Solving CI Operational Challenges
-
Upload
nicolas-corrarello -
Category
Software
-
view
63 -
download
1
Transcript of Solving CI Operational Challenges
![Page 1: Solving CI Operational Challenges](https://reader030.fdocuments.in/reader030/viewer/2022020719/5a6557c87f8b9a8c388b4bc7/html5/thumbnails/1.jpg)
@hashicorp
Solving CI ChallengesNicolas Corrarello @nomadic_geek May / 2017
![Page 2: Solving CI Operational Challenges](https://reader030.fdocuments.in/reader030/viewer/2022020719/5a6557c87f8b9a8c388b4bc7/html5/thumbnails/2.jpg)
![Page 3: Solving CI Operational Challenges](https://reader030.fdocuments.in/reader030/viewer/2022020719/5a6557c87f8b9a8c388b4bc7/html5/thumbnails/3.jpg)
whoami
3
- Nico <[email protected]> - General geek and DadOps beginner - Opinionated Italian - Argentinian with a hard to pronounce surname - Red Hat, Symantec, Rackspace, Puppet, Hashicorp - ncorrare @github, sgtpepper @freenode - http://nicolas.corrarello.com
![Page 4: Solving CI Operational Challenges](https://reader030.fdocuments.in/reader030/viewer/2022020719/5a6557c87f8b9a8c388b4bc7/html5/thumbnails/4.jpg)
https://en.wikipedia.org/wiki/Elephant
![Page 5: Solving CI Operational Challenges](https://reader030.fdocuments.in/reader030/viewer/2022020719/5a6557c87f8b9a8c388b4bc7/html5/thumbnails/5.jpg)
https://commons.wikimedia.org/wiki/File:Pride_of_Pets_Dog_Show,_2011_(6271388774).jpg
![Page 6: Solving CI Operational Challenges](https://reader030.fdocuments.in/reader030/viewer/2022020719/5a6557c87f8b9a8c388b4bc7/html5/thumbnails/6.jpg)
Issues with CI servers and pipelines
• How do I ensure my build environment matches my actual environment?
• How to provide an homogeneous workflow for consuming credentials in my
pipeline and in my production environment?
• How do I store and retrieve credentials securely?
• How do I sign and verify binaries to ensure parity between CI and
production?
• How do I know I am testing against the correct services in a very dynamic
infrastructure?
• Most importantly, how do I accomplish all of this programmatically?
![Page 7: Solving CI Operational Challenges](https://reader030.fdocuments.in/reader030/viewer/2022020719/5a6557c87f8b9a8c388b4bc7/html5/thumbnails/7.jpg)
Audience participation warning…
• Are you compromising on security for agility?
• How close are your tests to your real world?
• How many manual steps are there from development to production?
![Page 8: Solving CI Operational Challenges](https://reader030.fdocuments.in/reader030/viewer/2022020719/5a6557c87f8b9a8c388b4bc7/html5/thumbnails/8.jpg)
![Page 9: Solving CI Operational Challenges](https://reader030.fdocuments.in/reader030/viewer/2022020719/5a6557c87f8b9a8c388b4bc7/html5/thumbnails/9.jpg)
https://www.n00py.io/2017/01/compromising-jenkins-and-extracting-credentials/
![Page 10: Solving CI Operational Challenges](https://reader030.fdocuments.in/reader030/viewer/2022020719/5a6557c87f8b9a8c388b4bc7/html5/thumbnails/10.jpg)
![Page 11: Solving CI Operational Challenges](https://reader030.fdocuments.in/reader030/viewer/2022020719/5a6557c87f8b9a8c388b4bc7/html5/thumbnails/11.jpg)
![Page 12: Solving CI Operational Challenges](https://reader030.fdocuments.in/reader030/viewer/2022020719/5a6557c87f8b9a8c388b4bc7/html5/thumbnails/12.jpg)
Throw it over the wall…
https://tisquirrel.files.wordpress.com/2015/06/anti-copy-4.png
Do both sides of the wall look the same?
![Page 13: Solving CI Operational Challenges](https://reader030.fdocuments.in/reader030/viewer/2022020719/5a6557c87f8b9a8c388b4bc7/html5/thumbnails/13.jpg)
https://commons.wikimedia.org/wiki/Cloud#/media/File:Sc_2.jpg
![Page 14: Solving CI Operational Challenges](https://reader030.fdocuments.in/reader030/viewer/2022020719/5a6557c87f8b9a8c388b4bc7/html5/thumbnails/14.jpg)
Provision, secure, and run any infrastructure for any application
14
![Page 15: Solving CI Operational Challenges](https://reader030.fdocuments.in/reader030/viewer/2022020719/5a6557c87f8b9a8c388b4bc7/html5/thumbnails/15.jpg)
VAULT
15
Provide Secret Governance
Privilege Access Management
Securely Store Any Secret
Encryption as a service
Eliminate Secret Sprawl
Secrets Management
![Page 16: Solving CI Operational Challenges](https://reader030.fdocuments.in/reader030/viewer/2022020719/5a6557c87f8b9a8c388b4bc7/html5/thumbnails/16.jpg)
NOMAD
16
Service & System | Long runningDisbatch Workloads | Short-lived, elasticBatch Workloads | Big Data
High-Availability, Hybrid CloudEfficient Resource UtilizationHigh Performance
![Page 17: Solving CI Operational Challenges](https://reader030.fdocuments.in/reader030/viewer/2022020719/5a6557c87f8b9a8c388b4bc7/html5/thumbnails/17.jpg)
17
Event driven orchestration
Orchestration
Dynamic configuration at scale
Runtime Configuration
Services can find other services
Service Discovery
CONSUL
![Page 18: Solving CI Operational Challenges](https://reader030.fdocuments.in/reader030/viewer/2022020719/5a6557c87f8b9a8c388b4bc7/html5/thumbnails/18.jpg)
Operational Patterns
• Vault as centralised secret store
• Sign and verify artefacts with Vault
• Encrypt and decrypt payloads with Vault
• Nomad as a consistent way of scheduling tasks across multiple
datacenters, with diverse infrastructure
• Service Discovery with Consul