© 2014 VMware Inc. All rights reserved.

Infrastructure as Code 101A Primer for Infrastructure Teams

May 5, 2016

Steve Tegelerstegeler@vmware.com@vstegeler

Nathan Nessnness@vmware.com@nvpnathan

2

Practice

Infrastructure as Code

Want to Understand

Infrastructure as Code Better

Help articulate and

educate others

Get some solid use

cases

3

Who am I, and How did I learn about IaC?

• Director of Pre-Sales engineering for OpenStack + VMware

• Infrastructure Background

– Compute � Storage � Networking � Server Virt � Network Virt (Nicira)

• At Nicira our success was bound to the success of CMP/IaaS

– CMP Drives Consumption of Virtual Networks

• Watched a YouTube video and felt my career pivot

4

“Infrastructure in the Cloud Era"

• 2009 Velocity Conference

5

Who am I, and How did I learn about IaC?

• Director of Pre-Sales engineering for OpenStack + VMware

• Infrastructure Background

– Compute � Storage � Networking � Server Virt � Virt Networking

• At Nicira realized our success was bound to the success of IaaS

– CMP Drives the Consumption of Network

• Watched a YouTube video and felt my career pivot

• Must learn coding principles to stay relevant

• OpenStack success is bound by the ability to consume it

– IaC education/adoption will help

6

"Enable the reconstruction of the business from nothing but a source code repository, an application data backup, and

bare metal resources.“- Adam Jacob, CTO Chef

Infrastructure as Code – Common Definition

App Code

Infrastructure

Code

Configuration

Code

Your Data

App State

Compute NetworkSecurity

Storage

Infrastructure Provisioning

8

Infrastructure & ConfigurationInfrastructure & Configuration

Typical CI Development Process

Build/CISource Code

Management

Repository

Testing

Frameworks

Provisioning /

Deployment

1. Commit/Check-in2. Build & Test

4. Deploy

vRA

3. Artifacts

W W

AA

R

Manual?

9

App Devs

OpsTeams

Network StorageCompute

WW

A A

R

Web

2 VMs, 2CPU, 2GB mem, 10GB disk, RHEL

LoadBalancer

Open 80,443

App2 VMs 4CPU, 4GB mem, 30GB disk

Open 22 internal only, 8443 from Web

Request Infrastructure

web_instance: webxyz

flavor: m1.small

image: RHEL-x86_64-chef

network: web-net

security: web-sec

quantity: 2

-------<snip>----------

Web-net: web-net

Subnet: 10.10.0.0

Mask: 255.255.255.0

Web-sec: name: web-sec

in: allow: tcp: 22

out: allow: tcp: 80, 443

Describe Infrastructure

Days & Variability Fast &

Predictable

flavor: m1.small

Cpu: 2

Mem: 2

Disk: 10

Cloud APIs

“Consumer”

12

Why Code is so Great for Infrastructure

When things break, I can troubleshoot easily – Version Control

Easily test infrastructure permutations - CPU/Mem/Storage/Net/Sec

Re-useable

I can build topology templates for apps – Fast & Consistent Configuration

Application AnatomyThe Various Code Used in Deployment

14

Application v12.34

Types of Code Which Make up an Application

Application Code

Infrastructure Code

Configuration Code

Use Cases

16

Deployment

Pipeline

Infrastructure Site 1

Existing Business Apps

Ultimate IaC Test – Day 0

CONFIDENTIAL

App CodeInfrastructure

Code

Configuration Code

Your Data

Source Code

App_1 App_2 App_n

Infrastructure Site 2

Your Data

Business Apps Up!

App_1 App_2 App_n

R R

UPS

17

Seems Like Utopia, Does it Actually Work?

• If it doesn’t work, you are DOING IT WRONG

– The more often you practice it, the more resilient it makes it (lifting weights)

• Test it in a different OpenStack cloud

– Considerations: Defcore compliant, feature set same?

Ongoing Ops Benefits

19

Version Control

• Definition: A system that records changes to a file or set of files over time so that you can recall specific versions later

• Main Benefit: Complete visibility to any changes

Application v12.34

Application Code

Infrastructure Code

Configuration Code

20

IaC_v123

• TCP 8081

IaC_v456

• TCP 8081

IaC_v457

• TCP 22, 8081

February

March

April

May

Day 2 Value: Incident, Cause

Security Policy Incident/Audit

Code Development Source Code

diff

21

Use Cases for Infrastructure as Code

• Test Firewall Changes

• Test your application to see if it is IP address dependent

– Change a subnet address range used (192.x.y.z � 172.x.y.z)

• Test different performance permutations

– CPU – multi-threaded/scale out

– Disk – SATA, SSD, etc

• Rollback

Getting Started

23

IT, we have a Problem!

• Infrastructure Teams � SW development practices

– Learn Version Control and ways to “Describe” Infrastructure

• Devs � Understand Infrastructure– Developers learn proper ways to deploy infrastructure “primitives”

Developers Infra

24

25

VersionControl

App Code

Infrastructure

Code

Configuration

Code

Application:GoReminder

GoRem.v34Ext Security Test (nmap) GoRem.v35

Open: 8080,22

Open: 8081

FAIL

PASS!

Go.v34

Heat_v34

Cook_v34

GoRem.v34

Go.v35

Heat_v35

Cook_v35

GoRem.v35

Security Testing a GoReminders Application