AWS Meetup Presentation Automation... · 2015. 9. 24. · ©"2015"Entrust"Datacard"Corporation."...

© 2015 Entrust Datacard Corporation. All rights reserved.© 2015 Entrust Datacard Corporation. All rights reserved.

AWS Automation

CloudFormation & Beyond

Daryl RobbinsSr. Cloud Architect

© 2015 Entrust Datacard Corporation. All rights reserved.

ABOUT ENTRUST DATACARD

2


CLOUD SERVICES ENABLEMENT

3

Source: HTTP://XKCD.COM/974/

We’re enablers:

Goal:Make use of automation and the cloud to enable scalabilityand new service offerings

We will save you time in the long run!


ANSIBLE ON-PREM AT ENTRUST DATACARDInterested Groups Use Case(s)

Professional Services • Standardized and repeatable delivery for customers• Creation of demonstration environments on customer premises

Managed Services • Standardized and repeatable deployments for our PKI suite

Operations • Automated deployments, configuration management of infrastructure

• Identified need for automation in several groups

• These groups often provision and configure environments daily.

• If we save just one hour of administration time per new environment, over 5 years:

• 2 months of real time is saved

• That’s about 200 business days.Source: HTTP://XKCD.COM/1205/


USING ANSIBLE ACROSS THESE GROUPS

5

• Some products today do not offer silent installation options– Currently leveraging the Ansible “expect” module for screen scraping (with modifications to suit our deployment process)

• Many products today need to be deployed into different clouds – New service offerings are “Cloud First” – Amazon deployment is necessary– Existing service offerings are in our Private Cloud – Ansible modules have been written to more easily orchestrate deployment into such an environment. Ansible enables a hybrid approach through role reuse across environments

Ansible Core Components (v1.9)

Customized vSphere Provisioner Module

Customized “Expect” Module

entsh Module supersh Module

Customized UI


WHAT WERE WE TRYING TO SOLVE?

6

• Allow a Sales Engineer to easily provision and manage environments for prospects– Setup process should be completely automated• Leverage shared infrastructure layer of AWS managed services


CUSTOM MANAGEMENT UI

7


CUSTOM MANAGEMENT UI

8

xyz.com


WHY ANSIBLE?Factors DescriptionDeployment Simple agentless executionSecurity All communication over SSH, no additional s/w

on instanceLearning Simple YAML syntax, Great documentationAuditability Scripts are easily understandable by an auditorExtensibility Easy to extend with python scripts in playbook

directory treeProductivity High. Straightforward scripts with minimal

boilerplateScalability Reasonably scalable to 1000’s of nodes or

more w/o controller

9


DEPLOYMENT MODELS

10

Controller

NodeNode

Node Node

Node Node

ssh ssh ssh

ELB

On-‐Premise Cloud


MY CLOUD PHILOSOPHY

11

• No server hugging– Instances aren’t given unique names, only tagged with their role• Temporary relatively short-lived instances– If it fails, start a new one– If you need to upgrade, it’s often easier to start a new one• Stateless– Allows for maximal scaling– Keep state in AWS managed services (DynamoDB, RDS, ElastiCache, …)• Don’t manage your own infrastructure– Use AWS SaaS offerings whenever possible– Easy to overlook the cost of managing your own infrastructure


APPLICATION STACK

12

A B C D E

Shared DB 1 Shared DB 2

Network


LIMITATIONS OF CLOUD FORMATION• JSON format– Not very human friendly to write• No iteration and limited conditional support• Managing dependencies between templates– Tieing together inputs/outputs is not directly supported• Limited ability to adjust stack based on dynamic conditions• Not very business user-friendly (even with Service Catalog)– No good way to calculate and provide default values without exposing them to the user

13


HOW DO WE OVERCOME THESE LIMITATIONS?

14

• Ansible– Leveraging customized version of CloudFormation module (see links)• Protects your stack from accidental teardown

– Allows you to orchestrate your CloudFormation templates– Can write CloudFormation in YAML format instead– Generate Cloudformation templates using Jinja2 templates• Improved conditional support• Iteration• Calculation/evaluation• Dynamic values

– Tie together templates using a custom lookup


AUTOMATION STACK

15

Ansible

CloudFormation

Ansible

API

Management UI

Instance

Stack

Orchestration


EXPOSING AUTOMATION TO THE BUSINESS

16

• Abstract automation to business level– Automatically select intelligent defaults for low level parameters• Orchestrate process using AWS API and parameterizable Ansibleplaybooks


Dive into Automation Scripts


LINKS

18

• Custom Version of Ansible CloudFormation Module– https://github.com/mschurenko/ansible_cloudformation.git


Questions?

AWS Meetup Presentation Automation... · 2015. 9. 24. · ©"2015"Entrust"Datacard"Corporation."...

Documents

Transcript of AWS Meetup Presentation Automation... · 2015. 9. 24. · ©"2015"Entrust"Datacard"Corporation."...