1. Infrastructure as Code
Introduction to DevOps and
nfrastructure As Code
Infrastructure as Code
Rolands Mekšs
A/S 4finance
Infrastructure as Code

2. Infrastructure Complexity
< 80s
Mainframes

3. Infrastructure Complexity
< 80s 80s - 90s
Mainframes Client
Server

4. Infrastructure Complexity
< 80s 80s - 90s 90s
Mainframes Client Multi-Tier apps
Server

5. Infrastructure Complexity
< 80s 80s - 90s 90s 2000s
Mainframes Client Multi-Tier apps Data Centers
Server

6. Infrastructure Complexity in 2010s
Cloud Provider Client Data Center
Internet

7. Infrastructure Complexity
Virtual Nodes
Physical Hardware

8. Concept of physical hardware blurs

9. Everything as a Service

11. Soon will hit 100 production server count (DB/Application/Web Proxies)
Not counting testing / staging / UAT / DR environments

12. Agile development
Quick reaction to requirements and change
Short development sprints
Develop small, incremental releases
Continuous integration
Continious delivery of working software

13. Agile software delivery
Deploy
Risk
Develop
Deploy
Risk
Develop
Time

14. Continuous delivery
Deploy
Risk
Develop
Deploy
Risk
Develop
Deploy
Risk
Develop
Deploy
Risk
Develop
Time
Challenging if not impossible without serious CI, testing and automated
deployments

15. Separate teams
Development Operations

16. Separate teams
Development Operations
We want change

17. Separate teams, distinct goals
Development Operations
We want change The answer is NO

18. Wall of confusion
Development Operations
We want change The answer is NO

19. Merge of concerns
DevOps

20. What is DevOps
More like an idea or collaborative culture/philosophy between technical teams
Often stated as «Agile for Operations»
Unified processes, unified tools for faster end-to-end delivery of quality software
Automate all the things!
Not a job description, same way as there is no such job «Agile Developer»
It’s just a way of work

21. DevOps team in 4finance
Provide teams with processes and tools for better day to day project activities
Automate environment creation
Enable automated deployment process
Enable freely available performance monitoring and log viewing
Provide support in infrastrucure related questions
Enable DevOps

22. Infrastructure as code

23. How do you provision new server?
Adhoc actions – hack while it works

24. How do you provision new server?
Adhoc actions – hack while it works
SNOWFLAKES ARE SPECIAL, SERVERS ARE NOT

25. How do you provision new server?
Follow some documented instructions

26. Doing changes to servers manually involves
PEOPLE

27. Doing changes to servers manually involves
PEOPLE
Terrible of doing things
repeatedly

28. Doing changes to servers manually involves
PEOPLE
Terrible of doing things
repeatedly

29. More than80% of all mission-critical IT service outages are
due to PEOPLE and process errors

30. How do you provision new server?
Use self written shell scripts
+ Some sort of automation
+ Version control possible
+ Works fine if you have 5 or so servers

31. How do you provision new server?
Use self written shell scripts
+ Some sort of automation
+ Version control possible
+ Works fine if you have 5 or so servers
- Does not handle change during server lifecycle

32. True story
Simple change as timezone setting
Options:
• Log in each affected server and change manually
• SSH for loop could do the trick

33. True story
Simple change as timezone setting
Options:
• Log in each affected server and change manually
• SSH for loop could do the trick
Configuration drift!

34. There got to be better way

35. We know how to handle change in software
development
Code and configuration is in verison control system
Unit and integration tests
Safe acceptance testing in test/stage environments
Code review

36. Infrastructure should be treated like a code
Packages installed, versions
Server and application configuration (such as timezone settings)
Relationships with other servers and services

37. Infrastructure should be treated like a code
Packages installed, versions
Server and application configuration (such as timezone settings)
Relationships with other servers and services
We want
Automated , repeatable operations
Predictable outcome
Remove manual, error prone steps
Manage change during server lifecycle
Ability to test outcomes

38. Infrastructure as Code
"Enable the reconstruction of the business from
nothing but a source code repository, an
application data backup, and bare metal
resources"
Adam Jacob

39. Netflix Chaos Monkey

40. Configuration management
Declarative specifications or policies
Setting
the Policy
Report Executing
the policy the policy
Auditing
the policy

41. Configuration management systems

42. How Puppet Works
Manage infrastructure throughout its lifecycle

43. Puppet Resources
Resources – Puppet building blocks
user { 'dave':
ensure => present,
uid => '507',
gid => 'admin',
shell => '/bin/zsh',
home => '/home/dave',
}

44. Resources – Puppet building blocks
package { 'apache2':
ensure=>'installed'
}

45. Resources – Puppet building blocks
package { 'apache2':
ensure=>'installed'
}
service { 'apache2':
ensure=>'running'
}

46. Resources – Puppet building blocks
package { 'apache2':
ensure=>'installed'
}
service { 'apache2':
ensure=>'running'
}
cron { cleanup:
command=>'/test/cleanup.sh',
user=>test,
hour=>5,
minute=>0
}

47. Resources – Puppet building blocks
package { 'apache2':
ensure=>'installed'
}
service { 'apache2':
ensure=>'running'
}
cron { cleanup:
command=>'/test/cleanup.sh',
user=>test,
hour=>5, file { ‘/tmp/helloPuppet':
minute=>0 content=>‘Hello!'
} }

48. Puppet manifests
package { "openssh":
ensure => present,
}
service { "sshd":
ensure => running,
hasstatus => true,
hasrestart => true,
enable => true,
require => Package["openssh"],
}

49. Puppet templates
package { "openssh":
ensure => present, Port <%= listen_port%>
} Protocol 2
SyslogFacility AUTHPRIV
service { "sshd": PermitRootLogin no
ensure => running, PasswordAuthentication no
hasstatus => true, ChallengeResponseAuthentication no
hasrestart => true, GSSAPIAuthentication yes
enable => true, GSSAPICleanupCredentials yes
require => Package["openssh"], UsePAM yes
} X11Forwarding yes
Banner /etc/motd
$listen_port=2222
sshd_config.erb
file { "/etc/ssh/sshd_config":
path => "/etc/ssh/sshd_config",
owner => root,
group => root,
mode => 444,
content => teplate("sshdconf/sshd_config.erb"),
notify => Service[sshd],
}

50. Reusable Configuration Modules

51. How Puppet Enforces Desired State

52. Node definitions in Puppet
node base { node { ‘my.prod.server.com’ inherits base
include openssh
include mymanifest.pp $apacheversion = "2.0.33"
} package { "apache2":
ensure => $apacheversion,
}
}

53. Development practices applied to infrastructure
Version control & source code management
IDEs, editors, refactoring tools
Environments
Self-documentation
Testing

54. BDD with Puppet

55. Puppet development with Vagrant
A tool for building virtualized environments in your PC
Actually works as command line wrapper for VirutalBox
Shared filesystem between host and guest
Allows to spin up virtual machine with preinstalled
Puppet/Chef

57. Vagrant – boxes and environments
$ vagrant box add lucid32 http://files.vagrantup.com
Vagrant::Config.run do |config|
# Setup the box
config.vm.box = "lucid32"
config.vm.provision :puppet do |puppet|
puppet.module_path = "puppet/modules"
puppet.manifests_path = "puppet/manifests"
end
end

58. Vagrant – boxes and environments
$ vagrant up
$ vagrant provision
$ vagrant ssh
$ vagrant destroy

59. Modeling environment systems with Vagrant

60. Q&A