IPS is a transactional, metadata-driven packaging system used by several Solaris variants to manage software installation and updates. Key concepts include FMRIs to uniquely identify packages, package manifests that describe file actions and dependencies, publishers that provide packages, repositories to store and serve packages, the image where packages are installed, and boot environments that provide bootable snapshots of images. Common IPS commands are used to install, update, list, search, and manage packages.
This document discusses issues with running OpenStack in a multi-region mode and proposes Tricircle as a solution. It notes that in a multi-region OpenStack deployment, each region runs independently with separate instances of services like Nova, Cinder, Neutron, etc. Tricircle aims to integrate multiple OpenStack regions into a unified cloud by acting as a central API gateway and providing global views and replication of resources, tenants, and metering data across regions. It discusses how Tricircle could address issues around networking, quotas, resource utilization monitoring and more in a multi-region OpenStack deployment.
On-demand recording: nginx.com/resources/webinars/nginx-basics-best-practices
You’ve heard of NGINX and the benefits it can provide to your web application, but maybe you’re not sure how to get started. There are a lot of tutorials online, but they can be outdated and contradict each other, making things more challenging. In this webinar we’ll cover the basics of NGINX to help you effectively begin using it as part of your existing or new web app.
This webinar covers how to:
* Install NGINX and verify it's properly running
* Create NGINX configurations for reverse proxy, load balancer, etc.
* Improve performance using keepalives and other NGINX directives
* Debug and troubleshoot using NGINX logs
The document discusses Network Functions Virtualization (NFV) and OpenStack. It provides an overview of NFV, describing what NFV is and its key benefits. It also summarizes the work completed in Phase 1 of the ETSI NFV Industry Specification Group, including published documents on NFV architecture, interfaces, and requirements. The document then presents examples of NFV proofs-of-concept involving virtualized network functions and orchestration using OpenStack. It concludes with a discussion of requirements for integrating NFV and OpenStack, such as support for multiple hypervisors, hardware acceleration, and security.
This document provides an overview and planning guidelines for a first Ceph cluster. It discusses Ceph's object, block, and file storage capabilities and how it integrates with OpenStack. Hardware sizing examples are given for a 1 petabyte storage cluster with 500 VMs requiring 100 IOPS each. Specific lessons learned are also outlined, such as realistic IOPS expectations from HDD and SSD backends, recommended CPU and RAM per OSD, and best practices around networking and deployment.
This document discusses issues with running OpenStack in a multi-region mode and proposes Tricircle as a solution. It notes that in a multi-region OpenStack deployment, each region runs independently with separate instances of services like Nova, Cinder, Neutron, etc. Tricircle aims to integrate multiple OpenStack regions into a unified cloud by acting as a central API gateway and providing global views and replication of resources, tenants, and metering data across regions. It discusses how Tricircle could address issues around networking, quotas, resource utilization monitoring and more in a multi-region OpenStack deployment.
On-demand recording: nginx.com/resources/webinars/nginx-basics-best-practices
You’ve heard of NGINX and the benefits it can provide to your web application, but maybe you’re not sure how to get started. There are a lot of tutorials online, but they can be outdated and contradict each other, making things more challenging. In this webinar we’ll cover the basics of NGINX to help you effectively begin using it as part of your existing or new web app.
This webinar covers how to:
* Install NGINX and verify it's properly running
* Create NGINX configurations for reverse proxy, load balancer, etc.
* Improve performance using keepalives and other NGINX directives
* Debug and troubleshoot using NGINX logs
The document discusses Network Functions Virtualization (NFV) and OpenStack. It provides an overview of NFV, describing what NFV is and its key benefits. It also summarizes the work completed in Phase 1 of the ETSI NFV Industry Specification Group, including published documents on NFV architecture, interfaces, and requirements. The document then presents examples of NFV proofs-of-concept involving virtualized network functions and orchestration using OpenStack. It concludes with a discussion of requirements for integrating NFV and OpenStack, such as support for multiple hypervisors, hardware acceleration, and security.
This document provides an overview and planning guidelines for a first Ceph cluster. It discusses Ceph's object, block, and file storage capabilities and how it integrates with OpenStack. Hardware sizing examples are given for a 1 petabyte storage cluster with 500 VMs requiring 100 IOPS each. Specific lessons learned are also outlined, such as realistic IOPS expectations from HDD and SSD backends, recommended CPU and RAM per OSD, and best practices around networking and deployment.
MySQL Performance Best Practices document discusses various techniques for optimizing MySQL performance. It covers monitoring performance with tools like MySQL Enterprise Monitor, optimizing configurations such as increasing the InnoDB buffer pool size, balancing data consistency versus performance by adjusting the innodb_flush_log_at_trx_commit setting, and summarizes that monitoring is essential to identify performance issues and test configuration changes before deploying to production.
The document discusses establishing a true DevOps culture and environment. It begins by describing the traditional battle between developers and operations staff. DevOps aims to resolve this conflict by having developers and operations work together across the entire application lifecycle. The document then outlines some of the challenges in implementing DevOps and presents steps for establishing a true DevOps environment, including having a common language, planning infrastructure and processes together, coding to DevOps best practices, coordinating deployments, and centralizing monitoring and logs. Key aspects are involving all teams early, sharing information transparently, and avoiding prioritizing specific tools over collaboration.
How to Avoid the Top 5 NGINX Configuration MistakesNGINX, Inc.
When helping NGINX users, we see the same configuration mistakes over and over again. Occasionally, these configurations are even written by fellow NGINX engineers!
Some misconfigurations are worse than others. Minor mistakes might just hurt NGINX performance a bit, but others can introduce serious security vulnerabilities. Not only can those mistakes result in data loss, they have the potential to snowball into countless other negative side effects: data breaches, loss of reputation, and ex‑customers.
In this webinar, we explore five of the most prevalent NGINX misconfigurations. Learn how to detect them and – most importantly – how to avoid and correct them.
[Defcon] Hardware backdooring is practicalMoabi.com
This presentation will demonstrate that permanent backdooring of hardware is practical. We have built a generic proof of concept malware for the intel architecture, Rakshasa, capable of infecting more than a hundred of different motherboards. The first net effect of Rakshasa is to disable NX permanently and remove SMM related fixes from the BIOS, resulting in permanent lowering of the security of the backdoored computer, even after complete earasing of hard disks and reinstallation of a new operating system. We shall also demonstrate that preexisting work on MBR subvertions such as bootkiting and preboot authentication software bruteforce can be embedded in Rakshasa with little effort. More over, Rakshasa is built on top of free software, including the Coreboot project, meaning that most of its source code is already public. This presentation will take a deep dive into Coreboot and hardware components such as the BIOS, CMOS and PIC embedded on the motherboard, before detailing the inner workings of Rakshasa and demo its capabilities. It is hoped to raise awareness of the security community regarding the dangers associated with non open source firmwares shipped with any computer and question their integrity. This shall also result in upgrading the best practices for forensics and post intrusion analysis by including the afore mentioned firmwares as part of their scope of work.
This presentation features a walk through the Linux kernel networking stack covering the essentials and recent developments a developer needs to know. Our starting point is the network card driver as it feeds a packet into the stack. We will follow the packet as it traverses through various subsystems such as packet filtering, routing, protocol stacks, and the socket layer. We will pause here and there to look into concepts such as segmentation offloading, TCP small queues, and low latency polling. We will cover APIs exposed by the kernel that go beyond use of write()/read() on sockets and will look into how they are implemented on the kernel side.
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpJames Denton
Architecting a private cloud to meet the use cases of its users can be a daunting task. How do you determine which of the many L2/L3 Neutron plugins and drivers to implement? Does network performance outweigh reliability? Are overlay networks just as performant as VLAN networks? The answers to these questions will drive the appropriate technology choice.
In this presentation, we will look at many of the common drivers built around the ML2 framework, including LinuxBridge, OVS, OVS+DPDK, SR-IOV, and more, and will provide performance data to help drive decisions around selecting a technology that's right for the situation. We will discuss our experience with some of these technologies, and the pros and cons of one technology over another in a production environment.
Kubecost provides real-time cost visibility and insights for teams using Kubernetes, helping you continuously reduce your cloud costs. Infracost shows cloud cost estimates for Terraform. It lets DevOps, SRE and engineers see a cost breakdown and understand costs before making changes, either in the terminal or pull requests.
Multi-container Applications on OpenShift with Ansible Service BrokerAmazon Web Services
The document discusses Ansible Service Broker, which allows deploying multi-container applications on OpenShift using Ansible playbooks and roles. It defines the Open Service Broker API for provisioning services and describes how Ansible Playbook Bundles provide a standardized way to define and deliver services using Ansible playbooks. A demo shows how to use an Ansible Playbook Bundle to provision a PostgreSQL database on OpenShift and bind it to a Python web application.
macvlan and ipvlan allow VMs and containers to have direct exposure to the host network by assigning them their own MAC/IP addresses without requiring a bridge. macvlan uses MAC addresses to separate traffic while ipvlan uses layer 3. Both are lighter weight than bridges. macvlan is commonly used in bridge mode to allow communication between VMs/containers on the same host, while ipvlan may be preferred when MAC limits are in place or for untrusted networks.
This document compares Terraform and Pulumi infrastructure as code tools. It provides overviews of each tool, including what they are, how they work, and why to use them. For Terraform, it describes it as an IaC tool that defines cloud and on-premise resources in configuration files. For Pulumi, it notes it uses familiar programming languages for IaC. The document also compares key differences like syntax, testing, structuring large projects, and state file troubleshooting. It ends with best practices for both tools.
Running Kubernetes in Production: A Million Ways to Crash Your Cluster - DevO...Henning Jacobs
This document summarizes Henning Jacobs' talk on running Kubernetes in production and the many ways clusters can crash. It describes several incidents Zalando faced with their Kubernetes clusters that led to outages, including API server issues causing ingress problems, etcd deletion causing cluster downtime, EC2 networking issues, image pulling failures, and credential processing bottlenecks preventing deployments. Each incident highlighted lessons around disaster recovery planning, automated testing of upgrades, monitoring cloud infrastructure, and avoiding resource starvation.
Composer is a dependency manager for PHP that allows projects to declare and install dependencies. It works by defining dependencies in a composer.json file and installing them into a vendor directory. This ensures all environments have identical dependency versions. Composer also handles autoloading so dependencies can be used immediately after including the vendor/autoload.php file. It is commonly used to manage library dependencies within a project and distribute PHP libraries to others via Packagist.
A soup to nuts presentation on using Composer and repository servers to manage and leverage shared code libraries for personal projects to the largest enterprise.
MySQL Performance Best Practices document discusses various techniques for optimizing MySQL performance. It covers monitoring performance with tools like MySQL Enterprise Monitor, optimizing configurations such as increasing the InnoDB buffer pool size, balancing data consistency versus performance by adjusting the innodb_flush_log_at_trx_commit setting, and summarizes that monitoring is essential to identify performance issues and test configuration changes before deploying to production.
The document discusses establishing a true DevOps culture and environment. It begins by describing the traditional battle between developers and operations staff. DevOps aims to resolve this conflict by having developers and operations work together across the entire application lifecycle. The document then outlines some of the challenges in implementing DevOps and presents steps for establishing a true DevOps environment, including having a common language, planning infrastructure and processes together, coding to DevOps best practices, coordinating deployments, and centralizing monitoring and logs. Key aspects are involving all teams early, sharing information transparently, and avoiding prioritizing specific tools over collaboration.
How to Avoid the Top 5 NGINX Configuration MistakesNGINX, Inc.
When helping NGINX users, we see the same configuration mistakes over and over again. Occasionally, these configurations are even written by fellow NGINX engineers!
Some misconfigurations are worse than others. Minor mistakes might just hurt NGINX performance a bit, but others can introduce serious security vulnerabilities. Not only can those mistakes result in data loss, they have the potential to snowball into countless other negative side effects: data breaches, loss of reputation, and ex‑customers.
In this webinar, we explore five of the most prevalent NGINX misconfigurations. Learn how to detect them and – most importantly – how to avoid and correct them.
[Defcon] Hardware backdooring is practicalMoabi.com
This presentation will demonstrate that permanent backdooring of hardware is practical. We have built a generic proof of concept malware for the intel architecture, Rakshasa, capable of infecting more than a hundred of different motherboards. The first net effect of Rakshasa is to disable NX permanently and remove SMM related fixes from the BIOS, resulting in permanent lowering of the security of the backdoored computer, even after complete earasing of hard disks and reinstallation of a new operating system. We shall also demonstrate that preexisting work on MBR subvertions such as bootkiting and preboot authentication software bruteforce can be embedded in Rakshasa with little effort. More over, Rakshasa is built on top of free software, including the Coreboot project, meaning that most of its source code is already public. This presentation will take a deep dive into Coreboot and hardware components such as the BIOS, CMOS and PIC embedded on the motherboard, before detailing the inner workings of Rakshasa and demo its capabilities. It is hoped to raise awareness of the security community regarding the dangers associated with non open source firmwares shipped with any computer and question their integrity. This shall also result in upgrading the best practices for forensics and post intrusion analysis by including the afore mentioned firmwares as part of their scope of work.
This presentation features a walk through the Linux kernel networking stack covering the essentials and recent developments a developer needs to know. Our starting point is the network card driver as it feeds a packet into the stack. We will follow the packet as it traverses through various subsystems such as packet filtering, routing, protocol stacks, and the socket layer. We will pause here and there to look into concepts such as segmentation offloading, TCP small queues, and low latency polling. We will cover APIs exposed by the kernel that go beyond use of write()/read() on sockets and will look into how they are implemented on the kernel side.
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpJames Denton
Architecting a private cloud to meet the use cases of its users can be a daunting task. How do you determine which of the many L2/L3 Neutron plugins and drivers to implement? Does network performance outweigh reliability? Are overlay networks just as performant as VLAN networks? The answers to these questions will drive the appropriate technology choice.
In this presentation, we will look at many of the common drivers built around the ML2 framework, including LinuxBridge, OVS, OVS+DPDK, SR-IOV, and more, and will provide performance data to help drive decisions around selecting a technology that's right for the situation. We will discuss our experience with some of these technologies, and the pros and cons of one technology over another in a production environment.
Kubecost provides real-time cost visibility and insights for teams using Kubernetes, helping you continuously reduce your cloud costs. Infracost shows cloud cost estimates for Terraform. It lets DevOps, SRE and engineers see a cost breakdown and understand costs before making changes, either in the terminal or pull requests.
Multi-container Applications on OpenShift with Ansible Service BrokerAmazon Web Services
The document discusses Ansible Service Broker, which allows deploying multi-container applications on OpenShift using Ansible playbooks and roles. It defines the Open Service Broker API for provisioning services and describes how Ansible Playbook Bundles provide a standardized way to define and deliver services using Ansible playbooks. A demo shows how to use an Ansible Playbook Bundle to provision a PostgreSQL database on OpenShift and bind it to a Python web application.
macvlan and ipvlan allow VMs and containers to have direct exposure to the host network by assigning them their own MAC/IP addresses without requiring a bridge. macvlan uses MAC addresses to separate traffic while ipvlan uses layer 3. Both are lighter weight than bridges. macvlan is commonly used in bridge mode to allow communication between VMs/containers on the same host, while ipvlan may be preferred when MAC limits are in place or for untrusted networks.
This document compares Terraform and Pulumi infrastructure as code tools. It provides overviews of each tool, including what they are, how they work, and why to use them. For Terraform, it describes it as an IaC tool that defines cloud and on-premise resources in configuration files. For Pulumi, it notes it uses familiar programming languages for IaC. The document also compares key differences like syntax, testing, structuring large projects, and state file troubleshooting. It ends with best practices for both tools.
Running Kubernetes in Production: A Million Ways to Crash Your Cluster - DevO...Henning Jacobs
This document summarizes Henning Jacobs' talk on running Kubernetes in production and the many ways clusters can crash. It describes several incidents Zalando faced with their Kubernetes clusters that led to outages, including API server issues causing ingress problems, etcd deletion causing cluster downtime, EC2 networking issues, image pulling failures, and credential processing bottlenecks preventing deployments. Each incident highlighted lessons around disaster recovery planning, automated testing of upgrades, monitoring cloud infrastructure, and avoiding resource starvation.
Composer is a dependency manager for PHP that allows projects to declare and install dependencies. It works by defining dependencies in a composer.json file and installing them into a vendor directory. This ensures all environments have identical dependency versions. Composer also handles autoloading so dependencies can be used immediately after including the vendor/autoload.php file. It is commonly used to manage library dependencies within a project and distribute PHP libraries to others via Packagist.
A soup to nuts presentation on using Composer and repository servers to manage and leverage shared code libraries for personal projects to the largest enterprise.
This document provides an overview of the Phalcon PHP framework. It discusses how Phalcon works as a C extension for high performance, how it compares to other PHP frameworks in terms of performance, and how to install, configure and create projects with Phalcon. Key aspects covered include Phalcon being written in C for optimized performance, its loose coupling allowing use of individual components, and its integrated ORM for database interactions.
Prizm Content Connect is a lightweight document viewer flash control that allows applications to display and interact with different file formats like Microsoft Office documents. It provides a universal viewing solution and acts as a document container for embedding documents in a custom form or webpage. The viewer is lightweight, flexible and allows integrating an end-to-end solution using Office or other native format documents in a custom solution.
The document discusses versioning in OSGi and some of the challenges involved. It begins with an overview of how other platforms like Microsoft and Java handle versioning. It then covers OSGi's approach using bundles, version ranges, and a dynamic runtime. Some common issues are discussed like choosing appropriate version ranges and ensuring bundle quality in repositories. Tooling support from BND and the Eclipse PDE is also summarized.
Join us to discover how to use the PHP frameworks and tools you love in the Cloud with Heroku. We will cover best practices for deploying and scaling your PHP apps and show you how easy it can be. We will show you examples of how to deploy your code from Git and use Composer to manage dependencies during deployment. You will also discover how to maintain parity through all your environments, from development to production. If your apps are database-driven, you can also instantly create a database from the Heroku add-ons and have it automatically attached to your PHP app. Horizontal scalability has always been at the core of PHP application design, and by using Heroku for your PHP apps, you can focus on code features, not infrastructure.
An Overview of the IHK/McKernel Multi-kernel Operating SystemLinaro
By Balazs Gerofi, RIKEN Advanced Institute For Computational Science
RIKEN Advanced Institute for Computation Science is in charge of leading the development of Japan's next generation flagship supercomputer, the successor of the K. Part of this effort is to design and develop a system software stack that suits the needs of future extreme scale computing. In this talk, we focus on operating system (OS) requirements for HPC and discuss IHK/McKernel, a multi-kernel based operating system framework. IHK/McKernel runs Linux with a light-weight kernel (LWK) side-by-side on compute nodes with the primary motivation of providing scalable, consistent performance for large scale HPC simulations, but at the same time to retain a fully Linux compatible execution environment. We provide an overview of the project and discuss the status of its support for ARM architecture.
Balazs Gerofi Bio
Research Scientist at RIKEN Advanced Institute For Computational Science.
Email
bgerofi@riken.jp
For more info on The Linaro High Performance Computing (HPC) visit https://www.linaro.org/sig/hpc/
FreeNAS 8.3 introduces several new features including plugin support, full disk encryption using GELI, and improved ZFS functionality. The plugin architecture allows additional software to be installed through a graphical interface. Encryption provides data security by encrypting entire disks using AES-NI encryption. Other enhancements include deduplication, RAIDZ3 support, and expanding pool sizes. Resources for FreeNAS include documentation, forums, and mailing lists.
Oracle Solaris 11 - Best for Enterprise Applicationsglynnfoster
The document discusses Oracle Solaris 11 and its key technologies for deploying enterprise applications, including the Image Packaging System (IPS) and Service Management Facility (SMF). IPS provides integrated package and patch management through network repositories, while SMF enables automatic service restart and dependency management. The document provides examples of using tools like pkgsend and svcbundle to create and manage IPS packages and SMF manifests.
Composer is a tool for dependency management in PHP projects. It allows developers to declare project dependencies in a composer.json file. Composer will then automatically install the dependencies and generate autoloading configuration. It supports features like autoloading, semantic versioning, scripts/hooks, and integrating with version control systems. Many popular PHP projects and frameworks use Composer for dependency management.
Convert your package to multibuild on Open Build ServiceSUSE Labs Taipei
This document discusses converting a software package to use the multibuild feature on the Open Build Service. It begins by explaining how multiple build description files are currently handled for a package. It then introduces the concept of multibuild, which allows combining build description files and building different flavors of a package from the same source code repository. The remainder of the document provides an example of converting the libproxy package to use multibuild. It demonstrates how the build description files were combined and modified to support building both the main package and a "plugins" sub-package from the same source code.
This document provides instructions for setting up a Linux web server with Apache, PHP, SSL, and Frontpage support. It describes:
1. The components - Apache, PHP scripting language, SSL for secure connections, and Frontpage server extensions.
2. Installing each component - Downloading and compiling Apache, PHP as an Apache module, SSL libraries, and applying necessary patches.
3. Configuring Apache - Enabling PHP and SSL modules, configuring mime types and indexes, and applying the Frontpage patch.
This document provides information and instructions for installing and using the Phalcon PHP framework. Some key points:
- Phalcon is a full-stack PHP framework written as a C-extension for high performance. It offers MVC patterns and components that can be used individually.
- Installation involves compiling the C extension from source or downloading pre-compiled binaries. Configuration requires adding the extension to php.ini and restarting the web server.
- Example project structure and basic controller/view implementation are shown. Models interact with databases using the ORM. Routing and dependency injection are also demonstrated.
This document discusses using Docker to deploy PHP projects. It begins with an overview of some common challenges in deploying PHP projects, like different PHP version requirements across projects. It then introduces Docker and some of its key concepts like containers, images, and layered filesystems. The remainder of the document provides examples of basic Docker commands for pulling images, running containers, and listing containers. The goal is to illustrate how Docker can help isolate environments for different PHP projects and more easily manage varying PHP version requirements.
OSGi helps SOA by providing modularity, services, and dynamic loading capabilities at the JVM level. WSO2 Carbon uses OSGi as its core technology, allowing new functions to be plugged in modular bundles and providing a consistent platform for building a distributed SOA infrastructure from reusable components. While OSGi provides benefits like classloading management and proper modularity, there are also challenges to address like handling existing code and managing bundle start levels and patches.
This document introduces CommandBox, a ColdFusion command line interface (CLI) tool that provides features like a package manager, REPL environment, integrated server, and automation capabilities. It allows developers to install packages, run CFML code interactively, start ad-hoc servers, and automate tasks. CommandBox integrates with services like ForgeBox to provide a central repository of CFML packages that can be installed and managed.
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
In Kubernetes stellen wir Anwendungen als Instanz eines vordefinierten Container-Images bereit, dessen Eigenschaften deklarativ konfiguriert werden. Dies erleichtert die Automatisierung und Reproduzierbarkeit von Deployments, was wiederum das Betriebsrisiko verringert. Was wäre, wenn wir diese Eigenschaften auf die Serverprovisionierung ausweiten und das Betriebssystem selbst wie eine Anwendung in Kubernetes behandeln würden? Was wäre, wenn wir, anstatt Allzweck-Distributionen an unsere Bedürfnisse anzupassen, unseren Ansatz, wie ein “Cloud-Native” Betriebssystem funktionieren soll, von Grund auf überdenken würden? Unter Anwendung der gleichen Erwartungen, die wir an die Handhabung von Kubernetes-Anwendungen haben, präsentieren wir einen alternativen Ansatz für die Bereitstellung, Konfiguration und Lebenszyklusverwaltung des Betriebssystems. Mithilfe einer strikten Trennung von Betriebssystem und Anwendungen zeigen wir, wie ein wartbares, unveränderliches, imagebasiertes Betriebssystem erstellt werden kann. Und indem wir dieses Konzept erweitern, machen wir Provisionierunged problemlos und automatische Updates risikoarm. In diesem Vortrag werden wir auch einige der neuesten Entwicklungen zu Betriebssystemen behandeln und über das etablierte Konzept eines Container-Linux hinausgehen, hin zu einer Zukunft, die auf composable images Images mit systemd-sysext und einem generischen Modell für Image-baiserte Linux-Architekturen basiert.
This document provides an overview of the Phalcon PHP framework. It discusses why frameworks are important for PHP development and how traditional frameworks work. It then explains how Phalcon is different as it is implemented as a PHP extension written in C, making it faster than traditional frameworks. The document demonstrates how to install Phalcon, create a basic project structure, define controllers and models, and connect to a database.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
2. What Is IPS?
Image Packaging System, aka "pkg(5)"
Created by Sun for OpenSolaris
Now used by OmniOS, OpenIndiana, Oracle Solaris 11
Transactional, metadata-driven and integrated with ZFS
Network-based, extensive search grammar
Changes-only updates
3. Motivations
Unify packaging and OS patching
Be smf(5)- and ZFS-aware
Verify correct installation
Optimize for the update case
Ease developer burden
Add dependency-based network retrieval
4. IPS: The Good
Every package 100% described by metadata
Updating requires fetching only changed assets
Get a new BE automatically, when needed
Automatic fetching of dependencies
5. IPS: The Not-So-Good
No single-file on-disk format (except archives)
Latency-sensitive
No pre- or post-install scripting*
* This is actually a good thing! Tasks usually scripted are now first-class actions
6. A Few IPS Commands
pkg(1) :: installation and information client
pkgsend(1) :: publication client
pkgrecv(1) :: raw contents transfer utility
pkg.depotd(1M) :: repository server
pkgsign(1) :: cryptographic signing utility
7. IPS Concepts
FMRI :: Fault Managed Resource Identifier
Manifest :: describes a specific version of a package
Publisher :: entity that provides one or more packages
Repository :: location for publishing and retrieving pkgs
Image :: location where packages may be installed
Boot Environment :: (BE) bootable instance of an image
9. FMRIs in IPS
Publisher name is optional:
pkg://omnios/web/curl Must be preceded by '//' if present
Scheme is also optional:
/web/curl Leading '/' anchors to any publisher root
pkg:/web/curl Note the use of only one '/' after the scheme
web/curl Anything ending in '/web/curl'
curl Anything named 'curl' or ending in '/curl'
//omnios/web/curl Publisher included
10. FMRIs: Version
Strictly numeric comparison, split on punctuation
Comparison is left to right
7.31.0,5.11-0.151006:20130703T175442Z
7.31.0 Component Version ("the software's version")
5.11 Build Version (OS version, aka `uname -r`)
0.151006 Branch Version (distro-specific meaning)
20130703T175442Z Timestamp (ISO 8601)
11. FMRIs: Version
Versions may be included when specifying names:
curl@7.31
curl@*-0.151006
curl@7 Anything 7.x
7.31.x
Any version for branch 0.151006
13. IPS Concepts
FMRI :: Fault Managed Resource Identifier
Manifest :: describes a specific version of a package
Publisher :: entity that provides one or more packages
Repository :: location for publishing and retrieving pkgs
Image :: location where packages may be installed
Boot Environment :: (BE) bootable instance of an image
14. Package Manifest
Describes a specific version of a package
Collection of actions that deliver files, dirs, links,
dependencies, etc. via attributes
Attributes are key-value pairs
Viewable with `pkg contents -m <name>`
15. Package Manifest
set name=pkg.fmri value=pkg://omnios/web/curl@7.31.0,5.11-0.151006:20130703T175442Z
set name=pkg.summary value="curl - command line tool for transferring data with URL syntax"
set name=pkg.descr value="curl - command line tool for transferring data with URL syntax"
set name=publisher value=sa@omniti.com
dir group=bin mode=0755 owner=root path=usr/bin/amd64
file 3a8938b01cf732fc0b4838218d94508fca75e54c
chash=d923dfc752598ed149a64c873065fc71cbbf83fb
elfarch=i386 elfbits=64 elfhash=aabff399422fb0e74df8ffb4356d7bee97db89a5
group=bin mode=0755 owner=root
path=usr/bin/amd64/curl
pkg.csize=100864 pkg.size=174672
...
link path=usr/lib/amd64/libcurl.so target=libcurl.so.4.3.0
...
depend fmri=library/security/openssl@1.0.1 type=require
depend fmri=library/zlib type=require
depend fmri=web/ca-bundle type=require
16. Manifests: Dependencies
Require :: the referenced package provides essential
functionality; including a version sets a "floor"
Optional :: non-essential, but if installed, must meet
version constraint, if any (same as require)
Exclude :: conflicts; may not be installed with this
package (these are evil, avoid them)
Incorporate :: like optional, but sets "ceiling" as well as
"floor" to the given degree of precision
19. Manifests: Dependencies
Packages containing only incorporate
dependencies are called "incorporations"
!
Used to ensure a compatible set
of installed software
!
Used carefully, they can be very handy:
!
omniti/incorporation/perl-516-incorporation
20. Manifests: Dependencies
$ pkg contents -mr perl-516-incorporation
set name=pkg.fmri
value=pkg://perl.omniti.com/omniti/incorporation/perl-516-incorporation@5.16...
set name=pkg.summary value="Constrains omniti/runtime/perl to version 5.16.x"
set name=pkg.descr value="Constrains omniti/runtime/perl to version 5.16.x"
set name=pkg.human-version value=5.16
set name=publisher value=sa@omniti.com
depend fmri=omniti/runtime/perl@5.16 type=incorporate
Version of omniti/runtime/perl must be 5.16.x
Module dist pkgs have their own versions, but
require the incorporation matching the perl they were
built with
21. IPS Concepts
FMRI :: Fault Managed Resource Identifier
Manifest :: describes a specific version of a package
Publisher :: entity that provides one or more packages
Repository :: location for publishing and retrieving pkgs
Image :: location where packages may be installed
Boot Environment :: (BE) bootable instance of an image
22. Publisher
An entity that provides packages
Named for products ("omnios")
or domain style ("ms.omniti.com")
One publisher can have multiple URLs
23. Publisher
$ pkg publisher
PUBLISHER TYPE STATUS URI
omnios origin online http://pkg.omniti.com/omnios/release/
ms.omniti.com origin online http://pkg.omniti.com/omniti-ms/
perl.omniti.com origin online http://pkg.omniti.com/omniti-perl/
Publishers are searched in the listed order
List publishers
25. IPS Concepts
FMRI :: Fault Managed Resource Identifier
Manifest :: describes a specific version of a package
Publisher :: entity that provides one or more packages
Repository :: location for publishing and retrieving pkgs
Image :: location where packages may be installed
Boot Environment :: (BE) bootable instance of an image
26. Repository
Location to which packages are published
Can be used locally (file://)
or remotely (http://) via pkg.depotd(1M)
Created and managed by pkgrepo(1)
27. Repository
# pkgrepo get -s /repo/omniti-ms/
SECTION PROPERTY VALUE
publisher prefix ms.omniti.com
repository version 4
!
# pkgrepo info -s /repo/omniti-ms/
PUBLISHER PACKAGES STATUS UPDATED
ms.omniti.com 602 online 2014-03-23T20:50:49.146202Z
Get repo information
28. Repository
# pkgrepo get -s /repo/omniti-ms/publisher/ms.omniti.com/
SECTION PROPERTY VALUE
feed description ""
feed icon web/_themes/pkg-block-icon.png
feed id ""
feed logo web/_themes/pkg-block-logo.png
feed name package repository feed
feed window 24
publisher alias ""
publisher prefix ""
repository collection_type core
repository description ""
repository detailed_url ""
repository legal_uris ()
repository maintainer ""
repository maintainer_url ""
repository mirrors ()
repository name package repository
repository origins ()
repository refresh_seconds 14400
repository registration_uri ""
repository related_uris ()
repository version 3
Get per-publisher information
32. IPS Concepts
FMRI :: Fault Managed Resource Identifier
Manifest :: describes a specific version of a package
Publisher :: entity that provides one or more packages
Repository :: location for publishing and retrieving pkgs
Image :: location where packages may be installed
Boot Environment :: (BE) bootable instance of an image
33. Image
Location where packages can be installed
May be rooted at arbitrary point in the filesystem tree
Default image rooted at '/'
Has properties that govern policy; see pkg(1)
35. IPS Concepts
FMRI :: Fault Managed Resource Identifier
Manifest :: describes a specific version of a package
Publisher :: entity that provides one or more packages
Repository :: location for publishing and retrieving pkgs
Image :: location where packages may be installed
Boot Environment :: (BE) bootable instance of an image
36. Boot Environment
Bootable instance of an image
Integrated with ZFS
Can be auto-created according to image policy
Can be manually created
Created and managed by beadm(1M)
40. Use Cases: Install
# dry run, verbose
pkg install -nv foo
!
# latest
pkg install foo
!
# latest available 2.x
pkg install foo@2
!
# exact version
pkg install foo@2.1.2
When "foo"
is not installed
41. Use Cases: Update
# dry run, verbose
pkg update -nv foo
!
# latest available
pkg update foo
!
# stay within 2.x line
pkg update foo@2
!
# downgrade
pkg update foo@1.9
Assuming
"foo 2.1"
is installed
42. Use Cases: List/Info
# all installed packages
pkg list
!
# list installed packages matching "foo"
pkg list foo
!
# list all known versions of foo, installed or not
pkg list -fav foo
!
# detailed information
pkg info foo
!
# same, but remote
pkg info -r foo
43. Use Cases: Inventory
# file/directory paths only
pkg contents foo
!
# raw manifest
pkg contents -m foo
!
# same, but remote
pkg contents -mr foo
!
# list deps
pkg contents -t depend -o fmri
44. Use Cases: Search
Powerful due to package metadata
Local or remote
Expressive grammar
Results sometimes non-obvious
45. Use Cases: Search
pkg_name : action_type : key : token
pkg_name :: the value of pkg.fmri
action_type :: file, dir, link, depend, set, etc.
key :: attribute name within the selected action
token :: attribute value, i.e., "what you're searching for"
46. Use Cases: Search
pkg_name : action_type : key : token
Blank fields implicitly wild-carded
Simple globbing permitted for pkg_name, token
Leading colons optional
`pkg search tmux` is effectively: `pkg search ':::tmux'`
To have success, understand what you're looking for
47. Use Cases: Search
# 'tmux' as any value
pkg search tmux
INDEX ACTION VALUE PACKAGE
basename file usr/bin/tmux pkg:/terminal/tmux@1.6-0.151004
basename file usr/bin/tmux pkg:/terminal/tmux@1.6-0.151002
basename file usr/bin/tmux pkg:/terminal/tmux@1.7-0.151006
pkg.fmri set omnios/terminal/tmux pkg:/terminal/tmux@1.6-0.151004
pkg.fmri set omnios/terminal/tmux pkg:/terminal/tmux@1.6-0.151002
pkg.fmri set omnios/terminal/tmux pkg:/terminal/tmux@1.7-0.151006
48. Use Cases: Search
# same as before, but show only pkg name
pkg search -p tmux
PACKAGE PUBLISHER
pkg:/terminal/tmux@1.6-0.151002 omnios
pkg:/terminal/tmux@1.6-0.151004 omnios
pkg:/terminal/tmux@1.7-0.151006 omnios
49. Use Cases: Search
$ pkg search 'dir::pgsql*'
INDEX ACTION VALUE PACKAGE
...
basename dir opt/pgsql925 pkg:/omniti/database/postgresql-925/ltree@9.2.5-0.151006
...
results from this manifest entry:
dir group=bin mode=0755 owner=root path=opt/pgsql925
This answer:
51. Use Cases: Search
$ pkg search -H -o pkg.name 'depend::web/curl'
developer/versioning/git
developer/versioning/mercurial
entire
incorporation/jeos/omnios-userland
Reverse dependencies
$ pkg search -o pkg.fmri,fmri '*-0.151006:depend:incorporate:web/curl'
PKG.FMRI FMRI
pkg:/incorporation/jeos/omnios-userland@11,5.11-0.151006:20130506T214442Z web/curl@7,5.11-0.151006
pkg:/incorporation/jeos/omnios-userland@11,5.11-0.151006:20130716T202721Z web/curl@7,5.11-0.151006
pkg:/incorporation/jeos/omnios-userland@11,5.11-0.151006:20131030T205312Z web/curl@7,5.11-0.151006
What r151006 packages incorporate on curl,
and at what version?
52. Use Cases: Audit
# check installed state of all pkgs
pkg verify
!
# check state of a single package
pkg verify <pkg>
!
# repair installed state of a package
pkg fix <pkg>
53. Use Cases: Audit
# pkg verify -v curl
PACKAGE STATUS
pkg://omnios/web/curl OK
!
# rm /usr/share/man/man3/libcurl.3
!
# pkg verify -v curl
PACKAGE STATUS
pkg://omnios/web/curl ERROR
file: usr/share/man/man3/libcurl.3
Missing: regular file does not exist
54. Use Cases: Audit
# pkg fix curl
Verifying: pkg://omnios/web/curl ERROR
file: usr/share/man/man3/libcurl.3
Missing: regular file does not exist
Created ZFS snapshot: 2013-10-16-02:07:42
Repairing: pkg://omnios/web/curl
!
DOWNLOAD PKGS FILES XFER (MB)
Completed 1/1 1/1 0.0/0.0
!
PHASE ACTIONS
Update Phase 1/1
!
PHASE ITEMS
Image State Update Phase 2/2
55. Creating IPS Packages
Build software however you wish
Place build product in a proto area
Create manifest
Publish to a repo
IPS does not impose a build framework (think
rpmbuild, debuild)
56. Creating IPS Packages
1. `pkgsend generate /path/to/proto > /tmp/manifest.p5m`
2. Add FMRI, any other 'set' actions to manifest.p5m
3. `pkgsend publish -s <repo_url> -d /path/to/proto
/tmp/manifest.p5m`
pkgsend(1) creates manifests and publishes packages
57. Creating IPS Packages
Adding the 'set' stuff is tedious
May want to make other changes/additions to manifest
This needs to be automated!
Use pkgmogrify(1)
58. Creating IPS Packages
pkgmogrify(1)
Programmatic transformations of manifest contents
Macro replacements
Include other manifests or manifest fragments
Transformation of actions
By convention, we store these directives in a .mog file
beside our build scripts
60. Creating IPS Packages
<transform dir path=opt/riak/data.* -> set owner riak>
!
<transform dir path=opt/riak/data.* -> set group riak>
!
<transform file path=opt/riak/etc/.*.args -> set mode 0644>
!
<transform file path=opt/apache22/libexec/amd64/libphp5.so ->
edit path libphp5.so libphp5.53.so>
!
<transform file path=opt/elasticsearch/config/elasticsearch.yml ->
set preserve true>
!
<transform file path=opt/omni/lib/ruby/gems/1.9/cache.* -> drop>
!
<transform file path=(var|lib)/svc/manifest/.*.xml ->
add restart_fmri svc:/system/manifest-import:default>
pkgmogrify: Transform actions
61. Creating IPS Packages
Tangent: renaming
pkg:/network/iftop
pkg:/omniti/network/iftop
Forgot to follow naming convention
Also useful if upstream name changes
Users may have installed it, can't just abandon it
62. Tangent: renaming
Solution: publish a "rename package"
Transitional package that allows update to new name
Creating IPS Packages
set name=pkg.fmri
value=pkg://ms.omniti.com/network/iftop@1.0.2,5.11-0.151006:20130816T191418Z
set name=pkg.renamed value=true
set name=variant.opensolaris.zone value=global value=nonglobal
depend fmri=pkg://ms.omniti.com/omniti/network/iftop type=require
63. Creating IPS Packages
# pkgrepo create /data/myrepo
# pkgrepo set -s /data/myrepo publisher/prefix=myrepo.example.com
Create a repo with pkgrepo(1)
May now use file:///data/myrepo to publish packages
publisher/prefix sets the default publisher name
64. Creating IPS Packages
$ pkgrecv -s http://pkg.omniti.com/omnios/release/ -d web_curl.p5a -a web/curl
Retrieving packages for publisher omnios ...
Retrieving and evaluating 1 package(s)...
DOWNLOAD PKGS FILES XFER (MB)
Completed 1/1 88/88 1.3/1.3
!
!
ARCHIVE FILES STORE (MB)
web_curl.p5a 158/158 1.5/1.5
!
$ scp web_curl.p5a me@my-other-box:
Create an archive with pkgrecv(1)
# pkg install -g web_curl.p5a web/curl
65. Signing IPS Packages
pkgsign(1) updates the manifest in place on the repo
Adds the 'signature' action
Validates the manifest, which in turn validates its
content
Signed package retains original timestamp
66. Signing IPS Packages
signature <hash of certificate>
algorithm=<signature algorithm>
value=<signature value>
chain="<hashes of certs needed to validate primary certificate>"
version=<pkg version of signature>
Payload & chain :: hashes of certs downloadable from originating repo
Value :: signed hash of manifest's message text
Algorithm :: hash algorithm used, default is rsa-sha256
Version :: pkg(5) version of the signature action
67. Signing IPS Packages
First, publish the unsigned package(s); then:
# pkgsign
-c /path/to/signing.crt
-k /path/to/signing.key
-s <repo_url>
<fmri_list>
Multiple signatures (even from different entities) will not
interfere with each other
Allows different entities to indicate acceptance during
publication process (e.g., dev/QA/release)
68. Questions?
Further reading
Man pages: pkg(5), pkg(1), pkgsend(1), pkgrecv(1),
pkgmogrify(1), pkgrepo(1)
http://omnios.omniti.com/wiki.php/
GeneralAdministration#PackageManagement
http://omnios.omniti.com/media/ipsdevguide.pdf
http://web.archive.org/web/20100105071515/http://
blogs.sun.com/sch/entry/pkg_1_a_no_scripting