| Compliance as Code Everywhere | |
| Compliance requires a holistic view of the enterprise and all of its components. The configuration of machines, the organization of the data layer, and the access and use of public and private clouds all have auditing and compliance demands. Compliance is the target state, focusing on the components of achieving it directs the DevSecOps roadmap. | |
| Compliance as code allows us to "shift left" auditing, compliance, and security concerns; incorporating them into application and infrastructure continuous integration/delivery pipelines. This session will provide real-world examples of translating industry- security and compliance requirements into software and making them a proactive part of the software-delivery process. |
| [5][default:/src:0]# sl | |
| sl | |
| --> Tailing the Habitat Supervisor's output (use 'Ctrl+c' to stop) | |
| → Using core/libsodium/1.0.13/20170905223149 | |
| → Using core/linux-headers/4.3/20170513200956 | |
| → Using core/openssl/1.0.2l/20171014213633 | |
| → Using core/xz/5.2.2/20170513214327 | |
| → Using core/zlib/1.2.8/20170513201911 | |
| ✓ Installed core/hab-launcher/6927/20180203032953 | |
| ★ Install of core/hab-launcher/6927/20180203032953 complete with 1 new packages installed. |
| mray@farnsworth[14:13]2.4.2/opt/chefdk | |
| $ chef --version | |
| Chef Development Kit Version: 2.4.17 | |
| chef-client version: 13.6.4 | |
| delivery version: master (73ebb72a6c42b3d2ff5370c476be800fee7e5427) | |
| berks version: 6.3.1 | |
| kitchen version: 1.19.2 | |
| inspec version: 1.45.13 | |
| mray@farnsworth[14:14]2.4.2/opt/chefdk | |
| $ mixlib-install download inspec |
| $ docker run -it -p 8000:8000 mattray/sample-node-app | |
| hab-sup(MR): Supervisor Member-ID 6921d086d07446ca9aeccd2aabececaa | |
| hab-sup(MR): Starting mattray/sample-node-app | |
| sample-node-app.default(UCW): Watching user.toml | |
| hab-sup(MR): Starting gossip-listener on 0.0.0.0:9638 | |
| hab-sup(MR): Starting http-gateway on 0.0.0.0:9631 | |
| sample-node-app.default(HK): init, compiled to /hab/svc/sample-node-app/hooks/init | |
| sample-node-app.default(HK): Hooks compiled | |
| sample-node-app.default(SR): Hooks recompiled | |
| default(CF): Updated config.json 3f22842e8d737bbb107d9ac19afba42642eccf68a06ddfbdba70507b23b8498a |
| inspec-profile-parks-demo.default(HK): run, compiled to /hab/svc/inspec-profile-parks-demo/hooks/run | |
| inspec-profile-parks-demo.default(HK): Hooks compiled | |
| inspec-profile-parks-demo.default(SR): Hooks recompiled | |
| inspec-profile-parks-demo.default(SR): Initializing | |
| inspec-profile-parks-demo.default(SV): Starting service as user=root, group=hab | |
| inspec-profile-parks-demo.default(O): Executing InSpec for mattray/inspec-profile-parks-demo | |
| inspec-profile-parks-demo.default(O): Don't understand inspec profile in /hab/svc/inspec-profile-parks-demo/var/.inspec/cache/2b3f30329ebb111c8c40565a3326278c50a08564, it doesn't look like a supported profile structure. | |
| inspec-profile-parks-demo.default(O): InSpec run did not complete successfully. If you do not see any errors above, | |
| inspec-profile-parks-demo.default(O): control failures were detected. Check the InSpec results here for details: | |
| inspec-profile-parks-demo.default(O): /hab/svc/inspec-profile-parks-demo/var/inspec_results/inspec-profile-parks-demo.json |
| railsapp_1 | sample-rails-app.default hook[init]:(HK): | |
| railsapp_1 | sample-rails-app.default hook[init]:(HK): A database connection is required for this app to properly boot. | |
| railsapp_1 | sample-rails-app.default hook[init]:(HK): Is the database not running or are the database connection | |
| railsapp_1 | sample-rails-app.default hook[init]:(HK): credentials incorrect? | |
| railsapp_1 | sample-rails-app.default hook[init]:(HK): | |
| railsapp_1 | sample-rails-app.default hook[init]:(HK): This app started with a database bind and will discovery the | |
| railsapp_1 | sample-rails-app.default hook[init]:(HK): hostname and port number in the Habitat ring. | |
| railsapp_1 | sample-rails-app.default hook[init]:(HK): | |
| railsapp_1 | sample-rails-app.default hook[init]:(HK): There are 3 remaining config settings which must be set correctly: | |
| railsapp_1 | sample-rails-app.default hook[init]:(HK): |
| --- | |
| driver: | |
| name: ec2 | |
| instance_type: m3.medium | |
| security_group_ids: ["sg-e6b61680"] # open up rdp, winrm-http, winrm-https | |
| associate_public_ip: true | |
| interface: dns | |
| aws_ssh_key_id: <%= ENV['AWS_SSH_KEY_ID'] %> | |
| tags: | |
| Name: kitchen-test-inspec-wannacry |
| railsapp_1 | myrailsapp.default(SR): Initializing | |
| railsapp_1 | myrailsapp.default hook[init]:(HK): /hab/pkgs/mattray/myrailsapp/0.1.0/20170911052105/libexec/is_db_connected: cd: line 17: can't cd to /hab/pkgs/mattray/myrailsapp/0.1.0/20170911052105/app | |
| railsapp_1 | myrailsapp.default hook[init]:(HK): | |
| railsapp_1 | myrailsapp.default hook[init]:(HK): A database connection is required for this app to properly boot. | |
| railsapp_1 | myrailsapp.default hook[init]:(HK): Is the database not running or are the database connection | |
| railsapp_1 | myrailsapp.default hook[init]:(HK): credentials incorrect? | |
| railsapp_1 | myrailsapp.default hook[init]:(HK): | |
| railsapp_1 | myrailsapp.default hook[init]:(HK): This app started with a database bind and will discovery the | |
| railsapp_1 | myrailsapp.default hook[init]:(HK): hostname and port number in the Habitat ring. | |
| railsapp_1 | myrailsapp.default hook[init]:(HK): |
| railsapp_1 | myrailsapp.default(SR): Initializing | |
| railsapp_1 | myrailsapp.default(HK): Hook failed to run, init, hab-sup(ER)[src/error.rs:467:8]: No such file or directory (os error 2) | |
| db_1 | postgresql.default(SR): Initializing | |
| db_1 | postgresql.default hook[init]:(HK): Executing init hook | |
| db_1 | postgresql.default hook[init]:(HK): Making sure hab user owns var, config and data paths | |
| db_1 | postgresql.default hook[init]:(HK): Database does not exist, creating with 'initdb' | |
| db_1 | postgresql.default hook[init]:(HK): no data was returned by command ""/hab/pkgs/core/postgresql/9.6.3/20170727171300/bin/postgres" -V" | |
| db_1 | postgresql.default hook[init]:(HK): The program "postgres" is needed by initdb but was not found in the | |
| db_1 | postgresql.default hook[init]:(HK): same directory as "/hab/pkgs/core/postgresql/9.6.3/20170727171300/bin/initdb". | |
| db_1 | postgresql.default hook[init]:(HK): Check your installation. |
