Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
There and Back Again
a DevOps journey
Giulio Vian
18th January 2018
giulio.dev@casavian.eu
@giulio_vian
Welcome to the show…
What we will talk about?
Introduction
Initial state
Infrastructure-as-Code
Mindset
Terraform
IaaS in the Cloud
Configurati...
Which kind do you like?
I love questions…
…but I have 41 slides more
No green-field
3 Active Directory domains
3 test environments
2 production environments
All manually built
TeraByte-size S...
Issues
Downtime
New releases
Windows Update
Lack of Scalability
Don’t touch it mindset
Technology soup
Hosting
OS & DB
Language
Infrastructure-as-Code mindset
No manual changes
Replace hand built resources
with automation
Source control
Investment
Takes more time
Until you are proficient
Automation Pillars
Infrastructure Application stack
What?
No ARM?
Doctor Who © BBC
Story 178
Series 3, Christmas Episode
JSON is
sooo cute
Remember the hosting tier
A taste of Terraform
Terraform peculiarities
Folder organization
Import
Names are immutable
State management
Stay organized
/ repo root
modules terraform modules
utility general purpose
shared common to multiple applications or env...
Three steps to import
Define as regular resources
Add safety clause
lifecycle {
prevent_destroy = true
}
Include in state
...
Changing names
TF deletes and rebuild resource
There can be more than one? Consider:
Security Group Rules
Virtual Machine ...
State management
Myth: State is map of reality
Setup in shared, locked place
Azure Storage or AWS S3
Some changes not sens...
Terraform tips
Static addresses
cidrsubnet
cidrhost
HCL parser idiosyncrasies
Regex might be troublesome
 is not unusual
S...
Better luck next time
Error: Error applying plan:
azurerm_lb_probe.lb_probe_http: Error
Creating/Updating LoadBalancer
net...
Active Directory is a gift
and a curse
Monk © USA networks
Domain creation
Azure Quickstart
active-directory-new-domain-ha-2-dc-
zones
Wait until domain is ready
provisioner "local-...
Machine join
JsonADDomainExtension
Hardcode DNS bootstrap
$ix = (Get-DnsClientServerAddress -AddressFamily IPv4 |
where { ...
Avoid getting lost
[Environment]::SetEnvironmentVariab
le("prompt",
"[%USERNAME%@%COMPUTERNAME%]
`$p`$g","Machine")
Set-It...
Fake it and retry
Powershell Remote
Powershell DSC
Powershell
Search, search, search
Careful with StackOverflow
Desired State Configuration
Declarative configuration
Module ...
Desired State Configuration (DSC)
Configuration FourthCoffee
{
# Install the IIS role
WindowsFeature IIS
{
Ensure = "Prese...
a sip of DSC
Working together
(upload local scripts)
Public repo
Orchestrating tool
data "external" "uploader_data" {
program = ["power...
Architecture won’t emerge
Easy
VM Size*
VM replicas
Disk size
Hard
Networks
Load balancers
DNS names
it will stand on your...
Architecture Tips
Hard isolation
Multiple Subscriptions
Disaster recovery
Paired Regions
Pipelines unfolding
one pipeline is not enough for all of us…
Integral deploy
Über-arching test and deploy
Partial paths
J...
It is your duty
to make it robust
Agents
Network
VSTS/TFS on sight
Security
Power user in environment AD Domain
Restricted pools/queue access
Yes, docker
Some Team Services to
finish
Wrap-up
39
Unexplored paths
SQL Clusters
Database
Migrate production
Feature Toggles
Containers
DevOps
To know more
Terraform - Up and Running: Writing
Infrastructure as Code — Y.Brikman
(O′Reilly)
https://www.amazon.co.uk/gp...
To know more
Continuous Delivery: Reliable Software
Releases through Build, Test, and
Deployment Automation — J.Humble,
D....
To know more (cont’d)
DevOps on the Microsoft Stack — Wouter de
Kort (Apress)
https://www.amazon.com/DevOps-Microsoft-Stac...
Links
https://continuousdelivery.com/
https://www.terraform.io/
https://azure.microsoft.com/en-us/services/key-vault/
http...
Bene+dic, Domine, creaturam istam cerevisae,
quam ex adipe frumenti producere dignatus es:
ut sit remedium salutare humano...
Upcoming SlideShare
Loading in …5
×

There and Back Again (My DevOps journey) - LDNA 01-2018

Limerick DotNet-Azure User Group (LDNA) 18 January 2018 Meetup (https://www.meetup.com/Limerick-DotNet/events/246446337/)
There and Back Again (My DevOps journey)

Talking about my company's DevOps journey, from the initial brown-field all-manual state, to our current partially automated situation and the strategic destination of a fully automated and monitored process.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

  • Be the first to like this

There and Back Again (My DevOps journey) - LDNA 01-2018

  1. 1. There and Back Again a DevOps journey Giulio Vian 18th January 2018 giulio.dev@casavian.eu @giulio_vian
  2. 2. Welcome to the show…
  3. 3. What we will talk about? Introduction Initial state Infrastructure-as-Code Mindset Terraform IaaS in the Cloud Configuration Management Continuous Delivery Recap 3 200-level Visual and practical Deck on SlideShare Bibliography at the end
  4. 4. Which kind do you like?
  5. 5. I love questions…
  6. 6. …but I have 41 slides more
  7. 7. No green-field 3 Active Directory domains 3 test environments 2 production environments All manually built TeraByte-size SQL instances VPN connections Centralized version control
  8. 8. Issues Downtime New releases Windows Update Lack of Scalability Don’t touch it mindset
  9. 9. Technology soup Hosting OS & DB Language
  10. 10. Infrastructure-as-Code mindset No manual changes Replace hand built resources with automation Source control
  11. 11. Investment Takes more time Until you are proficient
  12. 12. Automation Pillars Infrastructure Application stack
  13. 13. What? No ARM? Doctor Who © BBC Story 178 Series 3, Christmas Episode
  14. 14. JSON is sooo cute
  15. 15. Remember the hosting tier
  16. 16. A taste of Terraform
  17. 17. Terraform peculiarities Folder organization Import Names are immutable State management
  18. 18. Stay organized / repo root modules terraform modules utility general purpose shared common to multiple applications or environments application_name internal or public application non-production can be rebuilt any moment shared common to multiple environments e.g. deploy agents, jumpbox qa Integration test uat User acceptance test perf Load testing production everything here is critical legacy hand made infrastructure e.g. TFS shared common to main and dr e.g. networking live PRODUCTION ENVIRONMENTS dr Disaster recovery site
  19. 19. Three steps to import Define as regular resources Add safety clause lifecycle { prevent_destroy = true } Include in state terraform import
  20. 20. Changing names TF deletes and rebuild resource There can be more than one? Consider: Security Group Rules Virtual Machine Extensions More is better environment-tier-role-instance
  21. 21. State management Myth: State is map of reality Setup in shared, locked place Azure Storage or AWS S3 Some changes not sensed Learn to use terraform state
  22. 22. Terraform tips Static addresses cidrsubnet cidrhost HCL parser idiosyncrasies Regex might be troublesome is not unusual Study the book
  23. 23. Better luck next time Error: Error applying plan: azurerm_lb_probe.lb_probe_http: Error Creating/Updating LoadBalancer network.LoadBalancersClient#CreateOrUpdate : Failure sending request: StatusCode=0 -- Original Error: Put https://management.azure.com/subscriptions /12345678-9abc-def0-1234- 56789abcdef0/resourceGroups/qa/providers/M icrosoft.Network/loadBalancers/qa- loadbalancer?api-version=2017-09-01: http: ContentLength=1655 with Body length 0
  24. 24. Active Directory is a gift and a curse Monk © USA networks
  25. 25. Domain creation Azure Quickstart active-directory-new-domain-ha-2-dc- zones Wait until domain is ready provisioner "local-exec" { command = "" verify = "(88,135,389,445,3268 | foreach { Test- NetConnection $dcIpAddress -Port $_ -InformationLevel Quiet } | measure -Minimum).Minimum“ interpreter = ["PowerShell", "-Command"] }
  26. 26. Machine join JsonADDomainExtension Hardcode DNS bootstrap $ix = (Get-DnsClientServerAddress -AddressFamily IPv4 | where { $_.InterfaceAlias -like "*Ethernet*" }).InterfaceIndex Set-DnsClientServerAddress -InterfaceIndex $ix - ServerAddresses ($dcIpAddress,"168.63.129.16") Set-DnsClient -InterfaceIndex $ix - ConnectionSpecificSuffix $domainName Add-Content -Path "${env:windir}System32driversetchosts" -Value "`r`n`r`n${dcIpAddress}`t${domainName}`r`n${dcIpAddress}`t ${dcComputerName}.${domainName}" -Encoding Ascii
  27. 27. Avoid getting lost [Environment]::SetEnvironmentVariab le("prompt", "[%USERNAME%@%COMPUTERNAME%] `$p`$g","Machine") Set-ItemProperty -Path "HKLM:SOFTWAREMicrosoftCommand Processor" -Name "AutoRun" -Value "echo Hi %USERNAME%, welcome to %COMPUTERNAME%"
  28. 28. Fake it and retry Powershell Remote Powershell DSC
  29. 29. Powershell Search, search, search Careful with StackOverflow Desired State Configuration Declarative configuration Module management Install-Module is just the first step Testing Pester Limited use
  30. 30. Desired State Configuration (DSC) Configuration FourthCoffee { # Install the IIS role WindowsFeature IIS { Ensure = "Present" Name = "Web-Server" } # Install the ASP .NET 4.5 role WindowsFeature AspNet45 { Ensure = "Present" Name = "Web-Asp-Net45" } #... } Reboots Modes Local / Push Pull ConfigurationMode ApplyOnly ApplyAndMonitor  ApplyAndAutocorrect PowerShell Gallery
  31. 31. a sip of DSC
  32. 32. Working together (upload local scripts) Public repo Orchestrating tool data "external" "uploader_data" { program = ["powershell", "${path.module}/uploader.ps1 -Folder "${var.folder}" -StorageAccount ${var. storage_account} -Container ${var. storage_container} -StorageKey ${var. storage_key}"] } Deploy pipeline step DSC Pull Server
  33. 33. Architecture won’t emerge Easy VM Size* VM replicas Disk size Hard Networks Load balancers DNS names it will stand on your path
  34. 34. Architecture Tips Hard isolation Multiple Subscriptions Disaster recovery Paired Regions
  35. 35. Pipelines unfolding one pipeline is not enough for all of us… Integral deploy Über-arching test and deploy Partial paths Just DB or App Hotfix path Other operations Disaster Recovery
  36. 36. It is your duty to make it robust
  37. 37. Agents Network VSTS/TFS on sight Security Power user in environment AD Domain Restricted pools/queue access Yes, docker
  38. 38. Some Team Services to finish
  39. 39. Wrap-up 39
  40. 40. Unexplored paths SQL Clusters Database Migrate production Feature Toggles Containers
  41. 41. DevOps
  42. 42. To know more Terraform - Up and Running: Writing Infrastructure as Code — Y.Brikman (O′Reilly) https://www.amazon.co.uk/gp/product/14 91977086/ The DSC Book — Don Jones and Melissa Januszko (O′Reilly) https://leanpub.com/the-dsc-book 42
  43. 43. To know more Continuous Delivery: Reliable Software Releases through Build, Test, and Deployment Automation — J.Humble, D.Farley (Addison-Wesley) https://www.amazon.com/Continuous- Delivery/dp/0321601912/ The DevOps Handbook — G.Kim, P.Debois, J.Willis, J.Humble (IT Revolution Press) https://www.amazon.com/DevOps-Handbook- World-Class-Reliability- Organizations/dp/1942788002/ 43
  44. 44. To know more (cont’d) DevOps on the Microsoft Stack — Wouter de Kort (Apress) https://www.amazon.com/DevOps-Microsoft-Stack-Wouter- Kort/dp/1484214471/ Beginning Build and Release Management with TFS 2017 and VSTS — Chandrasekara, Chaminda (Apress) http://www.apress.com/gp/book/9781484228104 Refactoring Databases — Scott J Ambler and Pramod J. Sadalage (Addison-Wesley) https://www.amazon.com/Refactoring-Databases- Evolutionary-paperback-Addison-Wesley/dp/0321774515/ 44
  45. 45. Links https://continuousdelivery.com/ https://www.terraform.io/ https://azure.microsoft.com/en-us/services/key-vault/ https://docs.microsoft.com/en-us/azure/best-practices-availability-paired-regions https://martinfowler.com/articles/evodb.html http://databaserefactoring.com/ http://agiledata.org/essays/databaseRefactoring.html http://martinfowler.com/articles/feature-toggles.html https://launchdarkly.com/ https://blogs.msdn.microsoft.com/buckh/2016/09/30/controlling-exposure-through-feature-flags-in-vs-team-services/ https://azure.microsoft.com/en-us/features/storage-explorer/ http://www.powershellgallery.com/ https://docs.microsoft.com/en-us/powershell/dsc/overview 45
  46. 46. Bene+dic, Domine, creaturam istam cerevisae, quam ex adipe frumenti producere dignatus es: ut sit remedium salutare humano generi: et praesta per invocationem nominis tui sancti, ut, quicumque ex ea biberint, sanitatem corporis, et animae tutelam percipiant. Beer is a blessed thing

×