“DevSecOps” can be defined as integrating software security and compliance into the software development process, as opposed to bolting it on the end as a separate testing phase. This is where the “shift left” terminology comes from; the movement of testing traditionally performed late in the development process to earlier phases. At a minimum, this approach aims to catch security issues as early as practical, minimizing costly rework (and possibly redesign) that results from late discovery. It also emphasizes the inseparability of security from the development process. This article describes the DevSecOps movement background, ecosystem, and a simple example process.


Photo by Sagar Dani on Unsplash

Recent advances in Cloudify plugins have enabled the seamless integration of Terraform, Ansible, and Jenkins in a declarative framework that can span continuous integration and deployment. This article looks at the application of a general purpose declarative orchestrator in the devops space, which can coordinate services at any level, and truly support both “dev” and “ops”.

The construction and configuration of environments for testing requires infrastructure and configuration automation. Terraform (HashiCorp) and Ansible (Red Hat) are popular solution in each these domains. Terraform specializes in ‘Infrastructure as Code’ (essentially declarative infrastructure), and Ansible specializes in configuration automation. …


Photo by Louis Reed on Unsplash

One of the best fit use cases for Cloudify is the automated creation of operational environments. This capability is great for automating integration testing, and is related to the Environment As A Service concept. Gitlab provides an alternative platform to Github, and includes features such as source code control and CI/CD. In this article I’ll investigate extending the typical continuous integration (CI) process beyond unit testing to fully automated integration testing, using the CI feature of the Gitlab source code management system in concert with the Cloudify orchestrator using an on-prem installation of Gitlab. …


Workflows are how things get done in Cloudify. The model (blueprint) contains the information needed for orchestration (or most of it), and workflows use the model to accomplish tasks. I say “most of it”, because workflows can also accept parameters. Workflows in Cloudify are generic imperative (Python usually) programs that are fed the orchestration model as a parameter. This article is an introduction to the why, when, and how of custom Cloudify workflows.

One very important rationale for writing custom workflows is to reduce complexity for blueprint authors. The workflow can perform tasks that would otherwise have to be boilerplate…


Photo by RKTKN on Unsplash

In Cloudify version 5.0 an innocuous change was made that has afar reaching impact on orchestration modeling in concert with Cloudify’s plugin orientation. The change is mentioned briefly at the bottom of the release notes:

New interfaces added to the default lifecycle workflows: create/delete validation interface, precreate/prestop & poststart/postdelete lifecycle interfaces.

Actually, there are several more operations that have been added that aren’t mentioned in the release notes, and while a small change, they have very high leverage and potential impact. Generally in Cloudify documentation, much discussion of built in capabilities revolves around the install workflow. When one speaks of…


Photo by Tekton on Unsplash

Cloudify is highly extensible via its plugin-based architecture. The Cloudify blueprint parser, however, is not extensible. Most of the time, that’s not a problem. You can add functionality by writing custom plugins and workflows. Sometimes, however, extending the blueprint syntax is ideal.

Intrinsic functions in Cloudify, the concept of which flows from the OASIS TOSCA specification, are YAML maps with special reserved keys. For example, the get_input intrinsic function causes blueprint inputs to inserted where it is call, and is typically expressed like:

{ get_input: some_input }

get_input, and other intrinsics also support referencing nested keys in the referenced target…


Automating Meaningful Automated Tests

One of the challenges of meaningful testing is the construction of target environments suitable for the task. Cloudify excels in the construction and configuration of virtual environments, and can be leveraged with a build server like Jenkins to provide testing that more closely reflects production conditions.

Beyond the standard “stick this tool in your CI pipeline”, because there certainly many other tools that can spin up VMs, Cloudify has an extraordinarily rich set of capabilities that can be adapted to simplify the automation of meaningful integration tests. Besides having robust native orchestration capabilities, Cloudify has a…


Continuous integration for non-trivial applications, by nature, involves a significant amount of orchestration, and can become quite complex. This kind of problem is a natural fit for the Cloudify (http://cloudify.co) open source orchestrator, which excels both at complex automation tasks, and at integrating with other tools relevant to the space. This article discusses a CI toolchain that includes Cloudify and other tools such as Ansible and Terraform.

Continuous Integration Challenges

For many development organizations, continuous integration is a desirable yet difficult-to-achieve goal. The age of virtualization has brought with it the ability to spin up arbitrarily complex environments quickly, bringing within reach the…

DeWayne Filppi

Software developer and architect

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store