Deploy Stuff, Run StuffJax Devops London 2017

Kris Buytaert

@krisbuytaert

Kris BuytaertKris Buytaert● I used to be a Dev,I used to be a Dev,● Then Became an OpThen Became an Op● Chief Trolling Officer and Open Source Chief Trolling Officer and Open Source

Consultant @Consultant @inuits.euinuits.eu● Everything is an effing DNS ProblemEverything is an effing DNS Problem● Building Clouds since before the bookstoreBuilding Clouds since before the bookstore● Some books, some papers, some blogsSome books, some papers, some blogs● Evangelizing devopsEvangelizing devops● Organiser of #devopsdays, #cfgmgmtcamp, Organiser of #devopsdays, #cfgmgmtcamp,

#loadays, ….#loadays, ….

What's this devops What's this devops thing anyhow ? thing anyhow ?

Culture,Culture,automation, automation,

Measturement,Measturement,

sharingsharing

the “old” days the “old” days ● ““Put this Code Live, here's a tarball” NOW! Put this Code Live, here's a tarball” NOW!

● What dependencies ?What dependencies ?

● No machines available ?No machines available ?

● What database ?What database ?

● Security ?Security ?

● High Availability ? High Availability ?

● Scalability ?Scalability ?

● My computer can't install this ?My computer can't install this ?

Blamefull OrganisationsBlamefull Organisations

HistoricallyDifferent GoalsHistoricallyDifferent Goals

DevelopmentDevelopment

● New releasesNew releases

● New FeaturesNew Features

● New platformsNew platforms

● New architecturesNew architectures

● Functional ReqFunctional Req

OperationsOperations

● Stable PlatformStable Platform

● No DowntimeNo Downtime

● Scalable PlatformScalable Platform

● Non Functional ReqNon Functional Req

MethodologiesMethodologies● Waterfall Waterfall

● Watermill Watermill

● SAFESAFE

● Scrum● Kanban

DOD in ScrumDOD in Scrum

• DoD is a checklist of valuable activities required DoD is a checklist of valuable activities required to produce software.to produce software.

• Definition of Done is a simple list of activities Definition of Done is a simple list of activities (writing code, coding comments, unit testing, (writing code, coding comments, unit testing, integration testing, release notes, design integration testing, release notes, design documents, etc.) that add documents, etc.) that add verifiable/demonstrable value to the product.verifiable/demonstrable value to the product.

• DoD is the primary reporting mechanism for DoD is the primary reporting mechanism for team members.team members.

Done means testedDone means tested

Done means deployedDone means deployed

In productionIn production

If it isn't monitored it isn't in If it isn't monitored it isn't in productionproduction

Done = In production and Done = In production and MonitoredMonitored

A software project is not done until A software project is not done until

your last enduser is in his grave ! your last enduser is in his grave !

Kris Buytaert, #devopsdays Amsterdam 2013Kris Buytaert, #devopsdays Amsterdam 2013

Culture, Culture,

Automation,Automation,Measurement,Measurement,

SharingSharing

NF RequirementsNF Requirements

Non functional requirements are not part of a Non functional requirements are not part of a sprintsprint

the un-buildablethe un-buildable● The libraries you depend on have been The libraries you depend on have been

removed by the upstream authorremoved by the upstream author

• Too oldToo old

• AbandonnedAbandonned

● You haven't specified the versions and the You haven't specified the versions and the 'latest' version is 'latest' version is

• BrokenBroken

• incompatibleincompatible

● Rubybems.org,Github.com is downRubybems.org,Github.com is down

the un-packageablethe un-packageable

the un-packageablethe un-packageable

the un-deployable the un-deployable ● You require manual changes to filesYou require manual changes to files

• Files in different locationsFiles in different locations

● Your haven't versioned all the filesYour haven't versioned all the files

• Plenty of files are missingPlenty of files are missing

• Missing librariesMissing libraries

● Do you really expect everyone to know how to Do you really expect everyone to know how to deploy your Flavour of the week stackdeploy your Flavour of the week stack

““If my computer If my computer can't install it, can't install it, the installer is the installer is broken”broken”

Luke Kanies at Luke Kanies at

Fosdem (2007)Fosdem (2007)

the un-configurable the un-configurable ● Sometimes the preconfigured oneSometimes the preconfigured one

● Config is inside the build artifactConfig is inside the build artifact

• .war, binary, code .war, binary, code

● Redeploy / restart is required to reconfigureRedeploy / restart is required to reconfigure

● Log on with the credentials generated in Log on with the credentials generated in /tmp/blahX2312/tmp/blahX2312

● Click on the 3rd button on the left, then down Click on the 3rd button on the left, then down and first on the right.and first on the right.

As an Ops person As an Ops person ““As a system administrator, I can tell when As a system administrator, I can tell when software vendors hate me. It shows in their software vendors hate me. It shows in their products.”products.”

““DON'T make the administrative interface a DON'T make the administrative interface a GUI. System administrators need a GUI. System administrators need a command-line tool for constructing command-line tool for constructing repeatable processes. Procedures are best repeatable processes. Procedures are best documented by providing commands that documented by providing commands that we can copy and paste from the procedure we can copy and paste from the procedure document to the command line. We cannot document to the command line. We cannot achieve the same repeatability when the achieve the same repeatability when the instructions are: "Checkmark the 3rd and instructions are: "Checkmark the 3rd and 5th options, but not the 2nd option, then 5th options, but not the 2nd option, then click OK." Sysadmins do not want a GUI that click OK." Sysadmins do not want a GUI that requires 25 clicks for each new user.”requires 25 clicks for each new user.”

Thomas A. Limoncelli in ACM Queue December 2010Thomas A. Limoncelli in ACM Queue December 2010

http://queue.acm.org/detail.cfm?id=1921361http://queue.acm.org/detail.cfm?id=1921361

the un-runnablethe un-runnable● You shipped a .exe fileYou shipped a .exe file

• We run on LinuxWe run on Linux

● You shipped a Docker fileYou shipped a Docker file

• We have no containerized infrastructureWe have no containerized infrastructure

● Your application connects to 10.0.0.1:3306 Your application connects to 10.0.0.1:3306

● Your application connects to Your application connects to myapp.ourcompany.com myapp.ourcompany.com

● Your code requires Python 5Your code requires Python 5

• We are on EL 7We are on EL 7

the un-clusterablethe un-clusterable● Where is your state ?Where is your state ?

● How do you know where to connect to ?How do you know where to connect to ?

● /tmp is not a distributed filesystem/tmp is not a distributed filesystem

the un-cloudablethe un-cloudable● Where is your state ?Where is your state ?

the un-securedthe un-secured● Clear text passwords in config filesClear text passwords in config files

● Passwords as parametersPasswords as parameters

● No encryption No encryption

● Vague ssl version build inVague ssl version build in

● No authentication at all No authentication at all

● Users are stored locallyUsers are stored locally

Culture, Culture,

Automation,Automation,

Measurement :Measurement :

measure all the thingsmeasure all the thingsSharingSharing

the un-monitorablethe un-monitorable● Is this thing even on ? Is this thing even on ?

● Logs ?Logs ?

● Log verbosity ?Log verbosity ?

● Log corelation ? Log corelation ?

● Consistent output for testingConsistent output for testing

● If the enduser calls, your monitoring has failedIf the enduser calls, your monitoring has failed

the un-measurablethe un-measurable● No metrics,No metrics,

● No log entries to derive metrics from,No log entries to derive metrics from,

● Please provide Please provide

• MetricsMetrics

• Health / status page / apiHealth / status page / api

• LogsLogs

Culture, Culture,

Automation, Automation,

Measurement,Measurement,

SharingSharing

This new 'D' hypeThis new 'D' hype● New kid on the block New kid on the block

● Vagrant-lxc with a nice cliVagrant-lxc with a nice cli

● The Ultimate “devops tool” The Ultimate “devops tool”

● ““Unseen” growth Unseen” growth

● Docker is the new cool thing to doDocker is the new cool thing to do

DockerDockerDockerDocker

DockerDockerDockerDocker

DockerDocker

DockerDocker

A typical Enterprise A typical Enterprise ContainerContainer

● No different from a No different from a full vmfull vm

● Multiple services Multiple services running in one running in one containercontainer

● Ssh is the default Ssh is the default connectionconnection

Why ?Why ?● I want a VMI want a VM

• Please fill in these 4 formsPlease fill in these 4 forms

• Wait 2 weeks.Wait 2 weeks.

● RepeatRepeat

IT Departments have not adapted,IT Departments have not adapted,

'Shadow'-IT is winning'Shadow'-IT is winning

These DaysThese Days● ““Put this Code Live, here's a Docker Put this Code Live, here's a Docker

Container ” Container ”

● No machines available ?No machines available ?

● What database ? Where to store the What database ? Where to store the data ?data ?

● Security ? What distro is this even ? Security ? What distro is this even ? Bad Cows ? Bad Cows ?

● How do we monitor his ?How do we monitor his ?

● Backups ?Backups ?

● How did you build this ?How did you build this ?

11 days into operations11 days into operations● ““Put this Code Live, here's Put this Code Live, here's

Dockerfile” Dockerfile”

● What corporate proxy ?What corporate proxy ?

● Oh I missed 2 other containersOh I missed 2 other containers

● Security ? What distro is this even ? Security ? What distro is this even ? Bad Cows ? Bad Cows ?

● What do you mean “We are a RHEL What do you mean “We are a RHEL shop ?”shop ?”

Closing the gaps between dev and ops, Closing the gaps between dev and ops, AGAIN !!AGAIN !!

● Where do your containers come from ? Where do your containers come from ?

● Who build it ? Who build it ?

● Can you rebuild it ?Can you rebuild it ?

● Do you even need a containerDo you even need a container

● How do you build the hosts that run the How do you build the hosts that run the containers ?containers ?

● Infrastructure as code ++Infrastructure as code ++

Image Build by devs, Image Build by devs, maintained by nobodymaintained by nobody

Can you ?Can you ?● When GitHub is down ? When GitHub is down ?

● When rubygems.org is When rubygems.org is down ?down ?

● When someone removes When someone removes a Node.js library ?a Node.js library ?

● Fix critical Security Fix critical Security Issues ?Issues ?

● Can your business surive Can your business surive if you answer NO to if you answer NO to these questions ?these questions ?

● I love docker as a I love docker as a technologytechnology

● I hate that it too often I hate that it too often put us back 5 years with put us back 5 years with regards to Culture regards to Culture adoptionadoption

● Docker is an easy victim, Docker is an easy victim, there's other tools that there's other tools that create similar situationscreate similar situations

● It's still mostly about It's still mostly about CultureCulture

It's still about It's still about collaborationcollaboration

It's not about the tools It's not about the tools

It's about change It's about change

It's about the people It's about the people

ContactContactKris Buytaert Kris Buytaert Kris.Buytaert@inuits.beKris.Buytaert@inuits.be

Further ReadingFurther Reading@krisbuytaert @krisbuytaert http://www.krisbuytaert.be/blog/http://www.krisbuytaert.be/blog/http://www.inuits.be/http://www.inuits.be/

InuitsInuits

Essensteenweg 31Essensteenweg 31BrasschaatBrasschaatBelgiumBelgium891.514.231891.514.231

+32 475 961221+32 475 961221