Audience: Beginner
About: As OpenStack gains traction in today’s enterprise environments, other cloudy concepts are beginning to take hold in enterprises as well. Today’s enterprises are transitioning from waterfall to agile, more interested in DevOps, and are adopting programmable infrastructure faster than ever before. To maximize returns on the investments today’s enterprises are making, IT departments need to learn new skills and new concepts. Infrastructure as Code (IAC) is one of those concepts that everyone hears a lot about, but in many cases, it is not well understood. Appdevs need to learn infrastructure, infrastructure teams need to learn software development strategies. Bridging the gaps between the two teams can drive the overall consumption of an OpenStack cloud. This session will discuss the basic concepts of infrastructure as code and how to get started. We will also review what it takes to get started (Software repositories, Version Control, etc) and strategies for selling your cloud.
Speaker Bio: Steve Tegeler – Director of Systems Engineering, VMware
Steve currently leads a team of experts who help customers deploy OpenStack in their organizations. Over the last 10 years Steve has spent a tremendous amount of time with IT departments making choices around IaaS. Steve came to VMware through the acquisition of Nicira. At Nicira, Steve spent time not only on Network & Security virtualization, but the overall automation strategy. He’s seen a lot of success, and also a lot of failures.
Speaker Bio: Nathan Ness – Staff Systems Engineer, VMware
Nathan Ness has been a part of the Networking and Security Business Unit at VMware since the acquisition of Nicira. His background includes datacenter networking and security with an emphasis in cloud and virtualization technologies. Currently at VMware he focuses on anything & everything related to OpenStack + VMware. He holds certifications in Cisco, Microsoft, and VMware NSX.
OpenStack Australia Day - Sydney 2016
https://events.aptira.com/openstack-australia-day-sydney-2016/
3. 3
Who am I, and How did I learn about IaC?
• Director of Pre-Sales engineering for OpenStack + VMware
• Infrastructure Background
– Compute Storage Networking Server Virt Network Virt (Nicira)
• At Nicira our success was bound to the success of CMP/IaaS
– CMP Drives Consumption of Virtual Networks
• Watched a YouTube video and felt my career pivot
5. 5
Who am I, and How did I learn about IaC?
• Director of Pre-Sales engineering for OpenStack + VMware
• Infrastructure Background
– Compute Storage Networking Server Virt Virt Networking
• At Nicira realized our success was bound to the success of IaaS
– CMP Drives the Consumption of Network
• Watched a YouTube video and felt my career pivot
• Must learn coding principles to stay relevant
• OpenStack success is bound by the ability to consume it
– IaC education/adoption will help
6. 6
"Enable the reconstruction of the business from nothing but
a source code repository, an application data backup, and
bare metal resources.“
- Adam Jacob, CTO Chef
Infrastructure as Code – Common Definition
App Code
Infrastructure
Code
Configuration
Code
Your
Data
App
State
Compute
Network
Security
Storage
8. 8
Infrastructure & ConfigurationInfrastructure & Configuration
Typical CI Development Process
Build/CI
Source Code
Management
Repository
Testing
Frameworks
Provisioning /
Deployment
1. Commit/Check-in
2. Build & Test
4. Deploy
vRA
3. Artifacts
W W
AA
R
Manual?
9. 9
App Devs
Ops
Teams
Network StorageCompute
WW
A A
R
Web
2 VMs, 2CPU, 2GB mem, 10GB disk, RHEL
LoadBalancer
Open 80,443
App
2 VMs 4CPU, 4GB mem, 30GB disk
Open 22 internal only, 8443 from Web
Request Infrastructure
web_instance: webxyz
flavor: m1.small
image: RHEL-x86_64-chef
network: web-net
security: web-sec
quantity: 2
-------<snip>----------
Web-net: web-net
Subnet: 10.10.0.0
Mask: 255.255.255.0
Web-sec: name: web-sec
in: allow: tcp: 22
out: allow: tcp: 80, 443
Describe Infrastructure
Days &
Variability Fast &
Predictable
flavor: m1.small
Cpu: 2
Mem: 2
Disk: 10
Cloud APIs
“Consumer”
10. 12
Why Code is so Great for Infrastructure
When things break, I can troubleshoot easily – Version Control
Easily test infrastructure permutations - CPU/Mem/Storage/Net/Sec
Re-useable
I can build topology templates for apps – Fast & Consistent Configuration
14. 16
Deployment
Pipeline
Infrastructure Site 1
Existing Business Apps
Ultimate IaC Test – Day 0
CONFIDENTIAL
App Code
Infrastructure
Code
Configuration
Code
Your
Data
Source
Code
App_1 App_2 App_n
Infrastructure Site 2
Your
Data
Business Apps Up!
App_1 App_2 App_n
R R
UPS
15. 17
Seems Like Utopia, Does it Actually Work?
• If it doesn’t work, you are DOING IT WRONG
– The more often you practice it, the more resilient it makes it (lifting weights)
• Test it in a different OpenStack cloud
– Considerations: Defcore compliant, feature set same?
17. 19
Version Control
• Definition: A system that records changes to a file or set of files over
time so that you can recall specific versions later
• Main Benefit: Complete visibility to any changes
Application v12.34
Application
Code
Infrastructure
Code
Configuration
Code
18. 20
IaC_v123
• TCP 8081
IaC_v456
• TCP 8081
IaC_v457
• TCP 22, 8081
February
March
April
May
Day 2 Value: Incident, Cause
Security Policy
Incident/Audit
Code Development
Source Code
diff
19. 21
Use Cases for Infrastructure as Code
• Test Firewall Changes
• Test your application to see if it is IP address dependent
– Change a subnet address range used (192.x.y.z 172.x.y.z)
• Test different performance permutations
– CPU – multi-threaded/scale out
– Disk – SATA, SSD, etc
• Rollback
21. 23
IT, we have a Problem!
• Infrastructure Teams SW development practices
– Learn Version Control and ways to “Describe” Infrastructure
• Devs Understand Infrastructure
– Developers learn proper ways to deploy infrastructure “primitives”
Developers Infra