Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Chef and the Microsoft Ecosystem, Engineering U...

Chef and the Microsoft Ecosystem, Engineering Update 2019

As delivered at Config Management Camp in Ghent, 2019

Stuart Preston

February 05, 2019
Tweet

More Decks by Stuart Preston

Other Decks in Technology

Transcript

  1. #cfgmgmtcamp @stuartpreston Agenda • What is the Microsoft Ecosystem at

    Chef? • Look back at 2018 • Predictions for 2019 • Ask me anything!
  2. #cfgmgmtcamp @stuartpreston 2019 Community Update by the numbers 2019 #azure

    154 members #windows 511 members #general 6094 members Thank you to all our awesome contributors!
  3. #cfgmgmtcamp @stuartpreston Chef Portfolio PARTNER ECOSYSTEM Open Source (please contribute!)

    Commercial (please pay us!) Infrastructure Automation Compliance Automation Application Automation
  4. #cfgmgmtcamp @stuartpreston Chef on Windows - "batteries included" CHOCOLATEY POWERSHELL

    WINDOWS powershell_script dsc_script/dsc_resource windows_* resources
  5. #cfgmgmtcamp @stuartpreston Chef 14 - Windows resources added 14.3 chocolatey_config

    chocolatey_source powershell_package_source 14.5 windows_workgroup 14.7 windows_firewall_rule windows_share windows_certificate 14.0 windows_ad_join windows_auto_run windows_feature windows_feature_dism windows_feature_powershell windows_font windows_printer windows_printer_port windows_shortcut
  6. #cfgmgmtcamp @stuartpreston Chef 15 - additional Windows resources - UAC

    https://supermarket.chef.io/cookbooks/windows_uac windows_uac 'Disable UAC prompts for the admin' do enable_uac true prompt_on_secure_desktop false consent_behavior_admins :no_prompt end
  7. #cfgmgmtcamp @stuartpreston Chef 15 - additional Windows resources - DNS

    https://supermarket.chef.io/cookbooks/windows_dns windows_dns_zone 'chef.local' do server_type 'standalone' end windows_dns_record 'chef-server' do record_type 'cname' zone 'chef.local' target 'web01.chef.local' end
  8. #cfgmgmtcamp @stuartpreston Chef 15 - additional Windows resources - DFS

    https://supermarket.chef.io/cookbooks/windows_dfs windows_dfs_namespace 'prodshare' do description 'Used to easily access shares on other servers' action :install full_users 'localhost\\users' end windows_dfs_folder "Some\\Nested\\Path" do description "Link to MyServer share MyShare" namespace_name 'prodshare' target_path "\\\\server\\target_share\\Some\\Nested\\Path" action :install end
  9. #cfgmgmtcamp @stuartpreston powershell_out vs powershell_exec mixin powershell_out("Get-Service -Name wuauserv").stdout =>

    "\r\nStatus Name DisplayName \r\n------ ---- ----------- \r\nRunning wuauserv Windows Update \r\n\r\n\r\n"
  10. #cfgmgmtcamp @stuartpreston Other notable Chef additions you may have missed

    • Resources can have descriptions and additional metadata (e.g. mark as deprecated) • chef-resource-inspector helps show actions and properties without leaving the CLI
  11. #cfgmgmtcamp @stuartpreston Chef Workstation Business Value Revenue Growth Velocity Agility,

    Speed, Efficiency, Safety Infrastructure Automation Compliance Automation Application Automation FOUNDATIONAL CAPABILITIES AD-HOC Standardization leads to initial cost reductions and delivery success REPEATABLE Service delivery team productivity increases MANAGED Customer-focused innovation delivered continuously OPTIMIZED Delivering sustainable competitive advantage Achieving Continuous Automation Idea Ship CHEF WORKSTATION
  12. #cfgmgmtcamp @stuartpreston Converting Chef resources to chef-run parameters chocolatey_package 'notepad2'

    do action :install end becomes chef-run winrm://[email protected] --password password \ chocolatey_package notepad2
  13. #cfgmgmtcamp @stuartpreston Azure Cloud Shell • Container running inside Azure

    Container Instances • Access via Azure Portal or via dedicated site https://shell.azure.com • Pre-loaded with tools required to administer and deploy within the Azure environment
  14. #cfgmgmtcamp @stuartpreston Chef run triggers a remote Chef Client $

    chef-run ssh://[email protected] user workshop action=create -i ~/.ssh/id_rsa
  15. #cfgmgmtcamp @stuartpreston InSpec on Azure - github.com/inspec/inspec-azure "This InSpec resource

    pack uses the Azure REST API and provides the required resources to write tests for resources in Azure."
  16. #cfgmgmtcamp @stuartpreston InSpec on Azure - github.com/inspec/inspec-azure control 'azurerm_virtual_machine' do

    describe azurerm_virtual_machine(resource_group: 'MyResourceGroup', name: 'prod-web-01') do it { should exist } it { should have_monitoring_agent_installed } it { should_not have_endpoint_protection_installed([]) } it { should have_only_approved_extensions(['MicrosoftMonitoringAgent']) } its('installed_extensions_types') { should include('MicrosoftMonitoringAgent') } end end
  17. #cfgmgmtcamp @stuartpreston Other predictions for 2019 • No more Windows

    7/2008 (yay!) • No more 32 bit installations (please!) • Policyfile workflow gaining on Chef Server workflow and move into Habitat • PowerShell Core 6 support (think: powershell_script on Linux) • The end of the Windows cookbook? Expect more announcements between now and ChefConf (May 20-23, Seattle)