Post on 23-Jan-2018
Hashicorp
Ramit Surana
@ramitsurana
/in/ramitsurana
Delivering the Tao of devops …
Agenda
• Introduction to Hashicorp
• Why Hashicorp
• Hashicorp projects
• Vagrant
• Packer
• Serf
• Vault
• Consul
• Terraform
• Consul
Who am I?
• Open source guy.
• Foodie, traveler,Explorer
• Join me on my network,
I promise I won't bite :)
• Twitter: @ramitsurana
• Github: @ramitsurana
• Linkedin: /in/ramitsurana
• Mail: ramitsurana@gmail.com
Who is Hashicorp ?
• Hashicorp is a Devops tools and product building company.
• Using Hashicorp tools we can automate & redesign the company's infrastructure.
• Its open-source.
The Tao of Hashicorp
• The tao represents
• The foundation that guides the vision, roadmap, and product design.
• Workflows
• Immutability
• Simple, Modular, Composable
Why Hashicorp ?
Hashicorp Navratan
• Vagrant
• Packer
• Consul
• Serf
• Atlas
• Otto
• Nomad
• Terraform
• Vault
Vagrant
Vagrant
• Tool for building complete development environments.
• Machines are provisioned on top of VirtualBox, VMware, AWS, orany other provider.
Vagrantfiles
• Used to describe the type of machine required for a project, and how to configure and provision these machines.
• Vagrantfiles are portable across every platform Vagrant supports.
• Vagrant is meant to run with one Vagrantfile per project.
Packer
Packer
• Tool for creating identical machine images for multiple platforms from a single source configuration.
• Packer is lightweight, runs on every major operating system, and is highly performant, creating machine images for multiple platforms in parallel.
Platforms Supported
• Amazon EC2
• DigitalOcean
• Docker
• Google Compute Engine
• OpenStack
• Parallels
• QEMU
• VirtualBox
• VMware(OVF)
Consul
Consul
• Tool for discovering and configuring services in your infrastructure.
• Consul makes it simple for services to register themselves and to discover other services via a DNS or HTTP interface.
Consul Architecture
Jespen Testing
• A Jepsen test runs as a Clojure program on a control node.
• Jepsen has been used to verify everything from eventually-consistent commutative databases to linearizable coordination systems to distributed task schedulers.
• Check out more info on it at https://github.com/aphyr/jepsen.
Serf
Serf
• It is a tool for cluster membership, failure detection, and orchestration that is decentralized, fault-tolerant and highly available.
• It relies on an efficient and lightweight gossip protocol to communicate with nodes.
Gossip Protocol
• It is a tool for cluster membership, failure detection, and orchestration that is decentralized, fault-tolerant and highly available.
• Modern distributed systems often use gossip protocols to solve problems that might be difficult to solve in other ways, either because the underlying network has an inconvenient structure, is extremely large, or because gossip solutions are the most efficient ones available.
Otto
Otto
• Otto automatically builds an infrastructure and deploys your application using industry standard tooling and best practices.
• Otto automatically fetches dependencies, detects conflicts, and installs and configures these dependencies for development and deployment.
Appfile
• The file that Otto uses as a source of configuration for an application.
• Otto takes this file and compiles it to an internal representation that is used by all the Otto subcommands.
Terraform
Terraform
• Tool for building, changing, and versioning infrastructure safely and efficiently.
• It can manage existing and popular service providers as well as custom in-house solutions.
• The manage includes low-level components such as compute instances, storage, and networking, as well as high-level components such as DNS entries, SaaS features, etc.
Resource Graph
• It builds a dependency graphfrom the Terraform configurations, and walks this graph to generate plans, refresh state, and more.
• To walk the graph, a standard depth-first traversal is done.
Resource Addressing
• It is a string that references a specific resource in a larger infrastructure.
• It is made up of two parts:
• Module path:
• A module path addresses a module within the tree of modules.
• Resource spec:
• A resource spec addresses a specific resource in the config.
Vault
Vault
• It secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing.
• Vault encrypts and provides access to any secrets.
• Every secret in Vault is associated with a lease. Clients must renew their secret within the lease period, or request a new secret.
Vault Architecture
Shamir's Secret Sharing
• It is a form of secret sharing, where a secret is divided into parts, giving each participant its own unique part.
• The parts or all of them are needed in order to reconstruct the secret.
2 man rule
• Control mechanism designed to achieve a high level of security for especially critical material or operations.
• Under this rule all access and actions requires the presence of two authorized people at all times.
How I remember it.P.S: Must Watch Show
Nomad
Nomad
• Tool for managing a cluster of machines and running applications on them.
• It abstracts away machines and the location of applications, and instead enables users to declare what they want to run and Nomad handles where they should run and how to run them.
Nomad Architecture
Consensus Protocol
• It is related to CAP Theorem.
• Built using go-raft library.
• Consists of 3 Roles :
- The Leader
- The Follower
- The Candidate
Atlas
Atlas
• Atlas deeply integrates HashiCorp open source tools to provide an enterprise delivery pipeline.
• Atlas deeply integrates HashiCorp open source tools to provide an enterprise delivery pipeline.
Atlas Architecture
How atlas looks like ?
Get Innvolved
Github.com/hashicorp
Customers
Got Questions ?
HashiConf
• Started in 2015
• Must attend for Hashicorp fans
• Feel free to join me for the next time I go :)
Thank You Check out some of the cool hashicorp stuff !!