Cheng Wei Chen @ Agile Tour Taipei 2017Photo by Daniel McCullough on Unsplash

Ansible & GitLab CI / CD Workshop 101

Cheng Wei Chen 陳 正瑋

DevOps Engineer @ 得寬科技

http://chengweichen.com

2013

100 % Laravel

JetBrains

( )

PHP/Laravel http://www.laravel-dojo.com

現場不進行詳細的操作步驟

詳細步驟請參閱部落格文章

https://goo.gl/ZHKiyb

在開始之前...

你讀完了嗎？

你讀完了嗎？

沒讀完也很正常啦

在開始動手之前，

你需要多想一想。

code build test release deploy operateplan

Continuous Integration

Continuous Delivery

目標

Continuous Deployment

CIcommit dev stagingtest

testprod deploy

environment

dev

staging

prod

local

commit

code build test release deploy operateplan

Continuous Integration

Continuous Delivery

今天的案例

Continuous Deployment

CI staging

testprod deploy

environment

staging

prod

commit build

stg-deploy test

unit test

prod-deploy

今天的案例

prod-remove

該選用哪些工具？

使用的工具

‧Ansible

‧Docker CE

‧GitLab.com

Your Computer

Server

Free

Free

Free

環境說明

你的電腦

DEMO code

GitLab .com

Public Runner

Cloud

Web Server

Your Runner

container

FreeFree

環境說明

你的電腦

DEMO code

GitLab .com

Public Runner

Cloud

Web Server

Your Runner

container

FreeFree

FreeFree

GitLab CI 運作狀況

GitLab .com

Public Runner

Your Runner

Docker container

CI Jobs

該從何處開始著手？

code build test release deploy operateplan

Automation

從痛點、小處著手

Automation

Deploy

從痛點、小處著手

stagingdev test test production

staging test production

Project-1

Project-2

production Project-3x10

x5

x3

build

stg-deploy test

unit test

prod-deploy

今天的案例為例

prod-remove

.gitlab-ci.yml

build

Stage: Build

build-test

build-release

Stage: Buildbuild-test

Stage: Buildbuild-release

Stage: Build

build-release

Stage: Build

Ansible: upload_artifacts.yml

build

Stage: Build

build-test

build-release

Artifacts (test)

Artifacts (release)

Artifacts Repository (release)

Artifacts Repository (release)

Think

: https://unsplash.com/photos/hANqC3_kTqU

‧什麼是 Artifacts？

‧為何需要 Artifacts？

‧以及 Artifacts Repository？

延伸思考

延伸思考

‧為何要在 Build 時，同步進行兩個 Jobs，一次就將測試與 Production 兩種環境的 Artifacts 給建立？

‧有沒有更好的做法？

延伸思考

‧在建立給 Production 使用的 Artifacts 時，還有哪些不必要的檔案可以刪除，並不需要一起放進 Artifacts Repository？

‧將 Ansible Playbook 與程式碼一起送進同一個 Project Repository？

‧自動化腳本應該如何存放？存放於何處？

‧該如何讓 CI Runner 可以順利取得自動化腳本呢？

延伸思考

build unit test

Stage: unit-test

build-test

build-release

phpunit

Stage: unit-testphpunit

Think

: https://unsplash.com/photos/hANqC3_kTqU

‧自動化測試？

‧What、When、How？

‧特別的測試組態該如何載入？

延伸思考

build unit test

Stage: stg-deploy

build-test

build-release

phpunit

stg-deploy

Stage: stg-deploystg-deploy

Ansible: auto-deploy.yml

Ansible: auto-deploy.yml

變數傳遞

Project

Ansible Playbook

Your Runner

Secret variable

Think

: https://unsplash.com/photos/hANqC3_kTqU

延伸思考

‧Deploy 應該執行哪些動作？

‧Deploy 的自動化腳本應該如何設計？

‧Server 該如何與腳本配合？

延伸思考

‧續上，你規劃的自動 Deploy 流程可以反覆的 Re-eploy 嗎？

‧當自動 Deploy 失敗時該如何處理？

延伸思考

‧Token、Key、inventory 或其他 CI Job 需要的機敏資料應該怎麼管理？並傳遞給 Runner？

延伸思考

‧Zero downtime deploy？

‧DB、Files、Storages？

延伸思考

build unit test

Stage: stg-test

build-test

build-release

phpunit

stg-deploy stg-test

stg server

stg server

Stage: stg-testtest

‧Staging 環境應該要與 Production 環境多相像？

延伸思考

延伸思考

‧在 Staging 環境中應該要執行哪些自動化測試？

‧除了測試程式碼，還有哪些東西需要驗證？

延伸思考

‧如何收集並回報測試的結果？

‧測試環境是否需要監控？

延伸思考

build unit test

Stage: prod-deploy

build-test

build-release

phpunit

stg-deploy stg-test

stg server

stg server

prod-deploy

Stage: testtest

prod-deploy

Think

: https://unsplash.com/photos/hANqC3_kTqU

‧Deploy 至 Staging 與 Production 的差異有哪些？

延伸思考

延伸思考

‧同一個 Deploy 自動化腳本如何才能適用在不同的環境？

‧再一次，Zero downtime deploy？

‧同樣 Files、Storages？

‧DB Migration？

延伸思考

‧如何驗證 Deploy 確實成功？

延伸思考

‧如何 Rollback？

延伸思考

‧如何管理不同 Branch 不同 Pipeline？

‧哪些 Job 可以共用？

延伸思考

build unit test

Stage: prod-deploy

build-test

build-release

phpunit

stg-deploy stg-test

stg server

stg server

prod-deploy

prod-remove

Summary

code build test release deploy operateplan

Continuous Integration

Continuous Delivery

目標

Continuous Deployment

CIcommit dev stagingtest

testprod deploy

environment

dev

staging

prod

local

: https://unsplash.com/photos/Fixg8KipOg8

Trigger ScriptsInterface ServiceFlow

注意每個環節

因為坑，比你想像的多

Oooops

需要的資源（人力、工時），

也比你想像的多

需要的評估關鍵，

也同樣比你想像的多

code build test release deploy operateplan

Automation

從痛點、小處著手

Automation

• • • • •

思考並評估

好書非讀不可

CD

https://www.infoq.com/articles/Continuous-Delivery-Maturity-Model

好書非讀不可

https://landing.google.com/sre/book.html

• Operator-triggered manual action • Operator-written, system-specific automation • Externally maintained generic automation • Internally maintained, system-specific automation • Autonomous systems that need no human intervention

自動化的演進

https://landing.google.com/sre/book.html

反覆評估、持續改善

Photo by Sweet Ice Cream Photography on Unsplash

迭代

工商服務

https://devopstw.club

尋求志工、贊助

: https://pixabay.com/en/building-joy-planning-plans-1080592/ , https://pixabay.com/en/baby-hand-dad-200760/

尋求講者及講題

: https://www.pexels.com/photo/man-person-suit-united-states-of-america-2281/

http://fb.sre.tw

Photo by Clark Tibbs on Unsplash

Thank You