patterns for infrastructure-as-code for devops linz 2016
TRANSCRIPT
![Page 1: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/1.jpg)
01
![Page 2: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/2.jpg)
About me02
![Page 3: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/3.jpg)
Andrey AdamovichJava/Groovy developer, clean coder
DevOps guy, automation junkie
Coorganizer of @latcraft and @devternity
Coach at @devchampions
Twitter: @codingandrey
•••••
03
![Page 4: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/4.jpg)
What this talkis about?
04
![Page 5: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/5.jpg)
Well...Collection of patterns (and antipatterns) for representing your
infrastructureascode.
Work in progress (never done).
Feedback is more than welcome!
•
••
05
![Page 6: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/6.jpg)
InfrastructureascodeInfrastructureasCode (IaC) is a type of IT infrastructure
that operations teams can automatically manage and provision
through code, rather than using a manual process.
InfrastructureasCode is sometimes referred to as programmable
infrastructure.
“06
![Page 7: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/7.jpg)
Images, declarations, tasks
07
![Page 8: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/8.jpg)
IaC playersImage defitions
Provisioning declarations
Automation scripts
•••
08
![Page 9: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/9.jpg)
ToolsImage creation/management: Packer, Docker, AWS AMI/EC2 etc.
State declarations: Puppet, Chef, Ansible etc.
Automation blocks: SSH, API + <your favorite scripting
language>
•••
09
![Page 10: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/10.jpg)
Periodic table of DevOps
10
![Page 11: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/11.jpg)
Everything is code!
11
![Page 12: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/12.jpg)
Code "deployment" (one click away)
12
![Page 13: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/13.jpg)
Code "deployment" (one commit away)
13
![Page 14: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/14.jpg)
Let's seesome
patterns!14
![Page 15: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/15.jpg)
Images15
![Page 16: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/16.jpg)
Antipattern: Golden ImageManually crafted base infrastructure server image that nobody dares
or knows how to change.•
16
![Page 17: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/17.jpg)
Pattern: Reproducible ImagesOperating system distributions ( *.iso ).
Base provider images.
Packer can create images for many virtualization software and cloud
providers.
Docker can build and package containers as images for distribution.
•••
•
17
![Page 18: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/18.jpg)
Secrets18
![Page 19: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/19.jpg)
Pattern: Secret IsolatingEverything is code, but secrets are not!
Secrets should reside in a separate location!
Secrets should be injected on the very last stage of "deploying" your
code.
In this way, the actual code still remains sharable.
•••
•
19
![Page 20: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/20.jpg)
Pattern: Encrypted SecretsShared secrets must be encrypted!
Well, all stored secrets must be encrypted!
Decryption password is shared through a different channel.
•••
20
![Page 21: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/21.jpg)
Encryption optionsEncrypt hard drives
Encrypt files in version control
Use vault service
•••
21
![Page 22: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/22.jpg)
Encryption options: GPGGPG/PGP:
> cd <path‐to‐your‐repo>/
> gpg ‐‐encrypt sensitive_file
> git add sensitive_file
> git commit ‐m 'Add encrypted version of a sensitive file'
•01.
02.
03.
04.
22
![Page 23: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/23.jpg)
Encryption options: TranscryptOpenSSL + Transcrypt (https://github.com/elasticdog/transcrypt):
> cd <path‐to‐your‐repo>/
> transcrypt
> echo 'sensitive_file filter=crypt diff=crypt' >> .gitattributes
> git add .gitattributes sensitive_file
> git commit ‐m 'Add encrypted version of a sensitive file'
•01.
02.
03.
04.
05.
23
![Page 24: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/24.jpg)
Vault servicesGeneric: Vault from HashiCorp
Chef: encrypted data bags
Puppet: hieragpg, hieraeyaml
Ansible: ansiblevault
••••
24
![Page 25: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/25.jpg)
Antipattern: Postponing Secret Isolation"It's OK for now" does not really work!
It creates a culture of security being not so important!
It may alienate your Dev and Ops teams, because they can't share
code due to hardcoded secrets!
•••
25
![Page 26: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/26.jpg)
Codeorganization
26
![Page 27: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/27.jpg)
Antipattern: "FancyFileCopying"To configure package X, you keep all configuration files it needs within
your "code".
You use provisioning tool abstractions to copy every single file onto the
target system.
•
•
27
![Page 28: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/28.jpg)
Antipattern: "FancyFileCopying"
28
![Page 29: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/29.jpg)
Example: nginxnginx.conf
mime.conf
servers.conf
params.conf
nginx.pp | nginx.rb | nginx.yml
•••••
29
![Page 30: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/30.jpg)
Example: nginxfile { 'servers.conf': ... }
file { 'mime.conf': ... }
file { 'nginx.conf': ... }
file { 'params.conf': ... }
...
01.
02.
03.
04.
05.
30
![Page 31: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/31.jpg)
Example: nginx‐ template: src=servers.conf ...
‐ template: src=mime.conf ...
‐ template: src=nginx.conf ...
‐ template: src=params.conf ...
...
01.
02.
03.
04.
05.
31
![Page 32: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/32.jpg)
Hiding abstractionsWell, there are much simpler ways to copy files.
You actually hide your intent and the goal of your configuration.
File and package are not always the right abstractions.
•••
32
![Page 33: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/33.jpg)
Example: nginxUpstream Server
Virtual Host
Static Directory
System Wide Setting
••••
33
![Page 34: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/34.jpg)
Pattern: Infrastructure Component DSLNobody knows your domain better than you!
You can write your own DSL or you can leverage existing tools.
The main thing is to group infrastructure configuration into reusable
components.
That's what we do with application code, that's what we should do with
IaC!
•••
•
34
![Page 35: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/35.jpg)
Pattern: Infrastructure Component DSL
35
![Page 36: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/36.jpg)
Example: pseudocodesystem1 {
http_proxy {
cache=true
business_app {
param1=A
}
}
database {
memory=3GB
}
01.
02.
03.
04.
05.
06.
07.
08.
09.
10.36
![Page 37: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/37.jpg)
DSLBash, Perl, Python, Groovy,... anything works.
Though, Puppet, Chef, Ansible provide facilities to define and group
abstractions.
••
37
![Page 38: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/38.jpg)
Pattern: Incremental ConfigurationMany packages will already be on the system in their default state.
Instead of duplicating default state in your code, you can only define
an incremental change.
••
38
![Page 39: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/39.jpg)
Pattern: Incremental Configuration
39
![Page 40: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/40.jpg)
ExamplesDisallow root access on the system
Set SELinux into permissive mode
Set default caching timeout in Nginx
•••
40
![Page 41: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/41.jpg)
Tooling examplesGeneric: sed, perl, regular expressions
Puppet: file_line, augeas
Ansible: lineinfile, replace
Chef: ruby
••••
41
![Page 42: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/42.jpg)
Pattern: Configuration CompositionCompose your configuration of several template calls or API call
blocks.
Expose abstractions through configuration blocks.
•
•
42
![Page 43: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/43.jpg)
Pattern: Configuration Composition
43
![Page 44: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/44.jpg)
Tooling examplesPuppet: concat module
Ansible: assemble module
Chef: partials
•••
44
![Page 45: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/45.jpg)
Pattern: ExtraPackaging CodePackage your application in the most approriate format that is ready
for the most hasslefree deployment.
Publish it to artifact repository (Maven, RubyGems, Yum, Apt...).
Artifact repository serves as a layer of isolation between pipelines.
Reduces amount of code needed on later stages of configuration
management.
•
•••
45
![Page 46: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/46.jpg)
Pattern: ExtraPackaging Code
46
![Page 47: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/47.jpg)
Application can be packaged differentlyjar|gem|pyc|...
tar.gz|tar.bz2|zip|...
rpm|deb|msi|...
server|container image
1.
2.
3.
4.
47
![Page 48: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/48.jpg)
Antipattern: Data as CodeData has different lifecycle. It's more dynamic.
Data changes more often than code.
Example 1: use your provisioning tool to define organization users.
Example 2: manifest that lists all your 500 servers.
••••
48
![Page 49: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/49.jpg)
Pattern: Configuration DiscoveryPart or all of system configuration is distributed through autodiscovery
mechanism.
This cleans your IaC from storing specifics. Define keys instead of
values.
Basically, "convention over configuration" for your cluster.
•
•
•
49
![Page 50: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/50.jpg)
Pattern: Configuration Discovery
50
![Page 51: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/51.jpg)
Tooling examplesEtcd (https://github.com/coreos/etcd)
Eureka (https://github.com/Netflix/eureka)
ZooKeeper (https://zookeeper.apache.org/)
Consul (http://www.consul.io/)
••••
51
![Page 52: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/52.jpg)
Pattern: Configuration Data SourceUseful when number of managed items exceeds certain amount.
Data file (Text, Excel, etc.)
Database (PuppetDB etc.)
Infrastructure Service API
••••
52
![Page 53: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/53.jpg)
Pattern: Infrastructure QueryLanguage or API that allows to query your infrastructure state (real
time or last available report).
Examples: AWS EC2 API, PuppetDB, MCollective, Salt
•
•
53
![Page 54: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/54.jpg)
Pattern: Environment TemplateDefine template from which you can create a fully working
environment.
It gives scaling.
It gives isolation.
It gives flexibilty.
•
•••
54
![Page 55: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/55.jpg)
Tooling examplesVagrant
AWS Cloud Formation
Terraform
Docker and Docker Compose
Kubernetes API
•••••
55
![Page 56: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/56.jpg)
Code Quality56
![Page 57: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/57.jpg)
Antipattern: Not Treating IaC as CodeCode must be in Version Control.
Lack of experience with new tool may require Code Reviews.
Yes, there are tools for Static Code Analysis even for IaC products.
Unit testing does not make a lot of sense for IaC, but Integration
Testing does.
Applying all the above techniques gives the best QA result for any
code.
••••
•
57
![Page 58: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/58.jpg)
Testing IaCServerspec (http://serverspec.org/)
BATS (https://github.com/sstephenson/bats)••
58
![Page 59: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/59.jpg)
Antipattern: Ignoring Styling GuidelinesEach tool/language out there has one.
Nobody canceled clean code teachings.
Reading, writing and eventually merging code is always easier if
people follow the same formatting and styling.
•••
59
![Page 60: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/60.jpg)
Static code analysis toolsshellcheck (https://github.com/koalaman/shellcheck)
yamllint (https://github.com/Pryz/yamllint)
Puppet Lint (http://puppetlint.com/)
Ansible Lint (https://github.com/willthames/ansiblelint)
FoodCritic (http://www.foodcritic.io/)
•••••
60
![Page 61: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/61.jpg)
Side effects61
![Page 62: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/62.jpg)
Pattern: Metrics as CodeMetrics that your application provides evolve with your application.
New components, new endpoints, new KPIs...
Keep monitoring configuration close to the code!
Or make it autodiscoverable and visible!
••••
62
![Page 63: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/63.jpg)
Configuring and collecting metricsMonitoring software has configuration files and/or an API that can be
programmed.
There a plenty of libraries that allow making monitoring a builtin
feature of your application.
•
•
63
![Page 64: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/64.jpg)
Examples: JavaDropWizard Metrics
Hystrix
StageMonitor
•••
64
![Page 65: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/65.jpg)
Pattern: Control Panel as CodeRepeatable things live well in scripts.
Scripts can (and will) be well executed by your CI server (or any other
UI you can build around your automation).
Effectively, that server becomes your "control panel".
Keep configuration of your "control panel" in version control.
••
••
65
![Page 66: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/66.jpg)
Example: JenkinsJenkins API (https://jenkinsapi.readthedocs.org/en/latest/)
Job DSL (https://github.com/jenkinsci/jobdslplugin)
Gradle plugin (https://github.com/ghale/gradlejenkinsplugin)
•••
66
![Page 67: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/67.jpg)
Example: RunDeckRunDeck API (http://rundeck.org/2.5.3/api/index.html)
RunDeck Command Line (http://rundeck.org/docs/man1/index.html)••
67
![Page 68: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/68.jpg)
Antipattern: Private Fork of aCommunity ModuleThere is a lot of code out there.
Private fork may work as a shortterm solution.
Do not keep your updates only to yourself. Share them back.
•••
68
![Page 69: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/69.jpg)
Pattern: Community Module WrapperIt's better to create a wrapper.
This simplifies upgrades.
And tracebilty.
•••
69
![Page 70: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/70.jpg)
Antipattern: "Other Stuff"Team members do not fully understand the logic behind code
organization.
They still are eager to contribute, but when they actually do, they break
it.
•
•
70
![Page 71: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/71.jpg)
Example: "Other Stuff"
71
![Page 72: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/72.jpg)
Example: "Other Stuff"
72
![Page 73: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/73.jpg)
Example: "Other Stuff"
73
![Page 74: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/74.jpg)
Antipattern: Big Ball of MudWell, it's possible to create mess out of anything.•
74
![Page 75: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/75.jpg)
Pattern: Automation over DocumentationIt's quite common that Ops team have been given or have created a
bunch of documents describing procedures for system operations.
Code can do it better!
It happens that writing those documents take as much time as writing
and testing code that implement the same guide lines.
Automating procedures can reduce the amount of documentation
needed or eliminate the documentation completely.
•
••
•
75
![Page 76: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/76.jpg)
Conclusion76
![Page 77: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/77.jpg)
ConclusionPatterns are everywhere!
Patterns help understanding bigger picture, but not always provide a
solution to your specific problem.
It helps to set a common language.
List is not complete!
••
••
77
![Page 78: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/78.jpg)
Feedback iswelcome!
78
![Page 79: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/79.jpg)
Share your patterns:Write a blog post!
Share a tweet with @codingandrey or #iacpatterns.
Or just write me to [email protected].
•••
79
![Page 80: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/80.jpg)
For thereference
80
![Page 81: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/81.jpg)
Summary of antipatterns IAntipattern: Golden Image
Antipattern: Postponing Secret Isolation
Antipattern: "FancyFileCopying"
Antipattern: Data as Code
••••
81
![Page 82: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/82.jpg)
Summary of antipatterns IIAntipattern: Not Treating IaC as Code
Antipattern: Ignoring Styling Guidelines
Antipattern: Private Fork of a Community Module
Antipattern: "Other Stuff"
Antipattern: Big Ball of Mud
•••••
82
![Page 83: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/83.jpg)
Summary of patterns IPattern: Reproducible Images
Pattern: Secret Isolating
Pattern: Encrypted Secrets
Pattern: Infrastructure Component DSL
Pattern: Incremental Configuration
Pattern: Configuration Composition
Pattern: ExtraPackaging Code
•••••••
83
![Page 84: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/84.jpg)
Summary of patterns IIPattern: Configuration Discovery
Pattern: Configuration Data Source
Pattern: Infrastructure Query
Pattern: Metrics as Code
Pattern: Control Panel as Code
Pattern: Community Module Wrapper
Pattern: Environment Template
Pattern: Automation over Documentation
••••••••
84
![Page 85: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/85.jpg)
That's it!85
![Page 86: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/86.jpg)
Thank you!86
![Page 87: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/87.jpg)
Questions?87
![Page 88: Patterns for Infrastructure-as-code for DevOps Linz 2016](https://reader034.vdocuments.us/reader034/viewer/2022042907/5879b8bf1a28ab6b2c8b73d1/html5/thumbnails/88.jpg)
88