13. QA vs master
• Every work goes into QA branch first
• DEV machine has the latest code
• Staging machine has a subset of passed tests
code
• master branch is always deploy-able
14. QA vs master
• Every work goes into QA branch first
• DEV machine has the latest code
• Staging machine has a subset of passed tests
code
• master branch is always deploy-able
BUT…
15.
16. • DEVs be super CAREFUL!!!
merged? (QA or master)
• Complicated issue state
Resolved
Verified
Feedback
• Qualified code?
No code review
Peer comments
21. Case: in real world
• open source tools NOT integrated well
a)polling to build periodically…
b)cannot auto-update ticket status…
c)automation not yet ready…
• Keep DEV process in everyone’s mind!!!
25. • DEV
deploy by each merge request
junit passed + BVT
• Daily automation
jenkins + selenium plugin (browse, login, logout, update product, search,
purchase, etc…)
26. • Acceptance Test on Staging - accessible from outside
Non RD team member
feature as design
data validation
3rd API integration - ⾦金流、簡訊
social media integration - Facebook, LINE, etc…
27. • Production
selenium - per hour
availability detector - uptimebutler.com, webmon.com
change detector
site links validation - xenu
Vitual Studio Load test
33. the first - manually
jars bastion
scp -r v001_20151203 bastion:~/
Web
Server 1
Web
Server 2
scp -r v001_20151203 172.1.0.xxx:~/
34. the first - manually
jars bastion
scp -r v001_20151203 bastion:~/
Web
Server 1
Web
Server 2
Painful
and
Erroneous
scp -r v001_20151203 172.1.0.xxx:~/
35. need to CHANGE!!
• static resources
CDN, so resources need versioning!!
• app server retrieves the latest build by itself
jenkins S3 plugin + script
• HA without downtime
AWS API + script
//cdn1r.here2shop.com/00396/css/default.css
36. AWS CLI
• HA of ELB
# update service
aws autoscaling enter-standby --instance-ids i-dadfc329 --auto-
scaling-group-name prod-asg --should-decrement-desired-capacity
aws autoscaling exit-standby --instance-ids i-dadfc329 --auto-
scaling-group-name prod-asgaws autoscaling
describe-auto-scaling-instances --instance-ids i-dadfc329
# create a new instance
ec2-run-instances ami-xxxxxxxx -t m3.medium -s subnet-xxxxxxxx -
k prod-key -g sg-xxxxxxxx --associate-public-ip-address true
aws autoscaling attach-instances --instance-ids i-109228e5 --
auto-scaling-group-name prod-asg
38. Next goals
• pack static resources and separate from service jar
• one click to deploy
make 10+ deploy per day!!
• integrate with Hubot + slack
• rollback mechanism
challenge with Hibernate ORM
47. Case I: Spring boot
• spring boot is great for micro-service, but large project…
• pro
‣ convention over configuration
‣ standalone jar
• con
‣ eclipse & standalone jar NOT the same
‣ hard to replace a single static file…
48. Case II: Security Issue
• Redirect security concerns
nginx —> origin, md5 checksum by LUA
location ~ ^/(ad|edm)/(.*)* {
valid_referers none blocked server_names
*.here2shop.com;
if ($invalid_referer) {
return 403;
}
rewrite_by_lua "
HASH_KEY = 'secret_pass';
local redirect_url= ngx.unescape_uri(ngx.var['arg_r']);
local arg_checksum = ngx.var['arg_m'];
redirect_url_checksum = ngx.md5(redirect_url..HASH_KEY);
if(redirect_url_checksum==arg_checksum) then
return ngx.redirect(redirect_url, 302);
else
return ngx.exit(403);
end
";
}
49. Case III: more Security
• expose iframe
all site:
specific site:
X-Frame-Options: SAMEORIGIN
Content-Security-Policy:frame-ancestors http://example.com
50. Case IV: Facebook
• Facebook doesn’t like cloudfront domain…
d8adrk2lu91bp.cloudfront.net —> malicious domain
cdn1r.here2shop.com
51. Case V: caching
• 10k transactions in 16 hours
• concurrent: ~500
• hanging on single table —> move to Redis
• transaction:
from 5 min to 10 seconds