Well, half way through the morning I receive a message basically saying "O SH**" and that the deployment plans had been deleted on accident. After a few minutes of fuming it was time to get this thing back up and running. I contacted our IT team to find out this VM has not been backed up since Sept of last year. This day kept getting better and better. I took a little time to run through the deployment plans, build plans, and configurations on the server and document anything and everything I thought would or could be useful after the revert. I was surprised by the lack of options in Bamboo to recover from changes, when it's gone IT'S GONE!
Long story short. We reverted. Luckily a lot of the deployment plan which was deleted was in that snapshot but it got me thinking about what we could have done to avoid this problem all together.
- Backups:
- Verify there is a CONSISTENT backup plan with your IT team. Consistent being a FULL BACKUP at least every few days and an incremental backup done nightly.
- Backups can come at many levels. Understand the difference between a FULL System backup and a backup the application provides. In our case Bamboo does have a backup 'option' but if you read the fine print it is not meant to be used in production. So we are leaning to a full system backup, thankfully VMs make this a VERY easy process, not like yesteryear.
- At least every 6 months do a FULL SYSTEM restore from the backup to triple check things will work as expected when the SH** hits the fan. Include the team on this recovery test, don't allow one member of the team to become the 'backup/recovery' person.
- Define which team is responsible for what part of the 'machine'. If the IT team is responsible for the underlying HOST but the development team is on the hook for the application have that documented and agreed upon. You can't do these things in times of crisis!
- DOCUMENT THIS PLAN and share it with all related parties!!
- Verify there is a CONSISTENT backup plan with your IT team. Consistent being a FULL BACKUP at least every few days and an incremental backup done nightly.
- User Permissions
- Who on your team should have DELETE permissions on anything? Is it necessary?
- Should DELETE only be given to the Manager or LEAD Developer? But who watches the 'watchers'
- Stick to LEAST PRIVILEGE for users no matter who they are and make them follow the process when additional permissions are needed.
- Have some level of skills/knowledge 'check' for up and coming developers or team members so you provide necessary training before handing over the keys to the kingdom. A Junior level developer might not have any idea what the CI/CD server does, so don't allow them to go in as a member of the ADMIN group and make changes.
- Changes:
- Changes are changes whether they are code, tests, build plans, or deployment plans. They should go through some level of Peer Review.
- Added bonus of Peer Review is you get another set of eyes on the change which boosts cross training and relieves some of the SPF (single point of failure) within the team.
- Training and Documentation:
- The more folks know the better the organization will be, train the team(s) on the technology and PROCESS around build/deployments.
- Keep a high level diagram showing the network, hosts, and communications so explaining the overall process is easy to understand and management of the IPs/hosts is clear.
- Keep in mind that your document repo (Confluence) is just another system which can go down. So if you are relying on that server because it holds all your backup/emergency SOPs you better have a plan B!
Today was rough, but with any issue comes opportunity. Use the 'lesson' and learn from it so it doesn't happen again. EVERYONE should walk away from the experience with more knowledge of the tool/process, better skills around the tool, and the confidence that this type of issue will NOT happen again because the team is taking the right steps in the future.
What are some of your worst backup/recovery experiences?
Bartlett