repair the system when needed

  39. Policies often change

  40. • package ‘widget-factory’ should be installed at version 1.2.3

  41. • package ‘widget-factory’ should be installed at version 1.3.0

  42. http://www.flickr.com/photos/jakepjohnson/4937767595 Repeatability

  43. Repeatable -> Idempotent -> Convergent

  44. • Scripts are not generally repeatable

  45. None
  46. None

  47. • But they can be!

  48. None

  49. ! Idempotent operations can be applied infinite times and will

    yield the same result every time
  50. None

  51. Idempotent http://www.flickr.com/photos/ian_munroe/4758240536/

  52. http://www.flickr.com/photos/ian_munroe/4758240536/ Idempotent NOT GOOD ENOUGH

  53. ! Convergent operations test state and repair if needed

  54. None
  55. None

  56. ! A control loop keeps the system stable and allows

    for change when policy is updated

  57. Autonomous agent Policy: The box should be closed

  58. Convergence

  59. None
  60. None
  61. None

  62. Converging with Bash

  63. git clone git@github.com:someara/ cbash.git

  64. None
  65. None
  66. None
  67. None
  68. None
  69. None
  70. None
  71. None
  72. None
  73. None
  74. None
  75. None
  76. None

  77. Convergence and Iteration

  78. None
  79. None
  80. None
  81. None
  82. None
  83. None

  84. Does order matter?

  85. YES

  86. None

  87. Promises http://www.flickr.com/photos/nazzen9009/6809694353/

  88. • Agents are autonomous! • A promise is a signal

    or message perceived by an observer.! • Promises may or may not be kept.! • Agents can observe other agents! • Agents only have local information *! • Inner workings of agents are assumed to be unknown http://markburgess.org/BookOfPromises.pdf

  89. • Agents have intentions (possible behaviors)! • Agents can make

    assessments about other agents http://markburgess.org/BookOfPromises.pdf

  90. • Configuration Management tools embody tenants of Promise Theory intentionally

    or not

  91. Domain Specific Languages

  92. ! DSLs restrict machine instructions to convergent operations

  93. ! DSLs manage ordering

  94. None

  95. type subject intentions

  96. None

  97. type subject intentions

  98. signal

  99. None

  100. type subject intention

  101. observation

  102. None

  103. type subject intentions

  104. None

  105. type intention subject

  106. signal

  107. Intermission

  108. None

  109. Part 3

  110. Composition

  111. None

  112. Recipes

  113. resource one resource two resource three

  114. { testable intent

  115. recipe[http::server]

  116. recipe[http::server]

  117. recipes supporting files

  118. Types

  119. None

  120. interface implementation

  121. None

  122. intentions parameters

  123. None

  124. new scope intention implementation

  125. new scope intention implementation

  126. Artifacts

  127. metadata

  128. None

  129. metadata

  130. None

  131. http v0.1.0 chef-server api yum v3.0.0

  132. Delivery

  133. • nodes request their own initial run_list

  134. recipe[httpd::server] chef-server api run_list: http v0.1.0

  135. recipe[httpd::server] chef-server api run_list: http v0.1.0 recipe[openssh::server] openssh v3.2.1

  136. recipe[ntp::client] chef-server api run_list: http v0.1.0 recipe[openssh::server] openssh v3.2.1 recipe[httpd::server]

    ntp v1.0.0

  137. • Push vs Pull! • Networking considerations! • Machines down

    for maintenance! • Machines that don’t exist yet

  138. Dependencies

  139. None
  140. None
  141. None
  142. None
  143. None
  144. None

  145. recipe[widgetfactory] chef-server api run_list: http v0.1.0 yum v3.0.0 widgetfactory v1.0.0

  146. Integration testing

  147. • Test that a set of agents has achieved their

    combined goal

  148. • lsof -i :80! • ps -ef | grep httpd!

    • curl localhost 2>&1 > /dev/null

  149. • Berkshelf! • Vagrant! • Kitchen.ci! • Bats! • Serverspec

  150. Environments

  151. • Environments constrain cookbook versions! • Environments can set data

  152. None
  153. None

  154. • Environments can be used to test branches! • Environments

    can be used to segregate machines! • Environments can be manipulated programatically
  155. None
  156. None

  157. http v0.1.0 chef-server api http v0.2.0 openssh v1.2.3 postgresql v3.2.1

  158. recipe[widgetfactory] run_list: http v0.1.0 yum v3.0.0 widgetfactory v1.0.0 chef_environment: production

  159. recipe[widgetfactory] run_list: http v0.2.0 yum v3.0.0 widgetfactory v1.0.0 chef_environment: staging

  160. Part 4

  161. Clusters http://www.flickr.com/photos/youraccount/5938852370/

  162. Typical Cluster

  163. loadbalancer application db-slave db-master

  164. Production httpd 0.1.0

  165. Production Staging httpd 0.1.0 httpd 0.1.0

  166. Production Staging UUID httpd 0.1.0 httpd 0.1.0 httpd 0.2.0

  167. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  168. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  169. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  170. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  171. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  172. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  173. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  174. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  175. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  176. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  177. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  178. Production Staging httpd 0.2.0 httpd 0.2.0

  179. Production httpd 0.2.0

  180. An Ordering Problem

  181. loadbalancer application

  182. • Take a machine out of the pool! • Drain

    the connections! • Modify configuration! • Insert it back into the pool

  183. loadbalancer application

  184. loadbalancer application

  185. loadbalancer application

  186. loadbalancer application

  187. loadbalancer application

  188. loadbalancer application

  189. loadbalancer application

  190. loadbalancer application

  191. loadbalancer application

  192. loadbalancer application

  193. Orchestration

  194. • Conductor showing signals to autonomous agents (creative policy manipulation)!

    • External actor controlling sequencing (execution management)! • Application level sequencing (vector clocks, etc)

  195. • Infrastructures are snowflakes! • Solutions are unique to applications

    by nature! • Configuration Management 201

  196. • There is no separation between ‘infrastructure’ and ‘application’! •

    Distributed systems are hard! • Specialists need to work together

  197. Devops

  198. • Study Promise Theory! • Study distributed systems! • Develop

    high quality primitives! • Be excellent to each other

  199. Fin