"Fleecing" is a core part of ManageIQ - it allows users to pre-populate dashboards with information about hypervisors, its guests, and applications running on those guests. It allows ManageIQ to do auto-discovery of running services so that admins can spend more time doing what they need to do.
For more on ManageIQ, see http://manageiq.org/
OSMC 2014: MQTT for monitoring (and for the lo t) | Jan-Piet MensNETWAYS
MQTT is a PUB/SUB protocol for the Internet of Things, but it's also valuable for systems administration. We'll take a close look at MQTT and its infrastructure, and we'll show you how to use a microcontroller to monitor your server-room's temperature with it, publishing and monitoring it via MQTT and Icinga/Nagios
OSDC 2015: Jan-Piet Mens | MQTT for your data center (and for the IoT)NETWAYS
MQTT is a PUB/SUB protocol for the Internet of Things, but it's also valuable for systems administration and for your data center. We'll take a close look at MQTT and its infrastructure, and we'll show you how to use a microcontroller to monitor your server-room's temperature with it, publishing and monitoring it via MQTT and Icinga/Nagios. Furthermore, we'll also show you some real-world integrations of MQTT and Unix/Linux system utilities.
OSMC 2014: MQTT for monitoring (and for the lo t) | Jan-Piet MensNETWAYS
MQTT is a PUB/SUB protocol for the Internet of Things, but it's also valuable for systems administration. We'll take a close look at MQTT and its infrastructure, and we'll show you how to use a microcontroller to monitor your server-room's temperature with it, publishing and monitoring it via MQTT and Icinga/Nagios
OSDC 2015: Jan-Piet Mens | MQTT for your data center (and for the IoT)NETWAYS
MQTT is a PUB/SUB protocol for the Internet of Things, but it's also valuable for systems administration and for your data center. We'll take a close look at MQTT and its infrastructure, and we'll show you how to use a microcontroller to monitor your server-room's temperature with it, publishing and monitoring it via MQTT and Icinga/Nagios. Furthermore, we'll also show you some real-world integrations of MQTT and Unix/Linux system utilities.
Disaster Recovery Strategies Using oVirt's new Storage Connection Management ...Allon Mureinik
A short overview of oVirt 3.3's Storage Connection Management feature, and several examples how this feature can be used in Disaster Recovery strategies.
A deep dive into the history of containers as well as an introduction to how they work under the covers. This includes a discussion around Control Groups and Process Namespaces, as well as touching on some underlying syscalls, such as Fork and Clone.
In the past one and a half years the MINIX team has been working on a port of MINIX 3 to the ARM platform. We now have a port of MINIX 3 to the popular BeagleBone Black.
In this talk I will look back at MINIX 3 on ARM and explain how it became what it is. I will show a few nice features it has, including some stolen from NetBSD and some related to automatic recovery from otherwise fatal system errors.
Video is available here:
https://archive.fosdem.org/2014/schedule/event/minix_3_on_arm/
The slides gives sn overview on what is currently cooking in local Linux file systems and what has been done in the recent past. With btrfs getting stabilized, xfs gaining more traction, ext4 improvements, new storage capabilities and file system requirements we are in the exciting new era where it might be hard to keep on track with the recent development. This talk should get you a picture on where are we heading to, get you familiar with the new features and capabilities and give you an idea how to use them correctly.
Operation Unthinkable – Software Defined Storage @ Booking.com (Peter Buschman)data://disrupted®
The story of the plan that was just crazy enough to work! Learn how Booking.com failed its way to success on a multi-year journey away from single-purpose storage-appliances, predatory-licensing, and over-complicated networking to create a unique storage solution for their hyper-scale private-cloud environment.
Disaster Recovery Strategies Using oVirt's new Storage Connection Management ...Allon Mureinik
A short overview of oVirt 3.3's Storage Connection Management feature, and several examples how this feature can be used in Disaster Recovery strategies.
A deep dive into the history of containers as well as an introduction to how they work under the covers. This includes a discussion around Control Groups and Process Namespaces, as well as touching on some underlying syscalls, such as Fork and Clone.
In the past one and a half years the MINIX team has been working on a port of MINIX 3 to the ARM platform. We now have a port of MINIX 3 to the popular BeagleBone Black.
In this talk I will look back at MINIX 3 on ARM and explain how it became what it is. I will show a few nice features it has, including some stolen from NetBSD and some related to automatic recovery from otherwise fatal system errors.
Video is available here:
https://archive.fosdem.org/2014/schedule/event/minix_3_on_arm/
The slides gives sn overview on what is currently cooking in local Linux file systems and what has been done in the recent past. With btrfs getting stabilized, xfs gaining more traction, ext4 improvements, new storage capabilities and file system requirements we are in the exciting new era where it might be hard to keep on track with the recent development. This talk should get you a picture on where are we heading to, get you familiar with the new features and capabilities and give you an idea how to use them correctly.
Operation Unthinkable – Software Defined Storage @ Booking.com (Peter Buschman)data://disrupted®
The story of the plan that was just crazy enough to work! Learn how Booking.com failed its way to success on a multi-year journey away from single-purpose storage-appliances, predatory-licensing, and over-complicated networking to create a unique storage solution for their hyper-scale private-cloud environment.
Securing Applications and Pipelines on a Container PlatformAll Things Open
Presented at: Open Source 101 at Home
Presented by: Veer Muchandi, Red Hat Inc
Abstract: While everyone wants to do Containers and Kubernetes, they don’t know what they are getting into from Security perspective. This session intends to take you from “I don’t know what I don’t know” to “I know what I don’t know”. This helps you to make informed choices on Application Security.
Kubernetes as a Container Platform is becoming a de facto for every enterprise. In my interactions with enterprises adopting container platform, I come across common questions:
- How does application security work on this platform? What all do I need to secure?
- How do I implement security in pipelines?
- What about vulnerabilities discovered at a later point in time?
- What are newer technologies like Istio Service Mesh bring to table?
In this session, I will be addressing these commonly asked questions that every enterprise trying to adopt an Enterprise Kubernetes Platform needs to know so that they can make informed decisions.
This presentation looks deep into the concept of containerization. What is containerization, how is it different from VMs, how containerization is achieved using Linux containers (LXC), control groups (cgroups) and copy on write file systems and current trends in containerization/docker are described.
Machines are getting powerful these days and more and more VMs will run on a single machine. This work started off with a simple goal - to run 3,000 domains on a single host and address any scalability issues come across. I will start with Xen internal then state the problems and solutions. Several improvements are made, from hypervisor, Linux kernel to user space components like console backend and xenstore backend. The main improvement for hypervisor and Dom0 Linux kernel is the new event channel infrastructure, which enable Dom0 to handle much more events simultaneously - the original implementation only allows 1024 and 4096 respectively.
The targeting audiences are cloud developers, kernel developers and those who are interested in Xen scalability and internals. They need to have general knowledge of Linux, knowledge of Xen is not required but nice to have.
Bridging the Semantic Gap in Virtualized EnvironmentAndy Lee
In virtualization, it is difficult to interpreting the low level state of a VM into high level semantic state of guest OS.
This will be a obstacle for system administrator to real-time observe, inspect and detect the runtime execution of a VM.
Using hypervisor and container technology to increase datacenter security pos...Black Duck by Synopsys
As presented by Tim Mackey, Senior Technical Evangelist - Black Duck Software, at LinuxCon/ContainerCon 2016:
Cyber threats consistently rank as a high priority for data center operators and their reliability teams. As increasingly sophisticated attacks mount, the risk associated with a zero-day attack is significant. Traditional responses include perimeter monitoring and anti-malware agents. Unfortunately, those techniques introduce performance and management challenges when used at large VM densities, and may not work well with containerized applications.
Fortunately, the Xen Project community has collaborated to create a solution which reduces the potential of success associated with rootkit attack vectors. When combined with recent advancements in processor capabilities, and secure development models for container deployment, it’s possible to both protect against and be proactively alerted to potential zero-day attacks. In this session, we’ll cover models to limit the scope of compromise should an attack be mounted against your infrastructure. Two attack vectors will be illustrated, and we’ll see how it’s possible to be proactively alerted to potential zero-day actions without requiring significant reconfiguration of your datacenter environment.
Technology elements explored include those from Black Duck, Bitdefender, Citrix, Intel and Guardicore.
Using hypervisor and container technology to increase datacenter security pos...Tim Mackey
As presented at LinuxCon/ContainerCon 2016:
Cyber threats consistently rank as a high priority for data center operators and their reliability teams. As increasingly sophisticated attacks mount, the risk associated with a zero-day attack is significant. Traditional responses include perimeter monitoring and anti-malware agents. Unfortunately, those techniques introduce performance and management challenges when used at large VM densities, and may not work well with containerized applications.
Fortunately, the Xen Project community has collaborated to create a solution which reduces the potential of success associated with rootkit attack vectors. When combined with recent advancements in processor capabilities, and secure development models for container deployment, it’s possible to both protect against and be proactively alerted to potential zero-day attacks. In this session, we’ll cover models to limit the scope of compromise should an attack be mounted against your infrastructure. Two attack vectors will be illustrated, and we’ll see how it’s possible to be proactively alerted to potential zero-day actions without requiring significant reconfiguration of your datacenter environment.
Technology elements explored include those from Black Duck, Bitdefender, Citrix, Intel and Guardicore.
Linux container (LXC) seems to be preferred technology for deployment of Platform as a service (PaaS) in cloud. Partly because it's easy to install on top of existing visualization platforms (KVM, VMware, VirtualBox), partly because it is lightweight solution to provide separation and process allocations between separate containers running under single kernel.
In this talk we will take a look at LXC and try to explain how to combine it with mandatory access control (MAC) mechanisms within Linux kernel to provide secure separation between different users of applications.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
3. TTeerrmmss aanndd DDeeffiinniittiioonnss
Smart state analysis
noun (pl. smart state analyses)
A boring marketing term, referring to the process of extracting
guest information from a virtual machine – usually, without
requiring agentry, or for the VM to be running.
Verb (?smart state analyze? - ?perform Smart state analysis?)
The execution of said process.
ORIGIN early 21st cent.: some marketing guy.
See also: fleece
4. TTeerrmmss aanndd DDeeffiinniittiioonnss
fleece
noun
The woolly covering of a sheep or goat.
Verb
1 the removal of said woolly covering.
2 informal obtain a great deal of money or property from
(someone), typically through nefarious means.
DERIVATIVES
Very concise and simple: fleece, fleecing, fleeced, fleecer
6. aanndd,, ttoo ppaarraapphhrraassee JJuulliiuuss
CCeeaassaarr::
“I came,
I saw,
I fleeced”
Semper infigo lingua mortua est
“Veni,
vidi,
Velleris”
(Things said, are)
always more impressive in a dead language
7. TTeerrmmss aanndd DDeeffiinniittiioonnss
......sseerriioouussllyy
● Appliance
– The ManageIQ appliance. The virtual
machine through which the ManageIQ
application is deployed and executed.
● Provider
– The type, brand, or flavor of virtual
environment. Ex: RHEV, VMware,
OpenStack, etc.
8. HHiissttoorryy
First released in 2007
● Initially supported:
– Windows: NTFS, Fat32
– Linux: LVM2, EXT3
● Extended to support:
– Windows: LDM
– Linux: EXT4, XFS
9. DDeessiiggnn CCoonnssiiddeerraattiioonnss aanndd
RReeqquuiirreemmeennttss
Flexible virtual disk access
● Access provided through extensible mechanism.
● Optimize access method for given providers.
● Supports provider-specific API access
● Eliminates the need for file-level access.
● Enables remote fleecing.
● Affords greater flexibility in appliance placement.
– Proximity to storage need not be a factor.
10. DDeessiiggnn CCoonnssiiddeerraattiioonnss aanndd
RReeqquuiirreemmeennttss
Lightweight
● Each fleece is performed in a single Ruby thread.
● Consumes a minimum of appliance resources.
● Imposes minimum impact on other appliance processes.
● Enables parallel fleecing of multiple VMs on the same
appliance.
● Affords more flexibility in proxy deployment.
11. DDeessiiggnn CCoonnssiiddeerraattiioonnss aanndd
RReeqquuiirreemmeennttss
Minimal Dependancies
● Only requires Ruby and requisite provider libraries.
● Does not encumber appliance configuration with
additional dependancies.
● Enables the creation of self-contained proxy
executables.
● Facilitates the deployment of proxies to foreign
environments.
12. DDeessiiggnn CCoonnssiiddeerraattiioonnss aanndd
RReeqquuiirreemmeennttss
OS and Environment Agnostic
● Written almost entirely in pure Ruby.
● Will run in most environments that support Ruby.
● Can run in Windows and Linux environments.
● Facilitates the development of proxies for
deployment to foreign environments.
15. EExxtteerrnnaall IInntteerrffaacceess
Virtual Disk Format
VM
Metadata
Virtual disk
Images
Provider
Metadata
Access
Virtual Disk
Access
Methods
● VMware: VIM (SOAP)
●RHEV: RHEVM API (REST)
● Amazon: AWS (REST)
●OpenStack: Fog (REST)
16. EExxtteerrnnaall IInntteerrffaacceess
Virtual Disk Format
VM
Metadata
Virtual disk
Images
Provider
Metadata
Access
Virtual Disk
Access
Methods
● Direct file access.
● Access via proxy.
● Raw device access.
● Access via API
(VixDIskLib, AWS/EBS, Glance, etc.)
17. EExxtteerrnnaall IInntteerrffaacceess
Virtual Disk Format
VM
Metadata
Virtual disk
Images
Provider
Metadata
Access
Virtual Disk
Access
Methods
● RAW
●QCOW, QCOW2
●VMware: Sparse, COWD
●Microsoft: Fixed, Dynamic, Diff
● Etc.
Virtual Disk
Format
18. Virtual Disk Format
XML/Sync
MiqFS
EExxtteerrnnaall IInntteerrffaacceess
● Implements a subset of File/Dir functionality.
Disk
● Cannot be used by GEMs that expect File.
Partition
● Clients must be MiqFS specific.
LVM
● Forces re-implementation of existing code.
FS
MIQExtract
Virtual Disk
Access
Methods
OS
19. Virtual Disk Format
XML/Sync
MiqFS
EExxtteerrnnaall IInntteerrffaacceess
● Berkeley DB through: MiqBerkeleyDB
Disk
● Rpm Packages through: MiqRpmPackages
Partition
● Sqlite3 through: MiqSqlite3DB
LVM
● Conary Packages through: MiqConaryPackages
FS
MIQExtract
Virtual Disk
Access
Methods
OS
20. IInntteerrffaaccee LLaayyeerrss
ManageIQ & Provider
Specific ManageIQ Fleece Request
Provider
Metadata
Access
MIQExtract
VM
Metadata
Vdisk Contents
Virtual Disk
Access
Methods
MiqFS Data Drilling
Sync VMDB
Provider
Specific
Common
ManageIQ
Specific
21. CCllaasssseess bbyy LLaayyeerr
ManageIQ & Provider
Specific
Provider
Specific
Common
ManageIQ
Specific
ExtManagementSystem
Subclasses
VmOrTemplate
Subclasses
MiqVm
Subclasses
MiqVm VirtFS
MIQExtract
Provider
Libraries
22. MMiiqqFFSS →→ VViirrttFFSS
● General Pseudo FS support
● Integrates through File & Dir
● Provides mount and chroot
semantics
● No need for specialized clients –
will work with existing GEMs and
scripts
23. VViirrttFFSS –– AAddddiittiioonnaall BBeenneeffiittss
● Compliance scripts can access
VM image directly.
● No need to retrieve files and save
in DB.
● Native scripts should work in
ManageIQ context.
24. VViirrttFFSS:: BBeeyyoonndd FFlleeeecciinngg
● Database/Datastore backed FS
● Amazon S3 and Swift pseudo FS
● Sparse – overlay FS
● Cassette based FS – for testing
● Ruby files loaded from pseudo FS
● Self contained Ruby executables
25. GGEEMM RReellaattiioonnsshhiippss
MiqVm*
Types
MiqVm*
VirtFs
Provider
Libraries
Filesystem
Types
uses
uses
plugs into
based on
Ruby Scripts
export/mount
* renamed appropriately
**Smart state analysis
-Official term
-Long and cumbersome term
-Actual selection in menu
-Clumsy to use in docs and email
-What does this cumbersome term mean?
**noun (pl. smart state...
-Use as verb even more clumsy
**Verb (?smart state...
-If so hard to use, how did it originate?
**ORIGIN early 21st...
-Best we can tell...
**See also: fleece
**fleece
-Original internal/development term.
-Fell out of favor due to bad connotations.
-Let's see if we can determine why.
**noun...
-Nothing too bad there...
-What about as a verb...
**Verb 1...
-Nothing too bad there either.
-What else...
**Verb 2...
-Ah, that mist be it.
-Any def with “nefarious” can't be good from a marketing perspecitve.
**DERIVATIVES...
-But its usage is so concise and simple, it would be great if we could use this term again, even if only informally.
- the term “fleece” didn't always have this bad connotation.
- In fact, here's a quote from...
** Quote here...
-See, fleecing is good, skinning is bad
-Now that we're an opensource project, I'm happy to see that the term “fleece” seems to be back in favor.
-For those of you who have watched the ManageIQ podcasts, you've seen fleece used on the intro and exit screens.
**Quote 1 (English)
-Actually, the podcast uses “we” instead of “I”, but I've changed to so it would translate more cleanly into Latin.
**Quote 2 (Latin)
-Of course I only translated this into Latin because...
**Quote 3 (English)
-Or, more impressively...
**Quote 4 (Latin)