atmosphere conference 2015: taming the modern datacenter
TRANSCRIPT
TAMING THE MODERN DATA CENTERA Hybrid Talk for a Hybrid World
SETH VARGO @sethvargo
DC EVOLUTION How did we get here?
RISING DATACENTER COMPLEXITY
DC
RISING DATACENTER COMPLEXITY
DC
RISING DATACENTER COMPLEXITY
DC
VM
VMVM
VM VM
VMVM
VM VM
VMVM
VM VM
VMVM
VM
RISING DATACENTER COMPLEXITY
DC
VM
VMVM
VM VM
VMVM
VM VM
VMVM
VM VM
VMVM
VMC C
C CC C
C C
C CC C
C C
C CC C
C C
C CC C
C C
C CC C
C C
C CC C
C C
C CC C
C C
C CC C
C C
C CC C
C C
C CC C
C C
C CC C
C C
C CC C
C C
C CC C
C C
C CC C
C C
C CC C
C C
C CC C
RISING DATACENTER COMPLEXITY
DC DNS
Database
CDN
RISING DATACENTER COMPLEXITY
DC-01 DC-02
RISING DATACENTER COMPLEXITY
DC-01 DC-02
VM
VMVM
VM VM
VMVM
VMC C
C CC C
C C
C CC C
C C
C CC C
C C
C CC C
RISING DATACENTER COMPLEXITY
IaaS PaaS SaaS
RISING DATACENTER COMPLEXITY
TAMING THE DC Deployment + Maintenance
PREVIOUSLY The APUD cycle
ACQUIRE PROVISION UPDATE DESTROY
ACQUIRE PROVISION UPDATE DESTROY
G’UVENDOR
ACQUIRE PROVISION UPDATE DESTROY
G U’U ’UVENDOR DC OPS
ACQUIRE PROVISION UPDATE DESTROY
G U’U ’U U’UVENDOR DC OPS SYSADMIN
ACQUIRE PROVISION UPDATE DESTROY
G U’U ’U U’U U’UVENDOR DC OPS SYSADMIN DC OPS
ACQUIRE PROVISION UPDATE DESTROY
VENDOR DC OPS SYSADMIN DC OPS
WEEKS DAYS DAYS DAYSc c c c
PRESENTLY The elasBc compute and _aaS era
ACQUIRE PROVISION UPDATE DESTROY
WEEKS DAYS DAYS DAYSc c c c
ElasBc Compute
ACQUIRE PROVISION UPDATE DESTROY
WEEKS DAYS DAYS DAYSc c c c
ElasBc Compute
ACQUIRE PROVISION UPDATE DESTROY
MINUTES DAYS DAYS SECONDSc c c c
ElasBc Compute
CapEx#
OpEx#
_aaS
ACQUIRE PROVISION UPDATE DESTROY
DAYS DAYSc c
ConfiguraBon Management
MINUTES SECONDSc c
ACQUIRE PROVISION UPDATE DESTROY
DAYS DAYSc c
ConfiguraBon Management
MINUTES SECONDSc c
ACQUIRE PROVISION UPDATE DESTROY
MINUTES SECONDSc c
ConfiguraBon Management
MINUTES SECONDSc c
ACQUIRE PROVISION UPDATE DESTROY
SaaS ProliferaBon
ACQUIRE PROVISION UPDATE DESTROY
https://specialized.com
RISING DATACENTER COMPLEXITY
DC DNS
Database
CDNVM
VMVM
VM VM
VMVM
VMC C
C CC C
C C
C CC C
C C
C CC C
WHY? What was our original goal?
EFFECTIVELY DELIVER AND MAINTAIN APPLICATIONS
MOVE FAST AND DON’T BREAK THINGS
h-ps://d250n10lsq5j8r.cloudfront.net/assets/atlas/runAme-‐develop-‐icon-‐color-‐
ebf4ccf5f2ca3513e495bccbe9320d45.png
Consistent
Shareable
Readily Available
High production parity
h-ps://d250n10lsq5j8r.cloudfront.net/assets/atlas/runAme-‐
deploy-‐icon-‐color-‐1c39f618b3b5ead204
dda4646bb2410e.pngStart and configure servers / services
Deploy and run application
Update servers or applications
Reconfigure, feature flag
Monitor health
Orchestrate complex changes
DEVELOP DEPLOY MAINTAIN
h-ps://d250n10lsq5j8r.cloudfront.net/assets/atlas/runAme-‐develop-‐icon-‐color-‐
ebf4ccf5f2ca3513e495bccbe9320d45.png
h-ps://d250n10lsq5j8r.cloudfront.net/assets/atlas/runAme-‐
deploy-‐icon-‐color-‐1c39f618b3b5ead204
dda4646bb2410e.png
DEVELOP DEPLOY MAINTAIN
TERRAFORMBuild, Combine, and Launch Infrastructure
MOTIVATION Why Terraform?
How do I provision resources? compute? storage? network?
How do I manage resource lifecycles?
How do I balance service providers providing core technology for my datacenter?
How do I enforce policy across all these resources?
How do I automate and share those configuraBons?
TERRAFORM'S GOAL
PROVIDE A SINGLE WORKFLOW
WITH A UNIFIED VIEW
USING INFRASTRUCTURE AS CODE
THAT CAN BE ITERATED AND CHANGED SAFELY
CAPABLE OF COMPLEX N-TIER APPLICATIONS
DIGITAL OCEAN DROPLET WITH DNS USING DNS SIMPLE
resource "digitalocean_droplet" "web" { name = "tf-web" size = "512mb" image = "centos-5-8-x32" region = "sfo1"} resource "dnsimple_record" "hello" { domain = "example.com" name = "test" value = "${digitalocean_droplet.web.ipv4_address}" type = "A"}
DIGITAL OCEAN DROPLET WITH DNS USING DNS SIMPLE
resource "digitalocean_droplet" "web" { name = "tf-web" size = "512mb" image = "centos-5-8-x32" region = "sfo1"} resource "dnsimple_record" "hello" { domain = "example.com" name = "test" value = "${digitalocean_droplet.web.ipv4_address}" type = "A"}
DIGITAL OCEAN DROPLET WITH DNS USING DNS SIMPLE
resource "digitalocean_droplet" "web" { name = "tf-web" size = "512mb" image = "centos-5-8-x32" region = "sfo1"} resource "dnsimple_record" "hello" { domain = "example.com" name = "test" value = "${digitalocean_droplet.web.ipv4_address}" type = "A"}
DIGITAL OCEAN DROPLET WITH DNS USING DNS SIMPLE
resource "digitalocean_droplet" "web" { name = "tf-web" size = "512mb" image = "centos-5-8-x32" region = "sfo1"} resource "dnsimple_record" "hello" { domain = "example.com" name = "test" value = "${digitalocean_droplet.web.ipv4_address}" type = "A"}
HUMAN-FRIENDLY CONFIG*
* JSON-COMPATIBLE FOR NON-HUMANS
VCS-FRIENDLY FORMAT
ENTIRE INFRASTRUCTURE... IN A SINGLE TEXT FILE
TERRAFORM GRAPH
COMPOSE N-TIERS / PROVIDERS
TERRAFORM PROVIDERS
SINGLE INTEGRATION POINT
EXPOSE ("PROVIDE") A RESOURCE
EXPOSE ("PROVIDE") A RESOURCE
aws_instance
dnssimple_record
CRUD API
PLUGGABLE FOR INTEGRATIONS
C C C
C C C
VM VM VM
IAAS (OpenStack, etc)
PHYSICAL
"LAYER CAKE"
PROVIDER PER LAYER
UNIFIED CONFIGURATION
$ terraform apply
All logos and trademarks are copyright their respective owners
TERRAFORM PLAN
$ terraform plan
+ digitalocean_droplet.web backups: "" => "<computed>" image: "" => "centos-5-8-x32" ipv4_address: "" => "<computed>" ipv4_address_private: "" => "<computed>" name: "" => "tf-web" private_networking: "" => "<computed>" region: "" => "sfo1" size: "" => "512mb" status: "" => "<computed>"
+ dnsimple_record.hello domain: "" => "example.com" domain_id: "" => "<computed>" hostname: "" => "<computed>" name: "" => "test" priority: "" => "<computed>" ttl: "" => "<computed>"
$ terraform plan
+ digitalocean_droplet.web backups: "" => "<computed>" image: "" => "centos-5-8-x32" ipv4_address: "" => "<computed>" ipv4_address_private: "" => "<computed>" name: "" => "tf-web" private_networking: "" => "<computed>" region: "" => "sfo1" size: "" => "512mb" status: "" => "<computed>"
+ dnsimple_record.hello domain: "" => "example.com" domain_id: "" => "<computed>" hostname: "" => "<computed>" name: "" => "test" priority: "" => "<computed>" ttl: "" => "<computed>"
$ terraform plan
+ digitalocean_droplet.web backups: "" => "<computed>" image: "" => "centos-5-8-x32" ipv4_address: "" => "<computed>" ipv4_address_private: "" => "<computed>" name: "" => "tf-web" private_networking: "" => "<computed>" region: "" => "sfo1" size: "" => "512mb" status: "" => "<computed>"
+ dnsimple_record.hello domain: "" => "example.com" domain_id: "" => "<computed>" hostname: "" => "<computed>" name: "" => "test" priority: "" => "<computed>" ttl: "" => "<computed>"
$ terraform plan
+ digitalocean_droplet.web backups: "" => "<computed>" image: "" => "centos-5-8-x32" ipv4_address: "" => "<computed>" ipv4_address_private: "" => "<computed>" name: "" => "tf-web" private_networking: "" => "<computed>" region: "" => "sfo1" size: "" => "512mb" status: "" => "<computed>"
+ dnsimple_record.hello domain: "" => "example.com" domain_id: "" => "<computed>" hostname: "" => "<computed>" name: "" => "test" priority: "" => "<computed>" ttl: "" => "<computed>"
+ digitalocean_droplet.web backups: "" => "<computed>" image: "" => "centos-5-8-x32" ipv4_address: "" => "<computed>" ipv4_address_private: "" => "<computed>" name: "" => "tf-web" private_networking: "" => "<computed>" region: "" => "sfo1" size: "" => "512mb" status: "" => "<computed>"
+ dnsimple_record.hello domain: "" => "example.com" domain_id: "" => "<computed>" hostname: "" => "<computed>" name: "" => "test" priority: "" => "<computed>" ttl: "" => "<computed>" type: "" => "A" value: "" => "${digitalocean_droplet.web.ipv4_address}"
+ digitalocean_droplet.web backups: "" => "<computed>" image: "" => "centos-5-8-x32" ipv4_address: "" => "<computed>" ipv4_address_private: "" => "<computed>" name: "" => "tf-web" private_networking: "" => "<computed>" region: "" => "sfo1" size: "" => "512mb" status: "" => "<computed>"
+ dnsimple_record.hello domain: "" => "example.com" domain_id: "" => "<computed>" hostname: "" => "<computed>" name: "" => "test" priority: "" => "<computed>" ttl: "" => "<computed>" type: "" => "A" value: "" => "${digitalocean_droplet.web.ipv4_address}"
SHOWS YOU WHAT WILL HAPPEN
EXPLAINS CERTAIN ACTIONS
PREVIOUSLY?
STILL UNCERTAINTY…
FUTURE OPS Managing tomorrow’s infrastructure
DEPLOY IMMUTABLE INFRASTRUCTURE
CHANGES
CO
NF
IDE
NC
EMutable Infrastructure
INTERATIONS
CO
NSI
STE
NC
YMutable Infrastructure
INTERATIONS
CO
NSI
STE
NC
YImmutable Infrastructure
IMMUTABLE INFRASTRUCTURE IS FASTER
IMMUTABLE INFRASTRUCTURE ALLOWS FOR GREATER PARITY
IMMUTABLE INFRASTRUCTURE NEEDS AUTOMATION
PACKERAutomated Golden Images (and more)
MACHINE IMAGES
YUCK… IMAGES?
WHY HAVE WE BEEN GENERALLY AGAINST MACHINE IMAGES?
GOLDEN IMAGES USED TO BE THE WAY
QUARTERLY, UNCHANGED, AND BLESSED IMAGE
CHANGES WERE SLOW AND FRUSTRATING
TOOLING WAS NOT MATURE COMPARED TO TODAY
MODERN CONFIG MANAGEMENT CHANGED THAT
OPS WITHOUT MACHINE IMAGES IS LIKE APPLICATIONS WITHOUT BINARIES
ApplicaBon Lifecycle
Source Code Binary
ApplicaBon Lifecycle
Source Code Binary
libA 1.0 libB 1.0 libC 1.0
ApplicaBon Lifecycle
Source Code Binary
libA 2.0 libB 1.0 libC 1.0
ApplicaBon Lifecycle
Source Code Failure
libA 2.0 libB 1.0 libC 1.0
ApplicaBon Lifecycle
Mutable Server Lifecycle
New Server Ready Server
Mutable Server Lifecycle
New Server Ready Server
Packages Network CM Changes
Mutable Server Lifecycle
New Server
Network CM ChangesPackage Changes
Mutable Server Lifecycle
Ready Server
New Server
Network CM ChangesPackage Changes
Failure
Mutable Server Lifecycle
New Server
Packages CM ChangesNetwork Unreliable
Failure
Mutable Server Lifecycle
New Server
Packages Network CM Changed
Failure
Mutable Server Lifecycle
Machine Image Lifecycle
New Server Ready Server
Machine Image Lifecycle
New Server Ready Server
Machine Image Lifecycle
PACKER BUILD
EMBRACES CONFIG MANAGEMENT
TRANSITIONS FAILURES FROM RUN-TIME TO BUILD-TIME
ENFORCES PARITY WITH STAGING
… AND EVEN DE ELOPMENT
WHAT DOES THE FUTURE LOOK LIKE?
AMI
DNS
Load Balancer
Deploy
OPE
RAT
OR
SD
EVEL
OPE
RS
[]
PRODUCTION
M
AMI
DNS
Load Balancer
Deploy
OPE
RAT
OR
SD
EVEL
OPE
RS
[]
PRODUCTION
MU
AMI
DNS
Load Balancer
Deploy
OPE
RAT
OR
SD
EVEL
OPE
RS
[]
PRODUCTION
MU
AMI
DNS
Load Balancer
Deploy
OPE
RAT
OR
SD
EVEL
OPE
RS
[]
PRODUCTION
MU
AMI
DNS
Load Balancer
Deploy
OPE
RAT
OR
SD
EVEL
OPE
RS
[]
PRODUCTION
MU
AMI
DNS
Load Balancer
Deploy
OPE
RAT
OR
SD
EVEL
OPE
RS
[]
PRODUCTION
MU
U
AMI
DNS
Load Balancer
Deploy
OPE
RAT
OR
SD
EVEL
OPE
RS
[]
PRODUCTION
MU
U
AMI
DNS
Load Balancer
Deploy
OPE
RAT
OR
SD
EVEL
OPE
RS
[]
PRODUCTION
MU
U
SETH VARGO @sethvargo
QUESTIONS?