SlideShare a Scribd company logo

Trusted Configurations for e-Infrastructure Deployment

Bruce Becker
Bruce Becker

This document discusses ensuring trusted configurations for UMD deployments. It outlines using Ansible for UMD deployments and the need for an EGI style guide to standardize roles. It advocates for tests of roles across different infrastructure specifications. Close collaboration and code reviews between developers and operations are needed. A style guide, compliance profile, and tools like Molecule and InSpec are proposed to test roles and ensure consistent deployments regardless of the configuration tool used.

Software
1 of 25
Download to read offline
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Trusted confiuratons for UMD deployments Bruce Becker, EGI Operatons  bruce.becker@eii.eu  @brusisceddu  brucellino 0000-0002-6607-7145
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Outline ● Ansible in the UMD path to producton ● A style guide for EGI – What makes our roles ‘ours’ ? – How can we trust each others’ work ? ● Tests and Infrastructure Specifcatons ● Collaboraton and re-usability
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Ansible in the UMD path to producton ● We used to have a unique* confguraton management tool – YAIM ● YAIM solved at least two problems : – Confguraton Management : single place in which to express the desired confguraton state – Deployment : executable means to achieve the state ● UMD products slowly dropped YAIM, favouring one or other tool for confguraton management : – Puppet – Ansible
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Site confiuraton manaiement – too many optons ? ● Sites are now freer to choose how to confgure and deploy middleware ● The choice of tool comes down to local expertse and historical preferences ● Support for debugging confguraton issues however becomes harder – community tends to split into ‘if you use this tool, change this variable… oh, sorry you use other tool, can’t help.’ ● Given that there is no objectve measure by which one tool is beter than another, can we fnd a way to support each other? ● IE, does a site admin really have to understand the internals of Puppet or Ansible to confgure the middleware at their site ?
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Ansible or Puppet – does it mater ? ● It is difcult to say why Ansible or Puppet have the following they have in certain environments. ● There are design and ecosystem consideratons which suit diferent scenarios beter in each case ● Both can be used to achieve contnuous, correct deployment ● So : does it mater to the site admin whether a product expresses a preference for either ? I hazard that it should not. ● UMD deployment should be a conservatve force : – End states should not depend on the path taken to get there
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Many tools : Why ? Pair proirammini ● First of : Confguraton code is code. Treat it as such. ● Pair programming allows collaboraton and quality code review. ● If both tools should achieve the same state for a given middleware product, we should be able to review each others’ work. ● But they are diferent languages and paradigms? How can we review each others’ work ? – Focus on paterns instead of specifc implementaton – Collaborate on the objectve measures of quality – ie the fnal result
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Why ? Cross-validated deployments ● Why are there 4 experiments looking for the Higgs ? ● There are always biases and assumptons in deployment and confguraton scenarios – these make their way into the code for deployment. ● They implicitly exclude certain use cases or scenarios ● Cross-validatng deployments with diferent tools tends to surface these assumptons and force us to confront them. ● A good goal would be to achieve consistent deployments from a given state, regardless of the means to achieve it.
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Why ? : A healthy ecosystem ● Reliance on a single tool and tribal knowledge around it is not a good sign ● Healthy ‘inter-breeding’ of ideas from slightly diferent ways of doing things will probably lead to beter health of the UMD ecosystem and whatever proceeds it. ● We can teach paterns and skills rather than tools – these are useful to industry (beter employability) but also makes it easier for us as a community to atract talent
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu EGI in the Ansible universe : the EGI Style Guide ● Ansible is simple but powerful IT automaton – really temptng to just solve problems and be done with it. ● However, this same power leads to massive divergence in the way in which problems are solved, making it difcult to trust that other peoples’ work will work for you. ● e.g. you fnd a role for confguring CREAM : – Will it respect my local setup ? – Does it do the network confguraton ? – Who maintains this ? – Is it even correct ?
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Objectve measures ● Step 1 : A Style Guide  EGI-Foundaton/ansible-style-guide ● Expresses opinions on : – Documentng roles – Ansible syntax in roles – Testng role scenarios, testng tools – Role release and publicaton – Collaboratng with code ● Read more : brucellino.github.io/blog/Ansible-Style-Guide ● WIP : egi-foundaton.github.io/ansible-style-guide/
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Ansible Style Guide rôle Skeleton ● When creatng new roles, one typically uses ansible-galaxy init <role name> ● The default has several important bits ‘missing’ which are necessary for engendering re-use and trust : – Issue and PR templates, contributng guide, links to EGI support structures – Relevant platorms which EGI supports in meta.yml – Properly-generated .travis.yml – Proper webhooks on build-passing to galaxy.ansible.com ● ansible-galaxy init --role-skeleton=ansible-style- guide/egi-galaxy-skeleton high-performance-grid-cloud
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Objectve measures ● Step 2 : A compliance profle  EGI-Foundaton/ansible-fashion-police ● We implement controls (using Inspec) for: – Automated testng – GitHub repository confguraton – Role Metadata – Role Skeleton
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu One role, many scenarios ● The underlying platorm is changing – clouds, vms, DMZs, containers, etc ● The confguraton tool should not enforce a partcular executon environment, but should express the middleware product appropriately in the respectve environment ● We need to mock and test various producton environments
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Can we apply traditonal TDD to Infrastructure ? ● Molecule provides a general-purpose mock and testng framework for Ansible roles ● Allows developer to defne many deployment scenarios and test against them : ● Easiest is to test in Docker, but can test against OpenStack or bare-metal scenarios, from given startng points
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu TDD for Ansible roles
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Infrastructure Models and Specifcatons ● Remember : ‘’UMD deployment should be a conservatve force’’ ● We should be able to model deployments independently of the tool used...
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Infrastructure Models and Specifcatons brucellino.iithub.io/bloi/Style-Guide-In-Acton
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Beter use of infrastructure : Ansible Galaxyy
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Beter use of infrastructure : Ansible Galaxyy
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Beter use of infrastructure : Quay ● CI on Travis pushes to Quay on build-passing : – artefacts immediately available for re-use in subsequent steps of the pipeline ● Something similar could be done for VMS (push to AppDB) ● Vulnerabilites and obsolete packages immediately visibile – Can open issues against the repo automatcally
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu DevSecOps – thanks clair
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Collaboraton and re-usability ● Putting development into context with a solid foundaton and objectve measures makes it easier for operatons to trust the results thereof. ● Both Dev and Ops can agree on the fnal state of the service in given scenarios ● Clear case for following TDD and BDD using relevant tools (TestInfra, Inspec, Cucumber) ● Issues in the fnal state can be traced back to code if there is an unbroken pipeline between commit and deploy.
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu DevOps ● For us to achieve DevOps and support many more deployment scenarios - – Small sites with few staf, in known scenarios – Unmanned deployments – Diferent deployment platorms ● … we need product teams and infrastructure engineers to collaborate … – Peer review, pull requests, infrastructure specs, documentaton ● … not on the code of the product itself, but the pipeline for delivering that product in a viable state to the producton environment ● Close links with the ‘lightweght’ sites work from CERN and SKA HPC ecosystem sites in Africa.
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu In summary : ● UMD confguratons should be put through the same rigourous testng as UMD products ● Having more than one tool to achieve producton states is good, as long as there is a community of practce in EGI around those tools ● A community of practce is expressed in the EGI Ansible Style Guide, along with a compliance profle. ● Allows those wantng to – develop infrastructure components to do so smoothly and collaboratvely – Operate infrastructure components to do so with confdence
Bruce Becker | EGI Operations Team | bruce.becker@egi.eu links ● Style Guide, Compliance profle, Quay Org, Ansible Galaxy ● Website – egi-foundaton.github.io/ansible-style-guide ● Testng tools – Molecule : molecule.readthedocs.io – TestInfra : testnfra.readthedocs.io – Inspec : www.inspec.io – Cucumber : cucumber.io ● Blogs : – ‘E-Infrastructure Components that are built to last’ – ‘Style Guide in Acton’

Recommended

Extreme Programming
Extreme ProgrammingExtreme Programming
Extreme ProgrammingKnoldus Inc.
 
What is xp
What is xpWhat is xp
What is xpSimone Federici
 
[DPE Summit] How Improving the Testing Experience Goes Beyond Quality: A Deve...
[DPE Summit] How Improving the Testing Experience Goes Beyond Quality: A Deve...[DPE Summit] How Improving the Testing Experience Goes Beyond Quality: A Deve...
[DPE Summit] How Improving the Testing Experience Goes Beyond Quality: A Deve...Roberto Pérez Alcolea
 
Developing, testing and distributing elasticsearch beats in a complex, heter...
Developing, testing and distributing elasticsearch beats in a complex, heter...Developing, testing and distributing elasticsearch beats in a complex, heter...
Developing, testing and distributing elasticsearch beats in a complex, heter...Jesper Agerled Wermuth
 
EclipseCon Eu 2015 - Breathe life into your Designer!
EclipseCon Eu 2015 - Breathe life into your Designer!EclipseCon Eu 2015 - Breathe life into your Designer!
EclipseCon Eu 2015 - Breathe life into your Designer!melbats
 
Introduction to Unit Testing
Introduction to Unit TestingIntroduction to Unit Testing
Introduction to Unit TestingSwanky Hsiao
 
Keeping code clean
Keeping code cleanKeeping code clean
Keeping code cleanBrett Child
 
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...ITProceed
 

Recommended

Extreme Programming
Extreme ProgrammingExtreme Programming
Extreme ProgrammingKnoldus Inc.
 
What is xp
What is xpWhat is xp
What is xpSimone Federici
 
[DPE Summit] How Improving the Testing Experience Goes Beyond Quality: A Deve...
[DPE Summit] How Improving the Testing Experience Goes Beyond Quality: A Deve...[DPE Summit] How Improving the Testing Experience Goes Beyond Quality: A Deve...
[DPE Summit] How Improving the Testing Experience Goes Beyond Quality: A Deve...Roberto Pérez Alcolea
 
Developing, testing and distributing elasticsearch beats in a complex, heter...
Developing, testing and distributing elasticsearch beats in a complex, heter...Developing, testing and distributing elasticsearch beats in a complex, heter...
Developing, testing and distributing elasticsearch beats in a complex, heter...Jesper Agerled Wermuth
 
EclipseCon Eu 2015 - Breathe life into your Designer!
EclipseCon Eu 2015 - Breathe life into your Designer!EclipseCon Eu 2015 - Breathe life into your Designer!
EclipseCon Eu 2015 - Breathe life into your Designer!melbats
 
Introduction to Unit Testing
Introduction to Unit TestingIntroduction to Unit Testing
Introduction to Unit TestingSwanky Hsiao
 
Keeping code clean
Keeping code cleanKeeping code clean
Keeping code cleanBrett Child
 
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...ITProceed
 
Infrastructure as code
Infrastructure as codeInfrastructure as code
Infrastructure as codeAnders Bruvik
 
Agile
AgileAgile
AgileKomal2525
 
Tests immutable when refactoring - SegFault Unconference Cracow 2019
Tests immutable when refactoring - SegFault Unconference Cracow 2019Tests immutable when refactoring - SegFault Unconference Cracow 2019
Tests immutable when refactoring - SegFault Unconference Cracow 2019Grzegorz Miejski
 
Info dev flexibility in agile
Info dev flexibility in agileInfo dev flexibility in agile
Info dev flexibility in agileAlyssa Fox
 
PratheshBV_Resume
PratheshBV_ResumePratheshBV_Resume
PratheshBV_Resumepradeesh bv
 
Server Emulator and Virtualizer for Next-Generation Rack Servers
Server Emulator and Virtualizer for Next-Generation Rack ServersServer Emulator and Virtualizer for Next-Generation Rack Servers
Server Emulator and Virtualizer for Next-Generation Rack ServersIRJET Journal
 
How to test a Mainframe Application
How to test a Mainframe ApplicationHow to test a Mainframe Application
How to test a Mainframe ApplicationMichael Erichsen
 
The Rocky Cloud Road
The Rocky Cloud RoadThe Rocky Cloud Road
The Rocky Cloud RoadGert Drapers
 
Network Automation at Shapeways
Network Automation at ShapewaysNetwork Automation at Shapeways
Network Automation at ShapewaysPuppet
 
Anatomy of a Build Pipeline
Anatomy of a Build PipelineAnatomy of a Build Pipeline
Anatomy of a Build PipelineSamuel Brown
 
Unit ii
Unit iiUnit ii
Unit iitamizh arthanari
 
Continuous Deployment To The Cloud With Spring Cloud Pipelines @WarsawCloudNa...
Continuous Deployment To The Cloud With Spring Cloud Pipelines @WarsawCloudNa...Continuous Deployment To The Cloud With Spring Cloud Pipelines @WarsawCloudNa...
Continuous Deployment To The Cloud With Spring Cloud Pipelines @WarsawCloudNa...Marcin Grzejszczak
 
Dublin Unity User Group Meetup Sept 2015
Dublin Unity User Group Meetup Sept 2015Dublin Unity User Group Meetup Sept 2015
Dublin Unity User Group Meetup Sept 2015Dominique Boutin
 
Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019Moss Drake
 
Google Cloud Platform Certification Cloud Architect Exam Prep Review Virtual ...
Google Cloud Platform Certification Cloud Architect Exam Prep Review Virtual ...Google Cloud Platform Certification Cloud Architect Exam Prep Review Virtual ...
Google Cloud Platform Certification Cloud Architect Exam Prep Review Virtual ...Joseph Holbrook, Chief Learning Officer (CLO)
 
inroduction of embedded system.pptx
inroduction of embedded system.pptxinroduction of embedded system.pptx
inroduction of embedded system.pptxsaisaran76
 
The Extreme Programming (XP) Model
The Extreme Programming (XP) ModelThe Extreme Programming (XP) Model
The Extreme Programming (XP) ModelDamian T. Gordon
 
Agile Talk 30 Jul 1o2
Agile Talk 30 Jul 1o2Agile Talk 30 Jul 1o2
Agile Talk 30 Jul 1o2Akhil Kumar
 
Eclipse Testing Day 2010. Xored Q7
Eclipse Testing Day 2010. Xored Q7Eclipse Testing Day 2010. Xored Q7
Eclipse Testing Day 2010. Xored Q7platoff
 
Cloud Native CI/CD with Spring Cloud Pipelines
Cloud Native CI/CD with Spring Cloud PipelinesCloud Native CI/CD with Spring Cloud Pipelines
Cloud Native CI/CD with Spring Cloud PipelinesLars Rosenquist
 
The Sci-GaIA project
The Sci-GaIA projectThe Sci-GaIA project
The Sci-GaIA projectBruce Becker
 
NICIS: Stepping Stones to a Cyberinfrastructure Commons
NICIS: Stepping Stones to a Cyberinfrastructure CommonsNICIS: Stepping Stones to a Cyberinfrastructure Commons
NICIS: Stepping Stones to a Cyberinfrastructure CommonsBruce Becker
 

More Related Content

Similar to Trusted Configurations for e-Infrastructure Deployment

Infrastructure as code
Infrastructure as codeInfrastructure as code
Infrastructure as codeAnders Bruvik
 
Tests immutable when refactoring - SegFault Unconference Cracow 2019
Tests immutable when refactoring - SegFault Unconference Cracow 2019Tests immutable when refactoring - SegFault Unconference Cracow 2019
Tests immutable when refactoring - SegFault Unconference Cracow 2019Grzegorz Miejski
 
Info dev flexibility in agile
Info dev flexibility in agileInfo dev flexibility in agile
Info dev flexibility in agileAlyssa Fox
 
PratheshBV_Resume
PratheshBV_ResumePratheshBV_Resume
PratheshBV_Resumepradeesh bv
 
Server Emulator and Virtualizer for Next-Generation Rack Servers
Server Emulator and Virtualizer for Next-Generation Rack ServersServer Emulator and Virtualizer for Next-Generation Rack Servers
Server Emulator and Virtualizer for Next-Generation Rack ServersIRJET Journal
 
How to test a Mainframe Application
How to test a Mainframe ApplicationHow to test a Mainframe Application
How to test a Mainframe ApplicationMichael Erichsen
 
The Rocky Cloud Road
The Rocky Cloud RoadThe Rocky Cloud Road
The Rocky Cloud RoadGert Drapers
 
Network Automation at Shapeways
Network Automation at ShapewaysNetwork Automation at Shapeways
Network Automation at ShapewaysPuppet
 
Anatomy of a Build Pipeline
Anatomy of a Build PipelineAnatomy of a Build Pipeline
Anatomy of a Build PipelineSamuel Brown
 
Continuous Deployment To The Cloud With Spring Cloud Pipelines @WarsawCloudNa...
Continuous Deployment To The Cloud With Spring Cloud Pipelines @WarsawCloudNa...Continuous Deployment To The Cloud With Spring Cloud Pipelines @WarsawCloudNa...
Continuous Deployment To The Cloud With Spring Cloud Pipelines @WarsawCloudNa...Marcin Grzejszczak
 
Dublin Unity User Group Meetup Sept 2015
Dublin Unity User Group Meetup Sept 2015Dublin Unity User Group Meetup Sept 2015
Dublin Unity User Group Meetup Sept 2015Dominique Boutin
 
Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019Moss Drake
 
inroduction of embedded system.pptx
inroduction of embedded system.pptxinroduction of embedded system.pptx
inroduction of embedded system.pptxsaisaran76
 
The Extreme Programming (XP) Model
The Extreme Programming (XP) ModelThe Extreme Programming (XP) Model
The Extreme Programming (XP) ModelDamian T. Gordon
 
Agile Talk 30 Jul 1o2
Agile Talk 30 Jul 1o2Agile Talk 30 Jul 1o2
Agile Talk 30 Jul 1o2Akhil Kumar
 
Eclipse Testing Day 2010. Xored Q7
Eclipse Testing Day 2010. Xored Q7Eclipse Testing Day 2010. Xored Q7
Eclipse Testing Day 2010. Xored Q7platoff
 
Cloud Native CI/CD with Spring Cloud Pipelines
Cloud Native CI/CD with Spring Cloud PipelinesCloud Native CI/CD with Spring Cloud Pipelines
Cloud Native CI/CD with Spring Cloud PipelinesLars Rosenquist
 

Similar to Trusted Configurations for e-Infrastructure Deployment (20)

Infrastructure as code
Infrastructure as codeInfrastructure as code
Infrastructure as code
 
Agile
AgileAgile
Agile
 
Tests immutable when refactoring - SegFault Unconference Cracow 2019
Tests immutable when refactoring - SegFault Unconference Cracow 2019Tests immutable when refactoring - SegFault Unconference Cracow 2019
Tests immutable when refactoring - SegFault Unconference Cracow 2019
 
Info dev flexibility in agile
Info dev flexibility in agileInfo dev flexibility in agile
Info dev flexibility in agile
 
PratheshBV_Resume
PratheshBV_ResumePratheshBV_Resume
PratheshBV_Resume
 
Server Emulator and Virtualizer for Next-Generation Rack Servers
Server Emulator and Virtualizer for Next-Generation Rack ServersServer Emulator and Virtualizer for Next-Generation Rack Servers
Server Emulator and Virtualizer for Next-Generation Rack Servers
 
How to test a Mainframe Application
How to test a Mainframe ApplicationHow to test a Mainframe Application
How to test a Mainframe Application
 
The Rocky Cloud Road
The Rocky Cloud RoadThe Rocky Cloud Road
The Rocky Cloud Road
 
Network Automation at Shapeways
Network Automation at ShapewaysNetwork Automation at Shapeways
Network Automation at Shapeways
 
Anatomy of a Build Pipeline
Anatomy of a Build PipelineAnatomy of a Build Pipeline
Anatomy of a Build Pipeline
 
Unit ii
Unit iiUnit ii
Unit ii
 
Continuous Deployment To The Cloud With Spring Cloud Pipelines @WarsawCloudNa...
Continuous Deployment To The Cloud With Spring Cloud Pipelines @WarsawCloudNa...Continuous Deployment To The Cloud With Spring Cloud Pipelines @WarsawCloudNa...
Continuous Deployment To The Cloud With Spring Cloud Pipelines @WarsawCloudNa...
 
Dublin Unity User Group Meetup Sept 2015
Dublin Unity User Group Meetup Sept 2015Dublin Unity User Group Meetup Sept 2015
Dublin Unity User Group Meetup Sept 2015
 
Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019
 
Google Cloud Platform Certification Cloud Architect Exam Prep Review Virtual ...
Google Cloud Platform Certification Cloud Architect Exam Prep Review Virtual ...Google Cloud Platform Certification Cloud Architect Exam Prep Review Virtual ...
Google Cloud Platform Certification Cloud Architect Exam Prep Review Virtual ...
 
inroduction of embedded system.pptx
inroduction of embedded system.pptxinroduction of embedded system.pptx
inroduction of embedded system.pptx
 
The Extreme Programming (XP) Model
The Extreme Programming (XP) ModelThe Extreme Programming (XP) Model
The Extreme Programming (XP) Model
 
Agile Talk 30 Jul 1o2
Agile Talk 30 Jul 1o2Agile Talk 30 Jul 1o2
Agile Talk 30 Jul 1o2
 
Eclipse Testing Day 2010. Xored Q7
Eclipse Testing Day 2010. Xored Q7Eclipse Testing Day 2010. Xored Q7
Eclipse Testing Day 2010. Xored Q7
 
Cloud Native CI/CD with Spring Cloud Pipelines
Cloud Native CI/CD with Spring Cloud PipelinesCloud Native CI/CD with Spring Cloud Pipelines
Cloud Native CI/CD with Spring Cloud Pipelines
 

More from Bruce Becker

The Sci-GaIA project
The Sci-GaIA projectThe Sci-GaIA project
The Sci-GaIA projectBruce Becker
 
NICIS: Stepping Stones to a Cyberinfrastructure Commons
NICIS: Stepping Stones to a Cyberinfrastructure CommonsNICIS: Stepping Stones to a Cyberinfrastructure Commons
NICIS: Stepping Stones to a Cyberinfrastructure CommonsBruce Becker
 
Continuous Integration and Delivery of Research Applications
Continuous Integration and Delivery of Research ApplicationsContinuous Integration and Delivery of Research Applications
Continuous Integration and Delivery of Research ApplicationsBruce Becker
 
Continuous Integration and Delivery of Research Applications
Continuous Integration and Delivery of Research ApplicationsContinuous Integration and Delivery of Research Applications
Continuous Integration and Delivery of Research ApplicationsBruce Becker
 
Now you can cite APHRC's data sets (CHAIN-REDS)
Now you can cite APHRC's data sets (CHAIN-REDS)Now you can cite APHRC's data sets (CHAIN-REDS)
Now you can cite APHRC's data sets (CHAIN-REDS)Bruce Becker
 
Gadget2 Science Gateway Development
Gadget2 Science Gateway DevelopmentGadget2 Science Gateway Development
Gadget2 Science Gateway DevelopmentBruce Becker
 
Continuous integration
Continuous integrationContinuous integration
Continuous integrationBruce Becker
 
Distributed Development, Centralised Delivery - SAGrid Jenkins + CVMFS
Distributed Development, Centralised Delivery - SAGrid Jenkins + CVMFSDistributed Development, Centralised Delivery - SAGrid Jenkins + CVMFS
Distributed Development, Centralised Delivery - SAGrid Jenkins + CVMFSBruce Becker
 
Sa grid application inventory 36
Sa grid application inventory 36Sa grid application inventory 36
Sa grid application inventory 36Bruce Becker
 
Paerip chain-becker-10-11-2011
Paerip chain-becker-10-11-2011Paerip chain-becker-10-11-2011
Paerip chain-becker-10-11-2011Bruce Becker
 

More from Bruce Becker (10)

The Sci-GaIA project
The Sci-GaIA projectThe Sci-GaIA project
The Sci-GaIA project
 
NICIS: Stepping Stones to a Cyberinfrastructure Commons
NICIS: Stepping Stones to a Cyberinfrastructure CommonsNICIS: Stepping Stones to a Cyberinfrastructure Commons
NICIS: Stepping Stones to a Cyberinfrastructure Commons
 
Continuous Integration and Delivery of Research Applications
Continuous Integration and Delivery of Research ApplicationsContinuous Integration and Delivery of Research Applications
Continuous Integration and Delivery of Research Applications
 
Continuous Integration and Delivery of Research Applications
Continuous Integration and Delivery of Research ApplicationsContinuous Integration and Delivery of Research Applications
Continuous Integration and Delivery of Research Applications
 
Now you can cite APHRC's data sets (CHAIN-REDS)
Now you can cite APHRC's data sets (CHAIN-REDS)Now you can cite APHRC's data sets (CHAIN-REDS)
Now you can cite APHRC's data sets (CHAIN-REDS)
 
Gadget2 Science Gateway Development
Gadget2 Science Gateway DevelopmentGadget2 Science Gateway Development
Gadget2 Science Gateway Development
 
Continuous integration
Continuous integrationContinuous integration
Continuous integration
 
Distributed Development, Centralised Delivery - SAGrid Jenkins + CVMFS
Distributed Development, Centralised Delivery - SAGrid Jenkins + CVMFSDistributed Development, Centralised Delivery - SAGrid Jenkins + CVMFS
Distributed Development, Centralised Delivery - SAGrid Jenkins + CVMFS
 
Sa grid application inventory 36
Sa grid application inventory 36Sa grid application inventory 36
Sa grid application inventory 36
 
Paerip chain-becker-10-11-2011
Paerip chain-becker-10-11-2011Paerip chain-becker-10-11-2011
Paerip chain-becker-10-11-2011
 

Recently uploaded

EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noidabntitsolutionsrishis
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 

Recently uploaded (20)

EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 

Trusted Configurations for e-Infrastructure Deployment

  • 1. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Trusted confiuratons for UMD deployments Bruce Becker, EGI Operatons  bruce.becker@eii.eu  @brusisceddu  brucellino 0000-0002-6607-7145
  • 2. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Outline ● Ansible in the UMD path to producton ● A style guide for EGI – What makes our roles ‘ours’ ? – How can we trust each others’ work ? ● Tests and Infrastructure Specifcatons ● Collaboraton and re-usability
  • 3. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Ansible in the UMD path to producton ● We used to have a unique* confguraton management tool – YAIM ● YAIM solved at least two problems : – Confguraton Management : single place in which to express the desired confguraton state – Deployment : executable means to achieve the state ● UMD products slowly dropped YAIM, favouring one or other tool for confguraton management : – Puppet – Ansible
  • 4. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Site confiuraton manaiement – too many optons ? ● Sites are now freer to choose how to confgure and deploy middleware ● The choice of tool comes down to local expertse and historical preferences ● Support for debugging confguraton issues however becomes harder – community tends to split into ‘if you use this tool, change this variable… oh, sorry you use other tool, can’t help.’ ● Given that there is no objectve measure by which one tool is beter than another, can we fnd a way to support each other? ● IE, does a site admin really have to understand the internals of Puppet or Ansible to confgure the middleware at their site ?
  • 5. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Ansible or Puppet – does it mater ? ● It is difcult to say why Ansible or Puppet have the following they have in certain environments. ● There are design and ecosystem consideratons which suit diferent scenarios beter in each case ● Both can be used to achieve contnuous, correct deployment ● So : does it mater to the site admin whether a product expresses a preference for either ? I hazard that it should not. ● UMD deployment should be a conservatve force : – End states should not depend on the path taken to get there
  • 6. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Many tools : Why ? Pair proirammini ● First of : Confguraton code is code. Treat it as such. ● Pair programming allows collaboraton and quality code review. ● If both tools should achieve the same state for a given middleware product, we should be able to review each others’ work. ● But they are diferent languages and paradigms? How can we review each others’ work ? – Focus on paterns instead of specifc implementaton – Collaborate on the objectve measures of quality – ie the fnal result
  • 7. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Why ? Cross-validated deployments ● Why are there 4 experiments looking for the Higgs ? ● There are always biases and assumptons in deployment and confguraton scenarios – these make their way into the code for deployment. ● They implicitly exclude certain use cases or scenarios ● Cross-validatng deployments with diferent tools tends to surface these assumptons and force us to confront them. ● A good goal would be to achieve consistent deployments from a given state, regardless of the means to achieve it.
  • 8. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Why ? : A healthy ecosystem ● Reliance on a single tool and tribal knowledge around it is not a good sign ● Healthy ‘inter-breeding’ of ideas from slightly diferent ways of doing things will probably lead to beter health of the UMD ecosystem and whatever proceeds it. ● We can teach paterns and skills rather than tools – these are useful to industry (beter employability) but also makes it easier for us as a community to atract talent
  • 9. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu EGI in the Ansible universe : the EGI Style Guide ● Ansible is simple but powerful IT automaton – really temptng to just solve problems and be done with it. ● However, this same power leads to massive divergence in the way in which problems are solved, making it difcult to trust that other peoples’ work will work for you. ● e.g. you fnd a role for confguring CREAM : – Will it respect my local setup ? – Does it do the network confguraton ? – Who maintains this ? – Is it even correct ?
  • 10. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Objectve measures ● Step 1 : A Style Guide  EGI-Foundaton/ansible-style-guide ● Expresses opinions on : – Documentng roles – Ansible syntax in roles – Testng role scenarios, testng tools – Role release and publicaton – Collaboratng with code ● Read more : brucellino.github.io/blog/Ansible-Style-Guide ● WIP : egi-foundaton.github.io/ansible-style-guide/
  • 11. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Ansible Style Guide rôle Skeleton ● When creatng new roles, one typically uses ansible-galaxy init <role name> ● The default has several important bits ‘missing’ which are necessary for engendering re-use and trust : – Issue and PR templates, contributng guide, links to EGI support structures – Relevant platorms which EGI supports in meta.yml – Properly-generated .travis.yml – Proper webhooks on build-passing to galaxy.ansible.com ● ansible-galaxy init --role-skeleton=ansible-style- guide/egi-galaxy-skeleton high-performance-grid-cloud
  • 12. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Objectve measures ● Step 2 : A compliance profle  EGI-Foundaton/ansible-fashion-police ● We implement controls (using Inspec) for: – Automated testng – GitHub repository confguraton – Role Metadata – Role Skeleton
  • 13. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu One role, many scenarios ● The underlying platorm is changing – clouds, vms, DMZs, containers, etc ● The confguraton tool should not enforce a partcular executon environment, but should express the middleware product appropriately in the respectve environment ● We need to mock and test various producton environments
  • 14. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Can we apply traditonal TDD to Infrastructure ? ● Molecule provides a general-purpose mock and testng framework for Ansible roles ● Allows developer to defne many deployment scenarios and test against them : ● Easiest is to test in Docker, but can test against OpenStack or bare-metal scenarios, from given startng points
  • 15. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu TDD for Ansible roles
  • 16. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Infrastructure Models and Specifcatons ● Remember : ‘’UMD deployment should be a conservatve force’’ ● We should be able to model deployments independently of the tool used...
  • 17. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Infrastructure Models and Specifcatons brucellino.iithub.io/bloi/Style-Guide-In-Acton
  • 18. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Beter use of infrastructure : Ansible Galaxyy
  • 19. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Beter use of infrastructure : Ansible Galaxyy
  • 20. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Beter use of infrastructure : Quay ● CI on Travis pushes to Quay on build-passing : – artefacts immediately available for re-use in subsequent steps of the pipeline ● Something similar could be done for VMS (push to AppDB) ● Vulnerabilites and obsolete packages immediately visibile – Can open issues against the repo automatcally
  • 21. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu DevSecOps – thanks clair
  • 22. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu Collaboraton and re-usability ● Putting development into context with a solid foundaton and objectve measures makes it easier for operatons to trust the results thereof. ● Both Dev and Ops can agree on the fnal state of the service in given scenarios ● Clear case for following TDD and BDD using relevant tools (TestInfra, Inspec, Cucumber) ● Issues in the fnal state can be traced back to code if there is an unbroken pipeline between commit and deploy.
  • 23. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu DevOps ● For us to achieve DevOps and support many more deployment scenarios - – Small sites with few staf, in known scenarios – Unmanned deployments – Diferent deployment platorms ● … we need product teams and infrastructure engineers to collaborate … – Peer review, pull requests, infrastructure specs, documentaton ● … not on the code of the product itself, but the pipeline for delivering that product in a viable state to the producton environment ● Close links with the ‘lightweght’ sites work from CERN and SKA HPC ecosystem sites in Africa.
  • 24. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu In summary : ● UMD confguratons should be put through the same rigourous testng as UMD products ● Having more than one tool to achieve producton states is good, as long as there is a community of practce in EGI around those tools ● A community of practce is expressed in the EGI Ansible Style Guide, along with a compliance profle. ● Allows those wantng to – develop infrastructure components to do so smoothly and collaboratvely – Operate infrastructure components to do so with confdence
  • 25. Bruce Becker | EGI Operations Team | bruce.becker@egi.eu links ● Style Guide, Compliance profle, Quay Org, Ansible Galaxy ● Website – egi-foundaton.github.io/ansible-style-guide ● Testng tools – Molecule : molecule.readthedocs.io – TestInfra : testnfra.readthedocs.io – Inspec : www.inspec.io – Cucumber : cucumber.io ● Blogs : – ‘E-Infrastructure Components that are built to last’ – ‘Style Guide in Acton’