Automating Infrastructure Flashcards
What are the three stages to go through when you starting out automation on the network, and give an example of each one
RUN: read-only operations, list vlans, obtain inventory
WALK: Automate on-boarding, automate day to day tasks
FLY: Proactively manage users, complex automation
Why do we need automation?
Speed and agility
Scale operations
Risks of manually deployed managed networks (4)
Manual process time consuming
Subject to human error
Financial costs due to outages
Dependency on small components and many contributors
Infrastructure automation benefits (3)
Speed
Repeatability
Work at scale with reduced risk
Benefits of full-stack automation (4)
Self-Service
Scale on demand
Observability
Automated problem mitigation
As part of Automated problem mitigation, what should apps be engineered to do? (3)
Minimize blast radius - recognize issues quickly and re-route traffic
Self-heal - automatically re-deploy failed components
Monitor events - this allows fixes to be implemented
Benefits of cloud in automation
Self Service - quickly stand up whats needed
Close specifications, consistency, repeatability
Platform abstraction - the ability to containerize
Challenges of using cloud
Cloud platforms design, security may add new demands to applications
Permissions could be challenging
Unforeseen costs - resource on demand or “still running unused resource”
How should large scale app manage traffic, storage and compute
Provide good user experience
Be resilient, highly available and protect user data
Grow and shrink as per demand
Benefits of microservices
Scalability - can be scaled and load balanced across many servers
Infrastructure automation tools - EG Kubernetes can automate scaling
Challenges of microservices
Increased complexity - lots of moving parts
Automation is required - manual method is not realistic for coping
Whats the difference between Dev and Ops
Dev - were the developers that created apps
Ops - were the IT staff to make the apps work for users
Name some legacy bottlenecks
Project resourcing could take months
Limited resource
Setup and tear down not simple
When Dev and Ops fused, what did they need to do? (2)
Make coders responsible for deployment and maintenance
Treat virtualisation as code
What were the 3 key defining moments for DevOps evolution?
1: SRE
2: Debois - Agile infrastructure
3: Allspaw and Hammond - Best practice
What is the SRE approach based on? (6)
Shared responsibility Embrace of risk Acknowledgment of failure as normal Use automation to reduce toil Measurement of everything Qualifying success in terms of meeting quantitative service-level objectives
Name 3 best practice that Allspaw and Hammond presented
Automated infrastructure.
Shared version control.
Single-step builds and deployments.
Name 3 best practice for DevOps
Automation - reduce cost and reduce toil
Failure is normal - this should drive to build better systesm
Re-frame availability - SLO/SLI
Name two basic tools for scripting?
Bash
Python
Name 4 ways to make a script efficient
Standardising parameters, flags and errors
Create hierarchy and logically
Create high-level scripts for entire deployments and low-level for phases
Make code generic and re-usable as possible
What is idempotency
Any script to lead to the desired state regardless of what the state was.
Principles of idempotency
Look before you leap: if it aint broke don’t fix it
Get a good known state before making changes
Test for idempotency: ensure there are no side effects of automation
One bad apple spoils the bunch: all parts of the code need to be idempotent
What benefit do you get out of automation tools? (6)
Simplify and Standardise Accelerate development with out the box features Facilitate reusability Perform discovery and manage inventory Handle Scale Engage community
Procedure or declarative: Ansible
Declarative
Procedure or declarative: Puppet
Declarative
Procedure or declarative: Chef
Procedural
Define Procedure vs declarative
- Procedure code can achieve idempotency
- Declarative - static model that represents the desired model
Describe the differences between.
Provisioning; configuration; deployment; orchestration
Provisioning - getting things ready
Configuration - installing base applications and enable testing
Deployment - building, arranging, integrating multi component apps, eg DB cluster
Orchestration - some form of automation
In terms of Orchestration what is the difference between Concretely and Abstractly
Concretely - autoscaling or self-healing
Abstractly - process workflows like self-service
Define the difference between stateless and not stateless in terms of app and server relation
Not stateless: an app saves important info in local files
Stateless: an app saves to remote files/database and requires no memory of state between invocations
Name 3 popular automation tools
Ansible, Puppet, Chef
What characteristics to automation tools share
Easy to learn
Open source
Adapters available for a given platform, eg AWS, UCS
What architecture does Ansible have?
Control nodes
What can a control node do in Ansible?
- Run shell commands on remote targets via Rest interface
- Inject python scripts on targets
- Install python on targets
What data structure does Ansible use?
YAMl
Describe the Ansible folder structure (5)
Inventory file (hostfiles) - organises your inventory of resources
Variable files - variables relating to hosts
Library and utilities - contain modules to interact with hosts/resources eg ACI
Main playbook file - YAML may reference other low level roles
Role folder and files - These are like submodules, each role folder contains task folders with main.yml in each. It also contains handler task files
What software is available to control multiple Ansible nodes
Red Hat Ansible Tower
AWX
Ansible define Module
Code to perform an action on a managed device. Often written in Python.
Ansible define Task
An action pointing to a given module. Can accept argument and actions.
Ansible define Play
A set of Tasks to a host or group of hosts.
Ansible define Playbook
A set of Plays, written in a YAML file.
Ansible define Role
A set of Playbooks that can repeatedly execute a standard configuration. You can assign multiple roles to a single host.
Ansible define Inventory
A set of devices on which you run playbooks.
Describe puppet architecture
Server for Master; Facter and PuppetDB
Client called Puppet Agent
Modules for non-agent able devices
Proxy agent to manage non-agent devices
How many hosts can a puppet server handle
4000
Name Chef components (4)
Chef Workstation: a standalone operator workstation
Chef Infra Client (host agent): runs on hosts; Cookbooks enable control on non chef clients, eg ios
Chef Infra Server: Replies to clients and responds to configuration updates
Chef workstation components (5)
CLI tools for authoring cookbooks and applying to hosts
Interacting with server to bootstrap new servers
Test Kitchen - for testing
ChefSpec - simulates code before implementing
InSpec - security/compliance auditing
What Chef community provides Cookbooks
Chef Supermarket
How many hosts can a Chef server handle
10000
What is GitOps?
Treating infrastructure as code and single source of truth. It makes deploying a server quicker and standarised
Benefits of having infrastructure as code
Rapid reconvergence to a desired state, eg device replacement
Portability - network config moves with server/application
Version control
What is pyAts?
Network device test and validate solution written in Python
pyAts features
Modules available to use in Python
Testing modules available, Aetest, Easypy
CLI for test and interrogation of devices
How do you obtain doc/help on an ansible module
ansible-doc mod_name
Command to execute a playbook called site.yml and inventory called inv.txt
ansible-playbook -i inv.txt site.yml
What sources of data can pyAts consume?
JSON, excel as YANG Models
