3. Kris BuytaertKris Buytaert
● I used to be a Dev,I used to be a Dev,
● Then Became an OpThen Became an Op
● CTO and Open Source ConsultantCTO and Open Source Consultant
@@inuits.euinuits.eu
● Everything is a freaking DNSEverything is a freaking DNS
ProblemProblem
● Evangelizing devopsEvangelizing devops
● Organiser of #devopsdays,Organiser of #devopsdays,
#cfgmgmtcamp, #loadays, ….#cfgmgmtcamp, #loadays, ….
4. Today's Plan:Today's Plan:
● Opening some eyesOpening some eyes
● Reusing 8 year old slidesReusing 8 year old slides
6. A global movement to improve theA global movement to improve the
quality of software delivery leveragingquality of software delivery leveraging
Open Source experience, started in GentOpen Source experience, started in Gent
in 2009in 2009
7. Because the old days:Because the old days:
● ““Put this Code Live, here's a tarball” NOW!Put this Code Live, here's a tarball” NOW!
● What dependencies ?What dependencies ?
● No machines available ?No machines available ?
● What database ?What database ?
● Security ?Security ?
● High Availability ?High Availability ?
● Scalability ?Scalability ?
● My computer can't install this ?My computer can't install this ?
9. This new 'D' hypeThis new 'D' hype
● New kid on the blockNew kid on the block
● Vagrant-lxc with a nice cliVagrant-lxc with a nice cli
● The Ultimate “devops tool”The Ultimate “devops tool”
● ““Unseen” growthUnseen” growth
● Docker is the new cool thing to doDocker is the new cool thing to do
14. openMosixopenMosix (+/- 2001-2005)(+/- 2001-2005)
● 2.4 Kernel patch,2.4 Kernel patch,
● Loadbalance multiple similar processesLoadbalance multiple similar processes
● Both short (compilations) and longlivedBoth short (compilations) and longlived
(calculations) processes(calculations) processes
● Parts of processes migrated to other nodesParts of processes migrated to other nodes
● OMFS allowed identical access to data from allOMFS allowed identical access to data from all
nodesnodes
15. openMosix LimitationsopenMosix Limitations
● shared memoryshared memory
•
Limited type of applications could migrateLimited type of applications could migrate
•
Patches available but not successfulPatches available but not successful
● Filesystem accessFilesystem access
oMFS : unstable => removedoMFS : unstable => removed
16. Lessons from openMosixLessons from openMosix
● Applications need to be adaptedApplications need to be adapted
● Files need to be accessible (oMFS)Files need to be accessible (oMFS)
● Huge gap between developers and consumersHuge gap between developers and consumers
=> Limited working use cases=> Limited working use cases
17. Linux-HALinux-HA (2005- now)(2005- now)
● Hearbeat, Heartbeat v2, Pacemaker , CorosyncHearbeat, Heartbeat v2, Pacemaker , Corosync
● Define resource (OCF)Define resource (OCF)
● Define constraints, clones, colocation, …Define constraints, clones, colocation, …
● Long running services that should not stopLong running services that should not stop
18. Working with developersWorking with developers
● State vs StatelessState vs Stateless
•
Most applications have state somewhereMost applications have state somewhere
•
Discuss how to share/access stateDiscuss how to share/access state
● Data accessData access
•
Local filesystem is kingLocal filesystem is king
•
We needed distributed / shared filesystemsWe needed distributed / shared filesystems
● HealthHealth
● MetricsMetrics
19. Lessons from Linux-HALessons from Linux-HA
● Applications need to be adaptedApplications need to be adapted
● Files need to be accessible (shared/distributedFiles need to be accessible (shared/distributed
FS)FS)
● Monitoring strategy needs changeMonitoring strategy needs change
● Good collaboration between developers andGood collaboration between developers and
ops folksops folks
=> Many general purpose use cases=> Many general purpose use cases
● Works better with an Open Source MindsetWorks better with an Open Source Mindset
20. Cloud Adoption is (s)lowCloud Adoption is (s)low
● Enterprises are afraid of cloudEnterprises are afraid of cloud
•
Security, Cost, Control, Stability, (insert moreSecurity, Cost, Control, Stability, (insert more
fud here)fud here)
● ““Private cloud” will solve thisPrivate cloud” will solve this
● Please fill in 4 word documents for for each VMPlease fill in 4 word documents for for each VM
you wantyou want
21. Failed (Private) CloudFailed (Private) Cloud
ProjectsProjects● Identical copies of Bare Metal or vm's movedIdentical copies of Bare Metal or vm's moved
to the cloudto the cloud
● No config managementNo config management
● No monitoringNo monitoring
● No resilienceNo resilience
● No API usageNo API usage
22. Why ?Why ?
● I want a VMI want a VM
•
Please fill in these 4 formsPlease fill in these 4 forms
•
Wait 5 weeksWait 5 weeks
● RepeatRepeat
IT Departments have not adapted,IT Departments have not adapted,
'Shadow'-IT is winning'Shadow'-IT is winning
24. A Enterprise ContainerA Enterprise Container
● No different from aNo different from a
full vmfull vm
● Multiple servicesMultiple services
running in onerunning in one
containercontainer
● Ssh is the defaultSsh is the default
connectionconnection
26. Docker is a Package managerDocker is a Package manager
28. These DaysThese Days
● ““Put this Code Live, here's a DockerPut this Code Live, here's a Docker
Container ”Container ”
● No machines available ?No machines available ?
● What database ? Where to store theWhat database ? Where to store the
data ?data ?
● Security ? What distro is this even ?Security ? What distro is this even ?
Bad Cows ?Bad Cows ?
● How do we monitor his ?How do we monitor his ?
● Backups ?Backups ?
● How did you build this ?How did you build this ?
30. 11 days into operations11 days into operations
● ““Put this Code Live, here's Dockerfile”Put this Code Live, here's Dockerfile”
● What corporate proxy ?What corporate proxy ?
● Oh I missed 2 other containersOh I missed 2 other containers
● Security ? What distro is this even ?Security ? What distro is this even ?
Bad Cows ?Bad Cows ?
● What do you mean “We are a RHELWhat do you mean “We are a RHEL
shop ?”shop ?”
31. Closing the gaps between devClosing the gaps between dev
and ops,and ops, AGAIN !!AGAIN !!
● Where do your containers come from ?Where do your containers come from ?
● Who build it ?Who build it ?
● Can you rebuild it ?Can you rebuild it ?
● Do you even need a containerDo you even need a container
● How do you build the hosts that run theHow do you build the hosts that run the
containers ?containers ?
● Infrastructure as code ++Infrastructure as code ++
33. Image Build by devs,Image Build by devs,
maintained by nobodymaintained by nobody
34. Can you ?Can you ?
● When GitHub is down ?When GitHub is down ?
● When rubygems.org isWhen rubygems.org is
down ?down ?
● When someone removesWhen someone removes
a Node.js library ?a Node.js library ?
● Fix critical SecurityFix critical Security
Issues ?Issues ?
● Can your business suriveCan your business surive
if you answer NO toif you answer NO to
these questions ?these questions ?
36. Dev vs ProdDev vs Prod
● 1 local dev machine1 local dev machine
● 1 local application1 local application
● A clusterA cluster
•
SwarmSwarm
•
KuberenetesKuberenetes
•
MesosMesos
•
NomadNomad
● Other ApplicationsOther Applications
37. Dev vs ProdDev vs Prod
● Localhost :8081Localhost :8081 ● HttpsHttps
● DnsDns
● IngressIngress
● LoadBalancingLoadBalancing
● Service DiscoveryService Discovery
● Or Vendor Lock InOr Vendor Lock In
38. Dev vs ProdDev vs Prod
● Local diskLocal disk
● No real dataNo real data
● Actual customer dataActual customer data
● Distributed StorageDistributed Storage
•
2017 is the year of2017 is the year of
NFS (again)NFS (again)
● Object StorageObject Storage
● BackupsBackups
39. Dev vs ProdDev vs Prod
● Random image fromRandom image from
the internetthe internet
+ Some local files+ Some local files
● CI PipelineCI Pipeline
● Image RegistryImage Registry
● Security ScanningSecurity Scanning
40. Dev vs ProdDev vs Prod
● Works on myWorks on my
machinemachine
● docker pull yolodocker pull yolo
● MonitoringMonitoring
● MetricsMetrics
● SecuritySecurity
41. ● I love docker as aI love docker as a
technologytechnology
● I hate that it too oftenI hate that it too often
put us back 5 yearsput us back 5 years
with regards towith regards to
Culture adoptionCulture adoption
● Docker is an easyDocker is an easy
victim,victim,
● It's still mostly aboutIt's still mostly about
CultureCulture
It's still aboutIt's still about
collaborationcollaboration