Achieving DevOps Success with Chef Automate

Nicole Johnson – Manager, Solutions Architects – East NA

Chef Commercial Product

Chef InSpec Habitat Open SourceProducts

Cloud & Infrastructure Automation

Delivery Workflow

VisibilityCom

pliance

Application Automation

Chef Platform

Barriers to Enterprise Adoption of DevOps

Anti-pattern = stitching together disparate tool chains

Thrashing on the shape of the workflow across that tooling, lack of skills, training and cultural adoption (can take years)

Siloed centers for DevOps

Security and compliance are an afterthought

New Capabilities Accelerate and De-risk DevOps Adoption

Chef Compliance: Compliance as Code – just like Apps as Code and Infrastructure as code

Chef Automate: Full stack collaboration platform manages complex changes across:

• Infrastructure as Code• Containers as Code• Applications as Code• Compliance as Code

New: Enterprise Transformation Practice

Go Fast Safely: Allow Teams to Build Code and Automate Systems

• Infrastructure as Code

• Containers as Code• Policy as Code• Process as Code• Applications

Reinforce the right behaviors to collaborate safely on code at velocityCulture

Automation

Governance

Build, deploy, and manage infrastructure and applications anywhere

Operate safely and in compliance with internal controls and regulatory requirements

version

collaborateconsistently

testautomatically

Deploy Anywhere● On-premise● Cloud● Hybrid-

Cloud

Configuration

Automation

Workflow

ApplicationInfrastructure

Chef is Infrastructure as Code•Programmatically provision and configure components

•Treat like any other code base

•Reconstruct business from code repository, data backup, and compute resources

http://www.flickr.com/photos/louisb/4555295187/

Automate infrastructure & applications with Chef

On Linux based OSes:

package "httpd" do action :installend

template ”/var/www/index.html" do source ”index.html.erb” mode "0644"end

service "httpd" do action [ :enable, :start ]end

Building Blocks: What is a Resource?•A Resource is a system state you define

• Example: Package installed, state of a service, configuration file existing•You declare what state you want the resource in.

• Chef automatically determines HOW that state is achievedOn Linux based OSes: On Windows based OSes:

Chef Workflow and Test-Driven Infrastructure

Apps

Runtime environments

Infrastructure

...

...

...

Targets/Workloads

Collaborative Dev

Chef Visibility

Production

Chef Server

Chef server

Chef Supermarket

Assessment

Chef Compliance

SearchAuditDiscover

ProvisionDeploy

Test

Chef Workflow

Local Dev/Remediation

ModelBuildTest

Chef DK

Chef Client & Cookbooks

Documentation

SSH supports two different protocol versions. The original version, SSHv1, is subject to a number of different security vulnerabilities.

Please use the more secure SSHv2 to avoid these vulnerabilities

Scripting Tools# grep “^Protocol” /etc/ssh/sshd_config | sed ‘s/Protocol//’# 2

control 'cis-3.1' do impact 0.7 title 'Set Daemon umask’ desc 'Set the default umask for all processes started at boot time.'

describe file('/etc/sysconfig/init') do its('content') {should match 'umask 027'} endend

InSpec Testing Framework

Compliance as Code

Compliance as Code

Compliance

Security

DevOps

How do we write and test our intended change?

One path for change

Test the ArtifactsTest the Code

VERIFY BUILD ACCEPTANCE

REHEARSAL

DELIVEREDUNION

SubmitChang

e

One path for change

VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER

LintSyntax

UnitSecurityQualityPublish

LintSyntax

Unit

ProvisionDeploySmoke

Functional

Provision

DeploySmoke

Functional

ProvisionDeploySmoke

Functional

ProvisionDeploySmoke

Functional

Submit

Change

Does thiscode

changelook

good?

Do we want

to ship this?

One path for change

VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER

LintSyntax

UnitSecurityQualityPublish

LintSyntax

Unit

Submit

Change

Does thiscode

changelook

good?

One path for change

VERIFY BUILD ACCEPTANCE REHEARSAL DELIVEREDUNIONAPPROVE DELIVER

LintSyntax

UnitSecurityQualityPublish

LintSyntax

Unit

ProvisionDeploySmoke

Functional

Submit

Change

Does thiscode

changelook

good?

Do we want

to ship this?

Shared WorkflowWorkflow’s pipeline is shared across projects and teams

SUBMIT CHANGE VERIFY APPROVE

CHANGE

DELIVER CHANGEACCEPTANCEBUILD

UNION REHEARSAL DELIVERED

COOKBOOK Y

APPLICATION Y

COOKBOOK X

APPLICATION X

SubscriptionIncludes:• Premium Features• 24x7 Support• Supported Content

Infrastructure Automation

Application Automation

Compliance Automation

Workflow Visibility Compliance

High AvailabilityContent (Chef Cookbooks, Habitat Plans, Compliance Profiles)

PremiumFeatures

Open SourceSoftware

Delivery PhasesPre-Artifact Post-Artifact

Verify and Build

Build

Unit Lint Syntax

Security Quality Publish

Acceptance, Union, Rehearsal, DeliveredProvision Deploy

Smoke Functional

Delivery Phases – Example Java ApplicationPre-Artifact Post-Artifact

• JUnit

Verify and Build

Build

Unit Lint Syntax

Security Quality Publish

• Lint4J • javac

• Fortify • FindBugs • Maven• Artifacto

ry

Acceptance, Union, Rehearsal, Delivered

• EC2• Chef

Provisioning

Provision Deploy• Load jar in

Tomcat

• Curl $URL; check for 200 OK

Smoke Functional• Selenium• Cucumber• Chef InSpec