I love reloadable services

Boyd, Todd M. tmboyd1 at ccis.edu
Wed Mar 18 09:43:06 EDT 2020 

I think it all depends on how far down the rabbit hole you go. We use a CI/CD pipeline with version control for our configuration changes (git via locally-hosted BitBucket), automated building and testing (Jenkins), and semi-automated deployment (Octopus Deploy). We have a highly-available pair for both test and production environments which are cycled through in order to eliminate downtime during deployments, and we have thus far not had any deployments require a service outage of any kind. Of course, we already had this infrastructure in place for our other projects, so it wasn’t much added overhead to include it in our process for updating the IdP and SP installations.


-Todd

From: users <users-bounces at shibboleth.net> On Behalf Of IAM David Bantz
Sent: Tuesday, March 17, 2020 6:02 PM
To: Shib Users <users at shibboleth.net>
Subject: I love reloadable services

I've meant to reply to an off-hand comment Scott made several weeks ago
now regarding reloadable services being perhaps of diminished importance as
folks go all in on DevOps: PLEASE, NO!

While DevOps has incredible mind share as current best practice, when I
sketch the additional infrastructure I would need to go all in for running our IdP
in that mode, it's 4 -10 times the number of "moving parts" of infrastructure and tools
needing deployment and maintenance.

My tiny environment of 1 active and 1 hot standby IdP nodes, using reloadable
services, has not had an unplanned outage in nearly a decade, and I can
deploy new integrations for services configured even roughly correctly on same day.
There is no way on earth I could do this in full DevOps mode when I reflect that
deploying a suitable new VM for v3 IdP took over 1 year.

I appreciate people's interest in scalable DevOps, but it may not be the only
reasonable model for small scale deployments with very modest resources.
The use of reloadable resources has incredible utility and value for smaller
scale operations - and they are crucial for wider adoption and reliance on Shibboleth IdP.

Thank you!

David Bantz
UA OIT IAM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200318/d741c5d1/attachment.html>

More information about the users mailing list