Package Repositories:  The Unsung Heroes of Configuration and Release Management
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,666
On Slideshare
1,666
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
49
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Webcast Starts at 1:00 EDT … no you shouldn’t be hearing anything yet #PackageReposWebinar1
  • 2. We start in less than 15 min … no you shouldn’t be hearing anything yet #PackageReposWebinar2
  • 3. We start in less than 10 min … no you shouldn’t be hearing anything yet #PackageReposWebinar3
  • 4. We start in less than 5 min … no you shouldn’t be hearing anything yet Getting excited? I am. #PackageReposWebinar4
  • 5. Package Repositories The unsung heroes. #PackageReposWebinar5
  • 6. Eric’s Bio I’m a Lead Consultant at Urbancode where I helps customers get the most out of their build, deploy and release processes. I have 9 years of automation experience throughoutEric Minick the application life-cycle in roles aseric@urbancode.com@EricMinick a developer, test automation engineer, and support engineer. I’ve been at the forefront of CI & CD for 7+ years 6 #PackageReposWebinar
  • 7. Serious problems from top to bottom• Dan, new developer: can’t compile• Pam, experienced programmer: dealing with a merge conflict• Tom, tester: just had a batch of bugs rejected• Owen, operations: dealing with a production failure• Cynthia, CIO: has just been informed the organization failed an audit7 #PackageReposWebinar
  • 8. Agenda• Packages and configuration management• Traditional approaches• Elements of a successful solution• Recipe for adoption8 #PackageReposWebinar
  • 9. Agenda• Packages and configuration management• Traditional approaches• Elements of a successful solution• Recipe for adoption9
  • 10. Configuration management• ITIL Definition*: “The Process responsible for maintaining information about Configuration Items required to deliver an IT Service, including their Relationships.”• Understand what we are releasing and how it relates to everything else.10 *Source: ITIL v3 Service Transition. 2007.
  • 11. Lots of stuff to version Develop / Build Runtime source Deployable “Code” 3rd Party libs Builds Sub-Projects Internal Libs Deployment Manifests Middleware Infrastructure Config templates Environment Manifests Environment VM Images Templates11 #PackageReposWebinar
  • 12. Agenda• Packages and configuration management• Traditional approaches• Elements of a successful solution• Recipe for adoption12 #PackageReposWebinar
  • 13. “How do I make this build work?”• Developer attempting to build – new developer feels the pain• Build machine view of binaries – magic build machine• Dependency information comes in the form of link errors13 #PackageReposWebinar
  • 14. “Use Google”14 #PackageReposWebinar
  • 15. “I’ll email that to you”15 #PackageReposWebinar
  • 16. “It’s in the lib directory” Binary dependencies are versioned with the source code16 #PackageReposWebinar
  • 17. “Go get that off the file share”• Single source for the organization• Dependencies are now scriptable• Version explosion – hard to know when to remove an old version – hard to know which to use17 #PackageReposWebinar
  • 18. “I’m waiting for the internet to download”• Using Maven Central as a binary repository18 #PackageReposWebinar
  • 19. Deploy & Release: almost as bad as build19 #PackageReposWebinar
  • 20. Agenda• Binaries and configuration management• Traditional approaches for dealing with binaries• Elements of a successful solution• Recipe for adoption20 #PackageReposWebinar
  • 21. What they need• Developers – A description of dependencies – Location to get them (and easy updates) – Controlled official versions of dependencies• QA – What’s in my environment: A deployment manifest• Ops – The same manifest & everyone else’s house in order• CIO / Audit – Inventory of who deployed what where21 #PackageReposWebinar
  • 22. ITIL Definitive Media Library• Location where the definitive and approved versions of all software configuration items are securely stored• Includes: – archive and retention periods – environment support (e.g. test and live environments) – tamper resistanceService Transition, ITIL v 3; Lacy & Macfarlane; 200722 #PackageReposWebinar
  • 23. Good binary management• Package Repository – authoritative place to store versioned binaries – access control – checksums for tamper resistance – release meta-data – retention periods• Dependency management – ITIL: “relationships between configuration items”23 #PackageReposWebinar
  • 24. Build Dependencies• “Description of dependencies” is complex• Requires: – track compile time and runtime dependencies – automated retrieval from repository – traceable: give me a manifest24 #PackageReposWebinar
  • 25. Deployment Manifests• Collection of versioned packages to deploy• How (also versioned) – Process – Configuration rules25 source: http://www.flickr.com/photos/expertinfantry/5449659589/
  • 26. Package repos: hand off from Dev to Ops AKA: DSL, DML, Artifact Repo, Binary Repo26 #PackageReposWebinar
  • 27. 27 #PackageReposWebinar
  • 28. Agenda• Binaries and configuration management• Traditional approaches for dealing with binaries• Elements of a successful solution• Recipe for adoption28 #PackageReposWebinar
  • 29. Our recommended recipe1. The dependency audit2. Decide who will control dependency rules3. Decide who will control the repository4. Establish a binary artifact repository5. Link scripts to repository6. Migrate dependencies to repository7. Deny the old methods8. Develop tested stacks29 #PackageReposWebinar
  • 30. Dependency Audit• Begin researching dependency relationships• Need to avoid breaking what we have today• Validate files are the version they claim to be• Requires understanding relationships between teams and their components• Where is there commonality? Conflicts?30 #PackageReposWebinar
  • 31. Decide who will control repository• Will we have one repo or several?• How do new 3rd party artifacts get added? – architecture checks for duplication – security and compliance concerns• What internal systems can register versions?• What policies are used for removing old versions?31 #PackageReposWebinar
  • 32. Decide who will control of dependency rules• Developers often best understand the project’s needs• Architects suggest components that should be used everywhere• CM team often set policy for what’s allowed• QA knows what’s been tested• Operations knows what’s approved for production use32 #PackageReposWebinar
  • 33. Establish a package repository• Select a repository – Codestation, Maven, Yum, SCM Tool….• Implement it – installation – configuration – disaster recovery – retention policy – security rules • authentication & authorization33 #PackageReposWebinar
  • 34. Link scripts to repository• Build scripts• Deployment scripts• Provisioning scripts• Create a “walking skeleton” for a smooth, incremental transition http://alistair.cockburn.us/Walking+skeleton34 #PackageReposWebinar
  • 35. Migrate dependencies to repository• Shouldbe easy• It won’t be35 #PackageReposWebinar
  • 36. Deny the old methods• Turn off the file share• Firewall off Maven Central• Reject commits of libraries to source control36 #PackageReposWebinar
  • 37. Develop tested stacks• Identify groups of components commonly used together• Test versions of those groups and create a “stack” – a version of the group• If you build your app on this stack, it will work in our environment – With infrastructure automation this becomes PaaS37 #PackageReposWebinar
  • 38. Checking in with the team• Dan, new developer: quickly up to speed• Pam, experienced programmer: getting work done• Tom, tester: not wasting time on bogus bugs• Owen, operations: working a 40 hour work week• Cynthia, CIO: working on new initiatives38 #PackageReposWebinar
  • 39. Key Takeaways• The package repository as a key role in your tool chain• Audit what you are using in this place now and consider alternatives that are better tailored• If it’s important, version it39 #PackageReposWebinar
  • 40. Package Repo bundled in our Products• AnthillPro – All in one continuous delivery platform• uBuild – Build automation and CI for the hard problems• uDeploy – Deployment and release management• uProvision – Spins up virtual environments. Integrated with VMWare, Azure and EC240
  • 41. Q&A @UrbanCodeSoft @EricMinick Slideshare.net/Urbancode41 #PackageReposWebinar