Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mark Burnett – Principal Member of Technical Staff

Published byMihnea Ionescu Modified over 6 years ago

Similar presentations

Presentation on theme: "Mark Burnett – Principal Member of Technical Staff"— Presentation transcript:

1 Airship-Deckhand: Realizing Configuration Management Reliably and Predictably
Mark Burnett – Principal Member of Technical Staff Matt McEuen – Principal Member of Technical Staff November 14, 2018 © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners.

2 Overview Features Use Cases Wrap Up VNF Transition
AIC 2.5 VNF Transition Status (Note Transition Governance Bi-Weekly Update) 2018 VNF Transition Update Production Site Readiness Overview IT Transition IT App Planning Update (DCF Reconvene – Tenant Space Release) BlackFlag Update (Progress on VPMO / Other) Other Timeline Slip view Wrap Up © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 2

3 Deckhand Origin & Motivation
- Description Airship with Story of DH [~2 slides w/ graphics; 5-8 min] - Purpose - Highlight components - Story of DH - Once upon a time, there was Armada -> Drydock + Promenade integration - Found need for some shared configuration data between DD & P - Made a firm call to keep DD & P configuration separate, and solve config duplication as a specific problem with DH. - First component with a detailed design document. © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 3

4 Deckhand Origin & Motivation
June 2017 POC October 2017 Config Config Armada Shipyard Config Deckhand Armada Drydock Promenade Drydock Promenade - Description Airship with Story of DH [~2 slides w/ graphics; 5-8 min] - Purpose - Highlight components - Story of DH - Once upon a time, there was Armada -> Drydock + Promenade integration - Found need for some shared configuration data between DD & P - Made a firm call to keep DD & P configuration separate, and solve config duplication as a specific problem with DH. - First component with a detailed design document. Config © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 4

5 Deckhand Design WHY HOW Configuration de-duplication Secret management
Configuration history What HOW Configuration lives on-site Unopinionated Immutable - Purpose [1 slide, bullets; 3 min] - De-duplicate configuration, while allowing independent service configuration - Abstract secret management for other services - Provide traceability/history of site configuration - NOTE: DH is intended to solve these problems only. Room for other tooling closer to users (Pegleg, Spyglass). I sometimes think of this config as an intermediate representation. - Design Tenets [1 slide, bullets; 1-2 min] - Configuration lives on-site - Implies deployed as service into the site - Unopinionated about other service configuration data - Implies not based on templating (at the time, we already had cases of layered gotpl) - Immutable configuration sets - Avoids some surprises/races Re: de-duplication? What is the overarching use-case for this? © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 5

6 Deckhand Document Format
schema specifies valid contents of “data” key schema: example/Foo/v1 metadata: name: a-particular-document schema: metadata/Document/v1 Metadata section allows complex features without constraining data structure labels allow filtering documents labels: foo: bar layeringDefinition: layer: site substitutions: Layering and substitution are primarily de-duplication mechanisms storagePolicy allows encryption of any document - Features - Introduce document structure to ground later examples [1 slide; 2 min] - Metadata/data separation allows "unopinionated" implementation of a rich feature set - Trade off is that currently, some other component must convert from DH document format into whatever the desired case is. - Future work: Room for a future feature to render into a template of some sort. storagePolicy: cleartext Structured data section allows validation through defined schemas data: … © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 6

7 Deckhand Document Format
schema specifies valid contents of “data” key schema: example/Foo/v1 metadata: name: a-particular-document schema: metadata/Document/v1 Metadata section allows complex features without constraining data structure labels allow filtering documents labels: foo: bar layeringDefinition: layer: site substitutions: Layering and substitution are primarily de-duplication mechanisms storagePolicy allows encryption of any document - Features - Introduce document structure to ground later examples [1 slide; 2 min] - Metadata/data separation allows "unopinionated" implementation of a rich feature set - Trade off is that currently, some other component must convert from DH document format into whatever the desired case is. - Future work: Room for a future feature to render into a template of some sort. storagePolicy: cleartext Structured data section allows validation through defined schemas data: … © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 6

8 Deckhand Document Format
schema specifies valid contents of “data” key schema: example/Foo/v1 metadata: name: a-particular-document schema: metadata/Document/v1 Metadata section allows complex features without constraining data structure labels allow filtering documents labels: foo: bar layeringDefinition: layer: site substitutions: Layering and substitution are primarily de-duplication mechanisms storagePolicy allows encryption of any document - Features - Introduce document structure to ground later examples [1 slide; 2 min] - Metadata/data separation allows "unopinionated" implementation of a rich feature set - Trade off is that currently, some other component must convert from DH document format into whatever the desired case is. - Future work: Room for a future feature to render into a template of some sort. storagePolicy: cleartext Structured data section allows validation through defined schemas data: … © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 6

9 Deckhand Document Format
schema specifies valid contents of “data” key schema: example/Foo/v1 metadata: name: a-particular-document schema: metadata/Document/v1 Metadata section allows complex features without constraining data structure labels allow filtering documents labels: foo: bar layeringDefinition: layer: site substitutions: Layering and substitution are primarily de-duplication mechanisms storagePolicy allows encryption of any document - Features - Introduce document structure to ground later examples [1 slide; 2 min] - Metadata/data separation allows "unopinionated" implementation of a rich feature set - Trade off is that currently, some other component must convert from DH document format into whatever the desired case is. - Future work: Room for a future feature to render into a template of some sort. storagePolicy: cleartext Structured data section allows validation through defined schemas data: … © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 6

10 Deckhand Document Format
schema specifies valid contents of “data” key schema: example/Foo/v1 metadata: name: a-particular-document schema: metadata/Document/v1 Metadata section allows complex features without constraining data structure labels allow filtering documents labels: foo: bar layeringDefinition: layer: site substitutions: Layering and substitution are primarily de-duplication mechanisms storagePolicy allows encryption of any document - Features - Introduce document structure to ground later examples [1 slide; 2 min] - Metadata/data separation allows "unopinionated" implementation of a rich feature set - Trade off is that currently, some other component must convert from DH document format into whatever the desired case is. - Future work: Room for a future feature to render into a template of some sort. storagePolicy: cleartext Structured data section allows validation through defined schemas data: … © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 6

11 Deckhand Document Format
schema specifies valid contents of “data” key schema: example/Foo/v1 metadata: name: a-particular-document schema: metadata/Document/v1 Metadata section allows complex features without constraining data structure labels allow filtering documents labels: foo: bar layeringDefinition: layer: site substitutions: Layering and substitution are primarily de-duplication mechanisms storagePolicy allows encryption of any document - Features - Introduce document structure to ground later examples [1 slide; 2 min] - Metadata/data separation allows "unopinionated" implementation of a rich feature set - Trade off is that currently, some other component must convert from DH document format into whatever the desired case is. - Future work: Room for a future feature to render into a template of some sort. storagePolicy: cleartext Structured data section Allows validation through defined schemas data: … © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 6

12 Deckhand Deduplication: Substitution
schema: example/Foo/v1 metadata: name: source-1 data: key1: value1 schema: example/Bar/v1 metadata: name: dest-1 data: dest_key: value1 schema: example/Bar/v1 metadata: name: dest-1 substitutions: - src: schema: example/Foo/v1 name: source-1 path: .key1 dest: path: .dest_key - De-duplication - Core Ideas - Substitution [1 slide, w/ example; 2 min] - Basic re-use - Targets source by name BUT WHY!? Secrets Structured destination, not template Push vs pull How can we also give a realistic example, are words enough? Talk through cartoon example Then say WHYWHWYHWYW? And talk through armada passphrase example? © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 7

13 Deckhand Deduplciation: Layering
schema: example/Foo/v1 metadata: name: child layeringDefinition: layer: site parentSelector: arbitrary: label actions: - method: merge path: . data: deep: {child: data} schema: example/Foo/v1 metadata: name: parent labels: arbitrary: label layeringDefinition: layer: global data: deep: {parent: data} schema: example/Foo/v1 metadata: name: child data: deep: child: data parent: data - Layering [2 slides, 1 w/ example, 1 w/ cartoon/something for description-support?; 4 min] - Why layers instead of generic inheritance? - Reduce sprawl/complexity and avoid circular "inheritance". - Path dependence note: originally intended to allow multi-parent layering, but was not deemed necessary and not implemented. The vestiges remain in `metadata.layering.parentSelector` theoretically selecting multiple sources, yet the engine explicitly only allowing one parent. schema must be same © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 8

14 OUR AIRSHIP SITE DEFINITION
Deckhand Deduplication: Layering LAYERING POLICY OUR AIRSHIP SITE DEFINITION schema: deckhand/LayeringPolicy/v1 metadata: name: layering-policy schema: metadata/Control/v1 data: layers: - global - type - site Global ~24.0k LOC Type ~3.5k LOC Site ~1.8k LOC Our current usage and intent wrt layer usage Originally conceived as a minimum viable structure for our needs Configurable via LayeringPolicy Note metadata/Control/v1 metadata schema No layering/substitution for these Change DH behavior in some way Best additional example will be DataSchema, coming later Now, lots of stuff in globals, that aren’t “global” but kinda shared Want sharing between “types”, -> more layers + pegleg tooling to choose what goes in each layer Changes like this are opaque to consumer services – just get the docs they need fully rendered and do their work Are adding a few types over time, so expect load to shift from ‘global’ to ‘type’ Will split into many layers, and use pegleg to select layers for a site © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 9

15 Deckhand Deduplication: Improvements
Replacement Site-specific overrides for triage Multiple destination substitution Reduce boilerplate for repeated substitutions Recursive substitution Replace descendent data matching a pattern Iterative Improvements [1 slide; 5 minutes] Replacement Describe original "stubbing" approach, was considered verbose, but "good enough" for initial work. This proved annoying. Particularly useful for directly masking armada/Chart/v1 overrides to significantly change configuration for a specific site for triage. Multiple destination substitution Found need for same substitution over, and over, and over... Recursive substitution But even that was repetative... Needs expert illustration © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 10

16 Deckhand Stability: Validation
SCHEMA DOCUMENT schema: deckhand/DataSchema/v1 metadata: name: armada/Chart/v1 schema: metadata/Control/v1 data: $schema: type: object properties: release: type: string values: schema: armada/Chart/v1 metadata: name: nova schema: metadata/Document/v1 data: release: nc values: conf: logging: policy: (Unopinionated) User-supplied JSON schemas to validate configuration data © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 11

17 git Shipyard Pegleg Deckhand API Deckhand Security: Traceability
Pegleg collects documents together Git – expression of intent, not reality API – forward looking – e.g. query vault or other API Updates are sent to SY based on operational policy Deckhand Retains complete history of configuration that was delivered to the site Supports multiple ownership chains for document delivery (buckets) E.g. you can separate ownership and delivery of certificates from configuration SY Records auditing information for what revisions were uploaded by whom Annotates DH revisions with tags indicating updates, etc. © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 12

18 Deckhand Security: Encryption
schema: deckhand/Passphrase/v1 metadata: name: application-password storagePolicy: encrypted data: secret-password Unopinionated, so generic: `metadata.storagePolicy: encrypted` Actual secret storage is delegated to Barbican, focuses DH on abstraction, makes security surface easier to understand. Any document can leverage this, so components can define their own sensitive data types and store them appropriately (not just keys/passwords). Consistent serialization -> sent to Barbican Consumers of the API do not necessarily need to know what portions of their documents are from encrypted sources. Config/secret ownership separation possible © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 13

19 Deckhand Security: Integrations
Keystone for authentication oslo_policy for RBAC Barbican for secret storage Keystone Oslo policy for RBAC All Airship APIs are secured w/ keystone (Will be) leveraging Keystone to secure the Kubernetes API for operations personnel Deployed via OSH Barbican Pluggable backends for secret storage (enterprise friendly) storagePolicy: encrypted -> consistent serialization, then sent to barbican © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 14

20 Deckhand Use Cases Full Airship deployments
Armada + Deckhand only deployments Standalone YAML document repository Full Airship deployment (AT&T) See examples of a full configuration set in TM Using Airship to manage Kubernetes workloads with Armada, Deckhand, Pegleg (of interest to SKT?) E.g. deduplicate endpoints configuration for osh Completely separate configuration management (Possible, but not known in the wild) - Future use-cases - Add Shipyard to the limited case above? © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 15

21 Deckhand: Future Work More use-cases Simplify implementation
Improve consumability for client code - Future Work [1 slide; 1 minute] - Understand and support more use-cases - Simplify implementation - Based on compute graph - Split into multiple modules for easier consumption © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 16

22 Thanks! Treasuremap/resources airshipit.org IRC
- Future Work [1 slide; 1 minute] - Understand and support more use-cases - Simplify implementation - Based on compute graph - Split into multiple modules for easier consumption © 2018 AT&T Intellectual Property.  All Rights Reserved.  AT&T, the Globe logo, Mobilizing Your World and DirecTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.  All other marks are the property of their respective owners. 17

23

Download ppt "Mark Burnett – Principal Member of Technical Staff"

Similar presentations

Business Development Suit Presented by Thomas Mathews.

Business Development Suit Presented by Thomas Mathews.
Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.

Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Understanding Active Directory

Understanding Active Directory
System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.

System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.
Case Submittal Best Practice

Case Submittal Best Practice
Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.

Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.
Introduction to MDA (Model Driven Architecture) CYT.

Introduction to MDA (Model Driven Architecture) CYT.
1Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 8 Contract Management.

1Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 8 Contract Management.
Recuperação de Informação B Cap. 10: User Interfaces and Visualization 10.8.5, 10.8.6, 10.9 November 29, 1999.

Recuperação de Informação B Cap. 10: User Interfaces and Visualization , , 10.9 November 29, 1999.
12 Copyright © 2009, Oracle. All rights reserved. Managing Backups, Development Changes, and Security.

12 Copyright © 2009, Oracle. All rights reserved. Managing Backups, Development Changes, and Security.
System/SDWG Update Management Council Face-to-Face Flagstaff, AZ August 22-23, 2011 Sean Hardman.

System/SDWG Update Management Council Face-to-Face Flagstaff, AZ August 22-23, 2011 Sean Hardman.
IIS Manager Details Delegated Administration Configuration System.

IIS Manager Details Delegated Administration Configuration System.
Copyright 2007, Information Builders. Slide 1 iWay Web Services and WebFOCUS Consumption Michael Florkowski Information Builders.

Copyright 2007, Information Builders. Slide 1 iWay Web Services and WebFOCUS Consumption Michael Florkowski Information Builders.
Introducing Novell ® Identity Manager 4 Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/E-mail (14pt)

Introducing Novell ® Identity Manager 4 Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)
AA207: Designing a Security Policy in Laserfiche 8 Connie Anderson, Technical Writer.

AA207: Designing a Security Policy in Laserfiche 8 Connie Anderson, Technical Writer.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Workshop 4: Developing a one page business case

Workshop 4: Developing a one page business case
Ramping Up On The SharePoint Framework (SPFx)

Ramping Up On The SharePoint Framework (SPFx)
Building Enterprise Applications Using Visual Studio®

Building Enterprise Applications Using Visual Studio®

Similar presentations

Ads by Google