Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Ansible and Cloudformation

Ansible and Cloudformation

Building AWS Environments with Ansible and Cloudformation.

Mark Wolfe

August 26, 2016
Tweet

More Decks by Mark Wolfe

Other Decks in Programming

Transcript

  1. Ansible and Cloudformation Mark Wolfe DevOps @ Versent

  2. Welcome • Who is this guy? • @wolfeidau on twitter

    and Github • Who is Versent? • Yes we are hiring
  3. Overview • Reproducible and supported way to create an environment

    using a number of resources within an AWS account • Maintain many of these environments in parallel • Update these environments based on changing requirements • Hand over this code to others to maintain
  4. kubernetes • Container schedular with lots of amazing features and

    contributors • Orchestrate Containers across a number of hosts • Requires a bit of infrastructure to bootstrap • VPC to hosts the cluster • etcd cluster • controllers • workers
  5. Cloudformation • JSON representation of AWS infrastructure • Not a

    lot of Logic • Verbose and cumbersome to refactor • Use a DSL • cloudformation-ruby-dsl
  6. Cloudformation Layers • Like an onion • Has layers •

    These layers build a number a resources then output attributes • Subsequent layers build use outputted attributes • Strategies for re-usable CloudFormation Templates
  7. Code • Lets review the code

  8. Ansible

  9. Ansible • Run Cloudformation • Manage different environment configuration •

    Generate and upload certificates • Executed from CI server • Discover and retrieve attributes / settings from other stacks
  10. Cloudformation Module • Build a stack • Discover a stack

    and retrieve it’s outputs • Export these as facts • Use them in subsequent layers
  11. AWS CLI • Ansible used to execute aws CLI tasks

    such as: • Update Route53 to switch CNAMES during deployments • Generate and store Secrets • unicreds Store secrets using DynamoDB + KMS • Upload UserData bundles to S3 • requirements.yml • playbook.yml
  12. CI/CD • Builds environments • Used to manage parameters /

    environments • Ansible used to perform adhoc automation tasks • Run backup Jobs across a number of hosts using dynamic inventory • Sync data between S3 buckets across accounts and report any issues • Reusable roles used to build these jobs
  13. • Decomposed into reusable Roles • docker • etcd •

    kubernetes controllers • kubernetes workers UserData
  14. • Using molecule • makes testing ansible roles really simple

    • docker • serverspec Testing
  15. Questions • Thanks for listening • @wolfeidau on twitter •

    github.com/wolfeidau • [email protected]
  16. References • http://awsadvent.tumblr.com/post/38685647817/ strategies-reusable-cfn-templates • https://github.com/wolfeidau/k8sdev SOON • https://github.com/metacloud/molecule •

    https://github.com/retr0h/ansible-etcd/blob/master/ Makefile • https://github.com/kelseyhightower/kubernetes-the- hard-way
  17. Images • Image from banff collection by TJ Holowaychuk •

    "Snowstorm" by Beaulawrence