Post on 12-Apr-2017
Motivations - What we had
python 2.7
modules
openssl
xmlsec1
manually install producesartefact
pipeline
manually config
on CI server
agent1
agent2
agent3
devticketops
devsudo
git
server app A
server app Bserver app C
● minimize the need to touch
or change the CI agent
● allow self-service build environments
Toolset
Goals:● the build environment that
runs on developer machine runs everywhere
● can build any version of anything
● standardized environment to bring speed and quality to the development process
Motivations - What we had
python 2.7
modules
openssl
xmlsec1
manually install producesartefact
pipeline
manually config
on CI server
agent1
agent2
agent3
devticketops
devsudo
git
server app A
server app Bserver app C
What we envisioned
builds toolset container
producesartefact
pipeline
manually config
on CI server
agent1
agent2
agent3
git
servers app A
servers app B
servers app C
commit Dockerfile
on git repo
python 2.7modulesopensslxmlsec1
What we have done
builds toolset container
producesartefact
pipeline
manually config
on CI server
agent1
agent2
agent3
git
servers app A
servers app B
servers app C
commit Dockerfile
on git repo
CloudFormation container
● python● py-pip● bash● awscli● boto3
Ansible container
● python(2.7)● py-pip● openssl● ca-certificates● bash● git● openssh● bash● awscli● ansible● boto3
Examples - super binary containers
● costs minimized by sharing
one CI agent instance between several teams
● not a blocker to others anymore
Toolset
Pros:
● very small administration overhead on the CI agent
● not limited by the linux distro the CI agent runs on
● easy to keep local dev and prod identical
● makes troubleshooting way
more complex
Toolset
Cons:
● learning curve (new mindset, new tools, etc.)
● now you have to use containers for all CI jobs
● performance issues on the agent instance affects all the teams
● pay attention to the order
of the instructions inside your dockerfile
Toolset
Lessons learned:
● use small bash scripts for your docker build and run commands
● use small bash scripts to handle environment variables
● keep docker up to date
● docker compose?
Toolset
Next steps:
● secrets management (credstash?)
● better environment variable management