Capistrano is a tool for automating tasks on remote servers. It executes commands in parallel on targeted machines and provides rollback of changes. Capistrano uses Net::SSH, Net::SFTP, and Net::SCP to automate tasks over SSH, and supports features like task chaining, streams, prompts, roles, and detecting/rolling back broken jobs.
Internal presentation of Docker, Lightweight Virtualization, and linux Containers; at Spotify NYC offices, featuring engineers from Yandex, LinkedIn, Criteo, and NASA!
Openstack Networking Internals - first partlilliput12
Openstack Networking Internals - first part
Description of the Virtual Network Infrastructure inside an OpenStack cluster
The pictures of the VNI were taken with the "Show my network state" tool
https://sites.google.com/site/showmynetworkstate/
Wrangling with the Ghost: An Inside Story of Mitigating Speculative Execution...Priyanka Aash
2018 started off with a bang as the world was introduced to a new class of hardware vulnerability which became known as Meltdown and Spectre. New classes of vulnerabilities are exceedingly rare and this one came with ramifications for the security boundaries that web browsers, operating systems, and cloud providers rely on for isolation to protect customer data. Now, rewind back to the summer of 2017. This disclosure and the industry response were months in the making. A new class of vulnerability comes with challenges rarely mounted and the need to pull back to examine our thinking.
In this presentation, we will describe Microsoft's approach to researching and mitigating speculative execution side channel vulnerabilities. This approach involved bringing experts from across Microsoft, hiring an industry expert to accelerate our understanding of the issues, and collaborating across the industry in a way not done previously. This team presentation between Microsoft and G DATA will provide a firsthand account of the engineering centric work done and the collaboration necessary to mitigate these issues. We will describe the taxonomy and framework we created which provided the industry foundation for reasoning about this new vulnerability class. This work built on the initial researcher reports and expanded into a larger understanding of the issues. Using this foundation, we will describe the mitigations that Microsoft developed and the impact they have on Spectre and Meltdown.
Internal presentation of Docker, Lightweight Virtualization, and linux Containers; at Spotify NYC offices, featuring engineers from Yandex, LinkedIn, Criteo, and NASA!
Openstack Networking Internals - first partlilliput12
Openstack Networking Internals - first part
Description of the Virtual Network Infrastructure inside an OpenStack cluster
The pictures of the VNI were taken with the "Show my network state" tool
https://sites.google.com/site/showmynetworkstate/
Wrangling with the Ghost: An Inside Story of Mitigating Speculative Execution...Priyanka Aash
2018 started off with a bang as the world was introduced to a new class of hardware vulnerability which became known as Meltdown and Spectre. New classes of vulnerabilities are exceedingly rare and this one came with ramifications for the security boundaries that web browsers, operating systems, and cloud providers rely on for isolation to protect customer data. Now, rewind back to the summer of 2017. This disclosure and the industry response were months in the making. A new class of vulnerability comes with challenges rarely mounted and the need to pull back to examine our thinking.
In this presentation, we will describe Microsoft's approach to researching and mitigating speculative execution side channel vulnerabilities. This approach involved bringing experts from across Microsoft, hiring an industry expert to accelerate our understanding of the issues, and collaborating across the industry in a way not done previously. This team presentation between Microsoft and G DATA will provide a firsthand account of the engineering centric work done and the collaboration necessary to mitigate these issues. We will describe the taxonomy and framework we created which provided the industry foundation for reasoning about this new vulnerability class. This work built on the initial researcher reports and expanded into a larger understanding of the issues. Using this foundation, we will describe the mitigations that Microsoft developed and the impact they have on Spectre and Meltdown.
Some of the biggest issues at the center of analyzing large amounts of data are query flexibility, latency, and fault tolerance. Modern technologies that build upon the success of “big data” platforms, such as Apache Hadoop, have made it possible to spread the load of data analysis to commodity machines, but these analyses can still take hours to run and do not respond well to rapidly-changing data sets.
A new generation of data processing platforms -- which we call “stream architectures” -- have converted data sources into streams of data that can be processed and analyzed in real-time. This has led to the development of various distributed real-time computation frameworks (e.g. Apache Storm) and multi-consumer data integration technologies (e.g. Apache Kafka). Together, they offer a way to do predictable computation on real-time data streams.
In this talk, we will give an overview of these technologies and how they fit into the Python ecosystem. As part of this presentation, we also released streamparse, a new Python that makes it easy to debug and run large Storm clusters.
Links:
* http://parse.ly/code
* https://github.com/Parsely/streamparse
* https://github.com/getsamsa/samsa
Training Slides: 104 - Basics - Working With Command Line ToolsContinuent
This 62min training session takes an in-depth look at the command line tools used in conjunction with Tungsten Clustering.
TOPICS COVERED
- Re-cap the previous Installation
- Explore the main Command Line Tools
- tpm
- cctrl
- trepctl
- thl
(Check my blog @ http://www.marioalmeida.eu/ )
In this presentation I present the performance metrics and results of running the parsec benchmark with the raytrace application on Upc's boada server
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
Containers are everywhere. But what exactly is a container? What are they made from? What's the difference between LXC, butts-nspawn, Docker, and the other container systems out there? And why should we bother about specific filesystems?
In this talk, Jérôme will show the individual roles and behaviors of the components making up a container: namespaces, control groups, and copy-on-write systems. Then, he will use them to assemble a container from scratch, and highlight the differences (and likelinesses) with existing container systems.
[Defcon24] Introduction to the Witchcraft Compiler CollectionMoabi.com
With this presentation, we take a new approach to reverse engineering. Instead of attempting to decompile code, we seek to undo the work of the linker and produce relocatable files, the typical output of a compiler. The main benefit of the later technique over the former being that it does work. Once achieved universal code ‘reuse’ by relinking those relocatable objects as arbitrary shared libraries, we'll create a form of binary reflection, add scripting capabilities and in memory debugging using a JIT compiler, to attain automated API prototyping and annotation, which, we will argue, constitutes a primary form of binary code self awareness. Finally, we'll see how abusing the dynamic linker internals shall elegantly solve a number of complex tasks for us, such as calling a given function within a binary without having to craft a valid input to reach it.
The applications in terms of vulnerability exploitation, functional testing, static analysis validation and more generally computer wizardry being tremendous, we'll have fun demoing some new exploits in real life applications, and commit public program profanity, such as turning PEs into ELFs, functional scripting of sshd in memory, stealing crypto routines without even disassembling them, among other things that were never supposed to work. All the above techniques have been implemented into the Wichcraft Compiler Collection, to be released as proper open source software (MIT/BSD-2 licenses) exclusively at DEF CON 24.
Jonathan Brossard is a computer whisperer from France, although he's been living in Brazil, India, Australia and now lives in San Francisco. For his first conference at DEF CON 16, he hacked Microsoft Bitlocker, McAffee Endpoint and a fair number of BIOS Firmwares. During his second presentation at DEF CON 20, he presented Rakshasa, a BIOS malware based on open source software, the MIT Technology review labeled "incurable and undetectable".
This year will be his third DEF CON ... Endrazine is also known in the community for having run the Hackito Ergo Sum and NoSuchCon conferences in France, participating to the Shakacon Program Committee in Hawaii, and authoring a number of exploits over the past decade. Including the first remote Windows 10 exploit and several hardcore reverse engineering tools and whitepapers. Jonathan is part of the team behind MOABI.COM, and acts as the Principal Engineer of Product Security at Salesforce.
Twitter: @endrazine
Facebook: toucansystem
https://moabi.com
Some of the biggest issues at the center of analyzing large amounts of data are query flexibility, latency, and fault tolerance. Modern technologies that build upon the success of “big data” platforms, such as Apache Hadoop, have made it possible to spread the load of data analysis to commodity machines, but these analyses can still take hours to run and do not respond well to rapidly-changing data sets.
A new generation of data processing platforms -- which we call “stream architectures” -- have converted data sources into streams of data that can be processed and analyzed in real-time. This has led to the development of various distributed real-time computation frameworks (e.g. Apache Storm) and multi-consumer data integration technologies (e.g. Apache Kafka). Together, they offer a way to do predictable computation on real-time data streams.
In this talk, we will give an overview of these technologies and how they fit into the Python ecosystem. As part of this presentation, we also released streamparse, a new Python that makes it easy to debug and run large Storm clusters.
Links:
* http://parse.ly/code
* https://github.com/Parsely/streamparse
* https://github.com/getsamsa/samsa
Training Slides: 104 - Basics - Working With Command Line ToolsContinuent
This 62min training session takes an in-depth look at the command line tools used in conjunction with Tungsten Clustering.
TOPICS COVERED
- Re-cap the previous Installation
- Explore the main Command Line Tools
- tpm
- cctrl
- trepctl
- thl
(Check my blog @ http://www.marioalmeida.eu/ )
In this presentation I present the performance metrics and results of running the parsec benchmark with the raytrace application on Upc's boada server
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
Containers are everywhere. But what exactly is a container? What are they made from? What's the difference between LXC, butts-nspawn, Docker, and the other container systems out there? And why should we bother about specific filesystems?
In this talk, Jérôme will show the individual roles and behaviors of the components making up a container: namespaces, control groups, and copy-on-write systems. Then, he will use them to assemble a container from scratch, and highlight the differences (and likelinesses) with existing container systems.
[Defcon24] Introduction to the Witchcraft Compiler CollectionMoabi.com
With this presentation, we take a new approach to reverse engineering. Instead of attempting to decompile code, we seek to undo the work of the linker and produce relocatable files, the typical output of a compiler. The main benefit of the later technique over the former being that it does work. Once achieved universal code ‘reuse’ by relinking those relocatable objects as arbitrary shared libraries, we'll create a form of binary reflection, add scripting capabilities and in memory debugging using a JIT compiler, to attain automated API prototyping and annotation, which, we will argue, constitutes a primary form of binary code self awareness. Finally, we'll see how abusing the dynamic linker internals shall elegantly solve a number of complex tasks for us, such as calling a given function within a binary without having to craft a valid input to reach it.
The applications in terms of vulnerability exploitation, functional testing, static analysis validation and more generally computer wizardry being tremendous, we'll have fun demoing some new exploits in real life applications, and commit public program profanity, such as turning PEs into ELFs, functional scripting of sshd in memory, stealing crypto routines without even disassembling them, among other things that were never supposed to work. All the above techniques have been implemented into the Wichcraft Compiler Collection, to be released as proper open source software (MIT/BSD-2 licenses) exclusively at DEF CON 24.
Jonathan Brossard is a computer whisperer from France, although he's been living in Brazil, India, Australia and now lives in San Francisco. For his first conference at DEF CON 16, he hacked Microsoft Bitlocker, McAffee Endpoint and a fair number of BIOS Firmwares. During his second presentation at DEF CON 20, he presented Rakshasa, a BIOS malware based on open source software, the MIT Technology review labeled "incurable and undetectable".
This year will be his third DEF CON ... Endrazine is also known in the community for having run the Hackito Ergo Sum and NoSuchCon conferences in France, participating to the Shakacon Program Committee in Hawaii, and authoring a number of exploits over the past decade. Including the first remote Windows 10 exploit and several hardcore reverse engineering tools and whitepapers. Jonathan is part of the team behind MOABI.COM, and acts as the Principal Engineer of Product Security at Salesforce.
Twitter: @endrazine
Facebook: toucansystem
https://moabi.com
Introduction to metasploit that we presented to the 4th year compsci students at Rhodes university.Covering the basic functionality of metasploit, and penetration testing.
The practical section that Etienne made (with Ponies) will come soon.
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
A participant will acquire basic skills of searching for vulnerabilities on switches and routers from various vendors. The masterclass will cover both common network vulnerabilities, and exceptive cases that can be detected in the process of security assessment of real networks.
This is a talk that I gave at the San Francisco DevOps meetup on 9/29/15. I talk about how Yelp performs service discovery using SmartStack and Docker.
Apache Samza is a distributed stream processing framework, that's used Kafka for messaging, and YARN to provide fault tolerance, processor isolation, security, and resource management.
You need Event Mesh, not Service Mesh - Chris Suszynski [WJUG 301]Chris Suszyński
You've probably heard about building microservices-style applications, right? It's likely that you've heard that a service mesh (such as Istio) can help you achieve this. Unfortunately, in most cases that's an antipattern. Instead, what you need is the Event Mesh. Using the Event Mesh could help you architect your application into a distributed CQRS-style solution that would eventually reconcile system state.
In this session, you'll learn why you should avoid using blocking API calls when building your microservices, and instead use the CQRS architecture to separate commands and queries. Your architecture for commands should be implemented with asynchronous events, which are processed whenever possible. We'll take some inspiration from the Kubernetes architecture, and how you can model such a reconciliation loop within your own enterprise microservices. All this on top of the Knative framework, as an excellent example of event mesh implementation.
Code testing and Continuous Integration are just the first step in a source code to production process. Combined with infrastructure-as-code tools such as Puppet the whole process can be automated, and tested!
Node has captured the attention of early adopters by clearly differentiating itself as being asynchronous from the ground up while remaining accessible. Now that server side JavaScript is at the cutting edge of the asynchronous, real time web, it is in a much better position to establish itself as the go to language for also making synchronous, CRUD webapps and gain a stronger foothold on the server.
This talk covers the current state of server side JavaScript beyond Node. It introduces Common Node, a synchronous CommonJS compatibility layer using node-fibers which bridges the gap between the different platforms. We look into Common Node's internals, compare its performance to that of other implementations such as RingoJS and go through some ideal use cases.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
Intermediate Capistrano
1. Capistrano at your command
Tips and tricks, from wimp to winner
Lee Hambley - August 20th 2009
1
2. What’s on the menu?
✤ Capistrano’s Structure
✤ Net::SSH
✤ The Scope of Execution
✤ Task chaining; your own multi-stage
✤ Streams
✤ Prompts
2
3. Simply put, Capistrano is a tool for automating
tasks on one or more remote servers. It executes
commands in parallel on all targeted machines,
and provides a mechanism for rolling back
Capistrano changes across multiple machines. It is ideal for
anyone doing any kind of system administration,
either professionally or incidentally.
What’s in the Box?
Net::SSH Net::SFTP Net::SCP
Net::SSH::Gateway
$ gem dependency capistrano
Gem capistrano-2.5.8
Capistrano’s Structure net-ssh (>= 2.0.10, runtime)
net-sftp (>= 2.0.0, runtime)
net-scp (>= 1.0.0, runtime)
net-ssh-gateway (>= 1.0.0, runtime)
3
4. Simply put, Capistrano is a tool for automating
tasks on one or more remote servers. It executes
commands in parallel on all targeted machines,
and provides a mechanism for rolling back
Capistrano changes across multiple machines. It is ideal for
anyone doing any kind of system administration,
either professionally or incidentally.
What’s in the Box?
✤ Consistent support for different source
control software.
Net::SSH Net::SFTP Net::SCP
Net::SSH::Gateway
$ gem dependency capistrano
Gem capistrano-2.5.8
Capistrano’s Structure net-ssh (>= 2.0.10, runtime)
net-sftp (>= 2.0.0, runtime)
net-scp (>= 1.0.0, runtime)
net-ssh-gateway (>= 1.0.0, runtime)
3
5. Simply put, Capistrano is a tool for automating
tasks on one or more remote servers. It executes
commands in parallel on all targeted machines,
and provides a mechanism for rolling back
Capistrano changes across multiple machines. It is ideal for
anyone doing any kind of system administration,
either professionally or incidentally.
What’s in the Box?
✤ Consistent support for different source
control software.
Net::SSH Net::SFTP Net::SCP ✤ Rake-esque task definitions, including
before/after callbacks for method
chaining.
Net::SSH::Gateway
$ gem dependency capistrano
Gem capistrano-2.5.8
Capistrano’s Structure net-ssh (>= 2.0.10, runtime)
net-sftp (>= 2.0.0, runtime)
net-scp (>= 1.0.0, runtime)
net-ssh-gateway (>= 1.0.0, runtime)
3
6. Simply put, Capistrano is a tool for automating
tasks on one or more remote servers. It executes
commands in parallel on all targeted machines,
and provides a mechanism for rolling back
Capistrano changes across multiple machines. It is ideal for
anyone doing any kind of system administration,
either professionally or incidentally.
What’s in the Box?
✤ Consistent support for different source
control software.
Net::SSH Net::SFTP Net::SCP ✤ Rake-esque task definitions, including
before/after callbacks for method
chaining.
Net::SSH::Gateway
✤ Ability to detect and rollback broken jobs
using transactions
$ gem dependency capistrano
Gem capistrano-2.5.8
Capistrano’s Structure net-ssh (>= 2.0.10, runtime)
net-sftp (>= 2.0.0, runtime)
net-scp (>= 1.0.0, runtime)
net-ssh-gateway (>= 1.0.0, runtime)
3
7. Simply put, Capistrano is a tool for automating
tasks on one or more remote servers. It executes
commands in parallel on all targeted machines,
and provides a mechanism for rolling back
Capistrano changes across multiple machines. It is ideal for
anyone doing any kind of system administration,
either professionally or incidentally.
What’s in the Box?
✤ Consistent support for different source
control software.
Net::SSH Net::SFTP Net::SCP ✤ Rake-esque task definitions, including
before/after callbacks for method
chaining.
Net::SSH::Gateway
✤ Ability to detect and rollback broken jobs
using transactions
✤ Roles, :app, :web, :db & :define-your-own
$ gem dependency capistrano
Gem capistrano-2.5.8
Capistrano’s Structure net-ssh (>= 2.0.10, runtime)
net-sftp (>= 2.0.0, runtime)
net-scp (>= 1.0.0, runtime)
net-ssh-gateway (>= 1.0.0, runtime)
3
8. Net::SSH
✤ Magical pure-Ruby
implementation of the SSH
protocol.
✤ Honours your ~/ssh/config
settings.
✤ Supports (creating and using)
Tunnels, Gateways, Agent
Forwarding and more...
✤ Super clean syntax...
9. Net::SSH
✤ Magical pure-Ruby
implementation of the SSH
protocol.
✤ Honours your ~/ssh/config
settings.
✤ Supports (creating and using)
Tunnels, Gateways, Agent
Forwarding and more...
✤ Super clean syntax...
10. Net::SSH
✤ Magical pure-Ruby
implementation of the SSH
protocol.
✤ Honours your ~/ssh/config
settings.
✤ Supports (creating and using)
Tunnels, Gateways, Agent
Forwarding and more...
✤ Super clean syntax...
11. The Scope of Execution
✤ What runs where?
✤ What permissions will I need?
✤ Obscure errors about permissions?
✤ .. lots of different things happening
12. The Scope of Execution
$ → cap deploy
Calling another Capistrano task.
* executing `deploy'
* executing `deploy:update' Transactions, you can define what to do for
your own transactions if a task within it fails.
** transaction: start
{
* executing `deploy:update_code' A shell command run on your workstation.
executing locally: "git ls-remote git@github.com:leehambley/
capistrano-website.git HEAD"
A shell command run remotely.
* executing "git clone -q git@github.com:leehambley/capistrano-
website.git /u/apps/capistrano-website/releases/20090820114515 && ...... "
{
* executing `deploy:finalize_update' A shell command run remotely, connecting
to your repository server. †
* executing "chmod -R g+w /u/apps/capistrano-website/releases/
20090820114515"
{
* executing `deploy:symlink'
* executing "rm -f /u/apps/capistrano-website/current && ln -s /u/apps/
capistrano-website/releases/20090820114515 /u/apps/capistrano-website/
current"
** transaction: commit † Requires passwordless access to your repository
server from your servers; this can be either keys (GitHub
deploy keys feature) or SSH agent forwarding to provide
your own key by proxy
14. Task Chaining
➊ ➋ ➌
$ rake db:migrate spec features
➊ ➋
$ cap check-ruby-version deploy
15. Task Chaining
➊ ➋ ➌
$ rake db:migrate spec features -----------------
➊ ➋
$ cap check-ruby-version deploy
16. Task Chaining
➊ ➋ ➌
$ rake db:migrate spec features -----------------
➊ ➋
$ cap check-ruby-version deploy
capture
Executes a command on a single host and returns
("captures") the output as a string.
stream
Very similar to run, but optimised for displaying
live streams of text (like tailed log files) from
multiple hosts.
run
Execute commands on one or more servers
17. Task Chaining
➊ ➋ ➌
$ rake db:migrate spec features -----------------
➊ ➋
$ cap check-ruby-version deploy
➊ ➋ ➌
$ cap staging check-ruby-version deploy
capture
Executes a command on a single host and returns
("captures") the output as a string.
stream
Very similar to run, but optimised for displaying
live streams of text (like tailed log files) from
multiple hosts.
run
Execute commands on one or more servers
18. Task Chaining
➊ ➋ ➌
$ rake db:migrate spec features -----------------
➊ ➋
$ cap check-ruby-version deploy
➊ ➋ ➌
$ cap staging check-ruby-version deploy
capture
Executes a command on a single host and returns
("captures") the output as a string.
stream
Very similar to run, but optimised for displaying
live streams of text (like tailed log files) from
multiple hosts.
run
Execute commands on one or more servers
19. Streams?
In Unix and Unix-like operating systems, as well as certain
programming language interfaces, the standard streams are
pre-connected input and output channels between a
computer program and its environment (typically a text
terminal) when it begins execution. The three I/O
connections are called standard input, standard output and
standard error.
20. Streams?
In Unix and Unix-like operating systems, as well as certain
programming language interfaces, the standard streams are
pre-connected input and output channels between a
computer program and its environment (typically a text
terminal) when it begins execution. The three I/O
connections are called standard input, standard output and
standard error.
21. Streams?
In Unix and Unix-like operating systems, as well as certain
programming language interfaces, the standard streams are
pre-connected input and output channels between a
computer program and its environment (typically a text
terminal) when it begins execution. The three I/O
connections are called standard input, standard output and
standard error.