Last week I was able to talk about some of my DevOps experiences at the March 2015 DevOpsDC Meetup. I told the story about how we took a project that was just starting Agile and was deploying a risky release to production every 6 months or so, and over 4+ years brought it to deploying every two weeks with fewer people, more confidence, and a low-risk automated deploy process that included functional testing, regression testing, and security testing.
We started by showing how easy it was to set up a continuous integration engine (using SecureCI). Once we were using automated builds and unit testing, we focused on automated functional testing (using Selenium). That grew into an extensive set of role-based tests.
We discovered Jez Humble and Dave Farley’s book, Continuous Delivery, and it gave us confidence that we could keep expanding our CI practice into more. So we started using Puppet for deploys on our local development and test systems, eventually using it in “higher environments” too, like staging and production. And we added quite a bit of security testing for both the systems and the applications we were deploying.
Along the way we ran into a log of culture clash with the other teams that were involved.
I won’t recount the entire story here, but I have had a few requests for the tools we ended up using. We used open-source tools everywhere possible, in a large part because it was easier to get started with them.
- Continuous Integration Engine: Jenkins
- Deployment Framework: Puppet (no Puppet Enterprise)
- Security
- STIG: OpenSCAP
- System/OS: OpenVAS from Kali Linux
- Libraries: OWASP Dependency Check
- Web application scanning: w3af, OWASP Zed Attack Proxy
- User role testing: Selenium via TestNG
- Testing
Message me on Twitter (@CoverosGene) if you would like more details. Thanks to Nathen Harvey and DevOpsDC for inviting me to present.