Я расскажу, как построить гибкую, надежную, высокодоступную и масштабируемую «платформу как сервис» с нуля. Вы узнаете, насколько легко это сделать, и как продукты HashiCorp могут помочь вашим проектам.

1. Building PaaS with
the HashiStack
Roman Dimitrenko
27th Day of May, 2017

2. 2
Your task is to build a system that have:
- A stateless model, any machine only keeps state (data on) transactions that are ‘in fly,’
but after a transaction is completed, any machines that die or degrade have no effect on
the state or memory of historic transactions
- Ordered, first-in first-out lists (implemented as an HA service) increase availability and performance by
distributing a transaction to the first-available member for processing in a distributed environment.
- It is critical to have high availability at the network layer. This allows a “rolling upgrade” of the network
layer to fix bugs or security issues, without affecting uptime of the
applications supported by the infrastructure.
- As database failure causes complete application failure in most cases, a redundant database
implementation provides increased performance as well as risk mitigation in an enterprise application
deployment. In cases where performance is heavily reliant on a database, a hybrid solution of
dedicated database servers combined with cloud application and web servers provides maximum
performance with data redundancy.
- The system has to be ready dynamically expand its infrastructure to handle
an expected or unexpected increase in traffic due to a change in market conditions.
- In the event that server or resource is compromised, a new instance of the application can be
deployed in minutes in the cloud, rather than manually deploying the new resource. Of course, the new
deployment must be installed on top of systems with pre-mitigated security vulnerabilities.
- Data replication and resource availability is present in the secondary location and the just-in-time
deployment of entire application infrastructures is measured in minutes, not hours or longer

3. 3

4. 4
DevOps – it’s a cultural change
that touches many teams
in the organization

5. 5

6. 6

7. 7

8. AGENDA
1. Introduction to Hashicorp Ecosystem
2. Brief description of Provision tools
3. Brief description of Secure tools
4. Brief description of Run tools
5. Questions & Answers

9. 9

10. 10

11. 11
Development environments made easy.
The same, easy workflow regardless
of your role, platform or app.

12. 12
Unified workflow
Enforce consistency
Cross-platform:
- Mac
- Linux
- Windows and more
Trusted at Scale
Integrates with:
Ansible, Chef, Puppet, etc

13. 13
Build images for cloud platforms, virtual
machines, containers, and more from a
single source configuration.

14. 14
Creates machine images
Creates container images
Multiple platforms:
- AWS/Azure/GCE/OCP
- VMWare, QEMU
Integrates with:
Ansible, Chef, Puppet, etc
Packer

15. 15
Write, plan, create, and maintain any
infrastructure with Infrastructure as code.

16. 16
Infrastructure as Code (Almost any
infrastructure noun can be represented as a
resource)
One safe workflow across providers
Reproducible infrastructure
IaaS (e.g. AWS, GCP, Microsoft Azure,
OpenStack)
PaaS (e.g. Heroku)
SaaS services (e.g. UltraDNS,
DNSimple, CloudFlare)

17. 17
Secret storage, certificates, encryption,
and more in a highly secure, centralized
service.

18. 18
Secrets Storage
AWS IAM/STS credentials
SQL/NoSQL databases
X.509 certificates
SSH credentials

19. 19
Key Rolling:
Leasing
Key revocation
Key rolling
Auditing

20. 20
- Strict control over who can access what secrets
- Operators can easily trace the lifetime and origin of any secret
- Authentication, token creation, secret access and revocation

21. 21
Service discovery and configuration.
Distributed, highly-available, and multi-
Datacenter aware.

22. 22
Service Discovery and
Service Health-checking
Distributed clients
Multi-Datacenter
Large Scale
Raft Consensus
Production Hardened
Key/Value Storage
Single DNS for everything

23. 23
Distributed, datacenter-aware scheduler.
Deploy containers, VMs, raw binaries and
more with the same system.

24. 24
State Coordination
Optimistic
concurrency
Multi – Datacenter
Multi – Region
Flexible Workloads
Job Priorities
Operationally Simple
Large Scale
Bin Packing

25. 25
Binary packing
Archive Nodes as compact as possible

26. 26
• WHO WE SERVE Nomad Drivers
Containerized
Virtualized
Standalone
Docker
Rkt
LXC
Windows Server Containers
Qemu / KVM
Xen + Hyper-V
Java Jar
Static Binaries
Isolated Fork / Exec
C#

27. 27

28. 28
server {
enabled = true
bootstrap_expect = 3
}
job "docs" {
region = "us”
datacenters = ["us-west-1", "us-east-1"]
type = "service”
group "webs" {
count = 5
task "frontend" {
driver = "docker"
config { image = "hashicorp/web-frontend” }
service {
port = “http”
check {
type = "http”
path = "/health”
}
}
env { "DB_HOST" = "db01.example.com” }
resources {
cpu = 500
ram = 128
network {
mbits = 128
port "http" {}
}
}
}
}
}
}
client {
enabled = true
network_speed = 1000
options { "driver.raw_exec.enable" = "1" }
}
consul {
address = "1.2.3.4:8500”
}
Integration with Consul
Agent configuration
Server configuration
Simple job

29. 29

30. 30

31. 31
HashiConf 2016 (Napa) -
CITADEL has beaten
the record set by Hashicorp
and GCE teams
https://youtu.be/Ww4aZFeqGAQ?t=2083

32. 32

33. 33
Questions
&
Answers

34. 34
Knight Capital Group story
“During the deployment of the new code, however, one of Knight’s technicians
did not copy the new code to one of the eight SMARS computer servers.
Knight did not have a second technician review this deployment and no one
at Knight realized that the Power Peg code had not been removed from the eighth server,
nor the new RLP code added.
Knight had no written procedures that required such a review.
SEC Filing | Release No. 70694 | October 16, 2013
How DevOps practices could help here?
A couple of the principles for Continuous Delivery
apply here:
- Releasing software should be a repeatable,
reliable process.
- Automate as much as is reasonable.

35. 35
Thanks
for coming!
Want the same,
even better!
Contact me:
roman_dimitrenko@epam.com