DOES SFO 2016 - Matthew Barr - Enterprise Git - the hard bits

0 likes•428 views

The document covers the complexities of using Git in enterprise settings, focusing on various Git hosting options, safety practices, and access control. It discusses the operationalization of Git at Akamai, including authentication methods and best practices for code integrity and review processes. The presentation emphasizes the importance of preventing unauthorized changes and maintaining proper audits within a large number of repositories.

Technology

Enterprise Git - the hard bits
Matthew Barr

Enterprise Git - the hard bits
Matthew Barr, Architect

©2016 AKAMAI | FASTER FORWARD
TM
Overview
● Introduction
● Git hosting options
● o18n
● Safety & Best Practices

©2016 AKAMAI | FASTER FORWARD
TM
Admissions

DOES SFO 2016 - Matthew Barr - Enterprise Git - the hard bits

©2016 AKAMAI | FASTER FORWARD
TM
Me:
SysAdmin / DevOps Engineer for 20 years
● Lehman Bros, MarkitServ
● Community Connect, Snap Interactive
● Nokia
Focus @ Akamai: Developer Productivity
● Provide tools for our engineers
● SCM, Build, CI & Test systems
● Current project: Horizontally scalable build farm w/ Docker agents

So you want to be
a hero
store your code in Git

©2016 AKAMAI | FASTER FORWARD
TM
GitHub or Bitbucket
● Hosted
● Great features
● Low overhead
● Great for small teams
● Even medium size

©2016 AKAMAI | FASTER FORWARD
TM
Self hosted options
● GitLab
● Gitolite
● cgit

©2016 AKAMAI | FASTER FORWARD
TM
Enterprise
● Github Enterprise
● Bitbucket Server (Atlassian) (née Stash)
● Gitlab Enterprise
● Perforce GitSwarm

©2016 AKAMAI | FASTER FORWARD
TM
Git @ Akamai
● Currently: 6000+ repositories, 115+ Projects/Organizations
○ Not primary code repository (yet)
● Relaunched 1 year ago
● Stash Data Center Edition
● 2 sites
○ 2 App Servers
○ 2 DB nodes
○ Netapp filer & load balancer

©2016 AKAMAI | FASTER FORWARD
TM
o16n (Operationalization)*
* Gordon Marx

©2016 AKAMAI | FASTER FORWARD
TM
HA, DR, GeoDiversity & Backups
● Varies by product
● Github Enterprise
○ Clustering
○ Active / Passive Node
○ Point in time snapshots
● Bitbucket Server
○ Self Service Backups, DB replication, Snapshots
○ Improvement in Bitbucket Server (Stash)
■ Smart Mirrors
■ Zero Downtime Backups

©2016 AKAMAI | FASTER FORWARD
TM
Authentication for the enterprise
● Mandate: No passwords
● 3 types of access
○ WebUI
○ Git (SSH, HTTPS)
○ API
● SAML for WebUI
● SSH key sync script from LDAP
● X.509 Client auth for API

©2016 AKAMAI | FASTER FORWARD
TM
Safety & Best Practices

©2016 AKAMAI | FASTER FORWARD
TM
PCI, SOX, etc.
Boils down to:
● Prevent unauthorized changes
● Review change!

©2016 AKAMAI | FASTER FORWARD
TM
Code Review - Pull Requests
● Sign offs - +1, approvers
● Prevent merges without PR’s
● Merge commits
○ Audit points, in git log

©2016 AKAMAI | FASTER FORWARD
TM
Code Integrity
● Branching workflow
○ Combination Gitflow + Feature Branch (Github)
■ No Develop branch, but flexibility for QA
■ Can be CD
● Protected branches
○ Limited users can merge
● No force push / rewriting history
● Unapprove PR’s when modified
○ Really? Provided by optional plugin?

©2016 AKAMAI | FASTER FORWARD
TM
Q: Who wrote that code?
● Pusher != committer
● Committer
$ git config --global user.name "John Doe"
$ git config --global user.email johndoe@example.com
● GPG?
● Log all commits/pusher?

©2016 AKAMAI | FASTER FORWARD
TM
Access Control
● 1000’s of repos = 1000’s of ACLs
● Organizations / Projects
● LDAP groups?
● Access Controls
○ Who manages, approves access?
○ Audits access, quarterly?
● Separation of Concerns
○ Ops can’t modify code
○ Prove it!

©2016 AKAMAI | FASTER FORWARD
TM
Automation
● API’s!
● Configure
● External Front Ends
○ User Mgmt
○ Webhooks
○ Audit settings

©2016 AKAMAI | FASTER FORWARD
TM
References
● Github Enterprise Documentation
● Bitbucket Server Documentation

©2016 AKAMAI | FASTER FORWARD
TM
Matthew Barr
● https://www.akamai.com
● mbarr@akamai.com
● @matthewbarr - Twitter & Github:
● mbarr@mbarr.net

More Related Content

PPTX

Enterprise git - the hard bitsMatthew Barr

PDF

Presenting TYPO3 - Athens WordPress 7th MeetupGiannis Economou

PDF

Sean schofield & Richard Lister, Spree Commerce_ Fearless deployment @ Open C...Spark Solutions

PDF

Intro to node.jsThanos Polychronakis

PDF

Unscrambling An Omelette - How Companies Can Use WordPress Better - Jeremy Ke...WordCamp Sydney

PPTX

Magento PWA Studio extensibilityLars Roettig

PPTX

Real User Measurement Insights, London WebPerf 2018-Nov-06Paul Calvano

PPTX

Common Traits of High Performing Websites, BairesWeb - ArgentinaPaul Calvano

Enterprise git - the hard bitsMatthew Barr

Presenting TYPO3 - Athens WordPress 7th MeetupGiannis Economou

Sean schofield & Richard Lister, Spree Commerce_ Fearless deployment @ Open C...Spark Solutions

Intro to node.jsThanos Polychronakis

Unscrambling An Omelette - How Companies Can Use WordPress Better - Jeremy Ke...WordCamp Sydney

Magento PWA Studio extensibilityLars Roettig

Real User Measurement Insights, London WebPerf 2018-Nov-06Paul Calvano

Common Traits of High Performing Websites, BairesWeb - ArgentinaPaul Calvano

What's hot (20)

PDF

Power up Magnolia CMS with OpenShiftShekhar Gulati

PDF

GraphQL Bangkok Meetup 6.0Tobias Meixner

PPTX

Common Traits of High Performing Websites, WebPerfDays Amsterdam 07-Nov-2018Paul Calvano

PPTX

React and Web PerformanceLars Roettig

PDF

DevOps, Agile and Open Source at ImmobilienScout24Schlomo Schapiro

PPTX

Building the AO Tech BlogSarahNorris47

PPTX

Building the AO tech blogAO Tech

PDF

Fluent 2018: Tracking Performance of the Web with HTTP ArchivePaul Calvano

PDF

NYC WebPerf Meetup Feb 2020 - Measuring the Adoption of Web Performance Techn...Paul Calvano

PPTX

IntroductionGitJaime L. López Carratalá

PDF

Bodin - Hullin & Potencier - Magento Performance Profiling and Best PracticesMeet Magento Italy

ODP

Jade: Open Source Case Management for SME Law Firms (Oct 2017)vvaswani

PPTX

Cross-platform JavaScriptHristo Chakarov

PDF

SwazooESUG

PDF

Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014FalafelSoftware

ODP

Using PHP with IBM Bluemixvvaswani

PDF

Dmitrii Kuryshev "DevOps in Landmark"LogeekNightUkraine

PDF

How to choose frontend (head) for headless commerce. Aureate Labs

PDF

How to sell SilverStripe in the enterprise and public sector markets - Stripe...Sylvain Reiter

PDF

OSGi Web Development in ActionChristian Baranowski

Power up Magnolia CMS with OpenShiftShekhar Gulati

GraphQL Bangkok Meetup 6.0Tobias Meixner

Common Traits of High Performing Websites, WebPerfDays Amsterdam 07-Nov-2018Paul Calvano

React and Web PerformanceLars Roettig

DevOps, Agile and Open Source at ImmobilienScout24Schlomo Schapiro

Building the AO Tech BlogSarahNorris47

Building the AO tech blogAO Tech

Fluent 2018: Tracking Performance of the Web with HTTP ArchivePaul Calvano

NYC WebPerf Meetup Feb 2020 - Measuring the Adoption of Web Performance Techn...Paul Calvano

IntroductionGitJaime L. López Carratalá

Bodin - Hullin & Potencier - Magento Performance Profiling and Best PracticesMeet Magento Italy

Jade: Open Source Case Management for SME Law Firms (Oct 2017)vvaswani

Cross-platform JavaScriptHristo Chakarov

SwazooESUG

Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014FalafelSoftware

Using PHP with IBM Bluemixvvaswani

Dmitrii Kuryshev "DevOps in Landmark"LogeekNightUkraine

How to choose frontend (head) for headless commerce. Aureate Labs

How to sell SilverStripe in the enterprise and public sector markets - Stripe...Sylvain Reiter

OSGi Web Development in ActionChristian Baranowski

Viewers also liked (20)

PPTX

DOES16 San Francisco - Charles Betz - Influencing Higher Education to Create ...Gene Kim

PPTX

DOES SFO 2016 San Francisco - Julia Wester - Predictability: No Magic RequiredGene Kim

PDF

DOES16 San Francisco - Nicole Forsgren & Jez Humble - The Latest: What We Lea...Gene Kim

PPTX

DOES16 San Francisco - Scott Prugh & Erica Morrison - When Ops Swallows DevGene Kim

PPTX

DOES16 San Francisco - Damon Edwards - The Talent You Need is Already Inside ...Gene Kim

PPTX

DOES16 San Francisco - Opal Perry - Technology Transformation: How Team Value...Gene Kim

PPTX

DOES SFO 2016 - David Habershon - Ministry of Social Development New ZealandGene Kim

PPTX

DOES SFO 2016 - Paula Thrasher & Kevin Stanley - Building Brilliant Teams Gene Kim

PDF

DOES16 London - Gareth Rushgrove - Communication Between Tribes: A Story of S...Gene Kim

PPTX

DOES16 San Francisco - Dominica DeGrandis - Time Theft: How Hidden and Unplan...Gene Kim

PPTX

DOES16 San Francisco - Carmen DeArdo, Cindy Payne, & Jim Grafmeyer - Episode ...Gene Kim

PPTX

DOES SFO 2016 - Avan Mathur - Planning for Huge ScaleGene Kim

PDF

DOES SFO 2016 - Aimee Bechtle - Utilizing Distributed Dojos to Transform a Wo...Gene Kim

PDF

DOES SFO 2016 - Kevina Finn-Braun & J. Paul Reed - Beyond the Retrospective: ...Gene Kim

PPTX

DOES16 San Francisco - David Blank-Edelman - Lessons Learned from a Parallel ...Gene Kim

PPTX

DOES16 San Francisco - Jan Schilt - DevOps is Not Going to Work…Unless! How T...Gene Kim

PPTX

DOES SFO 2016 - Courtney Kissler - Inspire and Nurture the Human SpiritGene Kim

PPTX

DOES SFO 2016 - Greg Maxey and Laurent Rochette - DSL at ScaleGene Kim

PPTX

DOES SFO 2016 - Daniel Perez - Doubling Down on ChatOps in the EnterpriseGene Kim

PPTX

DOES SFO 2016 - Andy Cooper & Brandon Holcomb - When IT Closes the DealGene Kim