SlideShare a Scribd company logo

Deploying your SaaS stack OnPrem

Download as ODP, PDF
Kris Buytaert
Kris Buytaert

Lessons learned from deploying an operational SAAS stack On Prem at a Customer

Technology
1 of 38
Building and Deploying a Saas platform On Prem Kris Buytaert @krisbuytaert Slides by Michel van de Ven and Julien Pivotto
Kris BuytaertKris Buytaert ● I used to be a Dev,I used to be a Dev, ● Then Became an OpThen Became an Op ● Chief Trolling Officer and Open SourceChief Trolling Officer and Open Source Consultant @inuits.euConsultant @inuits.eu ● Everything is an effing DNS ProblemEverything is an effing DNS Problem ● Building Clouds since before the bookstoreBuilding Clouds since before the bookstore ● Some books, some papers, some blogsSome books, some papers, some blogs ● Evangelizing devopsEvangelizing devops
Inuits ● Inuits is an Open Source company • We contribute backWe contribute back ● +85 people in 4 countries (BE, NL, UA,CZ) ● One language: English ● We offer • ConsultingConsulting • DevelopmentDevelopment • DevOopsDevOops • Ops ..Ops .. • and multiple niche Saas Platformsand multiple niche Saas Platforms
Use Case = MediaMosa as a Service
MediaSalsa infrastructure (simplified) ● For each environment (DTAP) • Backends: Core service (MediaMosa)Backends: Core service (MediaMosa) • Frontends: OptionalFrontends: Optional • Web serversWeb servers • Database serversDatabase servers • Solr serversSolr servers • Transcoding serversTranscoding servers • Streaming Servers ..Streaming Servers .. • ……..
Culture Automation Measurement Sharing
Puppet Puppet automates all the things → mcollective orchestrates all the things
CD ● Continuous Delivery vs Continuous Deployment • ““Continuous Delivery doesn't mean every change is deployed toContinuous Delivery doesn't mean every change is deployed to production ASAP. It means every change is proven to be deployable atproduction ASAP. It means every change is proven to be deployable at any time” (@ccaum)any time” (@ccaum) ● Puppet code • Deployed to dev environmentDeployed to dev environment • Same puppet code for each environmentSame puppet code for each environment • User-triggered deployments to UAT & ProdUser-triggered deployments to UAT & Prod • Feature flags in Puppet code per environment (switchable architecture)Feature flags in Puppet code per environment (switchable architecture) ● Application code • Continuous integration in devContinuous integration in dev • Continously deploy to UATContinously deploy to UAT • Continuously deploy on our prod stackContinuously deploy on our prod stack • Continuously wait for customer permission on PremContinuously wait for customer permission on Prem
Testing ● Developers test a lot, but • The tests don’t workThe tests don’t work • It works on my machineIt works on my machine™™ • Wrong platformWrong platform • Wrong PHP versionWrong PHP version Fixed now, thanks to Jenkins!Fixed now, thanks to Jenkins! Fixed now, thanks to JenkinsFixed now, thanks to Jenkins JobDSL / Pipeline as CodeJobDSL / Pipeline as Code
Version Control ● Git ● Code is under revision control • Prefer small commitsPrefer small commits • Trunk based developmentTrunk based development • Branches are considered EVILBranches are considered EVIL • Release management = Git submodulesRelease management = Git submodules ● Infrastructure as code → git / hiera
Using OS packaging system ● Consistency, security, dependencies ● Uniquely identify where files are coming from ● Source repo may not be reachable ● Little overhead when you automate ● Configuration does not belong in a package ● PCS Pattern
Repository ManagementRepository Management
Pipelines ● A collection of jobs ● Run in sequence ● Start on checkout, end on deployment ● From the developers’ side: → Git push ← Mail with changes + link to deploy
Pipelines steps
Scaling PipelinesScaling Pipelines ● Create a Pipeline,Create a Pipeline, ● For job in PipelineFor job in Pipeline • Create new Job Based on OldJobCreate new Job Based on OldJob ● Update One JobUpdate One Job ● Never refactor the restNever refactor the rest
Complex PipelinesComplex Pipelines
Jenkins Job DSLJenkins Job DSL ● GroovyGroovy ● FlexibleFlexible ● Well SupportedWell Supported ● Suitable for more complex PipelinesSuitable for more complex Pipelines https://jenkinsci.github.io/job-dsl-https://jenkinsci.github.io/job-dsl- plugin/plugin/
SeedjobsSeedjobs ● GroovyGroovy ● GitGit ● Rebuild jobs on commitRebuild jobs on commit ● Projects in foldersProjects in folders
Same Pipelines, Tools, Patterns are used by both devs and ops
Culture Automation Measurement Sharing
Icinga ● Monitor everything • vhostsvhosts • databasesdatabases • cronjobscronjobs • unit test suitesunit test suites ● Automated using Puppet • Exported resources / Stored configsExported resources / Stored configs ● If it is deployed it monitored
Logstash ● Collect all the logs • Drupal logsDrupal logs • Apache logsApache logs • Deployment logsDeployment logs • System logsSystem logs ● Interprete, filter and correlate them ● Logstash, ElasticSearch, Kibana, statsd, Graphite, Grafana
Collectd+Graphite+Grafana ● Measure all the things • cpu/memcpu/mem • databasesdatabases • Application metricsApplication metrics • Derived from logsDerived from logs • Business MetricsBusiness Metrics
Culture Automation Measurement Sharing
Open Source ● Mediamosa is Fully Open Source ● Lots of the PuppetCode to deploy it is ● Our passwords etc aren't
e.g MediaSalsa Deployments ● Initially • 1 instance Academic usage @SurfNet1 instance Academic usage @SurfNet • 1 Instance Commercial DC for non-edu1 Instance Commercial DC for non-edu ● Today • 2 academic instances2 academic instances • 1 commercial Saas instance1 commercial Saas instance • 2 on prem deployments2 on prem deployments
Why multiple Deployments ● “Security” • Academic Customer wanted a private tenant for securityAcademic Customer wanted a private tenant for security and privacyand privacy ● Initial hardware investement done already • Public Tender , $customer bought huge amount of storagePublic Tender , $customer bought huge amount of storage • Saas solution charges per TBSaas solution charges per TB • Asked for custom manual deploymentAsked for custom manual deployment ● CIO’s still don’t believe in Cloud/SAAS (2017 !!!!)
Saas vs OnPrem We have automated everything, Infrastructure as Code , Pipeline as Code, Continuous delivery , so deploying this stack another time should be trivial !!
WRONG
Biased Automation ● Works in our infra , our constraints, our expectations ● We expect to have access to our infra • Puppet, monitoring, metrics, repos , jenkins, dnsPuppet, monitoring, metrics, repos , jenkins, dns
VM Provisioning ● Different Technologies • Open vs ProprietaryOpen vs Proprietary • Guess which one is more problematicGuess which one is more problematic ● No access to Internal repositories • (Pulp Mirrors)(Pulp Mirrors) ● Network topologies ● Having to ask to reboot a host ● Having to ask to grow a VM
Security ● IPSec links to all stacks • Our own network complexity has grown exponentiallyOur own network complexity has grown exponentially • Overlapping networksOverlapping networks • Introducing BGP etcIntroducing BGP etc ● Our network = Trusted ● Their network = Hostile • Different approach in host vs network based firewallingDifferent approach in host vs network based firewalling ● User management • Only our accounts in our stack , our ldapOnly our accounts in our stack , our ldap • They want accountsThey want accounts
Variants ● We don’t want exceptions ● They do want exceptions ● Old purchasing mentality • Custom FeaturesCustom Features • Additional ComponentsAdditional Components • It’s “Their” stackIt’s “Their” stack ● Exceptions need to be codified in our infra
Continuous Deployment Delivery ● Deployment isn’t our decision anymore ● Back to fixed deployment windows :( ● Coordination with $customer on when to deploy ● Even for Security Fixes ● For every single instance (except the public SAAS one)
Extreme Cost Difference ● The effort to run 5 stacks in your own infrastructure within your team is smaller than running 1 additional stack on prem at a customer ● Your pragmatic approach does not fit their infrastructure ● You will need to implement features (security/ storage support) that you do not need for your SAAS platform. ● Less movement room to fix stuff . • e.g no “freely” available extra resources disk / memory / cpue.g no “freely” available extra resources disk / memory / cpu • More complex solutions (e.g DBA work..)More complex solutions (e.g DBA work..)
It could have been worse ● We are an Open Source company ● All of our Choices are Open Source by default • We could deploy full stacks On PremWe could deploy full stacks On Prem • Including metrics, log analytics and monitoringIncluding metrics, log analytics and monitoring • We had no external dependenciesWe had no external dependencies • No additional license costsNo additional license costs
If you can choose .. don’t ...don’t ...
ContactContact Kris Buytaert Kris.Buytaert@inuits.euKris Buytaert Kris.Buytaert@inuits.eu Further ReadingFurther Reading @krisbuytaert@krisbuytaert http://www.krisbuytaert.be/blog/http://www.krisbuytaert.be/blog/ http://www.inuits.eu/http://www.inuits.eu/ Inuits.euInuits.eu Essensteenweg 31Essensteenweg 31 BrasschaatBrasschaat BelgiumBelgium 891.514.231891.514.231 +32 475 961221+32 475 961221

Recommended

Pipeline as Code
Pipeline as CodePipeline as Code
Pipeline as Code
Kris Buytaert
 
Pipeline as code for your infrastructure as Code
Pipeline as code for your infrastructure as CodePipeline as code for your infrastructure as Code
Pipeline as code for your infrastructure as Code
Kris Buytaert
 
Moby is killing your devops efforts
Moby is killing your devops effortsMoby is killing your devops efforts
Moby is killing your devops efforts
Kris Buytaert
 
Is there a future for devops ?
Is there a future for devops ?Is there a future for devops ?
Is there a future for devops ?
Kris Buytaert
 
Repositories as Code
Repositories as CodeRepositories as Code
Repositories as Code
Kris Buytaert
 
Automating MySQL operations with Puppet
Automating MySQL operations with PuppetAutomating MySQL operations with Puppet
Automating MySQL operations with Puppet
Kris Buytaert
 
Open Source Monitoring in 2019
Open Source Monitoring in 2019 Open Source Monitoring in 2019
Open Source Monitoring in 2019
Kris Buytaert
 
From devoops to devops
From devoops to devopsFrom devoops to devops
From devoops to devops
Kris Buytaert
 

Recommended

Pipeline as Code
Pipeline as CodePipeline as Code
Pipeline as Code
Kris Buytaert
 
Pipeline as code for your infrastructure as Code
Pipeline as code for your infrastructure as CodePipeline as code for your infrastructure as Code
Pipeline as code for your infrastructure as Code
Kris Buytaert
 
Moby is killing your devops efforts
Moby is killing your devops effortsMoby is killing your devops efforts
Moby is killing your devops efforts
Kris Buytaert
 
Is there a future for devops ?
Is there a future for devops ?Is there a future for devops ?
Is there a future for devops ?
Kris Buytaert
 
Repositories as Code
Repositories as CodeRepositories as Code
Repositories as Code
Kris Buytaert
 
Automating MySQL operations with Puppet
Automating MySQL operations with PuppetAutomating MySQL operations with Puppet
Automating MySQL operations with Puppet
Kris Buytaert
 
Open Source Monitoring in 2019
Open Source Monitoring in 2019 Open Source Monitoring in 2019
Open Source Monitoring in 2019
Kris Buytaert
 
From devoops to devops
From devoops to devopsFrom devoops to devops
From devoops to devops
Kris Buytaert
 
Devops is dead, Long Live Devops
Devops is dead, Long Live DevopsDevops is dead, Long Live Devops
Devops is dead, Long Live Devops
Kris Buytaert
 
Devops is a Security Requirement
Devops is a Security RequirementDevops is a Security Requirement
Devops is a Security Requirement
Kris Buytaert
 
The Return of the Dull Stack Engineer
The Return of the Dull Stack EngineerThe Return of the Dull Stack Engineer
The Return of the Dull Stack Engineer
Kris Buytaert
 
Continuous Infrastructure First
Continuous Infrastructure FirstContinuous Infrastructure First
Continuous Infrastructure First
Kris Buytaert
 
GitOps , done Right
GitOps , done RightGitOps , done Right
GitOps , done Right
Kris Buytaert
 
Nightmare on Docker street
Nightmare on Docker streetNightmare on Docker street
Nightmare on Docker street
Kris Buytaert
 
Migrating to Puppet 5
Migrating to Puppet 5Migrating to Puppet 5
Migrating to Puppet 5
Kris Buytaert
 
Dev secops opsec, devsec, devops ?
Dev secops opsec, devsec, devops ?Dev secops opsec, devsec, devops ?
Dev secops opsec, devsec, devops ?
Kris Buytaert
 
Docker is killing your #devops Efforts
Docker is killing your #devops EffortsDocker is killing your #devops Efforts
Docker is killing your #devops Efforts
Kris Buytaert
 
From MonitoringSucks to Monitoring Love , 2016 Edition
From MonitoringSucks to Monitoring Love , 2016 EditionFrom MonitoringSucks to Monitoring Love , 2016 Edition
From MonitoringSucks to Monitoring Love , 2016 Edition
Kris Buytaert
 
Can we fix dev-oops ?
Can we fix dev-oops ?Can we fix dev-oops ?
Can we fix dev-oops ?
Kris Buytaert
 
Groovy there's a docker in my application pipeline
Groovy there's a docker in my application pipelineGroovy there's a docker in my application pipeline
Groovy there's a docker in my application pipeline
Kris Buytaert
 
Continuous Infrastructure First
Continuous Infrastructure FirstContinuous Infrastructure First
Continuous Infrastructure First
Kris Buytaert
 
The influence of "Distributed platforms" on #devops
The influence of "Distributed platforms" on #devopsThe influence of "Distributed platforms" on #devops
The influence of "Distributed platforms" on #devops
Kris Buytaert
 
On the Importance of Infrastructure as Code
On the Importance of Infrastructure as CodeOn the Importance of Infrastructure as Code
On the Importance of Infrastructure as Code
Kris Buytaert
 
Run stuff, Deploy Stuff, Jax London 2017 Edition
Run stuff, Deploy Stuff, Jax London 2017 EditionRun stuff, Deploy Stuff, Jax London 2017 Edition
Run stuff, Deploy Stuff, Jax London 2017 Edition
Kris Buytaert
 
No, we can't do continuous delivery
No, we can't do continuous deliveryNo, we can't do continuous delivery
No, we can't do continuous delivery
Kris Buytaert
 
Continous Delivery of your Infrastructure
Continous Delivery of your InfrastructureContinous Delivery of your Infrastructure
Continous Delivery of your Infrastructure
Kris Buytaert
 
Closing the gap between Distros(devs) and their Users(ops)
Closing the gap between Distros(devs) and their Users(ops)Closing the gap between Distros(devs) and their Users(ops)
Closing the gap between Distros(devs) and their Users(ops)
Kris Buytaert
 
Devops is not about Tooling
Devops is not about ToolingDevops is not about Tooling
Devops is not about Tooling
Kris Buytaert
 
Continuous Delivery of (y)our infrastructure.
Continuous Delivery of (y)our infrastructure.Continuous Delivery of (y)our infrastructure.
Continuous Delivery of (y)our infrastructure.
Kris Buytaert
 
Devops For Drupal
Devops For DrupalDevops For Drupal
Devops For Drupal
Kris Buytaert
 

More Related Content

What's hot

What's hot (20)

Devops is dead, Long Live Devops
Devops is dead, Long Live DevopsDevops is dead, Long Live Devops
Devops is dead, Long Live Devops
 
Devops is a Security Requirement
Devops is a Security RequirementDevops is a Security Requirement
Devops is a Security Requirement
 
The Return of the Dull Stack Engineer
The Return of the Dull Stack EngineerThe Return of the Dull Stack Engineer
The Return of the Dull Stack Engineer
 
Continuous Infrastructure First
Continuous Infrastructure FirstContinuous Infrastructure First
Continuous Infrastructure First
 
GitOps , done Right
GitOps , done RightGitOps , done Right
GitOps , done Right
 
Nightmare on Docker street
Nightmare on Docker streetNightmare on Docker street
Nightmare on Docker street
 
Migrating to Puppet 5
Migrating to Puppet 5Migrating to Puppet 5
Migrating to Puppet 5
 
Dev secops opsec, devsec, devops ?
Dev secops opsec, devsec, devops ?Dev secops opsec, devsec, devops ?
Dev secops opsec, devsec, devops ?
 
Docker is killing your #devops Efforts
Docker is killing your #devops EffortsDocker is killing your #devops Efforts
Docker is killing your #devops Efforts
 
From MonitoringSucks to Monitoring Love , 2016 Edition
From MonitoringSucks to Monitoring Love , 2016 EditionFrom MonitoringSucks to Monitoring Love , 2016 Edition
From MonitoringSucks to Monitoring Love , 2016 Edition
 
Can we fix dev-oops ?
Can we fix dev-oops ?Can we fix dev-oops ?
Can we fix dev-oops ?
 
Groovy there's a docker in my application pipeline
Groovy there's a docker in my application pipelineGroovy there's a docker in my application pipeline
Groovy there's a docker in my application pipeline
 
Continuous Infrastructure First
Continuous Infrastructure FirstContinuous Infrastructure First
Continuous Infrastructure First
 
The influence of "Distributed platforms" on #devops
The influence of "Distributed platforms" on #devopsThe influence of "Distributed platforms" on #devops
The influence of "Distributed platforms" on #devops
 
On the Importance of Infrastructure as Code
On the Importance of Infrastructure as CodeOn the Importance of Infrastructure as Code
On the Importance of Infrastructure as Code
 
Run stuff, Deploy Stuff, Jax London 2017 Edition
Run stuff, Deploy Stuff, Jax London 2017 EditionRun stuff, Deploy Stuff, Jax London 2017 Edition
Run stuff, Deploy Stuff, Jax London 2017 Edition
 
No, we can't do continuous delivery
No, we can't do continuous deliveryNo, we can't do continuous delivery
No, we can't do continuous delivery
 
Continous Delivery of your Infrastructure
Continous Delivery of your InfrastructureContinous Delivery of your Infrastructure
Continous Delivery of your Infrastructure
 
Closing the gap between Distros(devs) and their Users(ops)
Closing the gap between Distros(devs) and their Users(ops)Closing the gap between Distros(devs) and their Users(ops)
Closing the gap between Distros(devs) and their Users(ops)
 
Devops is not about Tooling
Devops is not about ToolingDevops is not about Tooling
Devops is not about Tooling
 

Similar to Deploying your SaaS stack OnPrem

Make It Cooler: Using Decentralized Version Control
Make It Cooler: Using Decentralized Version ControlMake It Cooler: Using Decentralized Version Control
Make It Cooler: Using Decentralized Version Control
indiver
 
August Webinar - Water Cooler Talks: A Look into a Developer's Workbench
August Webinar - Water Cooler Talks: A Look into a Developer's WorkbenchAugust Webinar - Water Cooler Talks: A Look into a Developer's Workbench
August Webinar - Water Cooler Talks: A Look into a Developer's Workbench
Howard Greenberg
 

Similar to Deploying your SaaS stack OnPrem (20)

Continuous Delivery of (y)our infrastructure.
Continuous Delivery of (y)our infrastructure.Continuous Delivery of (y)our infrastructure.
Continuous Delivery of (y)our infrastructure.
 
Devops For Drupal
Devops For DrupalDevops For Drupal
Devops For Drupal
 
Deployment is the new build
Deployment is the new buildDeployment is the new build
Deployment is the new build
 
Make It Cooler: Using Decentralized Version Control
Make It Cooler: Using Decentralized Version ControlMake It Cooler: Using Decentralized Version Control
Make It Cooler: Using Decentralized Version Control
 
Building and Deploying MediaSalsa, a drupal-based DAM as a Service
Building and Deploying MediaSalsa, a drupal-based DAM as a ServiceBuilding and Deploying MediaSalsa, a drupal-based DAM as a Service
Building and Deploying MediaSalsa, a drupal-based DAM as a Service
 
Smarter deployments with octopus deploy
Smarter deployments with octopus deploySmarter deployments with octopus deploy
Smarter deployments with octopus deploy
 
Deploying software at Scale
Deploying software at ScaleDeploying software at Scale
Deploying software at Scale
 
OSMC 2017 | Groovy There is a Docker in my Dashing Pipeline by Kris Buytaert
OSMC 2017 | Groovy There is a Docker in my Dashing Pipeline by Kris Buytaert OSMC 2017 | Groovy There is a Docker in my Dashing Pipeline by Kris Buytaert
OSMC 2017 | Groovy There is a Docker in my Dashing Pipeline by Kris Buytaert
 
Devops Devops Devops, at Froscon
Devops Devops Devops, at FrosconDevops Devops Devops, at Froscon
Devops Devops Devops, at Froscon
 
Devops at Startup Weekend BXL
Devops at Startup Weekend BXLDevops at Startup Weekend BXL
Devops at Startup Weekend BXL
 
Devops, the future is here, it's just not evenly distributed yet.
Devops, the future is here, it's just not evenly distributed yet.Devops, the future is here, it's just not evenly distributed yet.
Devops, the future is here, it's just not evenly distributed yet.
 
Run stuff, Deploy Stuff
Run stuff, Deploy StuffRun stuff, Deploy Stuff
Run stuff, Deploy Stuff
 
August Webinar - Water Cooler Talks: A Look into a Developer's Workbench
August Webinar - Water Cooler Talks: A Look into a Developer's WorkbenchAugust Webinar - Water Cooler Talks: A Look into a Developer's Workbench
August Webinar - Water Cooler Talks: A Look into a Developer's Workbench
 
What we talk about when we talk about DevOps
What we talk about when we talk about DevOpsWhat we talk about when we talk about DevOps
What we talk about when we talk about DevOps
 
Picnic Software - Developing a flexible and scalable application
Picnic Software - Developing a flexible and scalable applicationPicnic Software - Developing a flexible and scalable application
Picnic Software - Developing a flexible and scalable application
 
Building and Deploying MediaSalsa, an Open Source DAM as Saas platform
Building and Deploying MediaSalsa, an Open Source DAM as Saas platformBuilding and Deploying MediaSalsa, an Open Source DAM as Saas platform
Building and Deploying MediaSalsa, an Open Source DAM as Saas platform
 
OSDC 2015: Kris Buytaert | From ConfigManagementSucks to ConfigManagementLove
OSDC 2015: Kris Buytaert | From ConfigManagementSucks to ConfigManagementLoveOSDC 2015: Kris Buytaert | From ConfigManagementSucks to ConfigManagementLove
OSDC 2015: Kris Buytaert | From ConfigManagementSucks to ConfigManagementLove
 
Staging and Deployment
Staging and DeploymentStaging and Deployment
Staging and Deployment
 
DCRUG: Achieving Development-Production Parity
DCRUG: Achieving Development-Production ParityDCRUG: Achieving Development-Production Parity
DCRUG: Achieving Development-Production Parity
 
Drupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsDrupal and Devops , the Survey Results
Drupal and Devops , the Survey Results
 

More from Kris Buytaert

More from Kris Buytaert (15)

Years of (not) learning , from devops to devoops
Years of (not) learning , from devops to devoopsYears of (not) learning , from devops to devoops
Years of (not) learning , from devops to devoops
 
Observability will not fix your Broken Monitoring ,Ignite
Observability will not fix your Broken Monitoring ,IgniteObservability will not fix your Broken Monitoring ,Ignite
Observability will not fix your Broken Monitoring ,Ignite
 
Infrastructure as Code Patterns
Infrastructure as Code PatternsInfrastructure as Code Patterns
Infrastructure as Code Patterns
 
From devoops to devops 13 years of (not) learning
From devoops to devops 13 years of (not) learningFrom devoops to devops 13 years of (not) learning
From devoops to devops 13 years of (not) learning
 
Pipeline all the Dashboards as Code
Pipeline all the Dashboards as CodePipeline all the Dashboards as Code
Pipeline all the Dashboards as Code
 
Help , My Datacenter is on fire
Help , My Datacenter is on fireHelp , My Datacenter is on fire
Help , My Datacenter is on fire
 
Devops is Dead, Long live Devops
Devops is Dead, Long live DevopsDevops is Dead, Long live Devops
Devops is Dead, Long live Devops
 
10 years of #devopsdays, but what have we really learned ?
10 years of #devopsdays, but what have we really learned ? 10 years of #devopsdays, but what have we really learned ?
10 years of #devopsdays, but what have we really learned ?
 
Is there a Future for devops ?
Is there a Future for devops ? Is there a Future for devops ?
Is there a Future for devops ?
 
10 Years of #devopsdays weirdness
10 Years of #devopsdays weirdness10 Years of #devopsdays weirdness
10 Years of #devopsdays weirdness
 
ADDO 2019: Looking back at over 10 years of Devops
ADDO 2019: Looking back at over 10 years of DevopsADDO 2019: Looking back at over 10 years of Devops
ADDO 2019: Looking back at over 10 years of Devops
 
Continuous Infrastructure First Ignite Edition
Continuous Infrastructure First Ignite EditionContinuous Infrastructure First Ignite Edition
Continuous Infrastructure First Ignite Edition
 
Looking back at 5 years of #cfgmgmtcamp
Looking back at 5 years of #cfgmgmtcampLooking back at 5 years of #cfgmgmtcamp
Looking back at 5 years of #cfgmgmtcamp
 
Looking back at 7.5 years of Devopsdays , DOd PDX
Looking back at 7.5 years of Devopsdays , DOd PDXLooking back at 7.5 years of Devopsdays , DOd PDX
Looking back at 7.5 years of Devopsdays , DOd PDX
 
Devopsdays Amsterdam 2017 Keynote, looking back at 5 years of AMS
Devopsdays Amsterdam 2017 Keynote, looking back at 5 years of AMSDevopsdays Amsterdam 2017 Keynote, looking back at 5 years of AMS
Devopsdays Amsterdam 2017 Keynote, looking back at 5 years of AMS
 

Recently uploaded

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

Deploying your SaaS stack OnPrem

  • 1. Building and Deploying a Saas platform On Prem Kris Buytaert @krisbuytaert Slides by Michel van de Ven and Julien Pivotto
  • 2. Kris BuytaertKris Buytaert ● I used to be a Dev,I used to be a Dev, ● Then Became an OpThen Became an Op ● Chief Trolling Officer and Open SourceChief Trolling Officer and Open Source Consultant @inuits.euConsultant @inuits.eu ● Everything is an effing DNS ProblemEverything is an effing DNS Problem ● Building Clouds since before the bookstoreBuilding Clouds since before the bookstore ● Some books, some papers, some blogsSome books, some papers, some blogs ● Evangelizing devopsEvangelizing devops
  • 3. Inuits ● Inuits is an Open Source company • We contribute backWe contribute back ● +85 people in 4 countries (BE, NL, UA,CZ) ● One language: English ● We offer • ConsultingConsulting • DevelopmentDevelopment • DevOopsDevOops • Ops ..Ops .. • and multiple niche Saas Platformsand multiple niche Saas Platforms
  • 5. MediaSalsa infrastructure (simplified) ● For each environment (DTAP) • Backends: Core service (MediaMosa)Backends: Core service (MediaMosa) • Frontends: OptionalFrontends: Optional • Web serversWeb servers • Database serversDatabase servers • Solr serversSolr servers • Transcoding serversTranscoding servers • Streaming Servers ..Streaming Servers .. • ……..
  • 7. Puppet Puppet automates all the things → mcollective orchestrates all the things
  • 8. CD ● Continuous Delivery vs Continuous Deployment • ““Continuous Delivery doesn't mean every change is deployed toContinuous Delivery doesn't mean every change is deployed to production ASAP. It means every change is proven to be deployable atproduction ASAP. It means every change is proven to be deployable at any time” (@ccaum)any time” (@ccaum) ● Puppet code • Deployed to dev environmentDeployed to dev environment • Same puppet code for each environmentSame puppet code for each environment • User-triggered deployments to UAT & ProdUser-triggered deployments to UAT & Prod • Feature flags in Puppet code per environment (switchable architecture)Feature flags in Puppet code per environment (switchable architecture) ● Application code • Continuous integration in devContinuous integration in dev • Continously deploy to UATContinously deploy to UAT • Continuously deploy on our prod stackContinuously deploy on our prod stack • Continuously wait for customer permission on PremContinuously wait for customer permission on Prem
  • 9. Testing ● Developers test a lot, but • The tests don’t workThe tests don’t work • It works on my machineIt works on my machine™™ • Wrong platformWrong platform • Wrong PHP versionWrong PHP version Fixed now, thanks to Jenkins!Fixed now, thanks to Jenkins! Fixed now, thanks to JenkinsFixed now, thanks to Jenkins JobDSL / Pipeline as CodeJobDSL / Pipeline as Code
  • 10. Version Control ● Git ● Code is under revision control • Prefer small commitsPrefer small commits • Trunk based developmentTrunk based development • Branches are considered EVILBranches are considered EVIL • Release management = Git submodulesRelease management = Git submodules ● Infrastructure as code → git / hiera
  • 11. Using OS packaging system ● Consistency, security, dependencies ● Uniquely identify where files are coming from ● Source repo may not be reachable ● Little overhead when you automate ● Configuration does not belong in a package ● PCS Pattern
  • 13. Pipelines ● A collection of jobs ● Run in sequence ● Start on checkout, end on deployment ● From the developers’ side: → Git push ← Mail with changes + link to deploy
  • 15. Scaling PipelinesScaling Pipelines ● Create a Pipeline,Create a Pipeline, ● For job in PipelineFor job in Pipeline • Create new Job Based on OldJobCreate new Job Based on OldJob ● Update One JobUpdate One Job ● Never refactor the restNever refactor the rest
  • 17. Jenkins Job DSLJenkins Job DSL ● GroovyGroovy ● FlexibleFlexible ● Well SupportedWell Supported ● Suitable for more complex PipelinesSuitable for more complex Pipelines https://jenkinsci.github.io/job-dsl-https://jenkinsci.github.io/job-dsl- plugin/plugin/
  • 18. SeedjobsSeedjobs ● GroovyGroovy ● GitGit ● Rebuild jobs on commitRebuild jobs on commit ● Projects in foldersProjects in folders
  • 19. Same Pipelines, Tools, Patterns are used by both devs and ops
  • 21. Icinga ● Monitor everything • vhostsvhosts • databasesdatabases • cronjobscronjobs • unit test suitesunit test suites ● Automated using Puppet • Exported resources / Stored configsExported resources / Stored configs ● If it is deployed it monitored
  • 22. Logstash ● Collect all the logs • Drupal logsDrupal logs • Apache logsApache logs • Deployment logsDeployment logs • System logsSystem logs ● Interprete, filter and correlate them ● Logstash, ElasticSearch, Kibana, statsd, Graphite, Grafana
  • 23. Collectd+Graphite+Grafana ● Measure all the things • cpu/memcpu/mem • databasesdatabases • Application metricsApplication metrics • Derived from logsDerived from logs • Business MetricsBusiness Metrics
  • 25. Open Source ● Mediamosa is Fully Open Source ● Lots of the PuppetCode to deploy it is ● Our passwords etc aren't
  • 26. e.g MediaSalsa Deployments ● Initially • 1 instance Academic usage @SurfNet1 instance Academic usage @SurfNet • 1 Instance Commercial DC for non-edu1 Instance Commercial DC for non-edu ● Today • 2 academic instances2 academic instances • 1 commercial Saas instance1 commercial Saas instance • 2 on prem deployments2 on prem deployments
  • 27. Why multiple Deployments ● “Security” • Academic Customer wanted a private tenant for securityAcademic Customer wanted a private tenant for security and privacyand privacy ● Initial hardware investement done already • Public Tender , $customer bought huge amount of storagePublic Tender , $customer bought huge amount of storage • Saas solution charges per TBSaas solution charges per TB • Asked for custom manual deploymentAsked for custom manual deployment ● CIO’s still don’t believe in Cloud/SAAS (2017 !!!!)
  • 28. Saas vs OnPrem We have automated everything, Infrastructure as Code , Pipeline as Code, Continuous delivery , so deploying this stack another time should be trivial !!
  • 29. WRONG
  • 30. Biased Automation ● Works in our infra , our constraints, our expectations ● We expect to have access to our infra • Puppet, monitoring, metrics, repos , jenkins, dnsPuppet, monitoring, metrics, repos , jenkins, dns
  • 31. VM Provisioning ● Different Technologies • Open vs ProprietaryOpen vs Proprietary • Guess which one is more problematicGuess which one is more problematic ● No access to Internal repositories • (Pulp Mirrors)(Pulp Mirrors) ● Network topologies ● Having to ask to reboot a host ● Having to ask to grow a VM
  • 32. Security ● IPSec links to all stacks • Our own network complexity has grown exponentiallyOur own network complexity has grown exponentially • Overlapping networksOverlapping networks • Introducing BGP etcIntroducing BGP etc ● Our network = Trusted ● Their network = Hostile • Different approach in host vs network based firewallingDifferent approach in host vs network based firewalling ● User management • Only our accounts in our stack , our ldapOnly our accounts in our stack , our ldap • They want accountsThey want accounts
  • 33. Variants ● We don’t want exceptions ● They do want exceptions ● Old purchasing mentality • Custom FeaturesCustom Features • Additional ComponentsAdditional Components • It’s “Their” stackIt’s “Their” stack ● Exceptions need to be codified in our infra
  • 34. Continuous Deployment Delivery ● Deployment isn’t our decision anymore ● Back to fixed deployment windows :( ● Coordination with $customer on when to deploy ● Even for Security Fixes ● For every single instance (except the public SAAS one)
  • 35. Extreme Cost Difference ● The effort to run 5 stacks in your own infrastructure within your team is smaller than running 1 additional stack on prem at a customer ● Your pragmatic approach does not fit their infrastructure ● You will need to implement features (security/ storage support) that you do not need for your SAAS platform. ● Less movement room to fix stuff . • e.g no “freely” available extra resources disk / memory / cpue.g no “freely” available extra resources disk / memory / cpu • More complex solutions (e.g DBA work..)More complex solutions (e.g DBA work..)
  • 36. It could have been worse ● We are an Open Source company ● All of our Choices are Open Source by default • We could deploy full stacks On PremWe could deploy full stacks On Prem • Including metrics, log analytics and monitoringIncluding metrics, log analytics and monitoring • We had no external dependenciesWe had no external dependencies • No additional license costsNo additional license costs
  • 37. If you can choose .. don’t ...don’t ...
  • 38. ContactContact Kris Buytaert Kris.Buytaert@inuits.euKris Buytaert Kris.Buytaert@inuits.eu Further ReadingFurther Reading @krisbuytaert@krisbuytaert http://www.krisbuytaert.be/blog/http://www.krisbuytaert.be/blog/ http://www.inuits.eu/http://www.inuits.eu/ Inuits.euInuits.eu Essensteenweg 31Essensteenweg 31 BrasschaatBrasschaat BelgiumBelgium 891.514.231891.514.231 +32 475 961221+32 475 961221