infrastructure = code
TRANSCRIPT
![Page 1: Infrastructure = Code](https://reader031.vdocuments.us/reader031/viewer/2022030314/58891f361a28ab77528b4fd3/html5/thumbnails/1.jpg)
Infrastructure = Code
Georg M. Sorst
CTO, FINDOLOGIC GmbH
![Page 2: Infrastructure = Code](https://reader031.vdocuments.us/reader031/viewer/2022030314/58891f361a28ab77528b4fd3/html5/thumbnails/2.jpg)
What’s the challenge?
Who has already setup 1 server?
2 servers?
10, 1.000, 10.000?
![Page 3: Infrastructure = Code](https://reader031.vdocuments.us/reader031/viewer/2022030314/58891f361a28ab77528b4fd3/html5/thumbnails/3.jpg)
Danger zone
● Setup: Manual shell commands
● Testing: Manual
● Multiple admins: Overwrite each other’s fixes
● Updates: Different versions on every server
![Page 4: Infrastructure = Code](https://reader031.vdocuments.us/reader031/viewer/2022030314/58891f361a28ab77528b4fd3/html5/thumbnails/4.jpg)
Develop like it’s 1999
● Software Development has solved these issues:
● Installation: Deployment Scripts
● Testing: Unit Tests
● Multiple developers: git merge
● Updates: Version tagging
![Page 5: Infrastructure = Code](https://reader031.vdocuments.us/reader031/viewer/2022030314/58891f361a28ab77528b4fd3/html5/thumbnails/5.jpg)
Infrastructure = Code?
● Define the desired state of the servers
● In human readable form
● Commit to VCS
● Automatically run tests
● Setup / Update server with single command
● Fail, fix and deploy
![Page 6: Infrastructure = Code](https://reader031.vdocuments.us/reader031/viewer/2022030314/58891f361a28ab77528b4fd3/html5/thumbnails/6.jpg)
Ansible!
---
- hosts: webservers
tasks:
- name: ensure apache is at the latest version
yum: name=httpd state=latest
- name: write the apache config file
template: src=/srv/httpd.j2 dest=/etc/httpd.conf
notify:
- restart apache
- name: ensure apache is running (and enable it at boot)
service: name=httpd state=started enabled=yes
handlers:
- name: restart apache
service: name=httpd state=restarted
![Page 7: Infrastructure = Code](https://reader031.vdocuments.us/reader031/viewer/2022030314/58891f361a28ab77528b4fd3/html5/thumbnails/7.jpg)
What?
● “Ansible” = fictional instantaneous hyperspace communication system
● Michael DeHaan 2012 / Red Hat
● Python
● Declare desired state, not how to get there○ name=apache state=present○ Idempotent
● Agentless○ Just needs SSH access
● Plain YAML○ Can be versioned
![Page 8: Infrastructure = Code](https://reader031.vdocuments.us/reader031/viewer/2022030314/58891f361a28ab77528b4fd3/html5/thumbnails/8.jpg)
Structure
● Inventory: Which hosts / hostgroups are available?
● Hosts: Which hosts to run on?
● Vars: Use in config files, tasks etc.
● Tasks: What to do?
● Handlers: Restart service on config change
![Page 9: Infrastructure = Code](https://reader031.vdocuments.us/reader031/viewer/2022030314/58891f361a28ab77528b4fd3/html5/thumbnails/9.jpg)
Inventory
https://docs.ansible.com/ansible/intro_inventory.html#groups-of-groups-and-group-variables
![Page 10: Infrastructure = Code](https://reader031.vdocuments.us/reader031/viewer/2022030314/58891f361a28ab77528b4fd3/html5/thumbnails/10.jpg)
Playbook
https://github.com/georgms/ansible-meetup/blob/master/apache.yml
![Page 11: Infrastructure = Code](https://reader031.vdocuments.us/reader031/viewer/2022030314/58891f361a28ab77528b4fd3/html5/thumbnails/11.jpg)
Demo
git clone https://github.com/georgms/ansible-meetup.git
![Page 12: Infrastructure = Code](https://reader031.vdocuments.us/reader031/viewer/2022030314/58891f361a28ab77528b4fd3/html5/thumbnails/12.jpg)
Demo: Ansible + Vagrant
● vagrant up
● vagrant provision○ Idempotent
● http://localhost:8080/
![Page 13: Infrastructure = Code](https://reader031.vdocuments.us/reader031/viewer/2022030314/58891f361a28ab77528b4fd3/html5/thumbnails/13.jpg)
Demo: Ansible + Docker
● Docker image with SSH + Python
● docker build -t ansible-meetup .
● docker run -i -t -p 8080:80 ansible-meetup
![Page 14: Infrastructure = Code](https://reader031.vdocuments.us/reader031/viewer/2022030314/58891f361a28ab77528b4fd3/html5/thumbnails/14.jpg)
Testing, 1 2, Testing
● Use Ansible test modules○ Get response from port○ Check log file contents
● Jenkins: vagrant up
● Travis CI ○ https://github.com/georgms/ansible-meetup/blob/master/.travis.yml
● Automatically build Docker image / Vagrant box
![Page 15: Infrastructure = Code](https://reader031.vdocuments.us/reader031/viewer/2022030314/58891f361a28ab77528b4fd3/html5/thumbnails/15.jpg)
What else
● Ad-hoc tasks: Reboot multiple servers
● Roles: This is a Web-Server, DB-Server, SSH
● Templates: Replace value in config file
● Conditionals: Run only on Ubuntu
● Loops: Install packages, create users
● Vault: Encrypt passwords, private keys
![Page 16: Infrastructure = Code](https://reader031.vdocuments.us/reader031/viewer/2022030314/58891f361a28ab77528b4fd3/html5/thumbnails/16.jpg)
Lessons learned
● Use .d files, eg. /etc/apache2/conf.d/
● Takes a while to have really robust playbooks○ Absolutely requires automated testing
● Don’t make local changes on servers○ Commit to repo, run tests, deploy (just like code)
● < cowsay > --------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
![Page 17: Infrastructure = Code](https://reader031.vdocuments.us/reader031/viewer/2022030314/58891f361a28ab77528b4fd3/html5/thumbnails/17.jpg)
Ecosystem
● Ansible Galaxy: More than 5.000 roles available
● Ansible Tower: Centralized control panel, $$$
● Works well with OpenStack (both Red Hat)
![Page 18: Infrastructure = Code](https://reader031.vdocuments.us/reader031/viewer/2022030314/58891f361a28ab77528b4fd3/html5/thumbnails/18.jpg)
What are my options?
● Puppet (requires agent, Ruby DSL)
● Chef (requires agent, Ruby based configs)
● Salt (agentless,YAML config)
![Page 19: Infrastructure = Code](https://reader031.vdocuments.us/reader031/viewer/2022030314/58891f361a28ab77528b4fd3/html5/thumbnails/19.jpg)
Meetup
● 11.05.