Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Configuration Management 101 @ Scale12x

Ea72b50eef37ebe730c37d96c5b5dd51?s=47 someara
February 28, 2014
Technology
2
480

Configuration Management 101 @ Scale12x

Ea72b50eef37ebe730c37d96c5b5dd51?s=128

someara

February 28, 2014
Tweet

More Decks by someara

See All by someara
Ea72b50eef37ebe730c37d96c5b5dd51?s=48 someara
0
97
Ea72b50eef37ebe730c37d96c5b5dd51?s=48 someara
0
170
Ea72b50eef37ebe730c37d96c5b5dd51?s=48 someara
1
180
Ea72b50eef37ebe730c37d96c5b5dd51?s=48 someara
0
160
Ea72b50eef37ebe730c37d96c5b5dd51?s=48 someara
2
240
Ea72b50eef37ebe730c37d96c5b5dd51?s=48 someara
3
460
Ea72b50eef37ebe730c37d96c5b5dd51?s=48 someara
2
350
Ea72b50eef37ebe730c37d96c5b5dd51?s=48 someara
2
230
Ea72b50eef37ebe730c37d96c5b5dd51?s=48 someara
10
6k

Other Decks in Technology

See All in Technology
9b2600a82821673d9d0f03cc6f7bc56e?s=48 kloudleinc
0
680
525442fc70ca92f82ae503f826956137?s=48 finengine
0
130
9f481df7e7f978eb6ab93a5cfffcdc20?s=48 tetsuyaisogai
0
140
73560128b23de542e47a318145bc781a?s=48 kawanamiyuu
4
690
7cd783377515bdf8207062840b7b2f4e?s=48 soracom
0
800
5c3556b7c8c0ab6bc90a62161a8315f8?s=48 gracia
0
830
7e3cdbf62ad6e34cf379443678b1b378?s=48 sogaoh
2
420
19fc8f6113c5c3d86e6176362ff29479?s=48 kanaugust
PRO
0
190
0e8fbeb3dc2da3e502483edea80be7d6?s=48 htomine
0
160
69b93af68320a590f607c296e8edff73?s=48 k1low
13
2.4k
53850955f15249a1a9dc49df6113e400?s=48 line_developers
PRO
1
320
4ab9c4c8dec50dc08b89981e23e111f2?s=48 katsumataryo
3
810

Featured

See All Featured
B3d6434763caa0ef5dc4b792662c49f7?s=48 smashingmag
232
18k
Be9caeb9d4ef9944d151af909063ed6e?s=48 samlambert
237
10k
E195ae45320d9202eaa01c9f1d31a416?s=48 marktimemedia
7
440
C1daf20e5c49ff910745198ef9869ac2?s=48 hatefulcrawdad
257
17k
C0b42577cfc2b321be3474618107e933?s=48 samanthasiow
57
6.4k
D09fad3e36ae6841f54820be0e907f7a?s=48 rocio
155
11k
Eb8975af8e49e19e3dd6b6b84a542e26?s=48 qrush
285
19k
A0517b08532aec8ab2aae3f65d40ad86?s=48 hannesfritz
28
970
4394ceb8b277f35ee3da7030384efb5d?s=48 davidbonilla
70
3.6k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
PRO
322
53k
282d599b414022eba5096510f675b6e2?s=48 chrislema
173
14k
D8fc2580cfaca035f666d9e4ee79a7f7?s=48 mongodb
23
3.9k

Transcript

  1. Configuration Management 101! Scale 12x

  2. AKA

  3. Sean Drops the Fucking Science

  4. Sean OMeara! someara@opscode.com! @someara

  5. Sean OMeara! someara@opscode.com! @someara

  6. Sean OMeara! someara@getchef.com! @someara

  7. whoami

  8. Part 1

  9. The Dawn of Configuration Management

  10. • What is configuration management?! • Strategies and techniques for

    managing configuration and its complexity! • The art of change management

  11. Manual Configuration

  12. • Intuitive! • How we all start out! • Log

    into machine, manipulate with fingers! • Make with the clicky clicky! • Long tradition

  13. • Somehow feels the “safest"! • First instinct in emergencies!

    • This is an illusion! • Do not do this

  14. • Labor intensive! • Error prone! • Difficult to reproduce!

    • Obviously unsustainable

  15. Scripting

  16. • setup.sh! • setup.pl! • setup.py! • setup.rb

  17. • doit.sh! • doit.pl! • doit.py! • doit.rb

  18. • Ad-hoc in nature! • Loss of history! • Lacks

    testing methodology! • A step in the right direction

  19. File Distribution

  20. • NFS! • SMB! • AFS! • SSHFS! • GlusterFS

  21. • uucp! • rcp! • ftp! • http! • scp

  22. •Distributed systems! •Shares often managed manually or with scripts! •Package

    repositories! •Pull is better than push! •Scp on a cron *

  23. Execution Management

  24. • Image management! • Snapshots and cloning! • Containers

  25. • SSH on a for loop! • Func! • Commands

    on message queues! • ISConf

  26. • Loss of history! • Image sprawl! • Easy to

    order change across nodes

  27. Convergent Operators! (promises)

  28. None

  29. Mark Burgess

  30. The rest of us

  31. Tools

  32. • CFEngine! • Bcfg2! • Puppet! • Chef! • Salt!

    • Ansible
  33. None

  34. Part 2

  35. Policy http://www.flickr.com/photos/sfllaw/222795669/

  36. • /etc/passwd should be mode 0644! • /etc/shadow should be

    mode 0600

  37. • user ‘kermit’ should exist! • user ‘fonzi’ should exist!

    • group ‘muppets’ should exist! • group ‘muppets’ should contain kermit and fonzi

  38. • package ‘ntpd’ should be installed! • ntpd should sync

    with our AD service! • service ‘ntpd’ should be running

  39. • package ‘httpd’ should be installed! • httpd should be

    expose /mnt/software/java! • service ‘httpd’ should be running

  40. • The Java JDK, version 7u45, found on an internally

    hosted web server, should be installed into /usr/local/jdk-7u45/

  41. Polices are declarations about the state of things in a

    system

  42. Polices are applied repeatedly and repair the system when needed

  43. Policies often change

  44. • package ‘widget-factory’ should be installed at version 1.2.3

  45. • package ‘widget-factory’ should be installed at version 1.3.0

  46. http://www.flickr.com/photos/jakepjohnson/4937767595 Repeatability

  47. Repeatable -> Idempotent -> Convergent

  48. • Scripts are not generally repeatable

  49. None
  50. None

  51. • But they can be!

  52. None

  53. ! Idempotent operations can be applied infinite times and will

    yield the same result every time
  54. None

  55. Idempotent http://www.flickr.com/photos/ian_munroe/4758240536/

  56. http://www.flickr.com/photos/ian_munroe/4758240536/ Idempotent NOT GOOD ENOUGH

  57. ! Convergent operations test state and repair if needed

  58. None
  59. None

  60. ! A control loop keeps the system stable and allows

    for change when policy is updated

  61. Autonomous agent Policy: The box should be closed

  62. Convergence

  63. None
  64. None
  65. None

  66. Converging with Bash

  67. git clone git@github.com:someara/ cbash.git

  68. None
  69. None
  70. None
  71. None
  72. None
  73. None
  74. None
  75. None
  76. None
  77. None
  78. None
  79. None
  80. None

  81. Convergence and Iteration

  82. None
  83. None
  84. None
  85. None
  86. None
  87. None

  88. Does order matter?

  89. YES

  90. None

  91. Promises http://www.flickr.com/photos/nazzen9009/6809694353/

  92. • Agents are autonomous! • A promise is a signal

    or message perceived by an observer.! • Promises may or may not be kept.! • Agents can observe other agents! • Agents only have local information *! • Inner workings of agents are assumed to be unknown http://markburgess.org/BookOfPromises.pdf

  93. • Agents have intentions (possible behaviors)! • Agents can make

    assessments about other agents http://markburgess.org/BookOfPromises.pdf

  94. • Configuration Management tools embody tenants of Promise Theory intentionally

    or not

  95. Domain Specific Languages

  96. ! DSLs restrict machine instructions to convergent operations

  97. ! DSLs manage ordering

  98. None

  99. type subject intentions

  100. None

  101. type subject intentions

  102. signal

  103. None

  104. type subject intention

  105. observation

  106. None

  107. type subject intentions

  108. None

  109. type intention subject

  110. signal

  111. Intermission

  112. None

  113. Part 3

  114. Composition

  115. None

  116. Recipes

  117. resource one resource two resource three

  118. { testable intent

  119. recipe[http::server]

  120. recipe[http::server]

  121. recipes supporting files

  122. Types

  123. None

  124. interface implementation

  125. None

  126. intentions parameters

  127. None

  128. new scope intention implementation

  129. new scope intention implementation

  130. Artifacts

  131. metadata

  132. None

  133. metadata

  134. None

  135. http v0.1.0 chef-server api yum v3.0.0

  136. Delivery

  137. • nodes request their own initial run_list

  138. recipe[httpd::server] chef-server api run_list: http v0.1.0

  139. recipe[httpd::server] chef-server api run_list: http v0.1.0 recipe[openssh::server] openssh v3.2.1

  140. recipe[ntp::client] chef-server api run_list: http v0.1.0 recipe[openssh::server] openssh v3.2.1 recipe[httpd::server]

    ntp v1.0.0

  141. • Push vs Pull! • Networking considerations! • Machines down

    for maintenance! • Machines that don’t exist yet

  142. Dependencies

  143. None
  144. None
  145. None
  146. None
  147. None
  148. None

  149. recipe[widgetfactory] chef-server api run_list: http v0.1.0 yum v3.0.0 widgetfactory v1.0.0

  150. Integration testing

  151. • Test that a set of agents has achieved their

    combined goal

  152. • lsof -i :80! • ps -ef | grep httpd!

    • curl localhost 2>&1 > /dev/null

  153. • Berkshelf! • Vagrant! • Kitchen.ci! • Bats! • Serverspec

  154. Environments

  155. • Environments constrain cookbook versions! • Environments can set data

  156. None
  157. None

  158. • Environments can be used to test branches! • Environments

    can be used to segregate machines! • Environments can be manipulated programatically
  159. None
  160. None

  161. http v0.1.0 chef-server api http v0.2.0 openssh v1.2.3 postgresql v3.2.1

  162. recipe[widgetfactory] run_list: http v0.1.0 yum v3.0.0 widgetfactory v1.0.0 chef_environment: production

  163. recipe[widgetfactory] run_list: http v0.2.0 yum v3.0.0 widgetfactory v1.0.0 chef_environment: staging

  164. Part 4

  165. Clusters http://www.flickr.com/photos/youraccount/5938852370/

  166. Typical Cluster

  167. loadbalancer application db-slave db-master

  168. Production httpd 0.1.0

  169. Production Staging httpd 0.1.0 httpd 0.1.0

  170. Production Staging UUID httpd 0.1.0 httpd 0.1.0 httpd 0.2.0

  171. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  172. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  173. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  174. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  175. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  176. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  177. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  178. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  179. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  180. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  181. Production Staging UUID httpd 0.1.0 httpd 0.2.0 httpd 0.2.0

  182. Production Staging httpd 0.2.0 httpd 0.2.0

  183. Production httpd 0.2.0

  184. An Ordering Problem

  185. loadbalancer application

  186. • Take a machine out of the pool! • Drain

    the connections! • Modify configuration! • Insert it back into the pool

  187. loadbalancer application

  188. loadbalancer application

  189. loadbalancer application

  190. loadbalancer application

  191. loadbalancer application

  192. loadbalancer application

  193. loadbalancer application

  194. loadbalancer application

  195. loadbalancer application

  196. loadbalancer application

  197. Orchestration

  198. • Conductor showing signals to autonomous agents (creative policy manipulation)!

    • External actor controlling sequencing (execution management)! • Application level sequencing (vector clocks, etc)

  199. • Infrastructures are snowflakes! • Solutions are unique to applications

    by nature! • Configuration Management 201

  200. • There is no separation between ‘infrastructure’ and ‘application’! •

    Distributed systems are hard! • Specialists need to work together

  201. Devops

  202. • Study Promise Theory! • Study distributed systems! • Develop

    high quality primitives! • Be excellent to each other

  203. Fin