emc world 2016 - code.02 introduction to immutable infrastructure

1© Copyright 2016 EMC Corporation. All rights reserved. 1© Copyright 2016 EMC Corporation. All rights reserved.

INTRODUCTION TO IMMUTABLE INFRASTRUCTUREJONAS ROSLAND, EMC {code}

4© Copyright 2016 EMC Corporation. All rights reserved.

• What are we trying to solve?• How is immutable infrastructure different?• Tools and processes• Demo• Questions

AGENDA

5© Copyright 2016 EMC Corporation. All rights reserved.

• Updating an application means:– Shutting it down– Taking a backup of the app and its settings– Upgrading using packages and scripts– Starting the app and verify functionality

• Costly and error-prone• Rolling back is hard and time-consuming

TRADITIONAL APPROACH FOR APPLICATIONS

6© Copyright 2016 EMC Corporation. All rights reserved.

• Updating an infrastructure part means:– Taking a backup of its settings– Shutting it down– Upgrading using packages and scripts– Starting the system and verify functionality

• Costly and error-prone• Rolling back is hard and time-consuming

TRADITIONAL APPROACH FOR INFRA

7© Copyright 2016 EMC Corporation. All rights reserved.

There must be a better way!

8© Copyright 2016 EMC Corporation. All rights reserved.

Let’s introduceImmutable Infrastructure

9© Copyright 2016 EMC Corporation. All rights reserved.

A strategy for managing services in which infrastructure is divided into

DATA and EVERYTHING ELSE

10© Copyright 2016 EMC Corporation. All rights reserved.

EVERYTHING ELSE is replacedat every deployment rather than being

updated in-place

11© Copyright 2016 EMC Corporation. All rights reserved.

• Use layers for your infrastructure and applications• Each layer needs to be versioned• Versioning enables verification/control and rollback• Smart tools enables automated code checks,

inventory management, deployments and rollbacks

SO HOW WOULD THIS WORK?

12© Copyright 2016 EMC Corporation. All rights reserved.

• Full control over every version that gets deployed• No more snowflake servers• No more “I wonder if this has the right Java version”

AVOID CONFIGURATION DRIFT

13© Copyright 2016 EMC Corporation. All rights reserved.

ScaleIO

CentOS

Python App

Ruby App Java App

14© Copyright 2016 EMC Corporation. All rights reserved.

ScaleIO 2.0

CentOS 6.5

Python App

v10.2

Ruby Appv2.3

Java Appv1.4

15© Copyright 2016 EMC Corporation. All rights reserved.

ScaleIO 2.0

CentOS 7

Python App

v10.2

Ruby Appv2.3

Java Appv1.4

16© Copyright 2016 EMC Corporation. All rights reserved.

ScaleIO 2.0

CentOS 7

Python App

v10.3

Ruby Appv2.4

Java Appv1.5

17© Copyright 2016 EMC Corporation. All rights reserved.

• Use standardized methods for packaging applications with their requirements– Containers– PaaS systems– Configuration management systems

• They are all being used in production environments world-wide, there’s no reason for you to not use them

LAYERS – APPLICATIONS

18© Copyright 2016 EMC Corporation. All rights reserved.

• You need something to run your app on• Handle the OS as a static binary• Got a new Windows/Linux update?

Update the template you’re using!• Create OS images for all your needs

– VM templates– Vagrant boxes– AWS AMIs– OpenStack images

LAYERS – OPERATING SYSTEM

19© Copyright 2016 EMC Corporation. All rights reserved.

• Tools like Puppet, Chef, Ansible etc are used to “bake” the OS images• Can be used to create immutable objects such as

container images with your applications• Not used to modify running systems

CONFIGURATION MGMT CAVEAT

20© Copyright 2016 EMC Corporation. All rights reserved.

• Firmware/software plus configuration• If you have to click somewhere to enable settings

that cannot be pushed onto it, the system isn’t ready• Most physical appliances are not built for this, yet• Use DHCP as much as possible for easy network

management

LAYERS – SOFTWARE-DEFINED INFRA

21© Copyright 2016 EMC Corporation. All rights reserved.

RackHD

22© Copyright 2016 EMC Corporation. All rights reserved.

• Always create new versions when you’re changing something• Otherwise you have nothing to roll back to• Only roll out versioned changes!• For real, don’t even think of adding that small little

change to a live system• Store all changes in a version control system!

VERSIONING

23© Copyright 2016 EMC Corporation. All rights reserved.

• Write the small change somewhere, creating a new version• Test it• If it passes, roll it out in the correct way depending

on the layer in question• If it fails, try again with another incremental small

change

VERSIONING, CONTINUED

24© Copyright 2016 EMC Corporation. All rights reserved.

• App A requires Java, doesn’t specify version• You bake a CentOS 6.5 OS with Java 1.7• Deploy the app, it fails• You create a new version, CentOS 7 with Java 1.8• Deploy the app, it works• Roll out CentOS 7 with Java 1.8

EXAMPLE OF VERSIONING AND TESTING

25© Copyright 2016 EMC Corporation. All rights reserved.

• App A is in a container• You bake a CentOS 7 OS with Docker• Deploy the containerized app, it works• You create a new version of the app• A new container is built• Deploy the container, it works

EXAMPLE OF CONTAINER BASED DEPLOYMENT

26© Copyright 2016 EMC Corporation. All rights reserved.

• Knowing what’s deployed at all times is critical when lowering deployment failure rates• No one likes to be stuck at work for an entire

weekend and then roll back on Sunday night because of unforeseen issues• Having version control lets you know exactly what’s

deployed

CONTROL

27© Copyright 2016 EMC Corporation. All rights reserved.

So what tools can youuse to accomplish this?

28© Copyright 2016 EMC Corporation. All rights reserved.

• Containers (Docker, Rkt, LXC)– Put an application and its requirements in a container, then

you can deploy it thousand fold with consistent result• PaaS systems (Cloud Foundry, Deis, Heroku)

– Takes your code and automatically adds the defined versions of requirements, then runs it for you

• Configuration management systems– Puppet, Chef, Ansible, Salt– Can be used to create container images (remember the

caveat)

TOOLS - APPLICATIONS

29© Copyright 2016 EMC Corporation. All rights reserved.

FROM python:2.7.11

RUN mkdir /app

WORKDIR /app

COPY * .

RUN pip install -r requirements.txt

EXPOSE 5000

CMD [ "python", "./simple.py" ]

EXAMPLE – PYTHON APP IN A CONTAINER

30© Copyright 2016 EMC Corporation. All rights reserved.

• “Baking” images is critical to make sure you don’t have configuration drift (Packer)• Configuration management systems

– There to make sure services and OS settings are correctly applied in the baked image

• Deployment (RackHD, Terraform, Vagrant)– Deploying an OS is now seen as standard fare, not

something just done once

TOOLS – OPERATING SYSTEM

31© Copyright 2016 EMC Corporation. All rights reserved.

EXAMPLE – BAKING WORKFLOW

ISO Packer

VMTemplate

AWSImage

OpenStack ImageConfig Puppet

Terraform

VMware

AWS

OpenStack

Version controlledVersion controlled

Version controlled

Version controlled

Version controlled

Version controlled Version controlledVersion controlled

Version controlled

Version controlled

Version controlled

32© Copyright 2016 EMC Corporation. All rights reserved.

33© Copyright 2016 EMC Corporation. All rights reserved.

34© Copyright 2016 EMC Corporation. All rights reserved.

resource "vsphere_virtual_machine" ”docker-host-12" { name = “docker-host-01“ domain = “corp.local“ datacenter = “DC-02" cluster = “Cluster-03" vcpu = 4 memory = 32768 disk { datastore = “XTREMIO-04" template = "templates/docker-1.10-centos-7.0-x86_64” iops = 10000 } gateway = “192.168.1.1" network_interface { label = “CORP-LAN" ip_address = “192.168.1.112" subnet_mask = “255.255.255.0" }}

EXAMPLE – DEPLOYMENT OF DOCKER 1.10

35© Copyright 2016 EMC Corporation. All rights reserved.

resource "vsphere_virtual_machine" ”docker-host-12" { name = “docker-host-01“ domain = “corp.local“ datacenter = “DC-02" cluster = “Cluster-03" vcpu = 4 memory = 32768 disk { datastore = “XTREMIO-04" template = "templates/docker-1.11-centos-7.0-x86_64” iops = 10000 } gateway = “192.168.1.1" network_interface { label = “CORP-LAN" ip_address = “192.168.1.112" subnet_mask = “255.255.255.0" }}

EXAMPLE – DEPLOYMENT OF DOCKER 1.11

36© Copyright 2016 EMC Corporation. All rights reserved.

• Deployment– RackHD, Puppet, Chef, Ansible– VMware Auto Deploy, Arista Zero Touch Provisioning

• Monitoring– Sensu, Prometheus, Zabbix, Nagios

• Logging– Logstash, Splunk, Fluentd

TOOLS – SOFTWARE-DEFINED INFRA

38© Copyright 2016 EMC Corporation. All rights reserved.

• Immutable infrastructure lets you version control your datacenter• Rollbacks are now really just new deployments• Enables you to create layers and use the best tools

for different purposes• Testable and reliable, no more snowflakes

SUMMARY

39© Copyright 2016 EMC Corporation. All rights reserved.

Before opening up for questions

40© Copyright 2016 EMC Corporation. All rights reserved.

• Hands-on lab with Docker, Mesos and REX-Ray• Free stickers at our booth• Join our community at community.emccode.com• See all our projects at emccode.com• And follow us on Twitter @EMCcode

CONTINUE THE DISCUSSION

41© Copyright 2016 EMC Corporation. All rights reserved.

Data Persistence in the New Container WorldWednesday 3PM

Joshua BernsteinVP of Technology for ETD

Tobi Knaup CEO & Co-Founder of Mesosphere

Guru Session

42© Copyright 2016 EMC Corporation. All rights reserved.

@EMCcode@jonasrosland

emccode.comcommunity.emccode.com

Come visit us at Booth #1044 or in the vLab

Questions?

44© Copyright 2016 EMC Corporation. All rights reserved. 44© Copyright 2016 EMC Corporation. All rights reserved.