When your configuration management is too slow to reconfigure your infra

Kris Buytaert@krisbuytaert

Kris Buytaert

I used to be a Dev,

Then Became an Op

Chief Trolling Officer and Open Source Consultant @inuits.eu

Everything is an effing DNS Problem

Building Clouds since before the bookstore

Organising too many confs , #devopsdays, #loadays, #cfgmgmtcamp ...

Evangelizing devops

#devops=~C(L)AMS

Culture

(Lean)

Automation

Monitoring and Measurement

SharingDamon Edwards and John Willis

Gene Kim

Infrastructure as Code

Infrastructure as Code

Treat configuration automation as code

Development best practicesModel your infrastructure

Version your cookbooks / manifests

Test your cookbooks/ manifests

Dev/ test /uat / prod for your infra

Model your infrastructure

A working service = automated ( Application Code + Infrastructure Code + Security + Monitoring )

IAC -ne scripting

3 types of files

Part of a packagerpm -qf

Managed by configuration management tools### This file is managed by ..

User generated data Actual user data

Logs ..

Idempodent Infrastructure

Configuration management ensures state

Periodically,

Repeatedly,

Manual changes are reverted

Puppet for CfgMgmt

Puppet is opensource,

Puppet makes your infra idempodent,

Puppet scales,

Puppet runs every X minutes, or

Puppet is triggered on demand

A puppetrun takes between 3s and 10min

Typical Arch

Puppet master

Puppet agents

Puppetdb

Stored Configs and Exported resources

Sometimes,

That's not fast enough.Think adding new nodes to a loadbalanced setup

Removing nodes from a load balanced setup

Exported Resource + Collected resource roundtrip is to slow

Sometimes,

That's not enough.Containrz spinning up faster than nodes

AWS, when you don't want AWS LockIn

Cattle

In a not so distant future

People will build small minimal function applications that constantly talk to eachother

They will want to know where the other applications live

They will want to register their applications and broadcast that to their peers

So you want service registration of your healthy (containerized) applications ?

Consul.io

Consul.io

Service discovery

Failure detection

Using Gossip build on top of Serf

Random node 2 node communication

A HashiCorp project

Setting up

List members

Defining a Service

Query Services

Yama

Yet another Mcollective Alternative

git@github.com:solarkennedy/puppet-consul.git

Puppet-consul

Consul_template

Dynamically refils your templates based on changes in consul

Performs actions you define

Go Template format

Puppet-consul_template

git@github.com:KrisBuytaert/puppet-consul_template.git

Might be merged into the puppet-consul module

Puppetize

Live demo

Live Demo

3 nodes

1x Nginx template rewritten by consul

2x apache

Monitoring_plugins based check

Vagrantproject :

Other use cases

Monitoring + Alerting

Service registration

Other approaches

HaProxy ?

LinuxHA / Corosync / .... ?

Zookeeper

Etcd

Remember idempotence

Consul seemed instable

Puppet using old ruby json lib

Writing of json config was not idempodent

Reconfiguring consul every single time

Fixed now.

Contact

Kris Buytaert Kris.Buytaert@inuits.be

Further Reading@krisbuytaert http://www.krisbuytaert.be/blog/http://www.inuits.be/

Inuits

Duboistraat 502060 AntwerpenBelgium891.514.231

+32 475 961221