Chef InSpec Sessions
Matt Ray, Regional Manager, Customer Architect APJ, ChefWatch Session » Session Description »
HashiCorp’s Terraform is a popular open-source Infrastructure as Code tool that allows us to quickly provision and manage infrastructure across the cloud. There are a wide variety of complementary integrations between Chef Infra, Habitat, and InSpec with Terraform that enhance the ease of managing infrastructure, applications, and compliance. This talk will dive into what’s available and provide live demos of the Terraform integrations working together as we discuss how these complementary technologies achieve the goals of Infrastructure as Code.
Graham DavisonWatch Session » Session Description »
This talk will follow a five-year journey with Chef Infra. We will start with its introduction to an existing on-premise infrastructure and scaling as the environment grew. As we scaled, we extended some of the Chef command-line tools to ease deployment.
Next, we will explore the successful and less successful approaches to moving into a hybrid cloud infrastructure in AWS. We built AMIs using Packer and Chef Infra, but ended up with forked cookbook implementations for on-premise and cloud environments.
Finally, we will explore a cloud-centric deployment integrating AWS features with Chef Infra and Chef InSpec, and adopting Policyfiles.
Arthur Maltson, Distinguished Engineer, Capital OneWatch Session » Session Description »
Test Driven Development is a popular concept in Software Development, leading to higher quality code that’s easier to maintain. Automated testing is normally a foreign concept in the Operations/DevOps world, but as you ssh into your servers to make that quick fix or run your updated script (fingers crossed), you might be wondering if there’s a better way. A way that gives you the confidence in your script and lets you test those scripts in isolation. There is a better way! Test Driven Infrastructure (TDI) is now possible. I know, it sounds crazy.
At this session you’ll learn the how, and more importantly the why, of TDI. You’ll see how Chef can be tested with Test Kitchen and Chef InSpec. You’ll also learn how to improve your feedback cycle with Docker, and using the Docker approach on a CI server. There’s even a live demo!
Finally, the Ops world collides with the Dev world in true DevOps testing bliss.
Kyle Harper, Lead Engineering Manager, CernerWatch Session » Session Description »
Are you challenged to demonstrate security compliance with strict security controls? Are your systems unexpectedly failing security audits due to your inability to routinely assess your posture? By auditing compliance through agile software delivery, one can reduce the toil of demonstrating an aggressive security posture at scale. InSpec, a compliance as code tool, enables organizations to quickly and frequently produce compliance artifacts while providing a framework for iterative continuous improvement.
In this talk, we will share our journey and challenges encountered leveraging compliance as code to validate system compliance in a federal space. We will share first-hand experience and lessons learned with successfully meeting these challenges. Whether you are a software developer, security professional, or in operations, all can benefit from these concepts.
- Interpret Security Technical Implementation Guides (STIGs) into well-defined InSpec.
- Collaborate on InSpec controls to unite and articulate your organization’s desired security posture.
- Learn methods to inject more contextual information into your InSpec results.
- Prepare auditors for this new philosophical approach.
- Create orchestration pipelines to execute InSpec at mass scale.
- Learn techniques for converting InSpec results into auditor required specific formats.
Learn from the shared experiences of an engineering manager responsible for the creation of InSpec profiles leveraged to audit systems with stringent federal security requirements.
Lance Albertson, Director, OSU Open Source LabWatch Session » Session Description »
Multi-node testing with Kitchen has long been a requested feature, however it’s outside of the scope of Kitchen. Multi-node testing is useful for testing complex services such as replicated database servers, Ceph clusters and OpenStack to name a few.
Some examples of how this is useful:
- Test to ensure your replicated database servers can fail over properly
- Test an upgrade between versions of Ceph or Openstack where doing this in an “All-in-One” might have differences with multiple nodes interacting
- Ensure all components can communicate properly with firewalls
At the OSUOSL, we developed a method for doing this using a combination of Kitchen, Terraform, InSpec and OpenStack (however any public cloud supported by Terraform will also work).
This session will cover the following topics:
- Why this is important and the problem we’re trying to solve
- Discuss what tools we used
- How you can replicate this for your environment
- Recorded demo using a real-world example
Annie Hedgpeth, Senior Cloud Automation Engineer, 10th MagnitudeWatch Session » Session Description »
For those that have longed for a simpler test-driven approach to Terraform development, come and see how I’ve made my team’s lives easier by using Test Kitchen for Terraform and how I can validate my deployments with InSpec. This will be a beginner’s guide, but all skillsets are welcome to contribute to the conversation!
We’ll discuss the different use cases for Terraform testing, such as:
- Test Driven Development (TDD)
- Integration Testing and CI/CD
- Compliance, shifting security left
- Production provisioning validation
As we know, good testing doesn’t just solve CI/CD problems; it solves culture problems. I will seek to convince you of why you need to invest in a good Terraform testing strategy early and how you might have bought into a myth that makes you think you have velocity when you don’t (are you running in wet cement).
And if you’re late to the game and have existing infrastructure with no tests, that’s okay, too. Let’s talk about how you can reduce stress by adding in some testing now. It’s not too late.
It takes an IT village to do DevOps, so let’s talk about moving security and sanity left with InSpec and Terraform. So many use cases, and so little time. You’ll leave this talk ready to implement at least one of them.
David McMaster, Automation Engineer, NetDocumentsWatch Session » Session Description »
Chef Habitat can be intimidating to adopt as it is considerably different than its predecessor, Chef Infra. This talk will go over a few different partial implementations of Chef Habitat from binary management to full blown habitat environments.
In the first example I will go over is a very basic implementation habitat where you can use existing cookbooks without much modification. This will use zookeeper, Chef Infra, and Chef Habitat to illustrate my point. The binaries will be handled by habitat while service management is handled by the Linux OS and configuration management is handled by chef infrastructure.
Next I will go over a more mixed example based on the same concept. In this iteration the binaries and service management will be handled by Chef Habitat while the release versioning is done by Chef Infra.
Finally I will go over other features, like service discovery and health checks, that could be implemented in a mixed deployment. This should help show a stepwise implementation of Chef Habitat that could transition to a more idealized Chef Habitat deployment.
The intent will be to cover ways an organization can use Chef Habitat to solve application level issues. Hopefully to both get more comfortable with Chef Habitat and solve problems within some limitations for a given organization.