Embed Size (px)
Citation preview
Mandi WallsSeptember 21, 2016
EVERY business is a software business
We’re going to be a software company with airplanes.
– CIO, Alaska Airlines
Quality and innovation, historically a tradeoffQU
ALIT
Y/CO
MPL
IANC
E
RATE OF INNOVATION
Challenges
Manual processesWeeks to setup new systems or software
Legacy systems and toolsInflexible, hard-to-change hardware and software
Organizational silosUnwieldy divisions of responsibility
Infrequent, large releasesFear of deployment due to risk to SLAs
Regulatory burdensCompliance bottleneck at the end of a project
Manual processesWeeks to setup new systems or software
Legacy systems and toolsInflexible, hard-to-change hardware and software
Organizational silosUnwieldy divisions of responsibility
Regulatory burdensCompliance bottleneck at the end of a project
Infrequent, large releasesFear of deployment due to risk to SLAs
Compliance at velocity Integration of compliance into the workflow using automated tests
Increased cooperation and trustTeams are aligned towards common goals
Dynamic infrastructureEasy migration to on-demand, cloud-based infrastructure and management of heterogeneous networks
AutomationNew systems and software updates deployed in minutes
Continuous delivery of infrastructure and applicationsSafe, rapid delivery of incremental value
Solutions to the challenges
The game changer: rapid time to value
Innovation
Quality/Compliance
DynamicInfrastructure
Dynamic infrastructureMigrate applications to the cloud and support hybrid and multi-cloud environments. Automate the management of heterogeneous networks, including legacy systems.
• Provisioning and setting up environments • Dynamic scaling of compute resources• Migrating legacy workloads to the cloud• Multi cloud and hybrid cloud deployment• Support for heterogeneous environments
The game changer: rapid time to value
Innovation
Quality/Compliance
DynamicInfrastructure
Infrastructure as Code
Automate the Stack
+
Infrastructure as Code• Programmatically provision and
configure components• Treat like any other code base• Reconstruct business from code
repository, data backup, and compute resources
AutomationTurn infrastructure into code—infrastructure as code is versionable, testable and repeatable. Manual processes become a thing of the past.
• Automated, full-stack application policies• Package and service installation• Versionable, testable, repeatable workflow• Scalable application policies• Management of interdependencies across nodes
Chef Server
Revision control system
Chef serverPolicy
State
State queries
Servers, VMs, cloud instances, etc.
running the Chef client
• The Chef server stores policy and configuration data• The Chef client periodically runs on each node in the network• Chef clients poll the server for the latest policies • Chef clients notify the server of their states and can query for the states of other nodes
Describe Infrastructure as Codehttpd_service 'customers' do mpm 'prefork' action [:create, :start]end
httpd_config 'customers' do instance 'customers' source 'customers.conf.erb' notifies :restart, 'httpd_service[customers]'end
directory '/var/www/customers/public_html' do recursive trueend
Test the Codedescribe 'apache::default' do context 'When all attributes are default, on an unspecified platform' do
let(:chef_run) do runner = ChefSpec::ServerRunner.new runner.converge(described_recipe) end
it 'converges successfully' do expect { chef_run }.to_not raise_error end
it 'installs apache' do expect(chef_run).to install_package 'apache2' end endend
Version the Code & the Artifact
name 'cmgw'maintainer 'Chef Software, Inc.'maintainer_email ’[email protected]'license 'apache2'description 'Installs/Configures cmgw'long_description 'Installs/Configures cmgw'version '0.1.0'
The game changer: rapid time to value
Innovation
Quality/Compliance
DynamicInfrastructure
Infrastructure as Code
Automate the Stack
DevOps
+ +
UBIQUITOUS WORKFLOW AUTOMATION
DevOps workflow & cultureEliminate silos and lower the overhead of IT operations and service management by supporting DevOps culture. Build communities.
• Unified workflow for application and infrastructure
• Integration with version control for dev and ops
• Support for automated testing of infrastructure and applications
• Integration of security and compliance into product development
• Advanced, high-velocity workflow
The rewards?*
*source: Dr. Nicole Forsgren research on DevOps
More deployments
Ship faster
Faster MTTR after issues More profits, market share, and productivity
Market cap goes up
Fast Flexible Infrastructure•Run the same configurations regardless of environment: Repeatable and Reliable
•Chef integrates with numerous cloud providers•Run your Chef Server in the cloud, in your datacenter, or use Hosted Chef
Where Does Chef Integrate with IaaS•Provisioning – creating new resources•Management – alter resources over their lifecycle•Destroy – sunset resources that are no longer needed•Supported features and resources vary by provider•Testing environments – the Test Kitchen project can use numerous providers for testing chef code / infrastructure provisioning
Chef and AWS•Manage hosts, EBS volumes, EIPs, ELBs, Cloudwatch, CloudFormation, IAM users, etc• Flexibility of custom resources and Ruby allows us to expand and update support regularly
•Provision, manage, and destroy resources as needed•Launch Chef Automate directly in the cloud via the MarketPlace
Chef and AWS Customers•Scholastic
• World’s largest publisher of material for children• Datacenter update / modernize – didn’t want to be in the datacenter management business
• Targeted public cloud• Worked through a rearchitecture of projects for cloud readiness
Chef and Azure•Our neighbors in the Seattle region•https://www.chef.io/partners/azure/ •Provision and manage resource lifecycle on Azure•Integrate with DSC for Azure Windows•Run Chef from the Azure Marketplace•Add Chef to an Azure PaaS role - https://github.com/Microsoft/Azure-PaaS-ChefClient
•https://channel9.msdn.com/Shows/TechNet+Radio/TechNet-Radio-Part-22-Building-Your-Hybrid-Cloud-Orchestrating-Hybrid-Cloud-with-Chef-and-Azure
Chef and MSN•MSN runs on Azure now with Chef
Other Cloud Platforms and Providers•Google Cloud Platform•OpenStack•Linode•Rackspace•Terremark•VMware / vSphere
Cloud Lead to Our Journey to CI/CD•Helped many customers build reliable, repeatable infrastructure•Brought testing into Infrastructure teams with Test Kitchen•Overall application delivery pushed into build pipelines and integrated with infrastructure
Continuous delivery of infrastructure & appsImplement a high-velocity software delivery pipeline that integrates application and infrastructure. Eliminate the risks incurred with large, infrequent releases.
• Rapid provisioning of dev and test environments
• Ensure consistency and repeatability of environments
• Unified pipeline for infrastructure, runtime environments and applications
• Support for large teams with multiple projects
• Advanced, high-velocity workflow
ONE PATH FOR CHANGE
• The way change moves through your organization is fixed
• Designed to re-enforce your principles and aid flow
• Flexible at the level of execution
CODE GOES THROUGH THE SAME WORKFLOW
Applications are codeInfrastructure is code
Security and compliance at velocityRegulatory compliance and security concerns are facts of life for every enterprise. At the same time, competitive pressures are increasing. Embed requirements into the software delivery pipeline. Code makes compliance at velocity possible.
• Embed compliance into the software delivery pipeline
• Automated checking of compliance criteria with analytics
• Structured review process during development
• Discovery and analysis• Patch management and remediation
SSH Control
SSH supports two different protocol versions. The original version, SSHv1, was subject to a number of security issues. Please use SSHv2 instead to
avoid these.
Dev QA Stage Security Review Prod
Product Ideas and Features
Security Review
Production
Dev QA Stage Prod
Dev QA Stage Prod
"Scanning"
What We Have Here Is A Communications Problem
SSH Version Checkdescribe sshd_config do impact 1.0
title 'SSH Version 2'
desc <<-EOF SSH supports two different protocol versions. The original version, SSHv1, was subject to a number of security issues. Please use SSHv2 instead to avoid these. EOF
its('Protocol') { should cmp 2 }end
Unified Pipeline ShapeThe stages are fixed, and each stage has a fixed set of phases
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
Submit
Change
Unified Pipeline ShapeThe stages are fixed, and each stage has a fixed set of phases
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
LintSyntax
Unit
Submit
Change
Unified Pipeline ShapeThe stages are fixed, and each stage has a fixed set of phases
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
LintSyntax
Unit
Submit
Change
Does thiscode changelook good?
Unified Pipeline ShapeThe stages are fixed, and each stage has a fixed set of phases
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
LintSyntax
UnitSecurityQualityPublish
LintSyntax
Unit
Submit
Change
Does thiscode changelook good?
Unified Pipeline ShapeThe stages are fixed, and each stage has a fixed set of phases
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
LintSyntax
UnitSecurityQualityPublish
LintSyntax
Unit
ProvisionDeploySmoke
Functional
Submit
Change
Does thiscode changelook good?
Unified Pipeline ShapeThe stages are fixed, and each stage has a fixed set of phases
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
LintSyntax
UnitSecurityQualityPublish
LintSyntax
Unit
ProvisionDeploySmoke
Functional
Submit
Change
Does thiscode changelook good?
Do we wantto ship this?
Unified Pipeline ShapeThe stages are fixed, and each stage has a fixed set of phases
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
LintSyntax
UnitSecurityQualityPublish
LintSyntax
Unit
ProvisionDeploySmoke
Functional
Provision
DeploySmoke
Functional
Submit
Change
Does thiscode changelook good?
Do we wantto ship this?
Unified Pipeline ShapeThe stages are fixed, and each stage has a fixed set of phases
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
LintSyntax
UnitSecurityQualityPublish
LintSyntax
Unit
ProvisionDeploySmoke
Functional
Provision
DeploySmoke
Functional
ProvisionDeploySmoke
Functional
Submit
Change
Does thiscode changelook good?
Do we wantto ship this?
Unified Pipeline ShapeThe stages are fixed, and each stage has a fixed set of phases
VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER
LintSyntax
UnitSecurityQualityPublish
LintSyntax
Unit
ProvisionDeploySmoke
Functional
Provision
DeploySmoke
Functional
ProvisionDeploySmoke
Functional
ProvisionDeploySmoke
Functional
Submit
Change
Does thiscode changelook good?
Do we wantto ship this?
Shared WorkflowDelivery’s pipeline is shared across projects and teams
Chef Provides a Proven Approach to DevOps
Apps
Runtime environments
Infrastructure
...
...
...
Targets/Workloads
Collaborative Dev Production
Chef Server
Chef Server
Chef Supermarket
Assessment
Chef Compliance
SearchAuditDiscover
ProvisionDeploy
Test
Chef Automate Workflow
Local Dev
ModelBuildTest
Chef DK
Chef Client & Cookbooks
Where did that lead us?
Habitat Project• Launched in June 2016 – still a baby!• “What is Chef thinking about containers/microservices/orchestration”
What is Habitat• Automation that focuses on the application rather than infrastructure
• Infra is there because the Apps need it to be useful• Builds repeatable, documented stacks for apps and dependencies• Explicit versioning of apps and deps• A supervisor for coordination and run-time configuration
Why?• Portability• Accountability
• Know exactly what is going into your environment• Build the same every time, no substitutions of new layers without recording
• Built in organization and monitoring by the supervisor
Pieces of Habitat• A bit more complex than working in Chef• Build in a “clean room” environment called the habitat studio
• Limit the effects of external influences, undocumented accidental dependencies• Produce packages for standalone run-time or export to container
platforms
Plan Filespkg_origin=<youroriginname> pkg_name=mytutorialapp pkg_version=0.2.0 pkg_maintainer="The Habitat Maintainers <[email protected]>”pkg_license=() pkg_source=https://github.com/habitat-sh/habitat-example-plans pkg_deps=(core/node) pkg_expose=(8080) do_download() { return 0 }
do_verify() { return 0 } do_unpack() { return 0 } do_build() { … }do_install(){ … }
Run the thing you built. Everywhere.
Extra cool stuff via the supervisor• --bind• --peer• Manipulate config at runtime and push updates
Hard Stuff• Apps may need altering
• Bits aren’t going to always be in the same places as expected, due to clean room idea and dependency isolation
• Not everything has been habitatified yet• Still work going on for integrations with container platforms and other
components• You will need access to the Internet
• Scary!• Windows is on the way
SO! MUCH! INFORMATION!omg
Chef Resources• Chef.io – all the basics about Chef the company, our products, our
partners• learn.chef.io – online tutorials, docs, training opportunities• chef-community.slack.com – our online community, chefs from all over
the world• https://www.youtube.com/user/getchef - Our YouTube channel:
conference talks, product info, tutorials, etc• Our London Meetup: http://www.meetup.com/Chef-Users-London/
Habitat Resources• habitat.sh – info, docs, tutorials, plans and packages• https://www.youtube.com/user/getchef/ ChefConf 2016 Videos
• Habitat 101 – Joshua Timberman• Habitat 201 – George Miranda• Habitat 301 – Jamie Winsor
• habitat.slack.com
Chef Community!!!Oct 12 +13!
https://summit.chef.io
What questions can I answer for you?
