Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Integrating Infrastructure as Code into a Continuous Delivery Pipeline | AWS Public Sector Summit 2017

1,562 views

Published on

Ansible is a simple, but powerful automation tool with an agentless footprint that allows for the definition of architecture, intent, and policy as code that can be deployed across both on-prem and cloud infrastructure. This enables customers to extend their enterprise and applications into AWS in a way that maintains a consistent, secure posture as part of a continuous delivery pipeline. Customers can then natively integrate with AWS to seamlessly configure and deploy a range of AWS services such as Amazon Aurora, Amazon Redshift, Amazon EMR, Amazon Athena, Amazon CloudFront, Amazon Route 53, and Elastic Load Balancing from within Red Hat OpenShift across a secure, consistent hybrid cloud infrastructure. In this session, we will demonstrate how infrastructure can be instantiated with code as part of a continuous delivery pipeline and describe how that integrates with an OpenShift hybrid cloud deployment. Learn More: https://aws.amazon.com/government-education/

Published in: Technology

Integrating Infrastructure as Code into a Continuous Delivery Pipeline | AWS Public Sector Summit 2017

  1. 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Mike Kuentz, AWS Steve Carter, Red Hat June 14, 2017 Integrating Infrastructure as Code into a Continuous Delivery Pipeline
  2. 2. Application & infrastructure
  3. 3. What to expect • DevOps • Infrastructure as code • Continuous integration / continuous deployment (CI/CD) • Pipelines • Automation • Ansible
  4. 4. DevOps principles • Collaboration • Breakdown barriers • Work as one team end to end • Support business and IT agility • Automate everything • Test everything • Measure & monitor everything
  5. 5. DevOps practices • Infrastructure as code • IT automation • Continuous integration • Application • Infrastructure • Continuous deployment • Application • Rollout & rollback • Version control integration • Application and Infrastructure version management • Monitoring and logging
  6. 6. Benefits of DevOps CI/CD CI • Test driven promotion (of development change) • Increasing velocity of feedback cycle through iterative change • Contain change to reduce risk • Bugs are detected quickly • Automated testing reduces size of testing effort CD • Automated, repeatable process to push changes to production • Hardens, removes risk from the deployment process • Immediate feedback from users • Supports A/B testing or “we test customer reactions to features in production”
  7. 7. Benefits of cloud unlocked with DevOps • Agility • Availability & reliability • Security • Performance, scalability, & elasticity • Cost optimization
  8. 8. Infrastructure as code • Realize DevOps efficiencies for your infrastructure management • Tighter coupling of infrastructure to application • Minimize release friction • Predictable performance (Staging == Production) • Cost optimization with upstream “right sizing”
  9. 9. Dev Machine Continuous Integration Server Build / Compile Unit Test Code Coverage Code Optimize Package Deploy Production QA Development Application Code Application Production QA Development Infrastructure Continuous integration
  10. 10. Dev Machine Continuous Integration Server Build / Compile Unit Test Code Coverage Code Optimize Package Deploy Production QA Development Application Code Dev Machine Infrastructure Code • Ansible Playbooks • Chef Recipes • CloudFormation • Terraform Application Production QA Development Infrastructure Continuous integration
  11. 11. Dev Machine Application Dev Machine Infrastructure Code Pipeline Production QA Development Version Control Continuous Integration Continuous Delivery Tools DEVELOPERS Continuous delivery pipeline
  12. 12. Systems thinking ● Manufacturing (and IT) move only as fast as the slowest component ● Optimization anywhere but the bottleneck is an illusion
  13. 13. Where is your bottleneck?
  14. 14. Where is your bottleneck? There it is!
  15. 15. Where is your bottleneck? Hero There it is!
  16. 16. Heroes are in high demand Hero I need this now! I need this now! I need this now! I need this now! I need this now! I need this now!
  17. 17. Buses (and recruiters) like heroes Hero
  18. 18. Option #1: Run at the speed of the bottleneck
  19. 19. Option #2: Fix the bottleneck!
  20. 20. Hero as code CodeHero
  21. 21. Step 1: Translate infrastructure into code CodeInfrastructure ● Define intent, policy, architecture ● Apply across device type, vendor Servers Storage Networking
  22. 22. Step 2: Insert that code into your DevOps process DEPLOY TEST OPERATE PLAN DEVELOP ● Revision control, configuration management ● Ensure an ongoing steady state ● Automated testing, reduce human error
  23. 23. Step 3: Communicate with code Developers Operations Security team
  24. 24. What is Ansible? Ansible Core is an automation engine that runs Ansible Playbooks. Ansible Tower is an enterprise framework for controlling, securing, and managing your Ansible automation with a UI and RESTful API. Ansible is a simple automation language that can perfectly describe an IT application infrastructure in Ansible Playbooks.
  25. 25. Why Ansible? POWERFUL AGENTLESS Image updates Configuration management Configuration validation Compliance Orchestrate the network lifecycle Human readable automation No special coding skills needed Tasks executed in order Get productive quickly Agentless architecture Uses OpenSSH & WinRM No agents to exploit or update More efficient & more secure SIMPLE
  26. 26. Ansible under the hood ANSIBLE’S AUTOMATION ENGINE ANSIBLE PLAYBOOK PUBLIC / PRIVATE CLOUD CMDB USERS INVENTORY HOSTS NETWORKING PLUGINS API MODULES
  27. 27. Config example vars: ntp_servers: - 10.11.160.238 - 10.5.27.10 tasks: - name: Set the switch name and domain name nxos_config: lines: - "hostname {{ inventory_hostname }}" - ip domain-name lab.eng.rdu.redhat.com provider: "{{ cli }}" - name: Set the NTP server nxos_ntp: server: "{{ item }}" prefer: enabled provider: "{{ cli }}" with_items: "{{ ntp_servers }}"
  28. 28. Config example vars: ntp_servers: - 10.11.160.238 - 10.5.27.10 tasks: - name: Set the switch name and domain name nxos_config: lines: - "hostname {{ inventory_hostname }}" - ip domain-name lab.eng.rdu.redhat.com provider: "{{ cli }}" - name: Set the NTP server nxos_ntp: server: "{{ item }}" prefer: enabled provider: "{{ cli }}" with_items: "{{ ntp_servers }}"
  29. 29. Config example vars: ntp_servers: - 10.11.160.238 - 10.5.27.10 tasks: - name: Set the switch name and domain name nxos_config: lines: - "hostname {{ inventory_hostname }}" - ip domain-name lab.eng.rdu.redhat.com provider: "{{ cli }}" - name: Set the NTP server nxos_ntp: server: "{{ item }}" prefer: enabled provider: "{{ cli }}" with_items: "{{ ntp_servers }}"
  30. 30. Config example vars: ntp_servers: - 10.11.160.238 - 10.5.27.10 tasks: - name: Set the switch name and domain name nxos_config: lines: - "hostname {{ inventory_hostname }}" - ip domain-name lab.eng.rdu.redhat.com provider: "{{ cli }}" - name: Set the NTP server nxos_ntp: server: "{{ item }}" prefer: enabled provider: "{{ cli }}" with_items: "{{ ntp_servers }}"
  31. 31. Config example $ ansible-playbook --ask-vault-pass -i ucso-hosts configure-tor.yml Vault password: PLAY [ucso-tor] **************************************************************** TASK [Set the switch name and domain name] ************************************* ok: [nexus-sw03-mgmt] ok: [nexus-sw04-mgmt] TASK [Set the NTP server] ****************************************************** ok: [nexus-sw03-mgmt] => (item=10.11.160.238) ok: [nexus-sw04-mgmt] => (item=10.11.160.238) changed: [nexus-sw04-mgmt] => (item=10.5.27.10) changed: [nexus-sw03-mgmt] => (item=10.5.27.10) PLAY RECAP ********************************************************************* nexus-sw03-mgmt : ok=2 changed=1 unreachable=0 failed=0 nexus-sw04-mgmt : ok=2 changed=1 unreachable=0 failed=0
  32. 32. Infrastructure-agnostic automation project_tag: foo tenant_nets: - 192.133.157.0/24 fw_outside_ip: 192.133.159.73 fw_inside_ip: 192.133.159.137 vlan_data: - { id: 600, name: foo-external } - { id: 601, name: foo-provider601 } svis: - { id: 600, cidr: 192.133.157.1/27, vrf: foo, switch: "csn-sjc18 - { id: 601, cidr: 192.133.157.33/27, vrf: foo, switch: "csn-sjc1 port_data: - { desc: "mcp1.titan1", switch: "aa17-n9k-1", interface: "Ethern - { desc: "mcp1.titan1", switch: "aa17-n9k-2", interface: "Ethern - name: Creating vlans nxos_vlan: host: "{{ item[0] }}" transport: cli vlan_id: "{{ item[1].id }}" state: "{{ item[1].state | default('present') }}" admin_state: "{{ item[1].admin | default('up') }}" name: "{{ item[1].name }}" with_nested: - "{{ vlan_devices | default([]) }}" - "{{ vlan_data | default([]) }}" - name: Create the SVI interfaces nxos_interface: host: "{{ item.switch }}" transport: cli interface: "vlan{{ item.id }}" admin_state: up with_items: "{{ svi_data | default([]) }}" Definition Implementation Define once Apply many
  33. 33. Pipeline all the things! Source repository CI/CD engineDev Playbook Code Container VM/Instance
  34. 34. API all the things! Well-defined role-based API Easily customizable back end Servers Storage Networking
  35. 35. Red Hat OpenShift
  36. 36. Open service broker API • Defines HTTP interface between services & marketplace • Service brokers advertise service offerings • Service brokers act on requests from the marketplace • provision • bind • unbind • de-provision
  37. 37. Ansible service broker architecture overview Ansible Runtime Directory of files Ansible Playbook Bundle provision.yaml deprovision.yaml bind.yaml unbind.yaml ansibleapp.json Deployment Role Service Consumer Ansible Service Broker Red Hat Container Catalog Ansible Playbook Bundle Service Broker Service Broker Service Broker Ansible Playbook Bundle OpenShift Service docker run $appname $method $vars ansible-playbook $method.yaml $vars • catalog • provision • deprovision • bind • unbind OpenShift Mall / Service Catalog Example Ansible Playbook Bundles: • ELK, Etherpad, Foreman, Galera • ManageIQ, MongoDB, PostgreSQL • Foreman, Pulp, Wordpress • External MLAB MongoDB SaaS • and more...
  38. 38. - name: Create AWS region VPC ec2_vpc_net: aws_access_key: "{{ aws_access_key }}" aws_secret_key: "{{ aws_secret_key }}" name: "{{ region_info.project }}" cidr_block: "{{ region_info.cidr }}" region: "{{ region_name }}" tags: tenant: "{{ region_info.project | default(tenant_name) }}" tenancy: dedicated register: vpc_result - name: Create AWS region subnets ec2_vpc_subnet: aws_access_key: "{{ aws_access_key }}" aws_secret_key: "{{ aws_secret_key }}" state: "{{ tenant_network_item.state | default('present') }}" vpc_id: '{{ vpc_result.vpc.id }}' cidr: "{{ tenant_network_item.cidr }}" region: "{{ region_name }}" az: "{{ tenant_network_item.az }}" Creating the infrastructure for the AWS service
  39. 39. Creating the infrastructure for OpenShift - name: Create LUN na_cdot_lun: state: present name: ansibleLUN flexvol_name: ansibleVolume vserver: ansibleVServer size: 5 size_unit: mb hostname: “{{ netapp_hostname }}” username: “{{ netapp_username }}” password: “{{ netapp_password }}” - name: Boot the Server ipmi_boot: name: test.testdomain.com user: admin password: password bootdev: network state: absent - name: Ensure VLANs are present nxos_vlan: vlan_range: "2-10,20” state: present
  40. 40. Putting it all together Source repository CI/CD engineDev Infrastructure Platform Application AWS services
  41. 41. CDN DNS Elastic Load Balancing DevOps driven, services based, hybrid cloud Private TierPublic TierDelivery Services Tier
  42. 42. Thank you!

×