Mandi Walls | Technical Community Manager | mandi@chef.io@lnxchk

Successful Practices

forContinuous

Delivery

Mandi WallsTechnical Community Manager for EMEA@lnxchkmandi@chef.io

EVERY business is a software business

We’re going to be a software company with airplanes.

– CIO, Alaska Airlines

It’s Hard!?!?• “DevOps” is now seven years old• There are still plenty of people who reject it• But even simple practices can improve quality of delivery• DevOps Report found in their 2014 survey that Ops using version

control was a significant indicator of success• https://www.perforce.com/blog/140829/devops-version-control-even-more-importan

t-ops-dev

Getting to Continuous Integration or Continuous Delivery takes time, but the steps to get there are now well understood

Quality and innovation, historically a tradeoffQU

ALIT

Y/CO

MPL

IANC

E

RATE OF INNOVATION

The game changer: rapid time to value

Innovation

Quality/Compliance

DynamicInfrastructure

Dynamic infrastructureMigrate applications to the cloud and support hybrid and multi-cloud environments. Automate the management of heterogeneous networks, including legacy systems.

• Provisioning and setting up environments • Dynamic scaling of compute resources• Migrating legacy workloads to the cloud• Multi cloud and hybrid cloud deployment• Support for heterogeneous environments

The game changer: rapid time to value

Innovation

Quality/Compliance

DynamicInfrastructure

Infrastructure as Code

Automate the Stack

+

Infrastructure as Code• Programmatically provision and

configure components• Treat like any other code base• Reconstruct business from code

repository, data backup, and compute resources

Build your solid foundation

AutomationTurn infrastructure into code—infrastructure as code is versionable, testable and repeatable. Manual processes become a thing of the past.

• Automated, full-stack application policies• Package and service installation• Versionable, testable, repeatable workflow• Scalable application policies• Management of interdependencies across nodes

Describe Infrastructure as Codehttpd_service 'customers' do mpm 'prefork' action [:create, :start]end

httpd_config 'customers' do instance 'customers' source 'customers.conf.erb' notifies :restart, 'httpd_service[customers]'end

directory '/var/www/customers/public_html' do recursive trueend

Test the Codedescribe 'apache::default' do context 'When all attributes are default, on an unspecified platform' do

let(:chef_run) do runner = ChefSpec::ServerRunner.new runner.converge(described_recipe) end

it 'converges successfully' do expect { chef_run }.to_not raise_error end

it 'installs apache' do expect(chef_run).to install_package 'apache2' end endend

Version the Code & the Artifact

name 'cmgw'maintainer 'Chef Software, Inc.'maintainer_email 'nharvey@chef.io'license 'apache2'description 'Installs/Configures cmgw'long_description 'Installs/Configures cmgw'version '0.1.0'

The game changer: rapid time to value

Innovation

Quality/Compliance

DynamicInfrastructure

Infrastructure as Code

Automate the Stack

DevOps

+ +

DEVOPSA cultural and professional movement, focused on how we build and operate high velocity organizations, born from

the experiences of its practitioners.

PEOPLE

PRODUCTS

COMPANIES

BE LEAN• Eliminate non-value-added action (Waste/Muda)• Pull over Push• Kaizen (Continuous Improvement)• Kaikaku (Disruptive Change)• Small Batch + Experimentation

UBIQUITOUS WORKFLOW AUTOMATION

DevOps workflow & cultureEliminate silos and lower the overhead of IT operations and service management by supporting DevOps culture. Build communities.

• Unified workflow for application and infrastructure

• Integration with version control for dev and ops

• Support for automated testing of infrastructure and applications

• Integration of security and compliance into product development

• Advanced, high-velocity workflow

The rewards?*

*source: Dr. Nicole Forsgren research on DevOps

More deployments

Ship faster

Faster MTTR after issues More profits, market share, and productivity

Market cap goes up

Continuous delivery of infrastructure & appsImplement a high-velocity software delivery pipeline that integrates application and infrastructure. Eliminate the risks incurred with large, infrequent releases.

• Rapid provisioning of dev and test environments

• Ensure consistency and repeatability of environments

• Unified pipeline for infrastructure, runtime environments and applications

• Support for large teams with multiple projects

• Advanced, high-velocity workflow

MANAGE RISK

• Small batches, near term hypothesis• Validation comes from customers• Introduce near-term volatility to gain decreased

long-term risk

CONTINUOUS INTEGRATION

• Always integrate branches to master• They should be short lived, iterative branches• Fix the build when it goes red

THE FOUR-EYE RULE

WRITE TESTS

• Unit test (a single function)• Integration tests (multiple classes/units)• Functional tests (user-oriented, high-level, full

stack)• Smoke tests (quickly determine if the system is

“working”)

ONE PATH FOR CHANGE

• The way change moves through your organization is fixed

• Designed to re-enforce your principles and aid flow

• Flexible at the level of execution

CODE GOES THROUGH THE SAME WORKFLOW

Applications are codeInfrastructure is code

Security and compliance at velocityRegulatory compliance and security concerns are facts of life for every enterprise. At the same time, competitive pressures are increasing. Embed requirements into the software delivery pipeline. Code makes compliance at velocity possible.

• Embed compliance into the software delivery pipeline

• Automated checking of compliance criteria with analytics

• Structured review process during development

• Discovery and analysis• Patch management and remediation

SSH Control

SSH supports two different protocol versions. The original version, SSHv1, was subject to a number of security issues. Please use SSHv2 instead to

avoid these.

Dev QA Stage Security Review Prod

Product Ideas and Features

Security Review

Production

Dev QA Stage Prod

Dev QA Stage Prod

"Scanning"

Afterthought Scanning

Too Late!

What We Have Here Is A Communications Problem

SSH Version Checkdescribe sshd_config do impact 1.0

title 'SSH Version 2'

desc <<-EOF SSH supports two different protocol versions. The original version, SSHv1, was subject to a number of security issues. Please use SSHv2 instead to avoid these. EOF

its('Protocol') { should cmp 2 }end

So what does CI/CD look like?• After all of these pre-requisites, we can do:

Create small changes focused on providing value to our applications Provision development, testing, staging environments that match production using

our infrastructure as code Build our security and compliance requirements into the workflow to eliminate

later surprises Pass ALL CHANGES through the same workflow, the same tests

Unified Pipeline ShapeThe stages are fixed, and each stage has a fixed set of phases

VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER

LintSyntax

UnitSecurityQualityPublish

LintSyntax

Unit

ProvisionDeploySmoke

Functional

Provision

DeploySmoke

Functional

ProvisionDeploySmoke

Functional

ProvisionDeploySmoke

Functional

Submit

Change

Does thiscode changelook good?

Do we wantto ship this?

Shared WorkflowDelivery’s pipeline is shared across projects and teams

Chef Provides a Proven Approach to DevOps

Apps

Runtime environments

Infrastructure

...

...

...

Targets/Workloads

Collaborative Dev Production

Chef Server

Chef Server

Chef Supermarket

Assessment

Chef Compliance

SearchAuditDiscover

ProvisionDeploy

Test

Chef Delivery

Local Dev

ModelBuildTest

Chef DK

Chef Client & Cookbooks

Visit Our Booth To Learn More#425