Using ansible vault to protect your secretsExcella
This document discusses how Ansible Vault can be used to encrypt sensitive data like passwords and private keys to protect secrets when committing infrastructure as code to source control on GitHub. It recommends encrypting only sensitive information, not all files, and splitting encrypted variable files into directories. It also provides tips for using a password script and Jenkins to automate running plays with encrypted data without exposing passwords in plain text. The document aims to help balance the security of encrypting secrets with the usability of infrastructure as code workflows.
Make your Ansible playbooks maintainable, flexible, and scalableJeff Geerling
The document discusses how to make Ansible playbooks flexible, maintainable, and scalable. It recommends staying organized by keeping playbooks in source control and including documentation. It also stresses the importance of testing playbooks early and often using tools like YAML linting, Ansible syntax checks, Ansible lint, and test environments. Finally, it suggests simplifying playbooks by using flat variables instead of nested dictionaries, optimizing tasks to disable facts gathering when unnecessary, and using templates instead of lineinfile modules.
Quick overview of automating HTTPS with Ansible - using self-signed certs, 'BYOC', or Let's Encrypt. Given at the Ansible St. Louis meetup on Feb 12, 2018.
Introduction to Ansible - Jan 28 - Austin MeetUptylerturk
This presentation is a fairly brief introduction to ansible including some minor details around WP Engine's implementation, variable precedence, a sample playbook, and some of the core concepts around what makes ansible tick.
- The document provides best practices for using Ansible including organizing content with roles and hierarchies, making playbooks readable with tasks, comments and whitespace, tagging tasks for organization, avoiding duplication, ensuring idempotency, templating with Jinja2, and testing playbooks. It emphasizes documenting processes, non-idempotent tasks can cause issues, and validating changes with testing.
How to use Ansible to automate your applications in AWS. What is Ansible and why is it different? How to control cloud deployments securely and how to control AWS resources using dynamic inventory and tags.
Building a bakery of Windows servers with Packer - London WinOpsRicard Clau
Nobody likes patching servers. Specially not Windows servers. And the problem becomes even worse with hybrid infrastructures where you have servers running both in AWS and in a datacenter.
Packer is a tool for creating machine and container images for multiple platforms from a single source configuration.
In this session we will talk about how we are trying to sort this problem at Wonga, using Packer to create a bakery of Windows servers which allows us to build up-to-date AMIs and VMWare templates from the same set of provisioning scripts.
Using ansible vault to protect your secretsExcella
This document discusses how Ansible Vault can be used to encrypt sensitive data like passwords and private keys to protect secrets when committing infrastructure as code to source control on GitHub. It recommends encrypting only sensitive information, not all files, and splitting encrypted variable files into directories. It also provides tips for using a password script and Jenkins to automate running plays with encrypted data without exposing passwords in plain text. The document aims to help balance the security of encrypting secrets with the usability of infrastructure as code workflows.
Make your Ansible playbooks maintainable, flexible, and scalableJeff Geerling
The document discusses how to make Ansible playbooks flexible, maintainable, and scalable. It recommends staying organized by keeping playbooks in source control and including documentation. It also stresses the importance of testing playbooks early and often using tools like YAML linting, Ansible syntax checks, Ansible lint, and test environments. Finally, it suggests simplifying playbooks by using flat variables instead of nested dictionaries, optimizing tasks to disable facts gathering when unnecessary, and using templates instead of lineinfile modules.
Quick overview of automating HTTPS with Ansible - using self-signed certs, 'BYOC', or Let's Encrypt. Given at the Ansible St. Louis meetup on Feb 12, 2018.
Introduction to Ansible - Jan 28 - Austin MeetUptylerturk
This presentation is a fairly brief introduction to ansible including some minor details around WP Engine's implementation, variable precedence, a sample playbook, and some of the core concepts around what makes ansible tick.
- The document provides best practices for using Ansible including organizing content with roles and hierarchies, making playbooks readable with tasks, comments and whitespace, tagging tasks for organization, avoiding duplication, ensuring idempotency, templating with Jinja2, and testing playbooks. It emphasizes documenting processes, non-idempotent tasks can cause issues, and validating changes with testing.
How to use Ansible to automate your applications in AWS. What is Ansible and why is it different? How to control cloud deployments securely and how to control AWS resources using dynamic inventory and tags.
Building a bakery of Windows servers with Packer - London WinOpsRicard Clau
Nobody likes patching servers. Specially not Windows servers. And the problem becomes even worse with hybrid infrastructures where you have servers running both in AWS and in a datacenter.
Packer is a tool for creating machine and container images for multiple platforms from a single source configuration.
In this session we will talk about how we are trying to sort this problem at Wonga, using Packer to create a bakery of Windows servers which allows us to build up-to-date AMIs and VMWare templates from the same set of provisioning scripts.
- Ansible is an automation tool that allows users to automate tasks like configuration management, application deployment, and other IT needs across multiple servers.
- It uses SSH to connect to remote servers and run commands without requiring any agents to be installed on the servers. Users only need to install Ansible on one central system.
- Ansible uses simple YAML files called playbooks to define configurations and orchestrate deployments across servers. Playbooks allow rolling updates, delegating tasks, and interacting with other systems.
From HashiCorp Korea User Group Meetup
발표자: 김민규(데브시스터즈, 인프라 관리, https://github.com/synthdnb)
발표자: 김도윤(데브시스터즈, 플랫폼 API 서버 개발, https://github.com/solmonk)
발표내용: 팀의 규모가 커지면서 Secret 관리 문제가 조금씩 부각되었습니다. 예를 들면 코드에 커밋되거나, 구전으로 전해지는 Secret들, SSH Key Rotation 등의 문제를 처리하기 위해 많은 노력과 삽질이 필요했습니다. 저희 팀에서 Vault를 통해 이런 문제들을 어떻게 해결했는지 소개하려 합니다.
Ricardo Schmidt gave a presentation on Ansible, an open source tool for configuration management, application deployment, provisioning, and orchestration. He explained that Ansible is fast, clear, complete, and secure. It uses SSH to connect to nodes agentlessly without requiring additional firewall rules or open ports. Key components include the inventory to define hosts and groups, modules to run tasks on nodes, and playbooks to orchestrate tasks across multiple hosts. The presentation demonstrated Ansible's capabilities through examples and a demo of its core features.
Big Data! Great! Now What? #SymfonyCon 2014Ricard Clau
Big Data is one of the new buzzwords in the industry. Everyone is using NoSQL databases. MySQL is not cool anymore. But... do we really have big data? Where should we store it? Are the traditional RDBMS databases dead? Is NoSQL the solution to our problems? And most importantly, how can PHP and Symfony2 help with it?
This document discusses how Ansible can be used to configure infrastructure and deploy applications faster and more reliably. It provides an overview of key Ansible concepts like playbooks, tasks, roles, and dynamic inventories. It also summarizes how to install Ansible, write a sample Apache playbook, use roles for reusability, and find community roles on Ansible Galaxy. Advanced topics covered include testing infrastructure code, the Drupal VM project, and how to write custom Ansible modules.
Introduction of using Hashicorp Vault with your NodeJS Application. How to store your secrets when using a cloud application in nodejs. Meetup in Austin Texas May 2019 (https://www.meetup.com/austinnodejs/events/srwjzqyzhbtb/)
Icinga 2 provides many new features compared to Icinga 1 including Icinga Web 2, modules that can be enabled or disabled, new programming language features like constants and operators, improved time granularity, templates to reduce typing, flexible commands, and powerful apply and tag features to selectively configure hosts and services. It also supports new notification methods, distributed monitoring zones, and the monitoring-plugins package.
Cloud patterns forwardjs April Ottawa 2019Taswar Bhatti
The document discusses various software design patterns including the external configuration pattern, cache aside pattern, federated identity pattern, valet key pattern, gatekeeper pattern, circuit breaker pattern, retry pattern, and strangler pattern. It provides descriptions of each pattern, examples of problems they aim to address, and considerations for applying the patterns. Taswar Bhatti presents on these patterns and takes questions.
(A talk given at Wix R&D in Dnipro, Ukraine on March 2017. Video available at https://www.youtube.com/watch?v=eIX33mQdkAI&feature=youtu.be)
While microservices are conceptually simple, it's a deep rabbit hole to go down. Deceptively simple questions can have far-reaching implications: Which communication protocol should I choose? Is event-driven the way to go? What monitoring tools should I put in place?
In this talk we'll cover some of the fundamental questions, outline the solutions adopted or developed by Wix, and share our hindsight on what worked well for us, what didn't and thoughts on future directions for our stack.
Ansible Introduction - Ansible Brno #1 - David Karbanansiblebrno
Ansible is an agentless configuration management and provisioning tool that is easy to use and secure. It uses an inventory file to define hosts and groups, and facts to gather information about hosts. Playbooks are written in YAML format to define tasks like provisioning, deploying applications, and configuration using modules. Playbooks can include roles and tasks. Ansible has over 250 modules for various tasks like packaging, source control, cloud services, and operating system functions. Additional tools include Vault for encrypting variables and Galaxy for sharing roles.
This document provides a 3 sentence summary of an Elasticsearch meetup in Mexico City in April 2016. It introduces Elasticsearch as a open-source search and analytics engine, discusses its features including real-time data, being massively distributed and schema-free, and provides examples of creating an index, mapping types, indexing documents, and searching in Elasticsearch using HTTP requests.
The document is a presentation about scaling applications with Symfony. It discusses concepts related to scalability like load balancing and sharding. It provides advice on profiling code to diagnose bottlenecks and optimizing aspects like caching, databases, and front-end performance. Specific technologies discussed include APC, Zend Opcache, Memcached, Redis, MySQL, and NoSQL databases. Real-world examples of large applications built with Symfony like a social game with millions of daily users are also presented.
This document discusses setting up Drupal 8, Elasticsearch, and Docker. It provides instructions for pulling relevant Docker images, running Elasticsearch and Drupal containers, and configuring them to integrate. Elasticsearch is configured as the search backend in Drupal. Views is used to create a search page that indexes Elasticsearch. The demo shows Drupal and Elasticsearch running in Docker and communicating to enable search capabilities in Drupal.
These are the slides of a talk I presented at WordCamp Nijmegen 2018, on august 31st. In this talk I show a couple of techniques that can be used to scale a WordPress site with a severely limited budget.
Monitoring Open Source Databases with IcingaIcinga
This document summarizes a presentation on monitoring open source databases with Icinga. The presentation introduces Icinga as a scalable and extensible monitoring system. It discusses Icinga 2 architecture including zones for availability and scaling. It provides examples of monitoring checks for databases like MySQL, PostgreSQL and MongoDB. Templates and plugins for database monitoring with Icinga are demonstrated. Metrics collection and the Icinga API are also briefly covered.
This document provides an overview of Bower, a package manager for the web. It discusses the requirements to use Bower, how to install and configure it, and how to run Bower to install dependencies. Bower is used to manage front-end components and their dependencies. It requires Node.js and NPM to be installed first. Then Bower can be installed globally and configured via a bower.json file to specify packages and dependencies. Running Bower will install all dependencies to the default or specified directory. The document also briefly explains how Bower can be used with XPages projects to manage front-end libraries.
How to Become a Thought Leader in Your NicheLeslie Samuel
Are bloggers thought leaders? Here are some tips on how you can become one. Provide great value, put awesome content out there on a regular basis, and help others.
Vagrant allows developers to easily create and configure reproducible development environments. It manages virtual machines created with providers like VirtualBox. Ansible is an automation tool that can configure systems and deploy software using agentless automation. Vagrantfiles define Vagrant environments, boxes provide base images, and provisioners like Ansible can automate VM configuration. The presentation demonstrates provisioning a VM with Ansible using a Vagrantfile to create a reproducible test environment.
- Ansible is an automation tool that allows users to automate tasks like configuration management, application deployment, and other IT needs across multiple servers.
- It uses SSH to connect to remote servers and run commands without requiring any agents to be installed on the servers. Users only need to install Ansible on one central system.
- Ansible uses simple YAML files called playbooks to define configurations and orchestrate deployments across servers. Playbooks allow rolling updates, delegating tasks, and interacting with other systems.
From HashiCorp Korea User Group Meetup
발표자: 김민규(데브시스터즈, 인프라 관리, https://github.com/synthdnb)
발표자: 김도윤(데브시스터즈, 플랫폼 API 서버 개발, https://github.com/solmonk)
발표내용: 팀의 규모가 커지면서 Secret 관리 문제가 조금씩 부각되었습니다. 예를 들면 코드에 커밋되거나, 구전으로 전해지는 Secret들, SSH Key Rotation 등의 문제를 처리하기 위해 많은 노력과 삽질이 필요했습니다. 저희 팀에서 Vault를 통해 이런 문제들을 어떻게 해결했는지 소개하려 합니다.
Ricardo Schmidt gave a presentation on Ansible, an open source tool for configuration management, application deployment, provisioning, and orchestration. He explained that Ansible is fast, clear, complete, and secure. It uses SSH to connect to nodes agentlessly without requiring additional firewall rules or open ports. Key components include the inventory to define hosts and groups, modules to run tasks on nodes, and playbooks to orchestrate tasks across multiple hosts. The presentation demonstrated Ansible's capabilities through examples and a demo of its core features.
Big Data! Great! Now What? #SymfonyCon 2014Ricard Clau
Big Data is one of the new buzzwords in the industry. Everyone is using NoSQL databases. MySQL is not cool anymore. But... do we really have big data? Where should we store it? Are the traditional RDBMS databases dead? Is NoSQL the solution to our problems? And most importantly, how can PHP and Symfony2 help with it?
This document discusses how Ansible can be used to configure infrastructure and deploy applications faster and more reliably. It provides an overview of key Ansible concepts like playbooks, tasks, roles, and dynamic inventories. It also summarizes how to install Ansible, write a sample Apache playbook, use roles for reusability, and find community roles on Ansible Galaxy. Advanced topics covered include testing infrastructure code, the Drupal VM project, and how to write custom Ansible modules.
Introduction of using Hashicorp Vault with your NodeJS Application. How to store your secrets when using a cloud application in nodejs. Meetup in Austin Texas May 2019 (https://www.meetup.com/austinnodejs/events/srwjzqyzhbtb/)
Icinga 2 provides many new features compared to Icinga 1 including Icinga Web 2, modules that can be enabled or disabled, new programming language features like constants and operators, improved time granularity, templates to reduce typing, flexible commands, and powerful apply and tag features to selectively configure hosts and services. It also supports new notification methods, distributed monitoring zones, and the monitoring-plugins package.
Cloud patterns forwardjs April Ottawa 2019Taswar Bhatti
The document discusses various software design patterns including the external configuration pattern, cache aside pattern, federated identity pattern, valet key pattern, gatekeeper pattern, circuit breaker pattern, retry pattern, and strangler pattern. It provides descriptions of each pattern, examples of problems they aim to address, and considerations for applying the patterns. Taswar Bhatti presents on these patterns and takes questions.
(A talk given at Wix R&D in Dnipro, Ukraine on March 2017. Video available at https://www.youtube.com/watch?v=eIX33mQdkAI&feature=youtu.be)
While microservices are conceptually simple, it's a deep rabbit hole to go down. Deceptively simple questions can have far-reaching implications: Which communication protocol should I choose? Is event-driven the way to go? What monitoring tools should I put in place?
In this talk we'll cover some of the fundamental questions, outline the solutions adopted or developed by Wix, and share our hindsight on what worked well for us, what didn't and thoughts on future directions for our stack.
Ansible Introduction - Ansible Brno #1 - David Karbanansiblebrno
Ansible is an agentless configuration management and provisioning tool that is easy to use and secure. It uses an inventory file to define hosts and groups, and facts to gather information about hosts. Playbooks are written in YAML format to define tasks like provisioning, deploying applications, and configuration using modules. Playbooks can include roles and tasks. Ansible has over 250 modules for various tasks like packaging, source control, cloud services, and operating system functions. Additional tools include Vault for encrypting variables and Galaxy for sharing roles.
This document provides a 3 sentence summary of an Elasticsearch meetup in Mexico City in April 2016. It introduces Elasticsearch as a open-source search and analytics engine, discusses its features including real-time data, being massively distributed and schema-free, and provides examples of creating an index, mapping types, indexing documents, and searching in Elasticsearch using HTTP requests.
The document is a presentation about scaling applications with Symfony. It discusses concepts related to scalability like load balancing and sharding. It provides advice on profiling code to diagnose bottlenecks and optimizing aspects like caching, databases, and front-end performance. Specific technologies discussed include APC, Zend Opcache, Memcached, Redis, MySQL, and NoSQL databases. Real-world examples of large applications built with Symfony like a social game with millions of daily users are also presented.
This document discusses setting up Drupal 8, Elasticsearch, and Docker. It provides instructions for pulling relevant Docker images, running Elasticsearch and Drupal containers, and configuring them to integrate. Elasticsearch is configured as the search backend in Drupal. Views is used to create a search page that indexes Elasticsearch. The demo shows Drupal and Elasticsearch running in Docker and communicating to enable search capabilities in Drupal.
These are the slides of a talk I presented at WordCamp Nijmegen 2018, on august 31st. In this talk I show a couple of techniques that can be used to scale a WordPress site with a severely limited budget.
Monitoring Open Source Databases with IcingaIcinga
This document summarizes a presentation on monitoring open source databases with Icinga. The presentation introduces Icinga as a scalable and extensible monitoring system. It discusses Icinga 2 architecture including zones for availability and scaling. It provides examples of monitoring checks for databases like MySQL, PostgreSQL and MongoDB. Templates and plugins for database monitoring with Icinga are demonstrated. Metrics collection and the Icinga API are also briefly covered.
This document provides an overview of Bower, a package manager for the web. It discusses the requirements to use Bower, how to install and configure it, and how to run Bower to install dependencies. Bower is used to manage front-end components and their dependencies. It requires Node.js and NPM to be installed first. Then Bower can be installed globally and configured via a bower.json file to specify packages and dependencies. Running Bower will install all dependencies to the default or specified directory. The document also briefly explains how Bower can be used with XPages projects to manage front-end libraries.
How to Become a Thought Leader in Your NicheLeslie Samuel
Are bloggers thought leaders? Here are some tips on how you can become one. Provide great value, put awesome content out there on a regular basis, and help others.
Vagrant allows developers to easily create and configure reproducible development environments. It manages virtual machines created with providers like VirtualBox. Ansible is an automation tool that can configure systems and deploy software using agentless automation. Vagrantfiles define Vagrant environments, boxes provide base images, and provisioners like Ansible can automate VM configuration. The presentation demonstrates provisioning a VM with Ansible using a Vagrantfile to create a reproducible test environment.
Flexible, simple deployments with OpenStack-AnsibleMajor Hayden
I gave this talk at the OpenStack Austin Meetup on June 20, 2016. The talk covers the reasons why OpenStack-Ansible exists and the value that it brings for production OpenStack deployments.
The document discusses Ansible, an open source IT automation tool. It summarizes that Ansible is:
- The most popular open source IT automation tool on GitHub with thousands of contributors and modules.
- Used for configuration management, application deployments, workflow orchestration, and provisioning.
- Simple to use, agentless, powerful, efficient, secure, and helps automate tasks faster than other tools.
- Widely adopted due to its support for many operating systems and cloud providers, small footprint, ability to integrate with other tools, and gentle learning curve.
Ansible is an IT automation tool that allows users to configure, deploy, and manage applications and infrastructure through code. It uses YAML files called playbooks to execute tasks on remote machines via SSH. Playbooks contain modules that represent tasks like installing packages or restarting services. Ansible has no central server and uses an agentless model. Users create an inventory file that lists hosts and groups, and Ansible uses facts to gather details about remote machines. It can be used for ad-hoc commands or configured playbooks and allows for easy management of infrastructure and applications through code.
This document discusses using Ansible for network automation. It begins with an agenda that includes discussing network architectures, network automation, and why Ansible is used. It then introduces the presenter and his background in networking. The remainder of the document discusses how Ansible can be used for tasks like template building, data collection, troubleshooting, provisioning device configurations, and validating network configurations match the desired state. It provides examples of using Ansible to automate tasks like cable verification and troubleshooting OSPF neighbor relationships. The document argues that Ansible is well suited for network automation due to its agentless design and ability to easily extend to new network devices. It concludes with a live demo of using Ansible and Ansible Tower for network automation.
Vagrant, Ansible, and OpenStack on your laptopLorin Hochstein
The document discusses using Ansible and Vagrant together to easily test and deploy OpenStack. Ansible allows writing idempotent infrastructure scripts, while Vagrant allows testing them by booting reproducible virtual machines. The document provides an example of using Ansible plays to install NTP and using Vagrant to define VMs for an OpenStack controller and compute node.
One tool, two fabrics: Ansible and Nexus 9000Joel W. King
Ansible can be used to automate configuration of Cisco Nexus 9000 series switches running either NX-OS or Application Centric Infrastructure (ACI). It allows using YAML files, Jinja templates, and Python modules to provision and manage network infrastructure without relying on CLI commands. The presentation demonstrated using Ansible roles to configure NTP servers and backup settings for an ACI fabric by specifying variables in a CSV file and generating XML configuration files from templates.
Automated Security Hardening with OpenStack-AnsibleMajor Hayden
The OpenStack-Ansible project has a security role that applies over 200 host security hardening configurations in less than two minutes. It's based on the Security Technical Implementation Guide (STIG) from the US federal government and it is heavily customized to work well with an OpenStack environment.
Ansible- Durham Meetup: Using Ansible for Cisco ACI deploymentJoel W. King
Networks are evolving from hundreds or thousands of individual devices to the Software-Defined Network paradigm of a single fabric under a central controller.
The GUI on top of an SDN controller isn't sufficient and we will still need automation. This presentation describes how Ansible can add value to configuration management of a Cisco Application Centric Infrastructure (ACI) infrastructure. It demonstrates how Ansible modules can use the northbound REST API interface of the Application Policy Infrastructure Controller (APIC).
This document discusses automating security compliance and remediation using Red Hat tools. It describes two methods for creating secure hosts at provisioning time using either Satellite 6 with OpenSCAP or CloudForms with Satellite and Ansible Tower. It also discusses automating ongoing security patching and compliance through CloudForms with Satellite and OpenSCAP, CloudForms with Ansible Tower, or CloudForms control policies working with Red Hat Insights.
Title: Ansible, best practices.
Ansible has taken a prominent place in the configmanagement world. By now many people involved in DevOps have taken a look at it, or done a first project with it. Now it is time to step back and look at quality and craftmanship. Bas Meijer, Ansible ambassador, will talk about Ansible best practices, and will show tips, tricks and examples based on several projects.
About the speaker
Bas is a systems engineer and software developer and wasted decades on latenight hacking. He is currently helping out 2 enterprises with continuous delivery and devops.
(Stephane Maarek, DataCumulus) Kafka Summit SF 2018
Security in Kafka is a cornerstone of true enterprise production-ready deployment: It enables companies to control access to the cluster and limit risks in data corruption and unwanted operations. Understanding how to use security in Kafka and exploiting its capabilities can be complex, especially as the documentation that is available is aimed at people with substantial existing knowledge on the matter.
This talk will be delivered in a “hero journey” fashion, tracing the experience of an engineer with basic understanding of Kafka who is tasked with securing a Kafka cluster. Along the way, I will illustrate the benefits and implications of various mechanisms and provide some real-world tips on how users can simplify security management.
Attendees of this talk will learn about aspects of security in Kafka, including:
-Encryption: What is SSL, what problems it solves and how Kafka leverages it. We’ll discuss encryption in flight vs. encryption at rest.
-Authentication: Without authentication, anyone would be able to write to any topic in a Kafka cluster, do anything and remain anonymous. We’ll explore the available authentication mechanisms and their suitability for different types of deployment, including mutual SSL authentication, SASL/GSSAPI, SASL/SCRAM and SASL/PLAIN.
-Authorization: How ACLs work in Kafka, ZooKeeper security (risks and mitigations) and how to manage ACLs at scale
This document discusses Kafka security and provides tips for implementing it. It covers the three main aspects of Kafka security: encryption, authentication, and authorization. For encryption, it explains how to set up SSL and discusses options for end-to-end encryption. Authentication details how to use SSL client authentication or SASL mechanisms like Kerberos or PLAIN. Authorization explains managing access control lists (ACLs) stored in Zookeeper to control access. The document concludes by emphasizing the challenges of securing Kafka clients and provides advice like creating standardized client wrappers and Docker images.
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultTom Kerkhove
It is not a secret that it is hard to manage sensitive information. Azure Key Vault allows you to securely store this kind of information ranging from secrets & certificates to cryptographic keys.
Great! But how do you use it? How do I authenticate with it and how do I build robust applications with it?
Come join me and I'll walk you through the challenges and give you some recommendations.
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...Tom Kerkhove
It is not a secret that it is hard to manage sensitive information. Azure Key Vault allows you to securely store this kind of information ranging from secrets & certificates to cryptographic keys.
Great! But how do you use it? How do I authenticate with it and how do I build robust applications with it?
Come join me and I'll walk you through the challenges and give you some recommendations.
Ansible 101 - Presentation at Ansible STL MeetupJeff Geerling
Jeff Geerling, author of Ansible for DevOps, demonstrates basic Ansible usage on the Dramble, a cluster of six Raspberry Pi 2 computers.
This presentation was delivered on July 8, 2015, at the Ansible St. Louis meetup, at Riot Games in Clayton, MO.
Ansible is an open source tool that uses SSH to automate and simplify configuration management across servers. It is agentless, uses Python for its language, and has a pull-based model. Ansible uses YAML files called playbooks to define automation jobs and roles. Playbooks contain tasks that are executed sequentially on managed nodes. Ansible supports variables, facts, conditionals, loops and templates to customize automation. It has features like idempotency, vault for secrets, and roles for reusability. Galaxy is a library of community roles.
Credentials are not passed around when source code is shared.
Unintentional exposure of source code does not reveal credentials.
Read-access to source code can be much more permissive.
Source code can be checked into version control systems without concern for exposure of credentials.
It is easier to change credentials without having to worry about changing all instances.
Leaving credentials in source code leads to poor password management in general. If changing a credential requires you to change code, you are less likely to want to do it.
Ansible for Configuration Management for Lohika DevOps training 2018 @ Lohika...Ihor Banadiga
This document provides an overview and summary of using Ansible for configuration management. It discusses inventory files, playbooks, programming concepts in Ansible like variables and templates, and advanced topics like roles, YAML, and security. The document concludes by demonstrating how to use Ansible to automate setting up development environments and deploying a Java-based application.
Nikto is a popular webserver assessment tool that scans for over 6700 potentially dangerous files and programs, checks for outdated server versions of over 1250 servers, and identifies version-specific problems on 270+ servers. It identifies vulnerabilities very quickly but is not stealthy, making the scans obvious in server logs. Nikto allows tuning scans to specific categories like file uploads, information disclosure, or SQL injection, and has features like SSL support, HTTP proxy support, customizable reports, and host authentication.
Puppet Camp Denver 2015: Nagios Management With PuppetPuppet
This document discusses managing Nagios monitoring with Puppet. It explains why Puppet is useful for Nagios configuration, highlighting key Puppet features like exported resources, Hiera, templates and Facter. It provides examples of using these features with Nagios and discusses integrating different configuration sources. Overall, the document shows how Puppet can be used to automate and simplify Nagios monitoring in a consistent, reusable way.
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
Presented to the Philly DevOps Meetup November 29, 2016.
Managing secrets is hard. It’s even harder in the cloud. At Jornaya (formerly LeadiD), we chose Hashicorp Vault to manage our secrets in AWS, and I’d like to share our experience with everyone.
The document discusses OpenSSL commands for encryption and decryption. It covers symmetric encryption techniques like AES-256 and asymmetric encryption with RSA key pairs. It provides examples of encrypting and decrypting a file using OpenSSL commands like openssl enc and openssl dec. It also discusses hashing algorithms like MD5 and SHA1 for generating hashes of files.
The document describes a "candy shell" security assessment performed by CandyShell Security on an example infrastructure. It identifies numerous common security problems found in the target infrastructure such as privileged accounts, weak passwords, lack of logging and monitoring. It then details how an attacker could potentially compromise various systems by exploiting these issues and gain escalating levels of access. Finally, it discusses some high-level solutions that could help strengthen security.
Everyone heard about Kubernetes. Everyone wants to use this tool. However, sometimes we forget about security, which is essential throughout the container lifecycle.
Therefore, our journey with Kubernetes security should begin in the build stage when writing the code becomes the container image.
Kubernetes provides innate security advantages, and together with solid container protection, it will be invincible.
During the sessions, we will review all those features and highlight which are mandatory to use. We will discuss the main vulnerabilities which may cause compromising your system.
Contacts:
LinkedIn - https://www.linkedin.com/in/vshynkar/
GitHub - https://github.com/sqerison
-------------------------------------------------------------------------------------
Materials from the video:
The policies and docker files examples:
https://gist.github.com/sqerison/43365e30ee62298d9757deeab7643a90
The repo with the helm chart used in a demo:
https://github.com/sqerison/argo-rollouts-demo
Tools that showed in the last section:
https://github.com/armosec/kubescape
https://github.com/aquasecurity/kube-bench
https://github.com/controlplaneio/kubectl-kubesec
https://github.com/Shopify/kubeaudit#installation
https://github.com/eldadru/ksniff
Further learning.
A book released by CISA (Cybersecurity and Infrastructure Security Agency):
https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
O`REILLY Kubernetes Security:
https://kubernetes-security.info/
O`REILLY Container Security:
https://info.aquasec.com/container-security-book
Thanks for watching!
Webinar: Automate IBM Connections Installations and morepanagenda
IBM Connections pink is based on Conductor for Containers, which provides a collection of tools to work with Docker containers and Kubernetes. To manage containers in large environments, lots of DevOps are using Ansible (an agentless software to automate administration tasks).
So why not use these tools to prepare your Connections operating system, like creating users, adding security settings or install all necessary packages to deploy DB2, Installation Manager, and WebSphere Application Server? Or use one of the available roles or tasks to automate even the installation of WebSphere, create cell and profiles …
In this session, you get the basics of Ansible and some hands-on to start the learning journey into ‘cloud’ based software management.
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)Codit
Since companies are moving their data to the cloud, security has become a hot topic. How do we securely store sensitive data? Where do we store our encryption keys? These are just 2 of the many questions that are concerning the modern companies. In this presentation, Tom Kerkhove will introduce you to the concepts of Microsoft Azure Key Vault.
Similar to Managing sensitive data with Ansible vault (20)
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
5. What we offer
• Linux & AIX consulting with DevOps experience
• Infrastructure Automation
• official Ansible Partner
• consulting & training for Ansible, Python & git
7. What is Ansible vault
Vault is a feature of ansible that allows keeping
sensitive data such as passwords or keys in
encrypted files, rather than as plaintext in your
playbooks or roles.
8. Tech Specs
• Binary included in the Ansible core package
• AES-256 algorithm encrypted
• Decrypted on runtime
• Limitation: one Vault password per Ansible playbook
10. How to use it
1. Create ansible-vault variable file
2. Use it in your Ansible Project
3. Run ansible / ansible-playbook with
• --ask-vault-pass Option
• or define a password file
• define in ansible.cfg vault_password_file path
• --vault-password-file Option
• as variable ANSIBLE_VAULT_PASSWORD_FILE
11. What can be encrypted
• encrypt YAML files
‣ e.g. group_vars
‣ e.g. host_vars
• since Ansible v2.3 single encrypted variables
• use the !vault tag
12. What should be encrypted
• sensitive data for automated deployments
‣ SSL private keys
‣ SSH private keys
‣ secrets / credentials
14. Define your variables
• layer of indirection
• prefix your variables vault_<variablename>
• save variables into vault files or directories
implicit
group_vars/dev/vault.yml
group_vars/prod/vault.yml
explicit
vault_vars/dev.yml
vault_vars/prod.yml
vs
15. Best Practices
• set ”no_log: true” per task
• use different passwords per environments
• only encrypt sensitive data
• use a strong encryption password
• always use a private git repo / restrict access
16. Are we safe now?
• technically could be still compromised
• what pushed to git, stays on git
• secure your password file
• owner & file permissions
• outside the git repo / .gitignore
21. confirm IT solutions
Rathausstrasse 14
6340 Baar
The End
Thank you for listening
pstauffer8 confirm.ch
blog.confirm.chpstauffer
https://www.xing.com/profile/Pascal_Stauffer
https://www.linkedin.com/in/pascal-stauffer-5030775b