DevOps principles to build your lean startup

Transcript

1. DEVOPS PRINCIPLES
   TO BUILD YOUR LEAN
   STARTUP
   STARTUP LEADERSHIP PROGRAM ONLINE
   WEBINAR
   Madhu Akula, Automation Ninja
   Appsecco
   

   View Slide

2. ABOUT ME
   Automation Ninja at Appsecco
   Interested in Security, DevOps and Cloud
   Speaker & Trainer: Defcon, DevSecCon, All Day DevOps,
   DevOps Days, etc
   Found bugs in Google, Microso , Yahoo, etc
   Never ending learner!
   Follow me (or) Tweet to me @madhuakula
   

   View Slide

3. DISCLAIMER
   This talk is my view of DevOps
   

   View Slide

4. WHAT IS DEVOPS?
   DevOps - Implementing a culture of sharing
   between development and operations
   There are many definitions for this term.
   I personally follow CAMS by Damon Edwards
   Culture
   Automation
   Measurement
   Sharing
   

   View Slide

5. WHAT ARE LEAN STARTUP PRINCIPLES?
   

   View Slide

6. WHAT ARE THE PROBLEMS WITH
   TRADITIONAL STUFF?
   Insufficient time
   Unstable and unpredictable infrastructure
   Lack of Documentation & Updated
   Inventory
   

   View Slide

7. WHY DEVOPS?
   High-performing IT organizations deploy more frequently,
   fail less, and recover faster
   Automation is a huge boon to organizations
   Loosely coupled architectures and teams are the
   strongest predictor of continuous delivery
   Lean product management drives higher organizational
   performance
   

   View Slide

8. DEVOPS ADOPTION
   https://puppet.com/system/files/2017-06/2017-state-of-devops-report_3.pdf
   

   View Slide

9. CHANGES IN IT PERFORMANCE, 2016 TO 2017
   https://puppet.com/system/files/2017-06/2017-state-of-devops-report_3.pdf
   

   View Slide

10. COMPARISON BETWEEN TRADITIONAL IT VS
    DEVOPS PROCESS
    https://devops.com/comparing-devops-traditional-eight-key-differences/
    

    View Slide

11. PAUL GRAHAM’S STARTUP CURVE
    Source: https://medium.com/agorapulse-stories/running-a-startup-with-lean-devops-culture-
    df50825b110b
    

    View Slide

12. INTRODUCING CLOUD COMPUTING AND IT'S
    SERVICES
    Cloud computing and it's services will help
    to save immense amount of time and
    money with additional facilities.
    

    View Slide

13. CLOUD COMPUTING AND IT'S SERVICES
    (CONT.D)
    Costs (pay-as-you-go)
    Access to multiple services
    IAAS (Infrastructure as a
    service)
    PAAS (Platform as a service)
    SAAS (So ware as a service)
    Scalability
    Mobility
    

    View Slide

14. DEVOPS LIFE CYCLE
    source: https://blog.appdynamics.com/engineering/devops-scares-me-part-4-dev-and-ops-
    collaborate-across-the-lifecycle
    

    View Slide

15. AGILE VS WATERFALL
    source: https://blog.ganttpro.com/en/waterfall-vs-agile-with-advantages-and-disadvantages/
    

    View Slide

16. AGILE VS WATERFALL (CONTD.)
    With waterfall development, frozen
    business plan and silos between teams,
    getting an idea delivered to customers took
    months or even years.
    

    View Slide

17. AGILE VS WATERFALL (CONTD.)
    source: https://blog.ganttpro.com/en/waterfall-vs-agile-with-advantages-and-disadvantages/
    

    View Slide

18. DEVOPS STARTUP ANATOMY
    Early days Dev/Ops/Security will be the same
    person/team
    Time is critical asset, focus on product
    Cloud and modern tools give you a huge amount of
    possibilities
    

    View Slide

19. MODERN OPERATIONS
    

    View Slide

20. VERSION CONTROL
    Version controlling gives the power of
    moving traditional IT operations to modern
    DevOps shops
    

    View Slide

21. VERSION CONTROL (CONTD.)
    Management of things is super easy and efficient
    Github, Bitbucket, Gitlab, Gogs, etc
    Some of things can be done with version control
    includes
    Documentation, Presentations, References, etc
    Configurations, Playbooks, Scripts, Code, etc
    Many more
    

    View Slide

22. DOCUMENTATION
    Documentation is the solution for multiple
    problem, which gives ample amount of
    time to solve other problems
    

    View Slide

23. DOCUMENTATION (CONTD.)
    Text format (Human & Machine readable format)
    Markdown is one of the simple and powerful format
    It provides valuable amount of use cases, which includes
    Building Knowledge Base (MKDocs, Raneto, Gitbooks,
    etc)
    Generating presentations (reveal.js, impress.js, etc)
    Giving solutions and how to guide playbooks
    Many more
    

    View Slide

24. CONFIGURATION MANAGEMENT
    Infrastructure as code (aims to take the confusion and
    error-prone aspect of manual processes and make it more
    efficient, and productive)
    Version control, Continuous integration, Code review and
    Automated testing
    Inventory using configuration management
    database(CMDB)
    Tools (Terraform, Ansible, Puppet, Chef, etc)
    

    View Slide

25. CONFIGURATION MANAGEMENT
    To get started with
    

    View Slide

26. CONFIGURATION MANAGEMENT (EXAMPLE)
    Install nginx and start the
    server
    ---
    - name: install and start nginx webserver
    hosts: webserver
    user: madhu
    become: yes
    task:
    name: install nginx
    apt: name=nginx state=present update_cache=yes
    name: start nginx
    service: name=nginx state=running
    

    View Slide

27. MONITORING & ALERTING
    The key to making informed decisions and
    quickly troubleshooting issues is having
    extensive monitoring in place before
    catastrophe strikes.
    

    View Slide

28. MONITORING & ALERTING (CONTD.)
    Host level monitoring & alerting (health checks, file
    integrity, etc)
    Security events monitoring & alerting (logs, events, many
    more)
    Monitoring will give you the situational awareness needed
    to quickly diagnose issues and recover quickly
    Tools like (Ngaios, Icinga, ELK, Prometheus, Newrelic,
    Datadog, Splunk, Slack, Pagerduty, Victorops, OSSEC,
    Osquery, etc)
    

    View Slide

29. MONITORING & ALERTING (CONTD.)
    To get started with
    

    View Slide

30. PROJECT MANAGEMENT & PLANNING
    Break requirements into actionable steps with possible
    human resource implications
    Like who would do the work
    An estimate of how long it will take
    

    View Slide

31. PROJECT MANAGEMENT & PLANNING
    (CONTD.)
    You can share and assign to team members and get
    feedback before the solution is delivered
    When similar projects appear, you will already have a
    useful template.
    Tools like (Trello, JIRA, Asana, etc)
    

    View Slide

32. SECRETS STORAGE & SHARING
    Managing secrets and keys should be your primary goal
    Not just for your infrastructure, but things like domain
    registrars, support sites for various hardware and so ware
    vendors, etc.
    

    View Slide

33. SECRETS STORAGE & SHARING (CONTD.)
    A password safe is like a central database you can share
    with your team and it will allow you to collect and
    securely store this data
    Some of the tools like (Vault, Lastpass, Keepass, Many
    more)
    

    View Slide

34. BACKUPS & SECURE STORAGE
    Learn how to use backup so ware and then automate it.
    Having good backups, that you test once and awhile, will
    likely save you some day
    Snapshots, Incremental, Differential, Full
    

    View Slide

35. BACKUPS & SECURE STORAGE (CONT.D)
    Securing backup data & storage is really important (in
    motion and rest)
    Using encryption for possible data
    Options like (s3, Dropbox, Duply, Minio, etc)
    

    View Slide

36. CONTINUOUS INTEGRATION
    Continuous Integration is a so ware
    development practice where members of a
    team integrate their work frequently,
    usually each person integrates at least
    daily - leading to multiple integrations per
    day. Each integration is verified by an
    automated build (including test) to detect
    integration errors as quickly as possible.
    

    View Slide

37. CONTINUOUS DELIVERY
    Continuous Delivery is the ability to get
    changes of all types—including new
    features, configuration changes, bug fixes
    and experiments—into production, or into
    the hands of users, safely and quickly in a
    sustainable way.
    

    View Slide

38. CONTINUOUS INTEGRATION & DELIVERY
    Connect your builds and webhooks to CI/CD pipelines
    Automate the test cases & validation checks
    Running your integration, build tools
    Tools like (Jenkins, Travis CI, Cricle CI, Bitbucket Pipelines,
    Gitlab Builds, etc)
    

    View Slide

39. CONTINUOUS INTEGRATION & DELIVERY
    (CONTD.) - 10 FACTOR CI
    

    View Slide

40. 10 FACTOR CI (CONTD.)
    

    View Slide

41. COLLABORATION & COMMUNICATION
    Building collaboration is key part of DevOps.
    Making awareness across teams (Cross Functional
    Teams)
    On-call rotations & activities
    

    View Slide

42. COLLABORATION & COMMUNICATION
    (CONTD.)
    Chat bots and Slack
    Gamification, Building internal
    champions
    Community events and participation
    

    View Slide

43. CENTRALISATION
    Centralised Inventory & Asset Management (So ware &
    Hardware)
    Centralised Monitoring & Alerting (Health, Service,
    Applications & Security)
    Centralised Repositories (Gitlab, Private Registry, Nexus,
    etc)
    

    View Slide

44. MODERN TECHNOLOGIES & TRENDS
    

    View Slide

45. MODERN TECHNOLOGIES & TRENDS -
    CONTAINERS
    Containers allow you to package and isolate applications
    with their entire runtime environment
    Containers ensure that applications deploy quickly,
    reliably, and consistently regardless of deployment
    environment(dev/test/prod/etc.)
    

    View Slide

46. CONTAINERS (CONTD.)
    Containers has been for a while. But, Docker made the
    revolution of container ecosystem by it's simplicity
    Containers share the same kernel of the host system, this
    gives powerful performance compared to VM's.
    

    View Slide

47. MODERN TECHNOLOGIES & TRENDS -
    CONTAINERS (EXAMPLE)
    Running wordpress application stack is as simple as
    running single command
    version: '3'
    services:
    db:
    image: mysql:5.7
    volumes:
    - db_data:/var/lib/mysql
    restart: always
    environment:
    MYSQL_ROOT_PASSWORD: somewordpress
    MYSQL_DATABASE: wordpress
    MYSQL_USER: wordpress
    MYSQL_PASSWORD: wordpress
    wordpress:
    depends_on:
    - db
    

    View Slide

48. MODERN TECHNOLOGIES & TRENDS -
    CONTAINERS (CONTD.)
    Managing containers at scale made simple by solutions
    like , , , and many other.
    To know more about
    To play around bunch of these new stuff
    Kubernetes Mesos DC/OS Swarm
    The New Stack Book series
    Katacoda
    

    View Slide

49. MODERN TECHNOLOGIES & TRENDS -
    SERVERLESS
    Serverless computing, also known as
    Function as a Service (FaaS), is a cloud
    computing code execution model in which
    the cloud provider fully manages virtual
    machines as necessary to serve requests
    and where requests are billed by an
    abstract measure of the resources required
    to satisfy the request, rather than per
    virtual machine, per hour.
    Source: https://en.wikipedia.org/wiki/Serverless_computing
    

    View Slide

50. SERVERLESS (CONTD.)
    All three biggies , and have a service
    around this and if you are sold on in-prem then look at
    IBM’s .
    Simpler frameworks such as , , ,
    Many more.
    AWS Google Azure
    OpenWhisk
    Serverless Chalice Zappa
    

    View Slide

51. SERVERLESS (CONTD.)
    AWS Lambda charges start at $0.20 per 1
    million API requests. Making this fairly
    cheap and infinitely scalable
    The essence of the serverless trend is the absence of the
    server concept during so ware development.
    

    View Slide

52. HIRING OPS FOR YOUR STARTUP
    Comfortable with chaos
    Knows when to solve 80% and move
    on
    Total responsibility for outcomes
    Good judgement
    Highly reactive and technical breadth
    Related to your real problems
    More about it by Charity Majors
    

    View Slide

53. DEMO
    code to prod
    IDE -> Version Control -> Pipe Line -> Container -> Application
    

    View Slide

54. FURTHER READING & REFERENCES
    

    View Slide

55. PERIODIC TABLE OF DEVOPS TOOLS BY
    XEBIALABS
    https://xebialabs.com/periodic-table-of-devops-tools/
    

    View Slide

56. 12 FACTOR APP
    A methodology for building modern, scalable,
    maintainable so ware-as-a-service apps.
    

    View Slide

57. SEGMENT STACK
    https://segment.com/blog/the-segment-aws-stack/
    

    View Slide

58. BOOKS TO READ
    The Phoenix Project
    The Practice of System and Network
    Administration
    The Visible Ops Handbook
    Continuous Delivery
    DevOps Handbook
    Google SRE
    The Lean Startup
    The Manager's Path
    

    View Slide

59. REPOSITORIES, LINKS & BOOKMARKS
    Awesome Sysadmin
    Awesome DevOps
    Awesome SRE
    DevOps Training
    Materials
    Awesome DevSecOps
    

    View Slide

60. REPOSITORIES, LINKS & BOOKMARKS
    (CONTD.)
    The Open Guide to Amazon Web
    Services
    DevOps Bookmarks
    Ops school
    Sysadmin Casts
    

    View Slide

61. THE SAAS CTO SECURITY CHECKLIST
    

    View Slide

62. THE DEVOPS SECURITY CHECKLIST
    

    View Slide

63. ALL DAY DEVOPS
    All Day DevOps is an online community
    responsible for creating the world's largest
    DevOps conference.
    

    View Slide

64. ALL DAY DEVOPS
    https://www.alldaydevops.com/
    

    View Slide

65. REFERENCES
    http://www.alldaydevops.com/blog/devops-for-small-organizations-lessons-from-ed-1
    https://speakerdeck.com/armon/devops-for-startups
    https://medium.com/@larsfronius/devops-for-startups-b7fadd54c1b2
    https://medium.com/agorapulse-stories/running-a-startup-with-lean-devops-culture-
    df50825b110b
    https://www.linkedin.com/pulse/devops-lean-startups-read-cry-more-sonu-meena
    http://www.programmersparadox.com/2011/10/03/devops-and-the-lean-startup/
    https://dzone.com/articles/adapting-devops-culture-with-calms
    https://readwrite.com/2014/01/01/three-reasons-your-startup-needs-devops-or-else/
    https://devops.com/comparing-devops-traditional-eight-key-differences/
    https://puppet.com/system/files/2017-06/2017-state-of-devops-report_3.pdf
    https://www.linkedin.com/learning/devops-foundations/
    https://sysadmincasts.com/episodes/25-bits-sysadmins-should-know
    http://microservices.io/
    https://www.martinfowler.com/articles/continuousIntegration.html
    

    View Slide

66. THANKS
    @madhuakula
    https://appsecco.com
    

    View Slide