Upload
all-things-open
View
199
Download
4
Embed Size (px)
Citation preview
CASE STUDIES: NASA AND FRIENDS
Greg DeKoenigsberg (@gregdek)
GOOD MORNING!(Who are you?)
THIS IS A TALK FOR BUSINESS FOLKS(But we can go anywhere you like!)
ANSIBLE USERS HAVE A LOT OF USE CASESLet's talk about a few of them today.
WHAT IS ANSIBLE, ANYWAY?
CONFIGURATION MANAGEMENTKinda like Puppet / Chef
ORCHESTRATIONKinda like mCollective
APPLICATION DEPLOYMENTKinda like... Fabric / Capistrano
ALL OF THESE THINGS TOGETHERKinda like... nothing
\"FANCY SSH FOR-LOOP\"
NEXT GENERATION AUTOMATION FRAMEWORK
SIMPLE(Get started on your lunch hour)
AGENTLESS(Got ssh? Ansible is for you)
POWERFUL(Batteries included)
BINCKBANK
About BinckBank
Based in Amsterdam, NL
Largest Dutch online discount broker
590 employees
760,000+ accounts
600 UNIX servers
Mark Maas, UNIX/Linux System Administrator
THE CHALLENGE
We have 600 UNIX servers in house. We have a lot of specialtyenvironments that we need to create while at the same time
managing our production environment.
Our problem was complexity in the datacenter. We wantedautomation but we also wanted simplicity and to not have to send
people to training in order to use the product.
BEFORE ANSIBLE
In the past we did our own scripting for menial tasks over a lot oflate nights of pizza.
WITH ANSIBLE
Ansible is quite fun to use right away-—as soon as you write fivelines of code it works.
With SSH and Ansible I can send commands to 500 serverswithout having even used the servers before.
We are completely focused on automating as much as possible inour datacenter and going beyond Unix to create more stuff for
more people to do be able to do more.
MOVING FORWARD
Recently I purchased a license for Ansible Tower. I would like togive non-technical users access to it and open up the technicalside to people who have no idea what I am talking about. With
Tower, my Linux guys can access our templates without having todo any coding. Tower opens up Ansible to the rest of company.
HOOTSUITE
About HootSuite
Based in Vancouver, BC, Canada
Social media management
~400 employees
Over 8 million users
75% of Fortune 500 uses HootSuite
Beier Cai, Director of Technology
THE CHALLENGE
Our infrastructure is not scripted, repeatable or immutable.
Rebuilding a server relies on limited documentation and mostlymemory.
Lack of repeatability makes automating our infrastructure andapplication deployment difficult.
There was one time we had to spend over a month of anengineer’s time to rebuild a server that had lived for 2 years with
random config changes by ops engineers along the way, withlimited documentation.
BEFORE ANSIBLE
We had limited experience with Puppet, but didn’t quite like itbecause 1) it needs agents, and we don’t like agents; and 2) wefavor immutability over snowflake factory for infrastructure
management.
WITH ANSIBLE
Ops and devs both feel safer, literally. Before they were alwaysworried about ‘what if the server dies’. They aren’t worried about
this anymore after all servers are properly ‘Ansiblized’.
With the help of Vagrant we can test server builds locally asmany times as we want until it works, instead of testing it on EC2
cloud which is remote and always slow.
Increase our bus factor from 1 to infinite! Before, only 1 or 2people know how a server was built from the beginning. With
Ansible, storing playbooks in source control gives everyone theability to rebuild the server at any time.
MOVING FORWARD
We want to build out "Devops" into HootSuite, and our vision is"Software Engineers are engaged in the entire cycle of designing,implementing, deploying and maintaining their software across
all environments".
NASA
About NASA
They put men on the freaking moon
About NASA WESTprime
WESTPrime == Web Enterprise Service Technologies prime
Blanket purchase agreement funded by NASA
Contracted to InfoZen Inc., a cloud broker and integratorbased in Rockville, MD
InfoZen responsible for entire cloud migration for all NASAweb assets
Jonathan Davila, Senior DevOps Lead, InfoZen
THE CHALLENGE
WESTPrime’s initial focus was to move roughly 65 applicationsoff the old data center as quickly as possible in a seemingly
impossible timeline.
All of a sudden we had an environment spanning multiple VPCsand AWS accounts with no way of centrally managing it.
We were faced with a very ugly scenario where even simplethings like ensuring every SysAdmin had access to every server,
or simple patching were extremely burdensome.
BEFORE ANSIBLE
Previously, NASA WESTPrime was using a lot of shell scripts.There was a lot of "manually ssh-in-and-do-x" type of work being
done.
We then created a demo day in which we invited the automationplayers to demonstrate the enterprise flavors of their product.
After quite a long day of deep level demos and Q&A, and a weekof analysis with the technical team we decided unanimously that
Ansible was the best fit for us.
Why?
No agents
Very small learning curve (a day or less!)
Non-technical staff can read a play and know what's happening
Native use of SSH
The most active open source community among itscompetitors
WITH ANSIBLE
NASA web app servers are being patched routinely andautomatically through Tower with a very simple 10-line Ansible
playbook.
Every single week www.nasa.gov is updated via Ansible,generally only taking about 5 minutes to do, including the mobile
version of nasa.gov.
Because of Ansible we are able to organize our inventory of AWSresources in a very granular way that was not at all possible
before.
One time we faced some strict deadlines for monitoring and wedidn’t have time to deploy Nagios agents (due to lengthy approval
workflows in place) to monitor RAM and CPU. So what did wedo? We did a very simple hack to be able to monitor CPU and
RAM with Ansible in near real-time (no agent required!).
Ansible was leveraged to remediate both OpenSSL issues thisyear in ridiculous time (leadership was blown away).
It is also used to ensure our environment is compliant withnecessary Federal security standards as outlined by FedRAMP
and other regulatory requirements.
There is a level of comfort and confidence that Ansible has beenable to provide that simply was not there before.
MOVING FORWARD
We are working on moving many applications into cycles ofContinuous Integration and Deployment, which will be
leveraging Ansible as the conductor of these architectures.
The moment 1.7 is released, Ansible will be used to manage ourstack of Windows servers and do the same magic we've been
doing with Linux.
The end goal will be for our sysadmins to only need toSSH/WINRM into servers manually for troubleshooting. Allserver changes will eventually happen exclusively through
Ansible (and the occasional CloudFormation tempate).
A TWEET BEFORE WE GO
Adam Werewolf (@adamwwolf)
I use @ansible to do just about everything. If you say "I don't havetime to set it up" you're who it's for--you don't have time *not* to.
11:20 AM - 21 Oct 2014
https://twitter.com/adamwwolf/status/524626206470053889
THE WORLD IS CHANGING
THANKS / [email protected]
@gregdek