FROM CI TO CD

A PRACTICAL DEVOPS PLAYGROUND

Elsass JUG - StraSBOURG - 4 TH OF DECEMBER, 2014


ABOUT HENRI GOMEZ


TODAY - CI Architect @ Axway*   

Ops Hat - Former Senior Ops Director
Dev Hat - FORMER Dev, Team Leader and Architect
QA Hat - FORMER QA Tech Leader

JPackage* OBuildFactory* anD DEVOPS incubator* PROJECT FOUNDER
PROUD MEMBER OF ASF (Tomcat* & XML-RPC*) &  OSSGTP*
LONG TIME OSS ACTIVIST 

TODAY Software Challenges


Software projects are larger and complex
Many DIFFERENT teams (often remote)
STILL Tight schedules
DELIVERY / DEPLOYMENT IS PART OF PROCESS
HIGHER LEVEL OF SECURITY

AND THEN CAME AGILE METHODOLOGY

CONTINUOUS INTEGRATION


"Continuous Integration is the practice of integrating early and often, so as to avoid the pitfalls of integration hell".

CI IS TOOLING OF AGILITY


Standardize Build, Test and Deployment
Provide Continuous Builds, Test and Deployment
Ensures solid, reproducible and analyzable steps
Visible to all actors (Dev, QA, Product Owner)

GOAL


THE ULTIMATE GOAL IS TO REDUCE TIMELY REWORK AND THUS REDUCE COST AND TIME.
 
WHEN DONE WELL, CONTINUOUS INTEGRATION HAS BEEN SHOWN TO ACHIEVE THESE GOALS.

CONTINUOUS INTEGRATION STEPS


Fetch From SCM
Build Code
Run Unit Tests
Run Integration Tests
Deploy Artifacts
Run Acceptance Tests
Produce Reports

HUMAN WORKLOAD


Team members work on code

code
tests DESIGN
docs

Automated workload


POLL SCM AND CHECK OUT IF CHANGES
BUILD CODE 
RUN UNIT & INTEGRATION TESTS
DEPLOY BINARY CONTENTS TO ARTIFACTS REPOSITORY
RUN ACCEPTANCE TESTS
PRODUCE REPORTS

regarding tests

TESTS SHOULD COVER A WIDE SCOPE FROM DEV UP TO RUNTIME

UNIT TESTING
INTEGRATION TESTING
ACCEPTANCE TESTING
SECURITY TESTING
PERFORMANCES TESTING

UNIT TESTING


HERE WE TEST CODE
Ensures the code is doing what we intend it to do
Many extremely quick and small tests

UNIT TESTING ensure we make the software right

INTEGRATION TESTING


USED TO VALIDATE CONTRACTS BETWEEN PARTICIPANTS
SHOULD BE PORTABLE (NOT PLATFORM DEPENDANTS)
"External Components" SHOULD BE embeddedABLE or mocked 

INTEGRATION TESTING ensure we make the right software

ACCEPTANCE TESTING


KEEP THEM SIMPLE
REAL TARGET COMPONENTS SHOULD BE USED
PREFER PRE-REQUISITE (DONT EMBED SQL DB ENGINES)
DATASETS IN USE SHOULD BE MODERATE

PREPARE FOR PRODUCTION - ENROLL YOUR OPS

SECURITY TESTING


CODE LEVEL
DEPENDENCIES INVOLVED
RUNTIME LEVEL


ALL ACTORS INVOLVED : DEVS, QA, SECURITY AND OPS

PERFORMANCE TESTING


Fix quickly performance regressionS
Prepare for Capacity Planning 

proTECT YOURSELF FROM IN-PROD DISCOVERY

AND THEN CI TURN TO NIGHTMARE

SCOPE IS TOO LARGE, FROM CODE TO RUNTIME

TOO MANY LOAD ON AUTOMATION ENGINE

OVERALL BUILD PROCESS IS LONGER AND LONGER

RELEASE / DELIVERY PROCESS IS NO MORE AGILE


IT'S TIME TO REFACTOR A BIT

LET's REFACTOR


Materialize 4 chains


SOFTWARE FACTORY
QUALITY FACTORY
SECURITY FACTORY
DEPLOY FACTORY


AND DONT FORGET SERIOUS MONITORING FOR ALL OF THEM

SOFTWARE FACTORY


FROM SCM TO ARTIFACTS


BUILDs
UNIT TESTS
INTEGRATION TESTS
CODE QUALITY REPORTS (SONAR)
DEPLOY BINARY ARTIFACTS

QUALITY FACTORY


FROM ARTIFACTS TO QA/RUNTIME REPORTS


CONSUME ARTIFACTS FROM SOFTWARE FACTORY
RUN ACCEPTANCE TESTS
RUN PERFORMANCE TESTS AND CAPACITY PLANNING
GENERATE REPORTS

SECURITY FACTORY


SECURITY REPORTS FOR code and deliveries


SOURCE LEVEL ANALYSIS (CODE, SQL, XSS)
3RD PARTY DEPENDENCIES CHECK
PENETRATION TESTING

DEPLOY FACTORY

FROM ARTIFACTS TO RUNTIME


BUILD NATIVE PACKAGES (RPM/DEB/MSI/NUGET)
BUILD IMAGES (VMDK, AMI, VBOX, DOCKER, ISOs)
PROVIDE RUN INFRASTRUCTURE (INSITE)
INTERFACE TO RUN INFRASTRUCTURE (OFF-SITE/PUBLIC)
CATALOG & PROVISION RUNTIMES

INTERACTIONS BETWEEN FACTORIES


SHOULD BE SEEN AS A SINGLE Factory


SOFTWARE FACTORY CONSUME SOURCE AND PRODUCES SOFTWARE MATERIALS
QUALITY FACTORY CONSUMES SOFTWARE MATERIALS AND PRODUCE 'GO FOR DELIVERY'
SECURITY FACTORY CONSUME SOURCE AND DELIVERY AND PRODUCE 'GO FOR PROD'
DEPLOY FACTORY CONSUMES SOFTWARE MATERIALS AND TURN IN RUNTIME
DEPLOY FACTORY ALSO PROVIDES RUN INFRASTRUCTURE

DEVOPS - SHARING


USE COMMON TOOLS

SCM / DVCS


AUTOMATION


TICKETING & WORKFLOW


DOCS


SHARE KNOWLEDGE


DEVOPS - TOOLBOX


SHARE KNOWLEDGE

SCM : SUBVERSIOn, GIT, MERCURIAL (... or CVS)
ORCHESTRATiON : JENKINS* (What else ?)
CONTENT REPOSITORIES : ARCHIVA*, ARTIFACTORY*, NEXUS*, HTTPD*
CODE QUALITY : SONAR*
WEB TESTING : SELENIUM*

DEVOPS - SPECIALIZING


USE DEDICATED SILOS

PIPES APPROACH (INPUT/OUTPUT + KNOWN CONTRACTS)

ISOLATE ACTIVITy (CI/CA/CS/CD)

GIVE RIGHTS TO ACTORS

CONFLUENCE (DOCS)


KEEP IN MIND SPECIFICITIES


CONTINUOUS DEPLOYMENT FOR ?


YOUR DEVs 
YOUR QAs
YOUR SUPPORT
YOUR SALES
AND OF COURSE YOUR CUSTOMERS

ANY MAGIC RECIPES ?


KEEP IT SIMPLE

THINK COMPONENT

ENROLL YOUR OPS !

A WORKING RECIPE - LEGO MODE


Assemble BINARY Artifacts TO CREATE RUNTIME COMPONENTS
EXAMPLE : A WEB APPLICATION
 
JAR + WAR + TOMCAT = runtime
EXEC ENV (VM/CONTAINER) + RUNTIME = SERVICE

ASSEMBLE THEM ALL


DEPLOY USABLE ARTIFACTS (RUNTIME)
READY TO USE BY UPSTREAM TEAMS LIKE QA-OPS
PREFER RPM/DEB/MSI/NUGET - 1ST CLASS FOR BARE/VM/CONTAINERS
SHOULD BE CONFIGURABLE FROM THE OUTSIDE (HARDCODING IS EVIL)

DELIVERY AND DEPLOYMENT


THERE IS NEEDS FOR CONTINUOUS DELIVERY
AND CONTINUOUS DEPLOYMENT

DELIVERY


ProvidE product to end user
User could then install or update it on his own systems
SOFTWARE VENDORS ARE IN "CONTINOUS' DELIVERY MODE

DEPLOYMENT


PROVIDE OPERATIONAL SOLUTION TO CUSTOMERS
CUSTOMERS COULD THEN DIRECTLY USE IT ON HIS OWN OR LEASED SYSTEMS
SERVICE PROVIDERS ARE IN CONTINUOUS DEPLOYMENT LAND (CLOUD)

TO CONCLUDE




MANDATORY

FUN

SOCIAL



CI & CD ARE MANDATORY TODAY


PROVIDES AGILE TOOLING
ACCELERATE SOFTWARE PRODUCTION
SECURE SOFTWARE DELIVERY


CI & CD ARE FUN


COVERS A WIDE SCOPE FROM DEV UP TO OPS
LARGE SCALE OF TECHNOLOGIES
VERY ACTIVE ECOSYSTEMS AND COMMUNITIES
Always something new to learn and PUT IN PLACE


CI & CD ARE SOCIAL


WORKING WITH DEV, QA, OPS AND SALES TEAMS,  CI & CD ACT AS FACILITATORS



THANK YOU


From CI to CD, a practical Devops playground

By Henri Gomez

From CI to CD, a practical Devops playground

Presentation on Continuous integration and Delivery at ELASS JUG - Strasbourg - 2014/12/04

  • 2,142