solving ci operational challenges

of 19/19
@hashicorp Solving CI Challenges Nicolas Corrarello @nomadic_geek May / 2017

Post on 22-Jan-2018

58 views

Category:

Software

1 download

Embed Size (px)

TRANSCRIPT

  • @hashicorp

    Solving CI ChallengesNicolas Corrarello @nomadic_geek May / 2017

  • whoami

    3

    - Nico - General geek and DadOps beginner - Opinionated Italian - Argentinian with a hard to pronounce surname - Red Hat, Symantec, Rackspace, Puppet, Hashicorp - ncorrare @github, sgtpepper @freenode - http://nicolas.corrarello.com

    http://nicolas.corrarello.com

  • https://en.wikipedia.org/wiki/Elephant

  • https://commons.wikimedia.org/wiki/File:Pride_of_Pets_Dog_Show,_2011_(6271388774).jpg

  • Issues with CI servers and pipelines

    How do I ensure my build environment matches my actual environment?

    How to provide an homogeneous workflow for consuming credentials in my

    pipeline and in my production environment?

    How do I store and retrieve credentials securely?

    How do I sign and verify binaries to ensure parity between CI and

    production?

    How do I know I am testing against the correct services in a very dynamic

    infrastructure?

    Most importantly, how do I accomplish all of this programmatically?

  • Audience participation warning

    Are you compromising on security for agility?

    How close are your tests to your real world?

    How many manual steps are there from development to production?

  • https://www.n00py.io/2017/01/compromising-jenkins-and-extracting-credentials/

  • Throw it over the wall

    https://tisquirrel.files.wordpress.com/2015/06/anti-copy-4.png

    Do both sides of the wall look the same?

  • https://commons.wikimedia.org/wiki/Cloud#/media/File:Sc_2.jpg

    https://commons.wikimedia.org/wiki/Cloud#/media/File:Sc_2.jpg

  • Provision, secure, and run any infrastructure for any application

    14

  • VAULT

    15

    Provide Secret Governance

    Privilege Access Management

    Securely Store Any Secret

    Encryption as a service

    Eliminate Secret Sprawl

    Secrets Management

  • NOMAD

    16

    Service & System | Long runningDisbatch Workloads | Short-lived, elasticBatch Workloads | Big Data

    High-Availability, Hybrid CloudEfficient Resource UtilizationHigh Performance

  • 17

    Event driven orchestration

    Orchestration

    Dynamic configuration at scale

    Runtime Configuration

    Services can find other services

    Service Discovery

    CONSUL

  • Operational Patterns

    Vault as centralised secret store

    Sign and verify artefacts with Vault

    Encrypt and decrypt payloads with Vault

    Nomad as a consistent way of scheduling tasks across multiple

    datacenters, with diverse infrastructure

    Service Discovery with Consul

  • Q / A github.com/ncorrare for

    examples

    THANKS!

    http://github.com/ncorrare