 The next talk of this session It's Infrastructure as code people style your environment That is in gentlemen, please welcome Sebastian now by work. Yeah, thank you. So last people come in Have a seat So, yeah, that's the title infrastructure is to code pip install your environment I have two disclaimers. So the first one is this talk is not about pip So if you're here because you want to learn something about pip, I'm sorry It's really it not it has nothing to do with pip that it's just a metaphor The other disclaimer I'm not a computer scientist. I'm not an expert I'm a physicist and data scientist. So everything around infrastructure is just auto-detectively learned by me so If you find something wrong, then just keep it for you and forget it. So Okay, yeah, I work at Blue Yonder. Maybe you saw that stand over there. So just come by and we can have a small chat Okay, so a small outline Maybe a question so are there for example some ops people here operations one two three Yeah, okay. So the rest is developers Nobody okay Yeah, so It's more or less two parts. So the first part is more is a Theoretical thing or let's say an introduction to all the the word. So a glossary. What is infrastructure or what is crud? For example here CRED Immutability What is infrastructure as code and then the second part that is really hands-on so we see code we do all the stuff Maybe we do a short question Round between those two parts if there are any questions so that the first part is really everyone knows what is infrastructure as code What is infrastructure as a service and so on? Okay, so ready we start. What is crud or CRUD? It's trivial. So it's just create read update delete And it's just a simple set of operations, but as we will see in the talk these are really powerful operations So and now this is a hypothesis of me nearly everything can be implemented using using these three operations So for example thing of a block you can create a block read a block update a block post delete it To do app or ec2 instances you can create you can delete Dictionaries in Python you can create an item delete an item or LW so everything what you can think of can be expressed somehow in these terms create read update delete and now the next thing also a Hypothesis if it's wrong you can correct me afterwards Personally If we implement such things with this Simple set of operations you more or less you more or less get a rest API for free and we see that in this So who has heard of rest API before? Okay, quite a few so Yeah, there's this really one-to-one correspondence between those rest verbs if you use it with HTTP So post is a create get is a read put is an update and delete is delete So we really see okay. There's some kind of correspondence between these things Now the next thing what is immutability, so this is really a hard thing and Yeah, don't nail me down. It's not a Theoretically Nailed down Definition what you get here, so I have two numbers here an eight and nine so this small question now to the audience What do we do to come from the initial state the eight to a nine? Would you really do it like that? So I want to trivial answer. So what what would? What would you do? Yeah, we removed the the the left Lower one of course. I mean imagine it would be Stonehenge and these are stones We would remove the one and then we have a nine but Now it's the question if we would have implemented a kind of a Roboter wish which has to do it Would we have done it the same way? I mean just imagine what what you would have to do a camera Analyzing with some kind of computer vision the initial state and then find Transformations from how to get from an eight to a nine and then the next thing is if we want to come from a seven to an eight Or from seven to nine so it's really it's an explosion of complexity Because we have every combinations of initial state to final state So what would the how would the Roboter if we would build the robot? How would we have implemented it? And there's the delete we would just have a wiper kill all the matches sort them somehow put them in a In a little box and then put the robot The nine so we just need to have For ten digits. We just need ten instructions how to come from initial state Zero everything in the box to a nine to eight to a seven six five four three two one ten instructions and we are done so That's a thesis. I don't know if it's correct, but an update can always be implemented by deleting and recreating but Deleting and recreating in the real world is often quite resource-expensive. So let's think of a house Do we really want to tear down the house and build it up again? Just because the color of one room need to change from blue to red Writing a book hmm provisional server So can take quite a while to have a server running exactly in the state you want to have it If you do it by hand But on the other side making an update So come from a nine to a ten can be quite difficult and complex think of the combination seven two nine eight to one For example, if we want to add a room to a house Can be Really complex so maybe then it's easier to tear down the house and rebuild it with a with a with another room Yeah, or change the structure of a database everyone knows who deals with a limb big or some kind of things Can you quite hard or sometimes it's impossible? Or if the task would be changed the color of Mona Lisa, it's also really hard. So let's boil it down a bit Humans are lazy But intelligent so what we are doing is always the update so we see there is an eight there is a nine We just have to remove one we optimize for least effort Machines are eager but dump for there for them Deleting and recreating is the preferred way to go. So we wipe everything up and rebuild it from scratch Question is what is the current infrastructure? You are working in at the moment. Just think of What's your daily business in this infrastructure where you are working this just a question to think of are we So who is working in an environment which is machine-driven so deleting recreating or not So and now boil it down completely. What is immutability? Immutability is a concept of how to change the state of a system It sounds paradox, but it isn't so immutability is not about not changing anything So it's about how to change it and how to change it is really easy We have our CRUD. We just delete the you and we are done. That's immutability So we do not do an update. We just delete and recreate our systems Now a really small crash cause for rest Just that we know what we are talking about if we later on go on and do the example but everyone knows already we know it so Normally we have something like a collection resource. Let's say Some kind of instances. Let's say houses or things like this or maybe better to do To do's so a collection of to do's with a get we get a list of all to do's With a post we create a new To do then there is the instance resource It's the one with the ID behind it with a get we get just the to do so what to do in this particular thing We can delete it and we can update this particular instance Now to thumbs something completely different. So we are computer people What is infrastructure? I? Mean it's a quote from me. So don't take it too seriously Infrastructure is everything. What brings your dad code to life? This means everything around deploy or object stores key value stores databases routing networking Maybe identity access so everything around your code, which is in git Is what I call infrastructure? In the end it brings the value in addition with your code Now that's the title of the talk. What is infrastructure is code? It just means if we can access this infrastructure. So the key value store or the memory or things like this In an automated fashion via machine consumable API's so now we heard quite a bit of API's rest API and Crud and how to change states? So here it would mean infrastructure is code means to change something There should be no tickets to assist admin doing things or you need a screwdriver and drive to your data center Maybe also not an admin SSH terminal because he needs to to type in some secret password Yeah, and of course no GUI So we need machine consumable API's Now in addition to infrastructure as code What is infrastructure as a service and this just means that the application itself can consume the infrastructure it runs in So infrastructure as code could also be done. Let's say from the outside So someone provisions the infrastructure, but it's everything is written in code and not with screwdrivers and tickets But as a service really means the application itself can create the infrastructure it runs in This means the self-service. It's really like in a supermarket. You walk in and say, okay, I need an object store I need a I don't know maybe easy to instance and so on For this we need simple machine consumable API's of course Somehow identity access management. So not that the machine can buy 12 million easy to instances and you don't know so you need something to control it Yeah, and of course no dependency in this whole thing to any screwdrivers or yeah some stack overflow deploy instruction So it needs to be consumable via machine readable API's So the next thing after Infrastructure as a service is immutable infrastructure But now that's good. We already know what immutable infrastructure is from all the create read Update and delete things we just delete the update thing. So we say there is no update of any state What we do is we delete The thing we are working with and we recreate it in the new state. That is in immutable infrastructure now we Learned a lot. Maybe you're bored But why is it so important to have this automation? So everything around automation and infrastructure as code Automation means the machines do it. So we reduce human error. We enhance reproducibility It's of course cheaper maybe not always but Sometimes it's cheaper. It's faster most of the time and you also get happier developers because sometimes they really have to do messy stuff in a console so it's and cheap and faster is not is Particularly not the most important thing most people think we need to automate it if it's really a cost factor or it's if it's too slow But that's not a case It really so the reduced human error for example is really it's crucial also if you build just once your application if the one who provisions it forgets to Correctly configures The backup it's just done done once but it's done wrong So it's very important. I think and why is this We can call it X as a service so this infrastructure as a service. Why is it so important? So why is it important that the application itself can consume the infrastructure it runs in and Also a quote from me, so don't take it too seriously It means we can put everything so the entire application Including the infrastructure under version control and that's something really completely new never before we were able to put The whole application including infrastructure in version control and that's really that's a crucial part So if you if you go home after this talk and you know this thing then I think you've learned enough That would be fine so that was the gray theory and I think for the next part where we really build such an Infrastructure as a service for our own here And I think it's really crucial that you understood everything what we talked about so far. Are there any questions to the first part? No, so everything is clear or not at all Okay, so then let's go on and We build a postgres as a service here together. I hope you are already excited a Small requirement list. So what should it do in the end? It should provide postgres cool instances as a self service These instances should be somehow isolated that means so if One instance get new the other one doesn't get new or also if I choose a name like test instance one It doesn't come back with there is already a database called test instance one But it's not from me, but it's from some when some Someone else. So this this means isolation. So we really need to consume and we want to set everything Of course Simple machine consumable API's And it should somehow persist the state. So if I create an instance I can then See how many instances I've created and so on And as we we store in some kind of meta database But and that's the the most important thing. It should be as simple as possible That's should be always the case So first we need a name and I called it the post trust the postgres as a service. So that's good enough I think for the moment Let's design this whole thing so a brainstorming. So how could we provide instant postgres cool instances? any ideas Docker How should the API? look like Of course, so we know already rest API is good Just that we already know it should be machine consumable. So the update thing for us might be not so important It increases complexity from the beginning we just say Create and delete is everything we need How do we implement the API? Of course just flask we could use everything else But let's stick to this one. It's simple and it does the job so first thing Docker We can manage Docker from Python. There is a Docker client library. Who knows this Docker client library? Okay, some few but not so much interesting so it has nearly all features what you can access and native Python in native Docker from Python from this client All it needs is a running Docker demon. You can connect via Local running demon or remote demon. You could also use for example swarm So then there's a whole cluster of Docker behind it And that's a personal view. I think the quality is quite good. I don't know Has someone worked with the Kafka Python client? So I had some bucks and I thought okay, maybe this strange One small example and you find one or two bucks. So this is really good. You can work with it So the first thing we need to create a postpress instance, and that's the whole code There's of course some boilerplate stuff around it, but in principle, that's the whole stuff So if you now would type it into a thing it would really run and it would do the job namely creating a postpress Docker container running a postpress in it so We connect to a client We take the image. It's just the official postpress image from Docker Then there's this thing create container and yeah, it does what it what it tells the name So we just say okay, take the postpress image name it like we want to name it Give some which internal ports should be Exported that's a normal postpress port Environment variables there we can say which user we want to have which password And how the database should be named inside the postpress instance Yeah, that's it then we can start this container give it a port and everything is fine okay, so The create already done now to get It's also really easy. So once again, we connect to the client Then we can get a list of all running containers on that client So maybe there are other containers running. So we just search for the right thing here Yeah, we search for the name. There's a bit of a quirk inside You need to remove some slash there, but we can ignore that completely So it's really easy list of containers and return the container Delete much more easy. It's a yeah Just remove that container with that ID Any questions here trivial Okay, then the restful API and We are now really really experts in it already. So we know we need some kind of a Collection resource so we name it post-grasp instances So the URI would be something like local host if we run it on local host or somewhere else slash Post-grasp instances, then we give it some parameters. There's these are the needed parameters password user database name or the Name of the instance. This should be then unique. So this is really my test database Application Sunday morning and then just return the created instance name That's it Furthermore get a list of all instances is then a get on this collection resource Get the details of an instance is the URI with the ID behind it and delete I think that's trivial So you grasp it already Then to the last part. Okay now It's a bit of code. So if you want to have a small Sleep you can do it if you're not interested in how to implement it in class, but I Go really fast through it So What I used here in this example is this flask restful package. Who knows it? quite a few So it's really easy to define a rest API using this package All you do is you implement so you make a class Which is inherited inheritance from the resource class and Then you implement the get put post and delete methods Set the URI so our collection resource which which names we want to use for these resources and Basically, we are done Furthermore for this persistence so that we can get a list of all those instances We already created we just use SQL alchemy for With some made some database For example a post as maybe in a container Okay, so the first thing the collection resource as I said we build a class and Yeah, this it's derived from this resource resource thing We can marshal something but let's ignore this one So this is a get on the collection resource so everyone knows what's coming back It's the list of all our created instances. So return this thing Then how to create a post Post-gras instance in that case. It's of course opposed to the collection resource so We pass some parameters, but let's ignore this Very important thing here is exactly what we already Saw in the beginning That's our function which creates a postgres instance Using Docker and then we just save all those information Things in a database. That's it really easy Nothing fancy here So the instance resource so with the get we get the details of a particular Postgres instance for example the username or things like this And the delete there's some more boilerplate mainly What happens if you want to delete something which doesn't exist yet? But we can ignore that so we just say okay from the database Get me the details of this instance the user wants to delete and then let's go to our Delete function from the Docker part and then afterwards if it's deleted we delete the Entry in the database really to reveal last Thing we have to do we set those URIs so the collection resource to postgres and the instance resource to postgres instances slash ID Exactly like we designed it so We are done. That's everything mainly it's imprint in principle. That's the whole code some boilerplate code here and there But you saw everything Really easy Now it's a question. Does it really work? So what do we have to do to bring it to life? So we need a docker demon running And we pull the postgres image so that it's locally available Then we start the flask server so you can use of course every VSG is a WSGI server you want to you want to use for example to unicorn or just for the test debug server then initialize the metadata and Keep calm and get you a post this so what to do We go into our terminal First we I Mean it's you can do it what however you want you also can write of course a small client Library, but here we can just use curl. It's quite convenient to have the body. We want to send in a small file called This case my post grasp on chasen it's It's a quite good idea because then you can check in this file into your get so you know how you created your Your postgres instance So with the curl command, we just say okay. It's a content type chasen We want to do a post on the Collection resource we know what happens. It should create a postgres instance and really we get back This small chasen snippet and it says okay. There is a postgres instance running. The ID is number one It's the first one. We also have the Docker container ID here and the post the postgres password on the terminal. So maybe Keep it Make it so Okay, that's it and really we can one important thing is the port here So we get dynamically assigned a port of this postgres instance. So everyone who creates now on this host Postgres gets another port, but we can connect via this small command line tweak it for postgres Here it's local host, but the port we got back here With our user and our password and tada. We have a running postgres. We can delete it Or we can use it in a small application or in some tests or whatever Okay, I think that's nice So a short summary I put it on github You can have a look there Contributions are very welcome of course It's just an example, but Really it is running now in our company since a year. It's just my hobby project, but Yeah, it's really running. So many many integration tests use it because it's really convenient. You can have a new and completely Virgin database for every test if you want to it. It's quite fast. So you can have one in let's say At most a minute until the postgres is really up and running But mostly it will be some some seconds for small experiments like hack and use here All you need now is a postgres. Yeah, okay. Now it's easy Maybe we also use it in for productive services anytime soon. Of course, it's not bulletproof, but There are ways to overcome also if this thing is not really the best Quality on earth Yeah, so far we created I think something like 200 postgres instances and when I when I looked it up It was really 50 postgres instances running on a two-core to gigabyte machine. So it really doesn't need much resources That's really nice. You can try it. You can have a look at the code, but and that's the reason for this talk You should not just say, okay, there's this one thing, but it's really about you should take home after this talk It's really easy. We don't need RBS services for everything and wait until Until they are delivered and exactly doing What they should do for you, but you can do it for your own you have all the tools now at hand so As an inspiration, for example, you can take a manual step in your delivery chain So you want to deploy an application and there's always this nasty step where you need to write a ticket to your sys admin For example, because you need a Directory on a remote file server. You don't have access to so you need to write a ticket Can you please make a directory there because I want to put my back up there? Okay, small blueprint now we have Already an idea baby. We use flask with the rest API. It could be a good idea for this We don't need Docker. We can just use the native file thingy make dear or and for delete as H util are in tree for create and delete Update we don't need it Then we design the API. What do we need maybe a name of the directory? Maybe somehow the Linux user name. I don't know permissions Quota it's up to you. It's your project But it's really trivial to implement and all you need mainly is something like a rainy Sunday afternoon So you type those 100 lines of code and you are done and you can and will impress your colleagues with that Okay So that's it a small summary Wrap up. So what you should take home today? CRD is for machines CRUD is for humans CRD is trivial to be implemented as a rest API My hypothesis most infrastructure can be expressed as CRD That means we can most infrastructure exposed via a rest API If it's only CRD, it's immutable and that's good for machines and It can be consumed from applications as a self service and why is it important to be as a self service? Yeah, we can put it in version control Yeah, and the last thing postcards is a nice example that it seems to be somehow true what I said here and Yeah That's it. Thank you. As I said, I'm working there. That's our stand Are there any questions or comments? Thank you for the talk It's interesting that you chose postgres as an example Because I can rather imagine that all other services are easily teared down and built up again but a database is containing data so Somehow the not updating principle doesn't really work for databases does it? Thank you for the question. I give you money after that. No, so It depends. For example, I have a small Internal data service. It's the weather service and I really implemented it the way that it's a Firmware database so the real data is stored as CSV files and I optimize the import of the CSV files and Normally I can do it with an with an update If it's a trivial update like Maybe adding a column but sometimes if it would be something else I would really just for example if this now the machines can do it so it's cheap to build new ones So I can build a complete clone of my application Wait for two days until the whole data is reinserted in the new state. Let's say in the beginning It was one table afterwards. It's two tables It would be really hard to do it on in one postgres to extract the data such that Now there are two tables from the content from one table before so I really can have a clone and Put in the data there if everything is up and running I can delete the old one and the new one is the next productive thing so it works Sometimes the only issue is performance or resources if it's not possible to have a clone of your system Then you need to have it like this Please people try to be quite white living Okay, there was another question, but you already answered it We have two more questions I'm interesting when you have this control over your instances and something like that Have you come to your problem? For example when you have too many Instances for the automation or something like that's the setup that you need a solution to actually Easier control all the instances or have you not come to that problem yet? I mean and to share it with all the colleagues, so you don't have to remember everything and you can Any execution tool from where we can trigger? I mean if you have for my example a more consumer solution We have a virtual machines and I have around 200 virtual machines And now I have the problem how to control them from the point. Did you think of anything from this point of view? No, so for this small example not yet, but of course it would be possible So if I understood correctly It would for example if if the host would be really if memory if it would go out of memory or something like this What different for each example that you just want to test or something like that? Yeah, so as I said Docker is a quite nice nice thing There is this Docker swarm where you can put a whole cluster behind it and it would be work It would I guess and I never tried it But I guess it would work out of the box when I just connect to a Docker swarm thing and then I could Horizontally scale the whole thing. So there's I would just then need some monitoring how What what's the load on the whole cluster, but I could just add then machines to it, but it's it's not done so far It's just it's in it's a small example and yeah We have One more question So What when you delete the Docker container it will it may leave a lot of garbage in the system for for example like Unused volumes and stuff like that. How do you deal with garbage collecting? Not yet So it's really First first of all, there are no mounted volumes We could do it for example mount the data volume of the Postgres on the host so that even we could Reuse the data in the database even if we delete it and created it, but it's not done so far So it's really a terminal and I don't know so I never had problems so far It is running on this system since November or something and memory is still fine No problem. No, I mean for example that the Postgres image that is hosted in in the Docker hub the official postgres image It has the the volume directive in the Docker file So it means that when you create the container from that image the volume is created for you and The volume that these file system it leaves somewhere deeply in in your in the file system of your host system and When you delete the container The volume that the file system is still there. It is still on your host system. So Sometime in the future you will encounter that The storage of your heart how drive is out Yeah, so in principle, that's really it's easy to answer. I Delete the easy to instance and create a new one. Yeah, that's it So you're talking about we are updating the thing and it The garbage grows and grows it's exactly if we work in this human approach where we just Incrementally change things if you really delete and wipe everything and recreate if we if we grasp that thinking that Deleting and recreating is better than most of these problems vanish from just itself. So maybe it's Was a joke a bit? I think there are there are ways But mostly I would write a Buck issue on for Docker that that's the thing I would implement Other question we have probably time for one more question. This is not the case. We thank you