There and Back Again (My DevOps journey) - LDNA 01-2018

There and Back Again
a DevOps journey
Giulio Vian
18th January 2018
giulio.dev@casavian.eu
@giulio_vian

What we will talk about?
Introduction
Initial state
Infrastructure-as-Code
Mindset
Terraform
IaaS in the Cloud
Configuration Management
Continuous Delivery
Recap
3
200-level
Visual and practical
Deck on SlideShare
Bibliography at the end

No green-field
3 Active Directory domains
3 test environments
2 production environments
All manually built
TeraByte-size SQL instances
VPN connections
Centralized version control

Issues
Downtime
New releases
Windows Update
Lack of Scalability
Don’t touch it mindset

Technology soup
Hosting
OS & DB
Language

Infrastructure-as-Code mindset
No manual changes
Replace hand built resources
with automation
Source control

Investment
Takes more time
Until you are proficient

Automation Pillars
Infrastructure Application stack

What?
No ARM?
Doctor Who © BBC
Story 178
Series 3, Christmas Episode

Terraform peculiarities
Folder organization
Import
Names are immutable
State management

Stay organized
/ repo root
modules terraform modules
utility general purpose
shared common to multiple applications or environments
application_name internal or public application
non-production can be rebuilt any moment
shared common to multiple environments
e.g. deploy agents, jumpbox
qa Integration test
uat User acceptance test
perf Load testing
production everything here is critical
legacy hand made infrastructure e.g. TFS
shared common to main and dr e.g. networking
live PRODUCTION ENVIRONMENTS
dr Disaster recovery site

Three steps to import
Define as regular resources
Add safety clause
lifecycle {
prevent_destroy = true
}
Include in state
terraform import

Changing names
TF deletes and rebuild resource
There can be more than one? Consider:
Security Group Rules
Virtual Machine Extensions
More is better
environment-tier-role-instance

State management
Myth: State is map of reality
Setup in shared, locked place
Azure Storage or AWS S3
Some changes not sensed
Learn to use
terraform state

Terraform tips
Static addresses
cidrsubnet
cidrhost
HCL parser idiosyncrasies
Regex might be troublesome
is not unusual
Study the book

Better luck next time
Error: Error applying plan:
azurerm_lb_probe.lb_probe_http: Error
Creating/Updating LoadBalancer
network.LoadBalancersClient#CreateOrUpdate
: Failure sending request: StatusCode=0 --
Original Error: Put
https://management.azure.com/subscriptions
/12345678-9abc-def0-1234-
56789abcdef0/resourceGroups/qa/providers/M
icrosoft.Network/loadBalancers/qa-
loadbalancer?api-version=2017-09-01: http:
ContentLength=1655 with Body length 0

Active Directory is a gift
and a curse
Monk © USA networks

Domain creation
Azure Quickstart
active-directory-new-domain-ha-2-dc-
zones
Wait until domain is ready
provisioner "local-exec" {
command = ""
verify = "(88,135,389,445,3268 | foreach { Test-
NetConnection $dcIpAddress -Port $_ -InformationLevel Quiet
} | measure -Minimum).Minimum“
interpreter = ["PowerShell", "-Command"]
}

Machine join
JsonADDomainExtension
Hardcode DNS bootstrap
$ix = (Get-DnsClientServerAddress -AddressFamily IPv4 |
where { $_.InterfaceAlias -like "*Ethernet*"
}).InterfaceIndex
Set-DnsClientServerAddress -InterfaceIndex $ix -
ServerAddresses ($dcIpAddress,"168.63.129.16")
Set-DnsClient -InterfaceIndex $ix -
ConnectionSpecificSuffix $domainName
Add-Content -Path
"${env:windir}System32driversetchosts" -Value
"`r`n`r`n${dcIpAddress}`t${domainName}`r`n${dcIpAddress}`t
${dcComputerName}.${domainName}" -Encoding Ascii

Avoid getting lost
[Environment]::SetEnvironmentVariab
le("prompt",
"[%USERNAME%@%COMPUTERNAME%]
`$p`$g","Machine")
Set-ItemProperty -Path
"HKLM:SOFTWAREMicrosoftCommand
Processor" -Name "AutoRun" -Value
"echo Hi %USERNAME%, welcome to
%COMPUTERNAME%"

Fake it and retry
Powershell Remote
Powershell DSC

Powershell
Search, search, search
Careful with StackOverflow
Desired State Configuration
Declarative configuration
Module management
Install-Module is just the first step
Testing
Pester
Limited use

Desired State Configuration (DSC)
Configuration FourthCoffee
{
# Install the IIS role
WindowsFeature IIS
{
Ensure = "Present"
Name = "Web-Server"
}
# Install the ASP .NET 4.5 role
WindowsFeature AspNet45
{
Ensure = "Present"
Name = "Web-Asp-Net45"
}
#...
}
Reboots
Modes
Local / Push
Pull
ConfigurationMode
ApplyOnly
ApplyAndMonitor 
ApplyAndAutocorrect
PowerShell Gallery

Working together
(upload local scripts)
Public repo
Orchestrating tool
data "external" "uploader_data" {
program = ["powershell",
"${path.module}/uploader.ps1 -Folder
"${var.folder}" -StorageAccount ${var.
storage_account} -Container ${var.
storage_container} -StorageKey ${var.
storage_key}"]
}
Deploy pipeline step
DSC Pull Server

Architecture won’t emerge
Easy
VM Size*
VM replicas
Disk size
Hard
Networks
Load balancers
DNS names
it will stand on your path

Architecture Tips
Hard isolation
Multiple Subscriptions
Disaster recovery
Paired Regions

Pipelines unfolding
one pipeline is not enough for all of us…
Integral deploy
Über-arching test and deploy
Partial paths
Just DB or App
Hotfix path
Other operations
Disaster Recovery

It is your duty
to make it robust

Agents
Network
VSTS/TFS on sight
Security
Power user in environment AD Domain
Restricted pools/queue access
Yes, docker

Unexplored paths
SQL Clusters
Database
Migrate production
Feature Toggles
Containers

To know more
Terraform - Up and Running: Writing
Infrastructure as Code — Y.Brikman
(O′Reilly)
https://www.amazon.co.uk/gp/product/14
91977086/
The DSC Book — Don Jones and
Melissa Januszko (O′Reilly)
https://leanpub.com/the-dsc-book
42

To know more
Continuous Delivery: Reliable Software
Releases through Build, Test, and
Deployment Automation — J.Humble,
D.Farley (Addison-Wesley)
https://www.amazon.com/Continuous-
Delivery/dp/0321601912/
The DevOps Handbook — G.Kim, P.Debois,
J.Willis, J.Humble (IT Revolution Press)
https://www.amazon.com/DevOps-Handbook-
World-Class-Reliability-
Organizations/dp/1942788002/
43

To know more (cont’d)
DevOps on the Microsoft Stack — Wouter de
Kort (Apress)
https://www.amazon.com/DevOps-Microsoft-Stack-Wouter-
Kort/dp/1484214471/
Beginning Build and Release Management with
TFS 2017 and VSTS — Chandrasekara, Chaminda
(Apress)
http://www.apress.com/gp/book/9781484228104
Refactoring Databases — Scott J Ambler and
Pramod J. Sadalage (Addison-Wesley)
https://www.amazon.com/Refactoring-Databases-
Evolutionary-paperback-Addison-Wesley/dp/0321774515/
44

Links
https://continuousdelivery.com/
https://www.terraform.io/
https://azure.microsoft.com/en-us/services/key-vault/
https://docs.microsoft.com/en-us/azure/best-practices-availability-paired-regions
https://martinfowler.com/articles/evodb.html
http://databaserefactoring.com/
http://agiledata.org/essays/databaseRefactoring.html
http://martinfowler.com/articles/feature-toggles.html
https://launchdarkly.com/
https://blogs.msdn.microsoft.com/buckh/2016/09/30/controlling-exposure-through-feature-flags-in-vs-team-services/
https://azure.microsoft.com/en-us/features/storage-explorer/
http://www.powershellgallery.com/
https://docs.microsoft.com/en-us/powershell/dsc/overview
45

Bene+dic, Domine, creaturam istam cerevisae,
quam ex adipe frumenti producere dignatus es:
ut sit remedium salutare humano generi:
et praesta per invocationem nominis tui sancti, ut,
quicumque ex ea biberint, sanitatem corporis,
et animae tutelam percipiant.
Beer is a
blessed thing

There and Back Again (My DevOps journey) - LDNA 01-2018

Recommended

Recommended

More Related Content

More from Giulio Vian

More from Giulio Vian (20)

Recently uploaded

Recently uploaded (20)

There and Back Again (My DevOps journey) - LDNA 01-2018

Editor's Notes