Morioh
Login
Loma Baumbach

Loma Baumbach

3 years ago

How much time do your teams spend patching vulnerabilities on servers, or puzzling why something failed in production, when it worked just fine in lower environments?

These are classes of problems which are solved without compromise by institutionalizing a pipeline approach called an Image Factory.

First of all… you know all that Chef or Puppet configuration you keep around, and how it nearly always works? Get ready to throw it away. Please.

Every line of configuration you write is a liability and will become technical debt. The less stuff you have, the easier it will be to maintain.

If you have ten services each running on ten instances, then perhaps you will have 100 configurations. Scaling up to 100 instances for each service, you will need 1,000 configurations. With immutable infrastructure, the number of configurations remains ten, whether you have one instance or a thousand.

This is a fundamental part of cattle not pets, because it allows infrastructure to be managed by class rather than by instance.

An Introduction

What’s Immutable Infrastructure?

Immutable infrastructure is like booting a machine from a virtual CD every time. When a piece of software or configuration changes, the CD gets thrown away and an updated disk loaded.

In the ephemeral world of cloud computing, it’s even better: when a piece of software or configuration changes, the whole computer is thrown away and replaced. The same magic holds true when the underlying hardware of a virtual machine is suspect: just terminate it, and another on a healthy host will replace it.

Today convergent (e.g. Chef, Puppet, Ansible, etc.) configuration systems is the mainstream approach to configuration management. It is only somewhat more repeatable than divergent configuration systems because they often rely on non-deterministic package managers. This means that compared to divergent configuration systems (not good) there are fewer holes to create problems, however, it cannot eliminate the potential for divergence, and at scale, these holes amass many perturbations yielding higher probabilities of race conditions and non-deterministic builds. — Susan Potter

This is important, since managing a set of individual servers at scale becomes an exponentially difficult problem to contain.

What’s an Image Factory?

Image for post

Simply put, it’s a piece of software that creates machine images to run on your servers. It works whether the servers are persistent (they run a long time), or ephemeral (they run for an indefinite period of time, and then they are thrown away).

The mechanics of this are simple: create a well-defined image that is tailored specifically for a given class of work, and use it consistently across all environments.

Although image factories don’t have to be used in conjunction with the principle of immutable infrastructure, the two work hand-in-hand and will have a profound effect on trivializing operations.

#ansible #devops #continuous-delivery #aws

Immutable Infrastructure and Image Factories for Fun and Profit

medium.com

Immutable Infrastructure and Image Factories for Fun and Profit

Immutable infrastructure is like booting a machine from a virtual CD every time. When a piece of software or configuration changes, the CD gets thrown away and an updated disk loaded.

1.15 GEEK