How (Not) to Deploy to AWS

Transcript

1. AWS Vienna How not to Deploy to AWS Philipp Krenn
   
   
   
   
   
   
   @xeraa

2. Conferences and ViennaDB Papers We Love Vienna

3. Electronic Data Interchange EDI Automated exchange of B2B documents

4. None

5. Stability Automated builds Manual blessing Weekend deployments

6. Code master release Pull Requests

7. Tools Java + Maven ↓ GitHub ↓ Jenkins ↓ AWS:

   S3 ⾯ EC2

8. Environments local, vagrant, test development, stage, production

9. Properties db.host=127.0.0.1 db.database=dev

10. Blessing ! Promote the build on Jenkins $ mvn package

    -Dspring.profiles.active=development Copy the artifact to S3 Fetch it during the deployment
11. None

12. What You Bless Is not What You Package Changed snapshot

    dependencies Always packages the latest build MissingProjectException

13. in the cloud, no one can hear you scream —

    @sadserver, https://twitter.com/sadserver/status/ 641960756678889472

14. The Twelve-Factor App http://12factor.net

15. Jo eh...

16. I. Codebase Git

17. None

18. II. Dependencies Maven

19. III. Config Properties

20. IV. Backing Services RDS, ElastiCache MongoDB, ActiveMQ, Elasticsearch, Disque

21. V. Build, Release, Run Jenkins

22. The release stage takes the build produced by the build

    stage [...]

23. VI. Processes Java Service Wrapper

24. VII. Port Binding Embedded Jetty

25. VIII. Concurrency DJ Bernstein Daemontools

26. IX. Disposability ActiveMQ / Disque

27. X. Dev / Prod Parity Hand crafted

28. XI. Logs File LogEntries via Logback

29. XII. Admin Processes Internal admin app

30. Non-Issues Continuous Delivery Log appender

31. Issues Builds Properties Dev / Prod Parity

32. Builds

33. Unified Build Package during the build Copy to S3 during

    the promotion

34. Spring Profiles Load the right properties file Define the environment

    on the instance

35. Jenkins: Archive

36. Jenkins: Promote

37. PS Jenkins: Release

38. Parity

39. Ansible Vagrant, AWS, deployments,...

40. Eierlegende Wollmilchsau

41. "egg-laying wool-milk-sow"

42. Properties

43. Ansible generated Decoupling code and config

44. Encrypt all the properties http://ejohn.org/blog/keeping-passwords-in-source-control/

45. None

46. .gitignore env/*/secret.properties

47. !/bin/sh FILE=$1 FILENAME=$(basename "$FILE") DIRECTORY=$(dirname "$FILE") EXTENSION="${FILENAME##*.}" NAME="${FILENAME%.*}" if [[

    "$EXTENSION" != "aes256" ]] then echo "Encrypting $FILENAME and removing the plaintext file" openssl aes-256-cbc -e -a -in $DIRECTORY/$FILENAME -out $DIRECTORY/${FILENAME}.aes256 rm $DIRECTORY/$FILENAME else then echo "Decrypting $FILENAME" openssl aes-256-cbc -d -a -in $DIRECTORY/$FILENAME -out $DIRECTORY/$NAME fi

48. Deployment wget from S3 Create the config with Ansible Switch

    & restart Report

49. Tips

50. Security

51. This outage was the result of an attack on our

    systems using a compromised API key. — http://status.bonsai.io/incidents/qt70mqtjbf0s

52. Tip Color code environments

53. Tip Add information to the artifacts $ cat version Build

    number: 544 Build date: 2015-05-13_15-30-42 Git SHA1: 52c86f63895606f08cd

54. Demo

55. None
56. None

57. Thank you! Questions? @xeraa

58. Image Credits Paper https://flic.kr/p/7AdQmH Twelve https://flic.kr/p/3iRDd9 Austria https://flic.kr/p/cUsAR1 Eierlegende Wollmilchsau

    https://flic.kr/p/GzQTT