This document discusses configuration management in a containerized world. It provides an overview of Docker's success due to instant productivity, development resembling shipping, and portable artifacts. It then outlines the build, test, ship, and run phases for container management and discusses using tools like Chef to build containers from cookbooks. Lastly, it touches on fleet management across machines using tags and recipes to deploy MySQL and WordPress containers.
Nordstrom has been using Chef to automate Windows environments. Come by this talk to get some tips and tricks for managing your Windows-based environment with Chef.
Tips such as:
Using Mixlib::Shellout and PowershellOut to execute Windows tools and scripts as a Domain user.
Windows cookbook improvements, including Printer LWRP
Diskpart cookbook
Chef-keypass for better one-way encryption of data-bag secrets, including certs and passwords
How to use Windows cookbook helpers
Using the new Windows Registry resource in Chef 11
Windows Sysnative for correctly locating Windows programs
Perf improvement numbers for Ruby 1.9.3 in Chef 11 for Windows
Recommended Ohai plugins to disable
Writing recipes for Windows typically involves taking a dependency on the platform-specific Windows cookbook, an artifact that has no real analog when authoring content for Unix-like systems. This requirement is changing starting with Chef 11, as more functionality and resources such as the registry resource formerly tied to the Windows cookbook are available in the core chef-client itself, thus reducing or eliminating the need to use the Windows cookbook. Additionally, the new implementations of the resources provide additional features that make recipes more predictable and robust on the Windows platform.
We’ll see some of this new capability in action, describe the motivation and what gets better, and look forward to additional Windows functionality that can be folded into chef-client.
Takeaways
All of us, Windows and non-Windows users alike, benefit when we rely less on the Windows cookbook
New resources for registry, powershell, and batch scripting are available without the Windows cookbook
These resources enable predictability for 32-bit / 64-bit (Wow64) difficulties
We should start changing our cookbooks to use the new resources
Chef-client as a Windows service is now robust and reliable, no Windows cookbook needed
This is just the beginning–let us know what should jump into core Chef next!
Slides from 08-27-2013 Opscode webinar on using Chef to automate your Microsoft Windows-based infrastructure, including a live demo of Windows automation and a review of the latest and greatest resources available for running Chef with Windows-based infrastructure.
Nordstrom has been using Chef to automate Windows environments. Come by this talk to get some tips and tricks for managing your Windows-based environment with Chef.
Tips such as:
Using Mixlib::Shellout and PowershellOut to execute Windows tools and scripts as a Domain user.
Windows cookbook improvements, including Printer LWRP
Diskpart cookbook
Chef-keypass for better one-way encryption of data-bag secrets, including certs and passwords
How to use Windows cookbook helpers
Using the new Windows Registry resource in Chef 11
Windows Sysnative for correctly locating Windows programs
Perf improvement numbers for Ruby 1.9.3 in Chef 11 for Windows
Recommended Ohai plugins to disable
Writing recipes for Windows typically involves taking a dependency on the platform-specific Windows cookbook, an artifact that has no real analog when authoring content for Unix-like systems. This requirement is changing starting with Chef 11, as more functionality and resources such as the registry resource formerly tied to the Windows cookbook are available in the core chef-client itself, thus reducing or eliminating the need to use the Windows cookbook. Additionally, the new implementations of the resources provide additional features that make recipes more predictable and robust on the Windows platform.
We’ll see some of this new capability in action, describe the motivation and what gets better, and look forward to additional Windows functionality that can be folded into chef-client.
Takeaways
All of us, Windows and non-Windows users alike, benefit when we rely less on the Windows cookbook
New resources for registry, powershell, and batch scripting are available without the Windows cookbook
These resources enable predictability for 32-bit / 64-bit (Wow64) difficulties
We should start changing our cookbooks to use the new resources
Chef-client as a Windows service is now robust and reliable, no Windows cookbook needed
This is just the beginning–let us know what should jump into core Chef next!
Slides from 08-27-2013 Opscode webinar on using Chef to automate your Microsoft Windows-based infrastructure, including a live demo of Windows automation and a review of the latest and greatest resources available for running Chef with Windows-based infrastructure.
Ansible is a popular choice for automating infrastructure provisioning, config management, deployments, etc. Shippable provides a perfect complement with native CI, release management functionality as well as the ability to create event-driven workflows across ansible playbooks and other DevOps tools and activities.
This talk was presented by Shippable's co-founder and VP Product Management Manisha Sahasrabudhe at AnsibleFest 2017.
Ansible is tool for Configuration Management. The big difference to Chef and Puppet is, that Ansible doesn't need a Master and doesn't need a special client on the servers. It works completely via SSH and the configuration is done in Yaml.
These slides give a short introduction & motivation for Ansible.
This presentation starts with an introduction to the rationale behind automated deployments in Continuous Delivery and DevOps. Then, I compare agent-based architectures, such as Chef and Puppet with the agentless architecture of the server orchestration engine Ansible. The presentation concludes with an automated deployment of Dynatrace into a simulated production environment.
Deploying an application with Chef and DockerDaniel Ku
Docker 캐주얼 토크 #1 (2014-10-15)에서 발표하기 위해 만든 자료.
원래 'Docker 실서비스 도입기'를 발표하려고 했으나, 아직 도입이 마무리되지 못한 관계로 그 과정에서 의미 있는 부분을 찾아보았다.
그래서 Chef와 Docker가 도입되면 StudyGPS에서 어플리케이션을 업데이트하는 기존의 방식이 어떻게 변화하는지에 대해 설명하고, 그 변화의 의미에 대해서 생각해보고 정리하였다.
DevOpsDays Austin 2016 talk. Compliance and security are the next steps after Infrastructure as Code and Test-Driven Infrastructure in expanding your DevOps workflow. Chef's open-source InSpec and audit cookbooks provide an accessible pattern for building compliance into your continuous delivery pipelines.
Ansible has huge potential, also working with docker. These slides give an introduction to how Ansible works and can be used to automate and improve your infrastructure setup.
Drupal Continuous Integration with Jenkins - The BasicsJohn Smith
Please check out our new SlideShow of setting up and configuring a Jenkins Continuous Integration server for use within a Drupal development environment. We walk you through the steps of installing Ubuntu 10.04 LTS, Jenkins, Drush and several other PHP coding tools and Drupal Modules to help check your code against current Drupal standards. Then we walk you through creating a git post-receive script, and Jenkins job to pull it all together.
Infrastructure testing with Jenkins, Puppet and Vagrant - Agile Testing Days ...Carlos Sanchez
Extend Continuous Integration to automatically test your infrastructure.
Continuous Integration can be extended to test deployments and production environments, in a Continuous Delivery cycle, using infrastructure-as-code tools like Puppet, allowing to manage multiple servers and their configurations, and test the infrastructure the same way continuous integration tools do with developers’ code.
Puppet is an infrastructure-as-code tool that allows easy and automated provisioning of servers, defining the packages, configuration, services, … in code. Enabling DevOps culture, tools like Puppet help drive Agile development all the way to operations and systems administration, and along with continuous integration tools like Jenkins, it is a key piece to accomplish repeatability and continuous delivery, automating the operations side during development, QA or production, and enabling testing of systems configuration.
Using Vagrant, a command line automation layer for VirtualBox, we can easily spin off virtual machines with the same configuration as production servers, run our test suite, and tear them down afterwards.
We will show how to set up automated testing of an application and associated infrastructure and configurations, creating on demand virtual machines for testing, as part of your continuous integration process.
(Click 2nd slide for video) Deploy PHP apps faster in 2017. This talk focuses on how PHP developers can use simple Ansible scripts to rapidly configure new dev and production servers from scratch, and deploy their apps. No more "snowflake servers"!
This is a general introduction to DevOps essentials and Ansible, with a few extras for PHP developers, including some best practice tips and overview of two major Ansible-based PHP projects, Drupal-VM and Trellis (modern WordPress setup).
Community Cookbooks & further resources - Fundamentals Webinar Series Part 6Chef
Part 6 of a 6 part series introducing you to the fundamentals of Chef.
This session includes an introducing Community Cookbooks and some additional resources.
After viewing this webinar you will be able to:
- Find, preview, and download cookbooks from the Chef Community site
- Use knife to work with the Community Site API
- Download, extract, examine and implement cookbooks from the Community site
Video of this webinar can be found at the following URL
https://www.youtube.com/watch?v=ovTIeS3kx4g&list=PL11cZfNdwNyPnZA9D1MbVqldGuOWqbumZ
ContainerDays Boston 2015: "Continuous Delivery with Containers" (Nick Gauthier)DynamicInfraDays
Slides from Nick Gauthier's talk "Continuous Delivery with Containers" at ContainerDays Boston 2015: http://dynamicinfradays.org/events/2015-boston/programme.html#cdwithcontainers
Ansible is a popular choice for automating infrastructure provisioning, config management, deployments, etc. Shippable provides a perfect complement with native CI, release management functionality as well as the ability to create event-driven workflows across ansible playbooks and other DevOps tools and activities.
This talk was presented by Shippable's co-founder and VP Product Management Manisha Sahasrabudhe at AnsibleFest 2017.
Ansible is tool for Configuration Management. The big difference to Chef and Puppet is, that Ansible doesn't need a Master and doesn't need a special client on the servers. It works completely via SSH and the configuration is done in Yaml.
These slides give a short introduction & motivation for Ansible.
This presentation starts with an introduction to the rationale behind automated deployments in Continuous Delivery and DevOps. Then, I compare agent-based architectures, such as Chef and Puppet with the agentless architecture of the server orchestration engine Ansible. The presentation concludes with an automated deployment of Dynatrace into a simulated production environment.
Deploying an application with Chef and DockerDaniel Ku
Docker 캐주얼 토크 #1 (2014-10-15)에서 발표하기 위해 만든 자료.
원래 'Docker 실서비스 도입기'를 발표하려고 했으나, 아직 도입이 마무리되지 못한 관계로 그 과정에서 의미 있는 부분을 찾아보았다.
그래서 Chef와 Docker가 도입되면 StudyGPS에서 어플리케이션을 업데이트하는 기존의 방식이 어떻게 변화하는지에 대해 설명하고, 그 변화의 의미에 대해서 생각해보고 정리하였다.
DevOpsDays Austin 2016 talk. Compliance and security are the next steps after Infrastructure as Code and Test-Driven Infrastructure in expanding your DevOps workflow. Chef's open-source InSpec and audit cookbooks provide an accessible pattern for building compliance into your continuous delivery pipelines.
Ansible has huge potential, also working with docker. These slides give an introduction to how Ansible works and can be used to automate and improve your infrastructure setup.
Drupal Continuous Integration with Jenkins - The BasicsJohn Smith
Please check out our new SlideShow of setting up and configuring a Jenkins Continuous Integration server for use within a Drupal development environment. We walk you through the steps of installing Ubuntu 10.04 LTS, Jenkins, Drush and several other PHP coding tools and Drupal Modules to help check your code against current Drupal standards. Then we walk you through creating a git post-receive script, and Jenkins job to pull it all together.
Infrastructure testing with Jenkins, Puppet and Vagrant - Agile Testing Days ...Carlos Sanchez
Extend Continuous Integration to automatically test your infrastructure.
Continuous Integration can be extended to test deployments and production environments, in a Continuous Delivery cycle, using infrastructure-as-code tools like Puppet, allowing to manage multiple servers and their configurations, and test the infrastructure the same way continuous integration tools do with developers’ code.
Puppet is an infrastructure-as-code tool that allows easy and automated provisioning of servers, defining the packages, configuration, services, … in code. Enabling DevOps culture, tools like Puppet help drive Agile development all the way to operations and systems administration, and along with continuous integration tools like Jenkins, it is a key piece to accomplish repeatability and continuous delivery, automating the operations side during development, QA or production, and enabling testing of systems configuration.
Using Vagrant, a command line automation layer for VirtualBox, we can easily spin off virtual machines with the same configuration as production servers, run our test suite, and tear them down afterwards.
We will show how to set up automated testing of an application and associated infrastructure and configurations, creating on demand virtual machines for testing, as part of your continuous integration process.
(Click 2nd slide for video) Deploy PHP apps faster in 2017. This talk focuses on how PHP developers can use simple Ansible scripts to rapidly configure new dev and production servers from scratch, and deploy their apps. No more "snowflake servers"!
This is a general introduction to DevOps essentials and Ansible, with a few extras for PHP developers, including some best practice tips and overview of two major Ansible-based PHP projects, Drupal-VM and Trellis (modern WordPress setup).
Community Cookbooks & further resources - Fundamentals Webinar Series Part 6Chef
Part 6 of a 6 part series introducing you to the fundamentals of Chef.
This session includes an introducing Community Cookbooks and some additional resources.
After viewing this webinar you will be able to:
- Find, preview, and download cookbooks from the Chef Community site
- Use knife to work with the Community Site API
- Download, extract, examine and implement cookbooks from the Community site
Video of this webinar can be found at the following URL
https://www.youtube.com/watch?v=ovTIeS3kx4g&list=PL11cZfNdwNyPnZA9D1MbVqldGuOWqbumZ
ContainerDays Boston 2015: "Continuous Delivery with Containers" (Nick Gauthier)DynamicInfraDays
Slides from Nick Gauthier's talk "Continuous Delivery with Containers" at ContainerDays Boston 2015: http://dynamicinfradays.org/events/2015-boston/programme.html#cdwithcontainers
Using Kubernetes for Continuous Integration and Continuous DeliveryCarlos Sanchez
Learn how to scale your Continuous Integration and Continuous Delivery environment using containers. The Kubernetes project provides a container orchestration solution that greatly simplifies app deployments in large clusters and you can use Jenkins and Kubernetes together to run jobs on-demand.
Building and testing is a great use case for containers, both due to the dynamic and isolation aspects, but it increases complexity when scaling to multiple nodes and clusters.
Jenkins is an example of an application that can take advantage of Kubernetes technology to run Continuous Integration and Continuous Delivery workloads. Jenkins and Kubernetes can be integrated to transparently use on demand containers to run build agents and jobs, and isolate job execution. It also supports CI/CD-as-code using Jenkins Pipelines and automated deployments to Kubernetes clusters. The presentation will allow a better understanding of how to use Jenkins on Kubernetes for container based, totally dynamic, large scale CI and CD.
Using Kubernetes for Continuous Integration and Continuous Delivery. Java2daysCarlos Sanchez
Learn how to scale your Continuous Integration and Continuous Delivery environment using containers. The Kubernetes project provides a container orchestration solution that greatly simplifies app deployments in large clusters and you can use Jenkins and Kubernetes together to run jobs on-demand.
Building and testing is a great use case for containers, both due to the dynamic and isolation aspects, but it increases complexity when scaling to multiple nodes and clusters.
Jenkins is an example of an application that can take advantage of Kubernetes technology to run Continuous Integration and Continuous Delivery workloads. Jenkins and Kubernetes can be integrated to transparently use on demand containers to run build agents and jobs, and isolate job execution. It also supports CI/CD-as-code using Jenkins Pipelines and automated deployments to Kubernetes clusters. The presentation will allow a better understanding of how to use Jenkins on Kubernetes for container based, totally dynamic, large scale CI and CD.
Continuous Integration/Deployment with Docker and JenkinsFrancesco Bruni
“Continuous Integration doesn’t get rid of bugs, but it does make them dramatically easier to find and remove” M. Fowler
Jenkins and Docker are cool technologies. Here's how they serve in a continuous integration based process and how they could be exploited to deliver new version of the same software.
The slides present the whole process along with real code snippets.
Webinar: Creating an Effective Docker Build Pipeline for Java AppsCodefresh
It's easy to make mistakes when Dockerizing your Java applications. In this webinar, Alexei Ledenev (Cheif Researcher at Codefresh) shared his experience on how to craft the perfect Java-Docker build flow. He explained best practices and common pitfalls, then demonstrated how to create a build pipeline that consistently produces small, efficient, and secure Docker images. View the webinar recording and summary here- https://codefresh.io/blog/webinar-creating-efficient-docker-build-pipeline-java-apps/
In this talk, I riff on various jobs you can do with your DevOps knowledge that aren't more of the same (or moving into software engineering). These include sales engineering, consulting, product management, product marketing, and more.
Pull, Don't Push! Sensu Summit 2018 TalkJulian Dunn
Architectures for monitoring and configuration in a microservices era. A talk given by Julian Dunn and Fletcher Nichol at Sensu Summit 2018 in Portland, Oregon.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
16. Build
FROM msdos:6.1
LOAD HIMEM.SYS
LOADHIGH EMM386.EXE
ENTRYPOINT AUTOEXEC.BAT
$ knife container docker build ...
• Open-source plugin to Chef's "knife"
• Use existing cookbooks to build containers
• https://github.com/chef/knife-container
17. Test
control_group "shellshock" do
control "ensure bash is a new enough version" do
expect(package('bash')).to be_installed.and at_version('> 4.1.2-25.el6.x86_64')
end
control "try to exploit shellshock" do
let(:cmd) { %q{env x='() { :;}; echo vulnerable' bash -c "echo test" }}
expect(shell_out(cmd).exitstatus)).to not_equal(1)
end
end
19. Run
• Per-container monitoring, metrics, inventory
• Resource allocation ("scheduling")
• Service discovery
• Controlled mutability
20. Fleet Management: Crossing the Machine Boundary
machine 'mysql_wordpress' do
recipe 'mysql'
recipe 'wordpress::database'
tag 'mysql_master'
end
num_webservers = 5
1.upto(num_webservers) do |i|
machine "wordpress#{i}" do
recipe 'apache'
recipe 'wordpress'
end
end
I work at Chef as a product manager
Which fundamentally means I get to do all the things besides writing the software itself, like business strategy, marketing, making sure we're building the right thing, etc.
And I was in charge of the team that built some of the Chef & Docker integration last summer.
In a containerized world, is configuration management dead?
Made the rounds on HackerNews – "CM is dead!"
In part there's a bit of new and shiny – many dragons if you read far enough
But are there any lessons here?
And if tech people like nothing better, it's to write articles comparing technology X versus technology Y.
I honestly never thought I'd have a slide in a presentation with a Chef logo that included a Puppet logo.
James is awesome though, and he wrote an article for PuppetLabs asking whether CM and containers can co-exist.
You don't need runtime state management anymore – which is why people say "docker wins, CM is dead"
So apparently this is why everyone's rejoicing over configuration management and how it's going to get run over by the container bus… er, ship.
I truly believe that yes, CM is not going away, and it's not going to be killed off by containers.
So we all have jobs still! Yay!
- But in order to fully embrace and love containers, traditional CM is, for sure, going to have to change – and change quite dramatically.
First I need to make sure everyone understands the benefits of containerization and Docker specifically.
Who has actually *used* Docker for a real use case? Development is fine
(Maybe call on one or two individuals to talk about what they liked about it.)
Near-instant productivity:
Workstation setup is easy
Kit of parts in registry
Reduces needless "infrastructure knob twiddling" just to be productive
Developing is a lot like shipping
- Actually, it's a lot like why JVMs are such a great target platform too
Developers are nearly-instantly productive
Experience of shipping is similar to developing
Portable artifact
Container artifact is the key concept
This is where other technologies like lxc, zones, etc. have fallen down – these were technologies primarily optimized for ops worldview, instead of devs worldview
The Good
Optimized for developer workflow: Makes developing software really fast
Reduces needless "twiddling infrastructure knobs" to ship code
The Bad
Lots of operational tooling still missing
Service discovery, fleet management, resource allocation
Build tools are easy until they're not (more on that later)
This last point is probably the most compelling reason for containers
So it's not surprising that there's a land grab happening over it – you can expect more this year.
Developers are the ones who made are making containers (in whatever format) successful – not operations people.
FreeBSD jails, Solaris zones, even LXC – not usable by developers, and not shareable artifacts.
So a developer's job is to make software artifacts as quickly as possible, and ship them as quickly and as frequently as possible.
It doesn't matter whether that artifact is a Java WAR/EAR…
Or a container…
It's the same fundamental process.
Seamless build management for containers
If possible, ability to use the same infracode across containers/non-containers
Want to not distinguish "application" code from "infrastructure" code – it's all just code to enable customer features/value.
Seamless build management for containers
Provide an experience for use of declarative CM to build containers that is easier than existing tooling
Easier than shell scripting
Shell scripts are quick but can become painful to maintain
Lots of duplication, one-offs
Make shell->CM onramp much lower
Good job Ansible so far
None of this involves writing program features
It's just the ceremony necessary to get something produced to create value
Story of wife formerly a Java developer., etc.
Anything that eases a developer's pain in any of this makes their life easier
- Containers aren't perfect.
I outlined some of the ways in which they're great, above, but they have some gaps that I'll talk to next.
Always be wary of folks postulating that a "simple" thing is going to replace something "complex", as though simplicity was the ultimate end goal of everything.
Simplicity is great, but not a end-goal in itself.
Hear of people replacing one CM system for another because they didn't understand the code – it was "too complex".
Well 6 months later they've just got spaghetti CM code for that new system b/c they had to build all that complexity in that they didn't understand
Dockerfiles are a great way to get started but ultimately it is is just a shell script.
How do you version it?
Sprawl of Dockerfiles
No reusable components
No way to analyze them, validate them, etc.
Also not a great communication tool
How do folks validate their containers actually meet some criteria? I have no idea.
How do folks validate and inspect their running containers for some state? For compliance? For GHOST/POODLE/whatever?
This is Chef's audit mode (not the final syntax). I would love to see us extend this to containers as well.
Maybe right now the "rebuild" cost is so low for containers that people don't care? But we also didn't just build WAR/EAR files without some external integration testing, right?
Again, I don't know (aside from publishing images to an internal docker registry) people do this today, but lots of folks are trying to muscle in on this turf
AWS CodeDeploy
Etc.
Lots of different ways to express this using CM as well.
Run… well we're already pretty good at that part.
But… what folks are missing in both the traditional and containerized world in CM is fleet management – crossing the machine boundary.
Extend CM concepts to cross the machine boundary into managing entire fleets, independent of underlying runtime – should be able to mix-and-match (database on metal, webservers a mix of Azure and EC2 if you wanted to)
More on this at 12:00-12:40 in this room – John Keiser will demonstrate these concepts
Whole Product Solution
- CM systems need to become more what Geoffrey Moore calls the "whole product solution"
Talk in here about the chasm
80% of IT out there uses NO CM, and why? Because I don't think there's a compelling enough business driver from across a broad spectrum, including development.
Virtualization
Remember how virtualization started off as a desktop tool?
It migrated to widespread adoption because VMWare seized the day and provided management tools (Vsphere, VCAC, Player, etc.) and an entire ecosystem
Arguably, Xen lost the hypervisor battle because they weren't able to provide a whole product solution. They should have won and instead were acquired by Citrix.
Java
Remember how bad Java was when it first started? Primary use case was stupid applets and things like that
It became widely adopted when there was an ecosystem: good servlet containers, debugging tools, IDEs
Java
Remember how bad Java was when it first started? Primary use case was stupid applets and things like that
It became widely adopted when there was an ecosystem: good servlet containers, debugging tools, IDEs
Why do I care so much about CM "crossing the chasm"?
Not because I want to make $ off my Chef shares (I mean I do, but that's not the primary driver)
Not because I fear CM will be "destroyed" by containerization
Of course it's only the most narcissistic speaker that references his or her previous talks in the current one, right?
A few months ago I gave a talk entitled "Devops Against Inhumanity – go and Google it if you're interested; I can give you the headline here
The crux is, call it whatever you want, but the "devops" way of working is to lower everyone's stress level, work towards a mutual goal, etc.
Dev and Ops have different motivations but they don't have to fight!
Good tools reinforce good culture and vice-versa
- It's one thing to throw WAR files over the wall from dev to ops – terrible, but manageable, you may have worked in such an environment before
But throwing entire machine images? That's a whole other ball game
Unlimited list of things that can go wrong
Security? Compliance?
We risk losing the goodwill we've built in the "devops" movement where both parties are collaborating
Probably why ops is terrified of containerization and is pushing back
Containers are powerful & they're generally here to stay
The format & implementation will change greatly this year & next
Configuration management needs to broaden its horizons to remain relevant
Development drives technology adoption, but an ops function is still important – no technology is widely adopted when only one party's interests are accommodated (in the long run)
So think of CM beyond just file/package/service basics, and create a more whole product solution
We've come too far and made too much cultural progress to let that go to waste.