chef workflow demo
TRANSCRIPT
Workshops & Chef Training
Community Summit Chef Partner Summit Welcome Reception
Keynotes Technical Sessions Happy Hour
Keynotes Technical Sessions Awesome Chef Awards Community Celebration
ChefConf.com
Every business is a software business
We’re no longer an airline. We’re a software company with wings.
– Veresh Sita, CIO, Alaska Airlines
Challenges
Manual processesWeeks to setup new systems or software
Legacy systems and toolsInflexible, hard-to-change hardware and software
Organizational silosUnwieldy divisions of responsibility
Infrequent, large releasesFear of deployment due to risk to SLAs
Regulatory burdensCompliance bottleneck at the end of a project
Manual processesWeeks to setup new systems or software
Legacy systems and toolsInflexible, hard-to-change hardware and software
Organizational silosUnwieldy divisions of responsibility
Regulatory burdensCompliance bottleneck at the end of a project
Infrequent, large releasesFear of deployment due to risk to SLAs
Compliance at velocity Integration of compliance into the workflow using automated tests
Increased cooperation and trustTeams are aligned towards common goals
Dynamic infrastructureEasy migration to on-demand, cloud-based infrastructure and management of heterogeneous networks
AutomationNew systems and software updates deployed in minutes
Continuous delivery of infrastructure and applicationsSafe, rapid delivery of incremental value
Solutions to the challenges
AutomationChef turns infrastructure into code—infrastructure as code is versionable, testable and repeatable. Manual processes become a thing of the past.
• Automated, full-stack application policies• Package and service installation• Versionable, testable, repeatable workflow• Scalable application policies• Management of interdependencies across nodes
Dynamic infrastructureUse Chef to migrate applications to the cloud and support hybrid and multi-cloud environments. Automate the management of heterogeneous networks, including legacy systems.
• Provisioning and setting up environments • Dynamic scaling of compute resources• Migrating legacy workloads to the cloud• Multi cloud and hybrid cloud deployment• Support for heterogeneous environments
DevOps workflow & cultureChef helps you eliminate silos and lower the overhead of IT operations and service management by supporting DevOps culture. Chef helps eliminate silos.
• Unified workflow for application and infrastructure
• Integration with version control for dev and ops
• Support for automated testing of infrastructure and applications
• Integration of security and compliance into product development
• Advanced, high-velocity workflow with Chef Delivery
Continuous delivery of infrastructure & appsUse Chef to implement a high-velocity software delivery pipeline that integrates application and infrastructure. Eliminate the risks incurred with large, infrequent releases.
• Rapid provisioning of dev and test environments
• Ensure consistency and repeatability of environments
• Unified pipeline for infrastructure, runtime environments and applications
• Support for large teams with multiple projects
• Advanced, high-velocity workflow with Chef Delivery
Security and compliance at velocityRegulatory compliance and security concerns are facts of life for every enterprise. At the same time, competitive pressures are increasing. Use Chef to embed requirements into the software delivery pipeline. Chef makes compliance at velocity possible.
• Embed compliance into the software delivery pipeline
• Automated checking of compliance criteria with analytics
• Structured review process during development
• Discovery and analysis• Patch management and remediation
Chef Provides a Proven Approach to DevOps
Apps
Runtime environments
Infrastructure
...
...
...
Targets/Workloads
Collaborative Dev
Chef Analytics
Production
Chef Server
Chef Server
Chef Supermarket
Assessment
Chef Compliance
SearchAuditDiscover
ProvisionDeploy
Test
Chef Delivery
Local Dev
ModelBuildTest
Chef DK
Chef Client & Cookbooks
Chef Provides a Proven Approach to DevOps
Apps
Runtime environments
Infrastructure
...
...
...
Targets/Workloads
Assessment
Chef Compliance
SearchAuditDiscover
Compliance as code
Regulatory compliance frameworks
OFAC USA PATRIOT Act Gramm-Leach-Bliley Act Red Flags Rule
Bank Secrecy Act Sarbanes-Oxley Regulation E Dodd-Frank
False Claims Act HIPAA European Central Bank regulations
Prudential Regulation Authority
Financial Conduct Authority
HITECH PCI DSS
Inspec Testing Frameworkcontrol 'ssh-1.0' do impact 1.0 title 'Use Protocol version 2 for SSH' desc 'SSH should be explicitly configured to use Protocol version 2'
describe ssh_config do its('Protocol') { should eq '2' } endend
control 'cis-3.1' do impact 0.7 title 'Set Daemon umask’ desc 'Set the default umask for all processes started at boot time.'
describe file('/etc/sysconfig/init') do its('content') {should match 'umask 027'} endend
Translating Policy Into Code
Chef Compliance 1.0 – New Features• More CIS content: CentOS 6 and 7, Ubuntu 12.04 and 14.04.
Additional profiles will be provided in the next releases.• Latest Inspec provides plugins for Microsoft SCCM and SCAP
contentImport Windows policies from the Microsoft Security Compliance Manager
• Chef Server authentication integration and ability to view Compliance reports for Chef Server managed nodes that use the audit cookbook or resources.
• The licensed node count can be modified. Instructions here.• Improve output for connectivity errors.
Compliance as Code
Compliance
Security
DevOps
Chef Provides a Proven Approach to DevOps
Apps
Runtime environments
Infrastructure
...
...
...
Targets/Workloads
Assessment
Chef Compliance
SearchAuditDiscover
Local Dev
ModelBuildTest
Chef DK
Chef Client & Cookbooks
Automate infrastructure & applications with Chef• A recipe is a collection of Resources• Resources are executed in the order they are listed
On Linux based OSes:
package "httpd" do action :installend
template ”/var/www/index.html" do source ”index.html.erb” mode "0644"end
service "httpd" do action [ :enable, :start ]end
windows_feature "IIS-WebServerRole" do action :installend
template 'c:\inetpub\wwwroot\Default.htm' do source "Default.htm.erb" rights :read, "Everyone"end
service "w3svc" do action [ :enable, :start ]end
Provision Infrastructure Dynamically with Chef
Chef Provides a Proven Approach to DevOps
Apps
Runtime environments
Infrastructure
...
...
...
Targets/Workloads
Collaborative DevAssessment
Chef Compliance
SearchAuditDiscover
ProvisionDeploy
Test
Chef Delivery
Local Dev
ModelBuildTest
Chef DK
Chef Client & Cookbooks
ONE PATH FOR CHANGE
• The way change moves through your organization is fixed
• Designed to re-enforce your principles and aid flow• Flexible at the level of execution
Chef Delivery
Unified Pipeline ShapeThe stages are fixed, and each stage has a fixed set of phases
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
Submit
Change
Unified Pipeline ShapeThe stages are fixed, and each stage has a fixed set of phases
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
LintSyntax
Unit
Submit
Change
Unified Pipeline ShapeThe stages are fixed, and each stage has a fixed set of phases
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
LintSyntax
Unit
Submit
Change
Does thiscode changelook good?
Unified Pipeline ShapeThe stages are fixed, and each stage has a fixed set of phases
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
LintSyntax
UnitSecurityQualityPublish
LintSyntax
Unit
Submit
Change
Does thiscode changelook good?
Unified Pipeline ShapeThe stages are fixed, and each stage has a fixed set of phases
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
LintSyntax
UnitSecurityQualityPublish
LintSyntax
Unit
ProvisionDeploySmoke
Functional
Submit
Change
Does thiscode changelook good?
Unified Pipeline ShapeThe stages are fixed, and each stage has a fixed set of phases
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
LintSyntax
UnitSecurityQualityPublish
LintSyntax
Unit
ProvisionDeploySmoke
Functional
Submit
Change
Does thiscode changelook good?
Do we wantto ship this?
Unified Pipeline ShapeThe stages are fixed, and each stage has a fixed set of phases
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
LintSyntax
UnitSecurityQualityPublish
LintSyntax
Unit
ProvisionDeploySmoke
Functional
Provision
DeploySmoke
Functional
Submit
Change
Does thiscode changelook good?
Do we wantto ship this?
Unified Pipeline ShapeThe stages are fixed, and each stage has a fixed set of phases
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
LintSyntax
UnitSecurityQualityPublish
LintSyntax
Unit
ProvisionDeploySmoke
Functional
Provision
DeploySmoke
Functional
ProvisionDeploySmoke
Functional
Submit
Change
Does thiscode changelook good?
Do we wantto ship this?
Unified Pipeline ShapeThe stages are fixed, and each stage has a fixed set of phases
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
LintSyntax
UnitSecurityQualityPublish
LintSyntax
Unit
ProvisionDeploySmoke
Functional
Provision
DeploySmoke
Functional
ProvisionDeploySmoke
Functional
ProvisionDeploySmoke
Functional
Submit
Change
Does thiscode changelook good?
Do we wantto ship this?
Chef Provides a Proven Approach to DevOps
Apps
Runtime environments
Infrastructure
...
...
...
Targets/Workloads
Collaborative Dev Production
Chef Server
Chef Server
Chef Supermarket
Assessment
Chef Compliance
SearchAuditDiscover
ProvisionDeploy
Test
Chef Delivery
Local Dev
ModelBuildTest
Chef DK
Chef Client & Cookbooks
Chef AnalyticsChef Insights
• Provides visibility into changes happening across your entire infrastructure
Chef Analytics for Compliance
• Make changes at speed while ensuring infrastructure is compliant with formal or informal policy
Integrations and Notifications
• Send data to external systems like Splunk
• Send arbitrary events to messaging or alerting systems
Chef Provides a Proven Approach to DevOps
Apps
Runtime environments
Infrastructure
...
...
...
Targets/Workloads
Collaborative Dev
Chef Analytics
Production
Chef Server
Chef Server
Chef Supermarket
Assessment
Chef Compliance
SearchAuditDiscover
ProvisionDeploy
Test
Chef Delivery
Local Dev
ModelBuildTest
Chef DK
Chef Client & Cookbooks