osdc 2013 - configuration management and linux packages

Configuration Managementand Linux Packages

www.immobilienscout24.de

OSDC Nürnberg | 17.04.2013 | Schlomo Schapiro | @schlomoschapiroSystemarchitekt, Open Source Evangelist

License: http://creativecommons.org/licenses/by-nc-nd/3.0/

http://creativecommons.org/licenses/by-nc-nd/3.0/

| Config Management & Linux Packages | @schlomoschapiro

www.ImmobilienScout24.de

>2 billion PI per month

2 data center with ~1400 VM

total of ~600 employees

~30 crossfunctional IT teams

~160 in IT

15 years in business

part of Deutsche Telekom


Why am I standing here?

My Puppet and Chef to only half the job blog posting (2012-07)

Packages Doing Too Much? blog post on SysAdvent (2012-12)

Talking to lots of people at lots of conferences

One Tool To Rule Them All

http://blog.schlomo.schapiro.org/2012/07/puppet-and-chef-do-only-half-job.html

http://sysadvent.blogspot.de/2012/12/day-10-packages-doing-too-much.html


BusinessDecision

To goLive

All Humans are on the Same Side

BuildConfigDeployTestSystems-Management

Automation

Scale OutData Centers

through packages


DevOps


Never change a running system

Run the changing system

Continous Delivery

Deploy When Ready

You Build It – You Run It!

Fail Fast – Fail Early

Run With The Pack – The Pack Will Protect You


PROInfrastructureBuild

ApplicationBuild

ConfigurationBuild

QAYUM

Repos

Interface

DEV


“Any relevant file should be either

deployed via a package

or

completely managed by an

application that is thus deployed.”


„Every package must be verifyable –

stay away from package scripts.“

“Reducing the config package

reduces the deployment risk.”


ConfigSVN

post-commit → YUM repos

Infrastructureas

Code


TSTWEB05Location & Environment

Function Group

Instance

Configuration over Convention


Big Picture – Static Structure

ConfigSVN

YUMRepository

IS24 softwareAutomated RPM

creation

config├── host│ └── tstweb02│├── loc│ └── tst│ ├── VARIABLES│ │ ├── RPM_REQUIRES│ │ ├── RPM_PROVIDES│ │ ├── DB_HOST│ │ └── DB_USER│ └── etc│ └── is24│ ├── web.properties│ └── db.properties├── typ│ └── web│├── loctyp│ └── tstweb│ └── etc│ └── is24│ └── web.properties└── all ├── VARIABLES │ └── SYSLOG_HOST └── etc └── is24 └── system.properties

is24-config-tstweb01-1.0-$rev.rpm:/etc/is24/system.properties/etc/is24/db.properties/etc/is24/web.properties

[root@tstweb01 ~]# yum update

svn ci

db.host=@@@DB_HOST@@@db.user=@@@DB_USER@@@db.port=3306

Post-commit hook createsis24-config-$hostname RPM● svn export● patch VARIABLES● fill in metadata

svn co

loghost=log.domain.com


Static Structure – Pros and Cons

Variables follow samestructure as config data

Only one tool (SVN) needed

GUI talks only to SVN

Versioning and changetracking for variables

Variables and config fileschange together (atomic)

easy rollback→

Is this simple overlaying structure sufficient?

Simplify the world so that it is good enough!

ConfigSVN

YUMRepository

IS24 softwareAutomated RPM

creation

config├── host│ └── tstweb02│├── loc│ └── tst│ ├── VARIABLES│ │ ├── RPM_REQUIRES│ │ ├── RPM_PROVIDES│ │ ├── DB_HOST│ │ └── DB_USER│ └── etc│ └── is24│ ├── web.properties│ └── db.properties├── typ│ └── web│├── loctyp│ └── tstweb│ └── etc│ └── is24│ └── web.properties└── all ├── VARIABLES │ └── SYSLOG_HOST └── etc └── is24 └── system.properties

is24-config-tstweb01-1.0-$rev.rpm:/etc/is24/system.properties/etc/is24/db.properties/etc/is24/web.properties

[root@tstweb01 ~]# yum update

svn ci

db.host=@@@DB_HOST@@@db.user=@@@DB_USER@@@db.port=3306

Post-commit hook createsis24-config-$hostname RPM● svn export● patch VARIABLES● fill in metadata

svn co

loghost=log.domain.com

KISS!


Example: Apache HTTPD

Design Goals:

Use and extend upstream httpd RPM

Configure MPM and service user per application

IS24 standard configuration everywhere

httpd RPM

/etc/httpd/conf/httpd.conf

/etc/sysconfig/httpd


Example: is24-httpd RPM

if ! echo '# IS24 HTTPD conf framework. Read IS24_README!# This file is managed by %{name}%{version}.%{release}# Put your stuff in /etc/conf/*/is24*.conf files!ServerRoot "/etc/httpd"Include conf/basic/is24*.confInclude conf/main/is24*.confInclude conf/other/is24*.conf' >/etc/httpd/conf/httpd.conf ; then logger p user.err s t %name "ERROR: …"fi

Requires: httpdRequires(Pre): httpd%post


Example: is24-httpd RPM

if ! echo '# HTTPD options can be configured in# additional /etc/httpd/conf/env/*.sh files# This file is managed by %{name}%{version}.%{release}# Please add extra options to the OPTIONS Bash Arrayshopt s nullglobHTTPD=/usr/sbin/httpd.workerfor f in /etc/httpd/conf/env/*.sh ; do source $fdoneOPTIONS="${OPTIONS[*]}" # flatten array' >/etc/sysconfig/httpd ; then logger p user.err s t %name "ERROR: ..."fi

...

%post (continued)


/etc/profile.d/java.sh

Requires: is24-jdk-6

Example: How To Upgrade Java Packages

Requires: is24-jdk-7

is24-jdk-7 is24-jdk-6Req

java-1.6.0-sun-develjava-1.7.0-oracle-devel

Req Req


Separation of Concerns

KeepIt

Simple&

Stupid

The Tool Is You!

UseWhat

IsAlreadyThere


http://yadt-project.org and http://github.com/YADT

http://github.com/ImmobilienScout24

http://bit.ly/is24techjobs


Kontakt:Immobilien Scout GmbHAndreasstraße 1010243 Berlin

Fon: +49 30 243 01-1229 Email: [email protected]: www.immobilienscout24.de

Thank you very much!Please contact me for further questions and discussions.

| Practical DevOps | @schlomoschapiro

Photo URLs

Rowboot: http://www.photoreview.com.au/features/profiles/work-hard-get-lucky.aspxHolding hands: http://www.thechefalliance.com/Top-Chef-ServicesRobots: http://www.t-tek.com/announcements/conventional-palletizer-or-robot

Everything else is from OpenClipArt.org or custom made.

http://www.photoreview.com.au/features/profiles/work-hard-get-lucky.aspx

http://www.thechefalliance.com/Top-Chef-Services

http://www.t-tek.com/announcements/conventional-palletizer-or-robot

osdc 2013 - configuration management and linux packages

Technology