Chef, workflow, cloud integrations, habitat!

1. Mandi Walls
September 21, 2016

3. Mandi Walls
mandi@chef.io
@LNXCHK
Community Manager for Chef EMEA

4. EVERY business is a software business
We’re going to be a software
company with airplanes.
– CIO, Alaska Airlines

5. Quality and innovation, historically a tradeoffQUALITY/COMPLIANCE
RATE OF INNOVATION

6. Challenges
Manual processes
Weeks to setup new systems or software
Legacy systems and tools
Inflexible, hard-to-change hardware and software
Organizational silos
Unwieldy divisions of responsibility
Infrequent, large releases
Fear of deployment due to risk to SLAs
Regulatory burdens
Compliance bottleneck at the end of a project

7. Manual processes
Weeks to setup new systems or software
Legacy systems and tools
Inflexible, hard-to-change hardware and software
Organizational silos
Unwieldy divisions of responsibility
Regulatory burdens
Compliance bottleneck at the end of a project
Infrequent, large releases
Fear of deployment due to risk to SLAs
Compliance at velocity
Integration of compliance into the workflow using
automated tests
Increased cooperation and trust
Teams are aligned towards common goals
Dynamic infrastructure
Easy migration to on-demand, cloud-based infrastructure
and management of heterogeneous networks
Automation
New systems and software updates deployed in minutes
Continuous delivery of infrastructure
and applications
Safe, rapid delivery of incremental value
Solutions to the challenges

8. The game changer: rapid time to value
Innovation
Quality/
Complianc
e
Dynamic
Infrastructure

9. Dynamic infrastructure
Migrate applications to the cloud and support hybrid and
multi-cloud environments. Automate the management of
heterogeneous networks, including legacy systems.
• Provisioning and setting up environments
• Dynamic scaling of compute resources
• Migrating legacy workloads to the cloud
• Multi cloud and hybrid cloud deployment
• Support for heterogeneous environments

10. The game changer: rapid time to value
Innovation
Quality/
Complianc
e
Dynamic
Infrastructure
Infrastructure as Code
Automate the Stack
+

11. Infrastructure as Code
• Programmatically provision and configure
components
• Treat like any other code base
• Reconstruct business from code repository,
data backup, and compute resources

12. Automation
Turn infrastructure into code—infrastructure as code is
versionable, testable and repeatable. Manual processes
become a thing of the past.
• Automated, full-stack application policies
• Package and service installation
• Versionable, testable, repeatable workflow
• Scalable application policies
• Management of interdependencies across
nodes

13. Chef Server
Policy
State
State queries
Servers, VMs, cloud
instances, etc.
running the Chef client
• The Chef server stores policy and configuration data
• The Chef client periodically runs on each node in the network
• Chef clients poll the server for the latest policies
• Chef clients notify the server of their states and can query for the states of other nodes

14. Describe Infrastructure as Code
httpd_service 'customers' do
mpm 'prefork'
action [:create, :start]
end
httpd_config 'customers' do
instance 'customers'
source 'customers.conf.erb'
notifies :restart, 'httpd_service[customers]'
end
directory '/var/www/customers/public_html' do
recursive true
end

15. Test the Code
describe 'apache::default' do
context 'When all attributes are default, on an unspecified platform' do
let(:chef_run) do
runner = ChefSpec::ServerRunner.new
runner.converge(described_recipe)
end
it 'converges successfully' do
expect { chef_run }.to_not raise_error
end
it 'installs apache' do
expect(chef_run).to install_package 'apache2'
end
end
end

16. Version the Code & the Artifact
name 'cmgw'
maintainer 'Chef Software, Inc.'
maintainer_email ’awesomedev@chef.io'
license 'apache2'
description 'Installs/Configures cmgw'
long_description 'Installs/Configures cmgw'
version '0.1.0'

17. The game changer: rapid time to value
Innovation
Quality/
Complianc
e
Dynamic
Infrastructure
Infrastructure as Code
Automate the Stack
DevOps
+ +

18. UBIQUITOUS
WORKFLOW
AUTOMATION

19. DevOps workflow & culture
Eliminate silos and lower the overhead of IT operations and
service management by supporting DevOps culture. Build
communities.
• Unified workflow for application and
infrastructure
• Integration with version control for dev and ops
• Support for automated testing of infrastructure
and applications
• Integration of security and compliance into
product development
• Advanced, high-velocity workflow

20. The rewards?*
*source: Dr. Nicole Forsgren research on DevOps
More deployments
Ship faster
Faster MTTR after issues
More profits, market share, and productivity
Market cap goes up

21. Fast Flexible Infrastructure
•Run the same configurations regardless of environment: Repeatable and
Reliable
•Chef integrates with numerous cloud providers
•Run your Chef Server in the cloud, in your datacenter, or use Hosted Chef

22. Where Does Chef Integrate with IaaS
•Provisioning – creating new resources
•Management – alter resources over their lifecycle
•Destroy – sunset resources that are no longer needed
•Supported features and resources vary by provider
•Testing environments – the Test Kitchen project can use numerous providers
for testing chef code / infrastructure provisioning

23. Chef and AWS
•Manage hosts, EBS volumes, EIPs, ELBs, Cloudwatch, CloudFormation, IAM
users, etc
• Flexibility of custom resources and Ruby allows us to expand and update support regularly
•Provision, manage, and destroy resources as needed
•Launch Chef Automate directly in the cloud via the MarketPlace

24. Chef and AWS Customers
•Scholastic
• World’s largest publisher of material for children
• Datacenter update / modernize – didn’t want to be in the datacenter management business
• Targeted public cloud
• Worked through a rearchitecture of projects for cloud readiness

25. Chef and Azure
•Our neighbors in the Seattle region
•https://www.chef.io/partners/azure/
•Provision and manage resource lifecycle on Azure
•Integrate with DSC for Azure Windows
•Run Chef from the Azure Marketplace
•Add Chef to an Azure PaaS role - https://github.com/Microsoft/Azure-PaaS-
ChefClient
•https://channel9.msdn.com/Shows/TechNet+Radio/TechNet-Radio-Part-22-
Building-Your-Hybrid-Cloud-Orchestrating-Hybrid-Cloud-with-Chef-and-Azure

26. Chef and MSN
•MSN runs on Azure now with Chef

27. Other Cloud Platforms and Providers
•Google Cloud Platform
•OpenStack
•Linode
•Rackspace
•Terremark
•VMware / vSphere

28. Cloud Lead to Our Journey to CI/CD
•Helped many customers build reliable, repeatable infrastructure
•Brought testing into Infrastructure teams with Test Kitchen
•Overall application delivery pushed into build pipelines and integrated with
infrastructure

29. Continuous delivery of infrastructure & apps
Implement a high-velocity software delivery pipeline that
integrates application and infrastructure. Eliminate the risks
incurred with large, infrequent releases.
• Rapid provisioning of dev and test environments
• Ensure consistency and repeatability of
environments
• Unified pipeline for infrastructure, runtime
environments and applications
• Support for large teams with multiple projects
• Advanced, high-velocity workflow

30. ONE PATH FOR CHANGE
• The way change moves through your
organization is fixed
• Designed to re-enforce your principles and aid
flow
• Flexible at the level of execution

31. CODE GOES THROUGH THE
SAME WORKFLOW
Applications are code
Infrastructure is code

32. Security and compliance at velocity
Regulatory compliance and security concerns are facts of life
for every enterprise. At the same time, competitive pressures
are increasing. Embed requirements into the software
delivery pipeline. Code makes compliance at velocity
possible.
• Embed compliance into the software delivery
pipeline
• Automated checking of compliance criteria with
analytics
• Structured review process during development
• Discovery and analysis
• Patch management and remediation

34. SSH Control
SSH supports two different protocol
versions. The original version,
SSHv1, was subject to a number of
security issues. Please use SSHv2
instead to avoid these.

36. Product Ideas and Features
Security Review
Production

39. What We Have Here Is A Communications Problem

41. SSH Version Check
describe sshd_config do
impact 1.0
title 'SSH Version 2'
desc <<-EOF
SSH supports two different protocol versions. The original version, SSHv1, was subject to a number of
security issues. Please use SSHv2 instead to avoid these.
EOF
its('Protocol') { should cmp 2 }
end

45. Unified Pipeline Shape
The stages are fixed, and each stage has a fixed set of phases
APPROVE DELIVER
Submi
t
Chang
e

46. Unified Pipeline Shape
The stages are fixed, and each stage has a fixed set of phases
APPROVE DELIVER
Lint
Syntax
Unit
Submi
t
Chang
e

47. Unified Pipeline Shape
The stages are fixed, and each stage has a fixed set of phases
APPROVE DELIVER
Lint
Syntax
Unit
Submi
t
Chang
e
Does this
code change
look good?

48. Unified Pipeline Shape
The stages are fixed, and each stage has a fixed set of phases
APPROVE DELIVER
Lint
Syntax
Unit
Security
Quality
Publish
Lint
Syntax
Unit
Submi
t
Chang
e
Does this
code change
look good?

49. Unified Pipeline Shape
The stages are fixed, and each stage has a fixed set of phases
APPROVE DELIVER
Lint
Syntax
Unit
Security
Quality
Publish
Lint
Syntax
Unit
Provision
Deploy
Smoke
Functional
Submi
t
Chang
e
Does this
code change
look good?

50. Unified Pipeline Shape
The stages are fixed, and each stage has a fixed set of phases
APPROVE DELIVER
Lint
Syntax
Unit
Security
Quality
Publish
Lint
Syntax
Unit
Provision
Deploy
Smoke
Functional
Submi
t
Chang
e
Does this
code change
look good?
Do we want
to ship this?

51. Unified Pipeline Shape
The stages are fixed, and each stage has a fixed set of phases
APPROVE DELIVER
Lint
Syntax
Unit
Security
Quality
Publish
Lint
Syntax
Unit
Provision
Deploy
Smoke
Functional
Provision
Deploy
Smoke
Functiona
l
Submi
t
Chang
e
Does this
code change
look good?
Do we want
to ship this?

52. Unified Pipeline Shape
The stages are fixed, and each stage has a fixed set of phases
APPROVE DELIVER
Lint
Syntax
Unit
Security
Quality
Publish
Lint
Syntax
Unit
Provision
Deploy
Smoke
Functional
Provision
Deploy
Smoke
Functiona
l
Provision
Deploy
Smoke
Functional
Submi
t
Chang
e
Does this
code change
look good?
Do we want
to ship this?

53. Unified Pipeline Shape
The stages are fixed, and each stage has a fixed set of phases
APPROVE DELIVER
Lint
Syntax
Unit
Security
Quality
Publish
Lint
Syntax
Unit
Provision
Deploy
Smoke
Functional
Provision
Deploy
Smoke
Functiona
l
Provision
Deploy
Smoke
Functional
Provision
Deploy
Smoke
Functional
Submi
t
Chang
e
Does this
code change
look good?
Do we want
to ship this?

54. Shared Workflow
Delivery’s pipeline is shared across projects and teams

58. Chef Provides a Proven Approach to DevOps
...
...
...
Targets/Workloads
Collaborative Dev Production
Chef Server
Chef Server
Chef
Supermarket
Assessment
Chef Compliance
Search
Audit
Discover
Deploy
Chef Automate
Workflow
Local Dev
Model
Build
Test
Chef DK
Chef Client & Cookbooks

59. Where did that lead us?

61. Habitat Project
• Launched in June 2016 – still a baby!
• “What is Chef thinking about containers/microservices/orchestration”

62. What is Habitat
• Automation that focuses on the application rather than infrastructure
• Infra is there because the Apps need it to be useful
• Builds repeatable, documented stacks for apps and dependencies
• Explicit versioning of apps and deps
• A supervisor for coordination and run-time configuration

63. Why?
• Portability
• Accountability
• Know exactly what is going into your environment
• Build the same every time, no substitutions of new layers without recording
• Built in organization and monitoring by the supervisor

64. Pieces of Habitat
• A bit more complex than working in Chef
• Build in a “clean room” environment called the habitat studio
• Limit the effects of external influences, undocumented accidental dependencies
• Produce packages for standalone run-time or export to container platforms

65. Plan Files
pkg_origin=<youroriginname>
pkg_name=mytutorialapp
pkg_version=0.2.0
pkg_maintainer="The Habitat Maintainers
<humans@habitat.sh>”
pkg_license=()
pkg_source=https://github.com/habitat-
sh/habitat-example-plans
pkg_deps=(core/node)
pkg_expose=(8080)
do_download()
{ return 0 }
do_verify()
{ return 0 }
do_unpack()
{ return 0 }
do_build()
{ … }
do_install()
{ … }

66. Run the thing you built. Everywhere.

67. Extra cool stuff via the supervisor
• --bind
• --peer
• Manipulate config at runtime and push updates

68. Hard Stuff
• Apps may need altering
• Bits aren’t going to always be in the same places as expected, due to clean room idea and
dependency isolation
• Not everything has been habitatified yet
• Still work going on for integrations with container platforms and other
components
• You will need access to the Internet
• Scary!
• Windows is on the way

69. SO! MUCH! INFORMATION!
omg

70. Chef Resources
• Chef.io – all the basics about Chef the company, our products, our partners
• learn.chef.io – online tutorials, docs, training opportunities
• chef-community.slack.com – our online community, chefs from all over the world
• https://www.youtube.com/user/getchef - Our YouTube channel: conference
talks, product info, tutorials, etc
• Our London Meetup: http://www.meetup.com/Chef-Users-London/

71. Habitat Resources
• habitat.sh – info, docs, tutorials, plans and packages
• https://www.youtube.com/user/getchef/ ChefConf 2016 Videos
• Habitat 101 – Joshua Timberman
• Habitat 201 – George Miranda
• Habitat 301 – Jamie Winsor
• habitat.slack.com

72. Chef Community!!!
https://summit.chef.io

73. What questions can I answer for you?