Habitat by ChefTrevor Hess, Customer ArchitectJessica DeVita, Evangelist

AgendaState of the WorldAn Overview of HabitatHow Habitat Makes Containers BetterDemoQuestions & Answers

Product SoftwareDevelopment

QualityAssurance

Operations Security

RUN

TIM

E Grid PaaS Containers & Discovery Traditional Applications

INFR

ASTR

UCT

URE

Bare Metal Virtualization Cloud & IaaS OS

Application Delivery

Containers

Cloud & IaaS

PaaS

New World Infrastructure/Architecture

Data Services

VMs

Applications

VMs

Data Services

Container Schedulers

The reality of modern architectures

AWS ECS

Google Container EngineFor

Containers

For Traditional Applications

Standard Bank pushed an idea from commit to deploy in 18 minutes with Chef

Focus on SpeedMeasuring the rate of software change

HIGH ITPERFORMERS

MEDIUM IT PERFORMER

SLOW IT

PERFORMERS

On-demand Week - Month Month – 6 Month

< 1 Hour Week - Month Month - 6 month

USE CASES INCLUDE:▪Application Delivery▪Build Pipelines

DEPLOYMENT FREQUENCY

TIME FROM COMMIT TO DEPLOY

Intuit reduced change failure rate by 90% with Chef

Focus on EfficiencyMeasuring the effectiveness of software change

HIGH ITPERFORMERS

MEDIUM IT PERFORMER

SLOW IT

PERFORMERS

0-15% 16-30% 31-45%

< 1 Hour < 1 Day < 1 Day

USE CASES INCLUDE:▪Configuration

Management▪Server Drift

CHANGE FAILURE RATE

MEAN TIME TO RESOLVE

Equifax easily scans and maintains security policies with Chef

Focus on RiskMeasuring the quality of software change

HIGH ITPERFORMERS

MEDIUM IT PERFORMER

SLOW IT

PERFORMERS

95%+ 25%-95% 0-25%

< 1 Hour Week - Month Month - 6 Months

USE CASES INCLUDE:▪Compliance Automation▪Compliance Coverage

COMPLIANCE TESTING COVERAGE

TIME DEPLOYING REMEDIATION

The Chef Automate PlatformContinuous Automation for High Velocity IT

Workflow • Local development • Integration • Tooling (APIs & SDKs)

COLLABORATE

▪Package▪Test▪Approve

BUILD▪Provision▪Configure▪Execute▪Update

DEPLOY▪Secure▪Comply▪Audit▪Measure▪Log

MANAGE

Infrastructure Automation Compliance AutomationApplication Automation

OSS AUTOMATION ENGINES

Increase Speed▪ Package infrastructure and app

configuration as code▪Continuously automate

infrastructure and app updates

Improve Efficiency▪Define and execute standard

workflows and automation ▪Audit and measure

effectiveness of automation

Decrease Risk▪Define compliance rules as code▪Deliver continuous compliance

as part of standard workflow

How do you...

Build immutable infrastructure but allow last mile Application config changes?

How do you...

Build containers with a Minimum Viable OS?

How do you...

Decouple the application build from the final production ready container?

How do you...

Orchestrate the application launch order & topology required?

15

Application Concerns

OS Concerns

BuildDeployManage

For new and legacy applications.

For stateless and stateful applications

No matter the runtime environment

Habitat’s Approach

Confidential & subject to NDA. Patents Pending.

The solution should be the same:

● Applications: portable & responsible for their own automation● Small OS serves the application ● Make application components aware of each other over a network● Continuous deployment without traditional “ARA”

Current Container Pain

Demo

Starts with a plan

Simple, Native, and Declarativepkg_origin=corepkg_name=redispkg_version=3.2.1pkg_license=('BSD')pkg_maintainer="The Habitat Maintainers <humans@habitat.sh>"pkg_source=http://download.redis.io/releases/${pkg_name}-${pkg_version}.tar.gzpkg_shasum=b2a791c4ea3bb7268795c45c6321ea5abcc24457178373e6a6e3be6372737f23pkg_bin_dirs=(bin)pkg_build_deps=(core/make core/gcc)pkg_deps=(core/glibc)pkg_svc_run="redis-server $pkg_svc_config_path/redis.config"pkg_expose=(6379)do_build() { make}

plan.sh

Low abstraction

Complete dependencies

Declare services

Simple functions

https://github.com/docker-library/redis/blob/master/3.2/Dockerfile

https://github.com/docker-library/redis/blob/master/3.2/Dockerfile

Clean room environmentSafe by default

Installs dependences

Built in a studio

How do you...

Decouple the application build from the final production ready container?

Provide a “DSL” to describe the application build(plan.sh), and provide an isolated environment

(studio) to build the application artifact (Habitat Package).

Central locationPublicly hosted

Lightweight channels

Stored in a depot

SERVICESUPERVISOR

SERVICESUPERVISOR

SERVICESUPERVISOR

SERVICESUPERVISOR

USER ARTIFACT

How we do itPackaging Applications

Running Applications

Confidential & subject to NDA. Patents Pending.

PLAN DEPOT

DEPOT ARTIFACT

BARE METAL

CONTAINERS

AMI

VM

Easy patternShortcuts

Increasing specificity

Installed by hab

Binaries and ConfigMetadata

Side-by-side

Packages Contain

Install automaticallyKeep things running

Manage configuration

Supervisors run services

Print config options12-Factor style

Externally enforced

Environment configuration

More flexible than environmentUniversal location

Externally enforced

File configuration

How do you...

Build immutable infrastructure but allow last mile Application config changes?

Ship the config along side an immutable application artifact. Provide a supervisor to dynamically update

the config based on environment or service discovery.

Supervisors form a ring

Peers

Service Groups

Gossip

Availability increases with

scale

Supervisors provide a REST API

External Actors

Health and Status

Supervisor Debugging

Supervisors support topologies

Dynamic configuration

Service group level

Uses the ring

Supervisors provide update strategies

Topology aware

Tracks views in the depot

Ideal for Continuous

Delivery

How we do it

LEADER

INITIALIZER

STAND ALONE

Topologies Update StrategyRunning Applications

Confidential & subject to NDA. Patents Pending.

SERVICESUPERVISOR

SERVICESUPERVISOR

SERVICESUPERVISOR

SERVICESUPERVISOR

SERVICESUPERVISOR

SERVICESUPERVISOR

“ALL AT ONCE”

ARTIFACT DEPOT

SERVICESUPERVISOR

How do you...

Orchestrate the application launch order & topology required?

Provide config aware, autonomous, self-organizing peers (supervisors) with built in

topologies for clustering strategies.

What if you could defer

infrastructure decisions until

runtime?

DockerACI

Mesosphere

Post-process packages

Habitat + Containers

● Container formats recreate the traditional model of infrastructure and applications.

● Poor at abstracting the Build + Run aspects of Applications

Libraries

Operating System

ApplicationApplication &

Libraries

● Habitat builds containers from the application down

● Small lightweight OS included● Embedded Supervisor for

Application Management

Application Libraries

How do you...Build containers with

the Minimum Viable OS?

Allow applications to declare their runtime dependencies, and resolve those

dependencies from the application to the infrastructure.

Operable Application Containers•Isolated•Immutable•Configurable•Common interface for monitoring health•Rebuild from source•Common packaging•Runtime Independence

Automation travels with the application

Existing & Cloud Native Software

Application Automation

It’s all open source

Apache License

What the modern application team getsDevelopers, System Administrators, CIOs; Enterprise and Tech Innovators

▪Runs the same way in any environment

▪Management travels with the application; no drift

▪Autonomous and self-organizing

▪Legacy and Greenfield

▪Lets the enterprise modernize without re-writing the world

▪Faster to build, easier to deploy, safer to manage

▪Easiest way to deploy containers and microservices in production

▪Developers can focus on building great applications

▪Systems Administrators can focus on how those applications should behave

▪Gives both a language they can share, with clear boundaries

Simplification Acceleration Empowerment

Confidential & subject to NDA. Patents Pending.

Habitat Community

• Join the Habitat Slack Team - http://slack.habitat.sh/ • Work through the tutorial at https://www.habitat.sh/tutorials/• Explore Habitat packages on the depot - https://app.habitat.sh/• Explore the Habitat projects - https://github.com/habitat-sh • Read Habitat Blog posts - https://blog.chef.io/?s=habitat • Join the Habitat Forums - https://forums.habitat.sh/

Habitat’s technology

Confidential & subject to NDA. Patents Pending.

● Describes how to build the software

● Explicit about dependencies

● Includes what is configurable about the application

● Built in service discovery

● Self-organizes into topologies

● Handles inter-service discovery through binding

● Has no single point of failure

BUILD DEPLOY MANAGE● Encrypted,

authenticated run-time configuration

● Automatic, safe, atomic software updates

● Dynamic topology updates

SERVICESUPERVISOR

SERVICESUPERVISOR

SERVICESUPERVISOR

SERVICESUPERVISOR

SERVICESUPERVISOR

SERVICESUPERVISOR

How we do itSecurity

PUB KEY

SYMMETRIC ENCRYPTION

LOAD BALANCER

Build Service

BUILD SERVICE

USER SECRET PAYLOADS

SERVICESUPERVISOR

SERVICESUPERVISOR

SERVICESUPERVISOR

SERVICESUPERVISOR

SERVICESUPERVISOR

SERVICESUPERVISOR

ARTIFACTPLAN DEPOT

Confidential & subject to NDA. Patents Pending.