+ All Categories
Home > Documents > Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open...

Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open...

Date post: 14-Jul-2020
Category:
Upload: others
View: 0 times
Download: 0 times
Share this document with a friend
37
www.safespring.com 2019-04-04 Anders Bruvik Infrastructure engineer at Safespring Infrastructure as Code @bruvik
Transcript
Page 1: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

www.safespring.com2019-04-04

Anders BruvikInfrastructure engineer at Safespring

Infrastructure as Code

@bruvik

Page 2: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Infrastructure The basic physical and organizational structures and facilities (e.g. buildings, roads, power supplies) needed for the operation of a society or enterprise.

Page 3: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

DASHBOARD

Horizon

THE INTERNET

OpenStack Overview

Access

Control

Function

BLOCK STORAGE

Cinder

IDENTITY

KeystoneIMAGE

Glance

NETWORKING

NeutronOBJECT STORAGE

CephCOMPUTING

Nova

Page 4: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Uninetwork

uni-r2uni-r2

site

site-r1

OSD

Nx10G / 100G

Page 5: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

DevOps

Page 6: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

What is NOT DevOps?

● A tool ● A role ● A job description ● A team

Page 7: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

CAMS

● Culture ● Automation ● Measurement ● Sharing

Page 8: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

DEVOPS A culture where people, regardless of title or background, work together to imagine, develop, deploy and operate a system – Ken Mugrage

Page 9: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Automation

Page 10: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Why?

● Faster to production

● Lower risk of human errors

● Spending more time on valuable tasks

● Support change

● Quicker recovery from failures

● Self documenting

● Continuous improvements

Page 11: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Safespring DevOps

Page 12: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

First generation Infrastructure as Code – Puppet

● Puppet Master holds all facts in Puppet DB

● All machines must have Puppet master access

● IPtables, DNS names, certificates generated from Puppet Master

● Facts describing node type (compute, storage or control) in Puppet DB

● Optimized for fleet management (large group homogenous nodes)

● If you do not know exact state of the node Puppet can help you streamline all nodes

Page 13: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Monolithic stacks… …are not inherently bad — in fact, they are often the best choice for an organization early in a product life cycle.

Page 14: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Operators working with code

When doing a change the operator must find out how to reach the goal of the operation without unwanted side effects

Puppet - Workflow

Repo/DB

Target: all servers

Page 15: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

First generation Infrastructure as Code – Problems

● Configuration drift – machines out of sync

● Hard to make small changes

● Puppet is declarative and not imperative - in which order will the commands be run?

● Hard to bootstrap new sites since there are some circular dependencies

Page 16: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Breaking up the monolith As systems grow – a monolithic stack become an antipattern

Page 17: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Antifragile

● Systems that grow stronger during testing.

● The default response to incidents is improvement.

● Minimizing the number of changes will not make a system more robust.

Page 18: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Safespring DevOps- Architecture

VirtualPhysical ContainerBinary

Page 19: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Second generation Infrastructure as Code – Workflow

What is needed?

● A mechanism to build (Smie - Forge).

● A place to store artefacts - could be image, container or binary (Naust - boat house)

● Mechanism for deployment (Seter - settlement) that could describe different runtime environments

Page 20: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Second generation Infrastructure as Code – Smie

What is Smie?

● Wrapper around Packer (Hashicorp)

● Produces artefacts

● All artefacts can be built separately

● Role: service, endpoint or component

Page 21: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

What is Naust?

● Both source and destination for Smie (cut dependencies to Internet repos)

● Full control over everything built for production

● Protocols:HTTPS/file, S3, Docker Registry

● Protocols depend on target systems

● Everything built get an URI with metadata (type, version, date)

Second generation Infrastructure as Code – Naust

Page 22: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Second generation Infrastructure as Code – Seter

What is Seter?

● Provisioning mechanism

● Wrapper around Ansible and Terraform

● Describes a set of artefacts needed to get a component running

● Also describes target: Physical node, virtual node or container

SYSTEM

VIRTUAL CONTAINERPHYSICAL

ART 1 ART 1 ART 2

Page 23: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Immutable infrastructure

● Changes done at templating stage

● New deployment preferred over change at host

● Easier to implement testing

● Simpler configuration management tooling

Page 24: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Example

● Ceph Object Storage backend needs a set of OSD and RadosGW role images

● Træfik as load balancer – role reused across different stacks

CEPH

VIRTUAL CONTAINERPHYSICAL

OSD RADOSGW TRÆFIK

Page 25: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

● Key/Value lookups against pluggable data stores

● Allows defining global values, and override at different levels of a hierarchy

● Open source project – Contributions from Safespring

Page 26: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Pipelines Continuous delivery is the ability to get changes of all types - including new features, configuration changes, bug fixes and experiments - into production, or into the hands of users, safely and quickly in a sustainable way. — Jez Humble

Page 27: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

UNIT tests

Functional tests

Staging environment

Deploy Production

Security tests

Compliance tests

Page 28: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Multiple pipelines

Production

Page 29: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Second generation Infrastructure as Code – Advantages

● Update systems faster

● Lower barrier to changes

● Reproduce systems as needed

● Build everything with as few dependencies as possible

● Add or change easily

● Target the affected nodes easily

● Verify that software works as intended

● Scales better with many operators

Page 30: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Testing

● It’s difficult to write automated tests for an existing, legacy system

● Restructuring a systems design in a way that facilitates independently testing components

● Test in production!

Page 31: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

1. generation IaC versus 2. generation IaC

Homogenous targets Heterogenous targets

Page 32: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Does it work? Yes!

Page 33: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Know-how

Technical expertise

Domainexpertise

Subjectexpertise

Page 34: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Technical Expertise Safespring core competency

User

Business

Technology

Page 35: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

Closing words

1. Safespring builds its products on open source

2. Safespring has moved from central CM solution to a distributed image based solution

3. Safespring offers Private Cloud solution for best practices solution in-house

Page 36: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based
Page 37: Safespring Infrastructure-as-Code SUNET-dagarna-2019 · Safespring builds its products on open source 2. Safespring has moved from central CM solution to a distributed image based

www.safespring.com

QA

2019-04-04

@bruvik


Recommended