Found at CF Summit: The Secret Pipelines of Agile Cloud Operators

Cross posted from my LinkedIn articles.

Last week, more than 1400 developers and IT operators converged on Santa Clara to attend the 2017 Cloud Foundry Summit. They came to learn about the latest advances in the Cloud Foundry platform and approaches for helping development teams to deliver software faster.

I was following a deeper thread: how can we help operators of Cloud Foundry to become more agile themselves in delivering the CF platform?

Like any platform, the steps for installing or updating Cloud Foundry involve a long serial set of tasks. For example: you set up and deploy infrastructure, and install and configure official releases of the software. Depending on the actual project, there may also be backups of prior state, data and app migration, and a battery of smoke tests, and regression tests to conduct. Then a move to production: rebinding applications, cutting over to new versions of servers etc. 

For many customers running Cloud Foundry at scale, this is repeated several times with slight differences to each of their several Cloud Foundry deployments.

Take for example, Verizon Wireless who runs 12 Foundations of Cloud Foundry hosting more than 100 apps and 4000 containers.

Verizon's #CloudFoundry scale in a slide… #cfsummit17 pic.twitter.com/CRqRAlxuuJ

— Greg Chase (@GregChase) June 14, 2017

So what’s the secret to keeping such a large deployment up to date and in synch? A giant army of operators and administrators?

It turns out that some adopters of Cloud Foundry are borrowing an approach used by their developers: create continuous delivery pipelines to automate these serial operational processes.

Continuous Integration and Continuous Delivery (CI/CD) is a well-known approach to software developers that has spawned a whole category of enabling tools and frameworks. The idea is to automate all the steps to build, test, stage, and deliver software in order to speed up delivery. Jenkins is the most well known and adopted of these tools.

The state of art in CI/CD is to think of all the dependencies, steps, and pathways in a build and delivery process as a pipeline. You create a configuration describing these dependencies, steps, and pathways, and execute these pipelines using a stateless framework, such as Concourse.ci.

This is exactly what advanced operators of Cloud Foundry are doing for many of their administrative processes related to Cloud Foundry.

"@concourseci is a game changer for Verizon and helps us keep 12 CF deployments consistent" #cfsummit17 pic.twitter.com/fYZy1V8B3D

— Greg Chase (@GregChase) June 14, 2017

From this slide alone, you can see many of the update and administrative processes that Verizon’s Cloud Foundry operators have been able to automate. Their big wins provide significant business outcomes:

·     New platform features are delivered frequently

·     Security vulnerabilities are eliminated quickly

·     Systems perform identically because they are identical

·     Developers can focus on coding, not debugging platform inconsistencies

And Verizon is not kidding about delivering new features quickly. All 12 of Verizon’s CF deployments are on the latest release of Pivotal Cloud Foundry as of the beginning of the conference: PCF 1.10.

BTW – this is helping them stay current with @pivotal #CloudFOundry releases across all 12 foundations. They are on PCF 1.10. #cfsummit17 https://t.co/hWsFULHNDR

— Greg Chase (@GregChase) June 14, 2017

Compare Verizon’s results to what typically happens with enterprise systems: platforms get updated in annual or multi-year “big bangs”, and sometimes never get updated at all.

Verizon is not the only one who revealed their usage of Concourse.ci to create automated operational pipelines. Yahoo Japan is also a user:

Yahoo Japan uses @concourseci for a variety of admin pipelines in #cloudfoundry #cfsummit17 pic.twitter.com/l1zczEuYBl

— Greg Chase (@GregChase) June 15, 2017

In fact, you can see they use pipelines for many similar processes.

This isn’t just secret sauce being shared between operators who are “in the know”. The platform is evolving to provide more explicit support for using Concourse for installation and updates.

I caught a short update about BOSH-Bootloader (BBL), BOSH 2.0 and the future of CF-Deployment.

Catching BOSH-Bootloader, BOSH 2.0 & CF-Deployment pic.twitter.com/F8diqaz5nJ

— Greg Chase (@GregChase) June 15, 2017

The short summary is that BOSH-Bootloader can be used to deploy Concourse.ci which will then deploy Cloud Foundry.

BOSH Bootloader (BBL) also can be used to deploy @concourseci which will then deploy your CF. #cfsummit17 #chickenegg

— Greg Chase (@GregChase) June 15, 2017

A Concourse pipeline can be used to chain together these BOSH tools that automate deployment of CF. #cfsummit17 pic.twitter.com/C6b6Il4jVo

— Greg Chase (@GregChase) June 15, 2017

This will become the default way to deploy #CloudFoundry in an opinionated way. #cfsummit17 https://t.co/AElVcNsn2I

— Greg Chase (@GregChase) June 15, 2017

Concourse itself is also rapidly evolving to better support enterprise operations. Recently it released some important security features and is working to integrate Vault and the newly introduced CredHub.

We're working on vault/credhub support this very moment. :) Aiming for 3.3.

— Concourse CI (@concourseci) June 16, 2017

If you want to get “in-the-know” and get some of yourself that “secret sauce,” feel free to browse the pipeline configuration files created by some of Pivotal’s customer delivery teams. These are offered under open source, so you are welcome to use them, and contribute back with pull requests. Be sure to check out the library of samples and hacks as well.

If you are a customer of Pivotal Cloud Foundry, there’s also a working group being organized by customers that want to further share ideas and pipeline configurations to automate operational processes. For more information about this program, contact your Pivotal account rep and ask how to join the Pivotal Cloud Foundry Virtual Users Group.