Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
J. Paul Reed
DevOps in Practice
by J. Paul Reed
Copyright 2014 OReilly Media. All rights reserved.
Printed in the United States of America.
Published by OReilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA
95472.
OReilly books may be purchased for educational, business, or sales promotional use.
Online editions are also available for most titles (http://my.safaribooksonline.com). For
more information, contact our corporate/institutional sales department: 800-998-9938
or corporate@oreilly.com.
First Edition
First release
The OReilly logo is a registered trademarks of OReilly Media, Inc. Related trade dress
are trademarks of OReilly Media, Inc.
Many of the designations used by manufacturers and sellers to distinguish their prod
ucts are claimed as trademarks. Where those designations appear in this book, and
OReilly Media, Inc. was aware of a trademark claim, the designations have been printed
in caps or initial caps.
While every precaution has been taken in the preparation of this book, the publisher
and authors assume no responsibility for errors or omissions, or for damages resulting
from the use of the information contained herein.
ISBN: 978-1-491-91306-2
[LSI]
Table of Contents
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
Nordstrom. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
A Campout at the Colo
The Event
Enter: The DevOps Team
Try, Try Again
Reflections on the Journey
The First Project Is Exactly That: Your First Project
Change Is a Difficult Process
Prioritization Is the Elephant in the Room
Dont Tie the Initiative to Individuals
Savings Versus Speed
Determine the Flow of Value
Beware How and Where You Pour Gasoline
Theres No Place Like Home
A Have-Coffee Culture
Planting the Seeds
Speaking the Business Language
Flipping On the DevOps Bit
1
2
4
5
5
6
6
7
8
8
9
10
10
11
12
13
13
Texas.gov. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
A Public/Private Partnership
The Only Way to Do It
ContinuousSecurity?
The Other SaaS: Security as a Service
Lessons from the Lone Star State
Focus on Feedback Loops
17
19
20
20
21
21
iii
Reframe Risk
Continuously Innovate
De-Fang the Dogma
A Unicorn with a Cowboy Hat
21
22
23
23
Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
iv
Table of Contents
Introduction
1. Patrick Debois, widely considered to be the father of the word DevOps, held the first
DevOps Days in Ghent, Belgium, in October 2009.
Much is made of the fact that DevOps is about both tools and culture!
Tools and culture! But as we shall see, while tools and culture are both
important, perhaps the most important aspect to take note of is the
journey itself.
What Is DevOps?
New to DevOps? Welcome! This book delves into the details of how
two different organizations are working to become more DevOpslike; if youre unfamiliar with DevOps or would like to read more,
we recommend:
10+ Deploys Per Day: Dev and Ops Cooperation at Flickr, Ve
locity 2009 presentation by John Allspaw and Paul Hammond
The Phoenix Project, by Gene Kim, Kevin Behr, and George
Spafford
Building a DevOps Culture (OReilly), free ebook by Mandi Walls
The organizations profiled also employ infrastructure as code and
continuous delivery to accomplish their goals; these pieces give a
more in-depth treatment of the fundamentals of those topics:
Adam Jacobs chapter on Infrastructure as Code from Web Op
erations (OReilly), by John Allspaw and Jesse Robbins
Test-Driven Infrastructure with Chef, 2nd Edition, by Stephen
Nelson-Smith
Continuous Delivery, by Jez Humble
Lean Enterprise, by Jez Humble, Barry OReilly, and Joanne
Molesky
vi
Introduction
Nordstrom
The Event
Organizations of a certain size and with a certain amount of history
embed events within their consciousness. As stories of The Event are
2
Nordstrom
Nordstrom
| Nordstrom
Ireston said. That can be a tough sell, especially when a team is already
accountable for keeping the business lights on.
In Nordstroms case, the experience of looking deliberately at the teams
problems and the change required to move them toward continuous
delivery involved looking at how teams were structured: Were trying
to make a cultural change to a model where development teams own
their app and they run it in prod and they care about it, Ireton said.
Nordstrom had previously structured their technology operations
around shared service teams, like QA or operations. To get teams to
feel like they actually had ownership over their applications, that
meant those previously shared roles needed to be embedded, as ap
propriate, within the application teams. The idea of shared service
teams also had to shift from the concept of engineers providing a ser
vice, like QA running tests, to engineers developing and supporting a
service to provide a service, such as integration tests or virtual machine
deployment, which application teams could then use as they needed.
One might even call it a Service as a Service model. Change is often
also measured, and Nordstrom continues to support the shared serv
ices teams for development teams that are still evaluating exactly what
a move to an embedded, full stack team structure would mean for
them.
Another insight Ireton noticed was how certain technology stacks can
assist or hinder these sorts of transformations: in Nordstroms case,
the way Microsofts technology stack interacted with itself tended to
be very siloed. Ireton was, in fact, originally hired because of his deep
experience with Microsofts Windows Server Group Policy. The eco
system was such that you had the area you knew and were responsible
for, but if you needed to go beyond that, you had to find an engineer
that was Microsoft certified for that area, Ireton explained. Thats a
very different model from the full-stack teams tasked with direct
involvement with all aspects of their applications needs that Nord
strom wanted to move toward.
Nordstrom
Nordstrom
dispute it when we surfaced the waste and made it visible. The result
of these value flow exercises has revealed so much actionable data that
its still an on-going process for Nordstrom as an organization to work
through how to holistically address it: With the release teams, the
development teams, the ops teams, and the QA teams optimizing lo
cally for such a long time, they were hurting the whole system; were
still working through detangling that, Cummings said.
10
Nordstrom
artifacts and moving on. This makes it difficult to inculcate a DevOpsfocused culture, where teams are responsible for their work via the
operation and care-and-feeding of their application. Even though
Nordstrom worked with external partners initially on developing
some of their new applications and on their configuration manage
ment rollouts, they quickly realized theyd need to develop these ca
pabilities internally to really be successful and further leverage that
success: Over time, we said we need to build this in house, or we wont
be able to move as fast as we need to, Kissler said. This is not to say
that Nordstrom didnt use consultants where it made sense, but they
must be employed judiciously: as expert advisors providing guidance,
not staff augmentation.
Nordstrom has accomplished this by adding talent, but also a focused
investment in cultivating skills for its current employees. It is notable
that the Nordstrom employees interviewed for this case study each
had their own personal story through various roles and responsibili
ties at the company, often entailing entirely new skill sets: Cummings
started as an operations engineer and moved into program manage
ment for infrastructure engineering; Ireton was originally hired for a
very specific Windows skill set, but is now developing configuration
management infrastructure after having stints on one of the build en
gineering teams; and Kissler has worked on both sides of the devel
opment and operations organization and at various points in time, has
owned numerous parts of Nordstroms in-store and customer mobile
strategy.
A Have-Coffee Culture
Any discussion surrounding DevOps and its methodologies quickly
comes to the often delicate issue of organizational dynamics and cul
ture, at least if its an accurate treatment of the topic. There is often a
tendency to downplay or gloss over these issues precisely because cul
ture is thought of as a squishy thing, difficult to shape and change,
and in some cases, to even address directly. But it doesnt need to be
this way.
Sam Hogenson, Vice President of Technology at Nordstrom, works
hard to make sure its exactly the opposite: At Nordstrom, we value
these different experiences and we value the core of how you work,
how you build relationships much more than whether or not you have
subject matter expertise. Its a successful formula. Another part of that
Nordstrom
11
12
Nordstrom
13
14
| Nordstrom
When asking Nordstroms team for any advice theyd have given them
selves at an earlier pit-stop on their journey if they could, a lot of it
surrounds how theyd communicate differently with consumers (i.e.,
application teams) and bring them into the fold earlier in the process;
retrospect also offers pointers on initial projects they may have scoped
or even approached differently.
But it was Hogenson who replied quickly and decisively, with the sim
plest advice: Keep going.
Nordstrom
15
Texas.gov
A Public/Private Partnership
In terms of government programs, Texas.gov proves to be unique.
The software development and operations teams that work on the
massive website serving over 26 million citizens of the state of Texas
is run by Texas NICUSA, LLC, a division of NIC, Inc. NIC runs similar
companies providing e-government services to 29 other states. Vir
tues company is part of the public/private partnership managed by
the states Department of Information Resources (DIR) to provide the
framework for state and local agencies to web-enable their services.
Texas NCIUSA then develops and assists those agencies in operating
and supporting services, under the direction of the DIR.
17
The work is all managed under a master agreement with the state and,
perhaps most interestingly of all, the funding model is such that gov
ernment agencies dont pay up front to get the services developed:
rather, Texas NICUSA self-funds those costs and recoups its expenses
from end users who pay a nominal transaction fee for the online
services.
Services the Department of Information Resources leverages the
Texas.gov program to provide include everything from drivers license
renewals to paying state taxes to obtaining government recordsbirth
certificates and the liketo reserving campsites in state parks to ap
plying for concealed-carry permits, over 1,000 online services in all.
The public is starting to expect the same web-enabled experience
when interacting with their government as they do in other parts of
their daily life, Virtue said. But its a delicate balance: constituents
demand their government do more with less, as in many other
industries.
One constraint that is uniquely interesting about this structure is the
specific requirements Texas NICUSA has to incorporate into the way
they develop and operate software. Unlike most shops, their software
requirements can (and often are) driven by changes in the law. Pete
Eichorn, Texas NICUSAs Director of Technology, is responsible for
ensuring his teams deliver on these requirements: When something
comes to us thats legislatively mandated, these are not just suggestions.
Those are due dates.
The partnership also requires that certain services be operated within
the state, so as to keep the data within the states boundaries. This
means certain shared services run by Texas NICUSAs parent company
can be leveraged to serve Texas.govs needs, but others must be run
locally. All are governed by IT security requirements that, unlike most
businesses, are actually enshrined in law.1 Many of the documents that
define portions of Texas.govs operational requirement are, in fact,
entirely open and available to the public: Its all transparent, and by
law, it has to be, so thats very different than a traditional private sector
business, Eichorn said.
18
Texas.gov
Texas.gov
19
year. The team may be redistributed back out into the various teams
to help further seed DevOps capability and culture among Texas.govs
wider team, if that seems like it would make the most sense, of course.
ContinuousSecurity?
Like other large-scale websites that perform payment processing and
handle vast amounts of customer data, Texas.gov must take special
care when it comes to security. Virtue is responsible for ensuring
Texas.gov meets the alphabet soup of security requirements, including
PCI-DSS, SSAE 16, HIPPA, and various ISO standards; hes also re
sponsible for complying with all of the State of Texas laws about in
formation security, parts of which are enshrined in statute.
As Virtue looked at how to integrate this work with the team, the or
ganizations Agile transformation led him down a path that is improv
ing the implementation of security for Texas.gov: We embed a secu
rity team member on every Agile team within the company. Virtue is
quick to clarify that this means theyre not just overseeing the team or
signing off on their work, but are part of the daily standups, the ret
rospectives, and track their work within the larger context of devel
opment work. Gone is the model where Security would do its work
during the final QA cycle and gates and signoffs were the only feedback
mechanism about the larger state of security within the organizations
applications.
Texas.gov
NoSQL for instance. Security team members then add a story to the
sprint to research the current state-of-the-art security practices on
those technologies and provide strategies to protect Texas.govs sys
tems and citizens assets.
Reframe Risk
Most organizations are accountable for the results of what they pro
duce, but at the end of the day, Texas.gov is also accountable to the
public, a sentiment both Eichorn and Virtue mentioned repeatedly.
One of the big wins Eichorn worked on initially (and Virtue was then
later able to leverage in his security work) was around how the
Texas.gov
21
Continuously Innovate
Both Eichorn and Virtue spoke repeatedly of Texas NICUSAs inno
vative environment. The funding model for getting state projects de
veloped is certainly innovative, but Eichorn describes the further
commitment to innovation within the company, all the way up to the
executive leadership. This includes the familiar list of items like hack
athons and innovation lunches. But its how Texas.gov runs those
events and what it does with the output that is interesting.
In the case of the innovation lunches, Eichorn tends to kick them off
with some unique problem statement, sometimes with a solution,
sometimes not. A recent lunch started with discussion of the Sikorsky
Prize, the helicopter manufacturers longstanding challenge to build a
human-powered helicopter. He showed a video in which it was re
cently achieved. He uses that to kick off converastions among wideranging roles: We get people from our service desk, finance, security,
and even a few developers from time to time, Eichorn said with a
chuckle. The conversations often start with Hey, did developers know
that we get all these questions about feature X? The result of the con
versation is a funnel of ideas that get turned into three to five immi
nently actionable tasks for monthly improvements to Texas.gov
services.
If this process sounds familiar, it should: its the Toyota kata, a corecomponent of the success of the Toyota Production System, itself the
grandfather of so many DevOps concepts.
22
Texas.gov
Texas.gov
23
Acknowledgments
These case studies would not exist had Rob Cummings, Sam Hogen
son, Doug Ireton, Courtney Kissler, and Jeff Raffo from Nordstrom
and Pete Eichhorn and Tim Virtue from Texas NICUSA not set aside
time in their busy schedules to discuss their experiences. A special
shout-out to Jeff Raffo, whose words do not appear in the case study
but whose insight and context-setting were invaluable to the piece.
Special thanks to OReilly editor Courtney Nash, who noticed that I
have a tendency to say things from time to time, trusted me that first
time to blog on oreilly.com, and started me on this journey; and to
editor Brian Anderson who adeptly dealt with the eventual result.
Thanks to Sascha Bates, Kevin Behr, Pete Cheslock, EJ Ciramella, Jen
nifer Davis, Youssuf El-Kalay, Nathen Harvey, Jez Humble, and Seth
Thomas who continue to provide encouragement (and smack-downs
as appropriate). Thank you to Mary Thengvall, who has on numerous
occasions dragged me to the coffee shop when I needed to write to
meet a deadline and to the bar when I needed to talk.
Oh, and thanks to my roommate James Castaedas basset hound,
Clipper, who on many a morning pushed her way onto the bed for a
snuggle, but who was also astute enough to push me out of the bed
when it was time to get the day started.
25
Wait.
Theres More.
4 Easy Ways to Stay Ahead of the Game
The world of web operations and performance is rapidly changing.
Find what you need to keep current at oreilly.com/velocity:
Weekly Newsletter
News happens fast. Get it delivered straight to your inbox so you dont miss a thing.
Velocity Conference
Its the must-attend event for web operations and performance professionals, happening
four times a year in California, New York, Europe, and China. Spend three supercharged
days with the best minds, companies, and people interested in the same things you are.
Learn more at velocityconf.com.
2014 OReilly Media, Inc. The OReilly logo is a registered trademark of OReilly Media, Inc. #14212