As more and more application deployments move to the cloud the scale and complexity becomes harder to manage. Instead of a handful of large instances, you might have many smaller instances, so there are many more things you need to provision. Because of this cloud vendors provide API abstraction of their compute, storage, network and other platform services. In this talk I present a guide to provision these services, such as a Kubernetes cluster, using infrastructure as code and deploy your applications through cloud-native build pipelines. Get to know the concepts behind these DevOps practices and come hear which tools to use like Terraform and Oracle Container Pipelines to automate these laborious tasks on the Oracle Cloud Infrastructure.
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
1. Robert van Mölken
Solution Architect |
Groundbreaker Ambassador
| Oracle ACE | Author
Hitchhiker's guide to
Cloud-Native Build
Pipelines and
Infrastructure as Code
2. Topics of this talk
2
01
02
03
04
Meaning and importance in DevOps practices, difference in tooling
Cloud-native pipelines vs Infrastructure-as-code
Introduction in best-of-breed tools for Infrastructure as Code
Infra-as-code using Terraform, Ansible and Packer
Introduction into Oracle Visual Builder Studio (formally Developer Cloud)
Cloud-native build pipelines using Visual Builder Studio
Demo resources for provisioning of infrastructure through pipeline
Getting started with infrastructure as code on Oracle
Cloud
3. Who am I? 3
Robert van Mölken
Solution Architect / Developer
Blockchain / IoT / Cloud Apps
Groundbreaker Ambassador
Linkedin: linkedin.com/in/rvmolken
Blog: technology.vanmolken.nl
Twitter: @robertvanmolken
6. 5 DevOps practices around automation
Configuration Management — Automate otherwise tedious tasks and allow your
organization to increase agility, e.g. software installations.
Infrastructure as Code — Turn complex systems and environments into a few lines
of code. Enabling deployments through CI/CD pipelines to provision the new (cloud)
environment.
Documentation as Code — Automating documentation along with the written code.
No more word documents for technical documentation!
Continuous Integration (CI) — The process of managing code lifecycle by
automating the build and testing of code every time a team member commits
changes to version control.
Continuous Delivery (CD) — The process of managing application deployments to
build, test, configure and deploy from a build to production.
6
7. What is infrastructure-as-code?
Managing and provisioning IT (cloud) infrastructure through machine-
readable definition files, i.e. code, rather then manual processes
Files can either be scripts (bash, poweshell) or declarative definitions
Definitions can comprise of both physical equipment, e.g. bare-metal
servers, as well as cloud resources, e.g. virtual machines, platform /
application services, and associated configuration resources
Definitions are stored in same version control system as application code
Used by tools to perform unattended automation and state management
7
8. Benefits of infrastructure-as-code
8
RE-USE & PROMOTE DEFINITIONS
Re-use the same definition
across environments for
application or service
BENEFITS OF PROMOTION/RE-USE
AUTOMATE SERVER UPDATES
Automation is not only for
servers / resources
BENEFITS OF AUTOMATION
• Synchronize configuration by running
running definition files on a schedule
• Create immutable servers. Apply
rebuilding servers
• Create containerized servers. Apply
by deploying new containers
9. Benefits of infrastructure-as-code
9
UNATTENDED AUTOMATION
Tools run on a schedule to
re-apply, and update
configuration
BENEFITS OF UNATTENDED
• Discover problems quickly
• Force yourself to fix those problems
• Force yourself to improve your tools
processes
• Discourages “out of band” changes as
as definition files are forcing the truth
TEST INFRASTRUCTURE CHANGES
Always test/plan new
before applying to prevent
DevOops
BENEFITS OF TESTING CHANGES
10. What are cloud-native pipelines?
CI/CD pipelines for cloud-native applications
1. Build the code (infrastructure or application) on commit trigger
2. Validate infrastructure definition or application code
3. Create and archive deployment artifacts in registry
4. Run tools to apply changes to environments and only promoted after
passing tests and authorization
10
11. Benefits of pipelines?
11
VALIDATE & TEST CHANGES
Pipelines validate and test
changes before applying
changes to production
BENEFITS OF VALIDATION/TESTING
• Get confidence for frequent, small
improvements
• Limit direct changes to infrastructure
infrastructure and application
• Correctness about the applied
changes
• Guarantees same performance and
stability across environments
GOVERNANCE
The process of applying
changes is auditable
BENEFITS OF GOVERNANCE
• Track back changes to commits
• Automation ensures processes are
• Build steps can require authorization as
12. What tools can we use?
12
Infrastructure-as-code Cloud-native build pipeline
Oracle Visual
Builder Studio
14. Terraform by HashiCorp
Terraform is a tool for writing, planning and creating infra-as-code by
tracking the state of the infra it manages in a declarative approach
Configuration files define the expected state, instead of sequencing
actions (using CLI) and can be written in HCL, or optionally JSON
Terraform manages virtual server life cycles (VMs), supporting services
(networking, storage) and platform services (k8s, database, functions)
Supports a diverse range of cloud providers and tools through a set of
plugins called providers (incl. Oracle Cloud, Azure, Helm, LogicMonitor)
14
(Hashicorp Configuration Language)
15. Terraform by HashiCorp
15
Terraform HCL for a Compute Instance
• Resource definition is represented as a
block of data.
• Header have a <type> <name>
structure
• Attributes can reference variables
• Attributes can reference resources
• Attributes can reference file paths
In addition:
• Resources can depend on others
• Terraform builds a graph to track
dependencies
• Terraform can perform actions in
parallel
16. Ansible by RedHat
Ansible is an IT automation and orchestration tool popular for its
simplicity of installation
It can configure systems, deploy software, orchestrate more advanced
IT tasks such as continuous deployments or zero downtime rolling
updates
It doesn’t need any agent to be installed on the target machines. It uses
SSH to get information from the remote machines, to run commands on
remote machines and to copy files
Its modularity regarding plugins, modules, inventories, and playbooks
make Ansible perfect tool to orchestrate large environments
16
17. Ansible is purely written in Python
and all things will execute on Python
interpreter
17
Ansible Architecture • The inventory – host information to manage
• A playbook – unit of scripts that defines work (plays) for a
server configuration (YAML format)
• Modules / plugins
• Things which actually do the work
• Get executed in each playbook task
Ansible Architecture
19. Packer by HashiCorp
Packer is a tool for creating machine and container images for multiple
platforms from a single source configuration
A machine image is a single static unit that contains a pre-configured
operating system and installed software which is used to quickly create
new running machines
Packer installs and configures all the software for a machine at the time
the image is build. After build it is up to you to launch or destroy them.
Packer creates identical images for multiple platforms, e.g. Oracle
Cloud (prod), private cloud (staging) or VirtualBox (dev). Each
environment is running an identical machine image
19
20. Packer Workflow Concepts
20
Build
Provision
Post Processing
Oracle
Cloud
Azure
Virtual
Box
VM
Ware
Open/
Cloud
Stack
templates templates
• Templates: JSON files containing the
build information
• Builders: Platform specific building
configuration
• Provisioners: Tools that install
software after the initial OS install
• Post-processors: Actions to happen
after the image has been built
21. Packer Template Example
21
- Template can define reusable variables
- Both static or from environment
- Can be used in rest of template
- Builders block defines one of more build
configuration for creating images
- Type: defines target provider
- oracle-oci, azure-arm, docker, etc.
- Every builder has its own parameters
- tenancy, base-image, vm-shape, etc.
- Provisioners block defines one or more actions
to perform on OS
- Type: defines provision method
- shell, powershell, file, puppet, ansible,
etc.
23. Oracle Visual Builder Studio
A service that integrates an agile collaborative team development platform
with code management and CI/CD automation, extended with visual
development tooling for web and mobile applications
Manage the full lifecycle of all the artifacts that participate in the ecosystem
of extending Oracle Cloud Applications.
Includes features that streamline the development lifecycle such as an issue
tracking system, Agile boards and Sprint management utilities, along with
wikis for information sharing and private hosted GIT repositories
Integrates popular build and test frameworks, as well as utilities that help
manage infrastructure as code leveraging standards such as Docker,
Kubernetes, and Terraform
23
30. Resources to get started
• Terraform provider for Oracle Cloud Infrastructure:
https://registry.terraform.io/providers/hashicorp/oci/latest/docs
https://github.com/terraform-providers/terraform-provider-oci/tree/master/examples
• Packer builder for Oracle Cloud Infrastructure:
https://www.packer.io/docs/builders/oracle/oci
• Getting started with Ansible on Oracle Cloud:
https://oracle-cloud-infrastructure-ansible-modules.readthedocs.io/.../technical-overview.html
https://github.com/oracle/oci-ansible-collection
• Guide – Infrastructure-as-code using Terraform on Oracle Cloud:
https://blogs.oracle.com/.../infrastructure-as-code-using-terraform-on-oracle-cloud
• Guide – Build custom cloud images using Packer on Oracle Cloud:
https://blogs.oracle.com/.../build-custom-images-with-packer-on-oracle-cloud
30
37. Experts in Modern Development
Learn more at
developer.oracle.com/ambassador
Nominate a
Groundbreaker Ambassador
@groundbreakers
The Oracle Groundbreaker Ambassadors
award recognizes modern developers for their
contribution to the developer community.
gbanomination.oracle.com
• Cloud
• Microservices and Containers
• Java, JavaScript/Node.js, PHP, Python
• DevOps
• Continuous Delivery
• Open Source Technologies
• SQL/NoSQL Databases
• Machine Learning, AI, Chatbots
39. Robert van Mölken
Solution Architect |
Groundbreaker Ambassador
| Oracle ACE | Author
Hitchhiker's guide to
Cloud-Native Build
Pipelines and Infra as
Code
Editor's Notes
Terraform is an infrastructure-as-code provisioning tool that tracks the state of the infrastructure it is managing to enable the declarative approach. Instead of defining and sequencing actions, as you are doing while working with the CLI, Terraform lets you define the expected state of your infrastructure. Next, it becomes the job of Terraform to detect what kind of actions, and in which sequence, have to be taken to bring the cloud resources to the expected state. You do not need to worry about any intermediary states. Only the result matters. Terraform supports a diverse range of cloud providers through a set of plugins called providers. When you initiate a new project using the terraform init command, Terraform reads your configuration files in this directory, detects which provider to use, and downloads the newest version of a particular provider plugin.
Some settings of ansible can be written in the global ansible.cfg file but we can also write our own ansible.cfg which has higher precedence over the global file.
Ansible is purely written in Python and all things will execute on Python interpreter.
Some settings of ansible can be written in the global ansible.cfg file but we can also write our own ansible.cfg which has higher precedence over the global file.
Ansible is purely written in Python and all things will execute on Python interpreter.