Author's comment: The main purpose of the talk is to talk about methods of building infrastructure (Configuration Synchronization / Immutable infra) and compare them. Ansible is used as an example of one of the configuration synchronization tools. From the point of view of the author, the world is moving towards an immutable infrastructure and the report provides arguments to clarify the author's position. And since the world is moving towards immutable infrastructure, teaching tools using a configuration synchronization approach may not be the best use of time. I will repeat once again - the report is not about tools, but about approaches and decision-making “from the problem”, not “from the tool”
Disclaimer: This report is difficult because it is prepared for the Russian audience, which works in somewhat specific conditions. We will touch all these things during the presentation. In Russia, the use of infrastructure is specific, because people generally do not live on Amazon. There are companies that live there, but they are few. And this is a limitation. This should be taken into account in all reports related to infrastructure deployment, so as not to say: “Guys, let's go to the cloud, everything will be fine in AWS” and there is a crowd of people who cannot go there. The Russian audience seems to be very specific. And those reports that come in Europe do not always come in Russia. Perhaps this is due to the special perception of this audience.
! , ! , Ansible. .
- Ansible? .
.
– , - . . . Ansible vs Terraform, Ansible CloudFormation, Ansible Chef . .
, , : « ?»
:
- FivexL.
- , .
- , , , . .
- , . . , , . , , .
Ansible?
Ansible. Ansible. 2 , . , Ansible .
, application deployment, , . OpenSSH, WinRM.
: « , ?».
use-cases. , , .
, provisioning , , , . - .
. : « ».
, , .
, .
, . . .
, Ansible, , – IT.
, , , , .
, , .
Ansible.
, Ansible .
AWS .
Kubernetes.
HashiCorp Vault .
Ansible .
– Ansible , . . . .
, , .
. , mainstream, . Vendor, , , . - - -. : « , - . community, , community , . . - ».
: «, , , ? -, ?».
, , , -, , , - , , . , .
Ansible , , provisioning , applications, . , .
, , . . IT.
, , . . .
.
cloud engineering-.
AWS HashiCorp. HashiConf , .
- FivexL.
. podcast DevSecOps, , . , , . , .
, . 5 , .
, – .
, – .
immutable- , , , , .
, , .
, . .
, .
, IT, .
, , - , .
. , - , . - - .
, , .
. competition, . . , , , , , , . . , AWS , Google, Amazon, Alibaba, , . . , Amazon , . .
: Google, Amazon, Alibaba — Amazon Azure
, . . . , , , . .
. .
. , .
, – , , , ultimate state, . . .
: « Ansible?».
: « , ?».
: «DevOps!».
«Infrastructure as code!»
«Ansible!», .
? , .
. . – , , , .
.
– configuration drift. , Keif Morris « ». , . PuppetLabs .
, -- , - , , , - .
, - -. - , Martin Fowler .
- – , . , , , . . . . . , , -.
? , , . . 100%- , , .
, - , : , , . , , . , .
MTTR (mean time to recovery), . . .
. , AWS , , EC2 instance, , . -, , .
Amazon . , . , .
, shellshock . , , . . .
-, GPU-. - , . GPU-. . , .
, . , . ? ? ?
. , , 2010- .
?
– . 4 , « »:
- , . . .
- , , . disposable.
- , , .
- . , , , . -, -, , , - , . , , , . .
4 , .
, , – . – machine-readable, . . - , , , .
software – . , . . , , , , . code review, CI
, . . . infra as code.
.
.
, : Puppet, Chef. Ansible SaltStack . , . , .
, provisioning. . , firewall , , , SSH- , .
Martin Fowler. , , . , .
. . . , . . , , . , - , , . . , , .
, . , - . -.
.
? , . . , - : - , . , , , , . -.
, .
ThoughtWorks Phoenix server,
: , , - , , . , .
.
, , , . , - . - , , . . . , (wipe, ) . , . .
, , SSH, , - , , . SSH , . .
, , , .
. , AWS auto scaling . . -, , . ami ( ), auto scaling group , . , . . backing vs. frying, cattle vs pets. .
. , . . . , , . , - .
, , ? . , : «, - IP-, IP-». . , IP-, . , . , .
, , provisioning , , , , EC2 spot instance. - spot instance , . , -, . . . 2 , , instance .
: « Ansible, , , , ?».
. , . , . , . : « , ! !».
, . , . , . , . . , , , 80 % 20 % .
, , .
, , , . , , . , immutable-.
, immutable- – .
? .
, , . , 12 app.
. , , , , : « 12 factor app ? ». .
, . immutable-.
, , .
, .
3 , :
- - , . , , Ansible.
- - , . , .
- , , , . - , .
.
. , , . , AWS, instance-, credentials, .
Bare Metal, .
SPIFFE , identity. , identity .
– , , . , AWS KMS , . AMI , , . - HSM (hardware security module), , , . , , .
, , . . , , HashiCorp Vault. AWS, Secrets Manager .
credentials. immutable-, , .
(pull) , , , Consul.
?
, . , , . , SSH-, SSH- firewall. , firewall. - event. , . event , , .
. - - , 12 .
debug?
- , . , , . . , , .
- . . , . , , , . , . . , , . - , . . .
- - , , , . , , . . , production.
- , , .
- . continuous integration, . .
- . , , , .
- , . . .
- , . . , , , , . , - production.
- . , . commit, . , , . , . , . commit. , - , – commit, , . commit. , . , commit, , , . , - CI. . . .
- . , commit’ . . . - , . , . . . , .
, , .
HashiCorp Packer, , . , . Packer’, . .
cloud API, Terraform – . , . , vendor - , . . , Terraform – . PXE baremetal, baremetal .
, Packer’ PXE . , , , , , .
– Audibeat, WAZUH . Vault – . , , .
debug - , . Prometheus, Logstash. , CloudWatch, Datadog.
, .
Ansible . immutable-, Ansible , . Packer Ansible . , . .
Server provisioning. . , , .
, , , . . .
I task? , Ansible.
, .
, . – .
, , , . , .
immutable , . . docker-, docker images immutable. Docker container – mutable. 12 factors app, docker container. () immutable . . State , . . , .
. . , , , , . , . host, , . , volume.
stateless. , stateless , . - , – , , . .
, , - . Kubernetes. AWS ECS , Kubernetes . clouds, prime clouds, hybrid clouds, Nomad, 2 Reinvent Amazon , EKS ECS anywhere. , . , EKS ECS on-premises - Amazon. , .
Nomad – , (Cloudflare/CircleCI/Roblox), .
. 2015- . Kubernetes, CNCF . Docker Swarm, Mitrantis. , Kubernetes. OpenShift Kubernetes.
, container OS, . . , , . . . .
, . . , .
, . «», . ECS – . Kubernetes, . . Kubernetes.
– , Terraform , kubernetes-. kubernetes- . , community GitOps. GitOps, . , – . GitOps.
– Infra as data, . . . , , GitOps, yaml , .
– ArgoCD, . Helm, kubernetes’ . Terraform, . AWS, Terraform , CRD Kubernetes.
, . – , - . . – , .
Ansible , build .
Server provisioning , , , containers OS, . . . , .
Serverless. , . . Kubernetes – . Serverless – . , . Serverless . , Kubernetes Serverless, .
. , 8 , , . MicroVM.
, , AWS Firecracker, .
Unikernels – . , hypervisor, .
- , , , -. hypervisor. , , . Amazon Nitro. , - , Unikernel , .
. , , , . , , , , , . , , .
Kubernetes? . Kubernetes reconciliation loop, . . yaml, , etcd , , . – , ? , pod , pod . , , .
, , 2-3-5 , : « ? . . Terraform, - ». , cloud- - . YAML, cloud , . . Cloud , . , .
, – ? GitOps Chef? : , Kubernetes – Linux. Linux – , Kubernetes. Kubernetes – user space, . GitOps , , . . . ArgoCD , apply Kubernetes. , , Chef .
, . , , , immutable- – , . , . , . , , , immutable-.
, immutable-. , , , .
. - , , immutable- Kubernetes.
, kubernetes- ? , , . Kubernetes in-place, security- , . (), , .
, .
: « ? , Ansible. . ?». , .
, 10 ClearCase Git. , .
, , , .
- – , . , 2015- , , , . Kubernetes, Nomad, Docker Swarm. . - . 2 , Docker Swarm, , .
Technology bets – , . , - , . , , , . . , .
, . Chef, Ansible Terraform Google Trends. , Chef, Ansible Puppet Terraform, . , . .
Ansible . Terraform . cloud . - , .
. Terraform , cloud.
Yandex keyword-, . , , Ansible – 29 000.
Terraform – 6 000. Google Trends.
, . , Terraform. Ansible , cloud 5-6 . 2010- , Netflix. . Reinvent, , . . . . cloud. , 3-5 – , , .
, .
. . , . .
, , . . IT .
.
Ansible, Puppet, Chef .
- , immutable-. , , . - , .
? , . , . , . - , .
, , , : , .
. . , .
:
: , . . : « Ansible - ?». , infra . . , Kubernetes Helm. , Kubernetes, Ansible – ?
: . . , . . . , . immutable-, . . – . . , Ansible. . . , .
, , . , , . . , . , , - . , . .
: , , immutable-, ? . . , . , , , , . immutable- , , , , - , . immutable- ?
: . . , , . . , , . . , . . Ansible , , ? . , ?
. . , , Ansible , . , , Ansible playbook , , , . , . playbooks . .
, - , Ansible, . . , , . . . , vamilla , Packer . , . , - .
, -. - . 95 % , , , . , , .
: - Ansible? , , - . immutable- .
: . Packer, playbook Packer playbook, . , . , . , . , . .
: . ? . . , ? , , - . , MySQL - , . immutable ?
: . , .
: . . . , . , Mongo , . , unlock , . , . , . . , .
: . . , ? . . Mongo, ?
: , Mongo, . , .
: volume, , , , . . - . – immutable. - , , , , , . .
. . , . , . . , . .