From Ansible's website: "Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs."
This introduction is based on ansible official docs, capturing most important information to make it easy to understand Ansible main concepts.
A presentation delivered by Arctiq, onsite in Toronto, on Mar 1, 2017. The presentation discusses Ansible as an automation tool for Linux, Windows, and network devices. Reach out if you would like more information www.arctiq.ca
Ansible: How to Get More Sleep and Require Less CoffeeSarah Z
Why you need automation, configuration management and remote execution in your life. An intro to Ansible and how it can make your life in Ops infinitely easier.
This Presentation is an introducing to the IT automation environment, starting from a sys admin point of view.
The purpose of these tools is to help in troubleshooting and handling an heterogeneous it environment to ensure availability and reliability.
Ansible has huge potential, also working with docker. These slides give an introduction to how Ansible works and can be used to automate and improve your infrastructure setup.
Presentation of my TechTalk at eSapce (Every Thursday one of the departments make a session about something recently begun to use or a new technology, this was my session from SysOps team.) This is an introduction to Ansible, and how to get started with it ... and since then we moved to Ansible :-)
Ansible is a great tool for many purposes like: configuration management, contentious deployment, and multi-tier orchestration ... and more!
- http://tech.aabouzaid.com/
- http://espace.com.eg/
- http://ansible.com/
A presentation delivered by Arctiq, onsite in Toronto, on Mar 1, 2017. The presentation discusses Ansible as an automation tool for Linux, Windows, and network devices. Reach out if you would like more information www.arctiq.ca
Ansible: How to Get More Sleep and Require Less CoffeeSarah Z
Why you need automation, configuration management and remote execution in your life. An intro to Ansible and how it can make your life in Ops infinitely easier.
This Presentation is an introducing to the IT automation environment, starting from a sys admin point of view.
The purpose of these tools is to help in troubleshooting and handling an heterogeneous it environment to ensure availability and reliability.
Ansible has huge potential, also working with docker. These slides give an introduction to how Ansible works and can be used to automate and improve your infrastructure setup.
Presentation of my TechTalk at eSapce (Every Thursday one of the departments make a session about something recently begun to use or a new technology, this was my session from SysOps team.) This is an introduction to Ansible, and how to get started with it ... and since then we moved to Ansible :-)
Ansible is a great tool for many purposes like: configuration management, contentious deployment, and multi-tier orchestration ... and more!
- http://tech.aabouzaid.com/
- http://espace.com.eg/
- http://ansible.com/
(Click 2nd slide for video) Deploy PHP apps faster in 2017. This talk focuses on how PHP developers can use simple Ansible scripts to rapidly configure new dev and production servers from scratch, and deploy their apps. No more "snowflake servers"!
This is a general introduction to DevOps essentials and Ansible, with a few extras for PHP developers, including some best practice tips and overview of two major Ansible-based PHP projects, Drupal-VM and Trellis (modern WordPress setup).
A revamped version of the Ansible intro talk from February 2015, brought up-to-date for the January Ansible meetup in Berlin.
Join our group: https://www.meetup.com/Ansible-Berlin
Understand benefits and pain points of cloud, local and vagrant based development
Describe a development flow that combines vagrant and AWS to create a:
consistent environments for all developers
consistent environment from development to production
help organizations move fast – if they are not already doing this
integrate nearly flawlessly with AWS
Ease Development <-> Production Software Deployment
Presented at All Things Open, Raleigh NC, October 2014. Why do people love Ansible for automation? Good question! We walked through several Ansible use cases.
How to use Ansible to go faster when creating AWS resources, building servers, and deploying apps. This talk focuses on how AWS developers and admins can use simple Ansible scripts to rapidly create AWS resources including VPCs, security groups and instances, then configure new development and production servers, and deploy their apps. No more "snowflake servers"!
DevOps for Humans - Ansible for Drupal Deployment Victory!Jeff Geerling
Everyone knows it's a Good Idea™ to use a configuration management system (e.g. Puppet, Chef) to manage your Drupal infrastructure. But many people (myself included) have run into a wall of #wtfmoments when trying to learn the vagaries of traditional CM systems and their vendor-specific syntaxes.
In 2012, Ansible was released, enabling normal human beings to manage their servers with an easy, but powerful, CM system that uses YAML (just like Drupal 8!) to define configuration and Jinja2 (very much like Twig!) for templates. Not only that, but Ansible is also an incredibly simple and very flexible Drupal deployment and continuous delivery tool.
Learn how you can use Ansible to manage your infrastructure—including local development environments—and stop letting servers and deployments get in the way of development.
Ansible is tool for Configuration Management. The big difference to Chef and Puppet is, that Ansible doesn't need a Master and doesn't need a special client on the servers. It works completely via SSH and the configuration is done in Yaml.
These slides give a short introduction & motivation for Ansible.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Idan Tohami
- How to use Ansible to automate your applications in AWS.
- What is Ansible and why is it different?
- How to control cloud deployments securely
- How to control AWS resources using dynamic inventory and tags.
Paul Angus (ShapeBlue) - Push infrastructure with Ansible #DOXLONOutlyer
Ansible is one of the new breed of tools that encompasses configuration management, orchestration and software defined infrastructure. Find out how many companies are spinning up entire environments from source code including vm's, networks, dns, firewalls, load balancers etc.
Video: https://www.youtube.com/watch?v=unPVe2pcego
Join DevOps Exchange London here: http://www.meetup.com/DevOps-Exchange-London
Follow DOXLON on twitter http://www.twitter.com/doxlon
(Click 2nd slide for video) Deploy PHP apps faster in 2017. This talk focuses on how PHP developers can use simple Ansible scripts to rapidly configure new dev and production servers from scratch, and deploy their apps. No more "snowflake servers"!
This is a general introduction to DevOps essentials and Ansible, with a few extras for PHP developers, including some best practice tips and overview of two major Ansible-based PHP projects, Drupal-VM and Trellis (modern WordPress setup).
A revamped version of the Ansible intro talk from February 2015, brought up-to-date for the January Ansible meetup in Berlin.
Join our group: https://www.meetup.com/Ansible-Berlin
Understand benefits and pain points of cloud, local and vagrant based development
Describe a development flow that combines vagrant and AWS to create a:
consistent environments for all developers
consistent environment from development to production
help organizations move fast – if they are not already doing this
integrate nearly flawlessly with AWS
Ease Development <-> Production Software Deployment
Presented at All Things Open, Raleigh NC, October 2014. Why do people love Ansible for automation? Good question! We walked through several Ansible use cases.
How to use Ansible to go faster when creating AWS resources, building servers, and deploying apps. This talk focuses on how AWS developers and admins can use simple Ansible scripts to rapidly create AWS resources including VPCs, security groups and instances, then configure new development and production servers, and deploy their apps. No more "snowflake servers"!
DevOps for Humans - Ansible for Drupal Deployment Victory!Jeff Geerling
Everyone knows it's a Good Idea™ to use a configuration management system (e.g. Puppet, Chef) to manage your Drupal infrastructure. But many people (myself included) have run into a wall of #wtfmoments when trying to learn the vagaries of traditional CM systems and their vendor-specific syntaxes.
In 2012, Ansible was released, enabling normal human beings to manage their servers with an easy, but powerful, CM system that uses YAML (just like Drupal 8!) to define configuration and Jinja2 (very much like Twig!) for templates. Not only that, but Ansible is also an incredibly simple and very flexible Drupal deployment and continuous delivery tool.
Learn how you can use Ansible to manage your infrastructure—including local development environments—and stop letting servers and deployments get in the way of development.
Ansible is tool for Configuration Management. The big difference to Chef and Puppet is, that Ansible doesn't need a Master and doesn't need a special client on the servers. It works completely via SSH and the configuration is done in Yaml.
These slides give a short introduction & motivation for Ansible.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Idan Tohami
- How to use Ansible to automate your applications in AWS.
- What is Ansible and why is it different?
- How to control cloud deployments securely
- How to control AWS resources using dynamic inventory and tags.
Paul Angus (ShapeBlue) - Push infrastructure with Ansible #DOXLONOutlyer
Ansible is one of the new breed of tools that encompasses configuration management, orchestration and software defined infrastructure. Find out how many companies are spinning up entire environments from source code including vm's, networks, dns, firewalls, load balancers etc.
Video: https://www.youtube.com/watch?v=unPVe2pcego
Join DevOps Exchange London here: http://www.meetup.com/DevOps-Exchange-London
Follow DOXLON on twitter http://www.twitter.com/doxlon
Introduces Ansible as DevOps favorite choice for Configuration Management and Server Provisioning. Enables audience to get started with using Ansible. Developed in Python which only needs YAML syntax knowledge to automate using this tool.
Ansible is the simplest way to automate. MoldCamp, 2015Alex S
Ansible is a radically simple IT automation engine. This is new and great configuration management system (like Chef, Puppet) that has been created in 2012 year. Also Ansible is pretty simple and flexible system, that helps you in managing your servers and execute Ad-hoc commands.
During this session I will explain how to start using Ansible in infrastructure orchestration and what are pros and cons of this system. Also I will explain you our experience in deployments, provisioning and other aspects.
This presentation starts with an introduction to the rationale behind automated deployments in Continuous Delivery and DevOps. Then, I compare agent-based architectures, such as Chef and Puppet with the agentless architecture of the server orchestration engine Ansible. The presentation concludes with an automated deployment of Dynatrace into a simulated production environment.
Title: Ansible, best practices.
Ansible has taken a prominent place in the configmanagement world. By now many people involved in DevOps have taken a look at it, or done a first project with it. Now it is time to step back and look at quality and craftmanship. Bas Meijer, Ansible ambassador, will talk about Ansible best practices, and will show tips, tricks and examples based on several projects.
About the speaker
Bas is a systems engineer and software developer and wasted decades on latenight hacking. He is currently helping out 2 enterprises with continuous delivery and devops.
One thing that most programmers do not take the time to understand is the servers that their application lives on. Most know a smattering of Apache configs, PHP configs, and basic information about the OS. This talk will deal with looking at tools that can help you quickly set up a server and how it can help you be a better developer. We'll look at tools like puppet for server management, OSSEC for log management, different command line tools, and nagios/monit for system monitoring.
Systems administration for coders presentationMatt Willsher
A presentation given at Unified Diff in Cardiff in 2013, with the aim of introducing the art & science of systems administration to software developers, based on experiences at the web dev agency.
5/13/13 presentation to Austin DevOps Meetup Group, describing our system for deploying 15 websites and supporting services in multiple languages to bare redhat 6 VMs. All system-wide software is installed using RPMs, and all application software is installed using GIT or Tarball.
Deployment of WebObjects applications on CentOS LinuxWO Community
With the rise of cloud computing and the death of the Xserve, learn how you can deploy your WebObjects applications on a CentOS server. You will also get tips about how to secure your server so that you don't get hack.
Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)Tim Bunce
Slides of my talk on Devel::NYTProf and optimizing perl code at the Italian Perl Workshop (IPW09). It covers the new features in NYTProf v3 and a new section outlining a multi-phase approach to optimizing your perl code.
30 mins long plus 10 mins of questions. Best viewed fullscreen.
Devel::NYTProf 2009-07 (OUTDATED, see 201008)Tim Bunce
The slides of my "State-of-the-art Profiling with Devel::NYTProf" talk at OSCON in July 2009.
I'll upload a screencast and give the link in a blog post at http://blog.timbunce.org
This is a recording of my Advanced Oracle Troubleshooting seminar preparation session - where I showed how I set up my command line environment and some of the main performance scripts I use!
One thing that most programmers do not take the time to understand is the servers that their application lives on. Most know a smattering of Apache configs, PHP configs, and basic information about the OS. This talk will deal with looking at tools that can help you quickly set up a server and how it can help you be a better developer. We'll look at tools like Puppet for server management, OSSEC for log management, different command line tools, and Nagios/Monit for system monitoring.
Introduction to Docker (and a bit more) at LSPE meetup SunnyvaleJérôme Petazzoni
What's Docker, why does it matter, how does it use Linux Containers, why should you use it, and how? You'll find answers to those questions (and a bit more) in this presentation, given February 20th 2014 at the Large Scale Production Engineering Meet-Up at Yahoo, in Sunnyvale.
Actualizar a nuevos frameworks, paradigmas, explorar en proyectos "greenfield" está genial, pero ¿y si el software que estás manteniendo lleva años funcionando y no lo puedes modificar así como así? ¿Puedes modernizarlo de alguna manera: procesos, automatización, testing...?
En esta charla compartiremos las experiencias de cómo una aplicación "legacy" ha ido evolucionando con el paso de los años sin tocar el core de la aplicación (Java + Struts + MySQL), simplemente optimizando los procesos mediante la automatización de tareas, virtualización de entornos y gestión de la configuración.
These slides mark the goals that we'd like to accomplish defining a QA team which eliminates the frictions with development teams. How much is achieved? Well, it's on our plans to follow it. But we do not know if we'll be able to make it possible
Moving applications between environments is a well-known issue everyone suffers. Dev and Production environments are not always synchronised, or even up-to-date, so development teams have to deal with different versions of application runtimes. Therefore teams see how their development speed is decreased and they need more agility when developing new features or solving bugs. Trying to solve many of the problems described above, container virtualization is the most effective alternative nowadays, where Docker Inc has proposed a very good accepted solution. Replicating environments with exactly the same runtime and configuration is a must-have and Liferay Engineering is adopting Docker containers to do so. During the talk we’ll illustrate how Liferay teams are generating docker images on demand, allowing them to increase their development and bug-fixing speed.
Éstas son las ideas que desde Software Craftsmanship Toledo (http://www.meetup.com/es-ES/Software-Craftsmanship-Toledo-ES) consideramos necesarias para disponer de una aplicación móvil moderna de las líneas de autobús urbano en la ciudad de Toledo, y no lo que actualmente tenemos.
Comprar en Internet es un tema que a muchas personas les produce respeto. Con estas slides intentamos acercar el proceso de comprar online explicando las diferencias y similitudes con un proceso de compra tradicional.
En esta presentación damos a conocer las redes sociales que consideramos más exitosas de cara a potencia el autoempleo. Por ello mostramos unos conceptos básicos mínimos que ayudarán a conocer mejor cada una de ellas.
El objetivo de esta presentación es dar a conocer una pequeña muestra de las innumerables herramientas que tenemos a nuestra disposición para ser mucho más productivos, no sólo en el trabajo, sino en la propia auto-organización diaria, ya sea en ordenadores personales, como en tablets o teléfonos móviles.
These are the slides of my volunteer time at COCEMFECLM, sharing my knowledge, sharing my time helping people with disabilities.
Thanks to Liferay, I can collaborate with my community to make their life better
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
2. SOFTWARE CRAFTSMANSHIP TOLEDO
Software Craftsmanship Toledo
• Pasión por la ingeniería software y el desarrollo de
software en la comunidad de Castilla-La Mancha.
• Clara vocación por aprender, fomentar y compartir las
metodologías ágiles en la región.
• Grupo totalmente abierto: http://www.meetup.com/es/
Software-Craftsmanship-Toledo-ES
• Miembros profesionales y/o apasionados del desarrollo
software.
• Tenemos un canal de Slack… Apúntante!
3.
4. SOFTWARE CRAFTSMANSHIP TOLEDO
Meet me
• Manuel de la Peña
• @mdelapenya
• Support >
Engineering >
Testing > IT … at
Liferay, Inc.
• DEVOPS?
15. SOFTWARE CRAFTSMANSHIP TOLEDO
How it works
• It uses a very simple language (YAML, in the form
of Ansible Playbooks)
• Plain English!
• By default manages machines over the SSH
protocol.
• It uses no agents and no additional custom
security infrastructure.
16. SOFTWARE CRAFTSMANSHIP TOLEDO
SSH Keys
• SSH keys with ssh-agent are
recommended.
• Root logins are not required, you can
login as any user, and then su or
sudo to any user.
17. SOFTWARE CRAFTSMANSHIP TOLEDO
Installation
• No database, and no running daemons!
• Install it on only one machine (a laptop?) as central
point.
• It does not leave software installed or running on
remote machines —> upgrades super easy :D
18. SOFTWARE CRAFTSMANSHIP TOLEDO
Control Machine
• “Any” machine with Python 2.6 or 2.7 installed.
• This includes Red Hat, Debian, CentOS, OS X, any
of the BSDs, and so on.
• Windows isn’t supported for the control machine.
19. SOFTWARE CRAFTSMANSHIP TOLEDO
Managed Nodes
• You need a way to communicate, normally ssh.
• SSH uses sftp. If not available, switch to scp.
• Python 2.4 or later. (If Python < 2.5 also need
python-simplejson)
20. SOFTWARE CRAFTSMANSHIP TOLEDO
Remote connection
• Native OpenSSH for remote communication when
possible.
• If OpenSSH is too old in control machine
(Enterprise Linux 6 OS)—> Fallback to Paramiko:
a Python implementation.
• SSH keys are encouraged but password
authentication can also be used (--ask-pass).
23. SOFTWARE CRAFTSMANSHIP TOLEDO
Inventory
• What machines/hosts you are
managing using a very simple INI file.
• Managed machines/hosts in groups of
your own choosing.
• Define variables by scope.
38. SOFTWARE CRAFTSMANSHIP TOLEDO
Variables
• Should be letters, numbers, and
underscores.
• Variables should always start with a letter.
• YAML also supports dictionaries which
map keys to values.
• There are reserved Python-related
keywords.
44. SOFTWARE CRAFTSMANSHIP TOLEDO
Variables: precedence
• role defaults < inventory vars < inventory
group_vars < inventory host_vars <
playbook group_vars < playbook host_vars
< host facts < registered vars < set_facts <
play vars < play vars_prompt < play
vars_files < role and include vars < block
vars (only for tasks in block) < task vars
(only for the task) < extra vars
46. SOFTWARE CRAFTSMANSHIP TOLEDO
Playbooks
• Orchestrate steps/tasks of any
manual ordered process.
• Executed a/synchronously.
• YAML format.
• Minimum syntax —> not a language
but a model.
47. SOFTWARE CRAFTSMANSHIP TOLEDO
Playbooks: Tasks
• Should have a name: included in
output and readable by humans.
• Accept variables:
template: src=somefile.j2 dest=/etc/
httpd/conf.d/{{ vhost }}
48. SOFTWARE CRAFTSMANSHIP TOLEDO
Playbooks: Tasks lists
• Each play contains a list of tasks.
• Tasks are executed in order, one at a time,
against all machines matched by the host
pattern.
• Important! Same task directives to all hosts.
• Tasks goal? execute a module, with arguments.
• Modules are idempotent.
49. SOFTWARE CRAFTSMANSHIP TOLEDO
Playbooks:Hosts&Users
• For each play, choose machines to
target and remote user to complete
the steps/tasks as.
• Define remote users per task.
• Use sudo on a particular task
instead of the whole play.
50. SOFTWARE CRAFTSMANSHIP TOLEDO
Playbooks: Handlers
• Playbooks respond to change.
• Can notify at the end of each block of
tasks.
• Triggered only once, even if notified by
multiple tasks.
• Best used to restart services and trigger
reboots.
54. SOFTWARE CRAFTSMANSHIP TOLEDO
Roles
• Reuse playbooks.
• Combine files to form clean,
reusable abstractions.
• Grouping allows easy sharing of
roles with other users.
• include directive —> Include files.
55. SOFTWARE CRAFTSMANSHIP TOLEDO
Roles: structure
• Automatically loads certain
vars_files, tasks, and handlers based
on a known file structure.
• Where is the magic? Improvements
to search paths for referenced files.
57. SOFTWARE CRAFTSMANSHIP TOLEDO
Roles: main.yml
• roles/x/tasks/main.yml —> Add tasks to the
play.
• roles/x/handlers/main.yml —> Add handlers
to the play.
• roles/x/vars/main.yml —> Add variables to
the play.
• roles/x/meta/main.yml —>, Add roles as
dependency (1.3 and later).
58. SOFTWARE CRAFTSMANSHIP TOLEDO
Roles: paths
• Any copy, script, template or include
tasks (in the role) can reference files
in roles/x/{files,templates,tasks}/
without having to path them
relatively or absolutely
60. SOFTWARE CRAFTSMANSHIP TOLEDO
Roles:defaults
• Add a defaults/main.yml file in your role
directory.
• Set default variables for included or
dependent roles.
• Lowest priority of any variables
available, so they are easily overridden,
including inventory variables!
61. SOFTWARE CRAFTSMANSHIP TOLEDO
Roles:dependencies
• A list of roles and parameters to
insert and execute before the
specified role.
• Automatically pull in other roles.
• meta/main.yml within the role.
• Executed recursively.
75. SOFTWARE CRAFTSMANSHIP TOLEDO
LELK Next??
• Applied logstash-forwarder role to
more machines, setting log_paths
and tags variable to the desired file.
• Add more client types —> Apache
Server, Firewall