MCollective is a framework for system management and orchestration that allows users to execute tasks across many servers simultaneously. It uses message queuing as middleware to facilitate communication between a client and servers. Users can write custom agents in Ruby to perform actions on servers in response to messages. MCollective provides features for system discovery, inventory collection, task execution, and configuration management across thousands of nodes.
R.I. Pienaar gives an introduction to MCollective at the San Francisco and Silicon Valley joint Puppet User Group, May 2013.
Silicon Valley PUG: http://www.meetup.com/SiPMUG/
SF PUG: http://www.meetup.com/SFPMUG/#past
Using MCollective with Chef - cfgmgmtcamp.eu 2014Zachary Stevens
It's time to move beyond SSH for infrastructure management.
MCollective is an awesome orchestration framework.
Chef is an awesome configuration management tool.
Contrary to popular belief, they work great together.
Speaker notes available here: https://dl.dropboxusercontent.com/u/369373/cfgmgmtcamp.eu%202014%20-%20Chef%20%26%20MCollective.pdf
PuppetCamp SEA 1 - Puppet Deployment at OnAppWalter Heck
Wai Keen Woon, CTO CDN Division OnApp Malaysia, gave an interesting overview of what the Puppet architecture at OnApp looks like. The CDN division at OnApp is a large provider of CDN services, and as such makes a very interesting candidate for a case study.
R.I. Pienaar gives an introduction to MCollective at the San Francisco and Silicon Valley joint Puppet User Group, May 2013.
Silicon Valley PUG: http://www.meetup.com/SiPMUG/
SF PUG: http://www.meetup.com/SFPMUG/#past
Using MCollective with Chef - cfgmgmtcamp.eu 2014Zachary Stevens
It's time to move beyond SSH for infrastructure management.
MCollective is an awesome orchestration framework.
Chef is an awesome configuration management tool.
Contrary to popular belief, they work great together.
Speaker notes available here: https://dl.dropboxusercontent.com/u/369373/cfgmgmtcamp.eu%202014%20-%20Chef%20%26%20MCollective.pdf
PuppetCamp SEA 1 - Puppet Deployment at OnAppWalter Heck
Wai Keen Woon, CTO CDN Division OnApp Malaysia, gave an interesting overview of what the Puppet architecture at OnApp looks like. The CDN division at OnApp is a large provider of CDN services, and as such makes a very interesting candidate for a case study.
Testing your infrastructure with litmusBram Vogelaar
We have been able to test our puppet modules using rspec-puppet and
serverspec for a while now and the quality of our code is improving because
of it. This talk will introduce the new kid on the block litmus. This talk will show you how
to use litmus to test puppet modules and how to convert your existing modules to make use of litmus.
Walter Heck, founder of OlinData, presented a step-by-step guide on how to set up a proper puppet repository, complete with the brand new PuppetDB, exported resources and usage of open source modules.
Puppet is a configuration management tool which allows easy deployment and configuration ranging from 1 to 1 thousand servers (and even more). Even though its common knowledge for devops, puppet is still a strange piece of software for developers. How does it work and what can it do for you as a developer?
Puppet Performance Profiling - CM Camp 2015ripienaar
This talk will cover the basic life cycle of a Puppet Catalog from compilation request to report processing. It will explore the performance of some of the life cycle steps and show how you might instrument these steps using tools Puppet make available.
Along the way it will provide hints and tips on how to write performant facts and manifests.
IT Infrastructure Through The Public Network Challenges And SolutionsMartin Jackson
Identifying the challenges that companies face when they wish to adopt Infrastructure as a Service like those from Amazon and Rackspace and possible solutions to those problems. This presentation seeks to provide insight and possible solutions, covering the areas of security, availability, cloud standards, interoperability, vendor lock in and performance management.
Dennis Matotek, Technical Lead Platforms at Experian Hitwise Australia, gave an excellent presentation on setting up puppet using vagrant, puppet and testing, including a full demo of rspec-puppet and Jenkins.
Things like Infrastructure as Code, Service Discovery and Config Management can and have helped us to quickly build and rebuild infrastructure but we haven't nearly spend enough time to train our self to review, monitor and respond to outages. Does our platform degrade in a graceful way or what does a high cpu load really mean? What can we learn from level 1 outages to be able to run our platforms more reliably.
We all love infrastructure as code, we automate everything ™. However making sure all of our infrastructure assets are monitored effectively can be slow and resource intensive multi stage process. During this talk we will investigate how we can setup nomad cluster that can automatically scale our infrastructure both horizontally as vertically to be able to cope with increased demand by users/
This talk will focus on making sure we on configuring Nomad and its new autoscaler component to be able to make data driven decisions about scaling nomad jobs in or out to fit current customers usage.
A gentle introduction to Observability and how to setup a highly available monitoring platform across multiple datacenters.
During this talk we will investigate how we can setup and monitor an monitoring setup across 2 DCs using Prometheus, Loki, Tempo, Alertmanager and Grafana. monitoring some services with some lessons learned along the way.
This is a new version of a talk I presented at a Varnish Users Group meeting in Paris in 2012. We've added a few useful tools and improved our Puppet module since then.
Presented at the Devops Norway meetup in Oslo on 17th of September 2014.
We all love infrastructure as code, we automate everything ™ but how many
of us can really say we could destroy and recreate our core infrastructure
without human intervention. Can you be sure there isnt a DNS problem or
that all the things ™ are done in the right order This talk walks the
audience through a green fields exercise that sets up service discovery
using Consul, infrastructure as code using terraform, using images build
with packer and configured using puppet.
Current session guides through Vagrant. Shows some tips and tricks and targeted to software developers.
Practical activities can be found here: https://github.com/akranga/devops-hackathon-1
Things like Infrastructure as Code, Service Discovery and Config Management can and have helped us to quickly build and rebuild infrastructure but we haven't nearly spend enough time to train our self to review, monitor and respond to outages. Does our platform degrade in a graceful way or what does a high cpu load really mean? What can we learn from level 1 outages to be able to run our platforms more reliably.
We all love infrastructure as code, we automate everything ™. However making sure all of our infrastructure assets are monitored effectively can be slow and resource intensive multi stage process. During this talk we will investigate how we can setup and observe a service mesh platform using HashiCorp's Consul Connect by recording its metrics. logs and traces.
This talk will focus on configuring and analysing the metrics, logs and traces Consul Connect produces using Prometheus, Loki, Tempo and Grafana.
Testing your infrastructure with litmusBram Vogelaar
We have been able to test our puppet modules using rspec-puppet and
serverspec for a while now and the quality of our code is improving because
of it. This talk will introduce the new kid on the block litmus. This talk will show you how
to use litmus to test puppet modules and how to convert your existing modules to make use of litmus.
Walter Heck, founder of OlinData, presented a step-by-step guide on how to set up a proper puppet repository, complete with the brand new PuppetDB, exported resources and usage of open source modules.
Puppet is a configuration management tool which allows easy deployment and configuration ranging from 1 to 1 thousand servers (and even more). Even though its common knowledge for devops, puppet is still a strange piece of software for developers. How does it work and what can it do for you as a developer?
Puppet Performance Profiling - CM Camp 2015ripienaar
This talk will cover the basic life cycle of a Puppet Catalog from compilation request to report processing. It will explore the performance of some of the life cycle steps and show how you might instrument these steps using tools Puppet make available.
Along the way it will provide hints and tips on how to write performant facts and manifests.
IT Infrastructure Through The Public Network Challenges And SolutionsMartin Jackson
Identifying the challenges that companies face when they wish to adopt Infrastructure as a Service like those from Amazon and Rackspace and possible solutions to those problems. This presentation seeks to provide insight and possible solutions, covering the areas of security, availability, cloud standards, interoperability, vendor lock in and performance management.
Dennis Matotek, Technical Lead Platforms at Experian Hitwise Australia, gave an excellent presentation on setting up puppet using vagrant, puppet and testing, including a full demo of rspec-puppet and Jenkins.
Things like Infrastructure as Code, Service Discovery and Config Management can and have helped us to quickly build and rebuild infrastructure but we haven't nearly spend enough time to train our self to review, monitor and respond to outages. Does our platform degrade in a graceful way or what does a high cpu load really mean? What can we learn from level 1 outages to be able to run our platforms more reliably.
We all love infrastructure as code, we automate everything ™. However making sure all of our infrastructure assets are monitored effectively can be slow and resource intensive multi stage process. During this talk we will investigate how we can setup nomad cluster that can automatically scale our infrastructure both horizontally as vertically to be able to cope with increased demand by users/
This talk will focus on making sure we on configuring Nomad and its new autoscaler component to be able to make data driven decisions about scaling nomad jobs in or out to fit current customers usage.
A gentle introduction to Observability and how to setup a highly available monitoring platform across multiple datacenters.
During this talk we will investigate how we can setup and monitor an monitoring setup across 2 DCs using Prometheus, Loki, Tempo, Alertmanager and Grafana. monitoring some services with some lessons learned along the way.
This is a new version of a talk I presented at a Varnish Users Group meeting in Paris in 2012. We've added a few useful tools and improved our Puppet module since then.
Presented at the Devops Norway meetup in Oslo on 17th of September 2014.
We all love infrastructure as code, we automate everything ™ but how many
of us can really say we could destroy and recreate our core infrastructure
without human intervention. Can you be sure there isnt a DNS problem or
that all the things ™ are done in the right order This talk walks the
audience through a green fields exercise that sets up service discovery
using Consul, infrastructure as code using terraform, using images build
with packer and configured using puppet.
Current session guides through Vagrant. Shows some tips and tricks and targeted to software developers.
Practical activities can be found here: https://github.com/akranga/devops-hackathon-1
Things like Infrastructure as Code, Service Discovery and Config Management can and have helped us to quickly build and rebuild infrastructure but we haven't nearly spend enough time to train our self to review, monitor and respond to outages. Does our platform degrade in a graceful way or what does a high cpu load really mean? What can we learn from level 1 outages to be able to run our platforms more reliably.
We all love infrastructure as code, we automate everything ™. However making sure all of our infrastructure assets are monitored effectively can be slow and resource intensive multi stage process. During this talk we will investigate how we can setup and observe a service mesh platform using HashiCorp's Consul Connect by recording its metrics. logs and traces.
This talk will focus on configuring and analysing the metrics, logs and traces Consul Connect produces using Prometheus, Loki, Tempo and Grafana.
The world of JavaScript client-side frameworks is overflowing with contenders vying for the crown, but which one do you choose for your next project? Which one has what it takes?
In this talk we’ll look at the “Big 3”, AngularJS, Ember.js, and Backbone.js. We’ll compare them head to head, toe to toe. We’ll look at the pros and cons of each one. How do they handle form bindings? Talking to APIs? Code organization? Routing? Etc?
Who’ll come out victorious in this battle of the JavaScript frameworks, or will we all just come out bloodied and bruised on the other side? Guess we’ll find out!
An introduction into Backbone.js – a lightweight MVC framework. Backbone supplies structure to JavaScript-heavy applications by providing models with key-value binding and custom events, collections with a rich API of enumerable functions, views with declarative event handling, and connects it all to your existing application over a RESTful JSON interface.
Beautiful Maintainable ModularJavascript Codebase with RequireJS - HelsinkiJ...Mikko Ohtamaa
This presentation is a RequireJS tutorial and targeted for front-end developers who need to maintain Javascript codebases larger than ~5 files. By using RequireJS for client-side Javascript modules, module dependency and minification one can have a project which is easier to maintain and you struggle less with everyday Javascript development tasks like debugging and deployment. The slides and tutorial were originally presented in HelsinkiJS June 2012 meet-up.
Monitoring as Code: Getting to Monitoring-Driven Development - DEV314 - re:In...Amazon Web Services
“Infrastructure as Code” has changed not only how we think about configuring infrastructure, but about the infrastructure itself. AWS has been at the core of this movement, enabling your infrastructure teams to benefit from software engineering best practices such as CI/CD, automated testing, and repeatable deployments. Now that you have mastered the art of managing your infrastructure as code, it’s time to leverage these same lessons for monitoring and metrics. In this session, we dive into how you can leverage tooling such as AWS, Terraform, and Datadog to programmatically define your monitoring so that you that you can scale your organizational observability along with your infrastructure, and attain consistency from local development all the way through production.
Session sponsored by Datadog, Inc.
fog or: How I Learned to Stop Worrying and Love the CloudWesley Beary
Learn how to easily get started on cloud computing with fog. If you can control your infrastructure choices, you’ll make better choices in development and get what you need in production. You'll get an overview of fog and concrete examples to give you a head start on your provisioning workflow.
fog or: How I Learned to Stop Worrying and Love the Cloud (OpenStack Edition)Wesley Beary
Cloud computing scared the crap out of me - the quirks and nightmares of provisioning cloud computing, dns, storage, ... on AWS, Terremark, Rackspace, ... - I mean, where do you even start?
Since I couldn't find a good answer, I undertook the (probably insane) task of creating one. fog gives you a place to start by creating abstractions that work across many different providers, greatly reducing the barrier to entry (and the cost of switching later). The abstractions are built on top of solid wrappers for each api. So if the high level stuff doesn't cut it you can dig in and get the job done. On top of that, mocks are available to simulate what clouds will do for development and testing (saving you time and money).
You'll get a whirlwind tour of basic through advanced as we create the building blocks of a highly distributed (multi-cloud) system with some simple Ruby scripts that work nearly verbatim from provider to provider. Get your feet wet working with cloud resources or just make it easier on yourself as your usage gets more complex, either way fog makes it easy to get what you need from the cloud.
The OpenStack Edition adds my concerns about OpenStack API development, including things that have already been fixed and things that we haven't yet encountered. Hopefully this consumer perspective can help shed light on some rough spots.
Serverless in production, an experience report (London DevOps)Yan Cui
AWS Lambda has changed the way we deploy and run software, but this new serverless paradigm has created new challenges to old problems - how do you test a cloud-hosted function locally? How do you monitor them? What about logging and config management? And how do we start migrating from existing architectures? In this talk Yan and Domas will discuss solutions to these challenges by drawing from real-world experience running Lambda in production and migrating from an existing monolithic architecture.
In this presentation, I am going to briefly talk about 'what cloud is' and highlight the various types of cloud (IaaS, PaaS, SaaS). The bulk of the talk will be about using the fog gem using IaaS. I will discuss fog concepts (collections, models, requests, services, providers) and supporting these with actual examples using fog
Hunting for APT in network logs workshop presentationOlehLevytskyi1
Nonamecon 2021 presentation.
Network logs are one of the most efficient sources to hunt adversaries, but building good analytics capabilities require a deep understanding of benign activity and attacker behavior. This training focuses on detecting real-case attacks, tools and scenarios by the past year.
The training is highly interactive and retains a good balance between theory and a lot of hands-on exercises for the students to get used to the detection engineering methodology and prepare them to start implementing this at their organizations.
Presentation topics:
- Netflow Mitre Matrix view
- Full packet captures vs Netflow
- Zeek
- Zeek packages
- RDP initial comprometation
- Empire Powershell and CobaltStrike or what to expect after initial loader execution.
- Empire powershell initial connection
- Beaconing. RITA
- Scanning detection
- Internal enumeration detection
- Lateral movement techniques widely used
- Kerberos attacks
- PSExec and fileless ways of delivering payloads in the network
- Zerologon detection
- Data exfiltration
- Data exfiltration over C2 channel
- Data exfiltration using time size limits (data chunks)
- DNS exfiltration
- Detecting ransomware in your network
- Real incident investigation
Authors:
Oleh Levytskyi (https://twitter.com/LeOleg97)
Bogdan Vennyk (https://twitter.com/bogdanvennyk)
Introducing envoy-based service mesh at Booking.comIvan Kruglov
Service mesh is a dedicated layer of a company's infrastructure which should simplify communication between services and make it reliable, secure and observable.
In this talk, we'll go deep into Booking.com's case study of introducing service mesh. We will discover the reasons and objectives of the project. Why Envoy was selected as the base rather than other available options. Find out what is the setup and features of the homegrown control plane. We will expand on what service is provided for developers and how they safely deploy potentially dangerous configuration changes. Finally, we will talk about pitfalls met along the way.
Serverless in production, an experience report (linuxing in london)Yan Cui
AWS Lambda has changed the way we deploy and run software, but this new serverless paradigm has created new challenges to old problems - how do you test a cloud-hosted function locally? How do you monitor them? What about logging and config management? And how do we start migrating from existing architectures?
In this talk Yan and Scott will discuss solutions to these challenges by drawing from real-world experience running Lambda in production and migrating from an existing monolithic architecture.
Oracle Drivers configuration for High AvailabilityLudovico Caldara
... is it a developer's job?
UCP, GridLink, TAF, AC, TAC, FAN… The configuration of Oracle Drivers for application high availability is not an easy job. The developers often care about the minimal working configuration, while the DBAs are busy with the operations. In this session I will try to demystify application server’s connectivity to the database and give a direction toward the highest availability, using Real Application Clusters and new Oracle features like TAC and CMAN TDM.
How I Learned to Stop Worrying and Love the Cloud - Wesley Beary, Engine YardSV Ruby on Rails Meetup
Wesley Beary: Cloud computing scared the crap out of me - the quirks and nightmares
of provisioning computing and storage on AWS, Terremark, Rackspace,
etc - until I took the bull by the horns. Let me now show you how I
tamed that bull.
Learn how to easily get started cloud computing with fog. It gives you
the reins within any Ruby application or script. If you can control
your infrastructure choices, you can make better choices in
development and get what you need in production.
You'll get an overview of fog and concrete examples to give you a head
start on your own provisioning workflow.
With more and more companies adopting microservices and service-oriented architectures, it becomes clear that the HTTP/RPC synchronous communication (while great) is not always the best option for every use case.
In this presentation, I discuss two approaches to an asynchronous event-based architecture. The first is a "classic" style protocol (Python services driven by callbacks with decorators communicating using a messaging layer) that we've been implementing at Demonware (Activision) for Call of Duty back-end services. The second is an actor-based approach (Scala/Akka based microservices communicating using a messaging layer and a centralized router) in place at Bench Accounting.
Both systems, while event based, take different approaches to building asynchronous, reactive applications. This talk explores the benefits, challenges, and lessons learned architecting both Actor and Non-Actor systems.
Consul is a service for dynamic Service Discovery, a Distributed Key Value store, and Lock Manager service. It provides a lot of useful features for a modern admin, and provides a good complement to Puppet's feature set.
Dylan Cochran of Onyx Point Inc will be showing us how to use Puppet to manage consul, how to use consul to implement advanced administrator actions, and how to use consul to store configuration data that can be used in your puppet modules.
Consul is a service for dynamic Service Discovery, a Distributed Key Value store, and Lock Manager service. It provides a lot of useful features for a modern admin, and provides a good complement to Puppet's feature set.
Dylan Cochran of Onyx Point Inc will be showing us how to use Puppet to manage consul, how to use consul to implement advanced administrator actions, and how to use consul to store configuration data that can be used in your puppet modules.
Similar to Introduction to Marionette Collective (20)
Automating it management with Puppet + ServiceNowPuppet
As the leading IT Service Management and IT Operations Management platform in the marketplace, ServiceNow is used by many organizations to address everything from self service IT requests to Change, Incident and Problem Management. The strength of the platform is in the workflows and processes that are built around the shared data model, represented in the CMDB. This provides the ‘single source of truth’ for the organization.
Puppet Enterprise is a leading automation platform focused on the IT Configuration Management and Compliance space. Puppet Enterprise has a unique perspective on the state of systems being managed, constantly being updated and kept accurate as part of the regular Puppet operation. Puppet Enterprise is the automation engine ensuring that the environment stays consistent and in compliance.
In this webinar, we will explore how to maximize the value of both solutions, with Puppet Enterprise automating the actions required to drive a change, and ServiceNow governing the process around that change, from definition to approval. We will introduce and demonstrate several published integration points between the two solutions, in the areas of Self-Service Infrastructure, Enriched Change Management and Automated Incident Registration.
Simplified Patch Management with Puppet - Oct. 2020Puppet
Does your company struggle with patching systems? If so, you’re not alone — most organizations have attempted to solve this issue by cobbling together multiple tools, processes, and different teams, which can make an already complicated issue worse.
Puppet helps keep hosts healthy, secure and compliant by replacing time-consuming and error prone patching processes with Puppet’s automated patching solution.
Join this webinar to learn how to do the following with Puppet:
Eliminate manual patching processes with pre-built patching automation for Windows and Linux systems.
Gain visibility into patching status across your estate regardless of OS with new patching solution from the PE console.
Ensure your systems are compliant and patched in a healthy state
How Puppet Enterprise makes patch management easy across your Windows and Linux operating systems.
Presented by: Margaret Lee, Product Manager, Puppet, and Ajay Sridhar, Sr. Sales Engineer, Puppet.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
19. What is Middleware?
• The
Software that handles
communication between services.
• The SERVICE that transfers the
‘request’ and the ‘response’.
• No logic ITSELF - like TCP/IP
• SMTP Analogy: Think of it as a mail
server with routing rules.
• IRC Analogy: The IRC server
20. What’s a Message Queue?
• Datastore that applications
can write-to or read-from.
• SMTP Analogy: Like the mail
queue on your smtp server.
• The individual chat room in
the IRC analogy.
21. So what is MCollective?
• The software that sends/receives messages over the queue
• ‘Agents’ perform actions on the system based on message
content
• IRC Analogy: People in the Chatroom
• SMTP Analogy: Your Email Client and You
22. Agents?
• Agents execute commands on
all your ‘Server’ nodes
• The response from the agent home$ rm -Rf /
is returned to the ‘Client’
• MCollectiveprovides a built-in
filtering mechanism
23. Writing Agents
Simple (as) RPC
• ‘SimpleRPC’ is the framework we use for creating
agents
• Abstracts common/difficult tasks (discovery,
filtering)
• Agents written in Ruby
24. Simple Agent
module MCollective
module Agent
class Printer<RPC::Agent
Printer
metadata :name => 'printer',
:description => 'Printers and printing',
:author => 'Gary Larizza',
:license => 'BSD',
:version => '0.1',
:url =>'http://puppetlabs.com',
:timeout => 100
action 'list'
'list' do
reply[:output] = `lpstat -a | cut -d ' ' -f 1
lpstat 1`.split("n")
end
end
end
end
25. Simple Agent
module MCollective
module Agent
class Printer<RPC::Agent
Printer
metadata :name => 'printer',
:description => 'Printers and printing',
:author => 'Gary Larizza',
:license => 'BSD',
:version => '0.1',
:url =>'http://puppetlabs.com',
:timeout => 100
action 'list'
'list' do
reply[:output] = `lpstat -a | cut -d ' ' -f 1
lpstat 1`.split("n")
end
end
end
end
26. Simple Agent
module MCollective
module Agent
Agent Name
class Printer<RPC::Agent
Printer
metadata :name => 'printer',
:description => 'Printers and printing',
:author => 'Gary Larizza',
:license => 'BSD',
:version => '0.1',
:url =>'http://puppetlabs.com',
:timeout => 100
action 'list'
'list' do
reply[:output] = `lpstat -a | cut -d ' ' -f 1
lpstat 1`.split("n")
end
end
end
end
27. Simple Agent
module MCollective
module Agent
Agent Name
class Printer<RPC::Agent
Printer
metadata :name => 'printer',
:description => 'Printers and printing',
:author => 'Gary Larizza',
:license => 'BSD',
Action Name
:version => '0.1',
:url =>'http://puppetlabs.com',
:timeout => 100
action 'list'
'list' do
reply[:output] = `lpstat -a | cut -d ' ' -f 1
lpstat 1`.split("n")
end
end
end
end
28. Simple Agent
module MCollective
module Agent
Agent Name
class Printer<RPC::Agent
Printer
metadata :name => 'printer',
:description => 'Printers and printing',
:author => 'Gary Larizza',
:license => 'BSD',
Action Name
Command to be Run
:version => '0.1',
:url =>'http://puppetlabs.com',
:timeout => 100
action 'list'
'list' do
reply[:output] = `lpstat -a | cut -d ' ' -f 1
lpstat 1`.split("n")
end
end
end
end
29. Simple Agent
module MCollective
module Agent
class Printer<RPC::Agent
Printer
metadata :name => 'printer',
:description => 'Printers and printing',
:author => 'Gary Larizza',
:license => 'BSD',
:version => '0.1',
:url =>'http://puppetlabs.com',
:timeout => 100
action 'list'
'list' do
reply[:output] = `lpstat -a | cut -d ' ' -f 1
lpstat 1`.split("n")
end
end
end
end
30. Running an Agent
mco rpc printer list --with-fact location=HHS
Agent Name Filter
Action Name Fact Filter
32. Leverage the Power of Puppet
• Puppet NOT necessary for MCollective…but RAL is awesome!
• Use Resource Abstraction Layer:
• Start/Stop Services
• Query system resources (users, groups, packages, etc...)
• Puppet NEED NOT be actively running!
• Filter Nodes based on Puppet Classes
33. Don’t Forget Facter!
• Facter facts available as Metadata
• Filter nodes based on Facts
• Query fact values across
collectives
34. mco facts location
Report for fact: location
HHS found 91 times
MJHS found 8 times
SHEL found 20 times
WIS found 11 times
Finished processing 131 / 131 hosts in 3185.64 ms
35. Centralized Inventory with
Decentralization
• No CENTRAL data store for Inventory
• Use Facts/Metadata/Classes to compile list of nodes
• Query Warranty, Location, Purchase Date
• Export live data for archival (website, reports, wiki)
37. Plug-able and Customizable!
• Plugins:
• Custom Agents
• Security
• Facts
• MCollective is a platform on which we’ve shipped
a set of rudimentary programs.