New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
multiple targets / parallel execution for inspec exec #3010
Comments
This would likely need to be implemented on a major version change. Currently, each InSpec run sets up a connection (via Conceivably, we could take a list of targets, fork (with new options for concurrency), perform the runs, then combine the outcomes into each requested report format. I don't know what gotchas lie ahead in that path. |
As a workaround today, one can at least use shell scripting to run inspec serially over a list of targets. And one could go farther, using Perl or Ruby etc. to add forking. |
A simple shell loop will do what you intend, but beware:
|
I'm also looking for ways to accelerate the spec runs (either for N targets but also for 1 target). I'm new to this space, maybe my questions will be obvious!
Thanks! |
Answering my own question on parallelism for a single target: RSpec (which Inspec relies on) doesn't yet support built-in parallelism (see discussion). This means that we may have to jump through hoops to bring some form of parallelism to the inspec runner (for a single target). |
@thbar - Thanks for that research into threading on RSpec, that opened my eyes quite a bit! As for single-target performance, we track known performance issues. Some of the newer resources - like the AWS resources - have some known performance issues. If you find anything specific to a particular resource, or use case, we'd love to hear about it in a new issue. Thanks! |
There is some very significant discussion going on in another sphere, which could be applied here with good benefits (especially given how slow remote SSH specs can be): |
Hey, I don't know if it is better to create a separate issue or maybe another issue already exists. But it would be great to be able to inspec multiple target types with a single profile. For example, If I deploy an AKS cluster on Azure and validating it with inspec-azure and at the same time being able to validate what is deployed on that AKS cluster using inspec-kubernetes. All inside the same profile that would be great. thx |
So I see this is a longstanding issue, and I have a similar need to @zopanix, but different cloud, super similar use case. @clintoncwolfe, is this something people can pick up or is a feature this complex that requires planning, designing, and feedback from core devs before moving forward? |
I sketched out one possible approach above. I still think this would be an InSpec 5 feature - as it would be a big change to several major components - but I think if the community wanted to get started on this we would welcome it. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. We value your input and contribution. Please leave a comment if this issue still affects you. |
It would be awesome to provide inspec cli a list of targets .... perhaps similar to a inventory file in ansible.
The text was updated successfully, but these errors were encountered: