DevOpsDays - Pick any Three - Devops from scratch
0 likes129 views
This document contains the transcript of a presentation on DevOps. It discusses the traditional separation between development and operations teams and some of the problems it caused. It then talks about how DevOps aims to break down the walls between dev and ops so they work more collaboratively towards shared goals. It provides examples of practices like automating infrastructure provisioning and deployment, implementing monitoring of applications and infrastructure with metrics, and sharing ownership and accountability for the overall service. It also briefly touches on how security teams can be integrated into DevOps practices through a model like DevSecOps.
DevOpsDays - Pick any Three - Devops from scratch
- 1. @petecheslock Pick Any 3: Good, Fast, or Safe DevOps from Scratch
- 2. @petecheslock Who Am I? Pete Cheslock @petecheslock Technical Operations at Threat Stack
- 5. @petecheslock!5 Companies are Choosing Speed Over Security 52% of Companies Admit to Sacrificing Security for Speed 64% of Sales professionals say they have had a deal slowed down by insufficient security
- 6. 6 Let Threat Stack Help You Build a Cloud SecOps Program
- 7. @petecheslock What Even is The DevOps?
- 10. @petecheslock
- 11. @petecheslock
- 12. @petecheslock
- 13. @petecheslock DevOps is Anything Your Heart Desires
- 14. @petecheslock
- 16. @petecheslock Let’s Talk About the Bad Old Days
- 17. @petecheslock
- 18. @petecheslock
- 19. @petecheslock
- 20. Crop image to fit inside this box The Bad Old Days Software
- 21. Crop image to fit inside this box The Bad Old Days Software Devs would rarely even have access to production systems… …which means Ops would have to take the code and install it based on Dev’s instructions
- 22. @petecheslock The Bad Old Days Infrastructure Lead time for new servers would be measured in weeks (best) or months (worst) Code could be ready before servers were available. Long feedback loops in running code on actual hardware, wasted time and money.
- 23. @petecheslock
- 24. @petecheslock@petecheslock Dev’s job is to add new features Ops’s job is to keep the site stable and fast Traditional Thinking
- 26. @petecheslock
- 29. @petecheslock DevOps Operations job is NOT to keep the site stable and fast. Operations (and Dev’s) job is to enable the business.
- 30. @petecheslock Tools Culture& Lowering the risk of change through
- 31. @petecheslock 1 2 3 This is a Story in Three Acts ACT THREE Ownership and Accountability. ACT TWO Metrics are a first class citizen. ACT ONE Optimize for ease of software deployment.
- 32. @petecheslock Simplify the act of getting new software to Customers. Iterate and improve upon that process. Leverage tools like Canary Deployments and Dark Shipping Ship the code when its “Ready” Software Deployment
- 33. @petecheslock Simplify the act of getting new software to Customers. Iterate and improve upon that process. Leverage tools like Canary Deployments and Dark Shipping Ship the code when its “Ready” Software Deployment
- 34. @petecheslock COMPILE YOUR SOURCE BUILD A PACKAGE SIGN THE PACKAGE TEST THE PACKAGE DEPLOY THE PACKAGE Software Deployment
- 35. @petecheslock COMPILE YOUR SOURCE BUILD A PACKAGE SIGN THE PACKAGE TEST THE PACKAGE DEPLOY THE PACKAGE Software Deployment THIS IS KIND OF IMPORTANT
- 36. @petecheslock What even IS ready? Ready means… Reviewed by other engineers Passed a series of unit, integration, and functional tests Reviewed to ensure that it meets other business or security requirements
- 37. @petecheslock
- 38. @petecheslock
- 39. @petecheslock
- 40. @petecheslock “If you want metrics for your apps - send your data here” Ops responsibility is to build the systems and make them easy to use Dev’s responsibility is to instrument their application to understand perf What About Metrics?
- 41. @petecheslock collectd -> write_graphite -> statsd_plugin app1 app2 app3 Graphite
- 42. @petecheslock Devs AND Ops work together to ensure we are using the right instance types for the workloads. Metrics
- 43. @petecheslock Devs AND Ops work together to ensure we are using the right instance types for the workloads. Metrics
- 44. @petecheslock How do we know this is working?
- 45. @petecheslock We own the overall health of the infrastructure. Ensure we are making the right choices for Scalability, Availability, and Cost. We build the tools that enable teams to deploy, manage, and update their applications. Ownership & Accountability Operations owns the infrastructure
- 46. @petecheslock They are on-call and get paged when their application runs into problems They manage the life of the service from idea to deployment and scaling. Ownership & Accountability Development owns their applications
- 47. @petecheslock Everyone cares about the health of Threat Stack
- 48. @petecheslock How we do DevOps
- 49. @petecheslock Ops needs to trust dev to involve them on feature discussions How we do DevOps
- 50. @petecheslock Devs need to trust Ops to discuss infrastructure changes. How we do DevOps Ops needs to trust dev to involve them on feature discussions
- 51. @petecheslock Everyone needs to trust that everyone is doing their best for the business
- 57. @petecheslock
- 58. @petecheslock
- 59. Crop image to fit inside this box How to Integrate SecOps? Similar to integrating Dev and Ops teams. Adding Security into the mix - leverage your shared tools and processes. Threat Stack uses Threat Stack to protect Threat Stack.
- 61. @petecheslock "Abrasive individuals will single-handed do more to undermine the security brand and culture at your company than anything else.” https://speakerdeck.com/iodboi/crafting-an-effective-security-organisation-kiwicon-8 - Rich Smith (Etsy)
- 62. @petecheslock The best security culture is collaborative not prescriptive.
- 63. @petecheslock