The document discusses typical DevOps pipelines and the problem of integrating vendor package releases into consumer pipelines. It describes different types of vendor package releases and proposes computable release notes and a "missing link" protocol to automate the processing and integration of vendor packages. The demo shows how the missing link processor uses the protocol to parse release notes, identify deployable artifacts and configurations, and map them to a consumer's deployment pipeline.
6. The Problem
Release Notes
Consumer
•
Standard Change?
•
Normal Change?
•
Emergency
Change?
•
Minor Change?
•
Patch, Hotfix?
•
Rollback?
•
Reboot?
•
Outage
(Monitoring)?
●
Testcoverage?
●
Availbale Smoketest
after Deployment?
●
TEV (EOD) Tests?
Quiz! Which branch is described here…
➔ Segregation of duty
➔ ITIL/ITSM
➔ Nearly always “buy!!! not make”
➔ Very heterogeneous (legacy) landscape because of uncontrolled
buying
➔ Almost non-operational solution in production (e.g. Axiom) =>
Fear-Driven Change Processes
➔ Focus on Business Value almost no IT and no Operating
requirements
➔ Almost no consideration of non-functional requirements
➔ No standardized buying process which includes IT and Business
requirements => PURE Business-Driven
7. Package Content TypesPackage Content Types
● Full Packages (Pilotphase, Initial Setup, Major Releases)
● SNAPSHOTS (no release candidates, nightly or CI builds for initial CD setups
and/or EOD/EOW process tests)
● Delta
● Standard Changes
● Hotfixes, Patches
● Emergency
● Third Party Library
● Infrastructure Changes
● Configuration
● Components (Message Queues, etc)
● TEV (EOD) related
● Database (Impacts Backup and Encryption, Test Data)
● Application Configuration
=> Ideally in the end everything should be a
Standard Change
=> Enables Continuous Deployments to PROD
=> Possible through Micro-services (easy rollback-able)
=> Achievable by sufficient automated Test evidences (UAT) and by
identifying more changes as standard
9. Release Notes
Subject of Interest
● Which parts are of interest for End-2-End Deployment Automation
● Application Configuration Items needed to be customized by consumer
otherwise application will not work properly
● Infrastructure changes (System Requirement changes)
● New application logic or bug fixes and their automated test coverage and
evidence to run on-premise with specified test data
● Database changes
● Interface and compatibility changes
10. Build Pipeline
CI/CD, ARA Plugins, Create Docker Image, Provisioning
(Chef, Puppet, etc)
Missing Link Processor
VendorA Package
1
VendorB Package 2
Delivey
Trigger
VendorC Package n
SCM Checkin
Trigger
Package Plugin
Outbound.xml
Rest API ARA
Plugin
Inbound.xml
Maven Plugin,
Generating
Deployables
On-Premise
On-Premise (No Compile, No Packaging, etc)Extern
ARA Tool
ARA Tool
Business Logic: Dictionary Processing, Release Notes Processing,
Provisioning Information, Business Rules, Automated Tests,
Changemanagement Processing (Standard Changes))
Deployment
Pipeline
DelOps (Non-IT Companies, financial sector)
Deployment
Pipeline
Value Stream
Bottkleneck
Value Stream – Lead Time Optimized
CMDB
CMDB
DevOps (typical IT Companies)
14. Thank You
Visit our Website and Open Source Initiative
www.dersalvador.com
https://github.com/DerSalvador/MissingLinkProtocol
Zürich – Salvador da Bahia
Notas do Editor
from the reactive to the proactive
Inhouse ALM Build and Deployment Pipeline
simplified
left out
Automated Provisioning
Configuration monitoring
Feedback loops
Release Management
Segregation of duty
Inhouse ALM Build and Deployment Pipeline
simplified
left out
Automated Provisioning
Feedback loops
Release Management
Segregation of duty
At least two independent legal entities
Change Management
Non-standardized and volatile Package Types and Contents
Process Boundaries (Communication and Monitoring Gaps)
Missing Link between two disjunct Continuous Delivery Approaches
Hope Vendor has enough security measures in place (Third Pary Libraries, Open Source, etc)
Inhouse ALM Build and Deployment Pipeline
simplified
left out
Automated Provisioning
Feedback loops
Release Management
Segregation of duty
At least two independent legal entities
Change Management
Non-standardized and volatile Package Types and Contents
Process Boundaries (Communication and Monitoring Gaps)
Missing Link between two disjunct Continuous Delivery Approaches
Inhouse ALM Build and Deployment Pipeline
simplified
left out
Automated Provisioning
Feedback loops
Release Management
Segregation of duty
At least two independent legal entities
Change Management
Non-standardized and volatile Package Types and Contents
Process Boundaries (Communication and Monitoring Gaps)
Missing Link between two disjunct Continuous Delivery Approaches
Inhouse ALM Build and Deployment Pipeline
simplified
left out
Automated Provisioning
Feedback loops
Release Management
Segregation of duty
Inhouse ALM Build and Deployment Pipeline
simplified
left out
Automated Provisioning
Feedback loops
Release Management
Segregation of duty
Inhouse ALM Build and Deployment Pipeline
simplified
left out
Automated Provisioning
Feedback loops
Release Management
Segregation of duty
Inhouse ALM Build and Deployment Pipeline
simplified
left out
Automated Provisioning
Feedback loops
Release Management
Segregation of duty
Inhouse ALM Build and Deployment Pipeline
simplified
left out
Automated Provisioning
Feedback loops
Release Management
Segregation of duty