This talk explores infrastructure design patterns to support continuous change to:
- Reduce the “blast radius” for a given change
- Make it easy to update, upgrade, and refactor systems without requiring massive, organization-wide programmes of change
- Improve security, visibility, auditability, and observability of systems
- Increase the number of people and teams able to work across systems while minimizing coordination overhead
Topics covered include:
- Designing and implementing an effective infrastructure test automation strategy
- Creating change management pipelines that enforce rigorous change control processes while supporting rapid, frequent changes
- Structuring infrastructure codebases to optimize for continuous change
35. Starting small – single stack instance
One or two
people working
on it,
... the system is
fairly simple,
... and there
are few users,
with low stakes
36. And then ...
More people
join the team, ... the system becomes
more complex,
... and more
people rely on
the system to
be working
44. Promote changes to environments using
a pipeline
BUILDLOCAL
APPLY
TO QA
APPLY
TO
PROD
Sandbox
QA Production
APPLY
TO TEST
Test
45. Stack tool is only run by pipeline agents
BUILDLOCAL
APPLY
TO QA
APPLY
TO
PROD
APPLY
TO TEST
46. Why not apply changes from our
laptops?
Our working environments
may not be consistent
Multiple people may clash
We may shortcut our
process
We may neglect to run all
appropriate tests
58. QA PRODTEST ALL
TEST JDK
COOKBOOK
TEST
TOMCAT
COOKBOOK
TEST APP
SERVER
ROLE
BUILD APP
SERVER
AMI
VALIDATE
INFRA
STACK
BUILD
OUR-APP
TEST
INFRA
STACK
TEST OUR-
APP
Example pipeline for our-app
59. QA PRODTEST ALL
TEST JDK
COOKBOOK
TEST
TOMCAT
COOKBOOK
TEST APP
SERVER
ROLE
APP
SERVER
AMI
VALIDATE
INFRA
STACK
BUILD
OUR-APP
TEST
INFRA
STACK
TEST OUR-
APP
APPLICATION STAGES:
Compile, unit tests,
container tests,
packaging, etc.
(run on build agents)
JUnit, Rspec,
etc.
60. QA PRODTEST ALL
TEST JDK
COOKBOOK
TEST
TOMCAT
COOKBOOK
TEST APP
SERVER
ROLE
BUILD APP
SERVER
AMI
BUILD
INFRA
STACK
BUILD
OUR-APP
TEST
INFRA
STACK
TEST OUR-
APP
SERVER PACKAGES:
Validate, test individual package
configurations in isolation
SERVER ROLE:
Test aggregated
packages
Typically run on build
agents, perhaps
containerized
test-kitchen, serverspec,
inspec, puppet-rspec,
testinfra, etc.
61. QA PRODTEST ALL
TEST JDK
COOKBOOK
TEST
TOMCAT
COOKBOOK
TEST APP
SERVER
ROLE
BUILD APP
SERVER
AMI
VALIDATE
INFRA
STACK
BUILD
OUR-APP
TEST
INFRA
STACK
TEST OUR-
APP
SERVER IMAGE:
Build and test
serverspec,
inspec, etc.
62. QA PRODTEST ALL
TEST JDK
COOKBOOK
TEST
TOMCAT
COOKBOOK
TEST APP
SERVER
ROLE
BUILD APP
SERVER
AMI
VALIDATE
INFRA
STACK
BUILD
OUR-APP
TEST
INFRA
STACK
TEST OUR-
APP
INFRASTRUCTURE STACK
Validate (e.g. syntax,
provision non-application
specific infrastructure
elements
awspec, inspec, etc.
63. QA PRODTEST ALL
TEST JDK
COOKBOOK
TEST
TOMCAT
COOKBOOK
TEST APP
SERVER
ROLE
BUILD APP
SERVER
AMI
VALIDATE
INFRA
STACK
BUILD
OUR-APP
TEST
INFRA
STACK
TEST OUR-
APP
INTEGRATED STAGES:
Test the various
components in
combination
(deployment environments)
selenium, etc.
64. Recommendations
Those who write the code write the tests
Avoid reflexive testing (AKA testing your tools)
Test where there is risk, complexity
Test contracts
84. Shared infrastructure stacks
The provider
stack should not
have knowledge
of its consumers
Becomes a
bottleneck as the
number of
consumers
grows
Should be kept
simple, minimal
Split into smaller
stacks to avoid
monoliths
94. Recommendations
Stack integration points are contracts
Follow good practice for API design when making
changes to contracts
Use fitness functions (automated tests) to ensure the
integrity of contracts