The new version of Chef Automate comes with many new features

Robot Admin

Compliance for the Cloud

In Chef Automate 2.0, the developers have continuously expanded the interaction of their platform with InSpec. Probably the biggest change is that InSpec can now also check cloud environments and the configuration made by the admin for compliance problems. Previously, only local systems could be tested with InSpec, but now the service offers a configuration option for the access credentials for AWS or Azure.

If you enter the access credentials, InSpec logs directly into the public cloud and examines the environment it finds there according to the defined compliance criteria. Corresponding functions for GCP are also available, although they are still listed as beta in the current InSpec version.

At the same time, the InSpec developers have significantly expanded the functionality of the solution. A resource in InSpec is a kind of prebuilt check for various criteria, such as the configuration of the Apache web server. More than 30 new resources have been added to InSpec in Chef Automate 2.0, such as support for Cisco IOS (originally Internetwork Operating System) devices. On top of that, the developers have cleaned up InSpec and now promise far quicker execution of the tests.

What is impressive about Chef Automate 2.0 is how seamlessly InSpec is integrated into the various work steps of the platform. Depending on the configuration, Automate uses InSpec to check every single step of a process; if you point the tool at a Linux system, it automatically tests whether all prescribed rules have been implemented there.

If a developer uses Automate to build an application instead, InSpec can check and interrupt each step of container creation if a non-compliant container is created. In fact, the combination of Automate and InSpec forces developers to comply with applicable rules. If they do not follow the rules, no application is created in the first place.

Prebuilt Tests

If you combine Chef Automate 2.0 and InSpec in your setup, you can benefit from many prebuilt tests included with Chef Automate. Standard compliance tests from several recognized compliance organizations can be performed on common operating systems and thus serve as a basis for your own compliance requirements.

Happily, Chef is exemplary in version 2.0 of Automate, as well: The entire InSpec source code is still freely available on GitHub, so that even for those users who do not want to use Chef Automate, InSpec is and remains usable.

Habitat Now Available Locally

Do not forget the new version of Habitat, a framework for application release management in Chef Automate 2.0. Here, application does not take on the typical definition, but rather refers to cloud microservices: The tool is designed to help companies transform existing environments into a microarchitecture (Figure 4), providing a whole box of tools.

Figure 4: Habitat is the spearhead of Chef Automate in terms of an application-centric approach (Chef Software Inc. [4]).

One important key to Habitat's success is its great flexibility: On the one hand, it receives input in the form of Git directories; on the other hand, it outputs finished images of containers and can roll them out in a Kubernetes cluster (Figure 5).

Figure 5: "Deploy everywhere" is Habitat's motto, and Habitat can roll out services in Kubernetes to match (Chef Software Inc. [4]).

Accordingly, Habitat is the spearhead of an app-centric automation drive. In the new version of Automate, its developers emphasize two Habitat functions in particular: Habitat Builder can now also be run at the customer's data center, making the solution attractive for those customers who are not allowed access to cloud services for compliance reasons. Habitat also now comes with far better integration with other services. The broker for rolling out applications in Kubernetes has seen several updates. Additionally, you have the option to roll out directly in Azure, as well as an interface to the open service broker (OSB).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Automated compliance with Chef InSpec
    Chef InSpec is a practical tool for automated compliance monitoring with an intuitive, declarative scripting language.
  • Automated compliance testing with InSpec
    Don't equate compliance through certification with security, because compliance and security are not the same. We look at automated compliance testing with InSpec for the secure operation of enterprise IT.
  • Automation with Chef
    The Chef automator borrows some of its vocabulary from the world of cooking. Its cookbooks contain good recipes for many recurring tasks, and admins can follow them to prepare palatable results with manageable overhead.
  • A REST API automation strategy for DevOps
    Making resources available through REST APIs breaks down the automation silos that cater to the different IT and development environments and sets up an application-centric automation approach.
  • Setting up Windows clients with Chef
    Chef administrators unafraid of a learning curve can employ a powerful tool for Windows client management. Teamed with PowerShell, it offers more than some system management suites.
comments powered by Disqus