Compliance and auditing with Puppet
Peter Souter - Monday, Feb 6, 14:40 - 15:20 - B1.015Puppet is a perfect fit for compliance: you model desired compliant state, continually enforce it and have a full audit path of when changes occur and what lead to the drift. But what are the best practises for using Puppet for compliance, what are the caveats, how do you scan for issues and how can you keep the auditors happy?
If you work with or at a Telco, Financial Institution or a Government entity, you probably already know about compliance and the various acronyms and headaches it can bring.
How can we make this less of a painful process?
Well, if you think about it: compliance is a set of rules that someone has given you to enforce and prove that they're being enforced. What is Puppet? A series of rules for systems that need to be enforced. So compliance is the perfect use-case for configuration management.
We'll be discussing:
- How you can enforce compliance in your estate with Puppet
- The difference between using dedicated compliance Puppet modules and leveraging your current modules
- Using the baseline_compliance catalog terminus
- Custom facts for compliance checking
- What tools for scanning work well with Puppet
Knee deep in the undef: Tales from refactoring old Puppet codebases
Peter Souter - Tuesday, Feb 7, 15:40 - 16:00 - B1.015
As Puppet pushes into it’s second decade, there are several organisations out there that have been using Puppet for a long time.
With the EOL announcement of the 3.X release, there are a number of people looking to upgrade, both community and customers. Normally the upgrade of the architecture is ok, it’s the code base that gives the biggest challenge, especially those with multiple years of organic growth.
You quickly learn what hacky solutions that seemed good at the time will come back to bite you.
We’ll be talking about how Hiera is both the best and worst thing to happen to Puppet, marvel at how people were happily running 0.25.4 in Puppet in production in 2016.
By the end of this, you’ll hopefully have learnt how to make sure that your Puppet code is healthy for the next decade*
Peter is a Senior Professional Services Engineer at Puppet. He's tinkering with DevOps tooling for about 6 years and finds that listening to Bonobo increases his work output 50%.