The document discusses Augeas, an open source configuration editing tool that parses configuration files into a tree structure and allows editing them using a standardized API, lenses provide parsers for common configuration files and it can be used from configuration management tools like Puppet to securely edit files. Native providers can also be written for Augeas to manage complex configuration files like sshd_config that use grouping.
Configuration surgery with Augeas (OggCamp 12)Dominic Cleal
Lightning talk for an intro to Augeas at OggCamp 12. Briefly explains the library, examples of what it can do and where it's used. Based on a presentation by Raphaël Pinson (search for RMLL 2012).
How to Develop Puppet Modules: From Source to the Forge With Zero ClicksCarlos Sanchez
Puppet Modules are a great way to reuse code, share your development with other people and take advantage of the hundreds of modules already available in the community. But how to create, test and publish them as easily as possible? now that infrastructure is defined as code, we need to use development best practices to build, test, deploy and use Puppet modules themselves. Three steps for a fully automated process
* Continuous Integration of Puppet Modules
* Automatic release and upload to the Puppet Forge
* Deploy to Puppet master
This document summarizes PuppetDB, Puppet Explorer, and puppetdbquery. PuppetDB is a Clojure service that stores Puppet data like facts, catalogs, and reports in a PostgreSQL backend. It allows exporting and collecting resources. PuppetDB has a rich query API to search nodes, environments, facts, catalogs, resources, and more. Puppet Explorer is a web UI that visualizes PuppetDB data using CoffeeScript and AngularJS. Puppetdbquery is a Puppet module and CLI tool for querying PuppetDB with functions, a Puppetface, hiera backend, and Ruby API. It allows querying nodes and resources with comparison, logical, and date expressions.
An overview of the main questions/design issues when starting to work with databases in Perl
- choosing a database
- matching DB datatypes to Perl datatypes
- DBI architecture (handles, drivers, etc.)
- steps of DBI interaction : prepare/execute/fetch
- ORM principles and difficulties, ORMs on CPAN
- a few examples with DBIx::DataModel
- performance issues
First given at YAPC::EU::2009 in Lisbon. Updated version given at FPW2011 in Paris and YAPC::EU::2011 in Riga
This document provides troubleshooting information for Puppet failures. It begins with common failure messages and their potential causes such as "can't find puppet", "can't connect to puppet", and "can't get certificate". It then covers tools for investigating failures like the Puppet REST API, debugging Puppet compiles and applies, and checking for issues via notify resources and debug scripts. The document outlines techniques for locating problems with nodes, workers, variables, and resources conflicting or going stale.
Drehbuch zum Talk "Rapid Prototyping mit PHP Frameworks"Ralf Eggert
Das Drehbuch zum Talk "Rapid Prototyping mit PHP Frameworks" auf der Web-Developer-Conference kompakt 2013 zeigt die schrittweisen Aufbau eines Prototypen anhand des ZF2
Folien unter http://de.slideshare.net/eggertralf/rapidprototypingzf2 zu finden
This document contains the configuration and settings for a PHP shell script called c99shell. It defines variables for authentication, directories, file types, commands, colors and other options. It checks the client's IP and host name against allowed patterns. If authentication is enabled, it will check the login and password. The script merges request parameters to global variables for use throughout.
Configuration surgery with Augeas (OggCamp 12)Dominic Cleal
Lightning talk for an intro to Augeas at OggCamp 12. Briefly explains the library, examples of what it can do and where it's used. Based on a presentation by Raphaël Pinson (search for RMLL 2012).
How to Develop Puppet Modules: From Source to the Forge With Zero ClicksCarlos Sanchez
Puppet Modules are a great way to reuse code, share your development with other people and take advantage of the hundreds of modules already available in the community. But how to create, test and publish them as easily as possible? now that infrastructure is defined as code, we need to use development best practices to build, test, deploy and use Puppet modules themselves. Three steps for a fully automated process
* Continuous Integration of Puppet Modules
* Automatic release and upload to the Puppet Forge
* Deploy to Puppet master
This document summarizes PuppetDB, Puppet Explorer, and puppetdbquery. PuppetDB is a Clojure service that stores Puppet data like facts, catalogs, and reports in a PostgreSQL backend. It allows exporting and collecting resources. PuppetDB has a rich query API to search nodes, environments, facts, catalogs, resources, and more. Puppet Explorer is a web UI that visualizes PuppetDB data using CoffeeScript and AngularJS. Puppetdbquery is a Puppet module and CLI tool for querying PuppetDB with functions, a Puppetface, hiera backend, and Ruby API. It allows querying nodes and resources with comparison, logical, and date expressions.
An overview of the main questions/design issues when starting to work with databases in Perl
- choosing a database
- matching DB datatypes to Perl datatypes
- DBI architecture (handles, drivers, etc.)
- steps of DBI interaction : prepare/execute/fetch
- ORM principles and difficulties, ORMs on CPAN
- a few examples with DBIx::DataModel
- performance issues
First given at YAPC::EU::2009 in Lisbon. Updated version given at FPW2011 in Paris and YAPC::EU::2011 in Riga
This document provides troubleshooting information for Puppet failures. It begins with common failure messages and their potential causes such as "can't find puppet", "can't connect to puppet", and "can't get certificate". It then covers tools for investigating failures like the Puppet REST API, debugging Puppet compiles and applies, and checking for issues via notify resources and debug scripts. The document outlines techniques for locating problems with nodes, workers, variables, and resources conflicting or going stale.
Drehbuch zum Talk "Rapid Prototyping mit PHP Frameworks"Ralf Eggert
Das Drehbuch zum Talk "Rapid Prototyping mit PHP Frameworks" auf der Web-Developer-Conference kompakt 2013 zeigt die schrittweisen Aufbau eines Prototypen anhand des ZF2
Folien unter http://de.slideshare.net/eggertralf/rapidprototypingzf2 zu finden
This document contains the configuration and settings for a PHP shell script called c99shell. It defines variables for authentication, directories, file types, commands, colors and other options. It checks the client's IP and host name against allowed patterns. If authentication is enabled, it will check the login and password. The script merges request parameters to global variables for use throughout.
Groovy is a powerfull development language with a lot of features and almost all we need.
As we all are familiar with Java, Groovy and many libraries, why don't we use it to write scripts for system-automation?
This session will show the best practices and how to overcome some obstacles when writing shell-scripts using Groovy.
Presentation on how Puppet has been introduced in Seat Pagine Gialle to automate system administration tasks and easy the cooperation between Ops and Others.
The document discusses using Spring for Apache Hadoop to configure and run MapReduce jobs, Hive queries, Pig scripts, and interacting with HBase. It provides examples of configuring Hadoop, Hive, Pig, and HBase using Spring namespaces and templates. It demonstrates how to declare MapReduce jobs, run Hive queries and Pig scripts, and access HBase using the HBaseTemplate for a higher level of abstraction compared to the native HBase client.
Puppet is a tool that allows users to declaratively configure systems. It provides abstraction through defined resources like packages and files, ensures configurations are idempotent, and converges systems to the desired state declaratively rather than imperatively through scripts. Puppet code is organized into reusable modules and managed through version control. Modules should include tests, be validated with tools like puppet-lint, and tested in automated environments like Travis CI to ensure high quality.
This document contains information about c99shell.php, a PHP-based file manager tool intended for hacking. It lists features like managing local and remote files/folders, an advanced SQL manager, executing shell commands and PHP code, and self-removal. The document provides configuration options, registered file types, command aliases, and notes on expected future changes.
This document summarizes new features in PL/Perl for PostgreSQL 9.0. It introduces new built-in functions for quoting, encoding bytea, and checking if a value looks like a number. It describes improved support for arrays, trusted modules, and executing arbitrary Perl code using DO. The document also covers internal changes like removing the Safe module, new configuration options, and integration with the NYTProf profiler.
The document provides an introduction to using DotCloud and Go. It discusses deploying a Perl application on DotCloud, including defining services in dotcloud.yml, connecting services to each other using environment variables, and pushing code to DotCloud. It also covers troubleshooting applications running on DotCloud using commands like dotcloud logs and dotcloud run.
The document discusses monitoring and analyzing memory usage in Raku processes. It describes using the getrusage(2) system call to retrieve resident set size (RSS) and other memory statistics for a process. It then presents the ProcStats module, which allows periodically sampling getrusage(2) data over time to track RSS and detect changes from an initial baseline. The module outputs differences in memory statistics compared to the first sample, ignoring unchanged values. This provides a concise way to monitor for increases in a process's memory footprint over time.
David Naughton presented on using drush and custom PHP classes to implement an Extract, Transform, Load (ETL) process for automatically loading citation data from various sources into Drupal on a regular basis. The ETL process extracts citations from sources using custom extractor classes, transforms the raw data into Drupal-compatible formats using transformer classes, and loads the transformed data into Drupal nodes using a loader class. Drush commands are used to schedule the ETL process and pass configuration parameters to the PHP classes from the command line, allowing flexible scheduling via cron. This approach avoids issues with PHP memory limits and timeouts compared to using hook_cron directly in Drupal.
The document discusses using Perl libraries to interact with cloud computing platforms like Amazon EC2 and Rackspace to launch and manage virtual servers and instances. It provides code examples for creating instances on EC2 and Rackspace using the Net::Amazon::EC2 and Net::RackSpace::CloudServers libraries, checking for instances to become active, and connecting to instances securely via SSH.
Face it, backticks are a pain. BASH $() construct provides a simpler, more effective approach. This talk uses examples from automating git branches and command line processing with getopt(1) to show how $() works in shell scripts.
PuppetCamp Ghent - What Not to Do with PuppetWalter Heck
The document discusses common mistakes to avoid when using Puppet, including design mistakes like poorly structured classes, language mistakes like misusing functionality, and dependency issues. It provides examples of problematic Puppet code and explanations of why they are problematic, such as putting multiple classes in one file, using default options without checking for failures, and creating dependency loops between resources. The goal is to help Puppet users identify and avoid ugly or erroneous Puppet code that could cause problems.
The document compares the directory structures and MVC implementation between CodeIgniter 3 and CodeIgniter 4. Some key differences include CodeIgniter 4 using namespaces for classes, updating the directory structure of application and system folders, and implementing an ORM for models to work with databases rather than using the query builder as in CodeIgniter 3. The index.php file is also updated to bootstrap the framework differently in CodeIgniter 4.
Have you ever thought, “I wish it was easier to change JavaScript code programmatically?” Maybe you wanted to write or edit a configuration block in source code. Perhaps you wanted to generate customized algorithmic code. For many, this kind of thing seems inaccessible.
The tools exist, though. In this talk, Stephen Vance will look at how he has used recast and esprima to edit and rewrite JavaScript code, leaving the untouched code completely intact, including whitespace and comments. At the end, you should have enough knowledge to be dangerous and start to write the next automatic programming, AI, take-over-the-world, self-improving software.
Slides for my talk at SkyCon'12 in Limerick.
Here I've squeezed four talks into one, covering a lot of ground quickly, so I've included links to more detailed presentations and other resources.
Variable interpolation is a standard way to BASH your head. This talk looks at interpolation, eval, ${} handling and "set -vx" to debug basic variable handling.
AST - the only true tool for building JavaScriptIngvar Stepanyan
The document discusses working with code abstract syntax trees (ASTs). It provides examples of parsing code into ASTs using libraries like Esprima, querying ASTs using libraries like grasp-equery, constructing and transforming ASTs, and generating code from ASTs. It introduces aster, an AST-based code builder that allows defining reusable AST transformations as plugins and integrating AST-based builds into generic build systems like Grunt and Gulp. Aster aims to improve on file-based builders by working directly with ASTs in a streaming fashion.
The document discusses various PHP wrappers that can be used to read and write data in non-standard ways and bypass security restrictions. It describes how wrappers like php://filter, zip://, and data:// can be used to read and write local files, modify file contents, bypass authentication, and perform XXE attacks. It also notes that filters in the php://filter wrapper can be used to selectively remove parts of file contents during I/O operations.
The document discusses deploying a Rails application to Amazon EC2. It explains that the goals are to launch an EC2 instance, connect to it, set up the environment, deploy the application, and profit. It then outlines the plan to launch an instance, connect to it, install necessary packages like Ruby, Rails, and Nginx, configure Nginx and Unicorn, deploy the application using Capistrano, and start the Unicorn process.
Groovy is a powerfull development language with a lot of features and almost all we need.
As we all are familiar with Java, Groovy and many libraries, why don't we use it to write scripts for system-automation?
This session will show the best practices and how to overcome some obstacles when writing shell-scripts using Groovy.
Presentation on how Puppet has been introduced in Seat Pagine Gialle to automate system administration tasks and easy the cooperation between Ops and Others.
The document discusses using Spring for Apache Hadoop to configure and run MapReduce jobs, Hive queries, Pig scripts, and interacting with HBase. It provides examples of configuring Hadoop, Hive, Pig, and HBase using Spring namespaces and templates. It demonstrates how to declare MapReduce jobs, run Hive queries and Pig scripts, and access HBase using the HBaseTemplate for a higher level of abstraction compared to the native HBase client.
Puppet is a tool that allows users to declaratively configure systems. It provides abstraction through defined resources like packages and files, ensures configurations are idempotent, and converges systems to the desired state declaratively rather than imperatively through scripts. Puppet code is organized into reusable modules and managed through version control. Modules should include tests, be validated with tools like puppet-lint, and tested in automated environments like Travis CI to ensure high quality.
This document contains information about c99shell.php, a PHP-based file manager tool intended for hacking. It lists features like managing local and remote files/folders, an advanced SQL manager, executing shell commands and PHP code, and self-removal. The document provides configuration options, registered file types, command aliases, and notes on expected future changes.
This document summarizes new features in PL/Perl for PostgreSQL 9.0. It introduces new built-in functions for quoting, encoding bytea, and checking if a value looks like a number. It describes improved support for arrays, trusted modules, and executing arbitrary Perl code using DO. The document also covers internal changes like removing the Safe module, new configuration options, and integration with the NYTProf profiler.
The document provides an introduction to using DotCloud and Go. It discusses deploying a Perl application on DotCloud, including defining services in dotcloud.yml, connecting services to each other using environment variables, and pushing code to DotCloud. It also covers troubleshooting applications running on DotCloud using commands like dotcloud logs and dotcloud run.
The document discusses monitoring and analyzing memory usage in Raku processes. It describes using the getrusage(2) system call to retrieve resident set size (RSS) and other memory statistics for a process. It then presents the ProcStats module, which allows periodically sampling getrusage(2) data over time to track RSS and detect changes from an initial baseline. The module outputs differences in memory statistics compared to the first sample, ignoring unchanged values. This provides a concise way to monitor for increases in a process's memory footprint over time.
David Naughton presented on using drush and custom PHP classes to implement an Extract, Transform, Load (ETL) process for automatically loading citation data from various sources into Drupal on a regular basis. The ETL process extracts citations from sources using custom extractor classes, transforms the raw data into Drupal-compatible formats using transformer classes, and loads the transformed data into Drupal nodes using a loader class. Drush commands are used to schedule the ETL process and pass configuration parameters to the PHP classes from the command line, allowing flexible scheduling via cron. This approach avoids issues with PHP memory limits and timeouts compared to using hook_cron directly in Drupal.
The document discusses using Perl libraries to interact with cloud computing platforms like Amazon EC2 and Rackspace to launch and manage virtual servers and instances. It provides code examples for creating instances on EC2 and Rackspace using the Net::Amazon::EC2 and Net::RackSpace::CloudServers libraries, checking for instances to become active, and connecting to instances securely via SSH.
Face it, backticks are a pain. BASH $() construct provides a simpler, more effective approach. This talk uses examples from automating git branches and command line processing with getopt(1) to show how $() works in shell scripts.
PuppetCamp Ghent - What Not to Do with PuppetWalter Heck
The document discusses common mistakes to avoid when using Puppet, including design mistakes like poorly structured classes, language mistakes like misusing functionality, and dependency issues. It provides examples of problematic Puppet code and explanations of why they are problematic, such as putting multiple classes in one file, using default options without checking for failures, and creating dependency loops between resources. The goal is to help Puppet users identify and avoid ugly or erroneous Puppet code that could cause problems.
The document compares the directory structures and MVC implementation between CodeIgniter 3 and CodeIgniter 4. Some key differences include CodeIgniter 4 using namespaces for classes, updating the directory structure of application and system folders, and implementing an ORM for models to work with databases rather than using the query builder as in CodeIgniter 3. The index.php file is also updated to bootstrap the framework differently in CodeIgniter 4.
Have you ever thought, “I wish it was easier to change JavaScript code programmatically?” Maybe you wanted to write or edit a configuration block in source code. Perhaps you wanted to generate customized algorithmic code. For many, this kind of thing seems inaccessible.
The tools exist, though. In this talk, Stephen Vance will look at how he has used recast and esprima to edit and rewrite JavaScript code, leaving the untouched code completely intact, including whitespace and comments. At the end, you should have enough knowledge to be dangerous and start to write the next automatic programming, AI, take-over-the-world, self-improving software.
Slides for my talk at SkyCon'12 in Limerick.
Here I've squeezed four talks into one, covering a lot of ground quickly, so I've included links to more detailed presentations and other resources.
Variable interpolation is a standard way to BASH your head. This talk looks at interpolation, eval, ${} handling and "set -vx" to debug basic variable handling.
AST - the only true tool for building JavaScriptIngvar Stepanyan
The document discusses working with code abstract syntax trees (ASTs). It provides examples of parsing code into ASTs using libraries like Esprima, querying ASTs using libraries like grasp-equery, constructing and transforming ASTs, and generating code from ASTs. It introduces aster, an AST-based code builder that allows defining reusable AST transformations as plugins and integrating AST-based builds into generic build systems like Grunt and Gulp. Aster aims to improve on file-based builders by working directly with ASTs in a streaming fashion.
The document discusses various PHP wrappers that can be used to read and write data in non-standard ways and bypass security restrictions. It describes how wrappers like php://filter, zip://, and data:// can be used to read and write local files, modify file contents, bypass authentication, and perform XXE attacks. It also notes that filters in the php://filter wrapper can be used to selectively remove parts of file contents during I/O operations.
The document discusses deploying a Rails application to Amazon EC2. It explains that the goals are to launch an EC2 instance, connect to it, set up the environment, deploy the application, and profit. It then outlines the plan to launch an instance, connect to it, install necessary packages like Ruby, Rails, and Nginx, configure Nginx and Unicorn, deploy the application using Capistrano, and start the Unicorn process.
Writing and Publishing Puppet Modules - PuppetConf 2014Puppet
The document discusses best practices for writing and publishing Puppet modules. It covers module structure, writing manifests and templates, testing modules, publishing to the Forge, and maintaining modules over time. The overall goal is to create reusable modules that are portable, configurable and well-tested.
This document summarizes an overview of the ELK stack presented at LinuxCon Europe 2016. It discusses the components of ELK including Beats, Logstash, Elasticsearch, and Kibana. It provides examples of using these components to collect, parse, store, search, and visualize log data. Specific topics covered include collecting log files using Filebeat and Logstash, parsing logs with Logstash filters, visualizing data in Kibana, programming Elasticsearch with REST APIs and client libraries, and alerting using the open source ESWatcher tool.
Vagrant is a well-known tool for creating development environments in a simple and consistent way. Since we adopted in our organization we experienced several benefits: lower project setup times, better shared knowledge among team members, less wtf moments ;-)
In this session we’d like to share our experience, including but not limited to:advanced vagrantfile configurationvm configuration tips for dev environment: performance,
debug, tuning,
our wtf moments
puphet/phansilbe: hot or not?
packaging a box
All I Need to Know I Learned by Writing My Own Web FrameworkBen Scofield
Ben Scofield gave a talk at Rubyconf about building his own web framework called Athena from scratch. He discussed how starting small with a "Hello World" program and building up from there helped him learn about aspects of web development like RESTful design, routing, ORM/database integration, and exception handling in Ruby. He concluded by noting that there is always more to learn, and shared his GitHub page where the framework code can be found.
Slides from DevOps Pro, Vilnius, Lithuania.
Abstract: The wide adoption of configuration management and the increasing size and complexity of the associated code, prompt for assessing, maintaining, and improving the configuration code’s quality. We can leverage traditional software engineering knowledge and best practices to develop and maintain high quality configuration code. This talk brings the smell metaphor to configuration domain. This talk introduces configuration smells, their types with various examples, tools to detect them, and suggestions to refactor them.
Abstract:
This talk will introduce you to the concept of Kubernetes Volume plugins. We will not only help you understand the basic concepts, but more importantly, using practical examples, we will show how you can develop your own volume plugins and contribute them back to the community of the OSS project as large as Kubernetes.
We will conclude the talk by discussing various challenges one can come across when contributing to a high velocity OSS project of Kubernetes' size which can help you avoid the pain and enjoy the path.
Sched Link: http://sched.co/6BYB
This document summarizes Go project layout and practices for a Go web application project. It discusses folder structure, configuration management using environment variables and files, embedding assets, command line interfaces, testing practices including fixtures, and packages for common functions like errors, middleware, models and more.
Vagrant is a well-known tool for creating development environments in a simple and consistent way. Since we adopted in our organization we experienced several benefits: lower project setup times, better shared knowledge among team members, less wtf moments ;-)
In this session I'd like to share our experience, including but not limited to:
- advanced vagrantfile configuration
- vm configuration tips for dev environment: performance, debug, tuning
- our wtf moments
- puphet/phansilbe: hot or not?
- tips for sharing a box
My talk at FullStackFest, 4.9.2017. Become more familiar with managing infrastructure using Terraform, Packer and deployment pipeline. Code repository - https://github.com/antonbabenko/terraform-deployment-pipeline-talk
The document discusses how immutable infrastructure can be achieved through Puppet by treating systems configuration as code. Puppet allows defining systems in code and enforcing that state through automatic idempotent runs, compensating for inherent system mutability. This brings predictability to infrastructure and allows higher level operations by establishing a foundation of reliable, known states.
"Vagrant for real" by Michele Orselli
Vagrant is a well-known tool for creating development environments in a simple and consistent way. Since we adopted in our organization we experienced several benefits: lower project setup times, better shared knowledge among team members, less wtf moments ;-) In this session I’d like to share our experience, including but not limited to: - advanced vagrantfile configuration - vm configuration tips for dev environment: performance, debug, tuning - our wtf moments - puphet/phansilbe: hot or not? - tips for sharing a box
Vagrant is a well-known tool for creating development environments in a simple and consistent way. Since we adopted in our organization we experienced several benefits: lower project setup times, better shared knowledge among team members, less wtf moments ;-)
In this session I'd like to share our experience, including but not limited to:
- advanced vagrantfile configuration
- vm configuration tips for dev environment: performance, debug, tuning
- our wtf moments
- puphet/phansilbe: hot or not?
- tips for sharing a box
Puppet is an open source configuration management tool that can be used to automate the configuration and management of infrastructure and applications. It uses a client-server architecture and declarative language to define and enforce the desired state of systems. Other HashiCorp tools like Packer, Terraform, Vault and Nomad can integrate with Puppet for tasks like infrastructure provisioning, secrets management and workload orchestration. Bolt is a task orchestration tool from Puppet that can be used to automate operational tasks across infrastructure defined by tools like Terraform. Consul provides service discovery and configuration for the Puppet infrastructure.
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...Puppet
Here are the slides from David Lutterkort's PuppetConf 2016 presentation called The Challenges with Container Configuration. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Introducing containers into your infrastructure brings new capabilities, but also new challenges, in particular around configuration. This talk will take a look under the hood at some of those operational challenges including:
* The difference between runtime and build-time configuration, and the importance of relating the two together.
* Configuration drift, immutable mental models and mutable container file systems.
* Who configures the orchestrators?
* Emergent vs. model driven configuration.
In the process we will identify some common problems and talk about potential solutions.
Talk from PuppetConf 2016
4069180 Caching Performance Lessons From Facebookguoqing75
This document discusses techniques for improving caching performance at Facebook. It begins by explaining the benefits of caching for large sites and applications. It then describes the various caching layers Facebook uses, including globals caching, APC caching, memcached, and browser caching. It provides examples of how Facebook leverages these caches, such as caching parsed user agent strings, opcode caching with APC, and caching profile data in memcached. It also discusses challenges like cache invalidation between data centers and techniques for addressing them like caching proxies.
Explore the World of Cilium, Tetragon & eBPFRaphaël PINSON
Come explore the World of Cilium with us!
In this workshop, you'll have the opportunity to discover about Cilium and Tetragon, and the kernel technology that makes them possible, eBPF.
Through a collection of hands-on labs (available at https://labs-map.isovalent.com/) and the presenter's support, you'll be able to explore many topics covering Cloud Native Networking, Security, and Observability. In this gamified approach, you'll also be able to earn badges for completing labs.
Whether you're a Platform Engineer, SRE, Network Engineer, SecOps Professional, Cloud Architect, and more, you'll certainly find subjects to explore in this session!
eBPF is used in several cloud native security tools. In this talk we’ll dive into demos and code to explore how eBPF can be used for the next generation of security enforcement tooling. This talk will cover:
- Why enforcing NetworkPolicy with eBPF has been in place for years, but preventive security for applications has taken longer.
- How Phantom attacks can compromise the use of basic system call hooks.
- How other eBPF attachment points, such as BPF LSM, can be used for preventive security.
This document outlines an agenda for a workshop on Kubernetes networking with eBPF and Cilium. The workshop covers various topics including principles of eBPF and Cilium, Kubernetes networking, cluster mesh, security, observability, service mesh, and Tetragon. It provides overviews and examples for each topic. The workshop is presented by Raphaël Pinson who works on Cilium at Isovalent.
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdfRaphaël PINSON
eBPF (extended Berkeley Packet Filter) is a powerful and versatile technology that can be used to extend observability in Linux systems. In this talk, we will explore how eBPF can be used to bridge the gap between dev and ops by providing a deeper understanding of the kernel and OS internals as well as the applications running on top. We will discuss how eBPF can be used to extend observability downwards by enabling access to low-level system information and how it can be used to extend observability upwards by providing application-level tracing capabilities.
Cloud Native Bern 05.2023 — Zero Trust VisibilityRaphaël PINSON
As the adoption of Kubernetes continues to grow, so does the need for securing containerized applications and their data. One effective security model that has gained popularity is Zero Trust Networking, which assumes that all resources, devices and users are untrusted, and access to resources is granted only after proper authentication and authorization. However, implementing Zero Trust Networking in Kubernetes can be challenging, given the dynamic nature of containerized workloads and the complexity of network policies.
In this presentation, we will explore how to implement Zero Trust Networking in Kubernetes using Cilium, Hubble & Grafana. We will start by setting up Cilium on a Kubernetes cluster, which provides network security by enforcing identity-based access control policies using eBPF. Next, we will export Network Policy Verdict metrics using Hubble, which allows us to visualize network policies and track security events in real-time. Finally, we will use a Grafana dashboard to visualize these metrics and demonstrate how to secure a Kubernetes namespace without affecting existing traffic in the namespace.
By the end of this presentation, attendees will have a good understanding of the importance of Zero Trust Networking in Kubernetes and how to implement it using Cilium, Hubble & Grafana. They will also learn how to secure a Kubernetes namespace and monitor network policies using a Grafana dashboard.
DevOpsDays Zurich 2023 — Bridging Dev and Ops with eBPF: Extending Observabil...Raphaël PINSON
eBPF (extended Berkeley Packet Filter) is a powerful and versatile technology that can be used to extend observability in Linux systems. In this talk, we will explore how eBPF can be used to bridge the gap between dev and ops by providing a deeper understanding of the kernel and OS internals as well as the applications running on top. We will discuss how eBPF can be used to extend observability downwards by enabling access to low-level system information and how it can be used to extend observability upwards by providing application-level tracing capabilities.
De KubeCon à ContainerDays, eBPF a le vent en poupe dans le monde Cloud Native. Mais de quoi s’agit-il, pourquoi cette technologie est-elle révolutionnaire, et qu’est-ce qu’elle peut m’apporter concrètement?
À travers des exemples concrets appliqués aux domaines de l’observabilité, du réseau et de la sécurité, cette session explique les tenants d’eBPF et ses avantages concrets pour connecter et sécuriser les applications Cloud Native.
Vous y découvrirez comment démarrer votre aventure avec eBPF, avec des outils vous permettant de bénéficier de ses super-pouvoirs en toute simplicité.
From KubeCon to ContainerDays, eBPF is trendy in the Cloud Native world. What is eBPF, and why is it revolutionary, and what can it bring to you specifically?
Through concrete examples applied to observability, networking, and security, this talk will explain the principles of eBPF and its concrete advantages to connect and secure Cloud Native applications.
This talk will explain what is eBPF, why it is revolutionary is several fields, give examples of tools using eBPF and what they gain from it, and open up to the future of that technology.
Cloud Native Networking & Security with Cilium & eBPFRaphaël PINSON
This document summarizes a presentation about Cilium and eBPF. Cilium provides cloud native networking and security using eBPF. eBPF allows programs to run securely in the Linux kernel for networking, security, and observability. Cilium offers networking features like Kubernetes services, cluster mesh for multi-cluster connectivity, and platform integration. It also provides security using identity-based policies and API authorization. Observability features include flow visibility and service maps. Cilium can be used as a service mesh or with Tetragon for prevention capabilities without proxies.
2022 DevOpsDays Geneva — The Hare and the Tortoise.pdfRaphaël PINSON
The document discusses technical debt and strategies for managing it over time. It advocates for loose coupling between components using techniques like immutability, microservices, and standards. This distributes technical debt across teams and helps systems evolve more gradually over time like a tortoise, rather than taking on large debt quickly like a hare. The document recommends focusing on direction over speed and emphasizes the importance of stability, feedback, and continual learning to effectively manage technical debt.
Raphaël Pinson presented on implementing GitOps with the DevOps Stack. The DevOps Stack provides an opinionated Kubernetes stack that is deployed and managed using GitOps. It handles provisioning Kubernetes, integrating single sign-on, and managing observability tools through Argo CD. Argo CD syncs the cluster state with the desired manifests in Git, ensuring congruence. It also provides an interface for managing applications and templates. The DevOps Stack offers a standardized way to deploy common services and manage infrastructure as code.
The Hare and the Tortoise: Open Source, Standards & Technological DebtRaphaël PINSON
The document summarizes key points from a presentation about open source, standards, and technical debt. It discusses how technical debt can go unnoticed but must eventually be paid back, and how following standards helps avoid issues related to not invented here syndrome. It also covers topics like loose coupling through immutability, team topologies as related to code ownership and debt dilution, and how public cloud can help delegate technical debt but introduce new dependencies. Throughout, it emphasizes that the important thing is not speed but direction when it comes to reducing technical debt over time.
The document discusses DevOps Stack, an open source project that provides tools and examples for deploying infrastructure as code using technologies like Puppet, Terraform, and Kubernetes. It provides an overview of the project and links to its website, GitHub, and similar projects. The document encourages joining the CampToCamp team behind DevOps Stack.
YAML Engineering: why we need a new paradigmRaphaël PINSON
YAML has become the de-facto standard to express resources in many fields linked to DevOps practices. What are YAML’s strengths and weaknesses, and what are the other options going forward?
Container Security: a toolchain for automatic image rebuildsRaphaël PINSON
Containers and Kubernetes have revolutionized the way applications are deployed at scale. This new approach, along with the use of CI/CD for deployment automation, brings new challenges, in particular when it comes to security, as containers are static artifacts that require rebuilding and redeployment in order to perform updates.
This talk will demonstrate how to set up an automated CI/CD pipeline to deploy applications on Kubernetes using OpenShift and GitLab, so that updates of public base images trigger rebuilds and deployments of derivative containers. It will also show how static image analysis can be plugged into the pipeline to increase application security.
K9s - Kubernetes CLI To Manage Your Clusters In StyleRaphaël PINSON
This document discusses K9s, a rich Kubernetes client that provides a VIM-like interface for interacting with Kubernetes clusters. K9s does not require in-cluster installation but is instead a standalone Golang binary. It allows viewing and filtering Kubernetes resources, logs, port forwarding, and more through an intuitive interface with key bindings. Plugins can add additional functionality and views can be customized through skins defined in YAML.
This document discusses setting up ArgoCD, an open source tool for continuous delivery for Kubernetes applications, including building and testing source code, deploying Docker images to a registry, and using ArgoCD to apply configuration definitions and deploy applications. It also provides links to additional Dev.to posts and GitHub projects about using Kustomize and secrets management with ArgoCD.
Containers have become a great facility to easily deploy applications, whether locally or on orchestrated clusters.
However, containers are ephemeral, meaning their data should be stored externally. When possible, they can be stored using databases or object storage. Most often though, you will need to resort to using data volumes, mounted inside your containers. How then can be perform a backup of this data?
Everyone who has been using Puppet with a self-signed CA for over 5 years knows that dreaded time: the time when the CA and client certificates must be renewed.
This talk will present the ways to ease CA renewal, and present a new approach to renew Puppet client certificates in a secure and automated way.
Installing a Puppet Configuration Management system always starts with setting up the Puppet Master infrastructure. This is a complex task. Various installers exist, and managing the infrastructure on the long run isn't an easy task either.
At Camptocamp, we have decided to containerize the whole Puppet server stack to deploy it without the help of Puppet, and ease its scaling and updating. This talk outlines our journey and the benefits we got from this setup.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Project Management Semester Long Project - Acuityjpupo2018
Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Webinar: Designing a schema for a Data WarehouseFederico Razzoli
Are you new to data warehouses (DWH)? Do you need to check whether your data warehouse follows the best practices for a good design? In both cases, this webinar is for you.
A data warehouse is a central relational database that contains all measurements about a business or an organisation. This data comes from a variety of heterogeneous data sources, which includes databases of any type that back the applications used by the company, data files exported by some applications, or APIs provided by internal or external services.
But designing a data warehouse correctly is a hard task, which requires gathering information about the business processes that need to be analysed in the first place. These processes must be translated into so-called star schemas, which means, denormalised databases where each table represents a dimension or facts.
We will discuss these topics:
- How to gather information about a business;
- Understanding dictionaries and how to identify business entities;
- Dimensions and facts;
- Setting a table granularity;
- Types of facts;
- Types of dimensions;
- Snowflakes and how to avoid them;
- Expanding existing dimensions and facts.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
4. What is the need?
● A lot of different syntaxes
● Securely editing configuration files with a
unified API
www.camptocamp.com / 4/38
5. A tree
Augeas turns configuration files into a tree
structure:
/etc/hosts -> /files/etc/hosts
www.camptocamp.com / 5/38
6. Its branches and leaves
... and their parameters into branches and leaves:
augtool> print /files/etc/hosts
/files/etc/hosts
/files/etc/hosts/1
/files/etc/hosts/1/ipaddr = "127.0.0.1"
/files/etc/hosts/1/canonical = "localhost"
www.camptocamp.com / 6/38
8. ... as well as generic lenses
available to build new parsers:
Build Sep Simplelines
IniFile Shellvars Simplevars
Rx Shellvars_list Util
www.camptocamp.com / 8/38
9. augtool lets you inspect the tree
$ augtool
augtool> ls /
augeas/ = (none)
files/ = (none)
augtool> print /files/etc/passwd/root/
/files/etc/passwd/root
/files/etc/passwd/root/password = "x"
/files/etc/passwd/root/uid = "0"
/files/etc/passwd/root/gid = "0"
/files/etc/passwd/root/name = "root"
/files/etc/passwd/root/home = "/root"
/files/etc/passwd/root/shell = "/bin/bash"
www.camptocamp.com / 9/38
10. The tree can be queried using XPath
augtool> print /files/etc/passwd/*[uid='0'][1]
/files/etc/passwd/root
/files/etc/passwd/root/password = "x"
/files/etc/passwd/root/uid = "0"
/files/etc/passwd/root/gid = "0"
/files/etc/passwd/root/name = "root"
/files/etc/passwd/root/home = "/root"
/files/etc/passwd/root/shell = "/bin/bash"
www.camptocamp.com / 10/38
11. But also modified
$ getent passwd root
root:x:0:0:root:/root:/bin/bash
$ augtool
augtool> set /files/etc/passwd/*[uid='0']/shell /bin/sh
augtool> match /files/etc/passwd/*[uid='0']/shell
/files/etc/passwd/root/shell = "/bin/sh"
augtool> save
Saved 1 file(s)
augtool> exit
$ getent passwd root
root:x:0:0:root:/root:/bin/sh
www.camptocamp.com / 11/38
15. ... and uses it for discovery
$ mco find -S "augeas_match(/files/etc/passwd/rip).size = 0"
www.camptocamp.com / 15/38
16. Bindings include Perl, Python, Java,
PHP, Haskell, Ruby...
require 'augeas'
aug = Augeas.open
if aug.match('/augeas/load'+lens).length > 0
aug.set('/augeas/load/'+lens+'incl[last()+1]', path)
else
aug.set('/augeas/load/'+lens+'/lens', lens+'.lns')
end
(From the mcollective agent)
www.camptocamp.com / 16/38
17. The Ruby bindings can be used in Facter
Facter.add(:augeasversion) do
setcode do
begin
require 'augeas'
aug = Augeas::open('/', nil, Augeas::NO_MODL_AUTOLOAD)
ver = aug.get('/augeas/version')
aug.close
ver
rescue Exception
Facter.debug('ruby-augeas not available')
end
end
end
(From the augeasversion fact)
www.camptocamp.com / 17/38
18. Or to write native types
def ip
aug = nil
path = "/files#{self.class.file(resource)}"
begin
aug = self.class.augopen(resource)
aug.get("#{path}/*[canonical =
'#{resource[:name]}']/ipaddr")
ensure
aug.close if aug
end
end
(See https://github.com/domcleal/augeasproviders)
www.camptocamp.com / 18/38
19. The case of sshd_config
Custom type:
define ssh::config::sshd ($ensure='present', $value='') {
case $ensure {
'present': { $changes = "set ${name} ${value}" }
'absent': { $changes = "rm ${name}" }
'default': { fail("Wrong value for ensure: ${ensure}") }
}
augeas {"Set ${name} in /etc/ssh/sshd_config":
context => '/files/etc/ssh/sshd_config',
changes => $changes,
}
}
www.camptocamp.com / 19/38
20. Using the custom type for sshd_config
ssh::config::sshd {'PasswordAuthenticator':
value => 'yes',
}
www.camptocamp.com / 20/38
21. The problem with sshd_config
Match groups:
Match Host example.com
PermitRootLogin no
=> Not possible with ssh::config::sshd, requires
insertions and looping through the configuration
parameters.
www.camptocamp.com / 21/38
22. A native provider for sshd_config (1)
The type:
Puppet::Type.newtype(:sshd_config) do
ensurable
newparam(:name) do
desc "The name of the entry."
isnamevar
end
newproperty(:value) do
desc "Entry value."
end
newproperty(:target) do
desc "File target."
end
newparam(:condition) do
desc "Match group condition for the entry."
end
end
www.camptocamp.com / 22/38
23. A native provider for sshd_config (2)
The provider:
require 'augeas' if Puppet.features.augeas?
Puppet::Type.type(:sshd_config).provide(:augeas) do
desc "Uses Augeas API to update an sshd_config parameter"
def self.file(resource = nil)
file = "/etc/ssh/sshd_config"
file = resource[:target] if resource and resource[:target]
file.chomp("/")
end
confine :true => Puppet.features.augeas?
confine :exists => file
www.camptocamp.com / 23/38
24. A native provider for sshd_config (3)
def self.augopen(resource = nil)
aug = nil
file = file(resource)
begin
aug = Augeas.open(nil, nil, Augeas::NO_MODL_AUTOLOAD)
aug.transform(
:lens => "Sshd.lns",
:name => "Sshd",
:incl => file
)
aug.load!
if aug.match("/files#{file}").empty?
message = aug.get("/augeas/files#{file}/error/message")
fail("Augeas didn't load #{file}: #{message}")
end
rescue
aug.close if aug
raise
end
aug
end
www.camptocamp.com / 24/38
25. A native provider for sshd_config (4)
def self.instances
aug = nil
path = "/files#{file}"
entry_path = self.class.entry_path(resource)
begin
resources = []
aug = augopen
aug.match(entry_path).each do |hpath|
entry = {}
entry[:name] = resource[:name]
entry[:conditions] = Hash[*resource[:condition].split(' ').flatten(1)]
entry[:value] = aug.get(hpath)
resources << new(entry)
end
resources
ensure
aug.close if aug
end
end
www.camptocamp.com / 25/38
26. A native provider for sshd_config (5)
def self.match_conditions(resource=nil)
if resource[:condition]
conditions = Hash[*resource[:condition].split(' ').flatten(1)]
cond_keys = conditions.keys.length
cond_str = "[count(Condition/*)=#{cond_keys}]"
conditions.each { |k,v| cond_str += "[Condition/#{k}="#{v}"]" }
cond_str
else
""
end
end
def self.entry_path(resource=nil)
path = "/files#{self.file(resource)}"
if resource[:condition]
cond_str = self.match_conditions(resource)
"#{path}/Match#{cond_str}/Settings/#{resource[:name]}"
else
"#{path}/#{resource[:name]}"
end
end
www.camptocamp.com / 26/38
27. A native provider for sshd_config (6)
def self.match_exists?(resource=nil)
aug = nil
path = "/files#{self.file(resource)}"
begin
aug = self.augopen(resource)
if resource[:condition]
cond_str = self.match_conditions(resource)
else
false
end
not aug.match("#{path}/Match#{cond_str}").empty?
ensure
aug.close if aug
end
end
www.camptocamp.com / 27/38
28. A native provider for sshd_config (7)
def exists?
aug = nil
entry_path = self.class.entry_path(resource)
begin
aug = self.class.augopen(resource)
not aug.match(entry_path).empty?
ensure
aug.close if aug
end
end
def self.create_match(resource=nil, aug=nil)
path = "/files#{self.file(resource)}"
begin
aug.insert("#{path}/*[last()]", "Match", false)
conditions = Hash[*resource[:condition].split(' ').flatten(1)]
conditions.each do |k,v|
aug.set("#{path}/Match[last()]/Condition/#{k}", v)
end
aug
end
end
www.camptocamp.com / 28/38
29. A native provider for sshd_config (8)
def create
aug = nil
path = "/files#{self.class.file(resource)}"
entry_path = self.class.entry_path(resource)
begin
aug = self.class.augopen(resource)
if resource[:condition]
unless self.class.match_exists?(resource)
aug = self.class.create_match(resource, aug)
end
else
unless aug.match("#{path}/Match").empty?
aug.insert("#{path}/Match[1]", resource[:name], true)
end
end
aug.set(entry_path, resource[:value])
aug.save!
ensure
aug.close if aug
end
end
www.camptocamp.com / 29/38
30. A native provider for sshd_config (9)
def destroy
aug = nil
path = "/files#{self.class.file(resource)}"
begin
aug = self.class.augopen(resource)
entry_path = self.class.entry_path(resource)
aug.rm(entry_path)
aug.rm("#{path}/Match[count(Settings/*)=0]")
aug.save!
ensure
aug.close if aug
end
end
def target
self.class.file(resource)
end
www.camptocamp.com / 30/38
31. A native provider for sshd_config (10)
def value
aug = nil
path = "/files#{self.class.file(resource)}"
begin
aug = self.class.augopen(resource)
entry_path = self.class.entry_path(resource)
aug.get(entry_path)
ensure
aug.close if aug
end
end
www.camptocamp.com / 31/38
32. A native provider for sshd_config (11)
def value=(thevalue)
aug = nil
path = "/files#{self.class.file(resource)}"
begin
aug = self.class.augopen(resource)
entry_path = self.class.entry_path(resource)
aug.set(entry_path, thevalue)
aug.save!
ensure
aug.close if aug
end
end
www.camptocamp.com / 32/38
33. Using the native provider for
sshd_config
sshd_config {'PermitRootLogin':
ensure => present,
condition => 'Host example.com',
value => 'yes',
}
www.camptocamp.com / 33/38
34. Errors are reported in the /augeas tree
augtool> print /augeas//error
/augeas/files/etc/mke2fs.conf/error = "parse_failed"
/augeas/files/etc/mke2fs.conf/error/pos = "82"
/augeas/files/etc/mke2fs.conf/error/line = "3"
/augeas/files/etc/mke2fs.conf/error/char = "0"
/augeas/files/etc/mke2fs.conf/error/lens =
"/usr/share/augeas/lenses/dist/mke2fs.aug:132.10-.49:"
/augeas/files/etc/mke2fs.conf/error/message =
"Get did not match entire input"
www.camptocamp.com / 34/38