SlideShare a Scribd company logo

Immutable infrastructure isn’t the answer

Download as PPTX, PDF
Sam Bashton
Sam Bashton

Immutable infrastructure wasn't suitable for the consultancy's needs as it led to long deployment times and a lack of visibility into instance configurations. Instead, they developed a hybrid approach using Packer, Puppet, S3, and AWS services that provides faster deployments, self-healing infrastructure, and a known, verifiable state for instances. This allows them to focus on application development rather than infrastructure management.

1 of 49
Download to read offline
Immutable Infrastructure Isn’t the Answer Sam Bashton
Immutable infrastructure isn’t the answer
Who am I? • Sam Bashton • Ran a cloud (AWS + GCP) consultancy firm until 2016 when it was acquired by Claranet Group • Working with config management (Puppet) since 2007 • Working with AWS since 2009 • Working with GCP since 2014
Immutable infrastructure isn’t the answer
What is this talk about? • How we tried to use immutable infrastructure • How and why it wasn’t right for us • What we do instead
Business Model • Charge customer for building super reliable infrastructure • Charge customers a monthly support fee
Hard won experience • Migrated over 1000 apps to public cloud • Variety of approaches to managing infra and deploying code - Including Immutable Infrastructure • 2011 onwards
Immutable infrastructure isn’t the answer
Immutable infrastructure isn’t the answer
Immutable infrastructure isn’t the answer
Terraform
AWS Concepts • Each customer in one or more region • Each region has two or more data centres (‘availability zones’) - Most have three • SLA says that no more than one data centre will be down at once in a region “Region Unavailable” and “Region Unavailability” mean that more than one Availability Zone in which you are running an instance or task (one or more containers), as applicable, within the same Region, is “Unavailable” to you.
Data Lives in Services • We use AWS services to store all state - RDS (MySQL, Postgres, Oracle, MS SQL) - Elasticache (Redis) - DynamoDB - AWS Elasticsearch • The instances in question are ‘stateless’
Immutable infrastructure isn’t the answer
Immutable immutable /ɪˈmjuːtəb(ə)l/ unchanging over time or unable to be changed
What is immutable infrastructure? • Automatically build a golden image • New infrastructure using the new image replaces the old infrastructure
Why would I want to do that? • Unit of deployment becomes a machine image • Test the artifact and have confidence it’ll be the same in production
Blue/Green Deployments
Canary Deployments
Fudgetown • All the images are the same, except.. - We need to specify a different database location in each environment • And we need to specify it in an XML config file - We have different sizes of machine in each environment, and need to using different JVM settings
Why not just build lots of images? • Image building is automatic - why don’t we just build an image for each environment?
Why not just build lots of images? • Unit of deploy is a machine image • Images are created via an imperative set of commands - Shell Script - Ansible • What is in each image? What is different?
Immutable-ish • Scripts at startup handle differences • Consul cluster? - consul-template
Fudgetown
Fudgetown • Many dozens of microservices • All with configuration files - XML, yaml, ini, other
Fudgetown • Multiple processes make up a single ‘service’ • All have to be started in a specific order
Fudgetown • Deploying changes takes much longer - ~10-15 minutes for a Packer build and deployment to test infra • Tests on minor changes take a lot longer
Fudgetown • We don’t know what the state of our instances is, or should be • We don’t know whether config files were written successfully • It takes ages to test things
Back to the drawing board • Doing the thing the ‘cool kids’ say they are doing is not the path to technical success • Our customers care whether their app is working, not how
What do we actually need? • Infrastructure and configuration in a known and verifiable state • Self-healing • Fault tolerant - should continue to work even if a whole data centre (‘AZ’) fails
• Autoscaling which works every time • New instances which provision quickly (autoscaling) • Automated deployments - Possibly Canary, Blue/Green • Nice to have: quick to test changes What do we actually need?
Instance configuration in a known state • We need a way to describe configuration on the machine • A declarative language • Should tell us if something went wrong
Immutable infrastructure isn’t the answer
Except.. • Puppet master doesn’t lend itself to an autoscaling world - Performance bottleneck bringing up new instances - Single point of failure - Especially in the zone failure scenario
The rules • Terminating an instance should always automatically give you a replacement which works - Even if external repos are down • CentOS mirrors • EPEL • Elasticsearch yum repo • Gem • Pip • We should expect data centre (‘AZ’) failure
How do we do it? • Packer - base common AMI • Puppet • S3 • yum/apt • Jenkins
Jenkins
Packer • Build a base image • Generally common to all roles • Sometimes will have per-role AMIs • pip/gem dependencies generally installed here - Easier than building a package, even with FPM • Install big RPMs here to save time at provisioning
Masterless Puppet • Put the Puppet manifests and modules on an instance • Run puppet apply
Distributing Puppet • Puppet needs to be on every instance • Build an RPM/DEB containing Puppet manifests/modules • Add to a RPM/DEB repo in S3 • Script at startup (cloud-init) installs Puppet • Puppet runs from systemd❤
External Repos • Mirror CentOS, etc repos in S3 • Repos are copied as part of deployment process - Dev repos continually updated - When code is promoted to next step (eg staging), repos also copied - OS upgrades are a part of the normal deployment process
Repos in S3 • Puppet, application code in yum repos in S3 • Repo created from a Terraform module • Just drop your RPM in, it handles metadata generation https://registry.terraform.io/ modules/claranet/s3-yum- repo/aws
Config updates • AWS provides SSM • SSM triggers updating Puppet RPM, running Puppet • ~120 seconds from commit to Puppet run finishing
Success • We have been using this approach for 6+ years • Tried other approaches • Always came back for apps unsuitable for containerisation
Your problems are not my problems • Have lovely 12 factor apps? • Why are you wasting time building infrastructure?!
Immutable infrastructure isn’t the answer
Career advice • You don’t get paid to build infrastructure • ‘Serverless’ isn’t NoOps • Understanding distributed systems and their many failure modes the path to future success
Conclusions • Concentrate on the desired outcome, not what somebody at a conference said worked for them • Find the things that will give you the most success most easily, then iterate
• Architect for ease of management • Don’t be constrained by ‘best practice’ • Don’t be embarrassed by ‘ugly hacks’ when they solve real problems Conclusions
Ad

Recommended

Integration-Monday-Terraform-Serverless
Integration-Monday-Terraform-ServerlessIntegration-Monday-Terraform-Serverless
Integration-Monday-Terraform-Serverless
BizTalk360
 
Five Years of EC2 Distilled
Five Years of EC2 DistilledFive Years of EC2 Distilled
Five Years of EC2 Distilled
Grig Gheorghiu
 
An Ops Primer to Productionalizing Datameer
An Ops Primer to Productionalizing DatameerAn Ops Primer to Productionalizing Datameer
An Ops Primer to Productionalizing Datameer
Colin Brown
 
Cooking up a Cloud
Cooking up a CloudCooking up a Cloud
Cooking up a Cloud
Nick Zadrozny
 
Puppet Camp Melbourne 2014:
Puppet Camp Melbourne 2014: Puppet Camp Melbourne 2014:
Puppet Camp Melbourne 2014:
Puppet
 
The NBN Puppet Journey
The NBN Puppet JourneyThe NBN Puppet Journey
The NBN Puppet Journey
Puppet
 
Armada - the way to ship microservices
Armada - the way to ship microservicesArmada - the way to ship microservices
Armada - the way to ship microservices
GameDesire Company
 
Journey towards serverless infrastructure
Journey towards serverless infrastructureJourney towards serverless infrastructure
Journey towards serverless infrastructure
Ville Seppänen
 
Infrastructure as Code - Getting Started, Concepts & Tools
Infrastructure as Code - Getting Started, Concepts & ToolsInfrastructure as Code - Getting Started, Concepts & Tools
Infrastructure as Code - Getting Started, Concepts & Tools
Lior Kamrat
 
Manage your environment with DSC
Manage your environment with DSCManage your environment with DSC
Manage your environment with DSC
Gian Maria Ricci
 
EDB Failover Manager for Seamless Failover & Switchover
EDB Failover Manager for Seamless Failover & SwitchoverEDB Failover Manager for Seamless Failover & Switchover
EDB Failover Manager for Seamless Failover & Switchover
Ashnikbiz
 
Immutable infrastructure with Boxfuse
Immutable infrastructure with BoxfuseImmutable infrastructure with Boxfuse
Immutable infrastructure with Boxfuse
Lars Östling
 
Extending Ansible - Ansible Benelux meetup - Amsterdam 11-02-2016
Extending Ansible - Ansible Benelux meetup - Amsterdam 11-02-2016Extending Ansible - Ansible Benelux meetup - Amsterdam 11-02-2016
Extending Ansible - Ansible Benelux meetup - Amsterdam 11-02-2016
Pavel Chunyayev
 
Apple M1 & Ionic: Should I switch?
Apple M1 & Ionic: Should I switch?Apple M1 & Ionic: Should I switch?
Apple M1 & Ionic: Should I switch?
Philipp Höhne
 
Benchmarking like a pro
Benchmarking like a proBenchmarking like a pro
Benchmarking like a pro
Gianluca Sartori
 
Ansible benelux meetup - Amsterdam 27-5-2015
Ansible benelux meetup - Amsterdam 27-5-2015Ansible benelux meetup - Amsterdam 27-5-2015
Ansible benelux meetup - Amsterdam 27-5-2015
Pavel Chunyayev
 
Standardizing and Managing Your Infrastructure - MOSC 2011
Standardizing and Managing Your Infrastructure - MOSC 2011Standardizing and Managing Your Infrastructure - MOSC 2011
Standardizing and Managing Your Infrastructure - MOSC 2011
Brian Ritchie
 
Puppet camp LA and Phoenix 2015: Keynote
Puppet camp LA and Phoenix 2015: Keynote Puppet camp LA and Phoenix 2015: Keynote
Puppet camp LA and Phoenix 2015: Keynote
Puppet
 
Openstack hk-summit-upgrades-talk
Openstack hk-summit-upgrades-talkOpenstack hk-summit-upgrades-talk
Openstack hk-summit-upgrades-talk
Buvanesh Kumar
 
JAMF User Group September 2015
JAMF User Group September 2015JAMF User Group September 2015
JAMF User Group September 2015
Steve Wood
 
NDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design PatternsNDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design Patterns
Ryan Green
 
Building a PaaS with Docker and AWS
Building a PaaS with Docker and AWSBuilding a PaaS with Docker and AWS
Building a PaaS with Docker and AWS
vesirin
 
UEMB260: Provisioning: Under the Hood
UEMB260: Provisioning: Under the HoodUEMB260: Provisioning: Under the Hood
UEMB260: Provisioning: Under the Hood
Ivanti
 
Inrastructure as Code
Inrastructure as CodeInrastructure as Code
Inrastructure as Code
Charles Anderson
 
Building Creative Product Extensions with Experience Manager
Building Creative Product Extensions with Experience ManagerBuilding Creative Product Extensions with Experience Manager
Building Creative Product Extensions with Experience Manager
connectwebex
 
You don’t need DTAP + Backbase implementation - Amsterdam 17-12-2015
You don’t need DTAP + Backbase implementation - Amsterdam 17-12-2015You don’t need DTAP + Backbase implementation - Amsterdam 17-12-2015
You don’t need DTAP + Backbase implementation - Amsterdam 17-12-2015
Pavel Chunyayev
 
Ansible training | redhat Ansible 2.5 Corporate course - GOT
Ansible training | redhat Ansible 2.5 Corporate course - GOTAnsible training | redhat Ansible 2.5 Corporate course - GOT
Ansible training | redhat Ansible 2.5 Corporate course - GOT
keerthi124
 
High performance in react native
High performance in react nativeHigh performance in react native
High performance in react native
Viet Tran
 
Continuous Deployment of your Application - SpringOne Tour Dallas
Continuous Deployment of your Application - SpringOne Tour DallasContinuous Deployment of your Application - SpringOne Tour Dallas
Continuous Deployment of your Application - SpringOne Tour Dallas
VMware Tanzu
 
The Rocky Cloud Road
The Rocky Cloud RoadThe Rocky Cloud Road
The Rocky Cloud Road
Gert Drapers
 
Ad

More Related Content

What's hot (20)

Infrastructure as Code - Getting Started, Concepts & Tools
Infrastructure as Code - Getting Started, Concepts & ToolsInfrastructure as Code - Getting Started, Concepts & Tools
Infrastructure as Code - Getting Started, Concepts & Tools
Lior Kamrat
 
Manage your environment with DSC
Manage your environment with DSCManage your environment with DSC
Manage your environment with DSC
Gian Maria Ricci
 
EDB Failover Manager for Seamless Failover & Switchover
EDB Failover Manager for Seamless Failover & SwitchoverEDB Failover Manager for Seamless Failover & Switchover
EDB Failover Manager for Seamless Failover & Switchover
Ashnikbiz
 
Immutable infrastructure with Boxfuse
Immutable infrastructure with BoxfuseImmutable infrastructure with Boxfuse
Immutable infrastructure with Boxfuse
Lars Östling
 
Extending Ansible - Ansible Benelux meetup - Amsterdam 11-02-2016
Extending Ansible - Ansible Benelux meetup - Amsterdam 11-02-2016Extending Ansible - Ansible Benelux meetup - Amsterdam 11-02-2016
Extending Ansible - Ansible Benelux meetup - Amsterdam 11-02-2016
Pavel Chunyayev
 
Apple M1 & Ionic: Should I switch?
Apple M1 & Ionic: Should I switch?Apple M1 & Ionic: Should I switch?
Apple M1 & Ionic: Should I switch?
Philipp Höhne
 
Benchmarking like a pro
Benchmarking like a proBenchmarking like a pro
Benchmarking like a pro
Gianluca Sartori
 
Ansible benelux meetup - Amsterdam 27-5-2015
Ansible benelux meetup - Amsterdam 27-5-2015Ansible benelux meetup - Amsterdam 27-5-2015
Ansible benelux meetup - Amsterdam 27-5-2015
Pavel Chunyayev
 
Standardizing and Managing Your Infrastructure - MOSC 2011
Standardizing and Managing Your Infrastructure - MOSC 2011Standardizing and Managing Your Infrastructure - MOSC 2011
Standardizing and Managing Your Infrastructure - MOSC 2011
Brian Ritchie
 
Puppet camp LA and Phoenix 2015: Keynote
Puppet camp LA and Phoenix 2015: Keynote Puppet camp LA and Phoenix 2015: Keynote
Puppet camp LA and Phoenix 2015: Keynote
Puppet
 
Openstack hk-summit-upgrades-talk
Openstack hk-summit-upgrades-talkOpenstack hk-summit-upgrades-talk
Openstack hk-summit-upgrades-talk
Buvanesh Kumar
 
JAMF User Group September 2015
JAMF User Group September 2015JAMF User Group September 2015
JAMF User Group September 2015
Steve Wood
 
NDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design PatternsNDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design Patterns
Ryan Green
 
Building a PaaS with Docker and AWS
Building a PaaS with Docker and AWSBuilding a PaaS with Docker and AWS
Building a PaaS with Docker and AWS
vesirin
 
UEMB260: Provisioning: Under the Hood
UEMB260: Provisioning: Under the HoodUEMB260: Provisioning: Under the Hood
UEMB260: Provisioning: Under the Hood
Ivanti
 
Inrastructure as Code
Inrastructure as CodeInrastructure as Code
Inrastructure as Code
Charles Anderson
 
Building Creative Product Extensions with Experience Manager
Building Creative Product Extensions with Experience ManagerBuilding Creative Product Extensions with Experience Manager
Building Creative Product Extensions with Experience Manager
connectwebex
 
You don’t need DTAP + Backbase implementation - Amsterdam 17-12-2015
You don’t need DTAP + Backbase implementation - Amsterdam 17-12-2015You don’t need DTAP + Backbase implementation - Amsterdam 17-12-2015
You don’t need DTAP + Backbase implementation - Amsterdam 17-12-2015
Pavel Chunyayev
 
Ansible training | redhat Ansible 2.5 Corporate course - GOT
Ansible training | redhat Ansible 2.5 Corporate course - GOTAnsible training | redhat Ansible 2.5 Corporate course - GOT
Ansible training | redhat Ansible 2.5 Corporate course - GOT
keerthi124
 
High performance in react native
High performance in react nativeHigh performance in react native
High performance in react native
Viet Tran
 
Infrastructure as Code - Getting Started, Concepts & Tools
Infrastructure as Code - Getting Started, Concepts & ToolsInfrastructure as Code - Getting Started, Concepts & Tools
Infrastructure as Code - Getting Started, Concepts & Tools
Lior Kamrat
 
Manage your environment with DSC
Manage your environment with DSCManage your environment with DSC
Manage your environment with DSC
Gian Maria Ricci
 
EDB Failover Manager for Seamless Failover & Switchover
EDB Failover Manager for Seamless Failover & SwitchoverEDB Failover Manager for Seamless Failover & Switchover
EDB Failover Manager for Seamless Failover & Switchover
Ashnikbiz
 
Immutable infrastructure with Boxfuse
Immutable infrastructure with BoxfuseImmutable infrastructure with Boxfuse
Immutable infrastructure with Boxfuse
Lars Östling
 
Extending Ansible - Ansible Benelux meetup - Amsterdam 11-02-2016
Extending Ansible - Ansible Benelux meetup - Amsterdam 11-02-2016Extending Ansible - Ansible Benelux meetup - Amsterdam 11-02-2016
Extending Ansible - Ansible Benelux meetup - Amsterdam 11-02-2016
Pavel Chunyayev
 
Apple M1 & Ionic: Should I switch?
Apple M1 & Ionic: Should I switch?Apple M1 & Ionic: Should I switch?
Apple M1 & Ionic: Should I switch?
Philipp Höhne
 
Benchmarking like a pro
Benchmarking like a proBenchmarking like a pro
Benchmarking like a pro
Gianluca Sartori
 
Ansible benelux meetup - Amsterdam 27-5-2015
Ansible benelux meetup - Amsterdam 27-5-2015Ansible benelux meetup - Amsterdam 27-5-2015
Ansible benelux meetup - Amsterdam 27-5-2015
Pavel Chunyayev
 
Standardizing and Managing Your Infrastructure - MOSC 2011
Standardizing and Managing Your Infrastructure - MOSC 2011Standardizing and Managing Your Infrastructure - MOSC 2011
Standardizing and Managing Your Infrastructure - MOSC 2011
Brian Ritchie
 
Puppet camp LA and Phoenix 2015: Keynote
Puppet camp LA and Phoenix 2015: Keynote Puppet camp LA and Phoenix 2015: Keynote
Puppet camp LA and Phoenix 2015: Keynote
Puppet
 
Openstack hk-summit-upgrades-talk
Openstack hk-summit-upgrades-talkOpenstack hk-summit-upgrades-talk
Openstack hk-summit-upgrades-talk
Buvanesh Kumar
 
JAMF User Group September 2015
JAMF User Group September 2015JAMF User Group September 2015
JAMF User Group September 2015
Steve Wood
 
NDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design PatternsNDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design Patterns
Ryan Green
 
Building a PaaS with Docker and AWS
Building a PaaS with Docker and AWSBuilding a PaaS with Docker and AWS
Building a PaaS with Docker and AWS
vesirin
 
UEMB260: Provisioning: Under the Hood
UEMB260: Provisioning: Under the HoodUEMB260: Provisioning: Under the Hood
UEMB260: Provisioning: Under the Hood
Ivanti
 
Inrastructure as Code
Inrastructure as CodeInrastructure as Code
Inrastructure as Code
Charles Anderson
 
Building Creative Product Extensions with Experience Manager
Building Creative Product Extensions with Experience ManagerBuilding Creative Product Extensions with Experience Manager
Building Creative Product Extensions with Experience Manager
connectwebex
 
You don’t need DTAP + Backbase implementation - Amsterdam 17-12-2015
You don’t need DTAP + Backbase implementation - Amsterdam 17-12-2015You don’t need DTAP + Backbase implementation - Amsterdam 17-12-2015
You don’t need DTAP + Backbase implementation - Amsterdam 17-12-2015
Pavel Chunyayev
 
Ansible training | redhat Ansible 2.5 Corporate course - GOT
Ansible training | redhat Ansible 2.5 Corporate course - GOTAnsible training | redhat Ansible 2.5 Corporate course - GOT
Ansible training | redhat Ansible 2.5 Corporate course - GOT
keerthi124
 
High performance in react native
High performance in react nativeHigh performance in react native
High performance in react native
Viet Tran
 

Similar to Immutable infrastructure isn’t the answer (20)

Continuous Deployment of your Application - SpringOne Tour Dallas
Continuous Deployment of your Application - SpringOne Tour DallasContinuous Deployment of your Application - SpringOne Tour Dallas
Continuous Deployment of your Application - SpringOne Tour Dallas
VMware Tanzu
 
The Rocky Cloud Road
The Rocky Cloud RoadThe Rocky Cloud Road
The Rocky Cloud Road
Gert Drapers
 
Getting to Walk with DevOps
Getting to Walk with DevOpsGetting to Walk with DevOps
Getting to Walk with DevOps
Eklove Mohan
 
Google Cloud Platform Certification Cloud Architect Exam Prep Review Virtual ...
Google Cloud Platform Certification Cloud Architect Exam Prep Review Virtual ...Google Cloud Platform Certification Cloud Architect Exam Prep Review Virtual ...
Google Cloud Platform Certification Cloud Architect Exam Prep Review Virtual ...
Joseph Holbrook, Chief Learning Officer (CLO)
 
PuppetConf 2017: Unlocking Azure with Puppet Enterprise- Keiran Sweet, Source...
PuppetConf 2017: Unlocking Azure with Puppet Enterprise- Keiran Sweet, Source...PuppetConf 2017: Unlocking Azure with Puppet Enterprise- Keiran Sweet, Source...
PuppetConf 2017: Unlocking Azure with Puppet Enterprise- Keiran Sweet, Source...
Puppet
 
How Percolate uses CFEngine to Manage AWS Stateless Infrastructure
How Percolate uses CFEngine to Manage AWS Stateless InfrastructureHow Percolate uses CFEngine to Manage AWS Stateless Infrastructure
How Percolate uses CFEngine to Manage AWS Stateless Infrastructure
Percolate
 
The Hard Problems of Continuous Deployment
The Hard Problems of Continuous DeploymentThe Hard Problems of Continuous Deployment
The Hard Problems of Continuous Deployment
Timothy Fitz
 
DevOps: Automate all the things
DevOps: Automate all the thingsDevOps: Automate all the things
DevOps: Automate all the things
Mat Mannion
 
SynapseIndia drupal presentation on drupal info
SynapseIndia drupal presentation on drupal infoSynapseIndia drupal presentation on drupal info
SynapseIndia drupal presentation on drupal info
Synapseindiappsdevelopment
 
DCRUG: Achieving Development-Production Parity
DCRUG: Achieving Development-Production ParityDCRUG: Achieving Development-Production Parity
DCRUG: Achieving Development-Production Parity
Geoff Harcourt
 
DevOps, A brief introduction to Vagrant & Ansible
DevOps, A brief introduction to Vagrant & AnsibleDevOps, A brief introduction to Vagrant & Ansible
DevOps, A brief introduction to Vagrant & Ansible
Arnaud LEMAIRE
 
Continuous Delivery with NetflixOSS
Continuous Delivery with NetflixOSSContinuous Delivery with NetflixOSS
Continuous Delivery with NetflixOSS
Daniel Woods
 
Cloudy in Indonesia: Java and Cloud
Cloudy in Indonesia: Java and CloudCloudy in Indonesia: Java and Cloud
Cloudy in Indonesia: Java and Cloud
Eberhard Wolff
 
Ansible: How to Get More Sleep and Require Less Coffee
Ansible: How to Get More Sleep and Require Less CoffeeAnsible: How to Get More Sleep and Require Less Coffee
Ansible: How to Get More Sleep and Require Less Coffee
Sarah Z
 
Mtc learnings from isv & enterprise (dated - Dec -2014)
Mtc learnings from isv & enterprise (dated - Dec -2014)Mtc learnings from isv & enterprise (dated - Dec -2014)
Mtc learnings from isv & enterprise (dated - Dec -2014)
Govind Kanshi
 
Mtc learnings from isv & enterprise interaction
Mtc learnings from isv & enterprise interactionMtc learnings from isv & enterprise interaction
Mtc learnings from isv & enterprise interaction
Govind Kanshi
 
PowerPoint Presentation
PowerPoint PresentationPowerPoint Presentation
PowerPoint Presentation
lalitjangra9
 
Moving Windows Applications to the Cloud
Moving Windows Applications to the CloudMoving Windows Applications to the Cloud
Moving Windows Applications to the Cloud
RightScale
 
NSBCon UK nservicebus on Azure by Yves Goeleven
NSBCon UK nservicebus on Azure by Yves GoelevenNSBCon UK nservicebus on Azure by Yves Goeleven
NSBCon UK nservicebus on Azure by Yves Goeleven
Particular Software
 
What we talk about when we talk about DevOps
What we talk about when we talk about DevOpsWhat we talk about when we talk about DevOps
What we talk about when we talk about DevOps
Ricard Clau
 
Continuous Deployment of your Application - SpringOne Tour Dallas
Continuous Deployment of your Application - SpringOne Tour DallasContinuous Deployment of your Application - SpringOne Tour Dallas
Continuous Deployment of your Application - SpringOne Tour Dallas
VMware Tanzu
 
The Rocky Cloud Road
The Rocky Cloud RoadThe Rocky Cloud Road
The Rocky Cloud Road
Gert Drapers
 
Getting to Walk with DevOps
Getting to Walk with DevOpsGetting to Walk with DevOps
Getting to Walk with DevOps
Eklove Mohan
 
Google Cloud Platform Certification Cloud Architect Exam Prep Review Virtual ...
Google Cloud Platform Certification Cloud Architect Exam Prep Review Virtual ...Google Cloud Platform Certification Cloud Architect Exam Prep Review Virtual ...
Google Cloud Platform Certification Cloud Architect Exam Prep Review Virtual ...
Joseph Holbrook, Chief Learning Officer (CLO)
 
PuppetConf 2017: Unlocking Azure with Puppet Enterprise- Keiran Sweet, Source...
PuppetConf 2017: Unlocking Azure with Puppet Enterprise- Keiran Sweet, Source...PuppetConf 2017: Unlocking Azure with Puppet Enterprise- Keiran Sweet, Source...
PuppetConf 2017: Unlocking Azure with Puppet Enterprise- Keiran Sweet, Source...
Puppet
 
How Percolate uses CFEngine to Manage AWS Stateless Infrastructure
How Percolate uses CFEngine to Manage AWS Stateless InfrastructureHow Percolate uses CFEngine to Manage AWS Stateless Infrastructure
How Percolate uses CFEngine to Manage AWS Stateless Infrastructure
Percolate
 
The Hard Problems of Continuous Deployment
The Hard Problems of Continuous DeploymentThe Hard Problems of Continuous Deployment
The Hard Problems of Continuous Deployment
Timothy Fitz
 
DevOps: Automate all the things
DevOps: Automate all the thingsDevOps: Automate all the things
DevOps: Automate all the things
Mat Mannion
 
SynapseIndia drupal presentation on drupal info
SynapseIndia drupal presentation on drupal infoSynapseIndia drupal presentation on drupal info
SynapseIndia drupal presentation on drupal info
Synapseindiappsdevelopment
 
DCRUG: Achieving Development-Production Parity
DCRUG: Achieving Development-Production ParityDCRUG: Achieving Development-Production Parity
DCRUG: Achieving Development-Production Parity
Geoff Harcourt
 
DevOps, A brief introduction to Vagrant & Ansible
DevOps, A brief introduction to Vagrant & AnsibleDevOps, A brief introduction to Vagrant & Ansible
DevOps, A brief introduction to Vagrant & Ansible
Arnaud LEMAIRE
 
Continuous Delivery with NetflixOSS
Continuous Delivery with NetflixOSSContinuous Delivery with NetflixOSS
Continuous Delivery with NetflixOSS
Daniel Woods
 
Cloudy in Indonesia: Java and Cloud
Cloudy in Indonesia: Java and CloudCloudy in Indonesia: Java and Cloud
Cloudy in Indonesia: Java and Cloud
Eberhard Wolff
 
Ansible: How to Get More Sleep and Require Less Coffee
Ansible: How to Get More Sleep and Require Less CoffeeAnsible: How to Get More Sleep and Require Less Coffee
Ansible: How to Get More Sleep and Require Less Coffee
Sarah Z
 
Mtc learnings from isv & enterprise (dated - Dec -2014)
Mtc learnings from isv & enterprise (dated - Dec -2014)Mtc learnings from isv & enterprise (dated - Dec -2014)
Mtc learnings from isv & enterprise (dated - Dec -2014)
Govind Kanshi
 
Mtc learnings from isv & enterprise interaction
Mtc learnings from isv & enterprise interactionMtc learnings from isv & enterprise interaction
Mtc learnings from isv & enterprise interaction
Govind Kanshi
 
PowerPoint Presentation
PowerPoint PresentationPowerPoint Presentation
PowerPoint Presentation
lalitjangra9
 
Moving Windows Applications to the Cloud
Moving Windows Applications to the CloudMoving Windows Applications to the Cloud
Moving Windows Applications to the Cloud
RightScale
 
NSBCon UK nservicebus on Azure by Yves Goeleven
NSBCon UK nservicebus on Azure by Yves GoelevenNSBCon UK nservicebus on Azure by Yves Goeleven
NSBCon UK nservicebus on Azure by Yves Goeleven
Particular Software
 
What we talk about when we talk about DevOps
What we talk about when we talk about DevOpsWhat we talk about when we talk about DevOps
What we talk about when we talk about DevOps
Ricard Clau
 
Ad

Recently uploaded (20)

Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
Ad

Immutable infrastructure isn’t the answer

  • 1. Immutable Infrastructure Isn’t the Answer Sam Bashton
  • 3. Who am I? • Sam Bashton • Ran a cloud (AWS + GCP) consultancy firm until 2016 when it was acquired by Claranet Group • Working with config management (Puppet) since 2007 • Working with AWS since 2009 • Working with GCP since 2014
  • 5. What is this talk about? • How we tried to use immutable infrastructure • How and why it wasn’t right for us • What we do instead
  • 6. Business Model • Charge customer for building super reliable infrastructure • Charge customers a monthly support fee
  • 7. Hard won experience • Migrated over 1000 apps to public cloud • Variety of approaches to managing infra and deploying code - Including Immutable Infrastructure • 2011 onwards
  • 12. AWS Concepts • Each customer in one or more region • Each region has two or more data centres (‘availability zones’) - Most have three • SLA says that no more than one data centre will be down at once in a region “Region Unavailable” and “Region Unavailability” mean that more than one Availability Zone in which you are running an instance or task (one or more containers), as applicable, within the same Region, is “Unavailable” to you.
  • 13. Data Lives in Services • We use AWS services to store all state - RDS (MySQL, Postgres, Oracle, MS SQL) - Elasticache (Redis) - DynamoDB - AWS Elasticsearch • The instances in question are ‘stateless’
  • 16. What is immutable infrastructure? • Automatically build a golden image • New infrastructure using the new image replaces the old infrastructure
  • 17. Why would I want to do that? • Unit of deployment becomes a machine image • Test the artifact and have confidence it’ll be the same in production
  • 20. Fudgetown • All the images are the same, except.. - We need to specify a different database location in each environment • And we need to specify it in an XML config file - We have different sizes of machine in each environment, and need to using different JVM settings
  • 21. Why not just build lots of images? • Image building is automatic - why don’t we just build an image for each environment?
  • 22. Why not just build lots of images? • Unit of deploy is a machine image • Images are created via an imperative set of commands - Shell Script - Ansible • What is in each image? What is different?
  • 23. Immutable-ish • Scripts at startup handle differences • Consul cluster? - consul-template
  • 25. Fudgetown • Many dozens of microservices • All with configuration files - XML, yaml, ini, other
  • 26. Fudgetown • Multiple processes make up a single ‘service’ • All have to be started in a specific order
  • 27. Fudgetown • Deploying changes takes much longer - ~10-15 minutes for a Packer build and deployment to test infra • Tests on minor changes take a lot longer
  • 28. Fudgetown • We don’t know what the state of our instances is, or should be • We don’t know whether config files were written successfully • It takes ages to test things
  • 29. Back to the drawing board • Doing the thing the ‘cool kids’ say they are doing is not the path to technical success • Our customers care whether their app is working, not how
  • 30. What do we actually need? • Infrastructure and configuration in a known and verifiable state • Self-healing • Fault tolerant - should continue to work even if a whole data centre (‘AZ’) fails
  • 31. • Autoscaling which works every time • New instances which provision quickly (autoscaling) • Automated deployments - Possibly Canary, Blue/Green • Nice to have: quick to test changes What do we actually need?
  • 32. Instance configuration in a known state • We need a way to describe configuration on the machine • A declarative language • Should tell us if something went wrong
  • 34. Except.. • Puppet master doesn’t lend itself to an autoscaling world - Performance bottleneck bringing up new instances - Single point of failure - Especially in the zone failure scenario
  • 35. The rules • Terminating an instance should always automatically give you a replacement which works - Even if external repos are down • CentOS mirrors • EPEL • Elasticsearch yum repo • Gem • Pip • We should expect data centre (‘AZ’) failure
  • 36. How do we do it? • Packer - base common AMI • Puppet • S3 • yum/apt • Jenkins
  • 38. Packer • Build a base image • Generally common to all roles • Sometimes will have per-role AMIs • pip/gem dependencies generally installed here - Easier than building a package, even with FPM • Install big RPMs here to save time at provisioning
  • 39. Masterless Puppet • Put the Puppet manifests and modules on an instance • Run puppet apply
  • 40. Distributing Puppet • Puppet needs to be on every instance • Build an RPM/DEB containing Puppet manifests/modules • Add to a RPM/DEB repo in S3 • Script at startup (cloud-init) installs Puppet • Puppet runs from systemd❤
  • 41. External Repos • Mirror CentOS, etc repos in S3 • Repos are copied as part of deployment process - Dev repos continually updated - When code is promoted to next step (eg staging), repos also copied - OS upgrades are a part of the normal deployment process
  • 42. Repos in S3 • Puppet, application code in yum repos in S3 • Repo created from a Terraform module • Just drop your RPM in, it handles metadata generation https://registry.terraform.io/ modules/claranet/s3-yum- repo/aws
  • 43. Config updates • AWS provides SSM • SSM triggers updating Puppet RPM, running Puppet • ~120 seconds from commit to Puppet run finishing
  • 44. Success • We have been using this approach for 6+ years • Tried other approaches • Always came back for apps unsuitable for containerisation
  • 45. Your problems are not my problems • Have lovely 12 factor apps? • Why are you wasting time building infrastructure?!
  • 47. Career advice • You don’t get paid to build infrastructure • ‘Serverless’ isn’t NoOps • Understanding distributed systems and their many failure modes the path to future success
  • 48. Conclusions • Concentrate on the desired outcome, not what somebody at a conference said worked for them • Find the things that will give you the most success most easily, then iterate
  • 49. • Architect for ease of management • Don’t be constrained by ‘best practice’ • Don’t be embarrassed by ‘ugly hacks’ when they solve real problems Conclusions