DEV TO DELIVERY WITH PUPPET SAM BASHTON, BASHTON LTD
Dec 13, 2014
DEV TO DELIVERY WITHPUPPET
SAM BASHTON, BASHTON LTD
HOW DID WE GET HERE?Previously:
Devs built stuffLater, Ops came and built production infrastructure
This caused many IT problemsThe solution?
OPSVELOPMENT
DEVOPS
WHAT IS DEVOPS REALLY?Devs doing Ops?Ops 'coding' infrastructure?Automating things?Word that recruiters use without understanding anythingabout it?
WHAT IS DEVOPS?BE EXCELLENT TO EACH OTHER
WHAT DOES THAT MEAN INPRACTICE?
WHAT IS OPS?Working as part of a team to build a reliable environment
WHAT IS DEV?Working as part of a team to build a reliable environment
BEING GOOD AT DEVFollow 'The Twelve Factor App' - http://12factor.net/
BEING GOOD AT OPSProvide consistency across all environments - includinglocal devProvide developers the means to understand what ishappeningProvide as much visibility of everything to everybody
PEP20'Simple is better than complex''Complex is better than complicated'http://legacy.python.org/dev/peps/pep-0020/
PROVIDING VISIBILITYAll infrastructure work (Puppet, CloudFormation, etc)should be checked in to a repository available to thewhole team (Devs + Ops)Make it easy to see and search logs from all environmentsGive as many people as possible access to these logs
DEVELOPMENT
WHAT AND WHY?Development environments need to match production asclosely as possibleBuilds confidence that something working in dev will workin production
PUPPET EVERYWHEREPuppet should be used everywhere in the dev anddeployment process
ProductionStagingIntegration environmentsTest environmentsLocal dev machines
PUPPET CONFIG DOGMAThe same Puppet manifests and modules should bedeployable to all environments without any modification
PUPPET CONFIG DOGMAif statements in manifests are a 'bad smell' and should beavoided as much as possible
PUPPET APPLICATIONCONFIG DOGMA
Separate config files per environment are a 'bad smell' tooAvoid manifests that look like below:
Make it easy to 'miss' replicating things betweenenvironments, or make mistakes
file { '/etc/nginx/nginx.conf': source => "puppet:///localmodules/data/nginx/${hostname}.conf",}
VAGRANTBuilds virtual machines from Puppet manifestsMakes it easy to spin up short-lived dev instancesQuick to get working
Avoid ops being a blocker for dev
VAGRANT + DOCKERReduce dev environment spin-up timeDocker makes it easier to create more realisticenvironmentsDocker images for drop-in use with Vagrant available: https://github.com/BashtonLtd/docker-vagrant-images
BETTER MATCH LIVEENVIRONMENTS
ONE SET OF MANIFESTS,MANY ENVIRONMENTS
Different environments need different configResource locationsSettings
DEALING WITH DIFFERINGENVIRONMENTS
HieraAllows separation of logic from dataPut anything that differers by environment in a separatefileCombine with custom facts
HIERA.YAML:hierarchy: - env/%{envname} - services/%{service} - common
CUSTOM FACTS IN VAGRANT config.vm.provision :puppet do |puppet| puppet.manifests_path = "puppet/manifests" puppet.manifest_file = "site.pp" puppet.module_path = ["puppet/localmodules","puppet/modules"] puppet.hiera_config_path = "puppet/hiera.yaml" puppet.facter = { "envname" => "vagrant", "service" => "web", } end
CUSTOM FACTS ON MACHINESDrop a file into /etc/facter/facts.d
service=webenvname=stage
HIERA IN ACTIONenv/vagrant.yaml:
web::hostname: vagrantdev.local
env/stage.yaml:web::hostname: stage.example.com
HIERA IN ACTIONcommon.yaml:
postfix::server::relayhost: '[mailtrap.io]:2525'
env/live.yaml:postfix::server::relayhost: 'email-smtp.eu-west-1.amazonaws.com:587'
PRODUCTION
'WORKED IN DEV'Devs and ops need the right data to be able to debugIf only ops have access the the data, how much can devsreally help?
PROVIDING VISIBILITYMetrics and Service HealthLoggingDashboards
METRICS AND SERVICEHEALTH
SensuHealth checksCollection of statistics and export to Graphite
CENTRALISED LOGGINGVariety of approaches availableLogstashGraylog2
GRAYLOG2Simple to get up and runningPuppet module available: https://forge.puppetlabs.com/graylog2/graylog2
VISIBILITYDashboards show (near) realtime metrics let everyone seethe current state of the systemDon't just include system data - business metrics addcontext