when traditional configuration management is to slow for your needs
TRANSCRIPT
When your configuration management is too slow to reconfigure your infra
Kris Buytaert@krisbuytaert
Kris Buytaert
I used to be a Dev,
Then Became an Op
Chief Trolling Officer and Open Source Consultant @inuits.eu
Everything is an effing DNS Problem
Building Clouds since before the bookstore
Organising too many confs , #devopsdays, #loadays, #cfgmgmtcamp ...
Evangelizing devops
#devops=~C(L)AMS
Culture
(Lean)
Automation
Monitoring and Measurement
SharingDamon Edwards and John Willis
Gene Kim
Infrastructure as Code
Infrastructure as Code
Treat configuration automation as code
Development best practicesModel your infrastructure
Version your cookbooks / manifests
Test your cookbooks/ manifests
Dev/ test /uat / prod for your infra
Model your infrastructure
A working service = automated ( Application Code + Infrastructure Code + Security + Monitoring )
IAC -ne scripting
3 types of files
Part of a packagerpm -qf
Managed by configuration management tools### This file is managed by ..
User generated data Actual user data
Logs ..
Idempodent Infrastructure
Configuration management ensures state
Periodically,
Repeatedly,
Manual changes are reverted
Puppet for CfgMgmt
Puppet is opensource,
Puppet makes your infra idempodent,
Puppet scales,
Puppet runs every X minutes, or
Puppet is triggered on demand
A puppetrun takes between 3s and 10min
Typical Arch
Puppet master
Puppet agents
Puppetdb
Stored Configs and Exported resources
Sometimes,
That's not fast enough.Think adding new nodes to a loadbalanced setup
Removing nodes from a load balanced setup
Exported Resource + Collected resource roundtrip is to slow
Sometimes,
That's not enough.Containrz spinning up faster than nodes
AWS, when you don't want AWS LockIn
Cattle
In a not so distant future
People will build small minimal function applications that constantly talk to eachother
They will want to know where the other applications live
They will want to register their applications and broadcast that to their peers
So you want service registration of your healthy (containerized) applications ?
Consul.io
Consul.io
Service discovery
Failure detection
Using Gossip build on top of Serf
Random node 2 node communication
A HashiCorp project
Setting up
List members
Defining a Service
Query Services
Yama
Yet another Mcollective Alternative
[email protected]:solarkennedy/puppet-consul.git
Puppet-consul
Consul_template
Dynamically refils your templates based on changes in consul
Performs actions you define
Go Template format
Puppet-consul_template
[email protected]:KrisBuytaert/puppet-consul_template.git
Might be merged into the puppet-consul module
Puppetize
Live demo
Live Demo
3 nodes
1x Nginx template rewritten by consul
2x apache
Monitoring_plugins based check
Vagrantproject :
Other use cases
Monitoring + Alerting
Service registration
Other approaches
HaProxy ?
LinuxHA / Corosync / .... ?
Zookeeper
Etcd
Remember idempotence
Consul seemed instable
Puppet using old ruby json lib
Writing of json config was not idempodent
Reconfiguring consul every single time
Fixed now.
Contact
Kris Buytaert [email protected]
Further Reading@krisbuytaert http://www.krisbuytaert.be/blog/http://www.inuits.be/
Inuits
Duboistraat 502060 AntwerpenBelgium891.514.231
+32 475 961221