DEV1369BU A Tale of IaaS, Infrastructure as Code, or ... · Continuous Delivery & Deployment 11...

Steve Tegeler, Director SE/TPM Cloud Native Apps@vstegeler

Frank Carta, Consulting Architect, Devops

DEV1369BU

#VMworld #DEV1369

A Tale of IaaS, Infrastructure as Code, and the role of Containers in CI/CD

VMworld 2017 Content: Not fo

r publication or distri

bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

#DEV1369BU CONFIDENTIAL 2



bution

Don’t know what you don’t know

Know that your apps team have CI/CD

Leverage Infrastructure as Code todayVMworld 2017 Content: N

ot for publicatio

n or distribution

4

Not a best practice session!

Highly generic overview of concepts and

mileage (opinions) will definitely vary



bution

IaaS, Infrastructure as Code, and the role of Containers in CI/CD

• Agility & Speed – What the business wants

• CI/CD Continuous [Integration | Development | Deployment]

– Continuous Integration

– Continuous Development

– Continuous Deployment

– Demo – CI/CD

• Role of Infrastructure in CI/CD

• IaaS Options from VMware

– Demo - Infrastructure as Code

• How do containers impact CI/CD?

– Demo/Discussion

5



bution

Agility & Speed

6



bution

Agility/Speed Optimizing Application Development

Streamline Application Release Cycle (CI/CD)

– Infrastructure as Code, Configuration Management, Containers

– Modify CI/CD pipeline to provision infrastructure

– Consistency & frequency reduces difficulty WW

A A

RWW

A A

RWW

A A

R

The Software Factory1

VIO | vRA | Containers

*Monolithic App Dev Unit

Modernize Application Architecture

– Containers, VMs, Stateless/Stateful, Data

– Long Journey or Net-new

– Efficient CI/CD is a prerequisite!

Monolithic* Micro Services2

vSphere Integrated Containers (VIC) | PKS

Test Stage Prod



bution

Continuous Integration | Development | Deploymentof Code

Building a Software “Factory”

8



bution

Continuous Delivery & Deployment

9

Code Development

• Humans write and commit code

Continuous Integration

• Code Merged Together

• Artifact Created

Testing

• Automated

• Manual

Staging

• Mimics Production

• “Final Testing”

Production

• Monitoring and feedback mechanisms

Human:

Go for Production!Continuous Delivery

Continuous Deployment



bution

3. SW Artifact

Typical Continuous Integration (aka Code Integration)

Build/CI

Source Code

Management

Artifact Repository

(bin/jar/ova)

Build / Unit

Tests1. Commit/Check-in

2. Build & Test

…Code Integrated. Now testing & staging….



bution

Test1

Continuous Delivery & Deployment

11

Artifact Repository

(.exe/bin/jar)

Test2 Prod

Staging

Build & Job ProcessesConfiguration

Management

Test3

Continuous

Integration

IaaS

1

2

3

= Hard Coded



bution

DEMO #1Pushing PHP Code to Production

12



bution

Redis DB

Slave

Application Iteration Example – vhobby

Web VM

Redis DB

Master

Router

Test Stage Prod√ X

FirewalledNo Security Firewalled

PHP Code v1 TCP 6379

TCP 6379

TCP 6380

TCP 6380

PHP Code v1.1PHP Code v1.1

Failed at staging because of Firewall

https://github.com/prydin/vhobby



bution

Infrastructure in CI/CD

14



bution

OpsTeams

Network StorageCompute

WW

A A

R

Web

2 VMs, 2CPU, 2GB mem, 10GB disk, RHEL

LoadBalancer

Open 6380, 443

DB

2 VMs 4CPU, 4GB mem, 30GB disk

Open 6380 to web tier

Request Infrastructure

web_instance: webxyz

flavor: m1.small

image: RHEL-x86_64-chef

network: web-net

security: web-sec

quantity: 2

-------<snip>----------

Web-net: web-net

Subnet: 10.10.0.0

Mask: 255.255.255.0

Web-sec: name: web-sec

in: allow: tcp: 22, 443

out: allow: tcp: 6380

Describe Infrastructure

Days & Variability Fast &

Predictable

flavor: m1.small

Cpu: 2

Mem: 2

Disk: 10

Cloud APIs

Infrastructure

“Consumer”

Wait

https://youtu.be/Nk8JCAgmDmg

Long LivedShort Lived

IaaS



bution

16

Infrastructure as Code

is a glorified configuration file.



bution

Evolving Software Delivery

• Current State: Dev ≠ Test ≠ Production. Long Lived infrastructure = infra configuration drift

• Result: Infrastructure variability breaks the software factory

17

WW

A A

R

WW

A A

RWW

A A

RWW

A A

R

Test Stage Prod


flavor: m1.small


network: web-net

security: web-sec

quantity: 2

-------<snip>----------

Web-net: web-net

Subnet: 10.10.0.0

Mask: 255.255.255.0


in: allow: tcp: 22



WW

A A

R

WW

A A

RWW

A A

R


flavor: m1.small


network: web-net

security: web-sec

quantity: 2

-------<snip>----------

Web-net: web-net

Subnet: 10.10.0.0

Mask: 255.255.255.0


in: allow: tcp: 22




flavor: m1.small


network: web-net

security: web-sec

quantity: 2

-------<snip>----------

Web-net: web-net

Subnet: 10.10.0.0

Mask: 255.255.255.0


in: allow: tcp: 22, 443

out: allow: tcp


IaaSVIO | vRA

API

= =



bution

An important concept

18

Configuration Drift is the enemy

Manual (untracked) configurations = less

consistency & predictability



bution

Configuration Management 101

• Maintain configuration consistency in “all the things”

• Install packages, apps, etc.

• Can be complex (think of the OS, then everything else!)

19

Configuration

Management Tools

Linux Kernel 4.2

Management & User-space Tools (Libraries, Additional Software, & Docs)

Application: installation, configuration

Operating System: Packages, patches,

security, configuration, env variables

PHP App Process X



bution

20

Tracking Configuration Changes



bution

Version (Source) Control

• Definition: A system that records changes to a file or set of files over time so that you can recall specific versions later

• Main Benefit: Complete visibility & auditing of all changes

Application v12.34

Application

Code v3.1

Infrastructure

Code v1.2

Configuration

Code v1.7VMworld 2017 Content: N

ot for publicatio

n or distribution

One Use Case forInfrastructure as Code



bution

Infra_v456

IN TCP 443

Infra_v456

IN TCP 443

Infra_v457

IN TCP 443, 22

February

March

April

May

Day 2 Value: Incident, Cause

Security

Incident/Audit

Code Development Infrastructure

Code

diff

Who What When



bution

24CONFIDENTIAL

IaaS Options from VMware

VMware Integrated OpenStack

vRealize Automation

24



bution

OpenStack APIs are Similar to Public Clouds

Nova

Cinder

Swift

Neutron

EBS

EC2

S3

VPC

Compute | Network | Storage

Provides Infrastructure “Primitives”

Cloud APICloud API



bution

Horizon

(web portal)

Nova

(Compute)

Neutron

(Network)

Cinder

(Block Storage)

OpenStack APIs/ SDKs/ CLIs

OpenStack In a Single Slide

OpenStack IaaS Framework

SDNHypervisor Storage

Hardware

30+ additional

projects

Driver/Plugin Driver/Plugin Driver/Plugin

3rd Party or Developer Tools



bution

Horizon

(web portal)

Nova

(Compute)

Neutron

(Network)

Cinder

(Block Storage)

OpenStack APIs/ SDKs/ CLIs


• A simple, stable, upgradable simple IaaS solution

• The same open source bits that any other Defcore compliant distribution uses

• Fixed Virtualization Architecture

– vSphere

– NSX

– VMware Datastores

• Ansible to deploy the exact same way every time

• Patchable/upgradeable

• NO SNOWFLAKES

OpenStack Framework (VIO)

NSXvSphere

VMFS

NFS

VSAN

Hardware

Driver/Plugin Driver/Plugin Driver/Plugin



bution

Heat Template or Terraform

SW Developers

Platform Services

Infrastructure Teams


flavor: m1.small


network: web-net

security: web-sec

quantity: 2

-------<snip>----------

Web-net: web-net

Subnet: 10.10.0.0

Mask: 255.255.255.0


in: allow: tcp: 22

out: allow: tcp: 80, 443



WW

A A

R



bution

30CONFIDENTIAL

IaaS Options from VMware


vRealize Automation

30



bution

“Primitive” Creation

Security Team

Network Team

Compute Images (Virt Team)

Blueprint

SW Developers

Platform Services


flavor: m1.small


network: web-net

security: web-sec

quantity: 2

-------<snip>----------

Web-net: web-net

Subnet: 10.10.0.0

Mask: 255.255.255.0


in: allow: tcp: 22

out: allow: tcp: 80, 443


vRealize Automation – IaaS with Policy/Governance

WW

A A

R



bution

DEMO #2Iterating on the infrastructureChanging security of Web VM and DB VM

32



bution

Redis DB

Slave

Web VM

Application Architecture - Infra as Code Demo

Redis DB

Master

Router

PHP Code v1.0

Infra_Code v1.1

rule

from_port = “6379”

from_port = “6380”

to_port = “6379”

to_port = “6380”

TCP 6380 PHP Code v1.1 Test Stage Prod

TCP 6379



bution

What about Containers?

34



bution

Containers 101

• Configuration Management (Puppet, Chef, Ansible)

– Update/Install Packages

– Installing Middleware

– Install/Run Application

• Chose a distribution & create “gold” templates

• Common Linux KernelLinux Kernel 4.2


Configuration | Application SW

App

Process 1

App

Process 2App

Process n

Standard Linux Host

Photon OS

Challenges

• Long Lived Operating Systems - patching, gold image updates, configuration drift

• Configuration Management Overhead



bution

Linux Kernel 4.2

Linux “Container” Host

Running Applications – Traditional vs. Containers

Linux Kernel 4.2


Configuration | Application SW

App

Process 1

App

Process 2App

Process nContainer 1

Standard Linux Host

Docker

Engine

Photon OS

Tools,

Libs, SW

containerimage built w/Dockerfile

Container n

Tools,

Libs, SW

#docker run containerimage

The “Dockerfile”



bution

Application

Operating System

Physical

Infrastructure

Application

Operating System

Physical

Infrastructure

Containers & VMs in the Stack

Operating System

Virtual Machine

Hardware Abstraction

Container

Operating System Abstraction

Operating System

Virtual Machine

Hardware AbstractionVMworld 2017 Content: Not fo


bution

Containers in CI/CD

40

flavor: m1.small

CPU: 2

Mem: 2

Disk: 10

Cloud APIsIaaS

WW

A A

R

Provisioning of VMs, Networks, Storage,

Security primitives

Manage Configuration: IaC, Config Mgmt


Docker Engine

Photon OS

Container 1

Tools,

Libs, SW

Container 1

Tools,

Libs, SW

Container 1

Tools,

Libs, SW

Container 1

Tools,

Libs, SW

Provisioning of container images, (volumes,

services, etc..)

Mange Configuration with: Dockerfile

CorpNet

Container n

Tools,

Libs, SW

Container n

Tools,

Libs, SW



bution

FROM php:5-apache

RUN apt-get update

RUN apt-get install -y php-pear

RUN pear channel-discover pear.nrk.io

RUN pear install nrk/Predisb-net

Dockerfile/Docker Compose

FROM php:5-apache

RUN apt-get update





Container Host

Docker API

Container Host

Docker API

Container Host

Docker API

Next Evolution of Software Development with Containers

• Infrastructure configuration greatly simplified (Container Host)

• Their endpoint for provisioning can be a docker host

• Dockerfile contains applications and OS dependencies to insure runtime consistency

Test Stage Prod

FROM php:5-apache

RUN apt-get update





Container 1

Tools,

Libs, SW

Container 1

Tools,

Libs, SW

Container n

Tools,

Libs, SW WW

A A

R

Container 1

Tools,

Libs, SW

Container 1

Tools,

Libs, SW

Container n

Tools,

Libs, SW

Container n

Tools,

Libs, SW

Container 1

Tools,

Libs, SW

Container 1

Tools,

Libs, SW

Container n

Tools,

Libs, SW

Container n

Tools,

Libs, SW

Container n

Tools,

Libs, SW



bution

Container Value Proposition in CI/CD

• Simplify operating system configuration with Dockerfile always versioned and tracked

• Configuration management simplified with the Dockerfile

• Well known API endpoint to interact with and publicly available container images

42

What about the container host?VMworld 2017 Content: Not fo


bution

The Container Host

• Ubiquitous, simple, base operating system for all containers to run on – Golden Image

• Still deployed via IaaS and connected to networks, storage, etc.

43


Docker Engine

Photon OS

Container 1

Tools,

Libs, SW

Container 1

Tools,

Libs, SW

Container 1

Tools,

Libs, SW

Container 1

Tools,

Libs, SW

Persistent VOL

datastore

CorpNet

Container n

Tools,

Libs, SW

Container n

Tools,

Libs, SW

You still have an IaaS to

deploy container hosts, but

configuration permutations

will be much less



bution

DEMO/Example #3Dockerfile example

44



bution

Modern Application

Container Host

Application Architecture - Containers

Redis DB

Master

Router

PHP &

Apache

Code v1

Infra_Code

v2.1

Redis Dockerfile

# Expose ports

EXPOSE 6379

Redis DB Contianer v3.1

Redis.conf# Accept connections on the specified port, default is 6379 (IANA

#815344).

# If port 0 is specified Redis will not listen on a TCP socket.

port 6379

Container Host

Redis DB

Slave



bution

Key Takeaways

Platform teams automate infrastructure in public clouds today

Give them the same freedom they get with public clouds

GOAL: Immutable & Repeatable for all things, but start small

Infrastructure as code is incredible way to track all infrastructure changes

46



bution

Additional Content at VMworld

• DEV-2858BU

– The Shift to the Left: The Changing Role of Operations as Developers in a DevOps World

– Happened Monday 1-2pm

• HOL-1821-04

– vRealize Code Stream

• HOL-1830-01

– Containers 101

• HOL-1830-02

– Virtual Container Hosts with vSphere Integrated Containers

• HOL-1831-01

– Kubernetes Basics

47



bution



bution

DEV1369BU A Tale of IaaS, Infrastructure as Code, or ... · Continuous Delivery & Deployment 11...

Documents

Transcript of DEV1369BU A Tale of IaaS, Infrastructure as Code, or ... · Continuous Delivery & Deployment 11...