docker ansible-make-chef-puppet-unnecessary-minnihan
TRANSCRIPT
ANSIBLE + DOCKER MAKE CHEF AND PUPPET 100% UNNECESSARY
John Minnihan @jbminn
why listen to me?
INVENTED HOSTED REPOS IN ’99CREATED LOTS OF INFRASTRUCTUREMY SYSTEMS MANAGE 2B+ LOCCAN JUMP A MOTORCYCLE 75 FEET
I noticed an increased number of mentions of Ansible + Docker.
SO I DUG IN.
‘Ansible + Docker’ queries have gone from zero to lots in 6 months
Docker + Ansible took off like a rocket delivering groceries to a
spaceship
why?
THAT’S IT.
They’re easier to use and produce portable & immutable outcomes.
(ssh + LXC + cgroups)
With the advent & quick rise of Docker and Ansible, engineers can now configure an environment once, save it into a container and rapidly reuse that container hundreds (or thousands) of times without additional configuration.
When additional config is necessary, for example for run-time changes that can't be preset, Ansible can be used to accomplish this with lightweight data description files requiring nothing more than ssh. This can be done either to the container's dockerfile before it is launched or can be done inside the container post-launch.
The need for complex client-server-agent arrangements like those in Chef or Puppet goes away. Chef and Puppet were great transition schemes that bridged the config management gap, but that gap has been firmly + completely closed by Docker + Ansible.
But what makes Ansible + Docker’s emergence an inflection point is what’s also occurring in the Chef + Puppet user
space - right now.
This talk could stop right here.
“I DIDN’T SIGNUP TO MANAGE MY MANAGEMENT SYSTEM”“WHY DO I HAVE TO KEEP UPGRADING THE AGENTS?”“SPINNING UP VMS TAKES A LOT OF TIME & ADDS NO VALUE.”
“CAN’T THIS BE RUN ONCE & JUST WORK EACH TIME I NEED IT?”
“I NEVER DID GET EITHER CHEF OR PUPPET TO ACTUALLY WORK.”
what people are saying
show me the codethere are 38,000 tutorial results for ansible
and 394,000 tutorial results for docker
….and there are 6 talks here at Gluecon on either ansible or docker or both.Seek out the data + make an informed decision.
here’s what I think is important
THERE’S A LOT OF WORK JUST GETTING CHEF OR PUPPET FUNCTIONAL
chef server install page:679chef client install page:1569
WORD COUNT
ansible install page: 145ansible client install page: 0
TO INSTALL ANSIBLE, CLONE THE REPO + CREATE AN INVENTORY. YOU’RE READY TO RUN AD-HOC COMMANDS.
TO INSTALL CHEF, DOWNLOAD THE RIGHT CLIENT + SERVER INSTALLERS, INSTALL THEM &
THEN WRITE A SCRIPT.
THERE’S ALSO A BIG DIFFERENCE IN THE DESIGN PHILOSOPHIES
ANSIBLE IS AGENTLESS. IT NEEDS ONLY SSH ON TARGET SYSTEMS TO FUNCTION
CHEF + PUPPET EACH REQUIRE SEPARATELY
RUNNING SERVER & CLIENTS BEFORE ANY WORK CAN BE
DONE
ANSIBLE’S GOAL-ORIENTED TASKS ENSURE WORK IS COMPLETED BY ENFORCING STATE.
CHEF ENCOURAGES IDEMPOTENCE, BUT IT DOESN’T ENFORCE IT
ANSIBLE PLAYBOOKS ARE SIMPLE DATA DESCRIPTIONS OF YOUR INFRASTRUCTURE, DEFINING THE DESIRED END-STATE
CHEF RECIPES ARE RUBY SCRIPTS. THAT’S NOT A BIG DEAL IF YOU KNOW
RUBY.
what about docker?
EVERYTHING REQUIRED FOR A CONTAINER IS IN ITS DOCKER FILE, ENSURING A BASE STATE THAT’S IMMUTABLE
CHEF DOES NOT PRESCRIBE A BASE STATE. SYSTEMS CAN DRIFT IF TARGET SYSTEMS
ARE EVEN SLIGHTLY DIFFERENT
DOCKER CONTAINERS SPIN UP IN < 2 SECONDS. NEED A CHANGE? BUILD A NEW CONTAINER.
VMS TAKE MINUTES TO SPIN UP
If you remember nothing else, remember the next two slides
BLAH, BLAH, BLAH
ANSIBLE IS AGENTLESS
This is a huge, game-changing difference.
DOCKER CONTAINERS ARE IMMUTABLE &
REUSABLE. Build once, run anywhere. Really.
references• Why Docker? Why Not Chef? -
http://blog.relateiq.com/why-docker-why-not-chef/
• The Walking Skeleton with Docker & Ansible - http://continuousdelivery.uglyduckling.nl/docker/the-walking-skeleton-and-docker-and-ansible/
• “After 4 years of heavy Chef usage, the infrastructure as code mentality becomes really tedious.” - http://thechangelog.com/ansible-docker/
• “I've used Puppet for over a year, and prefer @ansible after one afternoon.” - http://twitter.com/opdavies/status/448753755983736832
• https://twitter.com/jbminn/favorites - login to twitter to see those