immutable windows: from pets to cattle
TRANSCRIPT
About me
Jorrit SalverdaTechnical architect at Travix
I automate…
● builds● deployments● infrastructure
Benefits of immutable infra
● “Config management” from scratch● No config drift● Forces automation● Spend less time fixing machines
Bonus
● Fast recovery after disaster● Audit trail
Goals
● Scripted vm images● New vms for every deploy● Zero downtime deployments● Make devs autonomous● Auto-scale
Bonus
● Auto-created certificates● Set dns records
...to cattle
http://www.myspotlightmagazines.com/wp-content/uploads/2015/01/shutterstock_131280110-beef.jpg
Dockerfile
FROM alpine:3.3
RUN apk --update add \ haproxy=1.6.2-r0 \ && rm /var/cache/apk/*
EXPOSE 80 443
COPY docker-entrypoint.sh /
ENTRYPOINT ["/docker-entrypoint.sh"]
Docker vs packer + boxstarter
Docker
● FROM● RUN● ENTRYPOINT / CMD● ENV● COPY
● VOLUME● EXPOSE
Packer + boxstarter
● Upstream pipeline dependency● Packerfile.ps1● Entrypoint.ps1● VM metadata● Download into vm during bake
● Still a lot of effort● Always port 80
Packerfile.ps1
# install .net framework 4.6.1cinst dotnet4.6.1 -version 4.6.01055.00
# install 7-zipcinst 7zip.commandline -version 15.12
# disable windows updatesDisableService "wuauserv"
Entrypoint.ps1
# get environment name from metadata$Environment = GetCustomMetadata("ENVIRONMENT_NAME")
# replace placeholders in config filesReplacePlaceholders
# start all applicationsStartApplications
Learnings
● Windows automation is hard● Pin versions of installed software● Some 3rd parties require static ips● Google’s http load balancer isn’t http 1.1 compliant● To avoid tunneling client-side certificates work well● Training is required
What’s next?
● Phased rollouts● Automated rollbacks● Improve monitoring● Speed speed speed● Migrate more to Kubernetes
Thanks
● slideshare.net/JorritSalverda● github.com/Travix-International● travix.com/jobs/