Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Enterprise git - the hard bits

443 views

Published on

Source code: Just put it in git, right? Scale? Github! 1000's of repos? No problem! Bitbucket Server! Now: Add PCI & SOX.. Audit. SSO. SSH key management. DR. Geo diversity. This starts where the vendor stop- workflows to keep work moving, security & audit to ensure code integrity.

Talk presented at DevopsDays Boston 2016.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Enterprise git - the hard bits

  1. 1. Enterprise Git - the hard bits Matthew Barr, Architect
  2. 2. ©2016 AKAMAI | FASTER FORWARD TM Overview ●Introduction ●Git hosting options ●o18n ●Safety & Best Practices
  3. 3. ©2016 AKAMAI | FASTER FORWARD TM Admissions
  4. 4. Lawyer Not
  5. 5. Compliance Not
  6. 6. Internal Audit Not
  7. 7. PCI Assessor (QSA) Not
  8. 8. the Mama. Not © Disney/Henson Sorry, you don’t get to see the cute picture from the Dinosaurs TV show.
  9. 9. ©2016 AKAMAI | FASTER FORWARD TM Me: SysAdmin / DevOps Engineer for 20 years ● Lehman Bros, MarkitServ ● Community Connect, Snap Interactive ● Nokia Focus @ Akamai: Developer Productivity ● Provide tools for our engineers ● SCM, Build, CI & Test systems ● Current project: Horizontally scalable build farm w/ Docker agents
  10. 10. So you want to be a hero store your code in Git
  11. 11. ©2016 AKAMAI | FASTER FORWARD TM GitHub or Bitbucket ●Hosted ●Great features ●Low overhead ●Great for small teams ●Even medium size
  12. 12. ©2016 AKAMAI | FASTER FORWARD TM Self hosted options ●GitLab ●Gitolite ●cgit
  13. 13. ©2016 AKAMAI | FASTER FORWARD TM Enterprise ●Github Enterprise ●Bitbucket Server (Atlassian) (née Stash) ●Gitlab Enterprise ●Perforce GitSwarm
  14. 14. ©2016 AKAMAI | FASTER FORWARD TM Git @ Akamai ● Currently: 6000+ repositories, 115+ Projects/Organizations ○ Not primary code repository (yet) • Relaunched 1 year ago • Stash Data Center Edition • 2 sites ● 2 App Servers ● 2 DB nodes ● Netapp filer & load balancer
  15. 15. ©2016 AKAMAI | FASTER FORWARD TM o16n (Operationalization)* * Gordon Marx
  16. 16. ©2016 AKAMAI | FASTER FORWARD TM HA, DR, GeoDiversity & Backups ● Varies by product ● Github Enterprise ○ Clustering ○ Active / Passive Node ○ Point in time snapshots ● Bitbucket Server ○ Self Service Backups, DB replication, Snapshots ○ Improvement in Bitbucket Server (Stash) ■ Smart Mirrors ■ Zero Downtime Backups
  17. 17. ©2016 AKAMAI | FASTER FORWARD TM Authentication for the enterprise ● Mandate: No passwords ● 3 types of access ○ WebUI ○ Git (SSH, HTTPS) ○ API ● SAML for WebUI ● SSH key sync script from LDAP ● X.509 Client auth for API
  18. 18. ©2016 AKAMAI | FASTER FORWARD TM Safety & Best Practices
  19. 19. ©2016 AKAMAI | FASTER FORWARD TM PCI, SOX, etc. Boils down to: ●Prevent unauthorized changes ●Review change!
  20. 20. ©2016 AKAMAI | FASTER FORWARD TM Code Review - Pull Requests ●Sign offs - +1, approvers ●Prevent merges without PR’s ●Merge commits ○ Audit points, in git log
  21. 21. ©2016 AKAMAI | FASTER FORWARD TM Code Integrity ● Branching workflow ○ Combination Gitflow + Feature Branch (Github) ■ No Develop branch, but flexibility for QA ■ Can be CD ● Protected branches ○ Limited users can merge ● No force push / rewriting history ● Unapprove PR’s when modified ○ Really? Provided by optional plugin?
  22. 22. ©2016 AKAMAI | FASTER FORWARD TM Q: Who wrote that code? ● Pusher != committer ● Committer $ git config --global user.name "John Doe" $ git config --global user.email johndoe@example.com ● GPG? ● Log all commits/pusher?
  23. 23. ©2016 AKAMAI | FASTER FORWARD TM Access Control ● 1000’s of repos = 1000’s of ACLs ● Organizations / Projects ● LDAP groups? ● Access Controls ○ Who manages, approves access? ○ Audits access, quarterly? ● Separation of Concerns ○ Ops can’t modify code ○ Prove it!
  24. 24. ©2016 AKAMAI | FASTER FORWARD TM Automation • API’s! • Configure • External Front Ends ● User Mgmt ● Webhooks ● Audit settings
  25. 25. ©2016 AKAMAI | FASTER FORWARD TM References • Github Enterprise Documentation • Bitbucket Server Documentation
  26. 26. ©2016 AKAMAI | FASTER FORWARD TM Matthew Barr • https://www.akamai.com • mbarr@akamai.com • @matthewbarr - Twitter & Github: • mbarr@mbarr.net

×