From ConfigManagementSucks to I love ConfigManagement

Kris Buytaert

OSDC 2015

@krisbuytaert

Kris BuytaertKris Buytaert● In the 90'ies I used to be a Dev ,In the 90'ies I used to be a Dev ,● Then Became an OpThen Became an Op● Chief Trolling Officer and Open Source Chief Trolling Officer and Open Source

Consultant @inuits.euConsultant @inuits.eu● Everything is an effing DNS ProblemEverything is an effing DNS Problem● Building Clouds since before the bookstoreBuilding Clouds since before the bookstore● Some books, some papers, some blogsSome books, some papers, some blogs● Evangelizing devopsEvangelizing devops

#devops=~C(L)AMS#devops=~C(L)AMS● CultureCulture

● (Lean)(Lean)

● AutomationAutomation

• PackagingPackaging

• IACIAC

● Monitoring and MeasurementMonitoring and Measurement

● SharingSharing

Damon Edwards and John WillisDamon Edwards and John Willis

Gene KimGene Kim

This talk This talk

Part 3 of what should have been a 3 part series.Part 3 of what should have been a 3 part series.

Part 4 is about CulturePart 4 is about Culture

Why we study history ?Why we study history ?● Because Because I`m a grumpy old frustrated sysadminI`m a grumpy old frustrated sysadmin

● Because IBecause I`m an old opiniated guy`m an old opiniated guy

● Because history repeatsBecause history repeats

● We need to learn from our mistakesWe need to learn from our mistakes

Deploying an InfrastructureDeploying an Infrastructure● 1996 : Manual Installations , manually copying 1996 : Manual Installations , manually copying

around config files and making changesaround config files and making changes

● 2001 : Mondo rescue 2001 : Mondo rescue (reproducable single instances)(reproducable single instances)

● 2003 : SystemImager2003 : SystemImager

• Reproducable Infrastructure , with Reproducable Infrastructure , with “OVERRIDES”“OVERRIDES”

• Fast Multicast Image deploymentsFast Multicast Image deployments

• Image Sprawl (thank you VMware)Image Sprawl (thank you VMware)

Deploying an InfrastructureDeploying an Infrastructure● 1996 : Manual Installations1996 : Manual Installations

● 2001 : Mondo rescue2001 : Mondo rescue

● 2003 : SystemImager2003 : SystemImager

● 2005 : 2005 : Kickstart / FAI Kickstart / FAI

• Dreaming of Jeos + IAC (Cfengine)Dreaming of Jeos + IAC (Cfengine)

Deploying an InfrastructureDeploying an Infrastructure● 1996 : Manual Installations1996 : Manual Installations

● 2001 : Mondo rescue2001 : Mondo rescue

● 2003 : SystemImager2003 : SystemImager

● 2005 : Dreaming of Jeos + IAC2005 : Dreaming of Jeos + IAC

● 2008 : Actual JeOS + IAC2008 : Actual JeOS + IAC

● 2010 : Vagrant for development 2010 : Vagrant for development

For years we've tolerated humans to to make For years we've tolerated humans to to make structural manual changes to the infrastructure structural manual changes to the infrastructure our critical applications are running on.our critical applications are running on.

Whilst at the same time demanding those critical Whilst at the same time demanding those critical applications to go trough rigid test scenarios.applications to go trough rigid test scenarios.

Who let this happen ?Who let this happen ?

Infrastructure as CodeInfrastructure as Code● Treat configuration automation as code Treat configuration automation as code

● Development best practicesDevelopment best practices

• Model your infrastructureModel your infrastructure

• Version your cookbooks / manifestsVersion your cookbooks / manifests

• Test your cookbooks/ manifestsTest your cookbooks/ manifests

• Dev/ test /uat / prod for your infraDev/ test /uat / prod for your infra

● Model your infrastructureModel your infrastructure

● A working service = automated ( Application Code + Infrastructure A working service = automated ( Application Code + Infrastructure Code + Security + Monitoring )Code + Security + Monitoring )

● Think Puppet, Chef, Cfengine, ....Think Puppet, Chef, Cfengine, ....

The Learning CurvesThe Learning Curves

for $tool in “bcfg2 lcfg cfengine puppet chef “for $tool in “bcfg2 lcfg cfengine puppet chef “

$tool is user-friendly it's just picky about who its $tool is user-friendly it's just picky about who its friends are.friends are.

I hate your languageI hate your language

● Ruby vs no rubyRuby vs no ruby

● I like pythonI like python

Development is hardDevelopment is hard● Ordering Ordering

● LoopsLoops

● Dependencies Dependencies

Oldschool people reacting to changeOldschool people reacting to change

Ops reaction :Ops reaction :● You want me to write code ? You want me to write code ?

● Yes shell , perl, python, .. Yes shell , perl, python, ..

Ops Reaction:Ops Reaction:● You want me to use git ?You want me to use git ?

● Yes it's 2015 .. use git or be looking for a new Yes it's 2015 .. use git or be looking for a new job.job.

You'd think the previous conversation took You'd think the previous conversation took place in in 2005. place in in 2005.

Sadly it didn't , it still happening in 2015Sadly it didn't , it still happening in 2015

Ops reaction :Ops reaction :● You want me write tests ?You want me write tests ?

● Yes .. as you are writing code Yes .. as you are writing code

Ops reaction :Ops reaction :● You want me do to continous Integration ?You want me do to continous Integration ?

● Yes .. as you are developing softwareYes .. as you are developing software

Ops reaction :Ops reaction :● You want me do to continous deployment ?You want me do to continous deployment ?

● Yes .. as you need to experience how to do it so Yes .. as you need to experience how to do it so you can assist the developers with their own you can assist the developers with their own code base.code base.

A pipelineA pipeline● Checkout codeCheckout code

● SyntaxSyntax

● StyleStyle

● Code CoverageCode Coverage

● TestsTests

● BuildBuild

● More TestsMore Tests

● Package Package

● Upload to RepoUpload to Repo

● Deploy on TestDeploy on Test

● Check PuppetrunsCheck Puppetruns

● Check Check IcingaIcinga

● Promote to UATPromote to UAT

Share the pain , same tools .. you now know Share the pain , same tools .. you now know much better how to support the devs..much better how to support the devs..

Great communities ?Great communities ?

““There is a module ... for that”There is a module ... for that”

● Which of the 60+ apache modules do you Which of the 60+ apache modules do you want ?want ?

● But it doesn't work on your distroBut it doesn't work on your distro

● But it starts the service while you want your But it starts the service while you want your cluster soft to manage it.cluster soft to manage it.

● It doesn't use (the upstream) packagesIt doesn't use (the upstream) packages

● ......

If you tought datacenter automation If you tought datacenter automation was easy ..was easy ..

devops : a movement tricking operations devops : a movement tricking operations people into writing code to automate their people into writing code to automate their

infrastructure since 2007infrastructure since 2007

All I wanted was to put this All I wanted was to put this oneone server, server, oneone application in production. application in production.

● We are talking datacenters .. it's never just one We are talking datacenters .. it's never just one server , you need to have dev, test, server , you need to have dev, test, acceptance, production platforms acceptance, production platforms

● HA, Scaleout ?HA, Scaleout ?

● Orchestration ? I need to have access to the Orchestration ? I need to have access to the database before I can launch the applictiondatabase before I can launch the appliction

● That's a design errorThat's a design error

NoOps anno 2010NoOps anno 2010● I've build this app and put it in production on my I've build this app and put it in production on my

favourite Saas, favourite Saas,

● THEIR ops people will run it for me under strict THEIR ops people will run it for me under strict limitationslimitations

●

Quiz : Quiz : ● I've build this app and wrapped it in a I've build this app and wrapped it in a

● I can run it everywereI can run it everywere

● Who ?Who ?

Quiz : Quiz : ● I've build this app and wrapped it in a I've build this app and wrapped it in a

● I can run it everywereI can run it everywere

● Sun Microsysystem Announcing Java in 1996Sun Microsysystem Announcing Java in 1996

Quiz : Quiz : ● I've build this app and wrapped it in a I've build this app and wrapped it in a

● I can run it everywereI can run it everywere

● Now I can choose what distro I want and put it Now I can choose what distro I want and put it in production in production

● Who ?Who ?

Quiz : Quiz : ● I've build this app and wrapped it in a I've build this app and wrapped it in a

● I can run it everywereI can run it everywere

● Now I can choose what distro I want and put it Now I can choose what distro I want and put it in production in production

● A docker fanboy in front of a room of senior ops A docker fanboy in front of a room of senior ops people in early 2014 people in early 2014

If all you know is docker, every whale looks like a If all you know is docker, every whale looks like a private cloudprivate cloud

Image Build by devs, Image Build by devs, maintained by nobodymaintained by nobody

Closing the gaps between dev and opsClosing the gaps between dev and ops

● How do you even build a container How do you even build a container

● How do you build the hosts that run the How do you build the hosts that run the containers ?containers ?

● Infrastructure as code ++Infrastructure as code ++

I never hated Config Management in the first I never hated Config Management in the first place .. it was love at first sight ..place .. it was love at first sight ..

ContactContactKris Buytaert Kris Buytaert Kris.Buytaert@inuits.beKris.Buytaert@inuits.be

Further ReadingFurther Reading@krisbuytaert @krisbuytaert http://www.krisbuytaert.be/blog/http://www.krisbuytaert.be/blog/http://www.inuits.be/http://www.inuits.be/

InuitsInuits

Duboistraat 50Duboistraat 502060 Antwerpen2060 AntwerpenBelgiumBelgium891.514.231891.514.231

+32 475 961221+32 475 961221