DevOps - Max Fang's Notes

# DevOps *DevOps is a set of practices that combines software development (Dev) and IT operations (Ops). It aims to shorten the systems development life cycle and provide continuous delivery with high software quality.[1] DevOps is complementary with Agile software development; several DevOps aspects came from the Agile methodology.* [Source](https://en.wikipedia.org/wiki/DevOps) - [[Wikipedia]] ## [[Wikipedia]] https://www.wikiwand.com/en/DevOps ### Toolchains As DevOps is intended to be a cross-functional mode of working, those who practice the methodology use different sets of tools—referred to as "toolchains"—rather than a single one.[17] These toolchains are expected to fit into one or more of the following categories, reflective of key aspects of the development and delivery process. 1. Coding – code development and review, source code management tools, code merging. 2. Building – continuous integration tools, build status. 3. Testing – continuous testing tools that provide quick and timely feedback on business risks. 4. Packaging – artifact repository, application pre-deployment staging. 5. Releasing – change management, release approvals, release automation. 6. Configuring – infrastructure configuration and management, infrastructure as code tools. 7. Monitoring – applications performance monitoring, end-user experience. ### Relationship to other approaches Many of the ideas fundamental to DevOps practices are inspired by, or mirror, other well known practices such as Lean and Deming's Plan-Do-Check-Act cycle, through to The Toyota Way and the Agile approach of breaking down components and batch sizes.[18] Contrary to the "top-down" proscriptive approach and rigid framework of ITIL in the 1990s, DevOps is "bottom-up" and a flexible practice, created by software engineers, with software engineer needs in mind.[19] #### Agile The motivations for what has become modern DevOps and several standard DevOps practices such as automated build and test, continuous integration, and continuous delivery originated in the Agile world, which dates (informally) to the 1990s, and formally to 2001. Agile development teams using methods such as Extreme Programming couldn't "satisfy the customer through early and continuous delivery of valuable software"[20] unless they subsumed the operations / infrastructure responsibilities associated with their applications, many of which they automated. Because Scrum emerged as the dominant Agile framework in the early 2000s and it omitted the engineering practices that were part of many Agile teams, the movement to automate operations / infrastructure functions splintered from Agile and expanded into what has become modern DevOps. Today, DevOps focuses on the deployment of developed software, whether it is developed via Agile or other methodologies. #### ArchOps ArchOps presents an extension for DevOps practice, starting from software architecture artifacts, instead of source code, for operation deployment.[21] ArchOps states that architectural models are first-class entities in software development, deployment, and operations. #### CI/CD Automation is a core principle for achieving DevOps success and CI/CD is a critical component.[22] CI/CD consists of continuous integration (CI) and continuous delivery (CD), or continuous deployment (CD). Used together, the three processes automate build, testing, and deployment so DevOps teams can ship code changes faster and more reliably. When referring to CI/CD, the “CD” being referenced is usually continuous delivery, not continuous deployment. Continuous delivery and other CI/CD processes are focused on automating software delivery tasks, while DevOps also focuses on the organizational change to support great collaboration between the many functions involved. Both share a common background in agile methods and lean thinking, prioritizing small and frequent changes with focused value to the end customer. This ensures two things: Software is always in a releasable state throughout its lifecycle, which makes it cheaper and less risky to deliver the software. Plus, improved collaboration and communication between and within teams helps achieve faster time to market, with reduced risks.[23] #### [[DataOps]] The application of continuous delivery and DevOps to data analytics has been termed DataOps. DataOps seeks to integrate data engineering, data integration, data quality, data security, and data privacy with operations. It applies principles from DevOps, Agile Development and the statistical process control, used in lean manufacturing, to improve the cycle time of extracting value from data analytics. #### [[SRE|Site-reliability Engineering]] In 2003, Google developed site reliability engineering (SRE), an approach for releasing new features continuously into large-scale high-availability systems while maintaining high-quality end-user experience.[24] While SRE predates the development of DevOps, they are generally viewed as being related to each other. #### Toyota production system, lean thinking, kaizen Toyota production system, also known under the acronym TPS, was the inspiration for lean thinking with its focus on continuous improvement, kaizen, flow and small batches. The Andon cord principle to create fast feedback, swarm and solve problems stems from TPS.[25][26] #### DevSecOps, Shifting Security Left DevSecOps is an augmentation of DevOps to allow for security practices to be integrated into the DevOps approach. Contrary to a traditional centralized security team model, each delivery team is empowered to factor in the correct security controls into their software delivery. Security practices and testing are performed earlier in the development lifecycle, hence the term "shift left" can be used. Security is tested in three main areas: static, software composition, and dynamic. Checking the code statically via static application security testing (SAST) is white-box testing with special focus on security. Depending on the programming language, different tools are needed to do such static code analysis. The software composition is analyzed, especially libraries and their versions are checked against vulnerability lists published by CERT and other expert groups. When giving software to clients, licenses and its match to the one of the software distributed are in focus, especially copyleft licenses. Dynamic testing is also called black-box testing. The software is tested without knowing its inner functions. In DevSecOps it is on one hand called dynamically (DAST), or penetration testing. The goal is to catch, amongst others, errors like cross-site scripting, or SQL injection early. Threat types are for example published by the open web application security project, e.g. its TOP10.[27] On the other hand, especially with microservices interactive application testing (IAST) is helpful to check which code is executed when running automated functional tests, the focus is to detect vulnerabilities within the applications. Contrary to SAST and DAST, IAST works inside the application. Very similar to IAST, Runtime application self-protection (RASP) runs inside the application. Its instrumentation focuses to detect attacks not in test cycles, but during productive runtime. Attacks can be either reported via monitoring and alerting, or actively blocked. RASP alerts help security information and event management (SIEM). ## List of Dev Ops knowledge areas and skills *What skills should I acquire to be a Devops Engineer or a site reliability engineer?* https://qr.ae/pGElgO [[Quora]] I personally followed a curriculum for myself: 1. One operating System (Preferably Linux) with Bash and Powershell 2. One webserver - Apache/Nginx 3. App Server - Tomcat, etc 4. One Database - MySQL/PostgreSQL 5. One Programming Language - Python/Go/Ruby 6. Source Code Management - Git/SVN 7. CI System : Jenkins/GO/Circle 8. CD : Fabric/Capistrano 9. CM : Ansible/Chef/Puppet 10. Docker and Kubernetes Follow the same sequence while learning, this will surely help. There are tonnes of tutorials available, you may choose any. If you still need help, feel free to ping the community. ## [[AWS]] re:Invent 2015: [[DevOps]] at [[Amazon]]: A Look at Our Tools and Processes (DVO202) https://www.youtube.com/watch?v=esEFaY0FDKc [[2015-10-15]] ### Good talk, some points: - "Two-pizza teams" (mission-oriented teams of 6-8 engineers) - Thousands of teams, each with dev, staging and production environments - Each team develops their own feature and ships their own app as a microservice - Each microservice much adhere to a standard API - Apps are not allowed to share data outside of the web service API - Each microservice can be deployed using its own OS, programming language, etc - Each team has end-to-end control over the dev commit, dev test, staging deploy, staging test, and production deploy process - Manual processes are okay while transitioning to a system like this but making *everything* automated: - improves quality and reliability of code - results in much lower commit-to-deploy time - results in much more frequent releases - teams can iterate much faster