Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

It's Not Continuous Delivery If You Can't Deploy Right Now

210 views

Published on

Talk from DevOpsDays Raleigh, Sep 7 2017

Published in: Software
  • Be the first to comment

  • Be the first to like this

It's Not Continuous Delivery If You Can't Deploy Right Now

  1. 1. @kmugragehttps://gocd.org/ IT’S NOT CONTINUOUS DELIVERY If you can’t deploy to production right now
  2. 2. @kmugragehttps://gocd.org/ WhoAm I? Ken Mugrage ThoughtWorks Technology Evangelist DevOpsDays Core Organizer @kmugrage http://ken.wtf
  3. 3. @kmugragehttps://gocd.org/ – Me “DevOps: A culture where people, regardless of title or background, work together to imagine, develop, deploy and operate a system.”
  4. 4. @kmugragehttps://gocd.org/ Jez Humble - https://continuousdelivery.com/ “Continuous Delivery is the ability to get changes of all types—including new features, configuration changes, bug fixes and experiments—into production, or into the hands of users, safely and quickly in a sustainable way.”
  5. 5. @kmugragehttps://gocd.org/ WHY THIS TALK?
  6. 6. @kmugragehttps://gocd.org/ There is no try
  7. 7. @kmugragehttps://gocd.org/ Why continuous delivery? We follow these principles: Our highest priority is to satisfy the customer through early and continuous delivery of valuable software. Welcome changing requirements, even late in development. Agile processes harness change for the customer's competitive advantage. Deliver working software frequently, from a couple of weeks to a couple of months, with a preference to the shorter timescale.
  8. 8. @kmugragehttps://gocd.org/ Partially“done” might still be useful
  9. 9. @kmugragehttps://gocd.org/ Respond to security issues At the time of disclosure, some 17% (around half a million) of the Internet's secure web servers certified by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers' private keys and users' session cookies and passwords. https://en.wikipedia.org/wiki/Heartbleed
  10. 10. @kmugragehttps://gocd.org/ Knight Capital To be continued….
  11. 11. @kmugragehttps://gocd.org/ CONTINUOUS INTEGRATION A pre-requisite to Continuous Delivery
  12. 12. @kmugragehttps://gocd.org/ The ThoughtWorks tech radar recently recommended putting a hold on the tech team anti-pattern, CI Theatre. CI Theatre describes the illusion of practicing continuous integration (CI) while not really practicing it. https://www.gocd.org/2017/05/16/its-not-CI-its-CI-theatre/
  13. 13. @kmugragehttps://gocd.org/ In our study only 10% of participants acknowledged that having a CI server was not the same as practicing CI. https://www.gocd.org/2017/05/16/its-not-CI-its-CI-theatre/
  14. 14. @kmugragehttps://gocd.org/ Continuous Integration Everyone pushes their code into trunk / master (not feature branches) on a daily basis Every commit triggers your tests When the build is broken, it is typically fixed within 10 minutes
  15. 15. @kmugragehttps://gocd.org/ Feature Branching https://martinfowler.com/bliki/FeatureBranch.html
  16. 16. @kmugragehttps://gocd.org/ Feature Branching https://martinfowler.com/bliki/FeatureBranch.html
  17. 17. @kmugragehttps://gocd.org/ Feature Branching https://martinfowler.com/bliki/FeatureBranch.html
  18. 18. @kmugragehttps://gocd.org/ PipelinesYou Should Be Including
  19. 19. @kmugragehttps://gocd.org/ Security testing Test before you commit Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST)
  20. 20. @kmugragehttps://gocd.org/ Performance testing Load testing Stress testing Soak testing Spike testing
  21. 21. @kmugragehttps://gocd.org/ Unit Test Functional Test Load Test Staging Production Spike Test Stress Test Soak Test Run as much as possible in parallel
  22. 22. @kmugragehttps://gocd.org/ Run as much as possible in parallel
  23. 23. @kmugragehttps://gocd.org/ You should decide the order, not your tool
  24. 24. @kmugragehttps://gocd.org/ Deploying incomplete work How to deliver faster than you can finish a feature
  25. 25. @kmugragehttps://gocd.org/ Feature Toggles https://martinfowler.com/bliki/FeatureToggle.html
  26. 26. @kmugragehttps://gocd.org/ Feature Toggles Pete Hodgson - http://martinfowler.com/articles/feature-toggles.html
  27. 27. @kmugragehttps://gocd.org/ Feature Toggles Pete Hodgson - http://martinfowler.com/articles/feature-toggles.html
  28. 28. @kmugragehttps://gocd.org/ Branch by Abstraction https://continuousdelivery.com/2011/05/make-large-scale-changes-incrementally-with-branch-by-abstraction/ Consumer Consumer Component
  29. 29. @kmugragehttps://gocd.org/ Branch by Abstraction https://continuousdelivery.com/2011/05/make-large-scale-changes-incrementally-with-branch-by-abstraction/ Consumer Consumer Component Abstraction
  30. 30. @kmugragehttps://gocd.org/ Branch by Abstraction https://continuousdelivery.com/2011/05/make-large-scale-changes-incrementally-with-branch-by-abstraction/ Consumer Consumer Old Abstraction New
  31. 31. @kmugragehttps://gocd.org/ Managing risk
  32. 32. @kmugragehttps://gocd.org/ Optimize for recovery Mean time between failures (MTBF) is the predicted elapsed time between inherent failures of a system during operation. Mean Time To Repair (MTTR) is a basic measure of the maintainability of repairable items. It represents the average time required to repair a failed component or device. https://en.wikipedia.org/wiki/Mean_time_to_repair https://en.wikipedia.org/wiki/Mean_time_between_failures
  33. 33. @kmugragehttps://gocd.org/ Deployment patterns Canary release A technique to reduce the risk of introducing a new software version in production by slowly rolling out the change to a small subset of users before rolling it out to the entire infrastructure and making it available to everybody. Dark launching The practice of deploying the very first version of a service into its production environment, well before release, so that you can soak test it and find any bugs before you make its functionality available to users. http://martinfowler.com/bliki/CanaryRelease.html http://www.informit.com/articles/article.aspx?p=1833567&seqNum=2
  34. 34. @kmugragehttps://gocd.org/ Feedback loops Create useful logging for everything Run (some of) your tests against production Ensure alerts are useful as well
  35. 35. @kmugragehttps://gocd.org/ Knight Capital On August 1, 2012, Knight Capital deployed untested software to a production environment which contained an obsolete function.The incident happened due to a technician forgetting to copy the new Retail Liquidity Program (RLP)…. …sent millions of child orders, resulting in 4 million executions in 154 stocks for more than 397 million shares in approximately 45 minutes. Knight Capital took a pre-tax loss of $440,000,000
  36. 36. @kmugragehttps://gocd.org/ Summary It’s not Continuous Delivery if you can’t deploy right now Practice good CI habits Use things like feature toggles to deploy incomplete work
  37. 37. @kmugragehttps://gocd.org/ THANKYOU To learn more about ThoughtWorks Products
 http://www.thoughtworks.com/products/ Ken Mugrage @kmugrage

×