Post on 30-Nov-2014
description
EC2 to VPC with Chefand some other CI stuff...
+
About
● Leading online grocery store in Singapore.
● Proprietary Ecommerce platform
● `redmart10` for 10% off. :)
EC2 to VPC
EC2 to VPC - Goals
● Automate our infrastructure.● Security● Maintain (or improve) workflow● Migrate with zero downtime
Security ☐
VPC
● Public Subnets● Private Subnets● Gateway● NATs
VPC InfraPublic Subnet10.0.0.0/24
Private10.0.1.0/24
Frontend,ELBs
Backend,Api, Servicesetc.
GatewayInternet. Mostly cats.
HOP
Mongo(Ecom)
Mongo(Fulfillment)
RedMart VPC (10.0.0.0/16)
Scale/ERP
Scale DB
Private (10.0.2.0/24)
Why VPC - without
● Securityo Security groups
Node
Why VPC - With
● Securityo Security groupso Network ACLso Route Tableso VPN
● Easier to manageo Intra VPCo External
NodeNode Node Node
Gatewayor
NAT
Security ☑Maintain (or improve) Workflow ☐
Workflow 1 - Deployment
1. Code2. Push to git3. Relax
Developer
1. Transfer Artifacts to S3
Push
Build
Fail
Pass
Emails, Slack
SSH
Chef Server
`sudo chef-client`
Download
2. Get nodes, SSH
Workflow 2 - Bootstrapping
1. Clone boilerplate project repo2. Clone boilerplate cookbook & role
3. knife create server -r “role[shiny_new_app]”4. Code!
1. Transfer Artifacts to S3
Chef ServerDevOps
`sudo chef-client`
Bootstrap
Download
Developer
1. Transfer Artifacts to S3
Push
Build
Fail
Pass
Send Emails
SSH
Chef ServerDevOps
`sudo chef-client`
Bootstrap
Download
2. Get nodes, SSH
Travis process
1. Tests and Builds your project2. If success:
o Uploads project to S3o Finds nodes relevant to your project (chef search)o Triggers `chef-client` on relevant nodes
Chef Process
1. Bootstrapping a node `knife bootstrap`
a. creates a server with specified role & environment
2. Converging a node `sudo chef-client`
a. role based recipe eg. recipe[golden_admin]
b. redmart deployment recipe eg. recipe[base_redmart::deploy]
i. download artifacts based from s3ii. extractiii. run start script eg. eg. `sh /ci/start.sh`
iv. symlink release
Everyone deploys the same way.
Security ☑Maintain (or improve) Workflow ☑
Migrate with zero downtime ☐
Stateful services
● Mongo (superfun)● Redis● Rabbitmq (not really stateful)
Mongo with six hosts
Apps
private
Apps
VPC Internet
public
Redis Daisy chaining
● Crucial to ensure user sessions not losto slaveof IPADDRESSo slave-read-only no
private
VPC Internet
public
Rabbitmq
● Keep alive till queues die out.
Apps
private
Apps
VPC Internet
public
Non stateful apps
● sudo chef-client● Hooray for chef!
DDay
● Duplicate version of entire redmart.com in VPC.o chef.redmart.como chefapi.redmart.com
● Change DNS of everything in public subnet● TTL!
Security ☑Maintain (or improve) Workflow ☑
Migrate with zero downtime ☑
… Cache busted!
● Full chef-client takes - 1min● 3 nodes deployed sequentially - 3 mins● Deploying one node at a time not okay.● Cache busting on Backbone.js apps
Solution: parallel triggering of chef & specific deployment recipe - 5 secs
What’s worked for us
● Infra as code is awesome● One command to deploy is awesome● Chef search is awesome● Chef for entire lifecycle (bootstrap +
deployment) is awesome
Thank you
We’re hiring! - redmart.recruiterbox.comWe now have bread! - redmart.comSlides - slideshare.net/riteshangural