DEV TO DELIVERY WITHPUPPET

SAM BASHTON, BASHTON LTD

HOW DID WE GET HERE?Previously:

Devs built stuffLater, Ops came and built production infrastructure

This caused many IT problemsThe solution?

OPSVELOPMENT

DEVOPS

WHAT IS DEVOPS REALLY?Devs doing Ops?Ops 'coding' infrastructure?Automating things?Word that recruiters use without understanding anythingabout it?

WHAT IS DEVOPS?BE EXCELLENT TO EACH OTHER

WHAT DOES THAT MEAN INPRACTICE?

WHAT IS OPS?Working as part of a team to build a reliable environment

WHAT IS DEV?Working as part of a team to build a reliable environment

BEING GOOD AT DEVFollow 'The Twelve Factor App' - http://12factor.net/

BEING GOOD AT OPSProvide consistency across all environments - includinglocal devProvide developers the means to understand what ishappeningProvide as much visibility of everything to everybody

PEP20'Simple is better than complex''Complex is better than complicated'http://legacy.python.org/dev/peps/pep-0020/

PROVIDING VISIBILITYAll infrastructure work (Puppet, CloudFormation, etc)should be checked in to a repository available to thewhole team (Devs + Ops)Make it easy to see and search logs from all environmentsGive as many people as possible access to these logs

DEVELOPMENT

WHAT AND WHY?Development environments need to match production asclosely as possibleBuilds confidence that something working in dev will workin production

PUPPET EVERYWHEREPuppet should be used everywhere in the dev anddeployment process

ProductionStagingIntegration environmentsTest environmentsLocal dev machines

PUPPET CONFIG DOGMAThe same Puppet manifests and modules should bedeployable to all environments without any modification

PUPPET CONFIG DOGMAif statements in manifests are a 'bad smell' and should beavoided as much as possible

PUPPET APPLICATIONCONFIG DOGMA

Separate config files per environment are a 'bad smell' tooAvoid manifests that look like below:

Make it easy to 'miss' replicating things betweenenvironments, or make mistakes

file { '/etc/nginx/nginx.conf': source => "puppet:///localmodules/data/nginx/${hostname}.conf",}

VAGRANTBuilds virtual machines from Puppet manifestsMakes it easy to spin up short-lived dev instancesQuick to get working

Avoid ops being a blocker for dev

VAGRANT + DOCKERReduce dev environment spin-up timeDocker makes it easier to create more realisticenvironmentsDocker images for drop-in use with Vagrant available: https://github.com/BashtonLtd/docker-vagrant-images

BETTER MATCH LIVEENVIRONMENTS

ONE SET OF MANIFESTS,MANY ENVIRONMENTS

Different environments need different configResource locationsSettings

DEALING WITH DIFFERINGENVIRONMENTS

HieraAllows separation of logic from dataPut anything that differers by environment in a separatefileCombine with custom facts

HIERA.YAML:hierarchy: - env/%{envname} - services/%{service} - common

CUSTOM FACTS IN VAGRANT config.vm.provision :puppet do |puppet| puppet.manifests_path = "puppet/manifests" puppet.manifest_file = "site.pp" puppet.module_path = ["puppet/localmodules","puppet/modules"] puppet.hiera_config_path = "puppet/hiera.yaml" puppet.facter = { "envname" => "vagrant", "service" => "web", } end

CUSTOM FACTS ON MACHINESDrop a file into /etc/facter/facts.d

service=webenvname=stage

HIERA IN ACTIONenv/vagrant.yaml:

web::hostname: vagrantdev.local

env/stage.yaml:web::hostname: stage.example.com

HIERA IN ACTIONcommon.yaml:

postfix::server::relayhost: '[mailtrap.io]:2525'

env/live.yaml:postfix::server::relayhost: 'email-smtp.eu-west-1.amazonaws.com:587'

PRODUCTION

'WORKED IN DEV'Devs and ops need the right data to be able to debugIf only ops have access the the data, how much can devsreally help?

PROVIDING VISIBILITYMetrics and Service HealthLoggingDashboards

METRICS AND SERVICEHEALTH

SensuHealth checksCollection of statistics and export to Graphite

CENTRALISED LOGGINGVariety of approaches availableLogstashGraylog2

GRAYLOG2Simple to get up and runningPuppet module available: https://forge.puppetlabs.com/graylog2/graylog2

VISIBILITYDashboards show (near) realtime metrics let everyone seethe current state of the systemDon't just include system data - business metrics addcontext