Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Steve Tegeler, Director SE/TPM Cloud Native Apps@vstegeler
Frank Carta, Consulting Architect, Devops
DEV1369BU
#VMworld #DEV1369
A Tale of IaaS, Infrastructure as Code, and the role of Containers in CI/CD
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
#DEV1369BU CONFIDENTIAL 2
VMworld 2017 Content: Not fo
r publication or distri
bution
Don’t know what you don’t know
Know that your apps team have CI/CD
Leverage Infrastructure as Code todayVMworld 2017 Content: N
ot for publicatio
n or distribution
4
Not a best practice session!
Highly generic overview of concepts and
mileage (opinions) will definitely vary
VMworld 2017 Content: Not fo
r publication or distri
bution
IaaS, Infrastructure as Code, and the role of Containers in CI/CD
• Agility & Speed – What the business wants
• CI/CD Continuous [Integration | Development | Deployment]
– Continuous Integration
– Continuous Development
– Continuous Deployment
– Demo – CI/CD
• Role of Infrastructure in CI/CD
• IaaS Options from VMware
– Demo - Infrastructure as Code
• How do containers impact CI/CD?
– Demo/Discussion
5
VMworld 2017 Content: Not fo
r publication or distri
bution
Agility & Speed
6
VMworld 2017 Content: Not fo
r publication or distri
bution
Agility/Speed Optimizing Application Development
Streamline Application Release Cycle (CI/CD)
– Infrastructure as Code, Configuration Management, Containers
– Modify CI/CD pipeline to provision infrastructure
– Consistency & frequency reduces difficulty WW
A A
RWW
A A
RWW
A A
R
The Software Factory1
VIO | vRA | Containers
*Monolithic App Dev Unit
Modernize Application Architecture
– Containers, VMs, Stateless/Stateful, Data
– Long Journey or Net-new
– Efficient CI/CD is a prerequisite!
Monolithic* Micro Services2
vSphere Integrated Containers (VIC) | PKS
Test Stage Prod
VMworld 2017 Content: Not fo
r publication or distri
bution
Continuous Integration | Development | Deploymentof Code
Building a Software “Factory”
8
VMworld 2017 Content: Not fo
r publication or distri
bution
Continuous Delivery & Deployment
9
Code Development
• Humans write and commit code
Continuous Integration
• Code Merged Together
• Artifact Created
Testing
• Automated
• Manual
Staging
• Mimics Production
• “Final Testing”
Production
• Monitoring and feedback mechanisms
Human:
Go for Production!Continuous Delivery
Continuous Deployment
VMworld 2017 Content: Not fo
r publication or distri
bution
3. SW Artifact
Typical Continuous Integration (aka Code Integration)
Build/CI
Source Code
Management
Artifact Repository
(bin/jar/ova)
Build / Unit
Tests1. Commit/Check-in
2. Build & Test
…Code Integrated. Now testing & staging….
VMworld 2017 Content: Not fo
r publication or distri
bution
Test1
Continuous Delivery & Deployment
11
Artifact Repository
(.exe/bin/jar)
Test2 Prod
Staging
Build & Job ProcessesConfiguration
Management
Test3
Continuous
Integration
IaaS
1
2
3
= Hard Coded
VMworld 2017 Content: Not fo
r publication or distri
bution
DEMO #1Pushing PHP Code to Production
12
VMworld 2017 Content: Not fo
r publication or distri
bution
Redis DB
Slave
Application Iteration Example – vhobby
Web VM
Redis DB
Master
Router
Test Stage Prod√ X
FirewalledNo Security Firewalled
PHP Code v1 TCP 6379
TCP 6379
TCP 6380
TCP 6380
PHP Code v1.1PHP Code v1.1
Failed at staging because of Firewall
https://github.com/prydin/vhobby
VMworld 2017 Content: Not fo
r publication or distri
bution
Infrastructure in CI/CD
14
VMworld 2017 Content: Not fo
r publication or distri
bution
OpsTeams
Network StorageCompute
WW
A A
R
Web
2 VMs, 2CPU, 2GB mem, 10GB disk, RHEL
LoadBalancer
Open 6380, 443
DB
2 VMs 4CPU, 4GB mem, 30GB disk
Open 6380 to web tier
Request Infrastructure
web_instance: webxyz
flavor: m1.small
image: RHEL-x86_64-chef
network: web-net
security: web-sec
quantity: 2
-------<snip>----------
Web-net: web-net
Subnet: 10.10.0.0
Mask: 255.255.255.0
Web-sec: name: web-sec
in: allow: tcp: 22, 443
out: allow: tcp: 6380
Describe Infrastructure
Days & Variability Fast &
Predictable
flavor: m1.small
Cpu: 2
Mem: 2
Disk: 10
Cloud APIs
Infrastructure
“Consumer”
Wait
https://youtu.be/Nk8JCAgmDmg
Long LivedShort Lived
IaaS
VMworld 2017 Content: Not fo
r publication or distri
bution
16
Infrastructure as Code
is a glorified configuration file.
VMworld 2017 Content: Not fo
r publication or distri
bution
Evolving Software Delivery
• Current State: Dev ≠ Test ≠ Production. Long Lived infrastructure = infra configuration drift
• Result: Infrastructure variability breaks the software factory
17
WW
A A
R
WW
A A
RWW
A A
RWW
A A
R
Test Stage Prod
web_instance: webxyz
flavor: m1.small
image: RHEL-x86_64-chef
network: web-net
security: web-sec
quantity: 2
-------<snip>----------
Web-net: web-net
Subnet: 10.10.0.0
Mask: 255.255.255.0
Web-sec: name: web-sec
in: allow: tcp: 22
out: allow: tcp: 6380
Infrastructure as Code
WW
A A
R
WW
A A
RWW
A A
R
web_instance: webxyz
flavor: m1.small
image: RHEL-x86_64-chef
network: web-net
security: web-sec
quantity: 2
-------<snip>----------
Web-net: web-net
Subnet: 10.10.0.0
Mask: 255.255.255.0
Web-sec: name: web-sec
in: allow: tcp: 22
out: allow: tcp: 6380
Infrastructure as Code
web_instance: webxyz
flavor: m1.small
image: RHEL-x86_64-chef
network: web-net
security: web-sec
quantity: 2
-------<snip>----------
Web-net: web-net
Subnet: 10.10.0.0
Mask: 255.255.255.0
Web-sec: name: web-sec
in: allow: tcp: 22, 443
out: allow: tcp
Infrastructure as Code
IaaSVIO | vRA
API
= =
VMworld 2017 Content: Not fo
r publication or distri
bution
An important concept
18
Configuration Drift is the enemy
Manual (untracked) configurations = less
consistency & predictability
VMworld 2017 Content: Not fo
r publication or distri
bution
Configuration Management 101
• Maintain configuration consistency in “all the things”
• Install packages, apps, etc.
• Can be complex (think of the OS, then everything else!)
19
Configuration
Management Tools
Linux Kernel 4.2
Management & User-space Tools (Libraries, Additional Software, & Docs)
Application: installation, configuration
Operating System: Packages, patches,
security, configuration, env variables
PHP App Process X
VMworld 2017 Content: Not fo
r publication or distri
bution
20
Tracking Configuration Changes
VMworld 2017 Content: Not fo
r publication or distri
bution
Version (Source) Control
• Definition: A system that records changes to a file or set of files over time so that you can recall specific versions later
• Main Benefit: Complete visibility & auditing of all changes
Application v12.34
Application
Code v3.1
Infrastructure
Code v1.2
Configuration
Code v1.7VMworld 2017 Content: N
ot for publicatio
n or distribution
One Use Case forInfrastructure as Code
VMworld 2017 Content: Not fo
r publication or distri
bution
Infra_v456
IN TCP 443
Infra_v456
IN TCP 443
Infra_v457
IN TCP 443, 22
February
March
April
May
Day 2 Value: Incident, Cause
Security
Incident/Audit
Code Development Infrastructure
Code
diff
Who What When
VMworld 2017 Content: Not fo
r publication or distri
bution
24CONFIDENTIAL
IaaS Options from VMware
VMware Integrated OpenStack
vRealize Automation
24
VMworld 2017 Content: Not fo
r publication or distri
bution
OpenStack APIs are Similar to Public Clouds
Nova
Cinder
Swift
Neutron
EBS
EC2
S3
VPC
Compute | Network | Storage
Provides Infrastructure “Primitives”
Cloud APICloud API
VMworld 2017 Content: Not fo
r publication or distri
bution
Horizon
(web portal)
Nova
(Compute)
Neutron
(Network)
Cinder
(Block Storage)
OpenStack APIs/ SDKs/ CLIs
OpenStack In a Single Slide
OpenStack IaaS Framework
SDNHypervisor Storage
Hardware
30+ additional
projects
Driver/Plugin Driver/Plugin Driver/Plugin
3rd Party or Developer Tools
VMworld 2017 Content: Not fo
r publication or distri
bution
Horizon
(web portal)
Nova
(Compute)
Neutron
(Network)
Cinder
(Block Storage)
OpenStack APIs/ SDKs/ CLIs
VMware Integrated OpenStack
• A simple, stable, upgradable simple IaaS solution
• The same open source bits that any other Defcore compliant distribution uses
• Fixed Virtualization Architecture
– vSphere
– NSX
– VMware Datastores
• Ansible to deploy the exact same way every time
• Patchable/upgradeable
• NO SNOWFLAKES
OpenStack Framework (VIO)
NSXvSphere
VMFS
NFS
VSAN
Hardware
Driver/Plugin Driver/Plugin Driver/Plugin
VMworld 2017 Content: Not fo
r publication or distri
bution
Heat Template or Terraform
SW Developers
Platform Services
Infrastructure Teams
web_instance: webxyz
flavor: m1.small
image: RHEL-x86_64-chef
network: web-net
security: web-sec
quantity: 2
-------<snip>----------
Web-net: web-net
Subnet: 10.10.0.0
Mask: 255.255.255.0
Web-sec: name: web-sec
in: allow: tcp: 22
out: allow: tcp: 80, 443
Infrastructure as Code
VMware Integrated OpenStack
WW
A A
R
VMworld 2017 Content: Not fo
r publication or distri
bution
30CONFIDENTIAL
IaaS Options from VMware
VMware Integrated OpenStack
vRealize Automation
30
VMworld 2017 Content: Not fo
r publication or distri
bution
“Primitive” Creation
Security Team
Network Team
Compute Images (Virt Team)
Blueprint
SW Developers
Platform Services
web_instance: webxyz
flavor: m1.small
image: RHEL-x86_64-chef
network: web-net
security: web-sec
quantity: 2
-------<snip>----------
Web-net: web-net
Subnet: 10.10.0.0
Mask: 255.255.255.0
Web-sec: name: web-sec
in: allow: tcp: 22
out: allow: tcp: 80, 443
Infrastructure as Code
vRealize Automation – IaaS with Policy/Governance
WW
A A
R
VMworld 2017 Content: Not fo
r publication or distri
bution
DEMO #2Iterating on the infrastructureChanging security of Web VM and DB VM
32
VMworld 2017 Content: Not fo
r publication or distri
bution
Redis DB
Slave
Web VM
Application Architecture - Infra as Code Demo
Redis DB
Master
Router
PHP Code v1.0
Infra_Code v1.1
rule
from_port = “6379”
from_port = “6380”
to_port = “6379”
to_port = “6380”
TCP 6380 PHP Code v1.1 Test Stage Prod
TCP 6379
VMworld 2017 Content: Not fo
r publication or distri
bution
What about Containers?
34
VMworld 2017 Content: Not fo
r publication or distri
bution
Containers 101
• Configuration Management (Puppet, Chef, Ansible)
– Update/Install Packages
– Installing Middleware
– Install/Run Application
• Chose a distribution & create “gold” templates
• Common Linux KernelLinux Kernel 4.2
Management & User-space Tools (Libraries, Additional Software, & Docs)
Configuration | Application SW
App
Process 1
App
Process 2App
Process n
Standard Linux Host
Photon OS
Challenges
• Long Lived Operating Systems - patching, gold image updates, configuration drift
• Configuration Management Overhead
VMworld 2017 Content: Not fo
r publication or distri
bution
Linux Kernel 4.2
Linux “Container” Host
Running Applications – Traditional vs. Containers
Linux Kernel 4.2
Management & User-space Tools (Libraries, Additional Software, & Docs)
Configuration | Application SW
App
Process 1
App
Process 2App
Process nContainer 1
Standard Linux Host
Docker
Engine
Photon OS
Tools,
Libs, SW
containerimage built w/Dockerfile
Container n
Tools,
Libs, SW
#docker run containerimage
The “Dockerfile”
VMworld 2017 Content: Not fo
r publication or distri
bution
Application
Operating System
Physical
Infrastructure
Application
Operating System
Physical
Infrastructure
Containers & VMs in the Stack
Operating System
Virtual Machine
Hardware Abstraction
Container
Operating System Abstraction
Operating System
Virtual Machine
Hardware AbstractionVMworld 2017 Content: Not fo
r publication or distri
bution
Containers in CI/CD
40
flavor: m1.small
CPU: 2
Mem: 2
Disk: 10
Cloud APIsIaaS
WW
A A
R
Provisioning of VMs, Networks, Storage,
Security primitives
Manage Configuration: IaC, Config Mgmt
Linux “Container” Host
Docker Engine
Photon OS
Container 1
Tools,
Libs, SW
Container 1
Tools,
Libs, SW
Container 1
Tools,
Libs, SW
Container 1
Tools,
Libs, SW
Provisioning of container images, (volumes,
services, etc..)
Mange Configuration with: Dockerfile
CorpNet
Container n
Tools,
Libs, SW
Container n
Tools,
Libs, SW
VMworld 2017 Content: Not fo
r publication or distri
bution
FROM php:5-apache
RUN apt-get update
RUN apt-get install -y php-pear
RUN pear channel-discover pear.nrk.io
RUN pear install nrk/Predisb-net
Dockerfile/Docker Compose
FROM php:5-apache
RUN apt-get update
RUN apt-get install -y php-pear
RUN pear channel-discover pear.nrk.io
RUN pear install nrk/Predisb-net
Dockerfile/Docker Compose
Container Host
Docker API
Container Host
Docker API
Container Host
Docker API
Next Evolution of Software Development with Containers
• Infrastructure configuration greatly simplified (Container Host)
• Their endpoint for provisioning can be a docker host
• Dockerfile contains applications and OS dependencies to insure runtime consistency
Test Stage Prod
FROM php:5-apache
RUN apt-get update
RUN apt-get install -y php-pear
RUN pear channel-discover pear.nrk.io
RUN pear install nrk/Predisb-net
Dockerfile/Docker Compose
Container 1
Tools,
Libs, SW
Container 1
Tools,
Libs, SW
Container n
Tools,
Libs, SW WW
A A
R
Container 1
Tools,
Libs, SW
Container 1
Tools,
Libs, SW
Container n
Tools,
Libs, SW
Container n
Tools,
Libs, SW
Container 1
Tools,
Libs, SW
Container 1
Tools,
Libs, SW
Container n
Tools,
Libs, SW
Container n
Tools,
Libs, SW
Container n
Tools,
Libs, SW
VMworld 2017 Content: Not fo
r publication or distri
bution
Container Value Proposition in CI/CD
• Simplify operating system configuration with Dockerfile always versioned and tracked
• Configuration management simplified with the Dockerfile
• Well known API endpoint to interact with and publicly available container images
42
What about the container host?VMworld 2017 Content: Not fo
r publication or distri
bution
The Container Host
• Ubiquitous, simple, base operating system for all containers to run on – Golden Image
• Still deployed via IaaS and connected to networks, storage, etc.
43
Linux “Container” Host
Docker Engine
Photon OS
Container 1
Tools,
Libs, SW
Container 1
Tools,
Libs, SW
Container 1
Tools,
Libs, SW
Container 1
Tools,
Libs, SW
Persistent VOL
datastore
CorpNet
Container n
Tools,
Libs, SW
Container n
Tools,
Libs, SW
You still have an IaaS to
deploy container hosts, but
configuration permutations
will be much less
VMworld 2017 Content: Not fo
r publication or distri
bution
DEMO/Example #3Dockerfile example
44
VMworld 2017 Content: Not fo
r publication or distri
bution
Modern Application
Container Host
Application Architecture - Containers
Redis DB
Master
Router
PHP &
Apache
Code v1
Infra_Code
v2.1
Redis Dockerfile
# Expose ports
EXPOSE 6379
Redis DB Contianer v3.1
Redis.conf# Accept connections on the specified port, default is 6379 (IANA
#815344).
# If port 0 is specified Redis will not listen on a TCP socket.
port 6379
Container Host
Redis DB
Slave
VMworld 2017 Content: Not fo
r publication or distri
bution
Key Takeaways
Platform teams automate infrastructure in public clouds today
Give them the same freedom they get with public clouds
GOAL: Immutable & Repeatable for all things, but start small
Infrastructure as code is incredible way to track all infrastructure changes
46
VMworld 2017 Content: Not fo
r publication or distri
bution
Additional Content at VMworld
• DEV-2858BU
– The Shift to the Left: The Changing Role of Operations as Developers in a DevOps World
– Happened Monday 1-2pm
• HOL-1821-04
– vRealize Code Stream
• HOL-1830-01
– Containers 101
• HOL-1830-02
– Virtual Container Hosts with vSphere Integrated Containers
• HOL-1831-01
– Kubernetes Basics
47
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution