Bugfix and Deployment
I started my coding journey at General Assembly in 2021, then starting my career in IT in 2022. I am very proud of the progress I’ve made this year and want to record a sample of my learnings and skills I’ve developed.
Today I managed to execute on a bugfix we identified in our application. This undertaking has many aspects to maintain traceability and resiliency of the application deployment and day-to-day running. Below is just an example of how a suit of tools can be used to run or iterate on an application.
Drawing passwords from CyberArk. We need to make sure access to the production environment (PROD) is tightly controlled i.e. anyone making changes to code in this environment is authenticated and authorised. Taking an example from the military, CyberArk is like an armskote (or arsenal) in the military and anyone logging in and out, and activity within is closely monitored. SREs (Site Reliability Engineers) are authorised to enter the CyberArk objects (or passwords)
Making changes on PROD servers can be done through a SSH-client PuTTy76. This allows access to a server remotely, so that changes do not have to be done by an engineer next to a server rack but from the comfort of an office.
“On a long enough timeline, the survival rate for everyone drops to zero.”
— Fight Club
Servers are hosted on hardware including the use of only one server, but likely it is on some form of Virtual Private Cloud (VPC). Just as you use your phone or computer a program or script can run on a single device. But today there is a need and expectation for high availability and resilience of software services. So most applications run on multiple devices to provide redundancy in case any one device fails. Imagine having read this article with 3 phones in case one of them crashes, and they are performing the exact same processes at the exact same time. Doing this by yourself can be tricky, so most companies pay a company like AWS or Google to create VPC for them. In the end when you go onto a VPC server through PuTTy76, it is like you’re logging onto one server.
An application can be made even more robust with containerisation, one such platform is Openshift Container Platform (OCP). If VPC was not reliable enough, we can build our applications in expendable containers thanks to kubernetes and docker. Containerisation allows applications to be built and terminated within a virtual environment (think of a computer within a computer). So during start up it can be given dedicated resources and when it terminates it will not affect other services on the server (hence contained). Even more, application can run multiple instances and/or automatic restart of a service that may fail.
Code is not usually completed alone and should be traced and authorised in services like BitBucket.
Building code can be automated, especially if the steps are mundane and repeatable, thats why there are tools like Jenkins. These should not run on the app server but have dedicated servers to run build pipelines. Pipelines can include exporting and importing code from repos, scanning to creating JIRA tickets and many more.
Code that is going to be deployed or already deployed and needs as a form of version control can be managed by Nexus Repository.
To be able to automatically traceback, authenticate and authorise activities in our application builds we can use JIRA. Besides tying JIRA tickets to deployments it can establish workflows as part of a company SOP. Especially establishing quality gates and reviews by different roles or parties in the organisation (mainly change management team and your manager).
A last minute check of code quality before deployment can be done through scans such as Fortify, SonarQube and Twistlock. Although a computer might not predict the successful deployment of code there are automated solutions to check for static issues with your code or docker images.
I’m thankful for the help of those around me in my work environment to guide and help me on my learning journey. The fulfilment is not in recognition but the internal knowing that I understand how to use some functionality of all the systems and together orchestrate an automated and relatively robust deployment process. This year has been a rush for me but a great joy, and am hoping to end well.
