controlled evolution with puppet and aws
TRANSCRIPT
Controlled Evolution with AWS & Puppet16 November 2016
Carl Caum: Sr. Technical Marketing Manager at Puppet
Chris Barker: Principal Technical Solutions Engineer at Puppet
Seamus Birch: Change Agent at one of Canada’s tier-one banks
Speakers
Every company is a software company.
It feels like a breaking point.
Change is necessary.
We help great companies:Become great software companies
Deliver fantastic experiences to their usersProvide better software, faster
And do it simply, at scale and securely
Automate for speed, reliability and security
Define with a common language
Gain situational awareness
Orchestrate change intelligently
Ensure security & compliance
What’s needed to deliver and operate modern software simply, at scale and securely
Across devices, through the stack
Define with a common language
● Easy to read, understand, write & share
● Write once, use everywhere
● Testing built in
● No code clobbering
● Choose from thousands of free modules, backed by a vibrant ecosystem
Standard way for teams to deliver and operate software
Puppet code example
Gain situational awareness
● Real-time change visibility
● Unique dependency visualizations
● Continual drift monitoring and reporting
● Audit and compliance reporting
● Built-in, custom and 3rd party visualizations
Know exactly what is going on with all your software
Event inspection in Puppet Enterprise
Cloud Management with PuppetAdopt, unify and managecloud environments
Supporting heterogeneous infrastructure
Cloud adoption drives business
of organizations believe cloud will help them improve their revenue
Source: IDC “Don’t Get Left Behind: The Business Benefits of Achieving Greater Cloud Adoption,” Aug 2015
53%
Automation in the cloud
Native tools don’t work
Manual approaches / scripts are problematic
Misconfiguration creates risk
= Risk$ one-off
Puppet/aws module
$ one-off
AWS Herd Management
$ one-off
Introduction
16
● 15 years experience in banking technology
● Particularly interested in hands on transformation of operating models.
What was the problem we were trying to solve?
17
Reduce manual effort and IT bureaucracy that is error prone, slowing us down and costing us money.
Our setup
18
GithubApplication CodePuppet Modules
TeamCityApplication &
Container Build
Puppet MasterConfiguration Management
ArtifactoryApplication &
Container Store
Application Server
ApplicationEnvironment
Puppet R10KRelease Management
and Change Management
Or first steps● Built a community of developers on the platform.
● Focused on promoting continuous deployment rather than continuous integration.
● Obtained security risk assessments and approvals on the Puppet process as a software deployment mechanism.
● Heavily invested in getting the infrastructure teams to pick up puppet.
● Lucky enough to find an infrastructure team that could pick up the coding aspect.
● Worked with the release management and change control teams to add support to R10K to their service.
● Started with a pilot of 150 servers.
19
Standard puppet approach
ProvisioningVirtual environments ● Cloud ● Containers
Application infrastructureSQL server ● Tomcat ● WebSphere ● IIS ● MySQL
Core infrastructureOperating system ● NTP ● DNS ● SSH ● Firewall ● Users ● Groups
Application orchestrationCustom apps ● COTS ● Share services
Our experience with Puppet
ProvisioningVirtual environments ● Cloud ● Containers
Application infrastructureSQL server ● Tomcat ● WebSphere ● IIS ● MySQL
Core infrastructureOperating system ● NTP ● DNS ● SSH ● Firewall ● Users ● Groups
Application orchestrationCustom apps ● COTS ● Share services
1
2
3
22
Reduction in manual effort
90%
Team Development Effort
12%600%
Change Deployment Frequency
Measurable results
But what about provisioning?
ProvisioningVirtual environments ● Cloud ● Containers
Application infrastructureSQL server ● Tomcat ● WebSphere ● IIS ● MySQL
Core infrastructureOperating system ● NTP ● DNS ● SSH ● Firewall ● Users ● Groups
Application orchestrationCustom apps ● COTS ● Share services
1
2
3
?
Our AWS POC
24
GithubApplication CodePuppet Modules
TeamCityApplication &
Container Build
Puppet MasterConfiguration Management
ArtifactoryApplication &
Container Store
Cloud Command and Control
Keys
Puppet R10KRelease Management
and Change Management
VPC, Security, Firewall, Network etc
ECS
EC2 Instances
Application
RDS
What did we discover
● We had a real life application deployed within a couple of weeks.
● We didn’t require any new processes to be created.
● There were no special approvals/waivers/exceptions to obtain.
● We didn’t need to change firewalls or modify our security posture.
● We reduced infrastructure costs to pennies in the dollar.
25
Getting started with cloud was easy because we already automated with Puppet.
26
It will scale because we already automated with Puppet.
27
Potential stumbling blocks to avoid● Focus on automation, not on cloud as the
objective.
● Don’t start with doing cloud manually, it will not scale and your cloud transformation will stall.
● The development team must have a mature approach to security. You must be 100% confident that when you ask a security consultant to review your setup, they will not find any vulnerabilities.
● You need to let go of the crutch that it is SSH/RDC.
28
Questions?
Read up on AWS-Based Node Lifecycle Management with Puppet in our white paper: bit.ly/AWSlifecycle
Check out our AWS-supported module on the Puppet Forge, which provides the ability to manage AWS resources: forge.puppet.com/puppetlabs/aws
Watch Chris Barker's PuppetConf 2016 talk, AWS Management & Puppet: What to do with cloud instances: bit.ly/puppetconf15barker
What’s next?