View
156
Download
0
Category
Preview:
Citation preview
Achieving DevOps Success with Chef Automate
Nicole Johnson – Manager, Solutions Architects – East NA
Chef Commercial Product
Chef InSpec Habitat Open SourceProducts
Cloud & Infrastructure Automation
Delivery Workflow
VisibilityCom
pliance
Application Automation
Chef Platform
Barriers to Enterprise Adoption of DevOps
Anti-pattern = stitching together disparate tool chains
Thrashing on the shape of the workflow across that tooling, lack of skills, training and cultural adoption (can take years)
Siloed centers for DevOps
Security and compliance are an afterthought
New Capabilities Accelerate and De-risk DevOps Adoption
Chef Compliance: Compliance as Code – just like Apps as Code and Infrastructure as code
Chef Automate: Full stack collaboration platform manages complex changes across:
• Infrastructure as Code• Containers as Code• Applications as Code• Compliance as Code
New: Enterprise Transformation Practice
Go Fast Safely: Allow Teams to Build Code and Automate Systems
• Infrastructure as Code
• Containers as Code• Policy as Code• Process as Code• Applications
Reinforce the right behaviors to collaborate safely on code at velocityCulture
Automation
Governance
Build, deploy, and manage infrastructure and applications anywhere
Operate safely and in compliance with internal controls and regulatory requirements
version
collaborateconsistently
testautomatically
Deploy Anywhere● On-premise● Cloud● Hybrid-
Cloud
Configuration
Automation
Workflow
ApplicationInfrastructure
Chef is Infrastructure as Code•Programmatically provision and configure components
•Treat like any other code base
•Reconstruct business from code repository, data backup, and compute resources
http://www.flickr.com/photos/louisb/4555295187/
Automate infrastructure & applications with Chef
On Linux based OSes:
package "httpd" do action :installend
template ”/var/www/index.html" do source ”index.html.erb” mode "0644"end
service "httpd" do action [ :enable, :start ]end
Building Blocks: What is a Resource?•A Resource is a system state you define
• Example: Package installed, state of a service, configuration file existing•You declare what state you want the resource in.
• Chef automatically determines HOW that state is achievedOn Linux based OSes: On Windows based OSes:
Chef Workflow and Test-Driven Infrastructure
Apps
Runtime environments
Infrastructure
...
...
...
Targets/Workloads
Collaborative Dev
Chef Visibility
Production
Chef Server
Chef server
Chef Supermarket
Assessment
Chef Compliance
SearchAuditDiscover
ProvisionDeploy
Test
Chef Workflow
Local Dev/Remediation
ModelBuildTest
Chef DK
Chef Client & Cookbooks
Documentation
SSH supports two different protocol versions. The original version, SSHv1, is subject to a number of different security vulnerabilities.
Please use the more secure SSHv2 to avoid these vulnerabilities
Scripting Tools# grep “^Protocol” /etc/ssh/sshd_config | sed ‘s/Protocol//’# 2
control 'cis-3.1' do impact 0.7 title 'Set Daemon umask’ desc 'Set the default umask for all processes started at boot time.'
describe file('/etc/sysconfig/init') do its('content') {should match 'umask 027'} endend
InSpec Testing Framework
Compliance as Code
Compliance as Code
Compliance
Security
DevOps
How do we write and test our intended change?
One path for change
Test the ArtifactsTest the Code
VERIFY BUILD ACCEPTANCE
REHEARSAL
DELIVEREDUNION
SubmitChang
e
One path for change
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
LintSyntax
UnitSecurityQualityPublish
LintSyntax
Unit
ProvisionDeploySmoke
Functional
Provision
DeploySmoke
Functional
ProvisionDeploySmoke
Functional
ProvisionDeploySmoke
Functional
Submit
Change
Does thiscode
changelook
good?
Do we want
to ship this?
One path for change
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
LintSyntax
UnitSecurityQualityPublish
LintSyntax
Unit
Submit
Change
Does thiscode
changelook
good?
One path for change
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
LintSyntax
UnitSecurityQualityPublish
LintSyntax
Unit
ProvisionDeploySmoke
Functional
Submit
Change
Does thiscode
changelook
good?
Do we want
to ship this?
Shared WorkflowWorkflow’s pipeline is shared across projects and teams
SUBMIT CHANGE VERIFY APPROVE
CHANGE
DELIVER CHANGEACCEPTANCEBUILD
UNION REHEARSAL DELIVERED
COOKBOOK Y
APPLICATION Y
COOKBOOK X
APPLICATION X
SubscriptionIncludes:• Premium Features• 24x7 Support• Supported Content
Infrastructure Automation
Application Automation
Compliance Automation
Workflow Visibility Compliance
High AvailabilityContent (Chef Cookbooks, Habitat Plans, Compliance Profiles)
PremiumFeatures
Open SourceSoftware
Delivery PhasesPre-Artifact Post-Artifact
Verify and Build
Build
Unit Lint Syntax
Security Quality Publish
Acceptance, Union, Rehearsal, DeliveredProvision Deploy
Smoke Functional
Delivery Phases – Example Java ApplicationPre-Artifact Post-Artifact
• JUnit
Verify and Build
Build
Unit Lint Syntax
Security Quality Publish
• Lint4J • javac
• Fortify • FindBugs • Maven• Artifacto
ry
Acceptance, Union, Rehearsal, Delivered
• EC2• Chef
Provisioning
Provision Deploy• Load jar in
Tomcat
• Curl $URL; check for 200 OK
Smoke Functional• Selenium• Cucumber• Chef InSpec
Recommended