From ConfigManagementSucks to
I love ConfigManagement
Kris Buytaert
OSDC 2015
@krisbuytaert

Kris BuytaertKris Buytaert
● In the 90'ies I used to be a Dev ,In the 90'ies I used to be a Dev ,
● Then Became an OpThen Became an Op
● Chief Trolling Officer and Open SourceChief Trolling Officer and Open Source
Consultant @inuits.euConsultant @inuits.eu
● Everything is an effing DNS ProblemEverything is an effing DNS Problem
● Building Clouds since before the bookstoreBuilding Clouds since before the bookstore
● Some books, some papers, some blogsSome books, some papers, some blogs
● Evangelizing devopsEvangelizing devops

#devops=~C(L)AMS#devops=~C(L)AMS
● CultureCulture
● (Lean)(Lean)
● AutomationAutomation
•
PackagingPackaging
•
IACIAC
● Monitoring and MeasurementMonitoring and Measurement
● SharingSharing
Damon Edwards and John WillisDamon Edwards and John Willis
Gene KimGene Kim

This talkThis talk
Part 3 of what should have been a 3 part series.Part 3 of what should have been a 3 part series.
Part 4 is about CulturePart 4 is about Culture

Why we study history ?Why we study history ?
● BecauseBecause I`m a grumpy old frustrated sysadminI`m a grumpy old frustrated sysadmin
● Because IBecause I`m an old opiniated guy`m an old opiniated guy
● Because history repeatsBecause history repeats
● We need to learn from our mistakesWe need to learn from our mistakes

Deploying an InfrastructureDeploying an Infrastructure
● 1996 : Manual Installations , manually copying1996 : Manual Installations , manually copying
around config files and making changesaround config files and making changes
● 2001 : Mondo rescue2001 : Mondo rescue (reproducable single instances)(reproducable single instances)
● 2003 : SystemImager2003 : SystemImager
•
Reproducable Infrastructure , withReproducable Infrastructure , with
“OVERRIDES”“OVERRIDES”
•
Fast Multicast Image deploymentsFast Multicast Image deployments
•
Image Sprawl (thank you VMware)Image Sprawl (thank you VMware)

Deploying an InfrastructureDeploying an Infrastructure
● 1996 : Manual Installations1996 : Manual Installations
● 2001 : Mondo rescue2001 : Mondo rescue
● 2003 : SystemImager2003 : SystemImager
● 2005 :2005 : Kickstart / FAIKickstart / FAI
•
Dreaming of Jeos + IAC (Cfengine)Dreaming of Jeos + IAC (Cfengine)

Deploying an InfrastructureDeploying an Infrastructure
● 1996 : Manual Installations1996 : Manual Installations
● 2001 : Mondo rescue2001 : Mondo rescue
● 2003 : SystemImager2003 : SystemImager
● 2005 : Dreaming of Jeos + IAC2005 : Dreaming of Jeos + IAC
● 2008 : Actual JeOS + IAC2008 : Actual JeOS + IAC
● 2010 : Vagrant for development2010 : Vagrant for development

For years we've tolerated humans to to makeFor years we've tolerated humans to to make
structural manual changes to the infrastructurestructural manual changes to the infrastructure
our critical applications are running on.our critical applications are running on.
Whilst at the same time demanding those criticalWhilst at the same time demanding those critical
applications to go trough rigid test scenarios.applications to go trough rigid test scenarios.
Who let this happen ?Who let this happen ?

Infrastructure as CodeInfrastructure as Code
● Treat configuration automation as codeTreat configuration automation as code
● Development best practicesDevelopment best practices
•
Model your infrastructureModel your infrastructure
•
Version your cookbooks / manifestsVersion your cookbooks / manifests
•
Test your cookbooks/ manifestsTest your cookbooks/ manifests
•
Dev/ test /uat / prod for your infraDev/ test /uat / prod for your infra
● Model your infrastructureModel your infrastructure
● A working service = automated ( Application Code + InfrastructureA working service = automated ( Application Code + Infrastructure
Code + Security + Monitoring )Code + Security + Monitoring )
● Think Puppet, Chef, Cfengine, ....Think Puppet, Chef, Cfengine, ....

The Learning CurvesThe Learning Curves

for $tool in “bcfg2 lcfg cfengine puppet chef “for $tool in “bcfg2 lcfg cfengine puppet chef “
$tool is user-friendly it's just picky about who its$tool is user-friendly it's just picky about who its
friends are.friends are.

I hate your languageI hate your language
● Ruby vs no rubyRuby vs no ruby
● I like pythonI like python

Development is hardDevelopment is hard
● OrderingOrdering
● LoopsLoops
● DependenciesDependencies

Oldschool people reacting to changeOldschool people reacting to change

Ops reaction :Ops reaction :
● You want me to write code ?You want me to write code ?
● Yes shell , perl, python, ..Yes shell , perl, python, ..

Ops Reaction:Ops Reaction:
● You want me to use git ?You want me to use git ?
● Yes it's 2015 .. use git or be looking for a newYes it's 2015 .. use git or be looking for a new
job.job.

You'd think the previous conversation tookYou'd think the previous conversation took
place in in 2005.place in in 2005.
Sadly it didn't , it still happening in 2015Sadly it didn't , it still happening in 2015

Ops reaction :Ops reaction :
● You want me write tests ?You want me write tests ?
● Yes .. as you are writing codeYes .. as you are writing code

Ops reaction :Ops reaction :
● You want me do to continous Integration ?You want me do to continous Integration ?
● Yes .. as you are developing softwareYes .. as you are developing software

Ops reaction :Ops reaction :
● You want me do to continous deployment ?You want me do to continous deployment ?
● Yes .. as you need to experience how to do it soYes .. as you need to experience how to do it so
you can assist the developers with their ownyou can assist the developers with their own
code base.code base.

A pipelineA pipeline
● Checkout codeCheckout code
● SyntaxSyntax
● StyleStyle
● Code CoverageCode Coverage
● TestsTests
● BuildBuild
● More TestsMore Tests
● PackagePackage
● Upload to RepoUpload to Repo
● Deploy on TestDeploy on Test
● Check PuppetrunsCheck Puppetruns
● CheckCheck IcingaIcinga
● Promote to UATPromote to UAT

Share the pain , same tools .. you now knowShare the pain , same tools .. you now know
much better how to support the devs..much better how to support the devs..

Great communities ?Great communities ?

““There is a module ... for that”There is a module ... for that”
● Which of the 60+ apache modules do youWhich of the 60+ apache modules do you
want ?want ?
● But it doesn't work on your distroBut it doesn't work on your distro
● But it starts the service while you want yourBut it starts the service while you want your
cluster soft to manage it.cluster soft to manage it.
● It doesn't use (the upstream) packagesIt doesn't use (the upstream) packages
● ......

If you tought datacenter automationIf you tought datacenter automation
was easy ..was easy ..

devops : a movement tricking operationsdevops : a movement tricking operations
people into writing code to automate theirpeople into writing code to automate their
infrastructure since 2007infrastructure since 2007

All I wanted was to put thisAll I wanted was to put this oneone server,server, oneone
application in production.application in production.
● We are talking datacenters .. it's never just oneWe are talking datacenters .. it's never just one
server , you need to have dev, test,server , you need to have dev, test,
acceptance, production platformsacceptance, production platforms
● HA, Scaleout ?HA, Scaleout ?

● Orchestration ? I need to have access to theOrchestration ? I need to have access to the
database before I can launch the applictiondatabase before I can launch the appliction
● That's a design errorThat's a design error

NoOps anno 2010NoOps anno 2010
● I've build this app and put it in production on myI've build this app and put it in production on my
favourite Saas,favourite Saas,
● THEIR ops people will run it for me under strictTHEIR ops people will run it for me under strict
limitationslimitations
●

Quiz :Quiz :
● I've build this app and wrapped it in aI've build this app and wrapped it in a
● I can run it everywereI can run it everywere
● Who ?Who ?

Quiz :Quiz :
● I've build this app and wrapped it in aI've build this app and wrapped it in a
● I can run it everywereI can run it everywere
● Sun Microsysystem Announcing Java in 1996Sun Microsysystem Announcing Java in 1996

Quiz :Quiz :
● I've build this app and wrapped it in aI've build this app and wrapped it in a
● I can run it everywereI can run it everywere
● Now I can choose what distro I want and put itNow I can choose what distro I want and put it
in productionin production
● Who ?Who ?

Quiz :Quiz :
● I've build this app and wrapped it in aI've build this app and wrapped it in a
● I can run it everywereI can run it everywere
● Now I can choose what distro I want and put itNow I can choose what distro I want and put it
in productionin production
● A docker fanboy in front of a room of senior opsA docker fanboy in front of a room of senior ops
people in early 2014people in early 2014

If all you know is docker, every whale looks like aIf all you know is docker, every whale looks like a
private cloudprivate cloud
Image Build by devs,Image Build by devs,
maintained by nobodymaintained by nobody

Closing the gaps between dev and opsClosing the gaps between dev and ops
● How do you even build a containerHow do you even build a container
● How do you build the hosts that run theHow do you build the hosts that run the
containers ?containers ?
● Infrastructure as code ++Infrastructure as code ++

I never hated Config Management in the firstI never hated Config Management in the first
place .. it was love at first sight ..place .. it was love at first sight ..

ContactContact
Kris BuytaertKris Buytaert
Kris.Buytaert@inuits.beKris.Buytaert@inuits.be
Further ReadingFurther Reading
@krisbuytaert@krisbuytaert
http://www.krisbuytaert.be/blog/http://www.krisbuytaert.be/blog/
http://www.inuits.be/http://www.inuits.be/
InuitsInuits
Duboistraat 50Duboistraat 50
2060 Antwerpen2060 Antwerpen
BelgiumBelgium
891.514.231891.514.231
+32 475 961221+32 475 961221