Session
Schedule FOSDEM 2020
Infra Management

Compliance management with OpenSCAP and Ansible

Using OpenSCAP and Ansible for compliance management of large computing environments
UD2.120 (Chavanne)
Amit Upadhye
Managing compliance of large IT environment is complex and challenging task. Today's hybrid cloud environments are having different life cycles, when considering many short lived system like cloud instances its difficult to manage compliance on the go. This talk focuses on how OpenSCAP policies, tools and Ansible can be used to have greater control of compliance of large environments.

Compliance management with OpenSCAP

Enterprise computing environments may consist of thousands of computer systems, having multiple applications and services. These systems are accessed by large and diverse set of users and applications. To have a greater control over security of these vast environments a standard and unified way to scan systems for compliance with security policies is needed.

This talk focuses on using SCAP tools to retain control over large environments, scan compliance with desired policy, and use Ansible to remediate detected problems,

Install and use the SCAP Security Guide. Evaluate a server's compliance with the requirements specified by a policy from the SCAP Security Guide using OpenSCAP tools. Create a tailoring file to adjust the policy's security checks so that they’re relevant and correct for a specific system and its use case. Run Ansible Playbooks, included in the SCAP Security Guide, to remediate compliance checks that failed an OpenSCAP scan. Demonstration

Additional information

Type devroom

More sessions

2/1/20
Infra Management
UD2.120 (Chavanne)
Introducing Tanka, a scalable Jsonnet based tool for deploying and managing Kubernetes Infrastructure
2/1/20
Infra Management
Dennis Kliban
UD2.120 (Chavanne)
Pulp (https://pulpproject.org) enables users to organize and distribute software. Now that Pulp 3.0 is generally available, it’s time to integrate it into your software delivery workflows. While the REST API is the primary integration point, it is the OpenAPI schema definition of that API that enables users to build client libraries in various languages. These clients simplify the integration with Pulp 3. This talk will provide a brief introduction to OpenAPI. This will be followed by a ...
2/1/20
Infra Management
David Heijkamp
UD2.120 (Chavanne)
It may be hard to image, but some sysadmins do not operate in ideal, tightly controlled circumstances. Apparently, not every developer, application or organization is ready for Kubernetes… In this presentation we will share a real world use case: deploying and configuring a brand new natural history museum. We’ll show how we built the museum with open source software and config management tools, dealing with a broad set of technologies, a tight schedule, a sector dominated by traditional ...
2/1/20
Infra Management
UD2.120 (Chavanne)
The talk with give an introduction of Ansible collections and will talk about collection structure and how to deliver Ansible content with collections
2/1/20
Infra Management
Walter Heck
UD2.120 (Chavanne)
Designing for Failure While we all work very hard to build high-available, fault-tolerant and resillient applications and infrastructures the end-goal is currently often something along the lines of loosly-coupled/microservices with zero-downtime in mind. Upgrades are tied to CI/CD pipelines and we should be sipping pina coladas on the beach. Time to unleash the Chaos Monkey, because that is what Netflix does, so we should try it as well. Now, the backend DB failed. The middleware application is ...
2/1/20
Infra Management
Jeff Knurek
UD2.120 (Chavanne)
A key aspect of a microservice architecture is to make sure individual services work in isolation. But as a developer its also important to make sure the service works in the full system. Providing developers a way to run pre-production code in a multi-service environment is challenging. Making use of existing Helm charts and defaulting to production configuration does part of the work. Also important is being able to extend upon tools like Telepresence/Ksync for debugging in k8s. But while ...
2/1/20
Infra Management
Michael Hrivnak
UD2.120 (Chavanne)
Join us to learn why Operators are the leading and default approach for managing workloads on Kubernetes. We will pull back the curtain to show you exactly what an Operator is, how to make one, and what it means to be “Kubernetes Native”.