UPLOAD

    1.2K

    DevOps Turkey Meet-up AWS Opsworks - Jan 2109

    Published: February 12, 2019

    DevOps Turkey Meet-up AWS Opsworks

    Comments

    DevOps Turkey Meet-up AWS Opsworks - Jan 2109

    • 1. Slide1 © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Halil BAHADIR Manager, Solutions Architect - AWS AWS OpsWorks Fully-managed Configuration Management
    • 2. Industry Trends © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Industry Trends Organizations are looking to integrate DevOps processes to: a)Reduce their operational costs b)Deliver applications and infrastructure updates quickly, securely and efficiently •Quick Application delivery •Build pipelines faster •Efficient configuration management •Minimize server drift •Deploy Applications Reliably and securely •Compliance automation— ‘Compliance-as-Code’ •Meet compliance regulations
    • 3. DevOps Customer Pain Points © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DevOps Customer Pain Points Manual process—weeks to set up new systems Legacy systems and tools— inflexible and obsolete hardware Organizational silos—unwieldy divisions of responsibility Infrequent, large releases—fear of deployment due to risk of SLAs Regulatory burdens—compliance bottlenecks occur at the end of a project Absence of visibility into infrastructure
    • 4. AWS Management ToolsHelping Enterprises take end-to-end control of their infrastructure © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Tools Helping Enterprises take end-to-end control of their infrastructure Provisioning AWS CloudFormation AWS Service Catalog Configuration Management AWS OpsWorks Monitoring Amazon Cloudwatch Operations Management AWS Cloudtrail AWS Config AWS Systems Manager
    • 5. Introducing AWS OpsWorks © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introducing AWS OpsWorks A common language for defining your infrastructure and applications, making it easy to move workloads to the cloud. Provides a single management platform for managing heterogeneous infrastructure on-premises or in the cloud. Enforces security policies, automatically remediates unwanted changes, and helps you prove compliance. Automate Operations & Deliver at Scale
    • 6. Flavors of AWS OpsWorks © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Flavors of AWS OpsWorks AWS OpsWorks for Chef Automate AWS OpsWorks for Puppet Enterprise
    • 7. Flavors of AWS OpsWorks © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Flavors of AWS OpsWorks Fully-Managed Chef Server Secure Programmable
    • 8. Flavors of AWS OpsWorks © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Flavors of AWS OpsWorks Fully-Managed Puppet Master Secure Programmable
    • 9. Features of AWS OpsWorks © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Features of AWS OpsWorks Pay-As-You-Go Managed Service Backup and Restore Support Integration with AWS Services
    • 10. Features of AWS OpsWorks © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Features of AWS OpsWorks Simplified Migration Flexible Environment Speed Reliability Security & Compliance
    • 11. Case Study: Verisk Analytics © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Case Study: Verisk Analytics •Migration project went off without a hitch •Migrated 60–80 accounts to AWS across its business units by the end of 2017 •Moved entire technology stack of a new acquisition within 90 days
    • 12. Section Slide (Place Holder) © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Section Slide (Place Holder)
    • 13. Slide20 © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    • 14. Slide49 © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    • 15. Slide50 © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    • 16. How does Chef work? © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How does Chef work? Simple client—server architecture Connecting resources to a Chef server as nodes Nodes pull configuration updates from the Chef server Config A Config B Chef Server
    • 17. How does Chef work? © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How does Chef work? The nodes pull configuration updates from the Chef server every X minutes A node will only make configuration changes when it is out of spec Chef Search allows nodes to query dynamic information about their environment
    • 18. Chef recipe example—configure Apache © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Chef recipe example—configure Apache # Install Apache and start the service httpd_service ‘default' do listen_ports ['81', '82'] threadlimit '4096' action [:create, :start] end # Add the site configuration httpd_config ‘default' do instance ‘default' source ‘mysite.conf.erb' notifies :restart, 'httpd_service[default]' end .....
    • 19. Chef recipe example—configure Apache © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Chef recipe example—configure Apache # Create the document root directory directory '/var/www/default/public_html' do recursive true end # Write the home page file '/var/www/default/public_html/index.html' do content 'This is a placeholder' mode '0644' owner 'web_admin' group 'web_admin' end
    • 20. Chef recipe example—configure Apache © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Chef recipe example—configure Apache # Install the mod_php5 Apache module httpd_module 'php5' do instance ‘default' end # Install php5-mysql package 'php5-mysql' do action :install notifies :restart, 'httpd_service[default]' end
    • 21. Inspec: Get visibility into the state of your nodes © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Inspec: Get visibility into the state of your nodes Chef Visibility—a view into convergence, compliance, cookbooks, recipes and more
    • 22. Go beyond Configuration Management © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Go beyond Configuration Management Chef Workflow—a continuous delivery pipeline for infrastructure and applications
    • 23. Go beyond Configuration Management © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Go beyond Configuration Management Chef Compliance—discovery and analysis of compliance risks across environments
    • 24. Slide30 © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ENTERPRISE
    • 25. Slide31 © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 1 2 3 4 5 Compile the configuration The Puppet code is read and compiles a node graph into a catalog based on facts submitted to the master by the client Deliver the catalog The catalog is delivered to the node. Note, no Puppet code is ever run on agent itself Apply the catalog The graph is read and the order of operations is automatically determined. Each configuration is enforced to be in the desired state defined by the Puppet code Report A report of all changes, if any, are sent to the Puppet server Repeat Puppet caches the catalog locally on the agent and uses the cached catalog to continuously ensure the system does not drift from the desired configuration
    • 26. Managing AWS virtual infrastructure  © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing AWS virtual infrastructure Puppet’s supported AWS module enables customers to use Puppet’s infrastructure as code approach to define, deploy, and manage AWS infrastructure such as virtual machines in EC2, virtual private clouds, elastic load balancing, auto scaling, groups, and Amazon Route 53 DNS A Puppet agent acts as a proxy to communicate with the AWS services to enforce the configurations defined in the Puppet code. The proxy agent communicates with the Puppet server as if it were AWS itself Puppet Agent
    • 27. Managing AWS virtual infrastructure  © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Managing AWS virtual infrastructure With Puppet, you define what you want each configuration on AWS to look like and the relationships between each configuration. Common configuration sets can be grouped into a reusable “defined type.” With defined types, you abstract the virtual infrastructure away, so you can quickly stamp out as many stacks as you need with a single line of code—all without sacrificing the flexibility to tweak lower level configurations that are unique to each stack. Ec2_security_g roup[dev] Ec2_instance[dev-1] Ec2_instance[dev-2] Ec2_instance[dev-3] Ec2_instance[dev-4] Elb_loadbalancer[d ev] define cloudapp { } Ec2_subnet[dev-2] Ec2_subnet[dev-1] class cloudapp { cloudapp { ‘version-1’: } cloudapp { ‘version-2’: } cloudapp { ‘dev’: } } Ec2_vpc[dev] Ec2_vpc_internet_g ateway[dev] Ec2_vpc_routetable [dev]
    • 28. Slide38 © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 1 Create VM A provisioner such as CloudFormation or Puppet Enterprise creates the VM Configure Puppet agent and assign its role CloudFormation makes sure Puppet is configured properly and assigns the agent’s role using “trusted facts, ”which are immutable, secure data about the agent 2 Request the Puppet Server to approve the agent The graph is read and the order of operations is automatically determined. Each configuration is enforced to be in the desired state defined by the Puppet code 3 Verify the agent’s identity The Puppet server uses policy based approval by verifying the instance ID for the Puppet agent matches a running instance in AWS. This prevents VMs from impersonating roles they should not have 4 Fully configure the VM Puppet fully configures the VM, from core OS and middleware to applications 5 Continuously enforce Puppet checks in regular intervals that the VM’s configuration hasn’t drifted from its desired state; automatically correcting any misconfigurations detected 6 NEW VM 3 Puppet Agent Configure VM Continuously Enforce 1 2 4 5 6 CloudFormation or Puppet Enterprise Puppet Server
    • 29. Slide15 © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Questions? http://aws.amazon.com/opsworks
    • 30. Slide48 © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.