SlideShare a Scribd company logo

2015 jcconf-h2s-devops-practice

Hochi Chuang
Hochi Chuang

Hochi Chuang presented on the DevOps practices at Here2Shop. Here2Shop uses Agile development methods like Scrum and focuses on continuous testing, deployment, and monitoring. They deploy Java applications to AWS using Jenkins, Selenium, and the AWS CLI. Their goals include improving the deployment process, integrating monitoring tools, and addressing security issues like content delivery and cross-site scripting. Chuang shared experiences transitioning to microservices and optimizing performance through caching.

1 of 53
Download to read offline
Here2Shop DevOps Practice Hochi Chuang
Who am I • 熟悉Java相關開發技術 - client & server • ⾃自動化整合與測試 • 雲端系統建置 • Startup 相關經驗 • ⺫⽬目標 -> 打造⼀一個⼤大系統環境,在台灣
About Here2shop • 利⽤用Big Data技術讓商家和消費者更互惠 • 致⼒力達成⼝口碑⾏行銷和顛覆傳統的社交平台 • 你不需要懂電商,因為電商懂你 • 官網 https://www.here2shop.com/
Agenda • DevOps @ Here2Shop • Development • Test • Deployment • Monitoring • EC 平台注意事項與安全性 • 經驗分享
DevOps
@Here2Shop • Java + Spring + Jenkins • Test (JUnit + selenium) • Deploy (AWS) • Monitor (logs + selenium) • Feedback (human involved)
Development
• Agile Development sprint — 2 weeks daily scrum review & planning • Role Scrum master Product owner Team
Case: Agile? • EC — online Web Application Prioritise!! — bugs, features, data, etc… Plan — exceptions… 經營模式、發票、特殊規格、 3rd party API Flexibility — easy to refactor… Code quality & style — peer co-working
2015 jcconf-h2s-devops-practice
• redmine ticket commit subject: “refs|fixes|close #xxx: doing something” • Code github flow @ gitlab • merge request gitlab + jenkins (gitlab merge request builder) • deploy to DEV environment
2015 jcconf-h2s-devops-practice
QA vs master • Every work goes into QA branch first • DEV machine has the latest code • Staging machine has a subset of passed tests code • master branch is always deploy-able
QA vs master • Every work goes into QA branch first • DEV machine has the latest code • Staging machine has a subset of passed tests code • master branch is always deploy-able BUT…
2015 jcconf-h2s-devops-practice
• DEVs be super CAREFUL!!! merged? (QA or master) • Complicated issue state Resolved Verified Feedback • Qualified code? No code review Peer comments
Github flow @Gitlab…
We Expect
2015 jcconf-h2s-devops-practice
2015 jcconf-h2s-devops-practice
Case: in real world • open source tools NOT integrated well a)polling to build periodically… b)cannot auto-update ticket status… c)automation not yet ready… • Keep DEV process in everyone’s mind!!!
• https://about.gitlab.com/2014/09/29/ gitlab-flow/ • http://www.15yan.com/story/ 6yueHxcgD9Z/
Test
Continuous Test • from: Understanding DevOps part 4
• DEV deploy by each merge request junit passed + BVT • Daily automation jenkins + selenium plugin (browse, login, logout, update product, search, purchase, etc…)
• Acceptance Test on Staging - accessible from outside Non RD team member feature as design data validation 3rd API integration - ⾦金流、簡訊 social media integration - Facebook, LINE, etc…
• Production selenium - per hour availability detector - uptimebutler.com, webmon.com change detector site links validation - xenu Vitual Studio Load test
Xenu
2015 jcconf-h2s-devops-practice
Case: sth to know… • wrong CSS layout - Sikuli • Site speed tester Google PageSpeed Insights GTmetrix — https://gtmetrix.com/ • Google webmaster tool Structured Data, Data Highlighter, HTML Improvements
Deployment
to AWS
the first - manually jars bastion scp -r v001_20151203 bastion:~/ Web Server 1 Web Server 2 scp -r v001_20151203 172.1.0.xxx:~/
the first - manually jars bastion scp -r v001_20151203 bastion:~/ Web Server 1 Web Server 2 Painful and Erroneous scp -r v001_20151203 172.1.0.xxx:~/
need to CHANGE!! • static resources CDN, so resources need versioning!! • app server retrieves the latest build by itself jenkins S3 plugin + script • HA without downtime AWS API + script //cdn1r.here2shop.com/00396/css/default.css
AWS CLI • HA of ELB # update service aws autoscaling enter-standby --instance-ids i-dadfc329 --auto- scaling-group-name prod-asg --should-decrement-desired-capacity aws autoscaling exit-standby --instance-ids i-dadfc329 --auto- scaling-group-name prod-asgaws autoscaling describe-auto-scaling-instances --instance-ids i-dadfc329 # create a new instance ec2-run-instances ami-xxxxxxxx -t m3.medium -s subnet-xxxxxxxx - k prod-key -g sg-xxxxxxxx --associate-public-ip-address true aws autoscaling attach-instances --instance-ids i-109228e5 -- auto-scaling-group-name prod-asg
semi-auto jars bastion Web Server 1 Web Server 2 # get latest jars from S3 bucket java -jar latest-build.jar S3 jenkins
Next goals • pack static resources and separate from service jar • one click to deploy make 10+ deploy per day!! • integrate with Hubot + slack • rollback mechanism challenge with Hibernate ORM
Monitoring
• CloudWatch —> alert notification • still in stone age —> login, tail, vi, find & watch… • lots of human involved actions
2015 jcconf-h2s-devops-practice
Tools • PaperTrails / fluentd • nagios
We Hope…
We Hope…
We Hope…
經驗分享
Case I: Spring boot • spring boot is great for micro-service, but large project… • pro ‣ convention over configuration ‣ standalone jar • con ‣ eclipse & standalone jar NOT the same ‣ hard to replace a single static file…
Case II: Security Issue • Redirect security concerns nginx —> origin, md5 checksum by LUA location ~ ^/(ad|edm)/(.*)* { valid_referers none blocked server_names *.here2shop.com; if ($invalid_referer) { return 403; } rewrite_by_lua " HASH_KEY = 'secret_pass'; local redirect_url= ngx.unescape_uri(ngx.var['arg_r']); local arg_checksum = ngx.var['arg_m']; redirect_url_checksum = ngx.md5(redirect_url..HASH_KEY); if(redirect_url_checksum==arg_checksum) then return ngx.redirect(redirect_url, 302); else return ngx.exit(403); end "; }
Case III: more Security • expose iframe all site: specific site: X-Frame-Options: SAMEORIGIN Content-Security-Policy:frame-ancestors http://example.com
Case IV: Facebook • Facebook doesn’t like cloudfront domain… d8adrk2lu91bp.cloudfront.net —> malicious domain cdn1r.here2shop.com
Case V: caching • 10k transactions in 16 hours • concurrent: ~500 • hanging on single table —> move to Redis • transaction: from 5 min to 10 seconds
Thank You https://www.here2shop.com mail to: hochi.chuang@here2shop.com
Q&A

More Related Content

What's hot

淺談 Startup 公司的軟體開發流程 v2
淺談 Startup 公司的軟體開發流程 v2淺談 Startup 公司的軟體開發流程 v2
淺談 Startup 公司的軟體開發流程 v2
Wen-Tien Chang
 
Devoxx : being productive with JHipster
Devoxx : being productive with JHipsterDevoxx : being productive with JHipster
Devoxx : being productive with JHipster
Julien Dubois
 
Azure devops
Azure devopsAzure devops
Azure devops
Mohit Chhabra
 
All Things Jenkins and Cloud Foundry (Cloud Foundry Summit 2014)
All Things Jenkins and Cloud Foundry (Cloud Foundry Summit 2014) All Things Jenkins and Cloud Foundry (Cloud Foundry Summit 2014)
All Things Jenkins and Cloud Foundry (Cloud Foundry Summit 2014)
VMware Tanzu
 
An Angular developer moving to React
An Angular developer moving to ReactAn Angular developer moving to React
An Angular developer moving to React
Souvik Basu
 
Grails in 5mins (2010-v0.3)
Grails in 5mins (2010-v0.3)Grails in 5mins (2010-v0.3)
Grails in 5mins (2010-v0.3)
David Trattnig
 
Unleashing Docker with Pipelines in Bitbucket Cloud
Unleashing Docker with Pipelines in Bitbucket CloudUnleashing Docker with Pipelines in Bitbucket Cloud
Unleashing Docker with Pipelines in Bitbucket Cloud
Atlassian
 
Node.js for .NET Developers
Node.js for .NET DevelopersNode.js for .NET Developers
Node.js for .NET Developers
David Neal
 
Contract-based Testing Approach as a Tool for Shift Lef
Contract-based Testing Approach as a Tool for Shift LefContract-based Testing Approach as a Tool for Shift Lef
Contract-based Testing Approach as a Tool for Shift Lef
Katherine Golovinova
 
Continuous integration and delivery for java based web applications
Continuous integration and delivery for java based web applicationsContinuous integration and delivery for java based web applications
Continuous integration and delivery for java based web applications
Sunil Dalal
 
Intro to Node.js (for .NET Developers)
Intro to Node.js (for .NET Developers)Intro to Node.js (for .NET Developers)
Intro to Node.js (for .NET Developers)
David Neal
 
Browser Automation with Playwright – for integration, RPA, UI testing and mor...
Browser Automation with Playwright – for integration, RPA, UI testing and mor...Browser Automation with Playwright – for integration, RPA, UI testing and mor...
Browser Automation with Playwright – for integration, RPA, UI testing and mor...
Lucas Jellema
 
Deployment Pipeline for databases (Azure SQL Database, SQL Server)
Deployment Pipeline for databases (Azure SQL Database, SQL Server)Deployment Pipeline for databases (Azure SQL Database, SQL Server)
Deployment Pipeline for databases (Azure SQL Database, SQL Server)
Eduardo Piairo
 
Fine-Tuning of Agile Development
Fine-Tuning of Agile DevelopmentFine-Tuning of Agile Development
Fine-Tuning of Agile Development
Thoughtworks
 
The WordPress Performance Team
The WordPress Performance TeamThe WordPress Performance Team
The WordPress Performance Team
Felix Arntz
 
Continuous Delivery with Sitecore
Continuous Delivery with SitecoreContinuous Delivery with Sitecore
Continuous Delivery with Sitecore
Code Computerlove
 
Azureサーバーレスで行う情報のスクリーニング
Azureサーバーレスで行う情報のスクリーニングAzureサーバーレスで行う情報のスクリーニング
Azureサーバーレスで行う情報のスクリーニング
ryosuke matsumura
 
Full-Stack Development with Spring Boot and VueJS
Full-Stack Development with Spring Boot and VueJSFull-Stack Development with Spring Boot and VueJS
Full-Stack Development with Spring Boot and VueJS
VMware Tanzu
 
Evolutionary infrastructure agile 2018 - kief morris
Evolutionary infrastructure agile 2018 - kief morrisEvolutionary infrastructure agile 2018 - kief morris
Evolutionary infrastructure agile 2018 - kief morris
Kief Morris
 
Tc open-doors-day-speech
Tc open-doors-day-speechTc open-doors-day-speech
Tc open-doors-day-speech
Evgeniy Koshkin
 

What's hot (20)

淺談 Startup 公司的軟體開發流程 v2
淺談 Startup 公司的軟體開發流程 v2淺談 Startup 公司的軟體開發流程 v2
淺談 Startup 公司的軟體開發流程 v2
 
Devoxx : being productive with JHipster
Devoxx : being productive with JHipsterDevoxx : being productive with JHipster
Devoxx : being productive with JHipster
 
Azure devops
Azure devopsAzure devops
Azure devops
 
All Things Jenkins and Cloud Foundry (Cloud Foundry Summit 2014)
All Things Jenkins and Cloud Foundry (Cloud Foundry Summit 2014) All Things Jenkins and Cloud Foundry (Cloud Foundry Summit 2014)
All Things Jenkins and Cloud Foundry (Cloud Foundry Summit 2014)
 
An Angular developer moving to React
An Angular developer moving to ReactAn Angular developer moving to React
An Angular developer moving to React
 
Grails in 5mins (2010-v0.3)
Grails in 5mins (2010-v0.3)Grails in 5mins (2010-v0.3)
Grails in 5mins (2010-v0.3)
 
Unleashing Docker with Pipelines in Bitbucket Cloud
Unleashing Docker with Pipelines in Bitbucket CloudUnleashing Docker with Pipelines in Bitbucket Cloud
Unleashing Docker with Pipelines in Bitbucket Cloud
 
Node.js for .NET Developers
Node.js for .NET DevelopersNode.js for .NET Developers
Node.js for .NET Developers
 
Contract-based Testing Approach as a Tool for Shift Lef
Contract-based Testing Approach as a Tool for Shift LefContract-based Testing Approach as a Tool for Shift Lef
Contract-based Testing Approach as a Tool for Shift Lef
 
Continuous integration and delivery for java based web applications
Continuous integration and delivery for java based web applicationsContinuous integration and delivery for java based web applications
Continuous integration and delivery for java based web applications
 
Intro to Node.js (for .NET Developers)
Intro to Node.js (for .NET Developers)Intro to Node.js (for .NET Developers)
Intro to Node.js (for .NET Developers)
 
Browser Automation with Playwright – for integration, RPA, UI testing and mor...
Browser Automation with Playwright – for integration, RPA, UI testing and mor...Browser Automation with Playwright – for integration, RPA, UI testing and mor...
Browser Automation with Playwright – for integration, RPA, UI testing and mor...
 
Deployment Pipeline for databases (Azure SQL Database, SQL Server)
Deployment Pipeline for databases (Azure SQL Database, SQL Server)Deployment Pipeline for databases (Azure SQL Database, SQL Server)
Deployment Pipeline for databases (Azure SQL Database, SQL Server)
 
Fine-Tuning of Agile Development
Fine-Tuning of Agile DevelopmentFine-Tuning of Agile Development
Fine-Tuning of Agile Development
 
The WordPress Performance Team
The WordPress Performance TeamThe WordPress Performance Team
The WordPress Performance Team
 
Continuous Delivery with Sitecore
Continuous Delivery with SitecoreContinuous Delivery with Sitecore
Continuous Delivery with Sitecore
 
Azureサーバーレスで行う情報のスクリーニング
Azureサーバーレスで行う情報のスクリーニングAzureサーバーレスで行う情報のスクリーニング
Azureサーバーレスで行う情報のスクリーニング
 
Full-Stack Development with Spring Boot and VueJS
Full-Stack Development with Spring Boot and VueJSFull-Stack Development with Spring Boot and VueJS
Full-Stack Development with Spring Boot and VueJS
 
Evolutionary infrastructure agile 2018 - kief morris
Evolutionary infrastructure agile 2018 - kief morrisEvolutionary infrastructure agile 2018 - kief morris
Evolutionary infrastructure agile 2018 - kief morris
 
Tc open-doors-day-speech
Tc open-doors-day-speechTc open-doors-day-speech
Tc open-doors-day-speech
 

Similar to 2015 jcconf-h2s-devops-practice

Getting to Walk with DevOps
Getting to Walk with DevOpsGetting to Walk with DevOps
Getting to Walk with DevOps
Eklove Mohan
 
Selenium practical
Selenium practicalSelenium practical
Selenium practical
Ruslan Strazhnyk
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
Amazon Web Services
 
How we realized SOA by Python at PyCon JP 2015
How we realized SOA by Python at PyCon JP 2015How we realized SOA by Python at PyCon JP 2015
How we realized SOA by Python at PyCon JP 2015
hirokiky
 
Flintstones or Jetsons? Jump Start Your Virtual Test Lab
Flintstones or Jetsons? Jump Start Your Virtual Test LabFlintstones or Jetsons? Jump Start Your Virtual Test Lab
Flintstones or Jetsons? Jump Start Your Virtual Test Lab
TechWell
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
Amazon Web Services
 
Sailing through devlopment with legacy code
Sailing through devlopment with legacy codeSailing through devlopment with legacy code
Sailing through devlopment with legacy code
prasadkunte
 
Js unit testingpresentation
Js unit testingpresentationJs unit testingpresentation
Js unit testingpresentation
Jonathan Gregory
 
Dot Net Notts Js Unit Testing at Microlise
Dot Net Notts Js Unit Testing at MicroliseDot Net Notts Js Unit Testing at Microlise
Dot Net Notts Js Unit Testing at Microlise
Jonathan Gregory
 
Groovy & Grails - From Scratch to Production
Groovy & Grails - From Scratch to Production Groovy & Grails - From Scratch to Production
Groovy & Grails - From Scratch to Production
Tal Maayani
 
DevOps Days Ohio
DevOps Days OhioDevOps Days Ohio
DevOps Days Ohio
Kelly Looney
 
The Unicorn Project and the Five Ideals.pdf
The Unicorn Project and the Five Ideals.pdfThe Unicorn Project and the Five Ideals.pdf
The Unicorn Project and the Five Ideals.pdf
VMware Tanzu
 
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
CloudBees
 
java in cloud - adopt cloud dev's DHARMA
java in cloud - adopt cloud dev's DHARMAjava in cloud - adopt cloud dev's DHARMA
java in cloud - adopt cloud dev's DHARMA
Hochi Chuang
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
Amazon Web Services
 
Dev ops for mobile apps at microsoft teams
Dev ops for mobile apps at microsoft teamsDev ops for mobile apps at microsoft teams
Dev ops for mobile apps at microsoft teams
Mahesh Arali
 
Automated Visual Regression Testing by Dave Sadlon
Automated Visual Regression Testing by Dave SadlonAutomated Visual Regression Testing by Dave Sadlon
Automated Visual Regression Testing by Dave Sadlon
QA or the Highway
 
Cloudstack Continuous Delivery
Cloudstack Continuous DeliveryCloudstack Continuous Delivery
Cloudstack Continuous Delivery
buildacloud
 
Architecting for Hyper Growth and Great Engineering Culture
Architecting for Hyper Growth and Great Engineering CultureArchitecting for Hyper Growth and Great Engineering Culture
Architecting for Hyper Growth and Great Engineering Culture
ifnu bima
 
Architecting for Huper Growth and Great Engineering Culture
Architecting for Huper Growth and Great Engineering CultureArchitecting for Huper Growth and Great Engineering Culture
Architecting for Huper Growth and Great Engineering Culture
SARCCOM
 

Similar to 2015 jcconf-h2s-devops-practice (20)

Getting to Walk with DevOps
Getting to Walk with DevOpsGetting to Walk with DevOps
Getting to Walk with DevOps
 
Selenium practical
Selenium practicalSelenium practical
Selenium practical
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
 
How we realized SOA by Python at PyCon JP 2015
How we realized SOA by Python at PyCon JP 2015How we realized SOA by Python at PyCon JP 2015
How we realized SOA by Python at PyCon JP 2015
 
Flintstones or Jetsons? Jump Start Your Virtual Test Lab
Flintstones or Jetsons? Jump Start Your Virtual Test LabFlintstones or Jetsons? Jump Start Your Virtual Test Lab
Flintstones or Jetsons? Jump Start Your Virtual Test Lab
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
 
Sailing through devlopment with legacy code
Sailing through devlopment with legacy codeSailing through devlopment with legacy code
Sailing through devlopment with legacy code
 
Js unit testingpresentation
Js unit testingpresentationJs unit testingpresentation
Js unit testingpresentation
 
Dot Net Notts Js Unit Testing at Microlise
Dot Net Notts Js Unit Testing at MicroliseDot Net Notts Js Unit Testing at Microlise
Dot Net Notts Js Unit Testing at Microlise
 
Groovy & Grails - From Scratch to Production
Groovy & Grails - From Scratch to Production Groovy & Grails - From Scratch to Production
Groovy & Grails - From Scratch to Production
 
DevOps Days Ohio
DevOps Days OhioDevOps Days Ohio
DevOps Days Ohio
 
The Unicorn Project and the Five Ideals.pdf
The Unicorn Project and the Five Ideals.pdfThe Unicorn Project and the Five Ideals.pdf
The Unicorn Project and the Five Ideals.pdf
 
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
 
java in cloud - adopt cloud dev's DHARMA
java in cloud - adopt cloud dev's DHARMAjava in cloud - adopt cloud dev's DHARMA
java in cloud - adopt cloud dev's DHARMA
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
 
Dev ops for mobile apps at microsoft teams
Dev ops for mobile apps at microsoft teamsDev ops for mobile apps at microsoft teams
Dev ops for mobile apps at microsoft teams
 
Automated Visual Regression Testing by Dave Sadlon
Automated Visual Regression Testing by Dave SadlonAutomated Visual Regression Testing by Dave Sadlon
Automated Visual Regression Testing by Dave Sadlon
 
Cloudstack Continuous Delivery
Cloudstack Continuous DeliveryCloudstack Continuous Delivery
Cloudstack Continuous Delivery
 
Architecting for Hyper Growth and Great Engineering Culture
Architecting for Hyper Growth and Great Engineering CultureArchitecting for Hyper Growth and Great Engineering Culture
Architecting for Hyper Growth and Great Engineering Culture
 
Architecting for Huper Growth and Great Engineering Culture
Architecting for Huper Growth and Great Engineering CultureArchitecting for Huper Growth and Great Engineering Culture
Architecting for Huper Growth and Great Engineering Culture
 

Recently uploaded

NBFC Software: Optimize Your Non-Banking Financial Company
NBFC Software: Optimize Your Non-Banking Financial CompanyNBFC Software: Optimize Your Non-Banking Financial Company
NBFC Software: Optimize Your Non-Banking Financial Company
NBFC Softwares
 
active-directory-auditing-solution (2).pptx
active-directory-auditing-solution (2).pptxactive-directory-auditing-solution (2).pptx
active-directory-auditing-solution (2).pptx
sudsdeep
 
Attendance Tracking From Paper To Digital
Attendance Tracking From Paper To DigitalAttendance Tracking From Paper To Digital
Attendance Tracking From Paper To Digital
Task Tracker
 
Intro to Amazon Web Services (AWS) and Gen AI
Intro to Amazon Web Services (AWS) and Gen AIIntro to Amazon Web Services (AWS) and Gen AI
Intro to Amazon Web Services (AWS) and Gen AI
Ortus Solutions, Corp
 
A Comparative Analysis of Functional and Non-Functional Testing.pdf
A Comparative Analysis of Functional and Non-Functional Testing.pdfA Comparative Analysis of Functional and Non-Functional Testing.pdf
A Comparative Analysis of Functional and Non-Functional Testing.pdf
kalichargn70th171
 
Prada Group Reports Strong Growth in First Quarter …
Prada Group Reports Strong Growth in First Quarter …Prada Group Reports Strong Growth in First Quarter …
Prada Group Reports Strong Growth in First Quarter …
908dutch
 
dachnug51 - HCL Sametime 12 as a Software Appliance.pdf
dachnug51 - HCL Sametime 12 as a Software Appliance.pdfdachnug51 - HCL Sametime 12 as a Software Appliance.pdf
dachnug51 - HCL Sametime 12 as a Software Appliance.pdf
DNUG e.V.
 
introduction of Ansys software and basic and advance knowledge of modelling s...
introduction of Ansys software and basic and advance knowledge of modelling s...introduction of Ansys software and basic and advance knowledge of modelling s...
introduction of Ansys software and basic and advance knowledge of modelling s...
sachin chaurasia
 
What is OCR Technology and How to Extract Text from Any Image for Free
What is OCR Technology and How to Extract Text from Any Image for FreeWhat is OCR Technology and How to Extract Text from Any Image for Free
What is OCR Technology and How to Extract Text from Any Image for Free
TwisterTools
 
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...
karim wahed
 
Cultural Shifts: Embracing DevOps for Organizational Transformation
Cultural Shifts: Embracing DevOps for Organizational TransformationCultural Shifts: Embracing DevOps for Organizational Transformation
Cultural Shifts: Embracing DevOps for Organizational Transformation
Mindfire Solution
 
ThaiPy meetup - Indexes and Django
ThaiPy meetup - Indexes and DjangoThaiPy meetup - Indexes and Django
ThaiPy meetup - Indexes and Django
akshesh doshi
 
一比一原版英国牛津大学毕业证(oxon毕业证书)如何办理
一比一原版英国牛津大学毕业证(oxon毕业证书)如何办理一比一原版英国牛津大学毕业证(oxon毕业证书)如何办理
一比一原版英国牛津大学毕业证(oxon毕业证书)如何办理
avufu
 
Splunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptxSplunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptx
sudsdeep
 
Wired_2.0_Create_AmsterdamJUG_09072024.pptx
Wired_2.0_Create_AmsterdamJUG_09072024.pptxWired_2.0_Create_AmsterdamJUG_09072024.pptx
Wired_2.0_Create_AmsterdamJUG_09072024.pptx
SimonedeGijt
 
Independence Day Hasn’t Always Been a U.S. Holiday.pdf
Independence Day Hasn’t Always Been a U.S. Holiday.pdfIndependence Day Hasn’t Always Been a U.S. Holiday.pdf
Independence Day Hasn’t Always Been a U.S. Holiday.pdf
Livetecs LLC
 
Migrate your Infrastructure to the AWS Cloud
Migrate your Infrastructure to the AWS CloudMigrate your Infrastructure to the AWS Cloud
Migrate your Infrastructure to the AWS Cloud
Ortus Solutions, Corp
 
WhatsApp Tracker - Tracking WhatsApp to Boost Online Safety.pdf
WhatsApp Tracker - Tracking WhatsApp to Boost Online Safety.pdfWhatsApp Tracker - Tracking WhatsApp to Boost Online Safety.pdf
WhatsApp Tracker - Tracking WhatsApp to Boost Online Safety.pdf
onemonitarsoftware
 
Leading Project Management Tool Taskruop.pptx
Leading Project Management Tool Taskruop.pptxLeading Project Management Tool Taskruop.pptx
Leading Project Management Tool Taskruop.pptx
taskroupseo
 
CViewSurvey Digitech Pvt Ltd that works on a proven C.A.A.G. model.
CViewSurvey Digitech Pvt Ltd that works on a proven C.A.A.G. model.CViewSurvey Digitech Pvt Ltd that works on a proven C.A.A.G. model.
CViewSurvey Digitech Pvt Ltd that works on a proven C.A.A.G. model.
bhatinidhi2001
 

Recently uploaded (20)

NBFC Software: Optimize Your Non-Banking Financial Company
NBFC Software: Optimize Your Non-Banking Financial CompanyNBFC Software: Optimize Your Non-Banking Financial Company
NBFC Software: Optimize Your Non-Banking Financial Company
 
active-directory-auditing-solution (2).pptx
active-directory-auditing-solution (2).pptxactive-directory-auditing-solution (2).pptx
active-directory-auditing-solution (2).pptx
 
Attendance Tracking From Paper To Digital
Attendance Tracking From Paper To DigitalAttendance Tracking From Paper To Digital
Attendance Tracking From Paper To Digital
 
Intro to Amazon Web Services (AWS) and Gen AI
Intro to Amazon Web Services (AWS) and Gen AIIntro to Amazon Web Services (AWS) and Gen AI
Intro to Amazon Web Services (AWS) and Gen AI
 
A Comparative Analysis of Functional and Non-Functional Testing.pdf
A Comparative Analysis of Functional and Non-Functional Testing.pdfA Comparative Analysis of Functional and Non-Functional Testing.pdf
A Comparative Analysis of Functional and Non-Functional Testing.pdf
 
Prada Group Reports Strong Growth in First Quarter …
Prada Group Reports Strong Growth in First Quarter …Prada Group Reports Strong Growth in First Quarter …
Prada Group Reports Strong Growth in First Quarter …
 
dachnug51 - HCL Sametime 12 as a Software Appliance.pdf
dachnug51 - HCL Sametime 12 as a Software Appliance.pdfdachnug51 - HCL Sametime 12 as a Software Appliance.pdf
dachnug51 - HCL Sametime 12 as a Software Appliance.pdf
 
introduction of Ansys software and basic and advance knowledge of modelling s...
introduction of Ansys software and basic and advance knowledge of modelling s...introduction of Ansys software and basic and advance knowledge of modelling s...
introduction of Ansys software and basic and advance knowledge of modelling s...
 
What is OCR Technology and How to Extract Text from Any Image for Free
What is OCR Technology and How to Extract Text from Any Image for FreeWhat is OCR Technology and How to Extract Text from Any Image for Free
What is OCR Technology and How to Extract Text from Any Image for Free
 
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...
 
Cultural Shifts: Embracing DevOps for Organizational Transformation
Cultural Shifts: Embracing DevOps for Organizational TransformationCultural Shifts: Embracing DevOps for Organizational Transformation
Cultural Shifts: Embracing DevOps for Organizational Transformation
 
ThaiPy meetup - Indexes and Django
ThaiPy meetup - Indexes and DjangoThaiPy meetup - Indexes and Django
ThaiPy meetup - Indexes and Django
 
一比一原版英国牛津大学毕业证(oxon毕业证书)如何办理
一比一原版英国牛津大学毕业证(oxon毕业证书)如何办理一比一原版英国牛津大学毕业证(oxon毕业证书)如何办理
一比一原版英国牛津大学毕业证(oxon毕业证书)如何办理
 
Splunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptxSplunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptx
 
Wired_2.0_Create_AmsterdamJUG_09072024.pptx
Wired_2.0_Create_AmsterdamJUG_09072024.pptxWired_2.0_Create_AmsterdamJUG_09072024.pptx
Wired_2.0_Create_AmsterdamJUG_09072024.pptx
 
Independence Day Hasn’t Always Been a U.S. Holiday.pdf
Independence Day Hasn’t Always Been a U.S. Holiday.pdfIndependence Day Hasn’t Always Been a U.S. Holiday.pdf
Independence Day Hasn’t Always Been a U.S. Holiday.pdf
 
Migrate your Infrastructure to the AWS Cloud
Migrate your Infrastructure to the AWS CloudMigrate your Infrastructure to the AWS Cloud
Migrate your Infrastructure to the AWS Cloud
 
WhatsApp Tracker - Tracking WhatsApp to Boost Online Safety.pdf
WhatsApp Tracker - Tracking WhatsApp to Boost Online Safety.pdfWhatsApp Tracker - Tracking WhatsApp to Boost Online Safety.pdf
WhatsApp Tracker - Tracking WhatsApp to Boost Online Safety.pdf
 
Leading Project Management Tool Taskruop.pptx
Leading Project Management Tool Taskruop.pptxLeading Project Management Tool Taskruop.pptx
Leading Project Management Tool Taskruop.pptx
 
CViewSurvey Digitech Pvt Ltd that works on a proven C.A.A.G. model.
CViewSurvey Digitech Pvt Ltd that works on a proven C.A.A.G. model.CViewSurvey Digitech Pvt Ltd that works on a proven C.A.A.G. model.
CViewSurvey Digitech Pvt Ltd that works on a proven C.A.A.G. model.
 

2015 jcconf-h2s-devops-practice

  • 2. Who am I • 熟悉Java相關開發技術 - client & server • ⾃自動化整合與測試 • 雲端系統建置 • Startup 相關經驗 • ⺫⽬目標 -> 打造⼀一個⼤大系統環境,在台灣
  • 3. About Here2shop • 利⽤用Big Data技術讓商家和消費者更互惠 • 致⼒力達成⼝口碑⾏行銷和顛覆傳統的社交平台 • 你不需要懂電商,因為電商懂你 • 官網 https://www.here2shop.com/
  • 4. Agenda • DevOps @ Here2Shop • Development • Test • Deployment • Monitoring • EC 平台注意事項與安全性 • 經驗分享
  • 6. @Here2Shop • Java + Spring + Jenkins • Test (JUnit + selenium) • Deploy (AWS) • Monitor (logs + selenium) • Feedback (human involved)
  • 8. • Agile Development sprint — 2 weeks daily scrum review & planning • Role Scrum master Product owner Team
  • 9. Case: Agile? • EC — online Web Application Prioritise!! — bugs, features, data, etc… Plan — exceptions… 經營模式、發票、特殊規格、 3rd party API Flexibility — easy to refactor… Code quality & style — peer co-working
  • 11. • redmine ticket commit subject: “refs|fixes|close #xxx: doing something” • Code github flow @ gitlab • merge request gitlab + jenkins (gitlab merge request builder) • deploy to DEV environment
  • 13. QA vs master • Every work goes into QA branch first • DEV machine has the latest code • Staging machine has a subset of passed tests code • master branch is always deploy-able
  • 14. QA vs master • Every work goes into QA branch first • DEV machine has the latest code • Staging machine has a subset of passed tests code • master branch is always deploy-able BUT…
  • 16. • DEVs be super CAREFUL!!! merged? (QA or master) • Complicated issue state Resolved Verified Feedback • Qualified code? No code review Peer comments
  • 21. Case: in real world • open source tools NOT integrated well a)polling to build periodically… b)cannot auto-update ticket status… c)automation not yet ready… • Keep DEV process in everyone’s mind!!!
  • 23. Test
  • 24. Continuous Test • from: Understanding DevOps part 4
  • 25. • DEV deploy by each merge request junit passed + BVT • Daily automation jenkins + selenium plugin (browse, login, logout, update product, search, purchase, etc…)
  • 26. • Acceptance Test on Staging - accessible from outside Non RD team member feature as design data validation 3rd API integration - ⾦金流、簡訊 social media integration - Facebook, LINE, etc…
  • 27. • Production selenium - per hour availability detector - uptimebutler.com, webmon.com change detector site links validation - xenu Vitual Studio Load test
  • 28. Xenu
  • 30. Case: sth to know… • wrong CSS layout - Sikuli • Site speed tester Google PageSpeed Insights GTmetrix — https://gtmetrix.com/ • Google webmaster tool Structured Data, Data Highlighter, HTML Improvements
  • 33. the first - manually jars bastion scp -r v001_20151203 bastion:~/ Web Server 1 Web Server 2 scp -r v001_20151203 172.1.0.xxx:~/
  • 34. the first - manually jars bastion scp -r v001_20151203 bastion:~/ Web Server 1 Web Server 2 Painful and Erroneous scp -r v001_20151203 172.1.0.xxx:~/
  • 35. need to CHANGE!! • static resources CDN, so resources need versioning!! • app server retrieves the latest build by itself jenkins S3 plugin + script • HA without downtime AWS API + script //cdn1r.here2shop.com/00396/css/default.css
  • 36. AWS CLI • HA of ELB # update service aws autoscaling enter-standby --instance-ids i-dadfc329 --auto- scaling-group-name prod-asg --should-decrement-desired-capacity aws autoscaling exit-standby --instance-ids i-dadfc329 --auto- scaling-group-name prod-asgaws autoscaling describe-auto-scaling-instances --instance-ids i-dadfc329 # create a new instance ec2-run-instances ami-xxxxxxxx -t m3.medium -s subnet-xxxxxxxx - k prod-key -g sg-xxxxxxxx --associate-public-ip-address true aws autoscaling attach-instances --instance-ids i-109228e5 -- auto-scaling-group-name prod-asg
  • 37. semi-auto jars bastion Web Server 1 Web Server 2 # get latest jars from S3 bucket java -jar latest-build.jar S3 jenkins
  • 38. Next goals • pack static resources and separate from service jar • one click to deploy make 10+ deploy per day!! • integrate with Hubot + slack • rollback mechanism challenge with Hibernate ORM
  • 40. • CloudWatch —> alert notification • still in stone age —> login, tail, vi, find & watch… • lots of human involved actions
  • 42. Tools • PaperTrails / fluentd • nagios
  • 47. Case I: Spring boot • spring boot is great for micro-service, but large project… • pro ‣ convention over configuration ‣ standalone jar • con ‣ eclipse & standalone jar NOT the same ‣ hard to replace a single static file…
  • 48. Case II: Security Issue • Redirect security concerns nginx —> origin, md5 checksum by LUA location ~ ^/(ad|edm)/(.*)* { valid_referers none blocked server_names *.here2shop.com; if ($invalid_referer) { return 403; } rewrite_by_lua " HASH_KEY = 'secret_pass'; local redirect_url= ngx.unescape_uri(ngx.var['arg_r']); local arg_checksum = ngx.var['arg_m']; redirect_url_checksum = ngx.md5(redirect_url..HASH_KEY); if(redirect_url_checksum==arg_checksum) then return ngx.redirect(redirect_url, 302); else return ngx.exit(403); end "; }
  • 49. Case III: more Security • expose iframe all site: specific site: X-Frame-Options: SAMEORIGIN Content-Security-Policy:frame-ancestors http://example.com
  • 50. Case IV: Facebook • Facebook doesn’t like cloudfront domain… d8adrk2lu91bp.cloudfront.net —> malicious domain cdn1r.here2shop.com
  • 51. Case V: caching • 10k transactions in 16 hours • concurrent: ~500 • hanging on single table —> move to Redis • transaction: from 5 min to 10 seconds
  • 52. Thank You https://www.here2shop.com mail to: hochi.chuang@here2shop.com
  • 53. Q&A