Infrastructure = Code
Georg M. Sorst
CTO, FINDOLOGIC GmbH
What’s the challenge?
Who has already setup 1 server?
10, 1.000, 10.000?
● Setup: Manual shell commands
● Testing: Manual
● Multiple admins: Overwrite each other’s fixes
● Updates: Different versions on every server
Develop like it’s 1999
● Software Development has solved these issues:
● Installation: Deployment Scripts
● Testing: Unit Tests
● Multiple developers: git merge
● Updates: Version tagging
Infrastructure = Code?
● Define the desired state of the servers
● In human readable form
● Commit to VCS
● Automatically run tests
● Setup / Update server with single command
● Fail, fix and deploy
- hosts: webservers
- name: ensure apache is at the latest version
yum: name=httpd state=latest
- name: write the apache config file
template: src=/srv/httpd.j2 dest=/etc/httpd.conf
- restart apache
- name: ensure apache is running (and enable it at boot)
service: name=httpd state=started enabled=yes
- name: restart apache
service: name=httpd state=restarted
● “Ansible” = fictional instantaneous hyperspace communication system
● Michael DeHaan 2012 / Red Hat
● Declare desired state, not how to get there
○ name=apache state=present
○ Just needs SSH access
● Plain YAML
○ Can be versioned
● Inventory: Which hosts / hostgroups are available?
● Hosts: Which hosts to run on?
● Vars: Use in config files, tasks etc.
● Tasks: What to do?
● Handlers: Restart service on config change
Testing, 1 2, Testing
● Use Ansible test modules
○ Get response from port
○ Check log file contents
● Jenkins: vagrant up
● Travis CI
● Automatically build Docker image / Vagrant box
● Ad-hoc tasks: Reboot multiple servers
● Roles: This is a Web-Server, DB-Server, SSH
● Templates: Replace value in config file
● Conditionals: Run only on Ubuntu
● Loops: Install packages, create users
● Vault: Encrypt passwords, private keys
● Use .d files, eg. /etc/apache2/conf.d/
● Takes a while to have really robust playbooks
○ Absolutely requires automated testing
● Don’t make local changes on servers
○ Commit to repo, run tests, deploy (just like code)
● < cowsay >
● Ansible Galaxy: More than 5.000 roles available
● Ansible Tower: Centralized control panel, $$$
● Works well with OpenStack (both Red Hat)
What are my options?
● Puppet (requires agent, Ruby DSL)
● Chef (requires agent, Ruby based configs)
● Salt (agentless,YAML config)