One of the pillars of DevOps thinking is that the system is a whole. No part can function without the others, so they all should be treated as equals. Of course, things rarely work that way. One of the glaring examples in a lot of shops is the disparity in the way changes are managed / tracked between Dev and Ops. There are multiple misbehaviors we can examine in just this one area. Some other day we can discuss how there are different tracking systems for different parts of the system and how many shops have wholly untracked configurations for some components. Today, instead, we’re going to talk about the different levels of diligence that get applied in Ops versus Dev when dealing with change.
Think about this for a second. No developer in an enterprise shop would ever think of NOT checking in all of their code changes. And if they did, they would view it as a pretty serious bypass of good practice. Code goes into the repository and is pulled from that repository for build, test, and deployment. It is a backbone constant practice of commercial software development. Meanwhile, the Ops team has a bunch of scripts that they use to maintain the environment. How many of those are religiously checked into a version control system (VCS)? And of those that do end up in a VCS, how many have change tickets attached when they are modified? And then there are the VM template images, router configs, etc. that may / may not be safely stored someplace.
All too often the change management that happens here is a script update or a command executed someplace on some piece of infrastructure. The versioning takes the form of a file extension; you know – “.old”, “.bak”, “.orig” “.[todaysdate]” so that there is some… evidence… that a change was made to the system. The tracking of the change is often a manually updated trouble ticket or change request. And let’s not forget that the Ops ticketing system probably does not talk to the change management system the developers use. Is it any wonder that things get screwed up when something comes down the pipe from Dev?
To really have things working properly, you have to:
- Unify the change management between Ops and Dev
- Track scripts the way you would any source code on which your apps function depends.
- Have a method to automatically capture changes made to the environment and log them.
All three of these things are necessary if you really want to achieve a higher-speed and more predictable release process.