Chef DOJO – DevOps Journey – DOJO Scoring

View Github Repository Open presentation in a new window

chef-customers

See all presentation from chef-customers

Chef DOJO – DevOps Journey – DOJO Scoring

4 5

dojo-assessment-guide

DevOps Journey Assessment Guide

On Github chef-customers / dojo-assessment-guide

Chef DOJO

DevOps Journey Assessment

This is a speaker note for the first slide

Agenda

The DevOps Journey DOJO Mechanics Working with People Working with Machines

The DevOps Journey

DevOps Journey Map The Journey Phases What You Get When We Are Done

DevOps Journey Map

The Journey Phases

Multiple phases can and should be worked on in parallel

The earlier phases evolve significantly as the journey progresses

It's natural to skip or inconsistently implement certain phases, so be aware of problems this causes in the later phases

As you make progress in advanced areas, such as full-stack-automation, the scope of early phases, such as testing, expands In order to show value quickly, you will sacrifice compeleteness. This is techical debt. Be aware that as you try to improve your system, you will need to go back and clean up. Revisiting is good!

What You Get When We Are Done

What You Get When We Are Done

Organizational Success Factors Delta Strategic Objectives Tactical Objectives The organization's leadership team recognizes IT as a competitive advantage 1 Clearly defined business champions lead change 1 Clearly defined technical champions lead change 1 There is a clear understanding of why the business is undertaking a technology transformation 1
Organizational Culture (Westrum) Delta Strategic Objectives Tactical Objectives Information is actively sought 1 Responsibilities and risks are shared 1 Cross-functional collaboration is encouraged and rewarded 1 New ideas and innovations are welcomed 1 Failure leads to inquiry 1
Data-Driven Decision Making Delta Strategic Objectives Tactical Objectives The organization's goals are visible to all of its members 1 Data is collected and used to make decisions 1 Cost and utilization are monitored 1 Monitoring data from pre-production environments is used to make release decisions 1 Monitoring provides business performance information 1

DOJO Mechanics

Safety Scoping Goal Setting Our Scale Scoring

Safety

This is a safe space. All of you should feel free to share openly and honestly without repercussions.

Make sure to get explicit support for this from the most senior person in the DOJO.

Scoping

We focus on a service and the people who provide it.

Development Operations Management Architecture Testing Security Compliance Release Support

Goal Setting

In this exercise, we want to assess your current state. After you have that, we want you to agree to a six month goal.

Our Scale

0 Not planned

1 Planned

2 Inconsistently implemented in some areas

3 Consistently implemented in some areas

4 Consistently implemented throughout the organization

Scoring

The sections of the DOJO each have a few statements. For each section, we will follow this process:

Individuals score each statement for current state Group shares scores Group discusses any differing scores Consenus on scores Repeat for the goal

Working with People

Organizational Success Factors Organizational Culture Data-Driven Decision Making Coding Practices

Organizational Success Factors

The organization widely recognizes IT as a competitive advantage to its business The organization's leadership team recognizes IT as a competitive advantage Clearly defined business champions lead change Clearly defined technical champions lead change A project with measurable business value been selected to be automatically deployed to production There is a clear understanding of why the business is undertaking a technology transformation

Organizational Culture (Westrum)

Information is actively sought Responsibilities and risks are shared Cross-functional collaboration is encouraged and rewarded New ideas and innovations are welcomed Failure leads to inquiry

Data-Driven Decision Making

The organization has quantifiable goals The organization's goals are visible to all of its members Data is collected and used to make decisions Cost and utilization are monitored Monitoring data from pre-production environments is used to make release decisions Monitoring provides business performance information

Coding Practices

Developers follow code inspection standards (rubocop, foodcritic, etc.) Code reviews are performed and results are shared with developers Every change is reviewed by at least two people with relevant skill and contextual knowledge Software and automation components are shared and co-developed Any potential contributor to a project can find its code and documentation with minimal assistance Regularly scheduled automation demos occur The codebase is almost always in a releasable state

Working with Machines

Version Control Chef Local Development Continuous Integration Chef Code Deployment Application Deployment Continuous Delivery Virtualization as a Service Full-Stack Automation Compliance Automation Sustaining Operations Culture

Version Control

All source code is stored in a version control system (VCS) All infrastructure and deployment code is stored in VCS Developers can view projects in VCS Developers suggest and/or provide changes to projects in VCS Developers create new projects in VCS as needed VCS shows who is responsible for each codebase Code documentation is easy to write and is viewable by all with VCS access

Chef Local Development

Developers provision their own isolated VMs as needed Developers use VM images that closely resemble production systems Developers use Chef development tools (ChefDK, Vagrant, etc) Chef development workstation setup is automated Developers download code dependencies in a friction-free manner Developers run unit tests (ChefSpec) locally Developers run functional tests (ServerSpec) locally Developers run complaince checks (InSpec) locally Developers use Test Kitchen to verify that cookbooks work as intended

Continuous Integration

All projects use a CI service The CI service automatically tests new branches CI job templates exist for each type of software project (Chef cookbook, Java app servers, Node.js app, etc.) CI jobs lint projects CI jobs unit test projects CI jobs integration test projects CI jobs execute functional tests against projects CI jobs verify complaince of projects CI makes the quality of the code base highly visible CI confirms that versions are unique CI jobs automatically update dependencies CI jobs use monitoring to assess each change's effect on system health

Chef Code Deployment

CI jobs upload cookbooks to a Chef server Cookbook updates are only uploaded via CI All non-cookbook Chef policy (environments, roles, data bags, etc.) is only uploaded via CI CI jobs pin dependencies so that they cannot be modified in later deployments CI jobs assign a set of cookbook versions to a Chef environment Cookbook deployments are automated Cookbook deployment automation manages the sequence of deployments

Application Deployment

Applications are deployed without manual intervention Applications follow a clear promotion path (e.g., Dev -> QA -> Staging -> Production) Application deployment automation manages the sequence of deployments (e.g.: Database schema first, then app servers) CI jobs automatically update, pin, and test runtime dependencies of applications Application deployment automation performs parallel, rolling, and/or canary deployments Deployments are run during the business day without causing negative user experiences

Continuous Delivery

All validation and deployments are executed in a pipeline that goes from source control all the way to production Small batches of work flow through the pipeline Changes are released weekly, if not more frequently Changes that pass validation are automatically released to production

Virtualizaton as a Service

All servers are provisioned via APIs The API is a generally accepted API such as EC2, Azure, OpenStack, vSphere, Docker Access restrictions allow authorized users (e.g., developers and operations) to provision resources, and deny unauthorized users Resources are provisioned in a friction-free manner System images are built via an automated process System images are built from scratch or from a well known, trusted origin System images are built in a pipeline System images are frequently updated

Full-Stack Automation

Storage resources are provisioned by code Networking resources are provisioned by code Identity services are managed by code DNS is configured by code Messaging queues are provisioned by code Security validation is performed by code Performance validation is performed by code The entire application is test provisioned and deployed in an alternate datacenter

Compliance Automation

Compliance policies are expressed in code Compliance is checked automatically Compliance automation removes non-compliant nodes from production upon detection Nodes are destroyed beyond a certain age (e.g. 30 days)

Sustaining Operations Culture

Automated services stress the production system (e.g. Chaos Monkey) Prodution alerts first notify those who wrote the code Operations, Security, Network, Automation, Testing, and Compliance experts provide developer-friendly tools and coaching to enable development teams

Results

Results

Organizational Success Factors Delta Strategic Objectives Tactical Objectives The organization's leadership team recognizes IT as a competitive advantage 1 Clearly defined business champions lead change 1 Clearly defined technical champions lead change 1 There is a clear understanding of why the business is undertaking a technology transformation 1
Organizational Culture (Westrum) Delta Strategic Objectives Tactical Objectives Information is actively sought 1 Responsibilities and risks are shared 1 Cross-functional collaboration is encouraged and rewarded 1 New ideas and innovations are welcomed 1 Failure leads to inquiry 1
Data-Driven Decision Making Delta Strategic Objectives Tactical Objectives The organization's goals are visible to all of its members 1 Data is collected and used to make decisions 1 Cost and utilization are monitored 1 Monitoring data from pre-production environments is used to make release decisions 1 Monitoring provides business performance information 1