socal devops meetup 1/26/2017 - habitat by chef
TRANSCRIPT
Habitat by ChefTrevor Hess, Customer ArchitectJessica DeVita, Evangelist
AgendaState of the WorldAn Overview of HabitatHow Habitat Makes Containers BetterDemoQuestions & Answers
Product SoftwareDevelopment
QualityAssurance
Operations Security
RUN
TIM
E Grid PaaS Containers & Discovery Traditional Applications
INFR
ASTR
UCT
URE
Bare Metal Virtualization Cloud & IaaS OS
Application Delivery
Containers
Cloud & IaaS
PaaS
New World Infrastructure/Architecture
Data Services
VMs
Applications
VMs
Data Services
Container Schedulers
The reality of modern architectures
AWS ECS
Google Container EngineFor
Containers
For Traditional Applications
Standard Bank pushed an idea from commit to deploy in 18 minutes with Chef
Focus on SpeedMeasuring the rate of software change
HIGH ITPERFORMERS
MEDIUM IT PERFORMER
SLOW IT
PERFORMERS
On-demand Week - Month Month – 6 Month
< 1 Hour Week - Month Month - 6 month
USE CASES INCLUDE:▪Application Delivery▪Build Pipelines
DEPLOYMENT FREQUENCY
TIME FROM COMMIT TO DEPLOY
Intuit reduced change failure rate by 90% with Chef
Focus on EfficiencyMeasuring the effectiveness of software change
HIGH ITPERFORMERS
MEDIUM IT PERFORMER
SLOW IT
PERFORMERS
0-15% 16-30% 31-45%
< 1 Hour < 1 Day < 1 Day
USE CASES INCLUDE:▪Configuration
Management▪Server Drift
CHANGE FAILURE RATE
MEAN TIME TO RESOLVE
Equifax easily scans and maintains security policies with Chef
Focus on RiskMeasuring the quality of software change
HIGH ITPERFORMERS
MEDIUM IT PERFORMER
SLOW IT
PERFORMERS
95%+ 25%-95% 0-25%
< 1 Hour Week - Month Month - 6 Months
USE CASES INCLUDE:▪Compliance Automation▪Compliance Coverage
COMPLIANCE TESTING COVERAGE
TIME DEPLOYING REMEDIATION
The Chef Automate PlatformContinuous Automation for High Velocity IT
Workflow • Local development • Integration • Tooling (APIs & SDKs)
COLLABORATE
▪Package▪Test▪Approve
BUILD▪Provision▪Configure▪Execute▪Update
DEPLOY▪Secure▪Comply▪Audit▪Measure▪Log
MANAGE
Infrastructure Automation Compliance AutomationApplication Automation
OSS AUTOMATION ENGINES
Increase Speed▪ Package infrastructure and app
configuration as code▪Continuously automate
infrastructure and app updates
Improve Efficiency▪Define and execute standard
workflows and automation ▪Audit and measure
effectiveness of automation
Decrease Risk▪Define compliance rules as code▪Deliver continuous compliance
as part of standard workflow
How do you...
Build immutable infrastructure but allow last mile Application config changes?
How do you...
Build containers with a Minimum Viable OS?
How do you...
Decouple the application build from the final production ready container?
How do you...
Orchestrate the application launch order & topology required?
15
Application Concerns
OS Concerns
BuildDeployManage
For new and legacy applications.
For stateless and stateful applications
No matter the runtime environment
Habitat’s Approach
Confidential & subject to NDA. Patents Pending.
The solution should be the same:
● Applications: portable & responsible for their own automation● Small OS serves the application ● Make application components aware of each other over a network● Continuous deployment without traditional “ARA”
Current Container Pain
Demo
Starts with a plan
Simple, Native, and Declarativepkg_origin=corepkg_name=redispkg_version=3.2.1pkg_license=('BSD')pkg_maintainer="The Habitat Maintainers <[email protected]>"pkg_source=http://download.redis.io/releases/${pkg_name}-${pkg_version}.tar.gzpkg_shasum=b2a791c4ea3bb7268795c45c6321ea5abcc24457178373e6a6e3be6372737f23pkg_bin_dirs=(bin)pkg_build_deps=(core/make core/gcc)pkg_deps=(core/glibc)pkg_svc_run="redis-server $pkg_svc_config_path/redis.config"pkg_expose=(6379)do_build() { make}
plan.sh
Low abstraction
Complete dependencies
Declare services
Simple functions
https://github.com/docker-library/redis/blob/master/3.2/Dockerfile
https://github.com/docker-library/redis/blob/master/3.2/Dockerfile
Clean room environmentSafe by default
Installs dependences
Built in a studio
How do you...
Decouple the application build from the final production ready container?
Provide a “DSL” to describe the application build(plan.sh), and provide an isolated environment
(studio) to build the application artifact (Habitat Package).
Central locationPublicly hosted
Lightweight channels
Stored in a depot
SERVICESUPERVISOR
SERVICESUPERVISOR
SERVICESUPERVISOR
SERVICESUPERVISOR
USER ARTIFACT
How we do itPackaging Applications
Running Applications
Confidential & subject to NDA. Patents Pending.
PLAN DEPOT
DEPOT ARTIFACT
BARE METAL
CONTAINERS
AMI
VM
Easy patternShortcuts
Increasing specificity
Installed by hab
Binaries and ConfigMetadata
Side-by-side
Packages Contain
Install automaticallyKeep things running
Manage configuration
Supervisors run services
Print config options12-Factor style
Externally enforced
Environment configuration
More flexible than environmentUniversal location
Externally enforced
File configuration
How do you...
Build immutable infrastructure but allow last mile Application config changes?
Ship the config along side an immutable application artifact. Provide a supervisor to dynamically update
the config based on environment or service discovery.
Supervisors form a ring
Peers
Service Groups
Gossip
Availability increases with
scale
Supervisors provide a REST API
External Actors
Health and Status
Supervisor Debugging
Supervisors support topologies
Dynamic configuration
Service group level
Uses the ring
Supervisors provide update strategies
Topology aware
Tracks views in the depot
Ideal for Continuous
Delivery
How we do it
LEADER
INITIALIZER
STAND ALONE
Topologies Update StrategyRunning Applications
Confidential & subject to NDA. Patents Pending.
SERVICESUPERVISOR
SERVICESUPERVISOR
SERVICESUPERVISOR
SERVICESUPERVISOR
SERVICESUPERVISOR
SERVICESUPERVISOR
“ALL AT ONCE”
ARTIFACT DEPOT
SERVICESUPERVISOR
How do you...
Orchestrate the application launch order & topology required?
Provide config aware, autonomous, self-organizing peers (supervisors) with built in
topologies for clustering strategies.
What if you could defer
infrastructure decisions until
runtime?
DockerACI
Mesosphere
Post-process packages
Habitat + Containers
● Container formats recreate the traditional model of infrastructure and applications.
● Poor at abstracting the Build + Run aspects of Applications
Libraries
Operating System
ApplicationApplication &
Libraries
● Habitat builds containers from the application down
● Small lightweight OS included● Embedded Supervisor for
Application Management
Application Libraries
How do you...Build containers with
the Minimum Viable OS?
Allow applications to declare their runtime dependencies, and resolve those
dependencies from the application to the infrastructure.
Operable Application Containers•Isolated•Immutable•Configurable•Common interface for monitoring health•Rebuild from source•Common packaging•Runtime Independence
Automation travels with the application
Existing & Cloud Native Software
Application Automation
It’s all open source
Apache License
What the modern application team getsDevelopers, System Administrators, CIOs; Enterprise and Tech Innovators
▪Runs the same way in any environment
▪Management travels with the application; no drift
▪Autonomous and self-organizing
▪Legacy and Greenfield
▪Lets the enterprise modernize without re-writing the world
▪Faster to build, easier to deploy, safer to manage
▪Easiest way to deploy containers and microservices in production
▪Developers can focus on building great applications
▪Systems Administrators can focus on how those applications should behave
▪Gives both a language they can share, with clear boundaries
Simplification Acceleration Empowerment
Confidential & subject to NDA. Patents Pending.
Habitat Community
• Join the Habitat Slack Team - http://slack.habitat.sh/ • Work through the tutorial at https://www.habitat.sh/tutorials/• Explore Habitat packages on the depot - https://app.habitat.sh/• Explore the Habitat projects - https://github.com/habitat-sh • Read Habitat Blog posts - https://blog.chef.io/?s=habitat • Join the Habitat Forums - https://forums.habitat.sh/
Habitat’s technology
Confidential & subject to NDA. Patents Pending.
● Describes how to build the software
● Explicit about dependencies
● Includes what is configurable about the application
● Built in service discovery
● Self-organizes into topologies
● Handles inter-service discovery through binding
● Has no single point of failure
BUILD DEPLOY MANAGE● Encrypted,
authenticated run-time configuration
● Automatic, safe, atomic software updates
● Dynamic topology updates
SERVICESUPERVISOR
SERVICESUPERVISOR
SERVICESUPERVISOR
SERVICESUPERVISOR
SERVICESUPERVISOR
SERVICESUPERVISOR
How we do itSecurity
PUB KEY
SYMMETRIC ENCRYPTION
LOAD BALANCER
Build Service
BUILD SERVICE
USER SECRET PAYLOADS
SERVICESUPERVISOR
SERVICESUPERVISOR
SERVICESUPERVISOR
SERVICESUPERVISOR
SERVICESUPERVISOR
SERVICESUPERVISOR
ARTIFACTPLAN DEPOT
Confidential & subject to NDA. Patents Pending.