Slide from my talk "Successful Practices for Continuous Delivery" from September 27, 2016.

1. Mandi Walls | Technical Community Manager | mandi@chef.io
@lnxchk
Successful Practices
for
Continuous Delivery

2. Mandi Walls
Technical Community Manager for EMEA
@lnxchk
mandi@chef.io

3. EVERY business is a software business
We’re going to be a software
company with airplanes.
– CIO, Alaska Airlines

4. It’s Hard!?!?
• “DevOps” is now seven years old
• There are still plenty of people who reject it
• But even simple practices can improve quality of delivery
• DevOps Report found in their 2014 survey that Ops using version control was a
significant indicator of success
• https://www.perforce.com/blog/140829/devops-version-control-even-more-important-ops-dev

5. Getting to Continuous Integration or
Continuous Delivery takes time, but
the steps to get there are now well
understood

6. Quality and innovation, historically a tradeoffQUALITY/COMPLIANCE
RATE OF INNOVATION

7. The game changer: rapid time to value
Innovation
Quality/
Complianc
e
Dynamic
Infrastructure

8. Dynamic infrastructure
Migrate applications to the cloud and support hybrid and
multi-cloud environments. Automate the management of
heterogeneous networks, including legacy systems.
• Provisioning and setting up environments
• Dynamic scaling of compute resources
• Migrating legacy workloads to the cloud
• Multi cloud and hybrid cloud deployment
• Support for heterogeneous environments

9. The game changer: rapid time to value
Innovation
Quality/
Complianc
e
Dynamic
Infrastructure
Infrastructure as Code
Automate the Stack
+

10. Infrastructure as Code
• Programmatically provision and configure
components
• Treat like any other code base
• Reconstruct business from code repository,
data backup, and compute resources
Build your solid foundation

11. Automation
Turn infrastructure into code—infrastructure as code is
versionable, testable and repeatable. Manual processes
become a thing of the past.
• Automated, full-stack application policies
• Package and service installation
• Versionable, testable, repeatable workflow
• Scalable application policies
• Management of interdependencies across
nodes

12. Describe Infrastructure as Code
httpd_service 'customers' do
mpm 'prefork'
action [:create, :start]
end
httpd_config 'customers' do
instance 'customers'
source 'customers.conf.erb'
notifies :restart, 'httpd_service[customers]'
end
directory '/var/www/customers/public_html' do
recursive true
end

13. Test the Code
describe 'apache::default' do
context 'When all attributes are default, on an unspecified platform' do
let(:chef_run) do
runner = ChefSpec::ServerRunner.new
runner.converge(described_recipe)
end
it 'converges successfully' do
expect { chef_run }.to_not raise_error
end
it 'installs apache' do
expect(chef_run).to install_package 'apache2'
end
end
end

14. Version the Code & the Artifact
name 'cmgw'
maintainer 'Chef Software, Inc.'
maintainer_email 'nharvey@chef.io'
license 'apache2'
description 'Installs/Configures cmgw'
long_description 'Installs/Configures cmgw'
version '0.1.0'

15. The game changer: rapid time to value
Innovation
Quality/
Complianc
e
Dynamic
Infrastructure
Infrastructure as Code
Automate the Stack
DevOps
+ +

16. DEVOPS
A cultural and professional movement,
focused on how we build and operate
high velocity organizations, born from
the experiences of its practitioners.

17. PEOPLE
PRODUCTS
COMPANIES

18. BE LEAN
• Eliminate non-value-added action (Waste/Muda)
• Pull over Push
• Kaizen (Continuous Improvement)
• Kaikaku (Disruptive Change)
• Small Batch + Experimentation

20. UBIQUITOUS
WORKFLOW
AUTOMATION

21. DevOps workflow & culture
Eliminate silos and lower the overhead of IT operations and
service management by supporting DevOps culture. Build
communities.
• Unified workflow for application and
infrastructure
• Integration with version control for dev and ops
• Support for automated testing of infrastructure
and applications
• Integration of security and compliance into
product development
• Advanced, high-velocity workflow

22. The rewards?*
*source: Dr. Nicole Forsgren research on DevOps
More deployments
Ship faster
Faster MTTR after issues
More profits, market share, and productivity
Market cap goes up

23. Continuous delivery of infrastructure & apps
Implement a high-velocity software delivery pipeline that
integrates application and infrastructure. Eliminate the risks
incurred with large, infrequent releases.
• Rapid provisioning of dev and test environments
• Ensure consistency and repeatability of
environments
• Unified pipeline for infrastructure, runtime
environments and applications
• Support for large teams with multiple projects
• Advanced, high-velocity workflow

24. MANAGE RISK
• Small batches, near term hypothesis
• Validation comes from customers
• Introduce near-term volatility to gain decreased
long-term risk

25. CONTINUOUS INTEGRATION
• Always integrate branches to master
• They should be short lived, iterative branches
• Fix the build when it goes red

26. THE FOUR-EYE RULE

27. WRITE TESTS
• Unit test (a single function)
• Integration tests (multiple classes/units)
• Functional tests (user-oriented, high-level, full
stack)
• Smoke tests (quickly determine if the system is
“working”)

28. ONE PATH FOR CHANGE
• The way change moves through your
organization is fixed
• Designed to re-enforce your principles and aid
flow
• Flexible at the level of execution

29. CODE GOES THROUGH THE
SAME WORKFLOW
Applications are code
Infrastructure is code

30. Security and compliance at velocity
Regulatory compliance and security concerns are facts of life
for every enterprise. At the same time, competitive pressures
are increasing. Embed requirements into the software
delivery pipeline. Code makes compliance at velocity
possible.
• Embed compliance into the software delivery
pipeline
• Automated checking of compliance criteria with
analytics
• Structured review process during development
• Discovery and analysis
• Patch management and remediation

32. SSH Control
SSH supports two different protocol
versions. The original version,
SSHv1, was subject to a number of
security issues. Please use SSHv2
instead to avoid these.

34. Product Ideas and Features
Security Review
Production

36. Afterthought Scanning

37. What We Have Here Is A Communications Problem

39. SSH Version Check
describe sshd_config do
impact 1.0
title 'SSH Version 2'
desc <<-EOF
SSH supports two different protocol versions. The original version, SSHv1, was subject to a number of
security issues. Please use SSHv2 instead to avoid these.
EOF
its('Protocol') { should cmp 2 }
end

43. So what does CI/CD look like?
• After all of these pre-requisites, we can do:
Create small changes focused on providing value to our applications
Provision development, testing, staging environments that match production using our
infrastructure as code
Build our security and compliance requirements into the workflow to eliminate later surprises
Pass ALL CHANGES through the same workflow, the same tests

44. Unified Pipeline Shape
The stages are fixed, and each stage has a fixed set of phases
APPROVE DELIVER
Lint
Syntax
Unit
Security
Quality
Publish
Lint
Syntax
Unit
Provision
Deploy
Smoke
Functional
Provision
Deploy
Smoke
Functiona
l
Provision
Deploy
Smoke
Functional
Provision
Deploy
Smoke
Functional
Submi
t
Chang
e
Does this
code change
look good?
Do we want
to ship this?

45. Shared Workflow
Delivery’s pipeline is shared across projects and teams

49. Chef Provides a Proven Approach to DevOps
...
...
...
Targets/Workloads
Collaborative Dev Production
Chef Server
Chef Server
Chef
Supermarket
Assessment
Chef Compliance
Search
Audit
Discover
Deploy
Chef Delivery
Local Dev
Model
Build
Test
Chef DK
Chef Client & Cookbooks

50. Visit Our Booth To Learn More
#425