Brisbane AWS Meetup: OpsWorks for Chef Automate
2 likes280 views
The document discusses the integration of Chef Automate and AWS OpsWorks, emphasizing the importance of hybrid cloud models for modern application teams. It highlights the capabilities of Chef for infrastructure automation, compliance, and application management, including continuous compliance and automation of workflows. The partnership between Amazon and Chef is underscored, showcasing their joint development of a fully managed opsworks service compatible with open-source Chef.
Brisbane AWS Meetup: OpsWorks for Chef Automate
- 1. OpsWorks for Chef Automate AWS Brisbane Meetup June 28, 2017
- 2. Matt Ray Manager, Solutions Architect – APJ Chef Software matt@chef.io @mattray
- 3. Microservices Container Runtime Datacenter Microservices Physical Runtime Cloud Monolithic Container Runtime Datacenter Microservices ” Hybrid is the standard model for Modern App Teams Teams need to deliver all infrastructure, any app, everywhere. Continuously. Emerging LandscapeLegacy Reality Most enterprises are going to operate in hybrid mode for many years to come Andy Jassy, CEO, Amazon Web Services (re:Invent 2016) Architecture MONOLITHS MICROSERVICES Runtime PHYSICAL CONTAINERS Infrastructure DATACENTER CLOUD Infrastructure ApplicationCompliance Automation The state of an app portfolio APP A APP B APP C APP D Physical Runtime Datacenter
- 4. Velocity: time from idea to ship Software success metrics Quantifying outcomes to deliver software at speed Deployment frequency Time from commit to deploy Mean time to resolve Time deploying remediation Change failure rate SPEED Measure of rate of software change EFFICIENCY Measure of effectiveness of software change RISK Measure of quality of software change Compliance audit frequency Idea Ship
- 5. Infrastructure Automation Application Automation Compliance Automation Workflow Visibility Compliance
- 6. Chef ▪ Manages deployment and on-going automation ▪ Define reusable resources and infrastructure state as code ▪ Scale elegantly from one to tens of thousands of managed nodes across multiple complex environments ▪ Community, Certified Partner, and Chef supported content available for all common automation tasks Infrastructure automation and delivery at scale windows_feature ‘IIS-WebServerRole’ do action :install end windows_feature ‘IIS-ASPNET’ do action :install end iis_pool FooBarPool do runtime_version “4.0” action :add end package "apache" do action :install end template “/etc/httpd/https.conf” do source “httpd.conf.erb” mode 0075 owner “root” group “root” end service “apache2” do action :start done
- 7. PART OF A PROCESS OF CONTINUOUS COMPLIANCE Scan for Compliance Build & Test Locally Build & Test CI/CD Remediate Verify A SIMPLE EXAMPLE OF AN INSPEC CIS RULE InSpec ▪ Translate compliance into Code ▪ Clearly express statements of policy ▪ Move risk to build/test from runtime ▪ Find issues early ▪ Write code quickly ▪ Run code anywhere ▪ Inspect machines, data and APIs Turn security and compliance into code control ‘cis-1.4.1’ do title ‘1.4.1 Enable SELinux in /etc/grub.conf’ desc ‘ Do not disable SELinux and enforcing in your GRUB configuration. These are important security features that prevent attackers from escalating their access to your systems. For reference see … ‘ impact 1.0 expect(grub_conf.param ‘selinux’).to_not eq ‘0’ expect(grub_conf.param ‘enforcing’).to_not eq ‘0’ end
- 8. Habitat ▪ Ease the burden of managing microservice apps and bring benefits of apps architected for microservices to traditional applications ▪ Gain consistent management of new and traditional applications across their lifecycle ▪ Provides application portability for new and traditional apps ▪ Autonomous nodes self-manage runtime state of application based upon policy you define ▪ APIs expose application behaviors as data for better management ▪ Works in tandem with infrastructure automation ▪ Makes applications running on containers, PaaS, virtual machines, bare metal, … better Automation that travels with the app
- 9. The Chef Automate Platform Continuous Automation for High Velocity IT Workflow • Local development • Integration • Tooling (APIs & SDKs) COLLABORATE ▪ Package ▪ Test ▪ Approve BUILD ▪ Provision ▪ Configure ▪ Execute ▪ Update DEPLOY ▪ Secure ▪ Comply ▪ Audit ▪ Measure ▪ Log MANAGE Infrastructure Automation Compliance AutomationApplication Automation OSS AUTOMATION ENGINES Increase Speed ▪ Package infrastructure and app configuration as code ▪ Continuously automate infrastructure and app updates Improve Efficiency ▪ Define and execute standard workflows and automation ▪ Audit and measure effectiveness of automation Decrease Risk ▪ Define compliance rules as code ▪ Deliver continuous compliance as part of standard workflow
- 10. AWS OpsWorks for Chef Automate Native Amazon Service Managed Chef Server ▪ Utilizes RDS and other native services ▪ May be externally accessible AWS Native ▪ Auto Scaling in your VPC ▪ Automatic backups and upgrades OpsWorks Stacks ▪ New name for previous version of OpsWorks ● Partnership between Amazon and Chef, jointly developed and maintained ● Fully managed AWS service with frequent updates ● Fully compatible with open source Chef ● Amazon is your support and billing ● All Chef Automate features will be supported ○ Visibility and Workflow today ○ Compliance soon ○ Currently Northern Virginia, Oregon & Ireland with more planned
- 11. OpsWorks Signup
- 12. OpsWorks Signup
- 13. OpsWorks Signup
- 14. OpsWorks Signup
- 15. OpsWorks Signup
- 16. OpsWorks Signup
- 17. OpsWorks Signup
- 18. OpsWorks Signup
- 19. OpsWorks Signup
- 20. Demo
- 21. OpsWorks SignupScan for Compliance Build & Test Locally Build & Test CI/CD Remediate Verify