infrastructure = code - 1 year later
TRANSCRIPT
Infrastructure = Code1 year later
Christian OrtnerFINDOLOGIC GmbH
Y though?
● Automate setup / deployment
● Reduce human error
● Fail, fix, test, repeat
The DevOps Good
● Dev and Ops are inseparable these days
● Installing Dependencies, configuring stack
● Reduce friction and latency
● Understand deployment complexity
● No more local changes on servers
Our stack
Prod
Ansible
---
- hosts: webservers
tasks:
- name: ensure apache is at the latest version
yum: name=httpd state=latest
- name: write the apache config file
template: src=/srv/httpd.j2 dest=/etc/httpd.conf
notify:
- restart apache
- name: ensure apache is running (and enable it at boot)
service: name=httpd state=started enabled=yes
handlers:
- name: restart apache
service: name=httpd state=restarted
Docker
FROM php:7-apache
MAINTAINER Georg M. Sorst <[email protected]>
COPY index.php /var/www/html/
Vagrant
Vagrant.configure(2) do |config|
config.vm.box = "ubuntu/xenial64"
config.vm.network "forwarded_port", guest: 80, host: 8080
config.vm.provision "ansible" do |ansible|
ansible.playbook = "playbook.yml"
end
end
Test 0.1
Dev
Test
1 year later
● Much learning
● Server Setup from 2 days to 20 minutes
● For fun and profit
The Ansible good
● There’s a role for that
● Frequent updates
● Automated testing
Integration testing
HTTP
Integration testing
HTTP
Integration testing
HTTP
- name: Upload mock data copy: src: test/mock.json dest: /tmp/mock.json
- name: Provide mock data using a web server container docker_container: image: tobilg/mini-webserver name: mock_server volumes: - '/tmp:/app/public:ro' state: started become: yes
- name: Get IP from web server container command: docker inspect --format '{% raw %}{{ .NetworkSettings.IPAddress }}{% endraw %}' mock_server register: mock_server_server_ip_address
- name: Start application under test docker_container: image: findologic/my-app env: data_url: '{{ mock_server_ip_address }}:80'
- name: Ensure that mock data was fetched command: docker logs mock_server become: yes register: mock_server_logs failed_when: 'mock.json' not in mock_server_logs.stdout
- name: Check that app uses mock data uri: url: http://localhost register: app_output failed_when: 'something' not in app_output.content
- name: Destroy web server container docker_container: name: mock_server state: absent become: yes
The Bad
● Docker in Docker in Docker
● Migrating existing servers
● better start fresh
● Test, fail, fix cycle is slow
● tag tasks to speed up
● printf debugging
The Bad
● Yaml syntax errors
● Networking, routing, repo access, VPN, SSL
The awesome
● Automated builds
● Integration testing
● Mock dependencies with Docker containers
● Takes some time to figure out
● Great test harness for Ansible roles
The LOL
{{ string }} * 1000000 -> buffer overflow wait_for, timeout < delay
Bottom line
● It’s fun
● It’s productive