InfoQ spoke to Damon Edwards, co-founder and chief product officer, at Rundeck at the DevOps Enterprise Summit 2018 London about his talk 'Operations - The Last Mile Problem for DevOps in the Enterprise' and the sneak preview of the new version of RunDeck, V3.0.
InfoQ: What's new in Rundeck 3.0?
Damon Edwards: We've got a new UI; the old version had more of a power-user of a feel and we wanted to make it easier to use so we're now not showing users too many things at once. We've also enhanced user management in the Pro version; in the open source it's all in text files but now in Pro there's a rules evaluator and a rules builder. We've also upgraded the workflow engines in Pro in that there's now the capability to branch and merge workflows. We've also introduced single sign on integrated to Okta and improved the HA and clustering capabilities in Pro too - users can create a RunDeck fabric to distribute traffic and can segregate for PCI environments, directing and load managing traffic accordingly.
InfoQ: Is Rundeck available as a SAAS offering?
Edwards: No, it's really not that hard to run and also because Rundeck automates infrastructure operations it effectively has access to an organisation's whole world, so most enterprise people are going to want to keep that in house.
InfoQ: What's the journey for Rundeck been like so far?
Edwards: We started by helping people tie multiple tools into standard operating procedures and manage the workflow and access control around those processes. This then meant people outside of operations could be given safe access to privileged operational tasks; things like restarts, health checks and the way to respond to incidents - typical after deployment stuff. We're really concerned with the 'how do you care for and feed it' angle; systems type questions, the networking and security jobs for example. Rundeck provides secure, safe self-service to these type of tasks and has fine grained access control which makes it auditable too.
InfoQ: Where do you see Rundeck featuring in a DevOps toolchain?
Edwards: In DevOps we are fixated on the deployment problem, which is, in the main, resolved. The capability of IT Operations to automate the kind of work I just described in a similar way we see as the most predictable DevOps differentiator.
InfoQ: What does Rundeck's relationship with a service desk tool look like?
Edwards: We integrate to service desk tools like ServiceNow and Remedy in that Rundeck can check for a ticket and write to the service management tool as needed. Users can define the Rundeck workflow to create guardrails around their processes. Often people bring RunDeck in initially for one specific job like the repetitive opening of a firewall or restarting machines. They start to question why they are raising a ticket for a firewall change when they do it all the time. Use of Rundeck then results in fewer tickets and reduces the traffic in the service management system. The business likes this because from their business perspective they just want IT operations to get out of the way.
InfoQ: Why is this the last mile of DevOps?
Edwards: All this work is happening but it's just not possible to shift it all to the left. But we can lock it down, automate and accelerate it. We need much deeper DevOps and lean penetration into Ops in true enterprises; development has had over seventeen years of agile seeping into their brains whether they've done it or not. The last thing IT operations had was ITIL twenty odd years ago; people need to realise that IT operations have a different set of challenges and lots of legacy thinking and systems to work through.
InfoQ: How can ChatOps help?
Edwards: Our observation is that ChatOps penetration in the enterprise is a bit thin. The constraint is that is requires fundamental change to the way we work and can feel a bit wild and uncontrolled. Traditionally, life has been so siloed in IT operations and it's hard to change that overnight.
InfoQ: What are your views on DevOps and offshoring?
Edwards: What gets in the way of DevOps is people working in silos because that's when you get disconnects and breaks in the process. Often you'll need people in multiple teams and Rundeck plays into this because as organisations try to build cross-functional teams they frequently run out of specialists fast; then they can set up RunDeck to automate the interfaces and break these constraints.
InfoQ: How does Rundeck support what DevSecOps is trying to do?
Edwards: The global problem of security is that it has been its own island; they complain that they aren't involved until the end but, in general, they have to be pulled into the flow of the work. They are learning that they can't be the inspector and that they have to be involved at the start. DevSecOps is a subset of DevOps bringing appsec in earlier and Infrastructure as Code helps.
InfoQ: How can we help IT operations unpack all of the legacy challenges?
Edwards: It's a matter of them getting the time and investment - not even ten years ago you were an idiot if you weren't sending your IT offshore. Give the IT operations guys a break. We see developers being given access to production systems and when they get it they change their mind when they see how leaky it is. It's been said that the moment you check something in it becomes legacy; you can't change your history - you can only try to deal with today the best way.