https://repetitive.it Repetitive IT Ltd
Un Castello di Carte (di Credito)...
...fra le nuvole
La storia di una infrastruttura PCI compliant
100% Public Cloud
Presenta: Matteo Castellani
Una breve introduzione
DevOps Consult.
CTO - Ad Interim
Sys-Admin
Technical Trainer
Public Speaker
IT Proj. Manager
https://repetitive.it Repetitive IT Ltd
Di cosa parleremo
https://repetitive.it Repetitive IT Ltd
5’ PCI-DSS
5’ PCI-DSS
https://repetitive.it Repetitive IT Ltd
Le regole del gioco
Si tratta di un progetto completamente nuovo (Greenfield)
https://repetitive.it Repetitive IT Ltd
Paradigma 1: il Cloud non funziona come i server Dedicati
https://repetitive.it Repetitive IT Ltd
What Would a DevOps Do ?
Paradigma 2: W.W.a.D.D. ?
https://repetitive.it Repetitive IT Ltd
Paradigma 3: prevedi imprevisti
https://repetitive.it Repetitive IT Ltd
Le regole del gioco
Si tratta di un progetto completamente nuovo (Greenfield)
https://repetitive.it Repetitive IT Ltd
AWS Accounts Set-Up
Perché AWS Cloud?
Direct Connect
Already a Partner
In-House skills
Security Certifications
https://repetitive.it Repetitive IT Ltd
AWS Accounts Set-Up
Control
Plane
Audit
LON
Direct Connect
logging facility
AWS API Layer
Private
Public
Network
Trails
API Req.
https://repetitive.it Repetitive IT Ltd
AWS Control Plane
Anatomia della Control Plane
Anatomia della Control Plane
https://repetitive.it Repetitive IT Ltd
Anatomia della Control Plane
Document all the things
Make the work visible
Track the code
https://repetitive.it Repetitive IT Ltd
Anatomia della Control Plane
Il motore delle operazioni
Il coordinatore
La review automatica del codice
https://repetitive.it Repetitive IT Ltd
Accounts/ENV/Stacks
https://repetitive.it Repetitive IT Ltd
Ansible Dynamic Inventory
ec2.ini/ec2.py
Anatomia della Control Plane
BKP usando le immagini per EC2 instances
Creazione di una nuova CentOS EC2
Updates ed Upgrades della nuova EC2
Creazione di una nuova immagine della EC2 instance
Daily Scheduled Jobs
Creazione di un nuovo Dev Stack per testare la nuova immagine
Smoke Test sulla nuova infrastruttura
Pulizia di tutti gli ambienti di test presenti
https://repetitive.it Repetitive IT Ltd
Anatomia della Control Plane
‘pushing’ a change in real life
Jenkins
Ansible
https://repetitive.it Repetitive IT Ltd
WebHook
Accounts: Humans VS BOT
Accounts: Humans VS BOT
Dev
B
Dev / Test
QA
B
Sec / Per / Int
Prod
B
Pro
HSMD
H
Test / Sec / Per / Int
HSMP
H
Pro
Control Plane
H
Authentication attraverso IAM+MFA
https://repetitive.it Repetitive IT Ltd
AWS Accounts Set-Up
Control
Plane
Dev
QA
Pro
HSMD
HSMP
Audit
LON
Direct Connect
logging facility
AWS API Layer
Private
Public
Network
Trails
API Req.
https://repetitive.it Repetitive IT Ltd
AWS Control Plane
Accounts/ENV/Stacks
Accounts
Dev
QA
Prod
https://repetitive.it Repetitive IT Ltd
Accounts/ENV
Dev
QA
Prod
Dev / Test
Sec / Per / Int
Pro
https://repetitive.it Repetitive IT Ltd
Accounts/ENV/Stacks
Dev
QA
Prod
Dev / Test
Sec / Per / Int
Pro
Mercury
Venus
Earth
Mars
Jupiter
Saturn
Neptune
Pluto
Mercury
Venus
Earth
Mars
Jupiter
Saturn
Neptune
Pluto
Mercury
Venus
Earth
Mars
Jupiter
Saturn
Neptune
Pluto
Mercury
Venus
Earth
Mars
Jupiter
Saturn
Neptune
Pluto
Mercury
Venus
Earth
Mars
Jupiter
Saturn
Neptune
Pluto
Mercury
Venus
Earth
Mars
Jupiter
Saturn
Neptune
Pluto
Mercury
Venus
Earth
Mars
Jupiter
Saturn
Neptune
Pluto
https://repetitive.it Repetitive IT Ltd
Accounts/ENV/Stacks
Nome di ogni risorsa = Tag in sequenza
https://repetitive.it Repetitive IT Ltd
Anatomia dei 3 Micro-Servizi
Anatomia dei 3 Micro-Servizi
Public LB
Private LB
Inst01
Inst02
DB
https://repetitive.it Repetitive IT Ltd
Anatomia dei 3 Micro-Servizi
Public LB
Private LB
Inst01
Inst02
DB
Public LB
Private LB
Inst01
Inst02
Public LB
Private LB
Inst01
Inst02
DB
App 1 in PCI-Scope
App 2
App 3
PCI
Non PCI
https://repetitive.it Repetitive IT Ltd
Accounts/ENV/Stacks
Dev
https://repetitive.it Repetitive IT Ltd
Accounts/ENV/Stacks
Dev
Dev / Test
https://repetitive.it Repetitive IT Ltd
Accounts/ENV/Stacks
Dev
Dev / Test
Mercury
Venus
Earth
Mars
Jupiter
Saturn
Neptune
Pluto
https://repetitive.it Repetitive IT Ltd
Accounts/ENV/Stacks
Dev
Dev / Test
Mercury
Venus
Earth
Mars
Jupiter
Saturn
Neptune
Pluto
https://repetitive.it Repetitive IT Ltd
Accounts/ENV/Stacks
Dev
Dev / Test
!STACK SPACE!
Cosa c’è all’interno di
dev-Mercury?
Mercury
Venus
Earth
Mars
Jupiter
Saturn
Neptune
Pluto
https://repetitive.it Repetitive IT Ltd
Accounts/ENV/Stacks
Public LB
Private LB
Inst01
Inst02
DB
Public LB
Private LB
Inst01
Inst02
Public LB
Private LB
Inst01
Inst02
DB
APP 1
APP 2
APP 3
PCI
Non PCI
Mercury
Venus
Earth
Mars
Jupiter
Saturn
Neptune
Pluto
https://repetitive.it Repetitive IT Ltd
dev-mercury-app2-nonpci-private
dev-mercury-app1-pci-private-01
Accounts/ENV/Stacks
Dev
QA
Prod
Dev / Test
Sec / Per / Int
Pro
Mercury
Venus
Earth
Mars
Jupiter
Saturn
Neptune
Pluto
Mercury
Venus
Earth
Mars
Jupiter
Saturn
Neptune
Pluto
Mercury
Venus
Earth
Mars
Jupiter
Saturn
Neptune
Pluto
Mercury
Venus
Earth
Mars
Jupiter
Saturn
Neptune
Pluto
Mercury
Venus
Earth
Mars
Jupiter
Saturn
Neptune
Pluto
Mercury
Venus
Earth
Mars
Jupiter
Saturn
Neptune
Pluto
Mercury
Venus
Earth
Mars
Jupiter
Saturn
Neptune
Pluto
https://repetitive.it Repetitive IT Ltd
Pipelines ed immagini immutabili
Pipelines ed immagini immutabili
MASTER BRANCH
https://repetitive.it Repetitive IT Ltd
Pipelines ed immagini immutabili
MASTER BRANCH
https://repetitive.it Repetitive IT Ltd
Pipelines ed immagini immutabili
MASTER BRANCH
Jenkins
Ansible
https://repetitive.it Repetitive IT Ltd
Pipelines ed immagini immutabili
Jenkins
Ansible
MASTER BRANCH
Java Artifact
S3
EC2
CP
Instance
Packages
Public
https://repetitive.it Repetitive IT Ltd
Nightly update Centos 7 image
CP
Pipelines ed immagini immutabili
Config. neutral image + Application
CP
Dev
QA
Prd
Java Artifact
S3
EC2
CP
Instance
Packages
Public
Nightly update Centos 7 image
CP
Jenkins
Ansible
MASTER BRANCH
Config. neutral image + Application
CP
Dev
QA
Prd
Config. neutral image + Application
CP
Dev
QA
Prd
APP 1
APP 2
APP 3
https://repetitive.it Repetitive IT Ltd
Pipelines ed immagini immutabili
Ricapitolando:
Come configureremo le immagini dall’esterno?
https://repetitive.it Repetitive IT Ltd
Pipelines ed immagini immutabili
App 1
App 2
App 3
$Environment
Deploy
LBs
PCI
DB
NON
PCI
DB
ENV
READY
INFRA
Tests
RDS
instances
EC2
instances
Classic/Network/Application
LBs
Qui è dove si applicano le configurazioni
Hint: AWS User Data field is magic!
Potrebbero già esistere
https://repetitive.it Repetitive IT Ltd
Image Promotion System
Image Promotion System
Control
Plane
Dev
QA
Pro
CP
Dev
QA
Prd
DEV
Test
Sec
Per
Int
https://repetitive.it Repetitive IT Ltd
Image Promotion System
Dev
QA
Pro
DEV
Test
Sec
Dev Stack
Per
Int
Control
Plane
https://repetitive.it Repetitive IT Ltd
Image Promotion System
Dev
QA
Pro
DEV
Test
Sec
Per
Int
Control
Plane
https://repetitive.it Repetitive IT Ltd
Image Promotion System
Dev
QA
Pro
DEV
Test
Run Tests
Tag image/
destroy stack/
Update BB repo
Sec
Per
Int
Control
Plane
https://repetitive.it Repetitive IT Ltd
Image Promotion System
Dev
QA
Pro
DEV
Test
Test Stack
Run Tests
Tag image/
destroy stack/
Update BB repo
Sec
Per
Int
Control
Plane
https://repetitive.it Repetitive IT Ltd
Image Promotion System
Dev
QA
Pro
DEV
Test
Run Tests
Tag image/
destroy stack/
Update BB repo
Sec
Perf Stack
Sec Stack
Per
Int
Control
Plane
https://repetitive.it Repetitive IT Ltd
Image Promotion System
Dev
QA
Pro
DEV
Test
Run Tests
Tag image/
destroy stack/
Update BB repo
Sec
Run Tests
Tag image/
destroy stack/
Update BB repo
Run Tests
Sec Stack
Tag image/
destroy stack/
Update BB repo
Per
Int
Control
Plane
https://repetitive.it Repetitive IT Ltd
Perf Stack
Image Promotion System
Dev
QA
Pro
DEV
Test
Run Tests
Tag image/
destroy stack/
Update BB repo
Sec
Run Tests
Tag image/
destroy stack/
Update BB repo
Run Tests
Perf Stack
Sec Stack
Tag image/
destroy stack/
Update BB repo
Ready for Integ
Per
Int
Control
Plane
https://repetitive.it Repetitive IT Ltd
Image Promotion System
Dev
QA
Pro
DEV
Test
Run Tests
Tag image/
destroy stack/
Update BB repo
Sec
Run Tests
Tag image/
destroy stack/
Update BB repo
Run Tests
Integ Stack
Tag image/
destroy stack/
Update BB repo
Per
Int
Control
Plane
https://repetitive.it Repetitive IT Ltd
Image Promotion System
Dev
QA
Pro
DEV
Test
Run Tests
Tag image/
destroy stack/
Update BB repo
Sec
Run Tests
Tag image/
destroy stack/
Update BB repo
Run Tests
Run Tests
Tag image/
Update BB repo
Integ Stack
Tag image/
destroy stack/
Update BB repo
Per
Int
Control
Plane
https://repetitive.it Repetitive IT Ltd
Image Promotion System
Dev
QA
Pro
DEV
Test
Run Tests
Tag image/
destroy stack/
Update BB repo
Sec
Run Tests
Tag image/
destroy stack/
Update BB repo
Run Tests
Run Tests
Tag image/
Update BB repo
Prod Stack
Tag image/
destroy stack/
Update BB repo
Per
Int
Control
Plane
https://repetitive.it Repetitive IT Ltd
Image Promotion System
Dev
QA
Pro
DEV
Test
Run Tests
Tag image/
destroy stack/
Update BB repo
Sec
Per
Int
Run Tests
Tag image/
destroy stack/
Update BB repo
Run Tests
Run Tests
Tag image/
Update BB repo
Tag image/
destroy stack/
Update BB repo
Control
Plane
https://repetitive.it Repetitive IT Ltd
Q&A