SlideShare a Scribd company logo

Building Immutable Machine Images with Packer and Ansible

Download as PPTX, PDF
Jason Harley
Jason Harley

Slides from a talk given at DevOps Toronto's monthly meetup held on Nov. 7, 2017 at Indigo Digital. Abstract: Immutable Infrastructure promises stability and repeatability for your environment and is considered by many to be the "enlightened stage" of an Infrastructure as Code practice. The benefits of immutability in infrastructure seem obvious: if you know a system has been created via automation that you trust, and hasn't been changed since creation, then making changes quickly seems far less risky. In a cloud-based environment, Immutable Infrastructure starts with trusted, immutable machine images. Building these images can quickly outgrow bespoke scripts, and this bespoke tooling quickly begins to feel you're duplicating effort if you already have configuration management in house. In this talk, HashiCorp's Packer will be paired with Ansible to iteratively build and test an immutable AWS AMI. The techniques and workflow should be transferrable to other configuration management tools (Chef, Puppet, Salt, et cetera) or cloud platforms (GCP, Azure, OpenStack, et cetera).

Technology
1 of 25
Building Immutable Machine Images with Packer and Ansible How I Learned to Stop Worrying and Love the Machine
Introductions @redmind Jason Harley jharley@streetcontxt.com @redmind https://www.linkedin.com/in/jharley/ https://github.com/jharley
Introductions: Street Contxt
@redmind im· mu· ta· ble i(m)ˈmyo͞odəb(ə)l/ adjective Unchanging over time or unable to be changed. “an immutable fact” synonyms: fixed, set, rigid, inflexible, permanent, established, carved in stone
Immutability in DevOps • Promises stability and repeatability  Fast deploys?  On-demand scaling?  What’s this got to do with DevOps?  Business Velocity and Quality? • Peak Infrastructure as Code? @redmind
Toolchain • Packer • Ansible • Molecule • TestInfra • CircleCI @redmind
Toolchain: Packer • Entirely focused on building machine images • Similar core concepts to other tools in the “HashiStack”  Builders  Provisioners • We define Templates made up of collections of Builders and Provisioners • We build Artifacts with Templates • Packer has first-class Builder support for most cloud and virtualization platforms • Packer has first-class Provisioner support for many configuration management tools @redmind
Toolchain: Ansible • Popular, agentless, Python-based Configuration Management • Made up of Playbooks, Roles, Tasks and Modules  Rich module library and community • Maybe lacking a bit of workflow guidance… • Has the ability to build AMIs natively?! @redmind
Toolchain: Molecule • A(n opinionated) solution to the Ansible role development workflow problem • Inspired by Test-Kitchen, but is Python based so you don't need a full Ruby stack to do Ansible development • Molecule will help you write better Ansible roles @redmind
Toolchain: TestInfra • Aims to be a Serverspec equivalent written in Python • Plugin to Pytest • One of the two test frameworks natively supported by Molecule @redmind
Toolchain: CircleCI • In-repo, YAML-based CI tool • CircleCI 2 is new(ish) and has native Docker support • Frankly, it meant I didn’t have to setup Jenkins… @redmind
Building Trust • Trust may well be ”Immutability’s Chasm” • Getting to shipping images to environments is about trust • We build trust with Pipelines and tests @redmind
Building Trust: Ansible Role • Writing roles, testing, and versioning them independently means they're real software  Reusable, automation libraries • You manage dependencies with ansible-galaxy • Molecule helps us write better roles  an opinionated workflow that lets us focus on developing the role @redmind
Building Trust: Ansible Role • One repo-per-role has three major advantages  you can make breaking changes (because tags are wonderful)  you can re-use the role in a variety of ways and places  you have gained good Separation of Concerns • Role testing is -- largely -- unit testing  Molecule has support for integration and sophisticated clustering scenarios @redmind
Building Trust: Ansible Role @redmind Checkout Syntax Check Setup Test Environment Converge Idempotence Check Lint Verify Cleanup
Building Trust: Ansible Role @redmind <10 000ft repository view> https://github.com/jharley/ansible-example-base
Building Trust: Packer Image • Packer is a specialized tool focused on building image artifacts • It makes some difficult things quite elegant and easy  encryption  sharing between accounts  parallelization of the build @redmind
Building Trust: Packer Image • Simple example goes a long way • Single Builder with a Provisioner pipeline  ebs_builder - creates an AMI by launching an EC2 instance from a source AMI • Build a base image for your organization  Use a base role (or a collection of roles you view as the baseline for your environments) • As you build more purpose-built images, this trusted base offers you a lot of ”organizational boilerplate” you no longer need to worry about  You also don’t need to test what you trust nearly as much @redmind
Building Trust: Packer Image @redmind Checkout Setup Build Environment Validate Template Build & Provision Image Launch and Verify Image Tag Image as Verified
Building Trust: Packer Image @redmind <10 000ft repository view> https://github.com/jharley/packer-example-base
Live Coding @redmind
Immutability and Configuration • This is the most challenging bit  No magic bullets… • Often specific to your applications and environments • Common solutions  user-data  tags  DNS  AWS EC2 Systems Manager (SSM)  ZooKeeper  Consul and Vault @redmind
Immutability and Configuration • Build AMIs that are ~90% configured • Finish on boot with environment-aware introspection • Build sources of truth for your environment, that meets your needs, operational comfort, and security posture • Don’t got caught up in semantics… @redmind
Questions? @redmind Jason Harley jharley@streetcontxt.com @redmind https://www.linkedin.com/in/jharley/ https://github.com/jharley
Addendum: Repository Links • ansible-example-base – https://github.com/jharley/ansible-example-base • packer-example-base – https://github.com/jharley/packer-example-base • ansible-example-appserver – https://github.com/jharley/ansible-example-appserver • packer-example-appserver – https://github.com/jharley/packer-example-appserver @redmind

Recommended

Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scaleAlex Schoof
 
SRE-iously! Reliability!
SRE-iously! Reliability!SRE-iously! Reliability!
SRE-iously! Reliability!New Relic
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to VaultKnoldus Inc.
 
Continuous Delivery
Continuous DeliveryContinuous Delivery
Continuous DeliveryMike McGarr
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introductionJason Vance
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWSAmazon Web Services
 
DevOps - A Gentle Introduction
DevOps - A Gentle IntroductionDevOps - A Gentle Introduction
DevOps - A Gentle IntroductionCodeOps Technologies LLP
 
Build CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesBuild CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesAmazon Web Services
 

Recommended

Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scaleAlex Schoof
 
SRE-iously! Reliability!
SRE-iously! Reliability!SRE-iously! Reliability!
SRE-iously! Reliability!New Relic
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to VaultKnoldus Inc.
 
Continuous Delivery
Continuous DeliveryContinuous Delivery
Continuous DeliveryMike McGarr
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introductionJason Vance
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWSAmazon Web Services
 
DevOps - A Gentle Introduction
DevOps - A Gentle IntroductionDevOps - A Gentle Introduction
DevOps - A Gentle IntroductionCodeOps Technologies LLP
 
Build CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesBuild CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesAmazon Web Services
 
Building CI/CD Pipelines with Jenkins and Kubernetes
Building CI/CD Pipelines with Jenkins and KubernetesBuilding CI/CD Pipelines with Jenkins and Kubernetes
Building CI/CD Pipelines with Jenkins and KubernetesJanakiram MSV
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with AnsibleSwapnil Jain
 
SRE-iously! Defining the Principles, Habits, and Practices of Site Reliabilit...
SRE-iously! Defining the Principles, Habits, and Practices of Site Reliabilit...SRE-iously! Defining the Principles, Habits, and Practices of Site Reliabilit...
SRE-iously! Defining the Principles, Habits, and Practices of Site Reliabilit...Tori Wieldt
 
DevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsDevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsRed Gate Software
 
DevOps & SRE at Google Scale
DevOps & SRE at Google ScaleDevOps & SRE at Google Scale
DevOps & SRE at Google ScaleKaushik Bhattacharya
 
Service mesh
Service meshService mesh
Service meshArnab Mitra
 
Packer by HashiCorp
Packer by HashiCorpPacker by HashiCorp
Packer by HashiCorpŁukasz Cieśluk
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices Hendri Karisma
 
Site reliability engineering
Site reliability engineeringSite reliability engineering
Site reliability engineeringJason Loeffler
 
Overview of secret management solutions and architecture
Overview of secret management solutions and architectureOverview of secret management solutions and architecture
Overview of secret management solutions and architectureYuechuan (Mike) Chen
 
Terraform
TerraformTerraform
TerraformChristophe Marchal
 
Building robust and friendly command line applications in go
Building robust and friendly command line applications in goBuilding robust and friendly command line applications in go
Building robust and friendly command line applications in goAndrii Soldatenko
 
Final terraform
Final terraformFinal terraform
Final terraformGourav Varma
 
Introduction to Docker Compose
Introduction to Docker ComposeIntroduction to Docker Compose
Introduction to Docker ComposeAjeet Singh Raina
 
DevOps: Infrastructure as Code
DevOps: Infrastructure as CodeDevOps: Infrastructure as Code
DevOps: Infrastructure as CodeJulio Aziz Flores Casab
 
Intro to DevOps
Intro to DevOpsIntro to DevOps
Intro to DevOpsErnest Mueller
 
DevOps and Tools
DevOps and ToolsDevOps and Tools
DevOps and ToolsMohammed Fazuluddin
 
Build automated Machine Images using Packer
Build automated Machine Images using PackerBuild automated Machine Images using Packer
Build automated Machine Images using PackerMarek Piątek
 
Getting started with Site Reliability Engineering (SRE)
Getting started with Site Reliability Engineering (SRE)Getting started with Site Reliability Engineering (SRE)
Getting started with Site Reliability Engineering (SRE)Abeer R
 
Understanding DevOps
Understanding DevOpsUnderstanding DevOps
Understanding DevOpsInnoTech
 
Features, Exportables & You
Features, Exportables & YouFeatures, Exportables & You
Features, Exportables & Youjskulski
 
Docker for developers - The big picture
Docker for developers - The big pictureDocker for developers - The big picture
Docker for developers - The big pictureGeorge Dyrrahitis
 

More Related Content

What's hot

Building CI/CD Pipelines with Jenkins and Kubernetes
Building CI/CD Pipelines with Jenkins and KubernetesBuilding CI/CD Pipelines with Jenkins and Kubernetes
Building CI/CD Pipelines with Jenkins and KubernetesJanakiram MSV
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with AnsibleSwapnil Jain
 
SRE-iously! Defining the Principles, Habits, and Practices of Site Reliabilit...
SRE-iously! Defining the Principles, Habits, and Practices of Site Reliabilit...SRE-iously! Defining the Principles, Habits, and Practices of Site Reliabilit...
SRE-iously! Defining the Principles, Habits, and Practices of Site Reliabilit...Tori Wieldt
 
DevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsDevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsRed Gate Software
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices Hendri Karisma
 
Site reliability engineering
Site reliability engineeringSite reliability engineering
Site reliability engineeringJason Loeffler
 
Overview of secret management solutions and architecture
Overview of secret management solutions and architectureOverview of secret management solutions and architecture
Overview of secret management solutions and architectureYuechuan (Mike) Chen
 
Building robust and friendly command line applications in go
Building robust and friendly command line applications in goBuilding robust and friendly command line applications in go
Building robust and friendly command line applications in goAndrii Soldatenko
 
Introduction to Docker Compose
Introduction to Docker ComposeIntroduction to Docker Compose
Introduction to Docker ComposeAjeet Singh Raina
 
Build automated Machine Images using Packer
Build automated Machine Images using PackerBuild automated Machine Images using Packer
Build automated Machine Images using PackerMarek Piątek
 
Getting started with Site Reliability Engineering (SRE)
Getting started with Site Reliability Engineering (SRE)Getting started with Site Reliability Engineering (SRE)
Getting started with Site Reliability Engineering (SRE)Abeer R
 
Understanding DevOps
Understanding DevOpsUnderstanding DevOps
Understanding DevOpsInnoTech
 

What's hot (20)

Building CI/CD Pipelines with Jenkins and Kubernetes
Building CI/CD Pipelines with Jenkins and KubernetesBuilding CI/CD Pipelines with Jenkins and Kubernetes
Building CI/CD Pipelines with Jenkins and Kubernetes
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with Ansible
 
SRE-iously! Defining the Principles, Habits, and Practices of Site Reliabilit...
SRE-iously! Defining the Principles, Habits, and Practices of Site Reliabilit...SRE-iously! Defining the Principles, Habits, and Practices of Site Reliabilit...
SRE-iously! Defining the Principles, Habits, and Practices of Site Reliabilit...
 
DevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsDevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOps
 
DevOps & SRE at Google Scale
DevOps & SRE at Google ScaleDevOps & SRE at Google Scale
DevOps & SRE at Google Scale
 
Service mesh
Service meshService mesh
Service mesh
 
Packer by HashiCorp
Packer by HashiCorpPacker by HashiCorp
Packer by HashiCorp
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
 
Site reliability engineering
Site reliability engineeringSite reliability engineering
Site reliability engineering
 
Overview of secret management solutions and architecture
Overview of secret management solutions and architectureOverview of secret management solutions and architecture
Overview of secret management solutions and architecture
 
Terraform
TerraformTerraform
Terraform
 
Building robust and friendly command line applications in go
Building robust and friendly command line applications in goBuilding robust and friendly command line applications in go
Building robust and friendly command line applications in go
 
Final terraform
Final terraformFinal terraform
Final terraform
 
Introduction to Docker Compose
Introduction to Docker ComposeIntroduction to Docker Compose
Introduction to Docker Compose
 
DevOps: Infrastructure as Code
DevOps: Infrastructure as CodeDevOps: Infrastructure as Code
DevOps: Infrastructure as Code
 
Intro to DevOps
Intro to DevOpsIntro to DevOps
Intro to DevOps
 
DevOps and Tools
DevOps and ToolsDevOps and Tools
DevOps and Tools
 
Build automated Machine Images using Packer
Build automated Machine Images using PackerBuild automated Machine Images using Packer
Build automated Machine Images using Packer
 
Getting started with Site Reliability Engineering (SRE)
Getting started with Site Reliability Engineering (SRE)Getting started with Site Reliability Engineering (SRE)
Getting started with Site Reliability Engineering (SRE)
 
Understanding DevOps
Understanding DevOpsUnderstanding DevOps
Understanding DevOps
 

Similar to Building Immutable Machine Images with Packer and Ansible

Features, Exportables & You
Features, Exportables & YouFeatures, Exportables & You
Features, Exportables & Youjskulski
 
Docker for developers - The big picture
Docker for developers - The big pictureDocker for developers - The big picture
Docker for developers - The big pictureGeorge Dyrrahitis
 
Using BladeRunnerJS to Build Front-End Apps that Scale - Fluent 2014
Using BladeRunnerJS to Build Front-End Apps that Scale - Fluent 2014Using BladeRunnerJS to Build Front-End Apps that Scale - Fluent 2014
Using BladeRunnerJS to Build Front-End Apps that Scale - Fluent 2014Phil Leggetter
 
Patterns and practices for building enterprise-scale HTML5 apps
Patterns and practices for building enterprise-scale HTML5 appsPatterns and practices for building enterprise-scale HTML5 apps
Patterns and practices for building enterprise-scale HTML5 appsPhil Leggetter
 
RightScale User Conference: Why RightScale?
RightScale User Conference: Why RightScale?RightScale User Conference: Why RightScale?
RightScale User Conference: Why RightScale?Erik Osterman
 
Docs Like Code: Strategies and Stories
Docs Like Code: Strategies and StoriesDocs Like Code: Strategies and Stories
Docs Like Code: Strategies and StoriesAnne Gentle
 
Gradle - From minutes to seconds: minimizing build times
Gradle - From minutes to seconds: minimizing build timesGradle - From minutes to seconds: minimizing build times
Gradle - From minutes to seconds: minimizing build timesRene Gröschke
 
565847651-Az-400t00a-Enu-Powerpoint-05.pptx
565847651-Az-400t00a-Enu-Powerpoint-05.pptx565847651-Az-400t00a-Enu-Powerpoint-05.pptx
565847651-Az-400t00a-Enu-Powerpoint-05.pptxCharlstonMVita
 
Ten Advices for Architects
Ten Advices for ArchitectsTen Advices for Architects
Ten Advices for ArchitectsEberhard Wolff
 
Azure Resource Manager templates: Improve deployment time and reusability
Azure Resource Manager templates: Improve deployment time and reusabilityAzure Resource Manager templates: Improve deployment time and reusability
Azure Resource Manager templates: Improve deployment time and reusabilityStephane Lapointe
 
10 Hinweise für Architekten
10 Hinweise für Architekten10 Hinweise für Architekten
10 Hinweise für Architektenadesso AG
 
Software Architecture and Architectors: useless VS valuable
Software Architecture and Architectors: useless VS valuableSoftware Architecture and Architectors: useless VS valuable
Software Architecture and Architectors: useless VS valuableComsysto Reply GmbH
 
CQRS recipes or how to cook your architecture
CQRS recipes or how to cook your architectureCQRS recipes or how to cook your architecture
CQRS recipes or how to cook your architectureThomas Jaskula
 
Commonly used design patterns
Commonly used design patternsCommonly used design patterns
Commonly used design patternsMojammel Haque
 
Java EE revisits design patterns
Java EE revisits design patternsJava EE revisits design patterns
Java EE revisits design patternsAlex Theedom
 
Java EE Revisits Design Patterns
Java EE Revisits Design PatternsJava EE Revisits Design Patterns
Java EE Revisits Design PatternsAlex Theedom
 
SE2016 - Java EE revisits design patterns 2016
SE2016 - Java EE revisits design patterns 2016SE2016 - Java EE revisits design patterns 2016
SE2016 - Java EE revisits design patterns 2016Alex Theedom
 

Similar to Building Immutable Machine Images with Packer and Ansible (20)

Features, Exportables & You
Features, Exportables & YouFeatures, Exportables & You
Features, Exportables & You
 
Docker for developers - The big picture
Docker for developers - The big pictureDocker for developers - The big picture
Docker for developers - The big picture
 
Using BladeRunnerJS to Build Front-End Apps that Scale - Fluent 2014
Using BladeRunnerJS to Build Front-End Apps that Scale - Fluent 2014Using BladeRunnerJS to Build Front-End Apps that Scale - Fluent 2014
Using BladeRunnerJS to Build Front-End Apps that Scale - Fluent 2014
 
Patterns and practices for building enterprise-scale HTML5 apps
Patterns and practices for building enterprise-scale HTML5 appsPatterns and practices for building enterprise-scale HTML5 apps
Patterns and practices for building enterprise-scale HTML5 apps
 
Power of Azure Devops
Power of Azure DevopsPower of Azure Devops
Power of Azure Devops
 
RightScale User Conference: Why RightScale?
RightScale User Conference: Why RightScale?RightScale User Conference: Why RightScale?
RightScale User Conference: Why RightScale?
 
Docs Like Code: Strategies and Stories
Docs Like Code: Strategies and StoriesDocs Like Code: Strategies and Stories
Docs Like Code: Strategies and Stories
 
Gradle - From minutes to seconds: minimizing build times
Gradle - From minutes to seconds: minimizing build timesGradle - From minutes to seconds: minimizing build times
Gradle - From minutes to seconds: minimizing build times
 
565847651-Az-400t00a-Enu-Powerpoint-05.pptx
565847651-Az-400t00a-Enu-Powerpoint-05.pptx565847651-Az-400t00a-Enu-Powerpoint-05.pptx
565847651-Az-400t00a-Enu-Powerpoint-05.pptx
 
Ten Advices for Architects
Ten Advices for ArchitectsTen Advices for Architects
Ten Advices for Architects
 
Custom vision
Custom visionCustom vision
Custom vision
 
Azure Resource Manager templates: Improve deployment time and reusability
Azure Resource Manager templates: Improve deployment time and reusabilityAzure Resource Manager templates: Improve deployment time and reusability
Azure Resource Manager templates: Improve deployment time and reusability
 
10 Hinweise für Architekten
10 Hinweise für Architekten10 Hinweise für Architekten
10 Hinweise für Architekten
 
Software Architecture and Architectors: useless VS valuable
Software Architecture and Architectors: useless VS valuableSoftware Architecture and Architectors: useless VS valuable
Software Architecture and Architectors: useless VS valuable
 
CQRS recipes or how to cook your architecture
CQRS recipes or how to cook your architectureCQRS recipes or how to cook your architecture
CQRS recipes or how to cook your architecture
 
Commonly used design patterns
Commonly used design patternsCommonly used design patterns
Commonly used design patterns
 
Java EE revisits design patterns
Java EE revisits design patternsJava EE revisits design patterns
Java EE revisits design patterns
 
iRECON 2016 Virtual RE Conference - The Future of Requirements Engineering in...
iRECON 2016 Virtual RE Conference - The Future of Requirements Engineering in...iRECON 2016 Virtual RE Conference - The Future of Requirements Engineering in...
iRECON 2016 Virtual RE Conference - The Future of Requirements Engineering in...
 
Java EE Revisits Design Patterns
Java EE Revisits Design PatternsJava EE Revisits Design Patterns
Java EE Revisits Design Patterns
 
SE2016 - Java EE revisits design patterns 2016
SE2016 - Java EE revisits design patterns 2016SE2016 - Java EE revisits design patterns 2016
SE2016 - Java EE revisits design patterns 2016
 

Recently uploaded

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 

Recently uploaded (20)

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 

Building Immutable Machine Images with Packer and Ansible

  • 1. Building Immutable Machine Images with Packer and Ansible How I Learned to Stop Worrying and Love the Machine
  • 4. @redmind im· mu· ta· ble i(m)ˈmyo͞odəb(ə)l/ adjective Unchanging over time or unable to be changed. “an immutable fact” synonyms: fixed, set, rigid, inflexible, permanent, established, carved in stone
  • 5. Immutability in DevOps • Promises stability and repeatability  Fast deploys?  On-demand scaling?  What’s this got to do with DevOps?  Business Velocity and Quality? • Peak Infrastructure as Code? @redmind
  • 6. Toolchain • Packer • Ansible • Molecule • TestInfra • CircleCI @redmind
  • 7. Toolchain: Packer • Entirely focused on building machine images • Similar core concepts to other tools in the “HashiStack”  Builders  Provisioners • We define Templates made up of collections of Builders and Provisioners • We build Artifacts with Templates • Packer has first-class Builder support for most cloud and virtualization platforms • Packer has first-class Provisioner support for many configuration management tools @redmind
  • 8. Toolchain: Ansible • Popular, agentless, Python-based Configuration Management • Made up of Playbooks, Roles, Tasks and Modules  Rich module library and community • Maybe lacking a bit of workflow guidance… • Has the ability to build AMIs natively?! @redmind
  • 9. Toolchain: Molecule • A(n opinionated) solution to the Ansible role development workflow problem • Inspired by Test-Kitchen, but is Python based so you don't need a full Ruby stack to do Ansible development • Molecule will help you write better Ansible roles @redmind
  • 10. Toolchain: TestInfra • Aims to be a Serverspec equivalent written in Python • Plugin to Pytest • One of the two test frameworks natively supported by Molecule @redmind
  • 11. Toolchain: CircleCI • In-repo, YAML-based CI tool • CircleCI 2 is new(ish) and has native Docker support • Frankly, it meant I didn’t have to setup Jenkins… @redmind
  • 12. Building Trust • Trust may well be ”Immutability’s Chasm” • Getting to shipping images to environments is about trust • We build trust with Pipelines and tests @redmind
  • 13. Building Trust: Ansible Role • Writing roles, testing, and versioning them independently means they're real software  Reusable, automation libraries • You manage dependencies with ansible-galaxy • Molecule helps us write better roles  an opinionated workflow that lets us focus on developing the role @redmind
  • 14. Building Trust: Ansible Role • One repo-per-role has three major advantages  you can make breaking changes (because tags are wonderful)  you can re-use the role in a variety of ways and places  you have gained good Separation of Concerns • Role testing is -- largely -- unit testing  Molecule has support for integration and sophisticated clustering scenarios @redmind
  • 15. Building Trust: Ansible Role @redmind Checkout Syntax Check Setup Test Environment Converge Idempotence Check Lint Verify Cleanup
  • 16. Building Trust: Ansible Role @redmind <10 000ft repository view> https://github.com/jharley/ansible-example-base
  • 17. Building Trust: Packer Image • Packer is a specialized tool focused on building image artifacts • It makes some difficult things quite elegant and easy  encryption  sharing between accounts  parallelization of the build @redmind
  • 18. Building Trust: Packer Image • Simple example goes a long way • Single Builder with a Provisioner pipeline  ebs_builder - creates an AMI by launching an EC2 instance from a source AMI • Build a base image for your organization  Use a base role (or a collection of roles you view as the baseline for your environments) • As you build more purpose-built images, this trusted base offers you a lot of ”organizational boilerplate” you no longer need to worry about  You also don’t need to test what you trust nearly as much @redmind
  • 19. Building Trust: Packer Image @redmind Checkout Setup Build Environment Validate Template Build & Provision Image Launch and Verify Image Tag Image as Verified
  • 20. Building Trust: Packer Image @redmind <10 000ft repository view> https://github.com/jharley/packer-example-base
  • 22. Immutability and Configuration • This is the most challenging bit  No magic bullets… • Often specific to your applications and environments • Common solutions  user-data  tags  DNS  AWS EC2 Systems Manager (SSM)  ZooKeeper  Consul and Vault @redmind
  • 23. Immutability and Configuration • Build AMIs that are ~90% configured • Finish on boot with environment-aware introspection • Build sources of truth for your environment, that meets your needs, operational comfort, and security posture • Don’t got caught up in semantics… @redmind
  • 25. Addendum: Repository Links • ansible-example-base – https://github.com/jharley/ansible-example-base • packer-example-base – https://github.com/jharley/packer-example-base • ansible-example-appserver – https://github.com/jharley/ansible-example-appserver • packer-example-appserver – https://github.com/jharley/packer-example-appserver @redmind