Skip to content

Instantly share code, notes, and snippets.

@coderanger coderanger/readme.md
Created Feb 25, 2016

Embed
What would you like to do?
ChefConf 2016 Proposal Ideas

Anyone Can Cook: Writing Good Cookbooks as a Beginner

Abstract

Learning to write high-quality Chef cookbooks can be a daunting prospect. There are few resources and little documentation. Let's dive in to the best practices to build usable, maintainable, and delightful Chef cookbooks. We'll cover the structure of great cookbooks for new and experienced Chefs alike.

Outline

  • Principles of High Functioning Cookbooks
    • Resources > Recipes
    • Right to keep and bear footguns
  • Minimalism in Recipes
    • Trinity: package, template, service
    • Metadata: The good, the bad, and the ugly
  • Writing Custom Resources
    • 12.5 syntax
    • How low can you go
  • Effective Node Attributes
    • Goldilocks zone
    • Common traps
  • Tests for Fun and Profit
    • Overtesting, a thing
    • What to expect when you're expecting
  • Documentation for Great Justice
    • Maniac Driven Development
    • Enumerate your interfaces

YoloVer: A Story About Policyfiles

Abstract

Policyfiles, the latest and greatest {{Citation needed}} entry into the Chef workflow arena. There is a lot of chatter about policies and their related tools, but few people have taken the plunge and most that do are charging in without knowing what awaits them on the other side. Together we'll examine what policies are in Chef, how to use them, and what the downsides can be.

Outline

  • tl;dr
    • New vocabulary
    • Intro to snapshots
    • Push it over there
  • A Tour of Policyfile.rb
    • Name
    • Run list(s)
    • Cookbook dependencies
    • Sources
    • Attributes
    • Chef command basics
  • The Rough Edges
    • The talking stick problem
    • Graft v host, aka multi-policy issues
    • Environment attributes
    • Base/shared policy
    • Partial updates
  • Workflow Overview
    • What is a release process
    • To SemVer or not to SemVer
    • YoloVer workflow
    • Example repository
  • Supporting Tools
    • Policyfiles and Test Kitchen
    • Policyfiles and ChefSpec
  • How to upgrade
    • Role (cookbook)? conversion
    • Environment (cookbook)? conversion

Behind Closed Doors: Managing Passwords in a Dangerous World

Abstract

Secrets come in many forms, passwords, keys, tokens. All crucial for the operation of an application, but each dangerous in its own way. In the past, many of us have pasted those secrets in to a text file and moved on, but in a world of config automation and ephemeral microservices these patterns are leaving our data at greater risk than ever before.

New tools, products, and libraries are being released all the time to try to cope with this massive rise in threats, both new and old-but-ignored. This talk will cover the major types of secrets in a normal web application, how to model their security properties, what tools are best for each situation, and how to use them with major web frameworks.

Outline

  • Intros
  • Types of secrets
    • Passwords (internal control)
    • Key files (TLS, whole files)
    • Tokens (external control)
    • Other (PCI, etc)
    • Hot vs. cold access
  • Properties of a secrets management system
    • Audit trail
    • Least access
    • Integrations
    • Pre-encryption systems
  • The usual solutions, and why they are dangerous
  • Attack surfaces and threat modelling
    • Code leak
    • Backup leak
    • Directory traversal/transclude
    • RCE
    • Laptop theft
    • Higher power (gov, etc)
  • Identity Management
    • Tokens
    • Cloud Systems
    • HSMs
  • Tools
    • Text files
    • Chef encrypted bags
    • Ansible Vault
    • Chef Vault
    • Hashicorp Vault
    • KeyWhiz
    • AWS KMS
    • Sneaker
    • Confidant
    • Trousseau
    • Sops
    • Red October
    • Barbican
    • Conjur
  • Framework Integration
    • HVAC
    • KeywhizFS
    • Consul Template
    • botocore
@compwron

This comment has been minimized.

Copy link

commented Feb 25, 2016

"Behind Closed Doors" would be my favorite but I am not a chef / target audience member

@Maniacal

This comment has been minimized.

Copy link

commented Feb 26, 2016

In this order: YoloVer, Behind closed doors, Anyone can cook

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.