Tara Calihman - August 06, 2015
We’ve been talking a lot about ChatOps recently and wanted to take a moment to change the conversation from high-level possibility to real-world opportunity. There are many good things that can come from ChatOps (sharing, speed, learning, brainstorming, fun) but many don’t know where to start or may be worried about security.
In this post, we’d like to show how Hubot scripts make your life easier, while also addressing some of the initial security issues.
How can Hubot help you?
Ask the bot to create a new build within Jenkins and if Jenkins is integrated into your chat, then it can echo what exactly is taking place. This means that everyone is on the same page in terms of what took place, who did it and when it happened.
Hubot (and the term ChatOps) originated within GitHub. Naturally, you’d imagine a number of integrations with their service. While many in the DevOps community simply use the native integrations provided by most modern chat clients like HipChat & Slack, a variety of Hubot scripts exist to allow for interaction with GitHub. By performing your actions within chat, you are able to accomplish the same goals while additionally announcing to your team what took place, when it happened, and how to do it.. You do your normal thing and extra stuff magically happens without you having to do anything else.
Don’t forget about your support team. They can use chat to extend the trial of a user and by taking that action within chat, everyone on the team knows that it’s taken place. Additionally, the bot can look up tickets in popular helpdesk or issue tracking systems, helping you to answer questions while saving time.
It’s simple to use a bot to look something up in your ticketing system. Let’s say you have a customer with a feature request. Working with the bot, you can search your ticketing system for similar feature requests, making it easier to keep tabs on customer’s needs.
You can use Hubot to answer your questions just like you would any other member of your team. Find useful information stored within your company’s CRM from the comfort of your chat client. By doing it through chat, you’re also teaching the other members of your team how to access the information next time.
It would seem that finance would not have anything to do with ChatOps, especially with the sensitive nature of the data they interact with on a daily basis. However, the argument can be made that there are things that finance might want to share with other business units in the company. Perhaps it’s a question of how many paid users are in the system or an issue of late invoices, but those are examples of simple information that can be shared with others via bot.
(no public scripts exist currently)
We recently did a ChatOps webinar with Michael Ansel, of Box, who pointed to some really great examples of security measures an organization can take in regards to implementing ChatOps. Unfortunately, those security Hubot code scripts aren’t open-sourced (yet) but we wanted to share a few thoughts on possible security workarounds…
- If security is a limiting factor in your adoption of ChatOps, there are a few things you can do to feel safer. Adding two-factor authentication helps to prevent password theft and increase the level of security. Once your authentication has been verified, the bot will carry out your command.
- Approvals add another layer of security. In certain scenarios, before the bot will run your command, it needs to ask for approval from another team. This insures that all the details are in place (is that server ready for provisioning, is the right asset tag included) and then moves forward with the command.
- If you have strict access requirements, you can customize and make an approval required on top of using a secure client. This guarantees that nothing up until the bot could have been compromised and forces a user to authenticate all the way through the pipeline.
These are a just a few of the examples we’re using internally or have heard of others doing. What kinds of things are you automating with ChatOps? And how is it working out?