EC2 to VPC with Chefand some other CI stuff...

+

About

● Leading online grocery store in Singapore.

● Proprietary Ecommerce platform

● `redmart10` for 10% off. :)

EC2 to VPC

EC2 to VPC - Goals

● Automate our infrastructure.● Security● Maintain (or improve) workflow● Migrate with zero downtime

Security ☐

VPC

● Public Subnets● Private Subnets● Gateway● NATs

VPC InfraPublic Subnet10.0.0.0/24

Private10.0.1.0/24

Frontend,ELBs

Backend,Api, Servicesetc.

GatewayInternet. Mostly cats.

HOP

Mongo(Ecom)

Mongo(Fulfillment)

RedMart VPC (10.0.0.0/16)

Scale/ERP

Scale DB

Private (10.0.2.0/24)

Why VPC - without

● Securityo Security groups

Node

Why VPC - With

● Securityo Security groupso Network ACLso Route Tableso VPN

● Easier to manageo Intra VPCo External

NodeNode Node Node

Gatewayor

NAT

Security ☑Maintain (or improve) Workflow ☐

Workflow 1 - Deployment

1. Code2. Push to git3. Relax

Developer

1. Transfer Artifacts to S3

Push

Build

Fail

Pass

Emails, Slack

SSH

Chef Server

`sudo chef-client`

Download

2. Get nodes, SSH

Workflow 2 - Bootstrapping

1. Clone boilerplate project repo2. Clone boilerplate cookbook & role

3. knife create server -r “role[shiny_new_app]”4. Code!

1. Transfer Artifacts to S3

Chef ServerDevOps

`sudo chef-client`

Bootstrap

Download

Developer

1. Transfer Artifacts to S3

Push

Build

Fail

Pass

Send Emails

SSH

Chef ServerDevOps

`sudo chef-client`

Bootstrap

Download

2. Get nodes, SSH

Travis process

1. Tests and Builds your project2. If success:

o Uploads project to S3o Finds nodes relevant to your project (chef search)o Triggers `chef-client` on relevant nodes

Chef Process

1. Bootstrapping a node `knife bootstrap`

a. creates a server with specified role & environment

2. Converging a node `sudo chef-client`

a. role based recipe eg. recipe[golden_admin]

b. redmart deployment recipe eg. recipe[base_redmart::deploy]

i. download artifacts based from s3ii. extractiii. run start script eg. eg. `sh /ci/start.sh`

iv. symlink release

Everyone deploys the same way.

Security ☑Maintain (or improve) Workflow ☑

Migrate with zero downtime ☐

Stateful services

● Mongo (superfun)● Redis● Rabbitmq (not really stateful)

Mongo with six hosts

Apps

private

Apps

VPC Internet

public

Redis Daisy chaining

● Crucial to ensure user sessions not losto slaveof IPADDRESSo slave-read-only no

private

VPC Internet

public

Rabbitmq

● Keep alive till queues die out.

Apps

private

Apps

VPC Internet

public

Non stateful apps

● sudo chef-client● Hooray for chef!

DDay

● Duplicate version of entire redmart.com in VPC.o chef.redmart.como chefapi.redmart.com

● Change DNS of everything in public subnet● TTL!

Security ☑Maintain (or improve) Workflow ☑

Migrate with zero downtime ☑

… Cache busted!

● Full chef-client takes - 1min● 3 nodes deployed sequentially - 3 mins● Deploying one node at a time not okay.● Cache busting on Backbone.js apps

Solution: parallel triggering of chef & specific deployment recipe - 5 secs

What’s worked for us

● Infra as code is awesome● One command to deploy is awesome● Chef search is awesome● Chef for entire lifecycle (bootstrap +

deployment) is awesome

Thank you

We’re hiring! - redmart.recruiterbox.comWe now have bread! - redmart.comSlides - slideshare.net/riteshangural