The document discusses typical DevOps pipelines and the problem of integrating vendor package releases into consumer pipelines. It describes different types of vendor package releases and proposes computable release notes and a "missing link" protocol to automate the processing and integration of vendor packages. The demo shows how the missing link processor uses the protocol to parse release notes, identify deployable artifacts and configurations, and map them to a consumer's deployment pipeline.

1. The Missing Link:
automated external Vendor Package Processing and
computable Release Notes
Agenda
• Typical DevOps Pipelines “Standard”
• The Problem (Vendor-Consumer Relationship)
• Package Types
• Computable Release Notes
• The Missing Link
• DEMO

2. Michael Roepke
(bald Santana Mellouk)
● Typischer Dev (hinreichend Ops), seit 1990
● Procedural (Clipper)→Objectoriented (C++, Smalltalk,
Java)→Object-Functional (Java 8, Scala)
● CEO/CTO
● Metabox-TransContent AG - Neuer Markt (2001)
– CMS Systeme
● Filekeys (2005-2009) – Brasilien, Lissabon
– Tourismus und Arbeitsmedizin
● DerSalvador GmbH (heute) – Zug, Schweiz, Salvador Brasilien
– DevOps & DelOps

3. Typical DevOps Pipelines “Standard”

4. The Problem
Vendor
Dev(Sec)OpsDev(Sec)Ops

5. The Problem
Affected Processes
Impact on

6. The Problem
Release Notes
Consumer
•
Standard Change?
•
Normal Change?
•
Emergency
Change?
•
Minor Change?
•
Patch, Hotfix?
•
Rollback?
•
Reboot?
•
Outage
(Monitoring)?
●
Testcoverage?
●
Availbale Smoketest
after Deployment?
●
TEV (EOD) Tests?
Quiz! Which branch is described here…
➔ Segregation of duty
➔ ITIL/ITSM
➔ Nearly always “buy!!! not make”
➔ Very heterogeneous (legacy) landscape because of uncontrolled
buying
➔ Almost non-operational solution in production (e.g. Axiom) =>
Fear-Driven Change Processes
➔ Focus on Business Value almost no IT and no Operating
requirements
➔ Almost no consideration of non-functional requirements
➔ No standardized buying process which includes IT and Business
requirements => PURE Business-Driven

7. Package Content TypesPackage Content Types
● Full Packages (Pilotphase, Initial Setup, Major Releases)
● SNAPSHOTS (no release candidates, nightly or CI builds for initial CD setups
and/or EOD/EOW process tests)
● Delta
● Standard Changes
● Hotfixes, Patches
● Emergency
● Third Party Library
● Infrastructure Changes
● Configuration
● Components (Message Queues, etc)
● TEV (EOD) related
● Database (Impacts Backup and Encryption, Test Data)
● Application Configuration
=> Ideally in the end everything should be a
Standard Change
=> Enables Continuous Deployments to PROD
=> Possible through Micro-services (easy rollback-able)
=> Achievable by sufficient automated Test evidences (UAT) and by
identifying more changes as standard

8. Computable Release NotesComputable Release Notes
https://github.com/GitTools
https://github.com/GitTools/GitReleaseNotes
http://posabsolute.github.io/releasenotes/
Automated generation of release notes...

9. Release Notes
Subject of Interest
● Which parts are of interest for End-2-End Deployment Automation
● Application Configuration Items needed to be customized by consumer
otherwise application will not work properly
● Infrastructure changes (System Requirement changes)
● New application logic or bug fixes and their automated test coverage and
evidence to run on-premise with specified test data
● Database changes
● Interface and compatibility changes

10. Build Pipeline
CI/CD, ARA Plugins, Create Docker Image, Provisioning
(Chef, Puppet, etc)
Missing Link Processor
VendorA Package
1
VendorB Package 2
Delivey
Trigger
VendorC Package n
SCM Checkin
Trigger
Package Plugin
Outbound.xml
Rest API ARA
Plugin
Inbound.xml
Maven Plugin,
Generating
Deployables
On-Premise
On-Premise (No Compile, No Packaging, etc)Extern
ARA Tool
ARA Tool
Business Logic: Dictionary Processing, Release Notes Processing,
Provisioning Information, Business Rules, Automated Tests,
Changemanagement Processing (Standard Changes))
Deployment
Pipeline
DelOps (Non-IT Companies, financial sector)
Deployment
Pipeline
Value Stream
Bottkleneck
Value Stream – Lead Time Optimized
CMDB
CMDB
DevOps (typical IT Companies)

11. Excerpt Computable Release Notes = Outbound
<outbound>
<vendorDelivery version="{{vendor-package-version}}" application="{{vendor-application-name}}">
…….
<deployables>
<j2ee.EAR id="1" groupid="{{import-group-name}}" file="{{deployable-file}}" …. >
<configurationset>{{reference-to-configurationSet-id}}</configurationset>
<configurationset>{{reference-to-configurationSet-id}}</configurationset>
</j2ee.EAR>
</deployables>
<configurations>
<configurationSet id="{{reference-id}}" name="{{configurationSet-name}}">
<file id="1" file="{{archive-path}}!{{config-file}}" name="{{config-file-name}}">
<ci key="{{property-name}}">
<value type="String">{{property-default-value}}</value>
</ci>
</file>
</configurationSet>
</configurations>
<changemanagement type="standard|normal|emergency"/>
<smokeTest/>
…..
</vendorDelivery>
</outbound>

12. Excerpt Computable Release Notes = Inbound
<inbound>
…….
<deliveryLocationLookup application="app-name" ….">
<localPropertyContainer deployable="dp-name" file="dp.tar.gz">
<targetPath/>
<scanPlaceholders>true</scanPlaceholders>
<container type="docker" image="tomcat"
name="app-name"/>
</localPropertyContainer>
</deliveryLocationLookup>
…...
</inbound>

13. Demo

14. Thank You
Visit our Website and Open Source Initiative
www.dersalvador.com
https://github.com/DerSalvador/MissingLinkProtocol
Zürich – Salvador da Bahia