ANSIBLE ACCELERATES DEPLOYMENT AT SOCIÉTÉ GÉNÉRALE
Fabrice Bernhard CTO, Theodo@[email protected]
Justin Nemmers Product Owner, Ansible by Red Hat@[email protected]
29 June 2016
“Technological competition would reduce profits from non-mortgage retail lending, such as credit cards and car loans, by 60 per cent and revenues by 40 per cent over the next decade.”
McKinsey, via FT.com - 30th September 2015
BANKS FACE WIPEOUT IN SOME FINANCIAL SERVICES
A study by two Oxford professors on 1 471 large IT projects shows that 1 out of 6 projects has cost on average 3x more than expected!Source: http://users.ox.ac.uk/~mast2876/WP_2011_08_15.pdf
?TRADITIONAL IT IS TOO SLOW AND RISKYTHE DANGERS OF V-CYCLE
Bruno Delas, then CIO of corporate IT, had a vision… and met me...
A VISION AND SERENDIPITY AROUND LUNCH IN 2013
Fast development?Scrum
Fast deployment??Devops
Fast customer validation?Lean Startup
WHY NOT USE THE SAME APPROACH AS WEB LEADERS?AGILE METHODOLOGIES
PROCESS INNOVATION WITH EXISTING CLIENTS REQUIRES AN INDEPENDENT INTERNAL TEAMTHE INNOVATOR’S DILEMMA MODEL
BUILD THIS “FAST-IT” TEAMTHE THEODO / SOCIÉTÉ GÉNÉRALE PARTNERSHIP
Société Générale
150 years old
€25 billion revenue
172,000 employees
… WITH A STARTUP FOCUSED ON AGILE WEB & MOBILE DEVTHE THEODO / SOCIÉTÉ GÉNÉRALE PARTNERSHIP
Theodo
Started in 2009
100 people in Paris
15 people in London
Web and mobile engineers
NodeJS, Angular, React, React-native, Symfony, Python...
THE DEFINITION OF SUCCESS: BUILD AND DEPLOY NEW APPS IN LESS THAN 2 MONTHSSTRATEGY
No consulting, just build apps
Focus on lead time
Clearly defined standard shared with everyone: 2 months
Weekly ”tactical” meeting for continuous improvement
Start with Theodoers, progressively integrate SocGen developers
Respectably powerful development machines
Introducing a new stack: NodeJS/Angular
Internal apps reachable on the Internet
MOST CHALLENGES TO BE MORE STARTUP-LIKE WERE ORGANISATIONAL
Devs and Ops in the same room
Product owner
Decent Internet access
WEEKLY RETROSPECTIVE INVOLVING SECURITY TEAMSCONTINUOUS IMPROVEMENT MEETINGS
Security is the main bottleneck in a large organisation
Without a great InfoSec executive on board, every week, we would not have innovated fast enough
But most important: keep the challenging spirit!
NO COMPROMISE ON THE STARTUP CULTURE!
This is about cultural change. Embrace it and bring startup culture to the boring office!
DecorationsWeekly standup meetingsBrown bag lunchesCool computersFun ☺
Architect
You are here for agile mobile development?
NodeJS is cool with me!
Dev
WE ARRIVED WITH CANDOUR AND WERE SUPPORTED BY THE ARCHITECTSPROVISIONING WITH ANSIBLE
Dev
NodeJS this week???
Install everything yourself AND in
user-space
Ops
OPS WERE NOT INVOLVED EARLY ENOUGH
ArchitectDev
Automate the compilation of the whole NodeJS + ElasticSearch stack
in 3 days???
ANSIBLE please help me!
DEVS INTRODUCED ANSIBLE AS AN EMERGENCY SOLUTION
WHAT IS ANSIBLE?
It’s a simple automation language that can perfectly describe an IT application infrastructure in Ansible Playbooks.
It’s an automation engine that runsAnsible Playbooks.
Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation with a restful API and UI.
Human readable automation
No special coding skills needed
Tasks executed in order
Get productive quickly
App deployment
Configuration management
Workflow orchestration
Orchestrate the app lifecycle
Agentless architecture
Uses OpenSSH & WinRM
No agents to exploit or update
More efficient & more secure
SIMPLE POWERFUL AGENTLESS
WEEKLY MEETINGS WITH INFOSEC HELPED ITERATESECURITY PRINCIPLES
To move away from this temporary solution, we needed to innovate.
InfoSec gave us their two key requirements:
• Separation of concern• Traceability
SEPARATION OF CONCERNS 1SERVER ROLES VS. APPLICATION ROLES
OPS DOMAINOps are responsible for server-related roles
They require root accessMost were written by devs but validated by ops
Devs can contribute to server-related roles through pull-request
DEV DOMAINDevs are responsible for app-related roles
They are stored in the same repository as the app
Devs have full write access to app-related roles
SEPARATION OF CONCERNS 2ANSIBLE TOWER API
OPS DOMAINProduction deployments can only be done from the ops network
Ansible Tower is in the ops network
DEV DOMAINJenkins is in the dev network
Jenkins has access to the Ansible Tower APIdevs can trigger a deployops keep full control on the pipeline
https://github.com/FastIT
RESULT: 11 OF LAST 14 PROJECTS IN PRODUCTION IN 2 MONTHSLEAD TIME IMPROVEMENT
THREE THINGS TO REMEMBER FROM THIS TALKTHE ALL-IMPORTANT TAKE-HOME MESSAGE
The digital revolution is about organisational transformation
The key measure to focus on is innovation lead time
Simple tools, like Ansible, help transform IT organisations
Top Related