The topic of DevOps and IaC is very popular and growing rapidly. However, most authors deal with purely technical problems along the way. I will describe the problems specific to a large company. I don’t have a solution - problems, in general, are fatal and lie in the field of bureaucracy, audit, and “soft skills”.
Since the title of the article is like that, then Daenerys will act as a cat, having gone over to the side of Enterprise
Undoubtedly, now there is a clash of old and new. And often in these collisions there is neither right nor wrong. It just so happened. But, in order not to be unfounded, we will start with this screen:
This is the so-called Change Request. You see about a third of the fields that need to be filled in from various directories, the rest of the fields are in other tabs. Such a document must be filled out in order to apply the script to the production server, or upload new files and, in general, change something.
The number of fields is such that I wrote my little automation for filling in these fields. Moreover, this page is written in such a way that no automation tools see its fields, and the only possible solution was to use AutoIt to stupidly hit the coordinates with the mouse. Assess the degree of desperation to decide on this:
So, you take jenkins, chef, terraform, nexus and so on, and joyfully deploy all this on your dev. But it's time to send it to QA, UAT and PROD. You have a Nexus artifact and you receive a letter from DBA with something like this:
Dear,
First, your nexus you can imagine I don't have access to your nexus
Secondly, all changes must be filed as a Change Request.
You need to isolate the SQL scripts from Nexus and attach them to the Change Request.
If the change is not Emergency, it should be done within 7 days of the release (exclusively on Weekend)
When your Change Request is approved by a bunch of people, the DBA will execute your script and even send a screenshot of the result by mail.Sincerely, your DBA, which has been working here since mainframe.
Do you know what this reminds me of? Semi-automation: the robot holds the frame, and the worker hits it with a sledgehammer. Well, really, what's the use of this Nexus, if then everything is done completely manually?
But don't blame Enterprise for this! It is, of course, bloody, but all this bureaucracy with Change Requests is forced and comes from the auditors. Enterprise has to work that way, period. He can't do it any other way. And audit is a very conservative thing. How much, for example, has been said about the fact that long pseudo-complex and frequently changed passwords are bad, but enterprises will be the last place to change this. Also with deployments and everything else.
By the way, at one time I tried to create a file for terraform, but I didn’t succeed. I stumbled over the meaning of the 'Project Accounting Billing Code' tag, which I never managed to find out - I didn't have enough soft skills.
I don’t even take the topic of passive Luddism - oh, your automation threatens my job security, I don’t want to learn anything new, so I’ll quietly sabotage.
So, what could be the solution? The ITSM system has an extremely primitive API to automatically generate documents. And in general, most of these systems come from the days of mainframes. Maybe someone knows really modern ITSM systems? Maybe someone has a successful experience of integrating modern DevOps and bureaucracy? This, of course, is not about purely corrupt sites, where it can really be deployed every day, but, for example, the banking sector, which is under auditors and very strong isolation of higher environments.
Just do not forget that all your fantasies are limited to auditing. And that changes everything. Waiting for you in the comments!
Source: habr.com