The DevOps and IaC theme is very popular and is developing rapidly. However, most authors relate to purely technical problems along the way. I will describe the problems characteristic of a large company. I have no solution - the problems are, in general, fatal and lie in the field of bureaucracy, audit, and “soft skills”.
Once the title of the article is such, then Dineris will act as a cat, who has switched to the side of Enterprise
Undoubtedly, now there is a clash of old and new. And often in these collisions there are no right, not guilty. It just so happened. But, in order not to be unfounded, we will start here from this screen:
This is the so-called Change Request. You see about a third of the fields that you need to fill out from a variety of directories, the rest of the fields in other tabs. Such a document must be completed in order to apply the script to the production server, or to upload new files and, in general, change something.
The number of fields is such that I wrote my little automation on filling these fields. Moreover, this page is written so that no automation tools can see its fields, and the only possible solution was to use AutoIt to stupidly hit the mouse with its coordinates. Assess the degree of despair in order to decide on this:
So, you take jenkins, chef, terraform, nexus and so on, and happily deploy it all on your dev. But it is time to send this to QA, UAT and PROD. You have a Nexus artifact and you receive a letter from DBA with approximately the following text:
Respected,
Firstly, your nexus you can imagine I don’t have access to your Nexus
Secondly, all changes must be issued as a Change Request.
SQL scripts you need to isolate them Nexus, and attach to Change Request.
If the change is not Emergency, this should be done after 7 days of release (exclusively in Weekend)
When your Change Request sends a bunch of people, the DBA will execute your script and even send a screenshot of the result by mail.
Sincerely, your DBA which has been working here since the days of mainframe.
Do you know what this reminds me of? Semi-automation: the robot holds the bed, and the worker hits it with a sledgehammer. Well, really, what's the use of this Nexus, if then everything is done completely manually?
But don't blame Enterprise! He, of course, is bloody, but all this bureaucracy with Change Requests is forced and comes from auditors. Enterprise must work like that, period. It is impossible for him otherwise. And audit is a very conservative thing. How much, for example, it was said that long pseudo-complex and frequently changed passwords are bad, but enterprises will be the last place to change it. Also with deployments and everything else.
By the way, at one time I tried to create a file for terraform, but I did not succeed. Stumbled on the value of the 'Project Accounting Billing Code' tag, which I still could not find out - soft skills were not enough.
I don’t even take the topic of passive luddism - oh, your automation threatens my job security, I don’t want to learn anything new, so I will sabotage it quietly.
Well, and what could be a solution in principle? The ITSM system has an extremely primitive API to automatically generate documents. Anyway, most of these systems come from the time of mainframes.
Maybe someone knows really modern ITSM systems? Can anyone have successful experience integrating modern DevOps and bureaucracy? This, of course, is not about purely selling sites where there really can be a deploy every day, but, for example, the banking sector, which is under the auditors and very strong isolation of higher environments.
Just do not forget that all your fantasies are limited by audit. And that all changes. Waiting for you in the comments!