Embed Size (px)
Citation preview
Managing FOSS (Free and Open Source Software) in DevOps Vaidyanathan Sivasubramanian May 2016
Vaidyanathan Sivasubramanian
Agenda
2
l FOSS Landscape
l Success Stories
l Benefits
l Challenges
l A Solution set
l Conclusion
Vaidyanathan Sivasubramanian
Free & Open Source Landscape - it is everywhere!
3 Source: Open Source Governance and Resources at HP, OMG Workshop on FOSS Standards and Governance
Vaidyanathan Sivasubramanian
Industry wide FOSS successes
4
l Operating Systems: Linux (embedded, mobile, server), Android
l Web server: Apache
l Java middleware: Tomcat, JBoss, Spring, Struts and Hibernate
l Web languages: Perl, Python, Ruby, PHP, Rails, JS
l Security: SSL, SSH
l Cloud: OpenStack, CloudStack
l IDE: Eclipse
l Tools: GNU, GNU Tool Chain
l DB: MySQL, MariaDB, PostgreSQL, NoSQL
l System Management: Nagios, CFEngine, Puppet, Chef
l Distributed file and print services: Samba
l Big Data: Hadoop, Cassandra, Hive
l Browsers: Firefox, Opera, Chrome
l Office productivity: OpenOffice, LibreOffice Source: Open Source Governance and Resources at HP, OMG Workshop on FOSS Standards and Governance
Vaidyanathan Sivasubramanian
Benefits of using FOSS
High quality software with zero marginal cost
Software can be customized for specific needs
Direct user inputs drives improvements
Quick response to security threats (more eyes)
Minimize development time
Minimize vendor lock-in
Decreased time to market
5 Source: Open Source Governance and Resources at HP, OMG Workshop on FOSS Standards and Governance
Vaidyanathan Sivasubramanian
Challenges of using FOSS
6
l There are two major challenges associated with tracking and
managing of FOSS within an enterprise:
Ø Controlling indiscriminate use of FOSS tools within DevOps
Ø Legal compliance of FOSS components used within
commercially deployed Product
Vaidyanathan Sivasubramanian
… Challenges of using OSS
7
l Coming to the first problem - issues with indiscriminate use of OSS tools in enterprise dev environment:
Ø Security concerns: introduction of malware into the corporate
network from downloaded tools
Ø Governance issues: multiple disparate tools used during development lead to governance overheads for IT
Ø Quality problems: incompatibility and maintenance issues might crop up with various non-standard tools usage
Ø Integration issues: integration is a nightmare when different team members use different dev tools
Ø Support: for most OSS tools is very limited, with little or no documentation, leading to costly schedule overruns when an issue is faced.
Vaidyanathan Sivasubramanian
… Challenges of using FOSS
8
l Coming to the second issue - legal compliance of FOSS components :
Ø There are ten important criteria for open-source licenses and
four freedoms for free software Ø Not complying to them opens up the company for legal law-suits
Ø Another potential pitfall of indiscriminate usage might lead to company’s proprietary IP code to be released under FOSS umbrella
Vaidyanathan Sivasubramanian
A solution set
9
l To manage FOSS effectively in an Engineering DevOps environment, the following can be implemented:
Ø VEE
Ø SCM
Ø Policies and Procedures
Ø Verification tools
Vaidyanathan Sivasubramanian
… A solution set
10
l To ensure Product development / maintenance / support happens in a controlled environment, I propose that a Virtual Engineering Environment (VEE) be created with tightly governed set of OS and applications. VEE has to be behind a firewall with strict ACL. Engineering teams (Dev, QA, Support) access it for Product dev related activities. Release management team members access it to gain builds for eventual deployment to corporate FTP. A representative implementation is below using VMWare
©:
Vaidyanathan Sivasubramanian 11
• SCM: It is also a very good practice to use a robust SCM tool, like GitHub, be deployed within the VEE to ensure proper versioning and control of releases.
• Policies and Procedures: Ensure standardized policies, processes
and procedures are put in place including:
Ø Defining, Maintaining and Publishing the approved list of FOSS and FOSS tools repository
Ø FOSS Governance Council (FOSSGC) which will oversee authorization of
FOSS policies and procedures along with approved tool sets
Ø FOSS Review Board (FOSSRB) which will periodically assess and advise FOSSGC on relevant tool sets and policy / process / procedure revisions based on Engineering team feedback
l Verification tools: There are lot of FOSS verification tools which
help identify FOSS components and associated licenses. These must be used for effective management of non-IP code.
… A solution set
Vaidyanathan Sivasubramanian
Conclusion
12
• While there are immense benefits to using FOSS in Engineering DevOps, care must be taken to ensure FOSS and FOSS tools are managed appropriately to avoid potential pitfalls. I hope this small document provided a glimpse of the FOSS scenario and solution set to effectively control its usage in Engineering. Please feel free to drop your comments, feedback, suggestions! Thank You!
Vaidyanathan Sivasubramanian May 2016.
Thank you
