Upload File

treating load balancer configuration like code

46
1 TREATING LOAD BALANCER CONFIGURATION LIKE CODE Presented By: Jesse Mauntel 11/01/2022 SAN DIEGO DEVOPS MEETUP 1

Upload: maunteljw

Post on 15-Aug-2015

154 views

Category:

Technology


3 download

Report

TRANSCRIPT

  1. 1. 1 TREATING LOAD BALANCER CONFIGURATION LIKE CODE Presented By: Jesse Mauntel 6/19/2015SAN DIEGO DEVOPS MEETUP 1
  2. 2. 2 WHO AM I? Operations Engineer whos been in the industry 15+ years and has an extreme dislike for configuration drift, system snowflakes, manual administration, and time pirates. @maunteljw devopslove.blogspot.com github.com/jmauntel 6/19/2015SAN DIEGO DEVOPS MEETUP 2
  3. 3. 3 AGENDA So whats the problem? iRule Tester Object cloner & orphan object audit Self-service website redirects 6/19/2015SAN DIEGO DEVOPS MEETUP 3
  4. 4. 4 SO WHATS THE PROBLEM? Work in a world of poorly written iRules Little to no testability of iRules Code promotion process that requires a human to manually make iRule changes for each environment 6/19/2015SAN DIEGO DEVOPS MEETUP 4
  5. 5. 5 CHALLENGES The current iRule logic includes environment-specific definitions in the logic, which makes promotion of whole iRules through environments impossible 6/19/2015SAN DIEGO DEVOPS MEETUP 5
  6. 6. 6 EXAMPLE acme-qa-irule: # Force sensitive acmeCommerce traffic to SSL if { [class match [HTTP::uri] starts_with acmeCommerce-qa-class] } { HTTP::redirect https://[HTTP::host][HTTP::uri] # Send requests for Acme Information to the information tier } elseif { [HTTP::uri] starts_with "/AcmeInformation/"} { pool acmeInformation-qa-pool } 6/19/2015SAN DIEGO DEVOPS MEETUP 6
  7. 7. 7 CHALLENGES iRule changes are made by hand in all environments, which is error-prone 6/19/2015SAN DIEGO DEVOPS MEETUP 7
  8. 8. 8 EXAMPLE acme-dev-irule: # Force sensitive acmeCommerce traffic to SSL if { [class match [HTTP::uri] starts_with acmeCommerce-dev-class] } { HTTP::redirect https://[HTTP::host][HTTP::uri] acme-qa-irule: # Force sensitive acmeCommerce traffic to SSL if { [class match [HTTP::uri] starts_with acmeCommerce-dev-class] } { HTTP::redirect https://[HTTP::host][HTTP::uri] 6/19/2015SAN DIEGO DEVOPS MEETUP 8
  9. 9. 9 CHALLENGES Creating new environments is a manual, time-consuming, and tedious process bleh 6/19/2015SAN DIEGO DEVOPS MEETUP 9
  10. 10. 10 EXAMPLE acme-dev-irule: # Send all URIs that begin with /Website/ to acmeWeb pool } elseif { [HTTP::uri] starts_with "/Website/" } { pool acmeWeb-dev-pool acme-qa-irule: # Send all URIs that begin with /Website/ to acmeWeb pool } elseif { [HTTP::uri] starts_with "/Website/" } { pool acmeWeb-qa-pool 6/19/2015SAN DIEGO DEVOPS MEETUP 10
  11. 11. 11 CHALLENGES Existing iRules do not have functional tests, so there is no guarantee that a change to an iRule won't break other pre- existing logic 6/19/2015SAN DIEGO DEVOPS MEETUP 11
  12. 12. 12 EXAMPLE acme-dev-irule: # Send all URIs that begin with /Website/ to acmeWeb pool } elseif { [HTTP::uri] starts_with "/Website/" } { pool acmeWeb-dev-pool > # Send store location details page to content tier > } elseif { [HTTP::uri] contains "storelocation" } { > pool acmeContent-dev-pool # Send REST requests to acmeAPI tier } elseif { ([HTTP::uri] starts_with "/rest/storelocation/allstores") } { pool acmeAPI-dev-pool 6/19/2015SAN DIEGO DEVOPS MEETUP 12
  13. 13. 13 SOLUTIONS TO CHALLENGES Revisited The current iRule logic includes environment-specific definitions in the logic, which makes promotion of whole iRules through environments impossible 6/19/2015SAN DIEGO DEVOPS MEETUP 13
  14. 14. 14 SOLUTION EXAMPLE New iRule standards require environment detection for variable assignment and environment-agnostic logic github.com/jmauntel/irule-standards 6/19/2015SAN DIEGO DEVOPS MEETUP 14
  15. 15. 15 SOLUTIONS TO CHALLENGES Revisited iRule changes are made by hand in all environments, which is error-prone 6/19/2015SAN DIEGO DEVOPS MEETUP 15
  16. 16. 16 SOLUTION EXAMPLE Since all new iRule logic is environment- agnostic, environments no longer use copies of iRules, but rather the exact same iRule Also, because iRule logic is identical in all environments, automated promotion is now possible 6/19/2015SAN DIEGO DEVOPS MEETUP 16
  17. 17. 17 SOLUTION EXAMPLE (CONT) ltm virtual acme-dev-vs { rules { acmeVars-1.0.0-irule acme-1.0.0-irule insertPoolCookie-1.0.0-irule } } ltm virtual acme-qa-vs { rules { acmeVars-1.0.0-irule acme-1.0.0-irule insertPoolCookie-1.0.0-irule } } 6/19/2015SAN DIEGO DEVOPS MEETUP 17
  18. 18. 18 SOLUTIONS TO CHALLENGES Revisited Creating new environments is a manual, time-consuming, and tedious process 6/19/2015SAN DIEGO DEVOPS MEETUP 18
  19. 19. 19 SOLUTION EXAMPLE acmeVars-1.0.0-irule: # Assign environment if { [IP::local_addr] equals "10.0.0.50" } { set my_env "prd" } elseif { [IP::local_addr] equals "10.254.1.136" } { set my_env "qa" } else { [IP::local_addr] equals "10.254.1.137" } { set my_env "dev" } # Pool definitions, sorted alphabetically if { $my_env equals "prd" } { set acmeWeb-pool "acmeWeb-prd-pool" } elseif { $my_env equals "qa" } { set acmeWeb-pool "acmeWeb-qa-pool" } else { $my_env equals "dev" } { set acmeWeb-pool "acmeWeb-dev-pool" } 6/19/2015SAN DIEGO DEVOPS MEETUP 19
  20. 20. 20 SOLUTION EXAMPLE (CONT) acmeVars-1.0.0-irule (applied to acme-dev-vs) # Send all URIs that begin with /Website/ to acmeWeb pool } elseif { [HTTP::uri] starts_with "/Website/" } { pool ${acmeWeb-pool} acmeVars-1.0.0-irule (applied to acme-qa-vs) # Send all URIs that begin with /Website/ to acmeWeb pool } elseif { [HTTP::uri] starts_with "/Website/" } { pool ${acmeWeb-pool} 6/19/2015SAN DIEGO DEVOPS MEETUP 20
  21. 21. 21 SOLUTIONS TO CHALLENGES Revisited Existing iRules do not have functional tests, so there is no guarantee that a change to an iRule won't break other pre- existing logic 6/19/2015SAN DIEGO DEVOPS MEETUP 21
  22. 22. 22 SOLUTION EXAMPLE After searching online and not finding an existing iRule testing tool, I wrote one irule-tester is written in Bash and leverages Curl to make web requests, and then validates that the response matches an expectation github.com/jmauntel/irule-tester 6/19/2015SAN DIEGO DEVOPS MEETUP 22
  23. 23. 23 IRULE TESTER 6/19/2015SAN DIEGO DEVOPS MEETUP 23
  24. 24. 24 IRULE TESTER: OVERVIEW Written in Bash and uses Curl for requests Has simple and extended testing modes Supports multiple output formats, including TAP All tests are stored in source control Changes to any test are validated with Jenkins 6/19/2015SAN DIEGO DEVOPS MEETUP 24
  25. 25. 25 IRULE TESTER: JENKINS INTEGRATION Tests are executed after any change in source, or at least daily Test failures notify the team via email Tests are executed before and after iRule changes in all environments 6/19/2015SAN DIEGO DEVOPS MEETUP 25
  26. 26. 26 IRULE TESTER DEMO 6/19/2015SAN DIEGO DEVOPS MEETUP 26
  27. 27. 27 F5 OBJECT CLONER 6/19/2015SAN DIEGO DEVOPS MEETUP 27
  28. 28. 28 F5 OBJECT CLONER So if Im versioning iRules and data groups now, is there an easy way to clone them? Copy/paste is error-prone and lame 6/19/2015SAN DIEGO DEVOPS MEETUP 28
  29. 29. 29 F5 OBJECT CLONER I wrote a utility for that Clones iRules and data-groups on a single F5 unit or between two different units github.com/jmauntel/f5-utils 6/19/2015SAN DIEGO DEVOPS MEETUP 29
  30. 30. 30 F5 OBJECT CLONER Usage: clone-object.sh -o {data-group,rule} -s -d -S -D -d destination object name -D destination F5 -o object type -s source object name -S source F5 All arguments are REQUIRED Example: # clone-object.sh o data-group s UserIPs-1.0.0-class d UserIPs-1.1.0-class S 10.0.0.1 D 10.0.0.1 6/19/2015SAN DIEGO DEVOPS MEETUP 30

Citrix NetScaler Load Balancer Configuration for Cisco ...€¦ · Citrix NS: appliance Edition: Citrix NetScaler 1000v (10.1 Build 125.8)€ The information in this document was

Balancer - Chicago Pneumatic

05_ Load Balancer

Web Server Load Balancer

Load Balancer Administration Satish Viswanatham · Satish Viswanatham. 2 Agenda • Overview • GlassFish Clustering • HTTP Load balancer Plug-in • A Simple Configuration •

LiPo Balancer - Bauanleitung

Magnetic Propeller Balancer

Application Load Balancer

Load Balancer Guide

SIP Balancer User Guide

Cisco Load Balancer SAP

F5 Load Balancer

E-WorkBook White Paper - Load Balancer Rules... · 2019-09-13 · E-WorkBook White Paper – Load Balancer Configuration Page 7 of 16 4 Load Balancer Configuration This section describes

CERN IT Department CH-1211 Genève 23 Switzerland PES 1 Ermis service for DNS Load Balancer configuration HEPiX Fall 2014 Aris Angelogiannopoulos,

harmonic balancer illustrations

Load Balancing MinIO Server · Load Balancer Configuration Operating Mode The load balancer is deployed at Layer 7. This mode offers high performance and requires no configuration

Citrix NetScaler Load Balancer Configuration - Cisco · Citrix NetScaler Load Balancer Configuration • IntroductiontoCitrixNetScalerLoadBalancer,page1 • BasicConfiguration,page4

CEMB C29 Wheel Balancer

TEST DRIVE - ctlabsn.blob.core.windows.net... · FORTINET TEST DRIVE FOR MICROSOFT AZURE GUIDE 5 CONFIGURATION Azure Load Balancer All traffic coming from outside of …

Balancer HW 113(Eng)

Load Balancer Elb Dg

Load Balancer Administration

Wheel Balancer Accessories

Scalabilitydelara/courses/ece1779/handouts/Scalability.pdfTutorial ! Step 5: Create a EC2 security group and a load balancer ! Step 6: Create a launch configuration ... memcached !

TPI Pocket Balancer

BALANCER - FERSENMODUL GEBRAUCHSANWEISUNG · 2019-12-11 · BALANCER medial und lateral gleichmäßig abgeschliffen werden. Um dies zu vereinfachen, wurden beim BALANCER medial wie

«Phone Balancer Hologramm» - zentralsonne.at · Beim Phone Balancer handelt es sich augenscheinlich um eine mehrschichtige Folie, wobei ... Phone Balancer Hologramm Seite 7 Mag

DHIS 2 System Administration guide · 2.11.3 Redis shared data store cluster configuration 2.11.4 Files folder configuration 2.11.5 Load balancer configuration 2.12 Analytics cache

Broom Balancer

Spring Balancer

DHIS 2 System Administration guide · 2.10.3 Redis shared data store cluster configuration 2.10.4 Files folder configuration 2.10.5 Load balancer configuration 2.11 Analytics cache

3.3 Load Balancer

DYNEX Vortex Balancer v4

Red Hat Enterprise Linux 7 Load Balancer Administration system /rhel/Red_Hat_Enterprise... · Red Hat Enterprise Linux 7 Load Balancer Administration ... Building a Load Balancer

Basculer se balancer