Presentation is loading. Please wait.

Presentation is loading. Please wait.

Continous Integration & Continous Deployment - For the new nameserver infrastructures of DENIC eG 15/10/03 – Christian Petrasch

Published byGillian Newman Modified over 9 years ago

Similar presentations

Presentation on theme: "Continous Integration & Continous Deployment - For the new nameserver infrastructures of DENIC eG 15/10/03 – Christian Petrasch"— Presentation transcript:

1 Continous Integration & Continous Deployment - For the new nameserver infrastructures of DENIC eG 15/10/03 – Christian Petrasch petrasch@denic.de

2 2 © DENIC eG Motivation Short overview about the old structures Configuration via CFengine2 Nameserver software rollout via CFengine2 Virtualization via images and XEN ( not XenServer ) Monitoring via Nagios DE, enum and several customer TLDs 18 locations Nearly 300 servers for DNS

3 3 © DENIC eG Motivation Problems with the old deployment technics  Server images are hard to maintain and keep up to date  CFengine2 is oversized / Migration from CF2 to CF3 complicated  A lot of manual, decentral configuration ( storage, monitoring, server rollout )  No centralized administration  Routing control ( slow and unreliable )

4 4 © DENIC eG Motivation Consilidated....  Every change takes a lot of time - For a new customer we needed several weeks – AAAAAAAAARGGGGGHHH!!!!!!  Old processes with this amount of servers not very handy –  Configuration failures were nearly unavoidable  Images prevent nearly all kind of server updates because of too much downtimes And we change our hardware.....WE NEED STH. NEW !!!!!

5 5 © DENIC eG Motivation Maybe Continous integration !! What to do ? Colleagues from other team already do this …!

6 6 © DENIC eG Motivation But in reality for DENIC... Infrastructure as Code Automated tests Possibility to change sth. without service outages Staging infrastructure Possibillity to integrate updates and changes continously Software defined datacenter ? Virtualization ? Immutable servers ? Hmmmm ?

7 7 © DENIC eG Motivation At 2012 we startet with CI/CD with our registry Input Test Rollout AKTIVE

8 8 © DENIC eG Motivation ? After we got a lot of experiences with the registry datacenter CI/CD infrastructure we knew, that CI/CD technics give us a lot advantages... Less outages Increased agility with changes and updates Improved scaling of hardware ressources Do better and automated testing Good … so do this for DNS infrastructure and solve the old problems and obstacles !!

9 9 © DENIC eG Motivation Technics have great benefits for DNS infrastructure: Reinstallation of a single location fully automated Big security increase because of immutable servers, after rebuild possible malware etc. removed Automated deployment and testing, parallel installations of all locations should be possible Centralized administration platform Implement new server only in database and installation fully automated Improved control of nameservers and routing via GUI Improved testing Improved automation at monitoring For our customers this would be also a great benefit !! We could react very much faster and implement updates and customers on time !!

10 10 © DENIC eG How to reach the goal – Development Steps to CI/CD for DNS Developing concepts Questions Same tools as registry platform ? Which virtualization ? How to do configuration management ? Which software to control everything ? What is needed to connect everything ? What to do Consolidate requirements Evaluate and test several hypervisors Decide how to want to do configuration management Evaluate and test orchestration solutions Develop a toolstack

11 11 © DENIC eG How to reach the goal – Development Steps to CI/CD for DNS Requirements ( the most important ) Highly reliable and stable High cost efficency Central administration Easy to use, update, test and automate Highly automated minimized unavoidable downtimes and guarantee of no service outage during reinstallation

12 12 © DENIC eG How to reach the goal – Development Steps to CI/CD for DNS The hypervisor decision Tested VMware, XENserver, KVM Tested for Performance, Cost efficiency, Security Reasons: Performance good enough Security better than KVM Free, VMWare too expensive DECISION: XENserver (free license)

13 13 © DENIC eG How to reach the goal – Development Steps to CI/CD for DNS Configuration management Reasons: Has a good Python API We need cobbler as installserver, why not as configuration tool Cobbler can do configuration templating during installation No need for Cfengine etc. DECISION: Do it with Cobbler..

14 14 © DENIC eG How to reach the goal – Development Steps to CI/CD for DNS The orchestration Centralized User interface Easy to implement, maintain and expand Reasons: Ansible is written in Python, many plugins Easy to learn Usable for nearly every hardware Jenkins is a good GUI with a lot of Plugins DECISION: Do it with Ansible and Jenkins

15 15 © DENIC eG How to reach the goal – Development Steps to CI/CD for DNS How to connect all tools to a complete toolstack Common API Maybe plugins, modules, etc. available Reasons: Tools are all in Python ( API ) ( Python ) Inhouse experiences ( PostgresSQL ) Netconf: Easy to implement as python module in ansible DECISION: Do it with Postgres, Python, netconf

16 16 © DENIC eG How to reach the goal – Development Steps to CI/CD for DNS Deployment Strategy Two possibilities Switch between BLUE and GREEN infrastructure ( like registry ) Advantage: Building of servers not in environment with current production Serial deployment server by server Advantage: Service could be provided continously without double the hardware costs. DECISION: Do it serial, supposing service could be provided with no outage with one nameserver during reinstall. Furthermore double number of hardware in location was not really an option

17 17 © DENIC eG Implementation in the infrastructure and the final processes The final processes Processes Installation ( and reconfiguration ) of servers Implemented automated testing Administration of the deployment strategy Administration of the infrastructure via Jenkins and Ansible Routing administration of all anycast clouds Central monitoring and logging

18 18 © DENIC eG Implementation in the infrastructure and the final processes DENIC developed parts of the toolstack: Nslconfig ( Python ) Edit and read configuration items in database: profiles, locations, customers, systems etc. Cobbler_control ( Python ) Communicates with cobbler api and do all jobs which are necessary PostgreSQL Database for all information, which is necessary to build and configure servers. Ansible Ansible is the logic for all purposes behind jenkins

19 19 © DENIC eG Implementation in the infrastructure and the final processes The new staging process Input Test Serial Rollout

20 20 © DENIC eG Implementation in the infrastructure and the final processes The final process and the deployment strategy Input Control Routing Monitoring Install Test Install Maintenance

21 21 © DENIC eG Implementation in the infrastructure and the final processes Deployment Strategy Decision with serial deployment was a good decision ( Rebuild NSL UK1 15/09/17 – 8:05 am – 8:49 am )

22 22 © DENIC eG Automated tests Integration stage rebuilds at least every night Integrationtests Functional tests to ensure nameserver could answer all record types we have in our zone Functional tests to ensure nameservice answers during reinstallation Nightly lightweight nameserver software performance tests

23 23 © DENIC eG Automated tests Smoketests ( performed by ansible ) All server Installed and functional monitoring, ssh, ntp, passwords correct set, defined hardening standards are fulfilled For each type of server in our NSL special tests C heck that all necessary processes are running and responding Nameserver Processes: Check if DSC is installed and running Services: Check if unallowed AXFR possible Nameserver answers at every configured interface

24 24 © DENIC eG Further Benefits Goals reached !! Central Admin-GUI Rebuild of a location in 45 min Parallel installation of all locations possible because of serial deployment Production-readyness is ensured through smoketests Automated monitoring integration with templates

25 25 © DENIC eG Future plans Automation of network ( SDN ) including automated testing Automation of hypervisor installations and updates Implement additional monitoring and measurements Rebuild location faster Increasing test coverage

26 26 © DENIC eG Thank you! Questions? petrasch@denic.de

Download ppt "Continous Integration & Continous Deployment - For the new nameserver infrastructures of DENIC eG 15/10/03 – Christian Petrasch"

Similar presentations

Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.

Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.
Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.

Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.
Live Migration of an Entire Network (and its Hosts) Eric Keller, Soudeh Ghorbani, Matthew Caesar, Jennifer Rexford HotNets 2012.

Live Migration of an Entire Network (and its Hosts) Eric Keller, Soudeh Ghorbani, Matthew Caesar, Jennifer Rexford HotNets 2012.
Profit from the cloud TM Parallels Dynamic Infrastructure AndOpenStack.

Profit from the cloud TM Parallels Dynamic Infrastructure AndOpenStack.
1 Vladimir Knežević Microsoft Software d.o.o.. 80% Održavanje 80% Održavanje 20% New Cost Reduction Keep Business Up & Running End User Productivity End.

1 Vladimir Knežević Microsoft Software d.o.o.. 80% Održavanje 80% Održavanje 20% New Cost Reduction Keep Business Up & Running End User Productivity End.
© 2014 VMware Inc. All rights reserved. BlazeMeter Load Testing Solution with vCloud Air High-level Overview Jan 2015.

© 2014 VMware Inc. All rights reserved. BlazeMeter Load Testing Solution with vCloud Air High-level Overview Jan 2015.
ITIL: Service Transition

ITIL: Service Transition
Antony Jo The University of Montana. Virtualization  The process of abstraction; making something more abstract  Many types: Server Desktop Application.

Antony Jo The University of Montana. Virtualization  The process of abstraction; making something more abstract  Many types: Server Desktop Application.
Copyright 2009 FUJITSU TECHNOLOGY SOLUTIONS PRIMERGY Servers and Windows Server® 2008 R2 Benefit from an efficient, high performance and flexible platform.

Copyright 2009 FUJITSU TECHNOLOGY SOLUTIONS PRIMERGY Servers and Windows Server® 2008 R2 Benefit from an efficient, high performance and flexible platform.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
IT Administrator Lifecycle Lifecycle Services Dashboard & CustomerSource Roles Developer Business Analyst Information Tools/Service s Project.

IT Administrator Lifecycle Lifecycle Services Dashboard & CustomerSource Roles Developer Business Analyst Information Tools/Service s Project.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
SMS Gateway OZEKI NG Document version: v.1.0.0. Adding SMS functionality to SysAid.

SMS Gateway OZEKI NG Document version: v Adding SMS functionality to SysAid.
VMware vCenter Server Module 4.

VMware vCenter Server Module 4.
 Advantages  Easy to learn  Graphical Advantages  Help and Support  Widely used  Software compatibility  Customisable  Customisable Hardware 

 Advantages  Easy to learn  Graphical Advantages  Help and Support  Widely used  Software compatibility  Customisable  Customisable Hardware 
© 2010 VMware Inc. All rights reserved Data Protection Module 10.

© 2010 VMware Inc. All rights reserved Data Protection Module 10.
November 2009 Network Disaster Recovery October 2014.

November 2009 Network Disaster Recovery October 2014.
At the North of England Institute of Mining and Mechanical Engineers Library, Newcastle upon Tyne.

At the North of England Institute of Mining and Mechanical Engineers Library, Newcastle upon Tyne.
VAP What is a Virtual Application ? A virtual application is an application that has been optimized to run on virtual infrastructure. The application software.

VAP What is a Virtual Application ? A virtual application is an application that has been optimized to run on virtual infrastructure. The application software.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Similar presentations

Ads by Google