Introducing 

Prezi AI.

Your new presentation assistant.

Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.

Loading…
Transcript

A TAILOR-MADE CI FROM A BOX

Prezis journey with CJE

José Roca

Júlia Biró

TAILORING

OVERVIEW

IMPACT

PREZI

Harvard Researchers Find Prezi to be More Engaging, Persuasive, and Effective Than PowerPoint.

https://prez.is/university-study/

85 MILLION

USERS

325 MILLION

PREZIS CREATED

THE WORLD’S LARGEST DATABASE OF PUBLIC PRESENTATIONS

3 BILLION

VIEWS

4 offices

110 Engineers

DevOps Culture

Ownership

Standard stack

Autonomy

How we got to a new CI?

Jenkins pains

  • single master
  • shared execution environment
  • not reproducible
  • not reliable

Getting a new CI

The CI needs to scale with the company

Dream CI

  • Multiple masters
  • Isolated build environments
  • Reproducible stack
  • Reliability
  • Backward compatibility

IMPLEMENTATION OVERVIEW

A little story

A little story

VPC

VPN

Infrastructure overview

Infrastructure overview

VPC

controller

3x

Internal ELB

Internet

External ELB

marathon

mesos master

autoscaled &

static slaves

External static slaves

master worker

elasticsearch

15x

build worker

executor contaier

jenkins master

elasticsearch components

mesos slave

castle

executor contaier

elasticsearch components

palace

CJOC

executor contaier

How we use CJE

  • masters for each team
  • google auth

  • cluster operations
  • gpg keyring
  • executor types
  • autoscaled performant GPU executors
  • executor setup in code

TAILORING

INTERESTING

TECHNICAL ISSUES

Secret Management

Secret management

Access control

Access Control in Prezi

secret storage: S3 + KMS

service 1

secrets

service 2

secrets

IAM intance profile + IAM policy (service 2)

IAM intance profile + IAM policy (service 1)

EC2 node (service 1)

EC2 node (service 2)

Access Control for CJE

secret storage: S3 + KMS

secrets needed by any Jenkins job

object tagging on S3

worker nodes can access too many secrets

!

CJE worker node

Access Control for CJE?

secret storage: S3 + KMS

secrets needed by specific Jenkins job

IAM task profile + IAM policy (for specific jenkins job)

ECS

Distribution

Secret sets

Secrets on S3

Secret distribution

Obtain secret set

Secret resolution

Docker run: entrypoint script

{

Change to jenkins user

Keys present in docker only in runtime

Infrastructure Management

Managing the same resources as CJE

Infrastructure management

Extended AMIs

Extended AMIs

PREZI CJE AMI

=

+

CJE AMI

Replace workers and controllers

(expensive)

Network Security

Network security

Network security

restrictions

special access

Docker executor standards

THE IMPACT

Migration

Migration

The Numbers

The Numbers

3.5 engineers

2 months -> 1 Year

The Numbers

3.5 engineers

2 months -> 1 Year

Effort timeline

The Numbers

1 Master

15 Masters

Ownership

Ownership

Secrets

Experimentations

Execution environments

Improved

Quality

Improved Quality

Test as code

Better Performance

Tighter loops

Pipeline, blue ocean

Extensions needed?

Building on standards

Companies don't fit standard sizing

Companies don't fit standard sizing

Learn more about creating dynamic, engaging presentations with Prezi