Public and private cloud metadata and why it is useful
Download as ODP, PDF0 likes258 views
The document discusses how cloud metadata and Ansible dynamic inventory can help DevOps and security teams collaborate more effectively. It provides examples of how metadata tagging servers can enable targeted operations like provisioning, patching, software installation based on tags. This allows implementing security processes into continuous delivery pipelines through automated and flexible configuration of servers. The speaker advocates that DevOps and security teams work together to build pipelines that use metadata and dynamic inventory to make security part of standard operations.
Public and private cloud metadata and why it is useful
- 1. LONDON 2015Join the conversation #devseccon Public And Private Cloud Metadata And Why It Is Useful Steven Armstrong
- 2. Who Am I And What Do I Do? • Steven Armstrong • Principal Automation Engineer @Betfair • I make invisible robots • Working in configuration management for 9 years • DevOps practitioner • Build continuous integration and deployment pipelines • Automate everything, always
- 4. So Security Processes Need To Evolve
- 6. And Should Make PCI Easier
- 7. Current Situation With Some Security Practitioners
- 8. Current Viewpoint Of Some IT Staff
- 9. DevOps And Security Practitioners Have A Responsibility To Avoid
- 10. We Need To Help Avoid
- 11. And Move To This
- 12. How Cloud Metadata Can Help Sort Information
- 13. Introducing Ansible To Help
- 15. Provision VMs or Physical Servers tag with metadata
- 16. Ansible Dynamic Inventory • Python dynamic inventory file queries underlying apis to act as a service discovery tool • Returns json inventory in real time of cloud estate • Filter machines based on tags • Carry out particular operations on servers using filters • • ansible-playbook –i openstack.py –l riemann_qa playbooks/run_chef.yml •
- 17. All Cloud Providers Have Metadata And Ansible Dynamic Inventories
- 18. DevOps Use Case: Install software on boxes ansible-playbook –i openstack.py –l riemann_prod playbooks/run_chef.yml •
- 19. DevOps Use Case: Roll boxes off load balancer at a particular version and new boxes into service ansible-playbook –i openstack.py –l riemann_prod playbooks/loadbalancer.yml •
- 20. Security Use Case: Assign Servers To Teams or Owners ansible-playbook –i openstack.py –l production playbooks/email_owners.yml •
- 21. Security Use Case: Tag Open Vulnerabilities On Boxes
- 22. Security Use Case: Targeted Patching or Updates Like Shellshock ansible-playbook –i openstack.py –l production playbooks/ad_hoc_patch.yml •
- 24. Questions?
- 25. LONDON 2015Join the conversation #devseccon Contact Info: steven.armstrong@betfair.com Blog: http://www.devarmstrongops.blogspot.co.uk/ tweet: @Steve9Armstrong !!!Come to our continuous delivery workshop later today which will show Betfairs deployment pipeline and how we have integrated security scanning into it!!!