Slide 1
Slide 1 text
AWS Vienna
How not to Deploy
to AWS
Philipp Krenn@xeraa
Slide 2
Slide 2 text
Conferences and
ViennaDB
Papers We Love Vienna
Slide 3
Slide 3 text
Electronic Data Interchange EDI
Automated exchange of B2B documents
Slide 4
Slide 4 text
No content
Slide 5
Slide 5 text
Stability
Automated builds
Manual blessing
Weekend deployments
Slide 6
Slide 6 text
Code
master
release
Pull Requests
Slide 7
Slide 7 text
Tools
Java + Maven
↓
GitHub
↓
Jenkins
↓
AWS: S3 ⾯ EC2
Slide 8
Slide 8 text
Environments
local, vagrant, test
development, stage, production
Slide 9
Slide 9 text
Properties
db.host=127.0.0.1
db.database=dev
Slide 10
Slide 10 text
Blessing !
Promote the build on Jenkins
$ mvn package -Dspring.profiles.active=development
Copy the artifact to S3
Fetch it during the deployment
Slide 11
Slide 11 text
No content
Slide 12
Slide 12 text
What You Bless Is not
What You Package
Changed snapshot dependencies
Always packages the latest build
MissingProjectException
Slide 13
Slide 13 text
in the cloud, no one can
hear you scream
— @sadserver, https://twitter.com/sadserver/status/
641960756678889472
Slide 14
Slide 14 text
The Twelve-Factor App
http://12factor.net
Slide 15
Slide 15 text
Jo eh...
Slide 16
Slide 16 text
I. Codebase
Git
Slide 17
Slide 17 text
No content
Slide 18
Slide 18 text
II. Dependencies
Maven
Slide 19
Slide 19 text
III. Config
Properties
Slide 20
Slide 20 text
IV. Backing Services
RDS, ElastiCache
MongoDB, ActiveMQ,
Elasticsearch, Disque
Slide 21
Slide 21 text
V. Build, Release, Run
Jenkins
Slide 22
Slide 22 text
The release stage takes
the build produced by the
build stage [...]
Slide 23
Slide 23 text
VI. Processes
Java Service Wrapper
Slide 24
Slide 24 text
VII. Port Binding
Embedded Jetty
Slide 25
Slide 25 text
VIII. Concurrency
DJ Bernstein Daemontools
Slide 26
Slide 26 text
IX. Disposability
ActiveMQ / Disque
Slide 27
Slide 27 text
X. Dev / Prod Parity
Hand crafted
Slide 28
Slide 28 text
XI. Logs
File
LogEntries via Logback
Slide 29
Slide 29 text
XII. Admin Processes
Internal admin app
Slide 30
Slide 30 text
Non-Issues
Continuous Delivery
Log appender
Slide 31
Slide 31 text
Issues
Builds
Properties
Dev / Prod Parity
Slide 32
Slide 32 text
Builds
Slide 33
Slide 33 text
Unified Build
Package during the build
Copy to S3 during the promotion
Slide 34
Slide 34 text
Spring Profiles
Load the right properties file
Define the environment on the instance
Slide 35
Slide 35 text
Jenkins: Archive
Slide 36
Slide 36 text
Jenkins: Promote
Slide 37
Slide 37 text
PS Jenkins: Release
Slide 38
Slide 38 text
Parity
Slide 39
Slide 39 text
Ansible
Vagrant, AWS, deployments,...
Slide 40
Slide 40 text
Eierlegende
Wollmilchsau
Slide 41
Slide 41 text
"egg-laying
wool-milk-sow"
Slide 42
Slide 42 text
Properties
Slide 43
Slide 43 text
Ansible generated
Decoupling code and config
Slide 44
Slide 44 text
Encrypt all the properties
http://ejohn.org/blog/keeping-passwords-in-source-control/
Slide 45
Slide 45 text
No content
Slide 46
Slide 46 text
.gitignore
env/*/secret.properties
Slide 47
Slide 47 text
!/bin/sh
FILE=$1
FILENAME=$(basename "$FILE")
DIRECTORY=$(dirname "$FILE")
EXTENSION="${FILENAME##*.}"
NAME="${FILENAME%.*}"
if [[ "$EXTENSION" != "aes256" ]]
then
echo "Encrypting $FILENAME and removing the plaintext file"
openssl aes-256-cbc -e -a -in $DIRECTORY/$FILENAME -out $DIRECTORY/${FILENAME}.aes256
rm $DIRECTORY/$FILENAME
else
then
echo "Decrypting $FILENAME"
openssl aes-256-cbc -d -a -in $DIRECTORY/$FILENAME -out $DIRECTORY/$NAME
fi
Slide 48
Slide 48 text
Deployment
wget from S3
Create the config with Ansible
Switch & restart
Report
Slide 49
Slide 49 text
Tips
Slide 50
Slide 50 text
Security
Slide 51
Slide 51 text
This outage was the result
of an attack on our
systems using a
compromised API key.
— http://status.bonsai.io/incidents/qt70mqtjbf0s
Slide 52
Slide 52 text
Tip
Color code environments
Slide 53
Slide 53 text
Tip
Add information to the artifacts
$ cat version
Build number: 544
Build date: 2015-05-13_15-30-42
Git SHA1: 52c86f63895606f08cd
Slide 54
Slide 54 text
Demo
Slide 55
Slide 55 text
No content
Slide 56
Slide 56 text
No content
Slide 57
Slide 57 text
Thank you!
Questions?
@xeraa
Slide 58
Slide 58 text
Image Credits
Paper https://flic.kr/p/7AdQmH
Twelve https://flic.kr/p/3iRDd9
Austria https://flic.kr/p/cUsAR1
Eierlegende Wollmilchsau https://flic.kr/p/GzQTT