network automation at shapeways
TRANSCRIPT
Network Automation at ShapewaysDecember 6th, 2016
Carl Caum: Sr. Technical Marketing Manager at Puppet
Martín Beauchamp: Site Reliability Engineer at Shapeways
Paul Hortiatis: Site Reliability Team Lead at Shapeways
Speakers
Every company is a software company.
It feels like a breaking point.
Change is necessary.
We help great companies:Become great software companies
Deliver fantastic experiences to their usersProvide better software, faster
And do it simply, at scale and securely
Automate for speed, reliability and security
Define with a common language
Gain situational awareness
Orchestrate change intelligently
Ensure security & compliance
What’s needed to deliver and operate modern software simply, at scale and securely
Across devices, through the stack
Define with a common language
● Easy to read, understand, write & share
● Write once, use everywhere
● Testing built in
● No code clobbering
● Choose from thousands of free modules, backed by a vibrant ecosystem
Standard way for teams to deliver and operate software
Puppet code example
Gain situational awareness
● Real-time change visibility
● Unique dependency visualizations
● Continual drift monitoring and reporting
● Audit and compliance reporting
● Built-in, custom and 3rd party visualizations
Know exactly what is going on with all your software
Event inspection in Puppet Enterprise
Cumulus Linux
Cumulus Linux
Native Linux Operating Model
Robust Hardware Ecosystem
Extensible Automation Ready
Cumulus Linux is a native Linux Network OS that is deeply rooted in Debian.
Network Management with Puppet and Cumulus LinuxManage switches like servers
Networking before DevOps
Siloed Teams Siloed tools and processes
Slow collaboration and limited information
sharing
Different processes and tasks for provisioning vs
ongoing management
Siloed, slow, and costly
Networking with Puppet
Unified teams
Puppet’s common language and tooling provides a single source
of truth to enable IT teams to unify the way they work
Unified processes
Making changes that span network and compute are made with the same change process
and tools.
Unified and efficient
Increased collaboration
Anyone can contribute to the infrastructure code base and
anyone can see how any part of the infrastructure is being
managed.
Unify Day 1 to Day 100
The same code that provisions the switch configuration also continuously monitors and
remediates the configuration.
The Automation Advantage
Ordering/Delivery
Days/Weeks Hours/Days(Manual)
ProductionPhysical Install
Ordering/Delivery ProductionPhysical Install
ONIEBoot
CLInstall
Agent PullInstall Config
Manually Install
Manually Configure
The New Way
Seconds/Minutes (Automated)
Days/Weeks
The Traditional Way
Ordering/Delivery Production
Ordering/Delivery Production
AutomatedConfigure
AutomatedInstall(ONIE BOOT)
Continuous
DriftManagement
DriftManagement
Manual/Custom
A 3D printing marketplace where you can design, make, buy and sell amazing products
Challenges
● Limited networking team size
● Fast evolving infrastructure - networking wasn’t always top priority
● Vendor hardware wasn’t suitable for rapid change or didn’t have the desired capabilities
17
Goals
● Manage the network like we manage our servers
● Leverage existing Linux expertise
● Cultivate DevOps culture
●Reliability
● Scalability
18
Why Puppet
● Maturity of the solution
● Existing knowledge
● Flexibility
19
Why Cumulus Linux
● It was Linux, and we know Linux
● Well supported by other tools already in place
● Improved reliability with Routing on the Host
● Network agility and lower risk of change
Cumulus’ Linux based OS and wide range of hardware support meant we could use the expertise we already had to have a successfully managed network.
20
Remove Operational Complexity
● Puppet code is portable between environments
● Puppet modules house reusable abstractions for underlying system configurations
● Puppet modules provide simple interfaces with controls we care about
● OS differences are handled behind the abstraction interface
● Hiera and data bindings enable simplified interfaces
Puppet enables us to build abstractions to complex implementations so we can focus on the controls we care about and reuse the implementation in as many places as necessary.
21
How We Did It
22
● Automated network topology is generated, starting with the network leafs (servers)
● Children configure their parent
● In-house developed build script builds the connection configuration for the switch
"swp49": parent: "r1-spine" port: "swp1" "swp50": parent: "r2-spine" port: "swp1"
p2p1: parent: r3-leaf-a port: swp44p3p1: parent: r3-leaf-b port: swp44
p2p1: parent: r3-leaf-a port: swp43p3p1: parent: r3-leaf-b port: swp43
p2p1: parent: r3-leaf-a port: swp42p3p1: parent: r3-leaf-b port: swp42
"swp49": parent: "r1-spine" port: "swp1""swp50": parent: "r2-spine" port: "swp1"
The Rollout
● Rolled out with a datacenter migration● The second datacenter went smoother
because we codified what we learned from the first migration
23
Gotchas
● Don’t assume that networking works the same between similar OSes, or even different versions of the same OS
● Don’t take on too much at once● Finish and validate your current
change before moving on to the next one
24
The DevOoops
Where Are We Now?
● Puppet manages all of our switches
● Network configs are versioned in Git and proposed changes get team review
● Our network is fast and reliable
25
Questions?
