Ansible and Cloudformation

Transcript

1. Ansible and Cloudformation Mark Wolfe DevOps @ Versent

2. Welcome • Who is this guy? • @wolfeidau on twitter

   and Github • Who is Versent? • Yes we are hiring

3. Overview • Reproducible and supported way to create an environment

   using a number of resources within an AWS account • Maintain many of these environments in parallel • Update these environments based on changing requirements • Hand over this code to others to maintain

4. kubernetes • Container schedular with lots of amazing features and

   contributors • Orchestrate Containers across a number of hosts • Requires a bit of infrastructure to bootstrap • VPC to hosts the cluster • etcd cluster • controllers • workers

5. Cloudformation • JSON representation of AWS infrastructure • Not a

   lot of Logic • Verbose and cumbersome to refactor • Use a DSL • cloudformation-ruby-dsl

6. Cloudformation Layers • Like an onion • Has layers •

   These layers build a number a resources then output attributes • Subsequent layers build use outputted attributes • Strategies for re-usable CloudFormation Templates

7. Code • Lets review the code

8. Ansible

9. Ansible • Run Cloudformation • Manage different environment configuration •

   Generate and upload certificates • Executed from CI server • Discover and retrieve attributes / settings from other stacks

10. Cloudformation Module • Build a stack • Discover a stack

    and retrieve it’s outputs • Export these as facts • Use them in subsequent layers

11. AWS CLI • Ansible used to execute aws CLI tasks

    such as: • Update Route53 to switch CNAMES during deployments • Generate and store Secrets • unicreds Store secrets using DynamoDB + KMS • Upload UserData bundles to S3 • requirements.yml • playbook.yml

12. CI/CD • Builds environments • Used to manage parameters /

    environments • Ansible used to perform adhoc automation tasks • Run backup Jobs across a number of hosts using dynamic inventory • Sync data between S3 buckets across accounts and report any issues • Reusable roles used to build these jobs

13. • Decomposed into reusable Roles • docker • etcd •

    kubernetes controllers • kubernetes workers UserData

14. • Using molecule • makes testing ansible roles really simple

    • docker • serverspec Testing

15. Questions • Thanks for listening • @wolfeidau on twitter •

    github.com/wolfeidau • [email protected]

16. References • http://awsadvent.tumblr.com/post/38685647817/ strategies-reusable-cfn-templates • https://github.com/wolfeidau/k8sdev SOON • https://github.com/metacloud/molecule •

    https://github.com/retr0h/ansible-etcd/blob/master/ Makefile • https://github.com/kelseyhightower/kubernetes-the- hard-way

17. Images • Image from banff collection by TJ Holowaychuk •

    "Snowstorm" by Beaulawrence