RackN, profile picture
Uploaded byRackN
PDF, PPTX9,765 views

Immutable Infrastructure & Rethinking Configuration - Interop 2019

The document discusses the concept of immutable infrastructure and its relevance in modern DevOps practices, particularly in light of automation and configuration management. It highlights the challenges of traditional mutable systems and advocates for pre-deployment configuration to simplify management and maintain system integrity. The presentation emphasizes using cloud-native lessons to optimize bare metal provisioning, suggesting various strategies for achieving immutability and enhancing deployment processes.

Embed presentation

Download as PDF, PPTX
Immutable Infrastructure Rethinking Configuration in the Age of Easy Redeployment RackN, Inc May, 2019 Note: Graphics mainly from http://pexels.com <<< Shift Left <<< https://u.rackn.io/interop2019
2 RackN, Inc. and Digital Rebar Provision Your Presenter …. Software for Dell “CloudEdge” Hyperscale Hardware effort Learned many DevOps lessons in the field then created first OpenStack installer: “Crowbar” 1) Operations is inconsistent, manual and heterogenous 2) Foundational automation makes many problems go away 3) “Apply, Rinse, Repeat” (aka Immutable Infrastructure) Founding Member, Chief Solutions Architect, and Community Evangelist Shane Gibson
3 RackN, Inc. and Digital Rebar Provision Your Presenter …. Software for Dell “CloudEdge” Hyperscale Hardware effort Learned many DevOps lessons in the field then created first OpenStack installer: “Crowbar” 1) Operations is inconsistent, manual and heterogenous 2) Foundational automation makes many problems go away 3) “Apply, Rinse, Repeat” (aka Immutable Infrastructure) Founding Member, Chief Solutions Architect, and Community Evangelist Shane Gibson But … really, who cares? Let's get to the fun stuff …
4 @rackngo #immutable Storytime! “Self-Bootstrapping Kubernetes” Kubecon in Nov 2017 we created this demo Simple “immutable” Idea: 1) In Memory Boot Machines 2) Install Docker 3) Elect Leader 4) Run Kubeadm on Leader 5) Run Kubeadm on Remainder But….it’s shockingly hard to maintain. Dependencies breaks the installation And they are constantly changing.
5 @rackngo #immutable Storytime! “Self-Bootstrapping Kubernetes” So, while it’s pretty cool, it’s not “real” immutability Presentation & Demo https://youtu.be/OowxF6GqK4I sad!
Why is configuration fragile?
Why is configuration fragile? mutation V
8 @rackngo #immutable But… I 💜 Infrastructure as Code?! Sorry. Mutability adds complexity Traditional “build-in place” approaches ● Have hidden dependency graphs ● Create variation between environments ● Are harder to “lock down” due to config AND OMG… updates and patches are even harder ● Idempotent operations are difficult ● Roll backward is next to impossible! ● Creating indeterminate state
9 @rackngo #immutable Traditional “build-in place” approaches ● Have hidden dependency graphs ● Create variation between environments ● Are harder to “lock down” due to config AND OMG… updates and patches are even harder ● Idempotent operations are difficult ● Roll backward is impossible ● Creating indeterminate state But… I 💜 Infrastructure as code?! Sorry. Mutability adds complexity Let’s lock it down!
What is Immutable Infrastructure?
What is Immutable Infrastructure? Pre-deploy configured V
12 @rackngo #immutable Traditional Deploy and Configure System is configured in situ from a least common denominator baseline. This can be “immutable-like” under the right conditions. We’ll come back to that... Delivery Pipeline Deployment Code Build Integrate Run Configure
13 @rackngo #immutable Shifting Configuration BEFORE Deployment In our ideal delivery pipeline, configuration is before deployment. Running systems are delivered as a complete runnable unit for deployment. Delivery Pipeline Deployment Code Build Integrate Run Configure
14 @rackngo #immutable Shifting Configuration BEFORE Deployment In reality, it’s very hard to create a distinct artifact for every running instance; instead, we create incremental versions. So we do some initialization of the reusable versioned instance. Cloud init is the most commonly known pattern for this. Delivery Pipeline Deployment Code Build Integrate Run Configure Initialize! V
Cloud Native Infrastructure CNIbook.info Justin Garrison & Kris Nova “Infrastructure as software” “Intent-Based Platform”
16 @rackngo #immutable Which Enables… Delegating Operations If you can make your artifacts immutable then you can delegate management of them to a platform like Kubernetes. Kubernetes does not configure infrastructure. It maintains state based on a manifest. StateManager (e.g.Kubernetes) Code Build Integrate Run Configure Delivery Pipeline
17 @rackngo #immutable Which Enables… Delegating Operations If you can make your artifacts immutable then you can delegate management of them to a platform like Kubernetes. Kubernetes does not configure infrastructure. It maintains state based on a manifest. StateManager (e.g.Kubernetes) Code Build Integrate Run Configure Delivery Pipeline Kubernetes? WTF! Is Immutable > K8s?
Immutable is a DevOps Pattern <<< Shift Left & Create/Delete
19 @rackngo #immutable The Problem Immutability <<< Shifting Left package server image provision server initial config
20 @rackngo #immutable The Problem Immutability <<< Shifting Left patch 1 package server image provision server initial config
21 @rackngo #immutable The Problem Immutability <<< Shifting Left patch 1 patch 2 package server image provision server initial config
22 @rackngo #immutable The Problem Immutability <<< Shifting Left patch 1 patch 2 the madness doesn't stop at patch 2! package server image provision server initial config
23 @rackngo #immutable The Problem Immutability <<< Shifting Left patch 1 patch 2 the madness doesn't stop at patch 2! What Madness? ● We have to maintain root access ● Patches assume system state ● Patches create dependency graphs ● Coordination? Should we halt work? ● Drift is inevitable! package server image provision server initial config
24 @rackngo #immutable The Problem Immutability <<< Shifting Left patch 1 patch 2 SAD !!package server image provision server initial config
25 @rackngo #immutable Apply cloud and container lessons to our Bare Metal … Immutability <<< Shifting Left package server image provision server initial config destroy!!
26 @rackngo #immutable Apply cloud and container lessons to our Bare Metal … Immutability <<< Shifting Left destroy!! destroy!!patch 1 package server image provision server initial config package server image provision server initial config
27 @rackngo #immutable Apply cloud and container lessons to our Bare Metal … Immutability <<< Shifting Left destroy!! destroy!!patch 1 depatch 2 package server image provision server initial config package server image provision server initial config package server image provision server initial config
28 @rackngo #immutable Apply cloud and container lessons to our Bare Metal … Immutability <<< Shifting Left destroy!! destroy!!patch 1 patch N depatch 2 package server image provision server initial config package server image provision server initial config package server image provision server initial config package server image provision server initial config
Cloud like behavior …
30 Immutable Provisioning systems treat infrastructure as a black box Cloud-like Integration and Staged Workflow Provisioning System Requested State Returned State REST API Event Hook
31 Cloud-like Integration and Staged Workflow Immutable Provisioning systems treat infrastructure as a black box Provision requests are for a system state with optional parameters. The intermediate changes to achieve the state are not exposed to the requester. Provisioning System Reset Join Install Config Test Requested State Returned State REST API Event Hook
32 Cloud-like Integration and Staged Workflow Immutable Provisioning systems treat infrastructure as a black box Provision requests are for a system state with optional parameters. The intermediate changes to achieve the state are not exposed to the requester. REMEMBER: Operators of the provisioning system require high transparency, stages and control. Provisioning System Reset Join Install Config Test Requested State Returned State REST API Event Hook No hidden operations!
Immutable Patterns 1) Baseline + Configuration 2) Live Boot + Configuration 3) Image Deploy
34 Provision 1: Baseline + Configuration Benefit: Easiest to achieve with current tools, Safer than Patching Challenge: Lots of Post-Configuration, Not Really “Immutable”, Slow Instead of relying on patches, rely on starting from a pristine image ResetBaseline Configure Run Additional Reference https://thenewstack.io/immutable-hardware-ops-hygiene-security-efficiency/
35 Provision 1: Baseline + Configuration Benefit: Easiest to achieve with current tools, Safer than Patching Challenge: Lots of Post-Configuration, Not Really “Immutable”, Slow Instead of relying on patches, rely on starting from a pristine image ResetBaseline Configure Run Additional Reference https://thenewstack.io/immutable-hardware-ops-hygiene-security-efficiency/ You must control ALL of your dependency chain !!!
36 Provision 1: Baseline + Configuration Benefit: Easiest to achieve with current tools, Safer than Patching Challenge: Lots of Post-Configuration, Not Really “Immutable”, Slow Instead of relying on patches, rely on starting from a pristine image ResetBaseline Configure Run Additional Reference https://thenewstack.io/immutable-hardware-ops-hygiene-security-efficiency/ ...every single (!!) package from the base OS on up ...
37 Benefit: Fast reset times, forces good behavior Challenge: Provisioning becomes critical path, still have dependency graph Like #1 but clean-up is simply a reboot. Favors smaller footprint O/S. 2: Live Boot + Configuration Provision RebootBaseline Configure Run
38 How much of OS, Packages, and Application stack is in your Live Boot image will determine how much work you have to do on dependency tracking and version lock down. 2: Live Boot + Configuration Provision RebootBaseline Configure Run
39 3: Image Deploy Benefit: Shorter time to ready, highly controlled (“shift left”), rollback Challenge: Harder to create and deploy images Image is deployed from source instead of Baseline + Configure Provision Deploy Image Run Provision Deploy Image Run
40 3: Image Deploy Benefit: Shorter time to ready, highly controlled (“shift left”), rollback Challenge: Harder to create and deploy images Image is deployed from single artifact instead of Baseline + Configure Provision Deploy Image Run Provision Deploy Image Run Initialize! V Initialize! V
41 So… Let’s talk Image Creation Ideally in an automation build process. You DO THE CONFIGURATION on a live system (so you still need configuration tools) and then capture the image into a portable format. Tools like Hashicorp Packer, Image Builder, WBIC or raw images are used to create source files (e.g. Root FS Tarball, Disk Image, AMI, OVS).
42 So… Let’s talk Image Creation Ideally in an automation build process. You DO THE CONFIGURATION on a live system (so you still need configuration tools) and then capture the image into a portable format. Tools like Hashicorp Packer, Image Builder, WBIC or raw images are used to create source files (e.g. Root FS Tarball, Disk Image, AMI, OVS). That sounds like a lot of work & really slow!
Yes, But… It’s faster, safer & more scalable.
44 Build Pipeline Immutable Demo Prep: Image is pre-created from reference system. Reference System
45 Build Pipeline Immutable Demo Prep: Image is pre-created from reference system. Reference System customize
46 Build Pipeline Immutable Demo Prep: Image is pre-created from reference system. Reference System Image Read customize
47 Deploy Pipeline Build Pipeline Immutable Demo Prep: Image is pre-created from reference system. Stage: Boot RAM image and write image to disk(s) Reference System Image Target System RAM BOOT Write Read customize
48 Deploy Pipeline Build Pipeline Immutable Demo Prep: Image is pre-created from reference system. Stage: Boot RAM image and write image to disk(s) Deploy: Reboot and run Reference System Image Target System RAM BOOT Target System RUNNING Write Run Read V Reboot Initialize!customize
49 Build Pipeline Deploy Pipeline Immutable Demo Hopefully (!!): You're pushing your images through a rigorous CI/CD pipeline before you Deploy !! Reference System Image Read customize
50 Build Pipeline Deploy Pipeline Immutable Demo Hopefully (!!): You're pushing your images through a rigorous CI/CD pipeline before you Deploy !! Reference System Image Read CI/CD Pipeline TEST !!
51 Build Pipeline Deploy Pipeline Immutable Demo Hopefully (!!): You're pushing your images through a rigorous CI/CD pipeline before you Deploy !! Reference System Image Read CI/CD Pipeline TEST !! FAIL ???
52 Build Pipeline Deploy Pipeline Immutable Demo Hopefully (!!): You're pushing your images through a rigorous CI/CD pipeline before you Deploy !! Reference System Image Target System RAM BOOT Write Read CI/CD Pipeline TEST !! Pass!
53 Build Pipeline Deploy Pipeline Immutable Demo Hopefully (!!): You're pushing your images through a rigorous CI/CD pipeline before you Deploy !! Reference System Image Target System RAM BOOT Target System RUNNING Write Run Read V Reboot Initialize! CI/CD Pipeline TEST !! Pass!
Thank you! Questions? Interested in IMMUTABLE METAL? It’s complicated, but we can get you there. Start at http://portal.rackn.io • Quickstart takes about 30 minutes • Use your own hardware, VirtualBox or Packet.net account – use “RACKN100” on Packet.net for credit

More Related Content

PDF
Immutable infrastructure:觀念與實作 (建議)
byWilliam Yeh
 
PDF
Operations: The Last Mile Problem For DevOps
byRundeck
 
PDF
Scaling Up Lookout
byLookout
 
PPTX
Chef vs Puppet vs Ansible vs Saltstack | Configuration Management Tools | Dev...
bySimplilearn
 
PDF
Java APIs - the missing manual
byHendrik Ebbers
 
PPTX
Oracle ravello overview
bywk c
 
PDF
Atlassian Summit 2011 Day 2 Keynote
byAtlassian
 
PPTX
Large scale automation with jenkins
byKohsuke Kawaguchi
 
Immutable infrastructure:觀念與實作 (建議)
byWilliam Yeh
 
Operations: The Last Mile Problem For DevOps
byRundeck
 
Scaling Up Lookout
byLookout
 
Chef vs Puppet vs Ansible vs Saltstack | Configuration Management Tools | Dev...
bySimplilearn
 
Java APIs - the missing manual
byHendrik Ebbers
 
Oracle ravello overview
bywk c
 
Atlassian Summit 2011 Day 2 Keynote
byAtlassian
 
Large scale automation with jenkins
byKohsuke Kawaguchi
 

What's hot

PPTX
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
byDocker, Inc.
 
PDF
Microservices: What's Missing - O'Reilly Software Architecture New York
byAdrian Cockcroft
 
PPTX
Getting started with Jenkins
byEdureka!
 
PDF
Puppet devops wdec
byWojciech Dec
 
PDF
Spring Boot & Actuators
byVMware Tanzu
 
PDF
Tap into the power of slaves with Jenkins by Kohsuke Kawaguchi
byZeroTurnaround
 
PDF
Git Power Routines
byNicola Paolucci
 
PDF
Spring - CDI Interop
byRay Ploski
 
PDF
Code Reviews vs. Pull Requests
byAtlassian
 
PDF
Choosing the Right Framework for Running Docker Containers in Prod
byJosh Padnick
 
PPTX
Production Grade Kubernetes Applications
byNarayanan Krishnamurthy
 
PDF
From ci to cd - LavaJug 2012
byHenri Gomez
 
PDF
Akka Made Our Day
byDaniel Sawano
 
PDF
Continuous Delivery with Grails and CloudBees
byMarco Vermeulen
 
PPTX
Automated Deployment Pipeline using Jenkins, Puppet, Mcollective and AWS
byBamdad Dashtban
 
PDF
Making the most of your gradle build - vJUG24 2017
byAndres Almiray
 
PDF
Making the most of your gradle build - BaselOne 2017
byAndres Almiray
 
KEY
Database version control DPC version
byHarrie Verveer
 
PDF
At Your Service: Using Jenkins in Operations
byMandi Walls
 
PDF
How To Be a Java Automated Testing Superstar
byVMware Tanzu
 
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
byDocker, Inc.
 
Microservices: What's Missing - O'Reilly Software Architecture New York
byAdrian Cockcroft
 
Getting started with Jenkins
byEdureka!
 
Puppet devops wdec
byWojciech Dec
 
Spring Boot & Actuators
byVMware Tanzu
 
Tap into the power of slaves with Jenkins by Kohsuke Kawaguchi
byZeroTurnaround
 
Git Power Routines
byNicola Paolucci
 
Spring - CDI Interop
byRay Ploski
 
Code Reviews vs. Pull Requests
byAtlassian
 
Choosing the Right Framework for Running Docker Containers in Prod
byJosh Padnick
 
Production Grade Kubernetes Applications
byNarayanan Krishnamurthy
 
From ci to cd - LavaJug 2012
byHenri Gomez
 
Akka Made Our Day
byDaniel Sawano
 
Continuous Delivery with Grails and CloudBees
byMarco Vermeulen
 
Automated Deployment Pipeline using Jenkins, Puppet, Mcollective and AWS
byBamdad Dashtban
 
Making the most of your gradle build - vJUG24 2017
byAndres Almiray
 
Making the most of your gradle build - BaselOne 2017
byAndres Almiray
 
Database version control DPC version
byHarrie Verveer
 
At Your Service: Using Jenkins in Operations
byMandi Walls
 
How To Be a Java Automated Testing Superstar
byVMware Tanzu
 

Similar to Immutable Infrastructure & Rethinking Configuration - Interop 2019

PPTX
Immutable infrastructure tsap_v2
byVolodymyr Tsap
 
PDF
SRECon 18 Immutable Infrastructure
byRackN
 
PDF
#SREcon Immutable Infrastructure: rethinking configuration mgmt
byrhirschfeld
 
PPTX
Infrastructure as Code - Getting Started, Concepts & Tools
byLior Kamrat
 
PPTX
Immutable infrastructure isn’t the answer
bySam Bashton
 
PPTX
Immutable infrastructure
bykashifrazzaqui
 
PDF
Evolution of unix environments and the road to faster deployments
byRakuten Group, Inc.
 
ODP
FTTH Factory — an illustration of the "Everything as Code" paradigm
byRaphaël PINSON
 
PDF
Immutable infrastructure & Rethinking Configuration PREVIEW
byrhirschfeld
 
PDF
Immutable infrastructure & Rethinking Configuration
byRackN
 
PDF
Immutable infrastructure & Rethinking Configuration
byRackN
 
PDF
DevOps Days Kyiv 2019 -- Immutable everywhere // Sergii Marchenko
byMykola Marzhan
 
PDF
Immutable infrastructure - Plain Concepts DevOps day
byPlain Concepts
 
PDF
2023-09-28-AWS Las Palmas UG - Dynamic Anti-Frigile Systems.pdf
byAndrey Devyatkin
 
PDF
Immutable infrastructure with Docker and containers (GlueCon 2015)
byJérôme Petazzoni
 
PDF
DevOps Fest 2020. immutable infrastructure as code. True story.
byVlad Fedosov
 
PDF
Platform Clouds, Containers, Immutable Infrastructure Oh My!
byStuart Charlton
 
PDF
Immutable Infrastructure Security
byRicky Sanders
 
PPTX
EMC World 2016 - code.01 Everything as Code - How did we get here?
by{code}
 
PDF
SFScon19 - Marco Bizzantino - GitOps and Immutable Infrastructure
bySouth Tyrol Free Software Conference
 
Immutable infrastructure tsap_v2
byVolodymyr Tsap
 
SRECon 18 Immutable Infrastructure
byRackN
 
#SREcon Immutable Infrastructure: rethinking configuration mgmt
byrhirschfeld
 
Infrastructure as Code - Getting Started, Concepts & Tools
byLior Kamrat
 
Immutable infrastructure isn’t the answer
bySam Bashton
 
Immutable infrastructure
bykashifrazzaqui
 
Evolution of unix environments and the road to faster deployments
byRakuten Group, Inc.
 
FTTH Factory — an illustration of the "Everything as Code" paradigm
byRaphaël PINSON
 
Immutable infrastructure & Rethinking Configuration PREVIEW
byrhirschfeld
 
Immutable infrastructure & Rethinking Configuration
byRackN
 
Immutable infrastructure & Rethinking Configuration
byRackN
 
DevOps Days Kyiv 2019 -- Immutable everywhere // Sergii Marchenko
byMykola Marzhan
 
Immutable infrastructure - Plain Concepts DevOps day
byPlain Concepts
 
2023-09-28-AWS Las Palmas UG - Dynamic Anti-Frigile Systems.pdf
byAndrey Devyatkin
 
Immutable infrastructure with Docker and containers (GlueCon 2015)
byJérôme Petazzoni
 
DevOps Fest 2020. immutable infrastructure as code. True story.
byVlad Fedosov
 
Platform Clouds, Containers, Immutable Infrastructure Oh My!
byStuart Charlton
 
Immutable Infrastructure Security
byRicky Sanders
 
EMC World 2016 - code.01 Everything as Code - How did we get here?
by{code}
 
SFScon19 - Marco Bizzantino - GitOps and Immutable Infrastructure
bySouth Tyrol Free Software Conference
 

More from RackN

PDF
Digital Rebar Community Welcome Guide
byRackN
 
PDF
Immutable Kubernetes with Digital Rebar Provision
byRackN
 
PDF
DevOps vs SRE vs Cloud Native
byRackN
 
PDF
KubeCon 2017 Zero Touch Provision
byRackN
 
PDF
Data Center’s Last Mile: Zero Touch Metal Automation
byRackN
 
PDF
Composable Infrastructure Talk at Interop ITX 2018
byRackN
 
PDF
Immutable Deployment Hands-On Lab Interop ITX
byRackN
 
PDF
RackN Company Overview
byRackN
 
PDF
Operational Improvement Issues, Impacts and Solution from RackN
byRackN
 
Digital Rebar Community Welcome Guide
byRackN
 
Immutable Kubernetes with Digital Rebar Provision
byRackN
 
DevOps vs SRE vs Cloud Native
byRackN
 
KubeCon 2017 Zero Touch Provision
byRackN
 
Data Center’s Last Mile: Zero Touch Metal Automation
byRackN
 
Composable Infrastructure Talk at Interop ITX 2018
byRackN
 
Immutable Deployment Hands-On Lab Interop ITX
byRackN
 
RackN Company Overview
byRackN
 
Operational Improvement Issues, Impacts and Solution from RackN
byRackN
 

Recently uploaded

PPTX
Mastering SQL Server Replication: Types, Setup & Troubleshooting
byGeoPITS Global Pvt Ltd
 
PPTX
Code Like Bro -A guide for better Coding
byMadan Panthi
 
PDF
Azure DevOps Managed Services: Driving Speed, Security, and Business Growth
byjohncarterjn
 
PDF
apidays Australia 2025 | User Brainpower vs. AI Blind Spots in API Docs
byapidays
 
PDF
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
PPTX
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
PPTX
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
PDF
B2SMB SaaS Philosophy Lab: Simplicity vs Options
byAnton Shulke
 
PDF
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
PPT
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
PDF
Chapter 3 Cryptography and encryption techniques.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Introduction to Linux and Basic Commands
byiDev Semarang
 
PDF
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
PPTX
Advance Computer Architecture Lecture 4.pptx
byBottshikanBottshikan
 
PDF
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
PDF
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
PDF
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
PDF
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
PDF
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
DOCX
Mathematical reviewer gor mmw in theofern
byyeojlevantinojesalva
 
Mastering SQL Server Replication: Types, Setup & Troubleshooting
byGeoPITS Global Pvt Ltd
 
Code Like Bro -A guide for better Coding
byMadan Panthi
 
Azure DevOps Managed Services: Driving Speed, Security, and Business Growth
byjohncarterjn
 
apidays Australia 2025 | User Brainpower vs. AI Blind Spots in API Docs
byapidays
 
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
B2SMB SaaS Philosophy Lab: Simplicity vs Options
byAnton Shulke
 
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
Chapter 3 Cryptography and encryption techniques.pdf
byGetnet Tigabie Askale -(GM)
 
Introduction to Linux and Basic Commands
byiDev Semarang
 
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
Advance Computer Architecture Lecture 4.pptx
byBottshikanBottshikan
 
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
Mathematical reviewer gor mmw in theofern
byyeojlevantinojesalva
 

Immutable Infrastructure & Rethinking Configuration - Interop 2019

  • 1.
    Immutable Infrastructure Rethinking Configurationin the Age of Easy Redeployment RackN, Inc May, 2019 Note: Graphics mainly from http://pexels.com <<< Shift Left <<< https://u.rackn.io/interop2019
  • 2.
    2 RackN, Inc. andDigital Rebar Provision Your Presenter …. Software for Dell “CloudEdge” Hyperscale Hardware effort Learned many DevOps lessons in the field then created first OpenStack installer: “Crowbar” 1) Operations is inconsistent, manual and heterogenous 2) Foundational automation makes many problems go away 3) “Apply, Rinse, Repeat” (aka Immutable Infrastructure) Founding Member, Chief Solutions Architect, and Community Evangelist Shane Gibson
  • 3.
    3 RackN, Inc. andDigital Rebar Provision Your Presenter …. Software for Dell “CloudEdge” Hyperscale Hardware effort Learned many DevOps lessons in the field then created first OpenStack installer: “Crowbar” 1) Operations is inconsistent, manual and heterogenous 2) Foundational automation makes many problems go away 3) “Apply, Rinse, Repeat” (aka Immutable Infrastructure) Founding Member, Chief Solutions Architect, and Community Evangelist Shane Gibson But … really, who cares? Let's get to the fun stuff …
  • 4.
    4 @rackngo #immutable Storytime! “Self-BootstrappingKubernetes” Kubecon in Nov 2017 we created this demo Simple “immutable” Idea: 1) In Memory Boot Machines 2) Install Docker 3) Elect Leader 4) Run Kubeadm on Leader 5) Run Kubeadm on Remainder But….it’s shockingly hard to maintain. Dependencies breaks the installation And they are constantly changing.
  • 5.
    5 @rackngo #immutable Storytime! “Self-BootstrappingKubernetes” So, while it’s pretty cool, it’s not “real” immutability Presentation & Demo https://youtu.be/OowxF6GqK4I sad!
  • 6.
  • 7.
    Why is configurationfragile? mutation V
  • 8.
    8 @rackngo #immutable But… I💜 Infrastructure as Code?! Sorry. Mutability adds complexity Traditional “build-in place” approaches ● Have hidden dependency graphs ● Create variation between environments ● Are harder to “lock down” due to config AND OMG… updates and patches are even harder ● Idempotent operations are difficult ● Roll backward is next to impossible! ● Creating indeterminate state
  • 9.
    9 @rackngo #immutable Traditional “build-inplace” approaches ● Have hidden dependency graphs ● Create variation between environments ● Are harder to “lock down” due to config AND OMG… updates and patches are even harder ● Idempotent operations are difficult ● Roll backward is impossible ● Creating indeterminate state But… I 💜 Infrastructure as code?! Sorry. Mutability adds complexity Let’s lock it down!
  • 10.
    What is ImmutableInfrastructure?
  • 11.
    What is ImmutableInfrastructure? Pre-deploy configured V
  • 12.
    12 @rackngo #immutable Traditional Deployand Configure System is configured in situ from a least common denominator baseline. This can be “immutable-like” under the right conditions. We’ll come back to that... Delivery Pipeline Deployment Code Build Integrate Run Configure
  • 13.
    13 @rackngo #immutable Shifting ConfigurationBEFORE Deployment In our ideal delivery pipeline, configuration is before deployment. Running systems are delivered as a complete runnable unit for deployment. Delivery Pipeline Deployment Code Build Integrate Run Configure
  • 14.
    14 @rackngo #immutable Shifting ConfigurationBEFORE Deployment In reality, it’s very hard to create a distinct artifact for every running instance; instead, we create incremental versions. So we do some initialization of the reusable versioned instance. Cloud init is the most commonly known pattern for this. Delivery Pipeline Deployment Code Build Integrate Run Configure Initialize! V
  • 15.
    Cloud Native Infrastructure CNIbook.info Justin Garrison& Kris Nova “Infrastructure as software” “Intent-Based Platform”
  • 16.
    16 @rackngo #immutable Which Enables…Delegating Operations If you can make your artifacts immutable then you can delegate management of them to a platform like Kubernetes. Kubernetes does not configure infrastructure. It maintains state based on a manifest. StateManager (e.g.Kubernetes) Code Build Integrate Run Configure Delivery Pipeline
  • 17.
    17 @rackngo #immutable Which Enables…Delegating Operations If you can make your artifacts immutable then you can delegate management of them to a platform like Kubernetes. Kubernetes does not configure infrastructure. It maintains state based on a manifest. StateManager (e.g.Kubernetes) Code Build Integrate Run Configure Delivery Pipeline Kubernetes? WTF! Is Immutable > K8s?
  • 18.
    Immutable is aDevOps Pattern <<< Shift Left & Create/Delete
  • 19.
    19 @rackngo #immutable The Problem Immutability<<< Shifting Left package server image provision server initial config
  • 20.
    20 @rackngo #immutable The Problem Immutability<<< Shifting Left patch 1 package server image provision server initial config
  • 21.
    21 @rackngo #immutable The Problem Immutability<<< Shifting Left patch 1 patch 2 package server image provision server initial config
  • 22.
    22 @rackngo #immutable The Problem Immutability<<< Shifting Left patch 1 patch 2 the madness doesn't stop at patch 2! package server image provision server initial config
  • 23.
    23 @rackngo #immutable The Problem Immutability<<< Shifting Left patch 1 patch 2 the madness doesn't stop at patch 2! What Madness? ● We have to maintain root access ● Patches assume system state ● Patches create dependency graphs ● Coordination? Should we halt work? ● Drift is inevitable! package server image provision server initial config
  • 24.
    24 @rackngo #immutable The Problem Immutability<<< Shifting Left patch 1 patch 2 SAD !!package server image provision server initial config
  • 25.
    25 @rackngo #immutable Apply cloudand container lessons to our Bare Metal … Immutability <<< Shifting Left package server image provision server initial config destroy!!
  • 26.
    26 @rackngo #immutable Apply cloudand container lessons to our Bare Metal … Immutability <<< Shifting Left destroy!! destroy!!patch 1 package server image provision server initial config package server image provision server initial config
  • 27.
    27 @rackngo #immutable Apply cloudand container lessons to our Bare Metal … Immutability <<< Shifting Left destroy!! destroy!!patch 1 depatch 2 package server image provision server initial config package server image provision server initial config package server image provision server initial config
  • 28.
    28 @rackngo #immutable Apply cloudand container lessons to our Bare Metal … Immutability <<< Shifting Left destroy!! destroy!!patch 1 patch N depatch 2 package server image provision server initial config package server image provision server initial config package server image provision server initial config package server image provision server initial config
  • 29.
  • 30.
    30 Immutable Provisioning systems treatinfrastructure as a black box Cloud-like Integration and Staged Workflow Provisioning System Requested State Returned State REST API Event Hook
  • 31.
    31 Cloud-like Integration andStaged Workflow Immutable Provisioning systems treat infrastructure as a black box Provision requests are for a system state with optional parameters. The intermediate changes to achieve the state are not exposed to the requester. Provisioning System Reset Join Install Config Test Requested State Returned State REST API Event Hook
  • 32.
    32 Cloud-like Integration andStaged Workflow Immutable Provisioning systems treat infrastructure as a black box Provision requests are for a system state with optional parameters. The intermediate changes to achieve the state are not exposed to the requester. REMEMBER: Operators of the provisioning system require high transparency, stages and control. Provisioning System Reset Join Install Config Test Requested State Returned State REST API Event Hook No hidden operations!
  • 33.
    Immutable Patterns 1) Baseline+ Configuration 2) Live Boot + Configuration 3) Image Deploy
  • 34.
    34 Provision 1: Baseline +Configuration Benefit: Easiest to achieve with current tools, Safer than Patching Challenge: Lots of Post-Configuration, Not Really “Immutable”, Slow Instead of relying on patches, rely on starting from a pristine image ResetBaseline Configure Run Additional Reference https://thenewstack.io/immutable-hardware-ops-hygiene-security-efficiency/
  • 35.
    35 Provision 1: Baseline +Configuration Benefit: Easiest to achieve with current tools, Safer than Patching Challenge: Lots of Post-Configuration, Not Really “Immutable”, Slow Instead of relying on patches, rely on starting from a pristine image ResetBaseline Configure Run Additional Reference https://thenewstack.io/immutable-hardware-ops-hygiene-security-efficiency/ You must control ALL of your dependency chain !!!
  • 36.
    36 Provision 1: Baseline +Configuration Benefit: Easiest to achieve with current tools, Safer than Patching Challenge: Lots of Post-Configuration, Not Really “Immutable”, Slow Instead of relying on patches, rely on starting from a pristine image ResetBaseline Configure Run Additional Reference https://thenewstack.io/immutable-hardware-ops-hygiene-security-efficiency/ ...every single (!!) package from the base OS on up ...
  • 37.
    37 Benefit: Fast resettimes, forces good behavior Challenge: Provisioning becomes critical path, still have dependency graph Like #1 but clean-up is simply a reboot. Favors smaller footprint O/S. 2: Live Boot + Configuration Provision RebootBaseline Configure Run
  • 38.
    38 How much ofOS, Packages, and Application stack is in your Live Boot image will determine how much work you have to do on dependency tracking and version lock down. 2: Live Boot + Configuration Provision RebootBaseline Configure Run
  • 39.
    39 3: Image Deploy Benefit:Shorter time to ready, highly controlled (“shift left”), rollback Challenge: Harder to create and deploy images Image is deployed from source instead of Baseline + Configure Provision Deploy Image Run Provision Deploy Image Run
  • 40.
    40 3: Image Deploy Benefit:Shorter time to ready, highly controlled (“shift left”), rollback Challenge: Harder to create and deploy images Image is deployed from single artifact instead of Baseline + Configure Provision Deploy Image Run Provision Deploy Image Run Initialize! V Initialize! V
  • 41.
    41 So… Let’s talkImage Creation Ideally in an automation build process. You DO THE CONFIGURATION on a live system (so you still need configuration tools) and then capture the image into a portable format. Tools like Hashicorp Packer, Image Builder, WBIC or raw images are used to create source files (e.g. Root FS Tarball, Disk Image, AMI, OVS).
  • 42.
    42 So… Let’s talkImage Creation Ideally in an automation build process. You DO THE CONFIGURATION on a live system (so you still need configuration tools) and then capture the image into a portable format. Tools like Hashicorp Packer, Image Builder, WBIC or raw images are used to create source files (e.g. Root FS Tarball, Disk Image, AMI, OVS). That sounds like a lot of work & really slow!
  • 43.
    Yes, But… It’s faster,safer & more scalable.
  • 44.
    44 Build Pipeline Immutable Demo Prep:Image is pre-created from reference system. Reference System
  • 45.
    45 Build Pipeline Immutable Demo Prep:Image is pre-created from reference system. Reference System customize
  • 46.
    46 Build Pipeline Immutable Demo Prep:Image is pre-created from reference system. Reference System Image Read customize
  • 47.
    47 Deploy Pipeline Build Pipeline ImmutableDemo Prep: Image is pre-created from reference system. Stage: Boot RAM image and write image to disk(s) Reference System Image Target System RAM BOOT Write Read customize
  • 48.
    48 Deploy Pipeline Build Pipeline ImmutableDemo Prep: Image is pre-created from reference system. Stage: Boot RAM image and write image to disk(s) Deploy: Reboot and run Reference System Image Target System RAM BOOT Target System RUNNING Write Run Read V Reboot Initialize!customize
  • 49.
    49 Build Pipeline Deploy Pipeline ImmutableDemo Hopefully (!!): You're pushing your images through a rigorous CI/CD pipeline before you Deploy !! Reference System Image Read customize
  • 50.
    50 Build Pipeline Deploy Pipeline ImmutableDemo Hopefully (!!): You're pushing your images through a rigorous CI/CD pipeline before you Deploy !! Reference System Image Read CI/CD Pipeline TEST !!
  • 51.
    51 Build Pipeline Deploy Pipeline ImmutableDemo Hopefully (!!): You're pushing your images through a rigorous CI/CD pipeline before you Deploy !! Reference System Image Read CI/CD Pipeline TEST !! FAIL ???
  • 52.
    52 Build Pipeline Deploy Pipeline ImmutableDemo Hopefully (!!): You're pushing your images through a rigorous CI/CD pipeline before you Deploy !! Reference System Image Target System RAM BOOT Write Read CI/CD Pipeline TEST !! Pass!
  • 53.
    53 Build Pipeline Deploy Pipeline ImmutableDemo Hopefully (!!): You're pushing your images through a rigorous CI/CD pipeline before you Deploy !! Reference System Image Target System RAM BOOT Target System RUNNING Write Run Read V Reboot Initialize! CI/CD Pipeline TEST !! Pass!
  • 54.
    Thank you! Questions? Interested inIMMUTABLE METAL? It’s complicated, but we can get you there. Start at http://portal.rackn.io • Quickstart takes about 30 minutes • Use your own hardware, VirtualBox or Packet.net account – use “RACKN100” on Packet.net for credit