In this talk at the Sydney CoreOS meetup, I took the audience through:
a) Installation of CoreOS using VirtualBox and Vagrant
b) Items to consider when containerising your platform
c) Deploying wordpress across a CoreOS cluster.
Configure Webserver & SSL secure & redirect in SuSE Linux EnterpriseTola LENG
In this chapter you will be able:
-How to install webserver in suse linux server
-How to configure webserver
-How to hosting website and web application
-How to configure secure connection (SSL, Redirect)
1. The document provides instructions for configuring iptables firewall rules on a SUSE Linux server to set up a network with internal servers and clients.
2. It outlines steps to allow specific services and access between servers and clients like SSH, DNS, file sharing, remote desktop, and internet access.
3. The configuration includes setting up masquerading and destination NAT rules to enable connectivity and allow internal clients to access the internet through the firewall server.
This document provides installation instructions for Component Pack 6.0.0.6 across three servers. It details preparing the system by opening required firewall ports, installing prerequisites like Docker and Kubernetes, initializing the master node, joining worker nodes, and installing Helm. It also covers tasks like creating persistent volumes, labeling worker nodes for Elasticsearch, pushing images to the Docker registry, bootstrapping the Kubernetes cluster, and installing the Component Pack connections-env.
The document provides instructions for compiling a custom Linux kernel and adding a new system call. It describes creating a new partition, mounting it, extracting and compiling the kernel source code. It also details adding a new system call to return a unique ID, including modifying configuration files, implementing the system call code, and testing the new system call. After compiling the kernel, the instructions describe installing modules, creating an initramfs, copying kernel files to the boot directory, and configuring GRUB to boot the new kernel.
Spring MVC - Wiring the different layersIlio Catallo
The presentation focuses on the problem of wiring the different layers of a Spring MVC Web application. More precisely, the presentation explains how to wire the presentation layer (made of Spring MVC controllers) with the service and persistence objects. To this end, the slides first explain how to create the so called back-end (a.k.a. root) container, which will host the persistence and the service objects. Second, the @Repository and @Service annotations are introduced, which permit the framework to auto-discover the application beans. Finally, it is discussed how to wire such beans, through the usage of either the Spring-specific @Autowired annotation or the JEE @Inject annotation.
An introduction to the basics of the Spring MVC Web framework. The concepts of front controller, controller (handler), model and view are introduced. The whole processing pipeline is discussed, with an in-depth description of the HandlerMapping and ViewResolver strategy interfaces. The alternative representations of the Model (Map, Model and ModelMap) are presented.
How to process request parameters with the Spring MVC framework. Namely, the presentation tackles the three primary concerns when dealing with request parameters: data binding, data buffering and data validation. To this end, the Bean Validation API (JSR-303) is discussed, and the concept of MessageSource for localized error messages is introduced. Moreover, The Post/Redirect/Get (PRG) pattern is presented along with a possible implementation strategy.
Configure Webserver & SSL secure & redirect in SuSE Linux EnterpriseTola LENG
In this chapter you will be able:
-How to install webserver in suse linux server
-How to configure webserver
-How to hosting website and web application
-How to configure secure connection (SSL, Redirect)
1. The document provides instructions for configuring iptables firewall rules on a SUSE Linux server to set up a network with internal servers and clients.
2. It outlines steps to allow specific services and access between servers and clients like SSH, DNS, file sharing, remote desktop, and internet access.
3. The configuration includes setting up masquerading and destination NAT rules to enable connectivity and allow internal clients to access the internet through the firewall server.
This document provides installation instructions for Component Pack 6.0.0.6 across three servers. It details preparing the system by opening required firewall ports, installing prerequisites like Docker and Kubernetes, initializing the master node, joining worker nodes, and installing Helm. It also covers tasks like creating persistent volumes, labeling worker nodes for Elasticsearch, pushing images to the Docker registry, bootstrapping the Kubernetes cluster, and installing the Component Pack connections-env.
The document provides instructions for compiling a custom Linux kernel and adding a new system call. It describes creating a new partition, mounting it, extracting and compiling the kernel source code. It also details adding a new system call to return a unique ID, including modifying configuration files, implementing the system call code, and testing the new system call. After compiling the kernel, the instructions describe installing modules, creating an initramfs, copying kernel files to the boot directory, and configuring GRUB to boot the new kernel.
Spring MVC - Wiring the different layersIlio Catallo
The presentation focuses on the problem of wiring the different layers of a Spring MVC Web application. More precisely, the presentation explains how to wire the presentation layer (made of Spring MVC controllers) with the service and persistence objects. To this end, the slides first explain how to create the so called back-end (a.k.a. root) container, which will host the persistence and the service objects. Second, the @Repository and @Service annotations are introduced, which permit the framework to auto-discover the application beans. Finally, it is discussed how to wire such beans, through the usage of either the Spring-specific @Autowired annotation or the JEE @Inject annotation.
An introduction to the basics of the Spring MVC Web framework. The concepts of front controller, controller (handler), model and view are introduced. The whole processing pipeline is discussed, with an in-depth description of the HandlerMapping and ViewResolver strategy interfaces. The alternative representations of the Model (Map, Model and ModelMap) are presented.
How to process request parameters with the Spring MVC framework. Namely, the presentation tackles the three primary concerns when dealing with request parameters: data binding, data buffering and data validation. To this end, the Bean Validation API (JSR-303) is discussed, and the concept of MessageSource for localized error messages is introduced. Moreover, The Post/Redirect/Get (PRG) pattern is presented along with a possible implementation strategy.
The document provides instructions for setting up a Bacula backup system. It discusses installing Bacula and its components, configuring the director, storage daemon, and file daemon. It describes setting passwords, creating a backup pool and schedule, and configuring a client. Specific configuration files are edited to configure the director, storage daemon, file daemon, and set addresses, passwords and other settings. Commands are provided to start services, run backups and restores, and check configurations for errors. The goal is to have a working Bacula system that can back up and restore a client on a scheduled basis.
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...Redis Labs
This document discusses using a message broker called Cobra for publishing analytics data from clients. It describes how publishers can send data to Cobra using WebSockets and how Cobra uses Redis for its pub/sub functionality. Subscribers can then connect to Cobra and write filters in a SQL-like language to select subsets of data from specific channels. The document provides examples of deploying the system on OpenShift and using tools like Neo, Grafana, Sentry and Tableau as subscribers to visualize and explore the analytics data.
The document outlines the configuration of a network including a LAN server and LAN client. It describes setting up Active Directory, DNS, DHCP services on the LAN server with IP scopes and reservations. It also covers installing DHCP relay on the server to facilitate IP addressing between the server and LAN client subnet, as well as allowing users to access file shares, join the domain, and login with Active Directory credentials.
This document summarizes a talk given at ApacheCon 2015 about replacing Squid with ATS (Apache Traffic Server) as the proxy server at Yahoo. It discusses the history of using Squid at Yahoo, limitations with Squid that prompted the switch to ATS, key differences in configuration between the two systems, examples of forwarding and reverse proxy use cases, and learnings around managing open source projects and migration testing.
Basic Security
@ Updates
-Update manager
-Enable automatic security updates(Update Setting)
=> Super windows => type the key word (System Setting) =>
@ Firewall
-In Ubuntu all ports are block by default
-Default firewall-ufw (turned off by default)
+sudo ufw status
+sudo ufw enable/disable
-Firestarter for graphical interface (recommanded)
+sudo apt-get install firestarter
+Preferences
@ User Accounts
-User & Groups
+Disable user guest
-Do not use root user (Disable by default)
+sudo passwd
+sudo passwd -l root (disable/changed expiry password)
-Use sudo instead of root (/etc/sudoers)
+sudo visudo OR sudo gedit /etc/sudoers(To set the privilege user authorized)
+sudo adduser tolaleng sudo
-Deleting Users
+sudo deluser canamall
-Removing world readable permission to home directory
+sudo chmod 0750 /home/username
-Locking/Unlocking user
+sudo passwd -l username (enable user expiry)
+sudo passwd -u username (disable user expiry)
-passwords
+sudo chage canamall (Set the password expiration)
+sudo chage-l canamall (show the password expiration)
@ Antivirus
-Clam TK (Under Accessories), other anti-virus
@ Unistall Applications
-Ubuntu Software Center-> Installed software section-> Select application and click remove
@ Processes
-To see processes
+ps aux or top
+system monitor(cacti, nagios,)
-
@ Logs
-Some of logs
+ /var/log/messages : general log messages
+ /var/log/boot : system boot log
+ /var/log/debug/ : debugging log messages
+ /var/log/auth.log : user login and authentication logs
+ /var/log/daemon.log : running services such as squid,ntpd and other log message to this file
+ /var/log/kern.log : kernel log file
-Viewing logs
+ tail, more, cat, less, grep
+ GNOME system log viewer
@Firewall
ufw
=> Security Host
* Create Standard User and enable user passwd (complexity password, strong passwd, passwd expired, invalid day of passwd, Lock and Unlock user, disable user Guest, )
* Secure remote network and host
-Telnet(Secure with the host and address connection)
-SSH (Secure with the authentication encryption key)
=> Security Backup (Data Hosting)
*Make a Full Backup of Your Machine
-Aptik (backup application)
-rsync (Remote synce)
-Gsync (Remote)
-Amanda
-Rsnapshot
Tola.leng mail server (sq_mail & rcmail)_q5_Tola LENG
The document discusses the steps to configure a mail server with Postfix and Dovecot on CentOS. It covers installing and configuring DNS, Postfix, Dovecot, Squirrelmail and Roundcube webmail clients. Authentication is enabled using LDAP. SSL/TLS encryption is configured for secure mail delivery. Troubleshooting tips and tests are provided to ensure proper send/receive functionality.
The document describes Yahoo's failsafe mechanism for its homepage using Apache Storm and Apache Traffic Server. The key points are:
1. The failsafe architecture uses AWS components like EC2, ELB, S3 and autoscaling to serve traffic from failsafe servers if the primary servers fail.
2. Apache Traffic Server is used as a caching proxy between the user and origin servers. The "Escalate" plugin in ATS fetches content from failsafe servers if the origin server response is not good.
3. Apache Storm Crawler crawls content for different devices and maps URLs to the failsafe domain for storage in S3 with query parameters in the path. This provides more relevant fail
Functional Reactive Programming with Kotlin on Android - Giorgio Natili - Cod...Codemotion
The document provides an overview of a talk on Functional Reactive Programming (FRP) and Kotlin. The key points covered include:
- An introduction to FRP as a programming paradigm focused on reacting to streams of data changes.
- Examples of FRP concepts like streams, functions composition, and reactive extensions operators like flatMap, scan, groupBy, and debounce.
- An overview of Kotlin features like data classes, nullable types, default arguments, lambdas, and extension functions.
- How RxKotlin allows combining FRP and Android using Observables to handle user input and events in a reactive way.
System Engineer: OpenLDAP and Samba ServerTola LENG
1. The document describes how to set up an OpenLDAP server and Samba domain controller with a GUI. It includes steps to install LDAP services, create the LDAP server, add users, and join clients to the domain.
2. Configuration files are also used to combine Samba and OpenLDAP to allow Windows clients to join the domain. Folders are shared and permissions are set for domain user groups.
3. The Openfire chat software is installed on the LDAP server and configured to use LDAP for user authentication, allowing domain users to chat.
DNS windows server(2008R2) & linux(SLES 11)Tola LENG
In this practice you will be able:
-Configure Primary DNS and Secondary DNS
-Configure DNS zone transter
-DNS Delegation
-DNS Security zone transfer
-Configure also Linux(Sles 11) and Windows Server 2008R2
ArcBlock's Technical Learning Series Presents: Intro to HTTP/2.
You may not know that your browser supports HTTP/2 long times ago. What exactly is HTTP/2? What's the difference between HTTP/2 and HTTP? Why do we even need HTTP2/? What can we do with HTTP/2's new feature? This talk is all about HTTP/2, also we will demonstrate how to write a simple HTTP/2 client in 33 lines of code.
HTTP/2早在2015年就被互联网工程任务小组制定为标准,我们用的浏览器其实早就悄悄支持HTTP/2了。HTTP/2到底比HTTP/1.1好在哪里?关于HTTP/2我需要知道什么?听说HTTP/3快要出了现在才讲HTTP/2是不是有点晚?这篇讲座将解答您的这些问题。另外我们也会现场演示如何用33行代码写一个最简单的HTTP/2客户端。"
The document provides instructions for setting up a Kubernetes cluster with one master node and one worker node on VirtualBox. It outlines the system requirements for the nodes, describes how to configure the networking and hostnames, install Docker and Kubernetes, initialize the master node with kubeadm init, join the worker node with kubeadm join, and deploy a test pod. It also includes commands to check the cluster status and remove existing Docker installations.
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers.
The talk will continue with a demo showing how to build your own simple overlay using these technologies.
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers.
The talk will continue with a demo showing how to build your own simple overlay using these technologies.
-Configure DHCP (Create LAN Server and LAN Client) on Windows Server 2008R2
-Configure Relay on SuSE Linux Enterprise Server 11
-Allow Client Use DHCP IP for each LAN
How to configure IPA-Server & Client-Centos 7Tola LENG
The document provides steps for configuring an IPA-Server on Centos 7, which includes assigning an IP address, downloading and installing IPA server services, and configuring the freeIPA server and client. It notes that the IP address must be assigned manually along with the DNS, gateway, and subnet mask.
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers. The talk will continue with a demo showing how to build your own simple overlay using these technologies. Finally, it will show how we can dynamically distribute IP and MAC information to every hosts in the overlay using BGP EVPN
Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...Puppet
The document discusses managing trusted instances in the cloud. It outlines the problem of verifying instances provisioned in the cloud are legitimate. It then provides an overview of a solution where instances generate certificate signing requests with metadata upon launch, and a puppetmaster signs the requests after verifying the instance information with the cloud provider API. Signed certificates are returned to the instances containing the metadata, allowing the instances to be identified and classified in puppet configurations.
Couch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean WinnTrevor Roberts Jr.
Tuesday, August 13th session of the vBrownBag OpenStack Sack Lunch Series: Couch to OpenStack. With Sean Winn's help, we cover Neutron, the OpenStack Networking Service formerly known as Quantum. Neutron configures network access and services for your OpenStack instances. Credit to Ken Pepple for the OpenStack Project Diagram, and to Dan Wendlandt and the VMware Team for the workflow used in the lab
The document provides instructions for setting up a Bacula backup system. It discusses installing Bacula and its components, configuring the director, storage daemon, and file daemon. It describes setting passwords, creating a backup pool and schedule, and configuring a client. Specific configuration files are edited to configure the director, storage daemon, file daemon, and set addresses, passwords and other settings. Commands are provided to start services, run backups and restores, and check configurations for errors. The goal is to have a working Bacula system that can back up and restore a client on a scheduled basis.
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...Redis Labs
This document discusses using a message broker called Cobra for publishing analytics data from clients. It describes how publishers can send data to Cobra using WebSockets and how Cobra uses Redis for its pub/sub functionality. Subscribers can then connect to Cobra and write filters in a SQL-like language to select subsets of data from specific channels. The document provides examples of deploying the system on OpenShift and using tools like Neo, Grafana, Sentry and Tableau as subscribers to visualize and explore the analytics data.
The document outlines the configuration of a network including a LAN server and LAN client. It describes setting up Active Directory, DNS, DHCP services on the LAN server with IP scopes and reservations. It also covers installing DHCP relay on the server to facilitate IP addressing between the server and LAN client subnet, as well as allowing users to access file shares, join the domain, and login with Active Directory credentials.
This document summarizes a talk given at ApacheCon 2015 about replacing Squid with ATS (Apache Traffic Server) as the proxy server at Yahoo. It discusses the history of using Squid at Yahoo, limitations with Squid that prompted the switch to ATS, key differences in configuration between the two systems, examples of forwarding and reverse proxy use cases, and learnings around managing open source projects and migration testing.
Basic Security
@ Updates
-Update manager
-Enable automatic security updates(Update Setting)
=> Super windows => type the key word (System Setting) =>
@ Firewall
-In Ubuntu all ports are block by default
-Default firewall-ufw (turned off by default)
+sudo ufw status
+sudo ufw enable/disable
-Firestarter for graphical interface (recommanded)
+sudo apt-get install firestarter
+Preferences
@ User Accounts
-User & Groups
+Disable user guest
-Do not use root user (Disable by default)
+sudo passwd
+sudo passwd -l root (disable/changed expiry password)
-Use sudo instead of root (/etc/sudoers)
+sudo visudo OR sudo gedit /etc/sudoers(To set the privilege user authorized)
+sudo adduser tolaleng sudo
-Deleting Users
+sudo deluser canamall
-Removing world readable permission to home directory
+sudo chmod 0750 /home/username
-Locking/Unlocking user
+sudo passwd -l username (enable user expiry)
+sudo passwd -u username (disable user expiry)
-passwords
+sudo chage canamall (Set the password expiration)
+sudo chage-l canamall (show the password expiration)
@ Antivirus
-Clam TK (Under Accessories), other anti-virus
@ Unistall Applications
-Ubuntu Software Center-> Installed software section-> Select application and click remove
@ Processes
-To see processes
+ps aux or top
+system monitor(cacti, nagios,)
-
@ Logs
-Some of logs
+ /var/log/messages : general log messages
+ /var/log/boot : system boot log
+ /var/log/debug/ : debugging log messages
+ /var/log/auth.log : user login and authentication logs
+ /var/log/daemon.log : running services such as squid,ntpd and other log message to this file
+ /var/log/kern.log : kernel log file
-Viewing logs
+ tail, more, cat, less, grep
+ GNOME system log viewer
@Firewall
ufw
=> Security Host
* Create Standard User and enable user passwd (complexity password, strong passwd, passwd expired, invalid day of passwd, Lock and Unlock user, disable user Guest, )
* Secure remote network and host
-Telnet(Secure with the host and address connection)
-SSH (Secure with the authentication encryption key)
=> Security Backup (Data Hosting)
*Make a Full Backup of Your Machine
-Aptik (backup application)
-rsync (Remote synce)
-Gsync (Remote)
-Amanda
-Rsnapshot
Tola.leng mail server (sq_mail & rcmail)_q5_Tola LENG
The document discusses the steps to configure a mail server with Postfix and Dovecot on CentOS. It covers installing and configuring DNS, Postfix, Dovecot, Squirrelmail and Roundcube webmail clients. Authentication is enabled using LDAP. SSL/TLS encryption is configured for secure mail delivery. Troubleshooting tips and tests are provided to ensure proper send/receive functionality.
The document describes Yahoo's failsafe mechanism for its homepage using Apache Storm and Apache Traffic Server. The key points are:
1. The failsafe architecture uses AWS components like EC2, ELB, S3 and autoscaling to serve traffic from failsafe servers if the primary servers fail.
2. Apache Traffic Server is used as a caching proxy between the user and origin servers. The "Escalate" plugin in ATS fetches content from failsafe servers if the origin server response is not good.
3. Apache Storm Crawler crawls content for different devices and maps URLs to the failsafe domain for storage in S3 with query parameters in the path. This provides more relevant fail
Functional Reactive Programming with Kotlin on Android - Giorgio Natili - Cod...Codemotion
The document provides an overview of a talk on Functional Reactive Programming (FRP) and Kotlin. The key points covered include:
- An introduction to FRP as a programming paradigm focused on reacting to streams of data changes.
- Examples of FRP concepts like streams, functions composition, and reactive extensions operators like flatMap, scan, groupBy, and debounce.
- An overview of Kotlin features like data classes, nullable types, default arguments, lambdas, and extension functions.
- How RxKotlin allows combining FRP and Android using Observables to handle user input and events in a reactive way.
System Engineer: OpenLDAP and Samba ServerTola LENG
1. The document describes how to set up an OpenLDAP server and Samba domain controller with a GUI. It includes steps to install LDAP services, create the LDAP server, add users, and join clients to the domain.
2. Configuration files are also used to combine Samba and OpenLDAP to allow Windows clients to join the domain. Folders are shared and permissions are set for domain user groups.
3. The Openfire chat software is installed on the LDAP server and configured to use LDAP for user authentication, allowing domain users to chat.
DNS windows server(2008R2) & linux(SLES 11)Tola LENG
In this practice you will be able:
-Configure Primary DNS and Secondary DNS
-Configure DNS zone transter
-DNS Delegation
-DNS Security zone transfer
-Configure also Linux(Sles 11) and Windows Server 2008R2
ArcBlock's Technical Learning Series Presents: Intro to HTTP/2.
You may not know that your browser supports HTTP/2 long times ago. What exactly is HTTP/2? What's the difference between HTTP/2 and HTTP? Why do we even need HTTP2/? What can we do with HTTP/2's new feature? This talk is all about HTTP/2, also we will demonstrate how to write a simple HTTP/2 client in 33 lines of code.
HTTP/2早在2015年就被互联网工程任务小组制定为标准,我们用的浏览器其实早就悄悄支持HTTP/2了。HTTP/2到底比HTTP/1.1好在哪里?关于HTTP/2我需要知道什么?听说HTTP/3快要出了现在才讲HTTP/2是不是有点晚?这篇讲座将解答您的这些问题。另外我们也会现场演示如何用33行代码写一个最简单的HTTP/2客户端。"
The document provides instructions for setting up a Kubernetes cluster with one master node and one worker node on VirtualBox. It outlines the system requirements for the nodes, describes how to configure the networking and hostnames, install Docker and Kubernetes, initialize the master node with kubeadm init, join the worker node with kubeadm join, and deploy a test pod. It also includes commands to check the cluster status and remove existing Docker installations.
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers.
The talk will continue with a demo showing how to build your own simple overlay using these technologies.
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers.
The talk will continue with a demo showing how to build your own simple overlay using these technologies.
-Configure DHCP (Create LAN Server and LAN Client) on Windows Server 2008R2
-Configure Relay on SuSE Linux Enterprise Server 11
-Allow Client Use DHCP IP for each LAN
How to configure IPA-Server & Client-Centos 7Tola LENG
The document provides steps for configuring an IPA-Server on Centos 7, which includes assigning an IP address, downloading and installing IPA server services, and configuring the freeIPA server and client. It notes that the IP address must be assigned manually along with the DNS, gateway, and subnet mask.
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers. The talk will continue with a demo showing how to build your own simple overlay using these technologies. Finally, it will show how we can dynamically distribute IP and MAC information to every hosts in the overlay using BGP EVPN
Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...Puppet
The document discusses managing trusted instances in the cloud. It outlines the problem of verifying instances provisioned in the cloud are legitimate. It then provides an overview of a solution where instances generate certificate signing requests with metadata upon launch, and a puppetmaster signs the requests after verifying the instance information with the cloud provider API. Signed certificates are returned to the instances containing the metadata, allowing the instances to be identified and classified in puppet configurations.
Couch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean WinnTrevor Roberts Jr.
Tuesday, August 13th session of the vBrownBag OpenStack Sack Lunch Series: Couch to OpenStack. With Sean Winn's help, we cover Neutron, the OpenStack Networking Service formerly known as Quantum. Neutron configures network access and services for your OpenStack instances. Credit to Ken Pepple for the OpenStack Project Diagram, and to Dan Wendlandt and the VMware Team for the workflow used in the lab
This document provides instructions for installing and configuring the OpenStack Glance image service. It begins with setting up the necessary variables and creating the Glance service and database in Keystone. It then walks through installing and configuring Glance, verifying the installation, and uploading two test images. It concludes by discussing some concepts of Glance like image formats and providing references for more documentation. The next steps outlined are expanding the deployment to two servers by modifying Vagrant files and installing necessary Nova packages to introduce compute functionality.
(NET301) New Capabilities for Amazon Virtual Private CloudAmazon Web Services
Amazon's Virtual Private Cloud (Amazon VPC) continues to evolve with new capabilities and enhancements. These features give you increasingly greater isolation, control, and visibility at the all-important networking layer. In this session, we review some of the latest changes, discuss their value, and describe their use cases.
This document describes a development environment setup on a Mac OS X workstation for working with various technologies like Cassandra, Redis, Kafka, Mongo, and Elasticsearch. It includes commands for starting ("devenv.sh up") and stopping ("devenv.sh kill") the development environment. It also mentions using Virtual Box and Vagrant to automate the environment setup, and Docker containers to provide a zero downtime deployment model from any branch to web servers.
This document describes a development environment setup on a Mac OS X workstation for working with various technologies like Cassandra, Redis, Kafka, Mongo, and Elasticsearch. It includes commands for starting ("devenv.sh up") and stopping ("devenv.sh kill") the development environment. It also mentions using Virtual Box and Vagrant to automate the environment setup, and Docker containers to provide a zero downtime deployment model from any branch to a web environment through staging and production data layers.
This document discusses various ways to interface Apache CloudStack with other cloud platforms like AWS and GCE. It provides examples of using CloudStack's native AWS and GCE interfaces to manage resources on those platforms. It concludes that CloudStack has a strong API and ecosystem for building hybrid cloud solutions, and coverage of the AWS API is expanding.
Kubernetes와 Kubernetes on OpenStack 환경의 비교와 그 구축방법에 대해서 알아봅니다.
1. 클라우드 동향
2. Kubernetes vs Kubernetes on OpenStack
3. Kubernetes on OpenStack 구축 방벙
4. Kubernetes on OpenStack 운영 방법
This kickstart file configures an ESXi 5.0 installation on a server. It clears partitions on the first disk, installs ESXi using the first disk and overwrites any existing VMFS partitions. It sets the root password, reboots after installation, configures the management network interface, and configures a vSwitch with port groups.
In this talk you can expect to learn what OCI containers are, how to build them and why you may want them. The first part will be a brief introduction to OCI containers followed by the motivation behind our use-case at the OpenStack/Magnum project and the Container Service at CERN. How we leverage OCI containers and why we chose them to offer container infrastructure to our users, meaning running kubernetes, etcd, flanneld, OpenStack-specific daemons, CERN-specific tools, the docker daemon and cri-o.
The second part will be a shallow dive on how to run and build OCI containers from scratch and most importantly how to populate the famous config.json file, the heart of the OCI configuration. This part will include examples on how to use docker, runc, rkt, atomic and buildah.
This document describes the message processing and dispatching procedures for Simple Network Management Protocol (SNMP) messages. It defines how the dispatcher routes SNMP messages to the appropriate message processing model based on message version, and how it routes PDUs to applications based on message contents. It also describes the SNMPv3 message processing model. The key responsibilities of the dispatcher are to send and receive SNMP messages, dispatch PDUs to applications, and coordinate with message processing models.
Tuesday, July 30th session of the vBrownBag OpenStack Sack Lunch Series: Couch to OpenStack. We cover Nova, the Compute Service that deploys and runs VMs.
Bare-metal and Virtual Provisioning with RazorKristian Reese
The document discusses Razor, an open source provisioning application that can deploy bare-metal and virtual systems based on hardware characteristics. It provides an overview of Razor's capabilities and components like repositories, tags, policies, and brokers. The key stages of Razor's workflow are described: discovery, task, and broker phase. Advanced topics like Razor hooks that can trigger scripts during a node's lifecycle are also covered. References for additional Razor documentation and resources are listed at the end.
Change Data Capture (CDC) and the Kafka Scylla Connector now allow Scylla to act as a data producer for Kafka streams. Discover how combining Scylla with the Confluent platform allows to maximize the value of NoSQL data by introducing Scylla as a key component of event driven architecture and enables streaming database changes, enriching these updates via message transformations, and allowing users to efficiently run data pipelines.
This document discusses advanced Linux firewall configuration using Netfilter and Iptables. It begins with an introduction of the speaker and an overview of the topics to be covered, including packet processing, connection tracking, iptables rules and tables, iptables modules, and managing firewall rules for cloud environments. The document then delves into technical details like the sk_buff packet representation in Linux, the Netfilter packet flow, basic iptables usage, and differences between stateful and stateless firewalls.
DeveloperWeek 2015: A Practical Introduction to DockerSteve Smith
Steve Smith gave a presentation on Docker and how it can be used for development and testing. He demonstrated how to build Docker images for Elasticsearch and Postgresql databases. Fig was shown to automate and simplify running linked Docker containers. Continuous integration and deployment with Docker was briefly discussed. While Docker provides benefits, it is still changing rapidly and there is no single solution.
The document describes the initialization phase of an IMPORT job in Sqoop 2. It shows that the SqoopInputFormat gets splits from the database, which are then passed to the Partitioner to determine how to partition the data among mapper tasks. This establishes the basic workflow of reading data from the source and partitioning it for import into HDFS.
Similar to CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster (20)
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/how-axelera-ai-uses-digital-compute-in-memory-to-deliver-fast-and-energy-efficient-computer-vision-a-presentation-from-axelera-ai/
Bram Verhoef, Head of Machine Learning at Axelera AI, presents the “How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-efficient Computer Vision” tutorial at the May 2024 Embedded Vision Summit.
As artificial intelligence inference transitions from cloud environments to edge locations, computer vision applications achieve heightened responsiveness, reliability and privacy. This migration, however, introduces the challenge of operating within the stringent confines of resource constraints typical at the edge, including small form factors, low energy budgets and diminished memory and computational capacities. Axelera AI addresses these challenges through an innovative approach of performing digital computations within memory itself. This technique facilitates the realization of high-performance, energy-efficient and cost-effective computer vision capabilities at the thin and thick edge, extending the frontier of what is achievable with current technologies.
In this presentation, Verhoef unveils his company’s pioneering chip technology and demonstrates its capacity to deliver exceptional frames-per-second performance across a range of standard computer vision networks typical of applications in security, surveillance and the industrial sector. This shows that advanced computer vision can be accessible and efficient, even at the very edge of our technological ecosystem.
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
3. Why CoreOS?
Built-in clustering
Few binaries
No packaging system
Dependent on containers for managing software and apps
Light weight, fat-free
Automatic updates
4. A single, distributed init system
Encourages small, ephemeral units / services
Schedules units into the cluster based on declared
conflicts in systemd unit files
Fault tolerant
Can be managed locally or remotely by fleetctl
CoreOS building blocks
systemd
fleet
etcd
8. mkdir ~/coreos; cd ~/coreos
git clone https://github.com/coreos/coreos-
vagrant.git
1b: Clone the coreos-
vagrant repo
9. cd coreos-vagrant
cp config.rb.sample config.rb
vim config.rb
change $num_instances:
$num_instances=3
change $update_channel:
$update_channel=‘beta’
Change $forwarded_ports:
$forwarded_ports = {8000 => 8888}
1c: modify your config.rb
We’ll use this later
You’ll get 3 CoreOS
VMs
‘alpha’ if you like
bleeding edge,
‘stable’ if you
want to stay sane.
10. Visit https://discovery.etcd.io/new?size=3
(you’ll need a new one every time you destroy a
cluster)
Copy the entire URL provided in the body of
the response
1d: get yourself a
discovery token
12. The $private_ipv4 and $public_ipv4 substitutio
n variables are fully supported in cloud-config
on Vagrant. They will map to the first statically
defined private and public networks defined in
the Vagrantfile.
A note on $private_ipv4
and $public_ipv4
substitution variables
18. cd /path/to/coreos-vagrant
eval $(ssh-agent)
# Add the correct vagrant .ssh identity
vagrant ssh-config | sed -n "s/IdentityFile//gp" |
uniq | xargs ssh-add
2b: start your engines
Ensure
ssh-agent
is running
NOTE: You’ll need to rerun these steps each time you blow away your vagrant CoreOS
cluster.
19. export
FLEETCTL_TUNNEL="127.0.0.1:$(vagrant ssh-
config | grep -i 'port' | awk '{print $2; exit}')"
# remove your fleet known hosts
rm ~/.fleetctl/known_hosts
2c: Prepare for takeoff
NOTE: You’ll need to rerun these steps each time you blow away your vagrant CoreOS
cluster.
23. Containers, microservices => stateless
Containers => spin them up quick
Load balancing => how does it work?
Considerations at scale
24. When we start a unit, auto-add it to the web
cluster
When we destroy a unit, auto-remove it from
the web cluster
When a container is flakey, don’t use it
Spin up lots of my units without a hassle
Desired
25. +----------------------------+
| |
| Web server / RP |
| |
+-------------+--------------+
|
+-------------+--------------+
| |
| App server |
| |
+-------------+--------------+
|
+-------------+--------------+
| |
| Database |
| |
+----------------------------+
Standard 3-tier architecture
26. +----------------------------+
| |
| Web server / RP |
| |
+-------------+--------------+
|
+-------------+--------------+
| |
| App server |
| |
+-------------+--------------+
|
+-------------+--------------+
| |
| Database |
| |
+----------------------------+
… just won’t work here.
Needs to scale,
be fault
tolerant, have
speed and be
nearby.
27. +----------------------------+
| |
| Web server / RP |
| |
+-------------+--------------+
|
+-------------+--------------+
| |
| App server |
| |
+-------------+--------------+
|
+-------------+--------------+
| |
| Database |
| |
+----------------------------+
… just won’t work here.
Needs to be
stateless, needs
to focus on
dynamic
workloads.
28. +----------------------------+
| |
| Web server / RP |
| |
+-------------+--------------+
|
+-------------+--------------+
| |
| App server |
| |
+-------------+--------------+
|
+-------------+--------------+
| |
| Database |
| |
+----------------------------+
… just won’t work here.
Needs to
handle caching,
should really be
a CDN, should
be great at
delivering
static content.
29. CDN is a must – S3 for asset sync
Cache as much as you can – varnish,
CloudFront
Load balancing
Web server as a RP
App server / runtime
Database as a service
Key/value store – e.g. redis, cache as much as
you can
To achieve true web scale
30. Tonight’s example:
Wordpress at (localhost) scale
A traditional app, not written with containers and
true scale in mind. Yet it is still incredibly popular
as a blogging and web platform worldwide.
Localhost scale
32. +---------80----------+
| |
| Load Balancer |
| |
+--------8888---------+
/ |
/ |
+-------8888---------+ +--------8888--------+ +-------8888---------+
| | | | | |
| core-01 | | core-02 | | core-03 |
| | | | | |
+--------------------+ +--------------------+ +--------------------+
| vulcand | | vulcand | | vulcand |
+--------------------+ +--------------------+ +--------------------+
| discovery sidekick | | discovery sidekick | | discovery sidekick |
+--------------------+---+--------------------+--+--------------------+
| wp wp wp wp wp wpn | | wp wp wp wp wp wpn | | wp wp wp wp wp wpn |
+--------------------+ +--------------------+ +--------------------+
How we’ll solve it
Imagine everything above
the line is solvable with
haproxy … it is.
fleetunits
As wp units are
started, discovery
notifies vulcand
by writing to etcd
33. mkdir ~/coreos; cd ~/coreos
git clone git@github.com:shaundomingo/coreos-
units.git
3a: Clone my repo
34. Modify the following files to add details of your database
server and S3 bucket and AWS keys:
coreos-units/clusterable-
wordpress/wordpress/wordpress@.service
and
coreos-units/clusterable-wordpress/wordpress/wordpress-
admin.service
3b: Add config
35. Either follow clusterable-wordpress/README.md for
instructions on how to run, or if you’re like me and like to
cheat:
cd coreos-units/clusterable-wordpress
./wordpress-up.sh
There’ll be some errors/warnings … that’s normal.
3c: Run *.*
42. Built a CoreOS cluster in the complete privacy
of our own laptops… well except for docker, and github, and, OH …
Brought to life the complexities of container
management and scale
Made you a CoreOS genius in a few minutes
What have we done?
Built-in clustering support – it just works, all you need is a is a unique discovery token
Few binaries – it is literally barebones
No packaging system (no apt-get or yum) – which makes the machine lightweight and extremely easy to upgrade
Dependent on Docker containers for managing software and apps on the OS.
Flannel: a generic overlay network, that can be used as an alternative to existing software defined networking solutions. Provides each host in a cluster is given it’s own subnet (e.g. /24). Uses etcd to maintain mappings between allocated subnets and real host IPs. Perfect for container networking. Although it is shipped as a docker container … it is not shipped with CoreOS.
Rocket is CoreOS’ very own container runtime. And, guess what it’s just a downloadable zip file from https://github.com/coreos/rocket. So you can run containers in a jiffy. There’s a whole demo in that component sometime.