Writing recipes for Windows typically involves taking a dependency on the platform-specific Windows cookbook, an artifact that has no real analog when authoring content for Unix-like systems. This requirement is changing starting with Chef 11, as more functionality and resources such as the registry resource formerly tied to the Windows cookbook are available in the core chef-client itself, thus reducing or eliminating the need to use the Windows cookbook. Additionally, the new implementations of the resources provide additional features that make recipes more predictable and robust on the Windows platform.
We’ll see some of this new capability in action, describe the motivation and what gets better, and look forward to additional Windows functionality that can be folded into chef-client.
Takeaways
All of us, Windows and non-Windows users alike, benefit when we rely less on the Windows cookbook
New resources for registry, powershell, and batch scripting are available without the Windows cookbook
These resources enable predictability for 32-bit / 64-bit (Wow64) difficulties
We should start changing our cookbooks to use the new resources
Chef-client as a Windows service is now robust and reliable, no Windows cookbook needed
This is just the beginning–let us know what should jump into core Chef next!
Slides from 08-27-2013 Opscode webinar on using Chef to automate your Microsoft Windows-based infrastructure, including a live demo of Windows automation and a review of the latest and greatest resources available for running Chef with Windows-based infrastructure.
Nordstrom has been using Chef to automate Windows environments. Come by this talk to get some tips and tricks for managing your Windows-based environment with Chef.
Tips such as:
Using Mixlib::Shellout and PowershellOut to execute Windows tools and scripts as a Domain user.
Windows cookbook improvements, including Printer LWRP
Diskpart cookbook
Chef-keypass for better one-way encryption of data-bag secrets, including certs and passwords
How to use Windows cookbook helpers
Using the new Windows Registry resource in Chef 11
Windows Sysnative for correctly locating Windows programs
Perf improvement numbers for Ruby 1.9.3 in Chef 11 for Windows
Recommended Ohai plugins to disable
Writing recipes for Windows typically involves taking a dependency on the platform-specific Windows cookbook, an artifact that has no real analog when authoring content for Unix-like systems. This requirement is changing starting with Chef 11, as more functionality and resources such as the registry resource formerly tied to the Windows cookbook are available in the core chef-client itself, thus reducing or eliminating the need to use the Windows cookbook. Additionally, the new implementations of the resources provide additional features that make recipes more predictable and robust on the Windows platform.
We’ll see some of this new capability in action, describe the motivation and what gets better, and look forward to additional Windows functionality that can be folded into chef-client.
Takeaways
All of us, Windows and non-Windows users alike, benefit when we rely less on the Windows cookbook
New resources for registry, powershell, and batch scripting are available without the Windows cookbook
These resources enable predictability for 32-bit / 64-bit (Wow64) difficulties
We should start changing our cookbooks to use the new resources
Chef-client as a Windows service is now robust and reliable, no Windows cookbook needed
This is just the beginning–let us know what should jump into core Chef next!
Slides from 08-27-2013 Opscode webinar on using Chef to automate your Microsoft Windows-based infrastructure, including a live demo of Windows automation and a review of the latest and greatest resources available for running Chef with Windows-based infrastructure.
Nordstrom has been using Chef to automate Windows environments. Come by this talk to get some tips and tricks for managing your Windows-based environment with Chef.
Tips such as:
Using Mixlib::Shellout and PowershellOut to execute Windows tools and scripts as a Domain user.
Windows cookbook improvements, including Printer LWRP
Diskpart cookbook
Chef-keypass for better one-way encryption of data-bag secrets, including certs and passwords
How to use Windows cookbook helpers
Using the new Windows Registry resource in Chef 11
Windows Sysnative for correctly locating Windows programs
Perf improvement numbers for Ruby 1.9.3 in Chef 11 for Windows
Recommended Ohai plugins to disable
Drupal Continuous Integration with Jenkins - The BasicsJohn Smith
Please check out our new SlideShow of setting up and configuring a Jenkins Continuous Integration server for use within a Drupal development environment. We walk you through the steps of installing Ubuntu 10.04 LTS, Jenkins, Drush and several other PHP coding tools and Drupal Modules to help check your code against current Drupal standards. Then we walk you through creating a git post-receive script, and Jenkins job to pull it all together.
This presentation starts with an introduction to the rationale behind automated deployments in Continuous Delivery and DevOps. Then, I compare agent-based architectures, such as Chef and Puppet with the agentless architecture of the server orchestration engine Ansible. The presentation concludes with an automated deployment of Dynatrace into a simulated production environment.
Infrastructure Automation with Chef & Ansiblewajrcs
What is Infrastructure and why you should automate it?
Typical Infrastructure
Benefits
CMS/ Automation
Chef / Terminologies / Disadvantages
Ansible / Disadvantages
Demo
Summary
Author: Waqar Alamgir; Twitter @wajrcs
Ansible is tool for Configuration Management. The big difference to Chef and Puppet is, that Ansible doesn't need a Master and doesn't need a special client on the servers. It works completely via SSH and the configuration is done in Yaml.
These slides give a short introduction & motivation for Ansible.
Ansible is a popular choice for automating infrastructure provisioning, config management, deployments, etc. Shippable provides a perfect complement with native CI, release management functionality as well as the ability to create event-driven workflows across ansible playbooks and other DevOps tools and activities.
This talk was presented by Shippable's co-founder and VP Product Management Manisha Sahasrabudhe at AnsibleFest 2017.
Chef vs Puppet vs Ansible vs SaltStack | Configuration Management Tools Compa...Edureka!
This DevOps Tutorial takes you through what is Configuration Management all about and basic concepts of Infrastructure as code. It also compares the four most widely used Configuration Management tools i.e. Chef, Puppet, Ansible and SaltStack.
Check our complete DevOps YouTube playlist here: http://goo.gl/O2vo13
DevOps Tutorial Blog Series here: https://goo.gl/P0zAfF
Docker and Puppet for Continuous IntegrationGiacomo Vacca
Today developers want to change the code, build and deploy often, even several times per day.
New versions of software may need to be tested on different distributions, and with different configurations.
Achieving this with Virtual Machines it’s possible, but it’s very resource and time consuming. Docker provides an incredibly good solution for this, in particular if combined with Continuous Integration tools like Jenkins and Configuration Management tools like Puppet.
This presentation focuses on the opportunities to configure automatically Docker images, use Docker containers as disposable workers during your tests, and even running your Continuous Integration system inside Docker.
Ansible has huge potential, also working with docker. These slides give an introduction to how Ansible works and can be used to automate and improve your infrastructure setup.
From Ansible's website: "Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs."
This introduction is based on ansible official docs, capturing most important information to make it easy to understand Ansible main concepts.
When most people talk about automating infrastructure, they focus on things like consistency, scalability, and flexibility. While fine goals, we recently converted several projects to Chef for both systems AND application deployment, and found that, with a little work, these tools could also help you enable better software quality assurance, load modeling, and even improve resource allocation.
By sharing cookbooks across projects, we were able to standardize practices and eliminate arbitrary differences, while using parameterization to perfectly isolate the special needs of each project. This allowed us to transfer knowledge among staff much more quickly. Pulling in and parameterizing application state – database contents, website assets, uploaded content – allowed us to spin up new environments with as much or as little state as needed. Integrating with Vagrant and Jenkins, we were then able to use chef to treat the entire image – system and application – as a test fixture. As each engineer (ops or dev) has visibility into the whole stack, we can more easily move people between dev and ops, or between projects.
Drupal Continuous Integration with Jenkins - The BasicsJohn Smith
Please check out our new SlideShow of setting up and configuring a Jenkins Continuous Integration server for use within a Drupal development environment. We walk you through the steps of installing Ubuntu 10.04 LTS, Jenkins, Drush and several other PHP coding tools and Drupal Modules to help check your code against current Drupal standards. Then we walk you through creating a git post-receive script, and Jenkins job to pull it all together.
This presentation starts with an introduction to the rationale behind automated deployments in Continuous Delivery and DevOps. Then, I compare agent-based architectures, such as Chef and Puppet with the agentless architecture of the server orchestration engine Ansible. The presentation concludes with an automated deployment of Dynatrace into a simulated production environment.
Infrastructure Automation with Chef & Ansiblewajrcs
What is Infrastructure and why you should automate it?
Typical Infrastructure
Benefits
CMS/ Automation
Chef / Terminologies / Disadvantages
Ansible / Disadvantages
Demo
Summary
Author: Waqar Alamgir; Twitter @wajrcs
Ansible is tool for Configuration Management. The big difference to Chef and Puppet is, that Ansible doesn't need a Master and doesn't need a special client on the servers. It works completely via SSH and the configuration is done in Yaml.
These slides give a short introduction & motivation for Ansible.
Ansible is a popular choice for automating infrastructure provisioning, config management, deployments, etc. Shippable provides a perfect complement with native CI, release management functionality as well as the ability to create event-driven workflows across ansible playbooks and other DevOps tools and activities.
This talk was presented by Shippable's co-founder and VP Product Management Manisha Sahasrabudhe at AnsibleFest 2017.
Chef vs Puppet vs Ansible vs SaltStack | Configuration Management Tools Compa...Edureka!
This DevOps Tutorial takes you through what is Configuration Management all about and basic concepts of Infrastructure as code. It also compares the four most widely used Configuration Management tools i.e. Chef, Puppet, Ansible and SaltStack.
Check our complete DevOps YouTube playlist here: http://goo.gl/O2vo13
DevOps Tutorial Blog Series here: https://goo.gl/P0zAfF
Docker and Puppet for Continuous IntegrationGiacomo Vacca
Today developers want to change the code, build and deploy often, even several times per day.
New versions of software may need to be tested on different distributions, and with different configurations.
Achieving this with Virtual Machines it’s possible, but it’s very resource and time consuming. Docker provides an incredibly good solution for this, in particular if combined with Continuous Integration tools like Jenkins and Configuration Management tools like Puppet.
This presentation focuses on the opportunities to configure automatically Docker images, use Docker containers as disposable workers during your tests, and even running your Continuous Integration system inside Docker.
Ansible has huge potential, also working with docker. These slides give an introduction to how Ansible works and can be used to automate and improve your infrastructure setup.
From Ansible's website: "Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs."
This introduction is based on ansible official docs, capturing most important information to make it easy to understand Ansible main concepts.
When most people talk about automating infrastructure, they focus on things like consistency, scalability, and flexibility. While fine goals, we recently converted several projects to Chef for both systems AND application deployment, and found that, with a little work, these tools could also help you enable better software quality assurance, load modeling, and even improve resource allocation.
By sharing cookbooks across projects, we were able to standardize practices and eliminate arbitrary differences, while using parameterization to perfectly isolate the special needs of each project. This allowed us to transfer knowledge among staff much more quickly. Pulling in and parameterizing application state – database contents, website assets, uploaded content – allowed us to spin up new environments with as much or as little state as needed. Integrating with Vagrant and Jenkins, we were then able to use chef to treat the entire image – system and application – as a test fixture. As each engineer (ops or dev) has visibility into the whole stack, we can more easily move people between dev and ops, or between projects.
Deploying applications to Windows Server 2016 and Windows ContainersBen Hall
Deploying applications to Windows Server 2016 and Windows Containers.
Delivered at NDC London 2017 on 20th January.
Sponsored by Katacoda.com, interactive learning platform for Docker and Cloud Native platforms.
Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...CodeMill digital skills
Details
Alexandra Carter - Callcredit, Numero and Microsoft: Containerisation Hack of a Legacy Software Solution
This is the story of how we took a legacy solution and pushed it into containers on windows in just three days. This was also a great chance to work with Microsoft at the cutting edge of their work on containerisation, VSTS and Azure. Moving on from our Hackathon, we have continued adding new components, experimenting with orchestration and showcasing our work. I’ll talk you through the prep work, the 3 day hack and the subsequent work; what it means for the product roadmap, the experimentation we have done and how stakeholders are responding. Finally, we’ll look ahead to next steps.
Case study: https://microsoft.github.io/techcasestudies/devops/2017/06/16/Callcredit_DevOps.html
Alex Carter
"I have worked in IT, Marketing, Software Support and Software Delivery before moving into my current System Build (DevOps) role within Callcredit. I live and breathe DevOps and am currently focussing on anything around containerisation in Windows. A day without Metal and motor racing is a dull one."
@smileandeliver (https://twitter.com/smileandeliver)
From CodeMill digital skills meetup https://www.meetup.com/CodeMill-Digital-Skills/events/243110732/
Deploying Windows Containers on Windows Server 2016Ben Hall
Introduction into the new Windows Containers and Windows Hyper-V Containers coming in Windows Server 2016.
Presented at WinOps Meetup #5 on Wednesday 20th April 2016. http://www.meetup.com/WinOps/events/229065341/
How to Deploy WSO2 Enterprise Integrator in ContainersWSO2
This slide deck explores how WSO2 Enterprise Integrator can be deployed on a containerized deployment and the key configuration steps of successful production deployment and monitoring.
Watch webinar here: https://wso2.com/library/webinars/2018/10/how-to-deploy-wso2-enterprise-integrator-in-containers/
This topic introduces tools to automate the development and deployment workflow of a WordPress web application.
I am showing the main benefits of such a workflow and how it allows making the installation and update of the project fully automatic, predictable, versioned, and ready to be integrated into a continuous deployment system. Tools like Docker and WP-CLI, will be introduced to implement that process along with a simple tool that I have developed to automatically deploy the basic data that a project needs to be up and running.
My mantra? No manual clicks whatsoever in the web interface for configuring WordPress!
CCI2017 - Windows Server 2016 - Ready for the cloud - Giampiero Cosainzwalk2talk srl
I servizi di directory Microsoft sono l'unica piattaforma IT che permette un architettura completamente Hybrid on-premise/cloud.
Vedremo tutte le novità che Microsoft ci sta proponendo "on-premise" per prepararci al passaggio nel cloud.
Nuove soluzioni Storage, lo stesso Hypervisor utilizzato da Azure, multipli "layer" di protezione, un nuovo sistema di licensing e le "licenze cloud", nano server e container...
Per richiedere accesso al canale contenente le registrazioni audio/video delle sessioni tecniche di Cloud Conference Italia 2017 compila il seguente form:
https://goo.gl/Fq6DQE
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
1. Automating That "Other" OS
Cooking with Chef on Windows
Julian Dunn <jdunn@getchef.com>
Engineering Lead – Field Solutions
Chef Software, Inc.
CloudDevelop Conference
Columbus, OH
October 2014
9. Evolution of Automation on Windows
1996: WMI
2003:
Subsystem
for Unix
Applications
1999:
Services for UNIX
2008:
PowerShell 2.0
&
Server Core
2006:
PowerShell 1.0
2013:
PowerShell 4.0/
Desired State
Configuration
2012:
PowerShell 3.0
2014:
PowerShell 5.0
(Preview)
2002:
Monad
Manifesto
10. The GUI isn't dead, but it's dying on
the server OS. Don't be caught off-guard
when it's finally gone.
- Don Jones, Redmond Magazine, July 2011
http://redmondmag.com/articles/2011/07/01/the-gui-is-dead.aspx
14. Platform-Neutral Domain-Specific Language
package 'httpd'
template '/etc/httpd/conf/httpd.conf' do
owner 'root'
group 'root'
action :create
source 'httpd.conf.erb'
notifies :reload, 'service[httpd]'
End
service 'httpd' do
action [:start, :enable]
end
windows_feature 'IIS-WebServerRole'
template 'c:inetpubwwwrootindex.html' do
owner 'Administrator'
group 'IIS_IUSRS'
action :create
source 'index.html.erb'
notifies :reload, 'service[W3SVC]'
End
service 'W3SVC' do
action [:start, :enable]
end
15. Chef Mechanics
• Recipes go in cookbooks
• Cookbooks are uploaded to a Chef
server
• Nodes periodically check in and
get their recipes to run ("run list")
• If system state is already desired
state, Chef makes no changes
• "Convergence"
16. What's the Purpose of Declarative CM?
• Consistent, reproducible configurations
• Manage & deploy thousands of machines correctly
• Deploy applications correctly
• Keep them in compliance with declared policy
+ =
Infrastructure Applications Service
18. Microsoft System Center
• Advisor
• App Controller
• Configuration Manager (SCCM)
• Data Protection Manager
• Endpoint Protection
• Orchestrator/SMA
• Operations Manager
• Service Manager
• Virtual Machine Manager
19. System Center Configuration Manager
• Origin: Started as Systems
Management Server (1994), renamed
SCCM in ~2007
• Purpose: Manage large groups of
computers running Windows, Windows
Embedded, Mac OS X, and/or
Linux/UNIX
• Components:
• Remote control
• Patch management
• Software distribution
• OS deployment using MDT
• Hardware/software inventory
• System configuration
20. SCCM: The Good, Bad and the Ugly
• Good:
• Easy-to-use UI
• Lots of functionality
• Great for managing desktops
• Integrates with other System Center products
• Bad:
• Prescriptive workflow
• Point-and-click
• Needs Active Directory
• Hard to automate the automation
• No easily versionable artifacts
21. SCCM and Chef
• SCCM (Compliance Settings)
• Configuration settings set via UI
• Configuration item primitives
• WMI, registry, scripts, applications
• Shareable artifacts (baselines)
• Restrictive workflow
• Idempotence is up to you
• Agent-based
• Chef:
• Configuration settings via plain text files
• Resource primitives
• file, template, service, powershell_script, etc.
• Shareable & versionable artifacts
(cookbooks)
• Flexible workflow
• Built-in idempotence
• Agent-based
23. Provisioning with Chef on Microsoft Azure
1. Upload content (cookbooks, roles, etc.)
2. Request VM
4. Register with Chef server
5. Execute run_list
3. Create VM, install Azure
and Chef agents
24. Provisioning with Chef
$ knife azure server create
--azure-source-image a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-R2-201409.01-en.us-127GB.vhd
--bootstrap-protocol cloud-api
--winrm-user chef
--winrm-password DELETED
--azure-dns-name DELETED
-r "role[base-windows], role[fourthcoffee-classic]"
...........
Waiting for virtual machine to reach status 'provisioning'............vm state 'provisioning' reached after 2.6 minutes.
Waiting for virtual machine to reach status 'ready'..........................vm state 'ready' reached after 6.23 minutes.
.
DNS Name: DELETED.cloudapp.net
VM Name: DELETED
Size: Medium
Azure Source Image: a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-R2-201409.01-en.us-127GB.vhd
Azure Service Location: East US
Public Ip Address: XXXXXXXX
Private Ip Address: YYYYYYYY
WinRM Port: 5985
Environment: _default
25. Provisioning with Chef
Waiting for Resource Extension to reach status 'wagent provisioning'....
Resource extension state 'wagent provisioning' reached after 0.03 minutes.
Waiting for Resource Extension to reach status 'installing'....................
Resource extension state 'installing' reached after 2.17 minutes.
Waiting for Resource Extension to reach status 'provisioning'....................................
Resource extension state 'provisioning' reached after 4.33 minutes.
Waiting for Resource Extension to reach status 'ready'....................
Resource extension state 'ready' reached after 2.16 minutes.
.
DNS Name: DELETED.cloudapp.net
VM Name: DELETED
Size: Medium
Azure Source Image: a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-R2-201409.01-en.us-127GB.vhd
Azure Service Location: East US
Public Ip Address: XXXXXX
Private Ip Address: YYYYYY
WinRM Port: 5985
Environment: _default
Runlist: ["role[base-windows]", "role[fourthcoffee-classic]"]
27. Pay no attention to the man behind the curtain
windows_feature 'IIS-WebServerRole' do
action :install
end
# Pre-requisite features for IIS-ASPNET45 that need to be installed first, in this order.
%w{IIS-ISAPIFilter IIS-ISAPIExtensions NetFx3ServerFeatures NetFx4Extended-ASPNET45 IIS-NetFxExtensibility45}.
each do |f|
windows_feature f do
action :install
end
end
windows_feature 'IIS-ASPNET45' do
action :install
end
28. Pay no attention to the man behind the curtain
remote_directory node['fourthcoffee']['install_path'] do
source 'fourthcoffee'
action :create
end
iis_pool 'FourthCoffee' do
runtime_version '4.0'
action :add
end
iis_site 'FourthCoffee' do
protocol :http
port 80
path node['fourthcoffee']['install_path']
application_pool 'FourthCoffee'
action [:add,:start]
end
29. Challenges to Automation on Windows
• No real package manager
• Many COTS vendors don’t understand automation
• UAC (User Access Control)
• WinRM Quotas
• Win32 Redirector
• Not all preferences/state stored in registry
• Reboots!
• Other annoyances (KB2773898, KB2918614, KB2842230)
31. PowerShell DSC: The Future of Automation
"DSC represents a significant break in administration, because it
asks … administrators to not actually configure anything
themselves. Instead, DSC asks administrators to describe, in fairly
simple text files, how they would like a computer to be configured.
The computer, in turn, reads that text file, and configures itself
accordingly."
- The DSC Book, Don Jones & Steve Murawski
32. The Relationship between DSC and Chef
• As PerfMon is to Solarwinds, DSC is to Chef
• DSC provides automation primitives that Chef recipes can call
• It deliberately lacks the ecosystem:
• Content distribution
• Cross-platform support
• Monitoring/logging/analytics
• However, it brings a standard base for automation to Windows
• No MSFT product in the future may ship without DSC modules!
33. Example DSC Code
Configuration FourthCoffee
{
# Install the IIS role
WindowsFeature IIS
{
Ensure = "Present"
Name = "Web-Server"
}
# Install the ASP .NET 4.5 role
WindowsFeature AspNet45
{
Ensure = "Present"
Name = "Web-Asp-Net45"
}
...
}
34. DSC Invoked from Chef
Configuration FourthCoffee
{
# Install the IIS role
WindowsFeature IIS
{
Ensure = "Present"
Name = "Web-Server"
}
# Install the ASP .NET 4.5 role
WindowsFeature AspNet45
{
Ensure = "Present"
Name = "Web-Asp-Net45"
}
...
}
dsc_resource 'webserver' do
resource_name :windowsfeature
property :name, 'Web-Server'
property :ensure, 'Present'
end
dsc_resource 'dotnet45' do
resource_name :windowsfeature
property :name, 'Web-Asp-Net45'
property :ensure, 'Present'
end
36. DevOps is a Two-Way Street
• It's great when developers
care about:
• Uptime!
• Scaling!
• Deployment!
• Argh! Put them on call! That'll
teach them!
37. DevOps is a Two-Way Street
• Sysadmins/infracoders have a lot to learn
from developers as well!
• Good developers:
• Write unit tests
• Write acceptance tests
• Practice test-driven-development
• Build confidence that their program code works
correctly
• Avoid breaking their applications
• Good infracoders:
• Do all of the above
• Avoid breaking ALL THE THINGS
38. Testing on the desktop
• Chef Ecosystem Tools:
• Test Kitchen
• Acceptance testing (ServerSpec)
• Bring-your-own hypervisor (VirtualBox, VMWare
Fusion/Workstation, Hyper-V…) and/or middleware
(Vagrant)
• Demo
39. Example Test Suite
describe windows_feature('IIS-WebServer') do
it { should be_installed }
end
describe port(80) do
it { should be_listening }
end
describe file('C:inetpubFourthCoffeeDefault.cshtml') do
it { should be_file }
end
40. Test Kitchen Demo
fourthcoffee ~$ kitchen test default-windows-2012R2 --destroy=never
-----> Starting Kitchen (v1.3.0)
-----> Cleaning up any prior instances of <default-windows-2012R2>
-----> Testing <default-windows-2012R2>
-----> Creating <default-windows-2012R2>...
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'win2012r2-datacenter-chef11.16.2'...
Vagrant instance <default-windows-2012R2> created.
Finished creating <default-windows-2012R2> (2m57.54s).
-----> Converging <default-windows-2012R2>...
-----> Chef Omnibus installation detected (true)
Transferring files to <default-windows-2012R2>
Concurrent threads set to :max_threads => 2
[2014-10-13T19:16:36-07:00] INFO: Starting chef-zero on host localhost, port 8889 with repository at repository at
C:/tmp/kitchen
One version per cookbook
[2014-10-13T19:16:40-07:00] INFO: *** Chef 11.16.2 ***
[2014-10-13T19:16:40-07:00] INFO: Chef-client pid: 1656
41. Test Kitchen Demo
[2014-10-13T19:19:10-07:00] INFO: Chef Run complete in 142.572914 seconds
[2014-10-13T19:19:10-07:00] INFO: Running report handlers
[2014-10-13T19:19:10-07:00] INFO: Report handlers complete
Finished converging <default-windows-2012R2> (22m55.08s).
-----> Setting up <default-windows-2012R2>...
-----> Running postinstall for serverspec plugin
Finished setting up <default-windows-2012R2> (0m45.62s).
-----> Verifying <default-windows-2012R2>...
-----> Running serverspec test suite
Windows feature "IIS-WebServer" should be installed
Port "80" should be listening
File "C:inetpubFourthCoffeeDefault.cshtml" should be file
Finished in 13.41 seconds (files took 0.48432 seconds to load)
3 examples, 0 failures
Finished verifying <default-windows-2012R2> (0m22.73s).
Finished testing <default-windows-2012R2> (27m11.16s).
-----> Kitchen is finished. (27m12.60s)
42. Summary
• Don't point-and-click to administer your Windows servers
• Learn PowerShell!
• Learn declarative configuration management
• Test your infrastructure code
This is how I used to manage Active Directory.
Point and click
Also, this sort of thing. Microsoft has nice wizards.
This is still extant in Windows Server Tech Preview (Windows Server 10).
Anecdote about customer that employs people to sit around with dozens of RDP sessions on Patch Tuesday just to click 'Windows Update'
To Microsoft's credit, they've recognized this early. Or at least Jeffrey Snover, the author of the "Monad Manifesto", did.
What the Monad Manifesto did is that it recognized the UNIX model – of a command line in which operators could string together operations – was fundamentally sound.
And it extended it to an object-based language, which makes Powershell even more powerful than Bourne Shell.
It took a while for concepts to bake out, but here we are!
Monad Shell – became PowerShell, an object-oriented shell
Monad Remote Scripting – became PowerShell Remoting (WinRM)
Although this is obviously not to scale, you can see that MSFT is really speeding up the release cadence of automation features.
You can see that Jeffrey Snover learned a lot of lessons from the success and failure of things like WMI and SFU, wrote the Monad Manifesto and then has spent the last 12+ years building all the components to make it a reality.
So yes, Chef started out on the Unix/Linux platform, but as people saw the writing on the wall about Windows and the GUI, they wanted to extend the same automation primitives to this platform.
Most shops are not homogenous – they often have both Linux/Unix and Windows.
What we're looking at is a Chef recipe to install a webserver.
You can see that Chef tells the system what to do, not how.
Chef's job is to translate the what into the how, across a broad swath of Oses, infrastructure, applications
It is OS-neutral and deployment neutral. Use the same code to deploy on metal, cloud, VMs, whatever.
A lot of these are product acquisitions. They are loosely-integrated, some better than others, but it's definitely a work in progress. Example: Often can be more than one agent on a box to do certain things. MSFT is making headway to try and make it a more seamless experience.
"Manage" is a loaded term, which I'll get into in a second.
Good:
Nice UI, easy to explore
OS deployment
Patch management
System inventory
MDM integration w/Intune
Great client management
Integration with other System Center products
Bad:
UI prescribes a workflow
Requires Active Directory
Not a great automation story (can't automate the automation)
No easily versionable artifacts
Changes require manual interaction with UI
Insert a diagram here showing how this works
We can try this live but I'll have to come back to it while we run through some more slides
knife azure server create –azure-vm-size Small --azure-source-image a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-R2-201409.01-en.us-127GB.vhd --bootstrap-protocol cloud-api --winrm-user chef --winrm-password C00kingWithChef$ --azure-dns-name columbus1--tcp-endpoints 3389:3389,80:80 -r "role[base-windows],role[fourthcoffee-classic]"
Chocolatey/NuGet will help with the package management problem. There is still a crapton of legacy stuff out there, and a variety of packaging formats. Not all of them can deal with inplace upgrades.
COTS vendors don't understand automation:
Some products can't be installed in Server Core
Some products can't be installed over PoSH remote sessions or unattended sessions
KB2773898 – you can't install MSUs over WinRM
KB2918614 – broken patches to Windows that prevent MSIs from installing
KB2842230 – WinRM quotas not respected on older operating systems
Hmm, sounds a lot like Chef, right?
So if MSFT provides a standard set of automation hooks in their own products and hammers ISVs to ship the same hooks, then the app space and OS space have a uniform automation framework now.
NOTE: try to find something that maps closer to a piece of Chef code
NOTE: try to find something that maps closer to a piece of Chef code
Talk about the use cases here. I just used Chef on my desktop to spin up a VM and install exactly the same things I installed on my "real" VM, and ran some acceptance tests. How cool is that?
Have the demo prepared (started up) before going on-stage, because it might not work again. Just scrollback in the terminal buffer.