SlideShare a Scribd company logo

2021 04-15 operational verification (with notes)

Puppet
Puppet

April 15 2021

Technology
1 of 14
Download to read offline
Operational Verification David Schmitt (aka @dev_el_ops), Tech Lead - Content April 15, 2020 Good afternoon, folks! The Content team at Puppet is currently working on a new module to provide more confidence in your infrastructure's health. While I hope I don't need to convince you that having confidence in our deployments is necessary, I hope I can show you today that it is possible to improve on the situation we currently have. 1
First a few words about words. Here's how I learned them in University an eternity ago. Verification is process oriented - are we doing the things right and does each step match the requirements, while Validation is outcome oriented: are we solving the actual problem? In refreshing my memory on these distinctions, I found a post by a CS prof who summarizes it as "Verification will help to determine whether the software is of high quality, but it will not ensure that the system is useful." https://www.easterbrook.ca/steve/2010/11/the-difference-between-verificatio n-and-validation/ 2 - @dev_el_ops Verification: Are we building the system right? Validation: Are we building the right system? Terms I
This graphic is from the same blog post and shows various techniques that we can apply to ensure that any solution is within the specification and making progress towards solving the customer's problem. Of note for puppet are unit tests - making sure that code meets specific low-level expectations and acceptance tests that are responsible for proving fit-for-purposeness with regards to full systems. Keep that thought in your mind! While a test will never be able to judge the ultimate purpose of your service, I want to show that there is a clear progression in the testing scope that we can follow to ensure that our implementation provides value. For example a system running apache is more useful as a webserver than a system that is not running apache. While you'll likely already know this ... ---- graphic from blog used with permission https://twitter.com/dev_el_ops/status/1381940089438281728 https://www.easterbrook.ca/steve/2010/11/the-difference-between-verificatio n-and-validation/ 3 - @dev_el_ops Terms II From https://www.easterbrook.ca/steve/2010/11/the-difference-between-verification-and-validation/
I still want to spend a minute on Idempotency. Such actions can be applied any number of times, but won't change the state of the system on subsequent applications. For puppet that's convenient because we can apply the same catalog over and over again, and won't change the target system if it is already in the desired state. Much of puppet's ecosystem today relies on a catalog's idempotency for verification: we rely on this for impact analysis to make sense; we catch apply errors in testing, so we can deploy with confidence; if there are unexpected changes, we look for the security breach; if a puppet run doesn't change anything, the system is healthy. But is it really? 4 - @dev_el_ops Idempotent: Action can be applied multiple times without changing the state of the system (beyond the first). Terms III
Let's go through a short example. This here configures apache to serve static content from a directory. What common issues would have a puppet run fail on this code? One of the ugly ones is the apache service failing to start because of a fatal configuration error. For example, if port 80 is already in use. Thanks to recent-ish improvements to service management on linux, this has become very easy to detect and puppet is already giving you an error for this at the time the broken configuration is deployed. That nicely lines up with the expectations I quoted earlier: we run this in a test, we inspect the error, we fix the code. Let's make the situation a bit more complicated... I mean ... realistic. 5 - @dev_el_ops class { '::apache': } apache::vhost { 'basic.example.com': port => 80, docroot => '/var/www/basic', } Example I
This example configures the same virtual host, but instead of serving up static files it proxies requests through to a backend service. Searching for the error is not the point of the slide, so I've already highlighted where everything started to go wrong. These two services will never talk to each other and puppet will happily keep it that way, with no errors reported from applying the catalog. Or maybe the SSL certificate has expired. Or the docker image's configuration doesn't look at the PORT variable and defaults to something else. Or there is a firewall configuration that blocks access to port 80 or port 4000. I'm sure each one of you will have their own example of that one time, something went too wrong. Even before puppet we have developed monitoring tools to live with this and have a better understanding of our system's current state. For example, nagios first release was in 2002. 6 - @dev_el_ops class { '::apache': } apache::vhost { 'basic.example.com': port => 80, proxy_dest => 'localhost:4000', } docker::run { 'backend_service:latest': env => [ 'PORT=3000' ], } Example II
testing, puppet idempotency and monitoring are facets of a bigger effort to verify our systems, and what I'm about to show you is another step in that direction. What if a puppet run could tell you more about your services health beyond that a process successfully started? ---- https://puppet.com/blog/hitchhikers-guide-to-testing-infrastructure-as-and-c ode/
What if we could add a check resource into the catalog that - right then and there - checks that the configured webservice is alive and kicking and returns the proper status from its health check endpoint? This check resource will make a HTTP call to the specified URL, and report a failure if the request doesn't return 200 or the body of the response is not the specified JSON. This will run directly on the managed node everytime puppet runs. This won't make puppet a monitoring solution, but it will provide another system health data point closely integrated into management workflows. It is one step further in the direction of the testing/monitoring convergence that Mina and I talked about previously. For the sake of brevity the example on the slide glosses over some details. The resource dependencies need to be hooked up correctly so that the check happens only after it is possible to succeed. The service might take a few moments to start up, so the check should be configured with a retry loop and a timeout. This is also only the start of understanding all the ways this can be useful. For example what happens when this gets included in bolt plans for deployment steering? Is this useful in your CD4PE blue/green deployment pipeline to catch issues earlier? 7 - @dev_el_ops class { '::apache': } apache::vhost { 'basic.example.com': port => 80, proxy_dest => 'localhost:4000', } docker::run { 'backend_service:latest': env => [ 'PORT=3000' ], } Example II - with added check check_http { 'http://basic.example.com/health': http_status => 200, http_content => '{"status":"ok"}', }
To figure these things out, we've published a very basic prototype of this in the puppetlabs/opv (oscar papa victor) repo. And we are looking for early feedback on how this fits into your workflow and what other checks you'd like to see (of course, PRs are especially welcome). We've already identified more work that's necessary before OPV is ready for general consumption. One big one for example is how nobody wants to see a change notification every time the check succeeds. We're currently working on a new feature in the resource API to make that easily possible. Please have a look at the tickets on the repo to see all the details of what's currently planned. Where do we go from here? 8 - @dev_el_ops class { '::apache': } apache::vhost { 'basic.example.com': port => 80, proxy_dest => 'localhost:4000', } docker::run { 'backend_service:latest': env => [ 'PORT=3000' ], } check_http { 'http://basic.example.com/health': http_status => 200, http_content => '{"status":"ok"}', } Example II - with added check https://github.com/puppetlabs/opv
Clearly there's more work in front of us to make this fully usable. Here's the initial list of checks we're looking at: http as just shown, https with additional verification of SSL certs, powershell and command to run arbitrary shell checks, apt_update to check for outdated mirrors and packages, certificate for all x509 validation fun and service for system services. At this point in time the list is very provisional and - again - please do post any and all feedback in the OPV repo's discussions if you're looking for something specific. We don't have infinite budget and I'd much rather see us implement something that folks are actually asking for. The reporting fix is expected to land next week and will allow us to write check resources that do not show up in a report when they're successful. The only caveat here is that it's a resource api change and will only be available from the next puppet 6 and 7 releases. For retrying we're looking at the usual exponential backoff and overall timeout bits, so that shouldn't be too controversial. The next one is interesting. Of course we want to integrate this into existing modules. This will give us first hand experience of how much effort it is and give the OPV module some real-world exposure. It also means that we'll 10 - @dev_el_ops Next Steps ● checks: http, https, powershell, command, task, apt_update, certificate, service ● fix reporting ● implement exponential retry params ● integrate into existing modules ● expose checks for plans ● gather feedback
elevate it to supported status for our commercial customers. While the resources as they exist can be used as part of apply blocks in bolt plans, we also want to make them directly available as tasks and functions. And finally - did I say this already? - please do throw any and all feedback that you have at us. I'll be especially grateful for folks who can spare 30 or 60 minutes for an in-depth interview where we can double check some of our basic assumptions. When I showed the idea around internally, I usually got asked one of two questions: "when can I get this?" and "how does this interact with acceptance testing?" To the first one, I can only say we are working on it as I speak here. With regards to the second one, I'm glad you asked!
Let's dive into how this operational verification works out in testing: I've already shown all the big bits on this slide earlier: configure a VHost, add a file, check that the file is available on the web server. This is now ALSO an acceptance test case: if the file can be downloaded from the webserver, the configuration is acceptable. And this is a more valid and more in-depth checking test implementation than most I've seen in the wild, including our own supported modules. Plugging this into litmus is quite straightforward using idempotent_apply and will yield test results with minimal faff around this. Since the test checks are already built into the catalog, a successful application now really means that the service has been configured correctly. WIthout having to hand-code additional serverspec checks in ruby or deal with rspec scoping rules. On the next slide, I'm gonna be even more loose and fast with the details ... 10 - @dev_el_ops apache::vhost { 'basic.example.com': port => 80, docroot => '/var/www/basic', } file { '/var/www/basic/test.txt': content => 'Hello, World!', } check_http { 'http://basic.example.com/test.txt': http_status => 200, http_content => 'Hello, World!', } Future of Acceptance Testing
… to spark your imagination while still fitting everything on a single page. To quickly summarize what is happening here: to deploy this fictional app, the plan first configures the database, checks that everything went well, then configures the web server, double checking that the database is accessible from this machine before touching anything. At the bottom the plan confirms that the application is reachable from the node bolt is running on. Surely production systems will have additional complexities, like running database migrations, pre- and post- configuration steps to quiesce the database or the app, draining, disconnecting and reestablishing loadbalancer configurations, managing this process across more than two nodes, etc etc. By virtue of having critical checks directly where the configuration happens, they would not get lost, don't have delays and can provide immediate in-place feedback if something goes wrong without losing context at every stage of development. And that's all I have for you today. I hope I've inspired you to have a new perspective on testing and monitoring and you go check out the OPV repository and participate in where this journey takes us. 11 - @dev_el_ops plan my_app::deploy (TargetSpec $db_server, TargetSpec $app_server, String $app_url) { $db_results = apply($db_server) { class { 'my_app::db': app_server => $app_server.name, } } opv::check_apply($db_results) $app_results = apply($app_server) { check_db { $db_server.name: } -> class { 'my_app::app': db_server => $db_server.name, public_url => $app_url , } } opv::check_apply($app_results) opv::check_http($app_url) } Future of Deployment Testing
I think we still have a few minutes for Q&A, meanwhile I'll leave the links for the things I talked about up here. I'll also post the slides to slack later. 12 - @dev_el_ops Links and Resources ● OPV module: https://github.com/puppetlabs/opv (add feedback to Discussions) ● Monitoring == Testing: https://puppet.com/blog/hitchhikers-guide-to-testing-infrastructure-as-and-code ● Verification and Validation: https://www.easterbrook.ca/steve/2010/11/the-difference-between-verification-a nd-validation

Recommended

Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyamlPuppet
 
Puppet Camp Paris 2015: Continuous Integration of Puppet Code (Intermediate)
Puppet Camp Paris 2015: Continuous Integration of Puppet Code (Intermediate) Puppet Camp Paris 2015: Continuous Integration of Puppet Code (Intermediate)
Puppet Camp Paris 2015: Continuous Integration of Puppet Code (Intermediate) Puppet
 
Automated acceptance test
Automated acceptance testAutomated acceptance test
Automated acceptance testBryan Liu
 
Automating Software Development Life Cycle - A DevOps Approach
Automating Software Development Life Cycle - A DevOps ApproachAutomating Software Development Life Cycle - A DevOps Approach
Automating Software Development Life Cycle - A DevOps ApproachAkshaya Mahapatra
 
Drupal Deployment
Drupal DeploymentDrupal Deployment
Drupal DeploymentJeff Eaton
 
Modern Infrastructure from Scratch with Puppet
Modern Infrastructure from Scratch with PuppetModern Infrastructure from Scratch with Puppet
Modern Infrastructure from Scratch with PuppetPuppet
 
Leveraging Ansible for CI/CD
Leveraging Ansible for CI/CDLeveraging Ansible for CI/CD
Leveraging Ansible for CI/CDShippable
 
Implementing your own Google App Engine
Implementing your own Google App Engine Implementing your own Google App Engine
Implementing your own Google App Engine Virtual JBoss User Group
 

Recommended

Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyamlPuppet
 
Puppet Camp Paris 2015: Continuous Integration of Puppet Code (Intermediate)
Puppet Camp Paris 2015: Continuous Integration of Puppet Code (Intermediate) Puppet Camp Paris 2015: Continuous Integration of Puppet Code (Intermediate)
Puppet Camp Paris 2015: Continuous Integration of Puppet Code (Intermediate) Puppet
 
Automated acceptance test
Automated acceptance testAutomated acceptance test
Automated acceptance testBryan Liu
 
Automating Software Development Life Cycle - A DevOps Approach
Automating Software Development Life Cycle - A DevOps ApproachAutomating Software Development Life Cycle - A DevOps Approach
Automating Software Development Life Cycle - A DevOps ApproachAkshaya Mahapatra
 
Drupal Deployment
Drupal DeploymentDrupal Deployment
Drupal DeploymentJeff Eaton
 
Modern Infrastructure from Scratch with Puppet
Modern Infrastructure from Scratch with PuppetModern Infrastructure from Scratch with Puppet
Modern Infrastructure from Scratch with PuppetPuppet
 
Leveraging Ansible for CI/CD
Leveraging Ansible for CI/CDLeveraging Ansible for CI/CD
Leveraging Ansible for CI/CDShippable
 
Implementing your own Google App Engine
Implementing your own Google App Engine Implementing your own Google App Engine
Implementing your own Google App Engine Virtual JBoss User Group
 
Ceylon From Here to Infinity: The Big Picture and What's Coming
Ceylon From Here to Infinity: The Big Picture and What's Coming Ceylon From Here to Infinity: The Big Picture and What's Coming
Ceylon From Here to Infinity: The Big Picture and What's Coming Virtual JBoss User Group
 
Mete Atamel
Mete AtamelMete Atamel
Mete AtamelCodeFest
 
Drupal Deployment
Drupal DeploymentDrupal Deployment
Drupal Deploymentq0rban
 
CI : the first_step: Auto Testing with CircleCI - (MOSG)
CI : the first_step: Auto Testing with CircleCI - (MOSG)CI : the first_step: Auto Testing with CircleCI - (MOSG)
CI : the first_step: Auto Testing with CircleCI - (MOSG)Soshi Nemoto
 
Job DSL Plugin for Jenkins
Job DSL Plugin for JenkinsJob DSL Plugin for Jenkins
Job DSL Plugin for JenkinsNiels Bech Nielsen
 
Docker: automation for the rest of us
Docker: automation for the rest of usDocker: automation for the rest of us
Docker: automation for the rest of usJérôme Petazzoni
 
Jenkins Job DSL plugin
Jenkins Job DSL plugin Jenkins Job DSL plugin
Jenkins Job DSL plugin Nikita Bugrovsky
 
StackStorm DevOps Automation Webinar
StackStorm DevOps Automation WebinarStackStorm DevOps Automation Webinar
StackStorm DevOps Automation WebinarStackStorm
 
Test Failed, Then...
Test Failed, Then...Test Failed, Then...
Test Failed, Then...Toru Furukawa
 
CI/CD Using Ansible and Jenkins for Infrastructure
CI/CD Using Ansible and Jenkins for InfrastructureCI/CD Using Ansible and Jenkins for Infrastructure
CI/CD Using Ansible and Jenkins for InfrastructureFaisal Shaikh
 
Trying Continuous Delivery - pyconjp 2012
Trying Continuous Delivery - pyconjp 2012Trying Continuous Delivery - pyconjp 2012
Trying Continuous Delivery - pyconjp 2012Toru Furukawa
 
Building and Deployment of Drupal sites with Features and Context
Building and Deployment of Drupal sites with Features and ContextBuilding and Deployment of Drupal sites with Features and Context
Building and Deployment of Drupal sites with Features and ContextSvilen Sabev
 
Cutting the Kubernetes Monorepo in pieces – never learnt more about git
Cutting the Kubernetes Monorepo in pieces – never learnt more about gitCutting the Kubernetes Monorepo in pieces – never learnt more about git
Cutting the Kubernetes Monorepo in pieces – never learnt more about gitStefan Schimanski
 
Apache Lucene for Java EE Developers
Apache Lucene for Java EE DevelopersApache Lucene for Java EE Developers
Apache Lucene for Java EE DevelopersVirtual JBoss User Group
 
Евгений Жарков "React Native: Hurdle Race"
Евгений Жарков "React Native: Hurdle Race"Евгений Жарков "React Native: Hurdle Race"
Евгений Жарков "React Native: Hurdle Race"Fwdays
 
Ansible top 10 - 2018
Ansible top 10 - 2018Ansible top 10 - 2018
Ansible top 10 - 2018Viresh Doshi
 
Monitoring Akka with Kamon 1.0
Monitoring Akka with Kamon 1.0Monitoring Akka with Kamon 1.0
Monitoring Akka with Kamon 1.0Steffen Gebert
 
Getting started with Octopus Deploy
Getting started with Octopus DeployGetting started with Octopus Deploy
Getting started with Octopus DeployKaroline Klever
 
Docker Best Practices Workshop
Docker Best Practices WorkshopDocker Best Practices Workshop
Docker Best Practices WorkshopAhmed AbouZaid
 
Rundeck's History and Future
Rundeck's History and FutureRundeck's History and Future
Rundeck's History and Futuredev2ops
 
Gowtham_resume
Gowtham_resumeGowtham_resume
Gowtham_resumeGowtham Venkateshan
 
SELJE_Database_Unit_Testing.pdf
SELJE_Database_Unit_Testing.pdfSELJE_Database_Unit_Testing.pdf
SELJE_Database_Unit_Testing.pdfEric Selje
 

More Related Content

What's hot

Ceylon From Here to Infinity: The Big Picture and What's Coming
Ceylon From Here to Infinity: The Big Picture and What's Coming Ceylon From Here to Infinity: The Big Picture and What's Coming
Ceylon From Here to Infinity: The Big Picture and What's Coming Virtual JBoss User Group
 
Mete Atamel
Mete AtamelMete Atamel
Mete AtamelCodeFest
 
Drupal Deployment
Drupal DeploymentDrupal Deployment
Drupal Deploymentq0rban
 
CI : the first_step: Auto Testing with CircleCI - (MOSG)
CI : the first_step: Auto Testing with CircleCI - (MOSG)CI : the first_step: Auto Testing with CircleCI - (MOSG)
CI : the first_step: Auto Testing with CircleCI - (MOSG)Soshi Nemoto
 
Docker: automation for the rest of us
Docker: automation for the rest of usDocker: automation for the rest of us
Docker: automation for the rest of usJérôme Petazzoni
 
StackStorm DevOps Automation Webinar
StackStorm DevOps Automation WebinarStackStorm DevOps Automation Webinar
StackStorm DevOps Automation WebinarStackStorm
 
Test Failed, Then...
Test Failed, Then...Test Failed, Then...
Test Failed, Then...Toru Furukawa
 
CI/CD Using Ansible and Jenkins for Infrastructure
CI/CD Using Ansible and Jenkins for InfrastructureCI/CD Using Ansible and Jenkins for Infrastructure
CI/CD Using Ansible and Jenkins for InfrastructureFaisal Shaikh
 
Trying Continuous Delivery - pyconjp 2012
Trying Continuous Delivery - pyconjp 2012Trying Continuous Delivery - pyconjp 2012
Trying Continuous Delivery - pyconjp 2012Toru Furukawa
 
Building and Deployment of Drupal sites with Features and Context
Building and Deployment of Drupal sites with Features and ContextBuilding and Deployment of Drupal sites with Features and Context
Building and Deployment of Drupal sites with Features and ContextSvilen Sabev
 
Cutting the Kubernetes Monorepo in pieces – never learnt more about git
Cutting the Kubernetes Monorepo in pieces – never learnt more about gitCutting the Kubernetes Monorepo in pieces – never learnt more about git
Cutting the Kubernetes Monorepo in pieces – never learnt more about gitStefan Schimanski
 
Евгений Жарков "React Native: Hurdle Race"
Евгений Жарков "React Native: Hurdle Race"Евгений Жарков "React Native: Hurdle Race"
Евгений Жарков "React Native: Hurdle Race"Fwdays
 
Ansible top 10 - 2018
Ansible top 10 - 2018Ansible top 10 - 2018
Ansible top 10 - 2018Viresh Doshi
 
Monitoring Akka with Kamon 1.0
Monitoring Akka with Kamon 1.0Monitoring Akka with Kamon 1.0
Monitoring Akka with Kamon 1.0Steffen Gebert
 
Getting started with Octopus Deploy
Getting started with Octopus DeployGetting started with Octopus Deploy
Getting started with Octopus DeployKaroline Klever
 
Docker Best Practices Workshop
Docker Best Practices WorkshopDocker Best Practices Workshop
Docker Best Practices WorkshopAhmed AbouZaid
 
Rundeck's History and Future
Rundeck's History and FutureRundeck's History and Future
Rundeck's History and Futuredev2ops
 

What's hot (20)

Ceylon From Here to Infinity: The Big Picture and What's Coming
Ceylon From Here to Infinity: The Big Picture and What's Coming Ceylon From Here to Infinity: The Big Picture and What's Coming
Ceylon From Here to Infinity: The Big Picture and What's Coming
 
Mete Atamel
Mete AtamelMete Atamel
Mete Atamel
 
Drupal Deployment
Drupal DeploymentDrupal Deployment
Drupal Deployment
 
CI : the first_step: Auto Testing with CircleCI - (MOSG)
CI : the first_step: Auto Testing with CircleCI - (MOSG)CI : the first_step: Auto Testing with CircleCI - (MOSG)
CI : the first_step: Auto Testing with CircleCI - (MOSG)
 
Job DSL Plugin for Jenkins
Job DSL Plugin for JenkinsJob DSL Plugin for Jenkins
Job DSL Plugin for Jenkins
 
Docker: automation for the rest of us
Docker: automation for the rest of usDocker: automation for the rest of us
Docker: automation for the rest of us
 
Jenkins Job DSL plugin
Jenkins Job DSL plugin Jenkins Job DSL plugin
Jenkins Job DSL plugin
 
StackStorm DevOps Automation Webinar
StackStorm DevOps Automation WebinarStackStorm DevOps Automation Webinar
StackStorm DevOps Automation Webinar
 
Test Failed, Then...
Test Failed, Then...Test Failed, Then...
Test Failed, Then...
 
CI/CD Using Ansible and Jenkins for Infrastructure
CI/CD Using Ansible and Jenkins for InfrastructureCI/CD Using Ansible and Jenkins for Infrastructure
CI/CD Using Ansible and Jenkins for Infrastructure
 
Trying Continuous Delivery - pyconjp 2012
Trying Continuous Delivery - pyconjp 2012Trying Continuous Delivery - pyconjp 2012
Trying Continuous Delivery - pyconjp 2012
 
Building and Deployment of Drupal sites with Features and Context
Building and Deployment of Drupal sites with Features and ContextBuilding and Deployment of Drupal sites with Features and Context
Building and Deployment of Drupal sites with Features and Context
 
Cutting the Kubernetes Monorepo in pieces – never learnt more about git
Cutting the Kubernetes Monorepo in pieces – never learnt more about gitCutting the Kubernetes Monorepo in pieces – never learnt more about git
Cutting the Kubernetes Monorepo in pieces – never learnt more about git
 
Apache Lucene for Java EE Developers
Apache Lucene for Java EE DevelopersApache Lucene for Java EE Developers
Apache Lucene for Java EE Developers
 
Евгений Жарков "React Native: Hurdle Race"
Евгений Жарков "React Native: Hurdle Race"Евгений Жарков "React Native: Hurdle Race"
Евгений Жарков "React Native: Hurdle Race"
 
Ansible top 10 - 2018
Ansible top 10 - 2018Ansible top 10 - 2018
Ansible top 10 - 2018
 
Monitoring Akka with Kamon 1.0
Monitoring Akka with Kamon 1.0Monitoring Akka with Kamon 1.0
Monitoring Akka with Kamon 1.0
 
Getting started with Octopus Deploy
Getting started with Octopus DeployGetting started with Octopus Deploy
Getting started with Octopus Deploy
 
Docker Best Practices Workshop
Docker Best Practices WorkshopDocker Best Practices Workshop
Docker Best Practices Workshop
 
Rundeck's History and Future
Rundeck's History and FutureRundeck's History and Future
Rundeck's History and Future
 

Similar to 2021 04-15 operational verification (with notes)

SELJE_Database_Unit_Testing.pdf
SELJE_Database_Unit_Testing.pdfSELJE_Database_Unit_Testing.pdf
SELJE_Database_Unit_Testing.pdfEric Selje
 
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsPVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsAndrey Karpov
 
How to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST FrameworkHow to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST FrameworkKaty Slemon
 
Automation of web attacks from advisories to create real world exploits
Automation of web attacks from advisories to create real world exploitsAutomation of web attacks from advisories to create real world exploits
Automation of web attacks from advisories to create real world exploitsMunir Njiru
 
JavaOne 2015 Devops and the Darkside CON6447
JavaOne 2015 Devops and the Darkside CON6447JavaOne 2015 Devops and the Darkside CON6447
JavaOne 2015 Devops and the Darkside CON6447Steve Poole
 
Asynchronous Apex Salesforce World Tour Paris 2015
Asynchronous Apex Salesforce World Tour Paris 2015Asynchronous Apex Salesforce World Tour Paris 2015
Asynchronous Apex Salesforce World Tour Paris 2015Samuel De Rycke
 
Albert Witteveen - With Cloud Computing Who Needs Performance Testing
Albert Witteveen - With Cloud Computing Who Needs Performance TestingAlbert Witteveen - With Cloud Computing Who Needs Performance Testing
Albert Witteveen - With Cloud Computing Who Needs Performance TestingTEST Huddle
 
Care and feeding notes
Care and feeding notesCare and feeding notes
Care and feeding notesPerrin Harkins
 
Sherlock Homepage - A detective story about running large web services - WebN...
Sherlock Homepage - A detective story about running large web services - WebN...Sherlock Homepage - A detective story about running large web services - WebN...
Sherlock Homepage - A detective story about running large web services - WebN...Maarten Balliauw
 
Continuous Deployment Pipeline for Systems at Cascadia IT Conference - 2017-0...
Continuous Deployment Pipeline for Systems at Cascadia IT Conference - 2017-0...Continuous Deployment Pipeline for Systems at Cascadia IT Conference - 2017-0...
Continuous Deployment Pipeline for Systems at Cascadia IT Conference - 2017-0...garrett honeycutt
 
From Duke of DevOps to Queen of Chaos - Api days 2018
From Duke of DevOps to Queen of Chaos - Api days 2018From Duke of DevOps to Queen of Chaos - Api days 2018
From Duke of DevOps to Queen of Chaos - Api days 2018Christophe Rochefolle
 
WinOps Conf 2016 - Michael Greene - Release Pipelines
WinOps Conf 2016 - Michael Greene - Release PipelinesWinOps Conf 2016 - Michael Greene - Release Pipelines
WinOps Conf 2016 - Michael Greene - Release PipelinesWinOps Conf
 
PVS-Studio in the Clouds: Travis CI
PVS-Studio in the Clouds: Travis CIPVS-Studio in the Clouds: Travis CI
PVS-Studio in the Clouds: Travis CIAndrey Karpov
 
Introduction to the .NET Access Control Service
Introduction to the .NET Access Control ServiceIntroduction to the .NET Access Control Service
Introduction to the .NET Access Control Servicebutest
 
Introduction to the .NET Access Control Service
Introduction to the .NET Access Control ServiceIntroduction to the .NET Access Control Service
Introduction to the .NET Access Control Servicebutest
 
Stéphane Nicoll and Madhura Bhave at SpringOne Platform 2017
Stéphane Nicoll and Madhura Bhave at SpringOne Platform 2017Stéphane Nicoll and Madhura Bhave at SpringOne Platform 2017
Stéphane Nicoll and Madhura Bhave at SpringOne Platform 2017VMware Tanzu
 
Unit testing for WordPress
Unit testing for WordPressUnit testing for WordPress
Unit testing for WordPressHarshad Mane
 

Similar to 2021 04-15 operational verification (with notes) (20)

Gowtham_resume
Gowtham_resumeGowtham_resume
Gowtham_resume
 
SELJE_Database_Unit_Testing.pdf
SELJE_Database_Unit_Testing.pdfSELJE_Database_Unit_Testing.pdf
SELJE_Database_Unit_Testing.pdf
 
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsPVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
 
How to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST FrameworkHow to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST Framework
 
Automation of web attacks from advisories to create real world exploits
Automation of web attacks from advisories to create real world exploitsAutomation of web attacks from advisories to create real world exploits
Automation of web attacks from advisories to create real world exploits
 
JavaOne 2015 Devops and the Darkside CON6447
JavaOne 2015 Devops and the Darkside CON6447JavaOne 2015 Devops and the Darkside CON6447
JavaOne 2015 Devops and the Darkside CON6447
 
Asynchronous Apex Salesforce World Tour Paris 2015
Asynchronous Apex Salesforce World Tour Paris 2015Asynchronous Apex Salesforce World Tour Paris 2015
Asynchronous Apex Salesforce World Tour Paris 2015
 
Albert Witteveen - With Cloud Computing Who Needs Performance Testing
Albert Witteveen - With Cloud Computing Who Needs Performance TestingAlbert Witteveen - With Cloud Computing Who Needs Performance Testing
Albert Witteveen - With Cloud Computing Who Needs Performance Testing
 
Care and feeding notes
Care and feeding notesCare and feeding notes
Care and feeding notes
 
Sherlock Homepage - A detective story about running large web services - WebN...
Sherlock Homepage - A detective story about running large web services - WebN...Sherlock Homepage - A detective story about running large web services - WebN...
Sherlock Homepage - A detective story about running large web services - WebN...
 
FINAL_40058464
FINAL_40058464FINAL_40058464
FINAL_40058464
 
Continuous Deployment Pipeline for Systems at Cascadia IT Conference - 2017-0...
Continuous Deployment Pipeline for Systems at Cascadia IT Conference - 2017-0...Continuous Deployment Pipeline for Systems at Cascadia IT Conference - 2017-0...
Continuous Deployment Pipeline for Systems at Cascadia IT Conference - 2017-0...
 
ELEVATE Paris
ELEVATE ParisELEVATE Paris
ELEVATE Paris
 
From Duke of DevOps to Queen of Chaos - Api days 2018
From Duke of DevOps to Queen of Chaos - Api days 2018From Duke of DevOps to Queen of Chaos - Api days 2018
From Duke of DevOps to Queen of Chaos - Api days 2018
 
WinOps Conf 2016 - Michael Greene - Release Pipelines
WinOps Conf 2016 - Michael Greene - Release PipelinesWinOps Conf 2016 - Michael Greene - Release Pipelines
WinOps Conf 2016 - Michael Greene - Release Pipelines
 
PVS-Studio in the Clouds: Travis CI
PVS-Studio in the Clouds: Travis CIPVS-Studio in the Clouds: Travis CI
PVS-Studio in the Clouds: Travis CI
 
Introduction to the .NET Access Control Service
Introduction to the .NET Access Control ServiceIntroduction to the .NET Access Control Service
Introduction to the .NET Access Control Service
 
Introduction to the .NET Access Control Service
Introduction to the .NET Access Control ServiceIntroduction to the .NET Access Control Service
Introduction to the .NET Access Control Service
 
Stéphane Nicoll and Madhura Bhave at SpringOne Platform 2017
Stéphane Nicoll and Madhura Bhave at SpringOne Platform 2017Stéphane Nicoll and Madhura Bhave at SpringOne Platform 2017
Stéphane Nicoll and Madhura Bhave at SpringOne Platform 2017
 
Unit testing for WordPress
Unit testing for WordPressUnit testing for WordPress
Unit testing for WordPress
 

More from Puppet

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscodePuppet
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twentiesPuppet
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codePuppet
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approachPuppet
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationPuppet
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliancePuppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowPuppet
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Puppet
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppetPuppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping groundPuppet
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy SoftwarePuppet
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User GroupPuppet
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsPuppet
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyPuppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
 
Puppet in k8s, Miroslav Hadzhiev
Puppet in k8s, Miroslav HadzhievPuppet in k8s, Miroslav Hadzhiev
Puppet in k8s, Miroslav HadzhievPuppet
 

More from Puppet (20)

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping ground
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Puppet in k8s, Miroslav Hadzhiev
Puppet in k8s, Miroslav HadzhievPuppet in k8s, Miroslav Hadzhiev
Puppet in k8s, Miroslav Hadzhiev
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

2021 04-15 operational verification (with notes)

  • 1. Operational Verification David Schmitt (aka @dev_el_ops), Tech Lead - Content April 15, 2020 Good afternoon, folks! The Content team at Puppet is currently working on a new module to provide more confidence in your infrastructure's health. While I hope I don't need to convince you that having confidence in our deployments is necessary, I hope I can show you today that it is possible to improve on the situation we currently have. 1
  • 2. First a few words about words. Here's how I learned them in University an eternity ago. Verification is process oriented - are we doing the things right and does each step match the requirements, while Validation is outcome oriented: are we solving the actual problem? In refreshing my memory on these distinctions, I found a post by a CS prof who summarizes it as "Verification will help to determine whether the software is of high quality, but it will not ensure that the system is useful." https://www.easterbrook.ca/steve/2010/11/the-difference-between-verificatio n-and-validation/ 2 - @dev_el_ops Verification: Are we building the system right? Validation: Are we building the right system? Terms I
  • 3. This graphic is from the same blog post and shows various techniques that we can apply to ensure that any solution is within the specification and making progress towards solving the customer's problem. Of note for puppet are unit tests - making sure that code meets specific low-level expectations and acceptance tests that are responsible for proving fit-for-purposeness with regards to full systems. Keep that thought in your mind! While a test will never be able to judge the ultimate purpose of your service, I want to show that there is a clear progression in the testing scope that we can follow to ensure that our implementation provides value. For example a system running apache is more useful as a webserver than a system that is not running apache. While you'll likely already know this ... ---- graphic from blog used with permission https://twitter.com/dev_el_ops/status/1381940089438281728 https://www.easterbrook.ca/steve/2010/11/the-difference-between-verificatio n-and-validation/ 3 - @dev_el_ops Terms II From https://www.easterbrook.ca/steve/2010/11/the-difference-between-verification-and-validation/
  • 4. I still want to spend a minute on Idempotency. Such actions can be applied any number of times, but won't change the state of the system on subsequent applications. For puppet that's convenient because we can apply the same catalog over and over again, and won't change the target system if it is already in the desired state. Much of puppet's ecosystem today relies on a catalog's idempotency for verification: we rely on this for impact analysis to make sense; we catch apply errors in testing, so we can deploy with confidence; if there are unexpected changes, we look for the security breach; if a puppet run doesn't change anything, the system is healthy. But is it really? 4 - @dev_el_ops Idempotent: Action can be applied multiple times without changing the state of the system (beyond the first). Terms III
  • 5. Let's go through a short example. This here configures apache to serve static content from a directory. What common issues would have a puppet run fail on this code? One of the ugly ones is the apache service failing to start because of a fatal configuration error. For example, if port 80 is already in use. Thanks to recent-ish improvements to service management on linux, this has become very easy to detect and puppet is already giving you an error for this at the time the broken configuration is deployed. That nicely lines up with the expectations I quoted earlier: we run this in a test, we inspect the error, we fix the code. Let's make the situation a bit more complicated... I mean ... realistic. 5 - @dev_el_ops class { '::apache': } apache::vhost { 'basic.example.com': port => 80, docroot => '/var/www/basic', } Example I
  • 6. This example configures the same virtual host, but instead of serving up static files it proxies requests through to a backend service. Searching for the error is not the point of the slide, so I've already highlighted where everything started to go wrong. These two services will never talk to each other and puppet will happily keep it that way, with no errors reported from applying the catalog. Or maybe the SSL certificate has expired. Or the docker image's configuration doesn't look at the PORT variable and defaults to something else. Or there is a firewall configuration that blocks access to port 80 or port 4000. I'm sure each one of you will have their own example of that one time, something went too wrong. Even before puppet we have developed monitoring tools to live with this and have a better understanding of our system's current state. For example, nagios first release was in 2002. 6 - @dev_el_ops class { '::apache': } apache::vhost { 'basic.example.com': port => 80, proxy_dest => 'localhost:4000', } docker::run { 'backend_service:latest': env => [ 'PORT=3000' ], } Example II
  • 7. testing, puppet idempotency and monitoring are facets of a bigger effort to verify our systems, and what I'm about to show you is another step in that direction. What if a puppet run could tell you more about your services health beyond that a process successfully started? ---- https://puppet.com/blog/hitchhikers-guide-to-testing-infrastructure-as-and-c ode/
  • 8. What if we could add a check resource into the catalog that - right then and there - checks that the configured webservice is alive and kicking and returns the proper status from its health check endpoint? This check resource will make a HTTP call to the specified URL, and report a failure if the request doesn't return 200 or the body of the response is not the specified JSON. This will run directly on the managed node everytime puppet runs. This won't make puppet a monitoring solution, but it will provide another system health data point closely integrated into management workflows. It is one step further in the direction of the testing/monitoring convergence that Mina and I talked about previously. For the sake of brevity the example on the slide glosses over some details. The resource dependencies need to be hooked up correctly so that the check happens only after it is possible to succeed. The service might take a few moments to start up, so the check should be configured with a retry loop and a timeout. This is also only the start of understanding all the ways this can be useful. For example what happens when this gets included in bolt plans for deployment steering? Is this useful in your CD4PE blue/green deployment pipeline to catch issues earlier? 7 - @dev_el_ops class { '::apache': } apache::vhost { 'basic.example.com': port => 80, proxy_dest => 'localhost:4000', } docker::run { 'backend_service:latest': env => [ 'PORT=3000' ], } Example II - with added check check_http { 'http://basic.example.com/health': http_status => 200, http_content => '{"status":"ok"}', }
  • 9. To figure these things out, we've published a very basic prototype of this in the puppetlabs/opv (oscar papa victor) repo. And we are looking for early feedback on how this fits into your workflow and what other checks you'd like to see (of course, PRs are especially welcome). We've already identified more work that's necessary before OPV is ready for general consumption. One big one for example is how nobody wants to see a change notification every time the check succeeds. We're currently working on a new feature in the resource API to make that easily possible. Please have a look at the tickets on the repo to see all the details of what's currently planned. Where do we go from here? 8 - @dev_el_ops class { '::apache': } apache::vhost { 'basic.example.com': port => 80, proxy_dest => 'localhost:4000', } docker::run { 'backend_service:latest': env => [ 'PORT=3000' ], } check_http { 'http://basic.example.com/health': http_status => 200, http_content => '{"status":"ok"}', } Example II - with added check https://github.com/puppetlabs/opv
  • 10. Clearly there's more work in front of us to make this fully usable. Here's the initial list of checks we're looking at: http as just shown, https with additional verification of SSL certs, powershell and command to run arbitrary shell checks, apt_update to check for outdated mirrors and packages, certificate for all x509 validation fun and service for system services. At this point in time the list is very provisional and - again - please do post any and all feedback in the OPV repo's discussions if you're looking for something specific. We don't have infinite budget and I'd much rather see us implement something that folks are actually asking for. The reporting fix is expected to land next week and will allow us to write check resources that do not show up in a report when they're successful. The only caveat here is that it's a resource api change and will only be available from the next puppet 6 and 7 releases. For retrying we're looking at the usual exponential backoff and overall timeout bits, so that shouldn't be too controversial. The next one is interesting. Of course we want to integrate this into existing modules. This will give us first hand experience of how much effort it is and give the OPV module some real-world exposure. It also means that we'll 10 - @dev_el_ops Next Steps ● checks: http, https, powershell, command, task, apt_update, certificate, service ● fix reporting ● implement exponential retry params ● integrate into existing modules ● expose checks for plans ● gather feedback
  • 11. elevate it to supported status for our commercial customers. While the resources as they exist can be used as part of apply blocks in bolt plans, we also want to make them directly available as tasks and functions. And finally - did I say this already? - please do throw any and all feedback that you have at us. I'll be especially grateful for folks who can spare 30 or 60 minutes for an in-depth interview where we can double check some of our basic assumptions. When I showed the idea around internally, I usually got asked one of two questions: "when can I get this?" and "how does this interact with acceptance testing?" To the first one, I can only say we are working on it as I speak here. With regards to the second one, I'm glad you asked!
  • 12. Let's dive into how this operational verification works out in testing: I've already shown all the big bits on this slide earlier: configure a VHost, add a file, check that the file is available on the web server. This is now ALSO an acceptance test case: if the file can be downloaded from the webserver, the configuration is acceptable. And this is a more valid and more in-depth checking test implementation than most I've seen in the wild, including our own supported modules. Plugging this into litmus is quite straightforward using idempotent_apply and will yield test results with minimal faff around this. Since the test checks are already built into the catalog, a successful application now really means that the service has been configured correctly. WIthout having to hand-code additional serverspec checks in ruby or deal with rspec scoping rules. On the next slide, I'm gonna be even more loose and fast with the details ... 10 - @dev_el_ops apache::vhost { 'basic.example.com': port => 80, docroot => '/var/www/basic', } file { '/var/www/basic/test.txt': content => 'Hello, World!', } check_http { 'http://basic.example.com/test.txt': http_status => 200, http_content => 'Hello, World!', } Future of Acceptance Testing
  • 13. … to spark your imagination while still fitting everything on a single page. To quickly summarize what is happening here: to deploy this fictional app, the plan first configures the database, checks that everything went well, then configures the web server, double checking that the database is accessible from this machine before touching anything. At the bottom the plan confirms that the application is reachable from the node bolt is running on. Surely production systems will have additional complexities, like running database migrations, pre- and post- configuration steps to quiesce the database or the app, draining, disconnecting and reestablishing loadbalancer configurations, managing this process across more than two nodes, etc etc. By virtue of having critical checks directly where the configuration happens, they would not get lost, don't have delays and can provide immediate in-place feedback if something goes wrong without losing context at every stage of development. And that's all I have for you today. I hope I've inspired you to have a new perspective on testing and monitoring and you go check out the OPV repository and participate in where this journey takes us. 11 - @dev_el_ops plan my_app::deploy (TargetSpec $db_server, TargetSpec $app_server, String $app_url) { $db_results = apply($db_server) { class { 'my_app::db': app_server => $app_server.name, } } opv::check_apply($db_results) $app_results = apply($app_server) { check_db { $db_server.name: } -> class { 'my_app::app': db_server => $db_server.name, public_url => $app_url , } } opv::check_apply($app_results) opv::check_http($app_url) } Future of Deployment Testing
  • 14. I think we still have a few minutes for Q&A, meanwhile I'll leave the links for the things I talked about up here. I'll also post the slides to slack later. 12 - @dev_el_ops Links and Resources ● OPV module: https://github.com/puppetlabs/opv (add feedback to Discussions) ● Monitoring == Testing: https://puppet.com/blog/hitchhikers-guide-to-testing-infrastructure-as-and-code ● Verification and Validation: https://www.easterbrook.ca/steve/2010/11/the-difference-between-verification-a nd-validation