DEVOPS WEEKLY ISSUE #333 - 14th May 2017

3 minute read

A packed issue this week with everything from security to software asset management and thoughts on testing to problems with how we monitor our systems. Hopefully something for everyone whatever your interest in Devops.

Sponsor

Concerned about downtime? VictorOps helps you prepare, respond, and recover from IT and DevOps Incidents. Swing by our product center to learn how and start your trial.
http://try.victorops.com/DevopsWeekly/ProductCenter

Sponsored

Panera’s Digital Transformation Journey

Panera Bread 2.0 is now reality as a result of their digital transformation - but it was not an easy journey. It took a cross functional team of experts to lead the company-wide initiative. As a result all 2000+ stores support mobile orders and in-store kiosks. Join this webinar to learn how customers are now leveraging all digital channels from mobile to web, and in the restaurants.
http://ow.ly/gJdV30bG3bn

News

Devops as a set of practices is widely applicable outside large web shops, and this post makes some good points about application to traditional IT infrastructure.
http://www.mckinsey.com/business-functions/digital-mckinsey/our-insights/digital-blog/devops-the-key-to-it-infrastructure-agility

My talk from last week’s AppSec EU conference, with some thoughts about security moving towards the application in a world of platforms.
https://speakerdeck.com/garethr/security-and-the-self-contained-unit-of-software

A high-level but pretty comprehensive look at what security means in AWS. Everything from governance to API security and encryption.
https://cloudonaut.io/aws-security-primer/

Lots of people will have experience with test suites that got out of hand. This post puts that in context, and suggests five rules for assessing how you grow your test suite.
https://www.devmynd.com/blog/five-factor-testing/

An interesting look at the impact of some traditional licensing of software products like Oracle and the rise of the container as the defacto unit of software.
https://medium.com/@JonHall_/dockers-keynote-story-is-great-until-the-software-auditors-knock-on-the-door-19c5292e18f9

Lots of monitoring uses CPU utilization as a core metric. This post argues that this is incredibly misleading, with the low level details of why we’ve got this so wrong.
http://www.brendangregg.com/blog/2017-05-09/cpu-utilization-is-wrong.html

A good run through creating a pipeline for testing the build of a virtual machine, in this case using Packer and Serverspec.
http://annaken.github.io/testing-packer-builds-with-serverspec

An interesting look at updating Docker images for Windows, focused on how the larger Windows base images use the layered file system and how you need to update your own images that use it.
https://stefanscherer.github.io/keep-your-windows-containers-up-to-date/

A take on serverless with some ideas for making it less prone to platform lock-in. I think it conflates open standards and implementation, and doesn’t refer to some of the work going on in this area already, but worth reading.
http://container-solutions.com/not-serverless-ordered/

A nice quick-start for trying out OpenShift locally using minishift, with some good details of the security context constrains feature.
https://medium.com/bitnami-perspectives/running-containers-in-openshift-629af79945b5

A nice trick to make sure you’re Gitlab CI configuration file is always valid, handy to keep that feedback cycle fast.
http://blog.fgribreau.com/2017/04/validate-gitlab-gitlab-ciyml-one-liner.html

CNCF - Cloud Native Computing Foundation

Free Webinar – Cloud Native Storage with Clint Kitson, Eric Han, and Mark Balch

Bringing all of your applications to a cloud native environment is going to be critical in ensuring you are taking full advantage of what containers can deliver. These environments present an opportunity to optimize your applications, including ones that need persistent data, for any cloud.

Join our webcast and hear from industry leaders about both traditional and modern applications and how they use data. Learn the basics of cloud native storage and how you might make choices about cloud and storage platforms supporting your applications.
https://goo.gl/qrVddo

KubeCon / CloudNativeCon Austin - Join leading Kubernetes and Cloud Native technologists in Austin for a full range of technology sessions on the cloud native ecosystem.

We sold out in Berlin and are excited to see thousands of you from the community in Austin! Call for papers and registration information linked.
https://goo.gl/yKCHvh

Jobs

Are you a Puppet master? Hired gives top DevOps Engineers more power in their job search. Join today!
http://hrd.cm/2jHrf1B

Tools

Lumogon is a little something I’ve been working on at Puppet recently. It’s an open source tool for inspecting running Docker containers. Initially it can report on software packages installed in the container, but we have lots more ideas for other capabilities.
https://github.com/puppetlabs/lumogon
https://lumogon.com/

Gixy is a static analyzer for Nginx configuration, intended to detect common security misconfigurations. This would be great in a CI pipeline.
https://github.com/yandex/gixy

Concerned about downtime? VictorOps helps you prepare, respond, and recover from IT and DevOps Incidents. Swing by our product center to learn how and start your trial.
http://try.victorops.com/DevopsWeekly/ProductCenter

Updated: