Cory
Mastercard customer for about 2 years
Using a number of pivotal technologies
Day 1 priority to build a best in class platform team with a diverse skill dedicated to platform architecture and operations
Why automation?
Probably preaching to the choir on automation
We’ve been doing this for years, benefits are well understood at this point
3 global datacenters
8 folks on the core platform team supporting thousands of developers
Cory
Bill M. At this time we have determined that the vSphere infrastructure, firewall ports, the four networks and all prerequisites are in place. We have the clusters for the AZs, in our case ready.
One logs into the Env-Install team in Concourse and kicks off the pipeline. The install pipeline lays down the basic OpsMan and basic PCF components with all required fields in Opsman and director defined. the opsmgr.yml and director.yml. Once this is complete we can log into opsmanger
Next we log into the Operations team in concourse and kick off the rest starting PAS and working on down based on dependency. Once PCF is installed we are far from done. Our pipelines are unpaused to upgrade opsman, install the Build packs, Prometheus on BOSH, Vault, configure the F5 load balancers. Turn on platform validation smoke test, a general maintenance pipeline and the one that runs org management.
billm
billm
billm We with the the S3 pull down due to possible download issues of which we encountered early on. This also allows us to move the .pivotal files between buckets based on environments.
the
For major and minor releases, we do a manual install in our sandbox environment. Once installed and passing all apply settings, we pull the properties and add the changed (if any) to the new template file. We also add any environmental variables into the foundation specific tiles.yml files.
Once all the config files are modified, we pull the manual install. Form there we do a pull request to and have the code go through it’s normal promotion and install processes.
Automatic updates (incremental versions) are done automaticly. (they’re suppose to follow Pivotal’s guidelines for defining a release). We’ve had cases with incremental releases have had changes that won’t run through requiring some tweaks. I will say we’ve only encountered this through third party tiles of which I won’t mentions.
if the tile installs in Sandbox automaticly we get notifed. if all is well after one week it moves to Dev, a week later to stage, the in two weeks cycles through our Prod environments.
Once the users are approved to use PCF, they request an LDAP group. Once those requirements are met, the rest flows via pipeline.
The users modify a name.org.yml file and create a pull request.
billm
The user puts in a pull request for the .yml. Before it can be approved it too much pass run the acceptance test. Once it passes it and the pull request is approved, the orgs and spaces will be added when the next cycle of the org management pipeline runs.
billm
This is runs many test. This pileline check the entire foundation for critical componets and full functioniality. Every tile and service added gets put into the smoke test. Checks connectivity to all critical networks and services. Validates dependencies. vSphere resources, Check utilization check the status of the VMs running in the cluster. if any PCF Components are running hot we get alerted. This along with Promtheus and PCF Heatlthwatch allow us to tweak things as needed. Example would be add additional Doppler VMs, Elastic Search Nodes or change the size of the VMs themselves, cores, memory etc.
billm
This is our on call tool that pull data from all operations pipelines described prior. We can see what is going on in Pivnet, all foundations, all upgrades, failed validation checks (DEMO??? if time permits.
Cory
Pipeline first, do it right
Pipelines are technically complex and hard
Cory
PKS - Deployment of PKS, provisioning of K8S clusters, and providing stardardized/abstracted onboarding mechanisms for consumers
NSX-T from hypervisor to SDN using Terraform