This presentation is from the October 10, 2017, Red Hat Users Group meeting. Please check us out on meetup.com.
https://www.meetup.com/NorthernNJRHUG
Tools like Docker and Ansible enable new capabilities and speed, and this session will help you and your organization to put it all in context and be more successful and collaborative than ever before.
This session will provide both practical advice to improve your organization's provisioning process, as well as discuss best practices to achieve the much sought-after "push button infrastructure" across multi-cloud environments.
Provisioning means more than simply deploying VMs (or cloud instances) and participants will leave this session with a fresh understanding of the various aspects that go into providing a reliable, flexible and portable platform to their businesses' workloads.
Our Speaker: Andre Pitanga, Red Hat Solutions Architect
Andre is at heart just a chill and optimistic guy. He's delivered agile infrastructure projects with some of the world's biggest banks, financial analytics and media companies, but he swears he didn't break anything. When not reviewing or writing Ansible playbooks, he can be found working shoulder-to-shoulder with his awesome clients to build better platforms the open source way.
- What is NOVA ?
- NOVA architecture
- How instance are spawned in Openstack ?
- Interaction of nova with other openstack projects like neutron, glance and cinder.
nix-processmgmt: An experimental Nix-based process manager-agnostic frameworkSander van der Burg
NixCon 2020 talk about an experimental framework that integrates the Nix package manager with all kinds of process managers, such as : sysvinit, systemd, launchd, and even Docker
PT-4057, Automated CUDA-to-OpenCL™ Translation with CU2CL: What's Next?, by W...AMD Developer Central
Presentation PT-4057, Automated CUDA-to-OpenCL™ Translation with CU2CL: What's Next?, by Wu Feng and Mark Gardner at the AMD Developer Summit (APU13) November 11-13, 2013.
- What is NOVA ?
- NOVA architecture
- How instance are spawned in Openstack ?
- Interaction of nova with other openstack projects like neutron, glance and cinder.
nix-processmgmt: An experimental Nix-based process manager-agnostic frameworkSander van der Burg
NixCon 2020 talk about an experimental framework that integrates the Nix package manager with all kinds of process managers, such as : sysvinit, systemd, launchd, and even Docker
PT-4057, Automated CUDA-to-OpenCL™ Translation with CU2CL: What's Next?, by W...AMD Developer Central
Presentation PT-4057, Automated CUDA-to-OpenCL™ Translation with CU2CL: What's Next?, by Wu Feng and Mark Gardner at the AMD Developer Summit (APU13) November 11-13, 2013.
Dicas para publicar e manter sua aplicação NodeJS em produção. Configure o Express corretamente, trate erros, use o Nginx no seu máximo, monitore sua aplicação javascript server-side com newrelic e logs.
An introduction to developing with Node.js and some useful tools to help the development and deployment processes. This talk was given at Asyncjs in Brighton
http://asyncjs.com/intro-nodejs
A quickfire rundown of concise tips designed to make your daily life with Docker better! There will be something for Docker users of all experience levels.
Seastar at Linux Foundation Collaboration SummitDon Marti
We have developed a new framework, Seastar, for high-throughput server applications, along with a key-value store capable of millions of transactions per second. Seastar, which runs on OSv and Linux, is completely asynchronous and based on shared-nothing data structures that eliminate costly locking between CPUs. SeaStar is event-driven and supports writing non-blocking, asynchronous server code in a straightforward manner that facilitates debugging and reasoning about performance.
Has the traditional intro to event looped servers (thanks Ryan!) with a couple of examples of why I think node.js is particularly exciting today. Code for the demos can be found at https://github.com/davidpadbury/node-intro.
Networking and Go: An Engineer's Journey (Strangeloop 2019)Sneha Inguva
My foray into Go began a few years ago when I started working at DigitalOcean. While building an abstraction layer on top of Kubernetes and familiarizing myself with the language, I began to love it. Syntactically simple, with amazing concurrency primitives and a wonderful community, Go was an excellent choice for a cloud-hosting company with a variety of low-level, server-side microservices.
In the last year, however, I've joined the software-defined networking team and learned of another application of Go; networking services. The networking team at DigitalOcean uses Go for a variety of purposes - from DHCP servers to IP address management services..to even wrappers around virtual switch tooling. Intrigued, I decided to also investigate how Go could be used to build other services such as port scanners and load-balancers.
This session will highlight my networking journey via Go. I will discuss useful packages, key learnings, and even struggles faced while building a variety networking services within and outside of DigitalOcean. I will discuss both relevant packages within the standard library and open source packages used to implement key network protocols. As a result, listeners will gain an understanding of how to specifically leverage Go for their own networking needs.
This is a presentation I prepared for a local meetup. The audience is a mix of web designers and developers who have a wide range of development experience.
Deploying MongoDB sharded clusters easily with Terraform and AnsibleAll Things Open
Presented by: Ivan Groenewold
Presented at the All Things Open 2021
Raleigh, NC, USA
Raleigh Convention Center
Abstract: Installing big clusters is always a challenge, and can be a very time-consuming task. At a high level, we need to provision the hardware, install the software, configure monitoring, and set up a backup process.
In this talk we will see how to develop a complete pipeline to deploy MongoDB sharded clusters at the push of a button, that can accomplish all of these tasks for you.
By combining Terraform for the hardware provisioning, and Ansible for the software installation, we can completely automate the process, saving time and providing a standardized reusable solution.
Kristian Ačkar from Core Incubator visits us to showcase strength of Node.js for real time applications. If you're interested in this topic come and join this lecture in real time at Axilis.
Workflow story: Theory versus Practice in large enterprises by Marcin PiebiakNETWAYS
Uphill battle against large enterprise it environments and IT corporate culture. How those difficulties turned out opportunities and clever implementations. Interesting modules, integrations and workflow pieces.
Dicas para publicar e manter sua aplicação NodeJS em produção. Configure o Express corretamente, trate erros, use o Nginx no seu máximo, monitore sua aplicação javascript server-side com newrelic e logs.
An introduction to developing with Node.js and some useful tools to help the development and deployment processes. This talk was given at Asyncjs in Brighton
http://asyncjs.com/intro-nodejs
A quickfire rundown of concise tips designed to make your daily life with Docker better! There will be something for Docker users of all experience levels.
Seastar at Linux Foundation Collaboration SummitDon Marti
We have developed a new framework, Seastar, for high-throughput server applications, along with a key-value store capable of millions of transactions per second. Seastar, which runs on OSv and Linux, is completely asynchronous and based on shared-nothing data structures that eliminate costly locking between CPUs. SeaStar is event-driven and supports writing non-blocking, asynchronous server code in a straightforward manner that facilitates debugging and reasoning about performance.
Has the traditional intro to event looped servers (thanks Ryan!) with a couple of examples of why I think node.js is particularly exciting today. Code for the demos can be found at https://github.com/davidpadbury/node-intro.
Networking and Go: An Engineer's Journey (Strangeloop 2019)Sneha Inguva
My foray into Go began a few years ago when I started working at DigitalOcean. While building an abstraction layer on top of Kubernetes and familiarizing myself with the language, I began to love it. Syntactically simple, with amazing concurrency primitives and a wonderful community, Go was an excellent choice for a cloud-hosting company with a variety of low-level, server-side microservices.
In the last year, however, I've joined the software-defined networking team and learned of another application of Go; networking services. The networking team at DigitalOcean uses Go for a variety of purposes - from DHCP servers to IP address management services..to even wrappers around virtual switch tooling. Intrigued, I decided to also investigate how Go could be used to build other services such as port scanners and load-balancers.
This session will highlight my networking journey via Go. I will discuss useful packages, key learnings, and even struggles faced while building a variety networking services within and outside of DigitalOcean. I will discuss both relevant packages within the standard library and open source packages used to implement key network protocols. As a result, listeners will gain an understanding of how to specifically leverage Go for their own networking needs.
This is a presentation I prepared for a local meetup. The audience is a mix of web designers and developers who have a wide range of development experience.
Deploying MongoDB sharded clusters easily with Terraform and AnsibleAll Things Open
Presented by: Ivan Groenewold
Presented at the All Things Open 2021
Raleigh, NC, USA
Raleigh Convention Center
Abstract: Installing big clusters is always a challenge, and can be a very time-consuming task. At a high level, we need to provision the hardware, install the software, configure monitoring, and set up a backup process.
In this talk we will see how to develop a complete pipeline to deploy MongoDB sharded clusters at the push of a button, that can accomplish all of these tasks for you.
By combining Terraform for the hardware provisioning, and Ansible for the software installation, we can completely automate the process, saving time and providing a standardized reusable solution.
Kristian Ačkar from Core Incubator visits us to showcase strength of Node.js for real time applications. If you're interested in this topic come and join this lecture in real time at Axilis.
Workflow story: Theory versus Practice in large enterprises by Marcin PiebiakNETWAYS
Uphill battle against large enterprise it environments and IT corporate culture. How those difficulties turned out opportunities and clever implementations. Interesting modules, integrations and workflow pieces.
Nagios Conference 2014 - Eric Mislivec - Getting Started With Nagios CoreNagios
Eric Mislivec's presentation on getting started with Nagios Core. The presentation was given during the Nagios World Conference North America held Oct 13th - Oct 16th, 2014 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/conference.
thredUP team shares key learnings from after-migration processes. We tell you about what technologies and solutions worked best for us and where we spent time troubleshooting and improving. In particular we have focused on development and staging experience, user authentication, cloud-native CI pipelines, applications telemetry and service mesh. We also share our experience with Kubernetes security hardening, autoscaling and tell you about a new service creation within our infrastructure.
Capistrano deploy Magento project in an efficient waySylvain Rayé
Deploying a Magento project can be very a long and laborious task with some risks of errors. Having the good tool to prevent such a pain like Capistrano will help you to automatize such a process. Thanks such a tool you may deploy a release of your Magento project in less than 5 minutes.
Rohit Yadav - The future of the CloudStack Virtual RouterShapeBlue
This talk surveys and explores the scopes and design for the next-generation network model consolidation in CloudStack and a new super-fast micro-vm based VR. The talk will discuss the scope and goals for the next-generation VR, consolidation of basic and advanced networks and zones, flexible networking topologies, UI based network designing, a standard systemvm patching mechanism and uniform VR programming interface with a lightweight secured agent, faster rules programming and zero-downtime upgrades. It will also explore new abilities to allow live/online patching, containerization of VR processes and pluggability of user-imported data/router appliances (bring your own X) such as pfsense, vyos etc for VPN, FTP, DNS, DHCP, etc.
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Orkestra
UIIN Conference, Madrid, 27-29 May 2024
James Wilson, Orkestra and Deusto Business School
Emily Wise, Lund University
Madeline Smith, The Glasgow School of Art
0x01 - Newton's Third Law: Static vs. Dynamic AbusersOWASP Beja
f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures.
About the Speaker
===============
Diogo Sousa, Engineering Manager @ Canonical
An opinionated individual with an interest in cryptography and its intersection with secure software development.
This presentation, created by Syed Faiz ul Hassan, explores the profound influence of media on public perception and behavior. It delves into the evolution of media from oral traditions to modern digital and social media platforms. Key topics include the role of media in information propagation, socialization, crisis awareness, globalization, and education. The presentation also examines media influence through agenda setting, propaganda, and manipulative techniques used by advertisers and marketers. Furthermore, it highlights the impact of surveillance enabled by media technologies on personal behavior and preferences. Through this comprehensive overview, the presentation aims to shed light on how media shapes collective consciousness and public opinion.
Have you ever wondered how search works while visiting an e-commerce site, internal website, or searching through other types of online resources? Look no further than this informative session on the ways that taxonomies help end-users navigate the internet! Hear from taxonomists and other information professionals who have first-hand experience creating and working with taxonomies that aid in navigation, search, and discovery across a range of disciplines.
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
This presentation by Morris Kleiner (University of Minnesota), was made during the discussion “Competition and Regulation in Professions and Occupations” held at the Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found out at oe.cd/crps.
This presentation was uploaded with the author’s consent.
2. Northern NJ Red Hat Users Group2
Something about the myself
● A Linux cowboy sysadmin since 2005
● Making enterprise IT more open and adaptable TM
● Red Hat’s Core Management CoP
● RHCE since 2008!
● Play Minecraft with my son almost every day
● Play Samba percussion. A frame-drum called the Pandeiro
Introduction
3. Northern NJ Red Hat Users Group3
● Deployment vs. Provisioning
● Manual vs Push-button vs Automated provisioning
● (re) Introducing SOE (Standard Operating Environment)
● Provisioning next: Modularity, Immutable images and ...
Agenda
4. Northern NJ Red Hat Users Group4
The Goal of Provisioning
● To provide a suitable platform for a given workload
● Part of developing and running a service
● Includes: hardware, networking, OS, middleware, code, process
● Can the workload run optimally in the new platform?
● Think “Application Lifecycle”
● Standardization - Automation - Iteration
Provisioning != Deploying VMs
5. Northern NJ Red Hat Users Group5
● Physical compute (“Bare metal”)
○ The job of the installer
○ Automating network settings
● Virtual compute (“Virtualization”)
○ Golden Image vs Scripted Installation
○ Sealing an image
○ Auto-scaling
● IaaS (Cloud)
○ Cloud-init
○ API driven provisioning, callbacks
● Workload portability, Global Load Balancers
● Self service, service management, service catalogue
The Essentials
6. Northern NJ Red Hat Users Group6
● iPXE + Kickstart + Anaconda to the rescue!
● Anaconda/kickstart takes care of:
○ Installation destination preparation
(usually disk partitioning)
○ package and data installation
○ boot loader installation and configuration
○ configuration of the newly installed system
● Think “kickstart variables”
● Initial setup
○ The first boot of the newly installed system
is traditionally considered a part of the
installation process as well
The Job of the Installer
Anaconda Team
(Brno, Czech Republic)
7. Northern NJ Red Hat Users Group7
Golden image vs. network boot w/ kickstart
∘ Installer vs. cloning
‣ impact on repeatability and speed
‣ transparency: how do I know what's in our golden image?
‣ Keeping images fresh takes effort
The best of both worlds: hybrid of scripted and golden images
Default to network booting where possible, but script release lifecycle of golden images
Golden Image vs Scripted Installation
Treat image as code!
8. Northern NJ Red Hat Users Group8
● What if I don’t have DHCP on the subnet or if bootserver options are already taken?
● iPXE - open source boot firmware
○ Scritable PXE ROM!
○ Let’s you network boot even without DHCP or bootserver available
○ http://ipxe.org/
● Dynamic scripts too:
http://192.168.0.1/boot.php?mac=${net0/mac}&asset=${asset:uristring}
● Which would expand to a URL such as:
http://192.168.0.1/boot.php?mac=52:54:00:12:34:56&asset=BKQ42M1
To DHCP or not to DHCP?
9. Northern NJ Red Hat Users Group9
● Dynamic DNS is your friend
○ Windows friendly (Active Directory DNS)
○ Ships with RHEL (BIND 9)
○ Easy and secure to automate:
Automating DNS
echo -e "server dns.example.com update n
add web1.example.com 3600 IN A 192.168.38.10 send | nsupdate -k /etc/rndc.key
● InfoBlox and Route 53
○ DNS “as a Service”
■ Create and modify DNS records via REST API
Automate it with Ansible!
10. Northern NJ Red Hat Users Group10
tasks:
- name: "Add host"
infoblox:
server: 192.168.1.100
username: admin
password: admin
action: add_host
network: 192.168.1.0/24
host: "{{ item }}"
with_items:
- test01.internal
- test02.internal
register: result
- name: "Do awesome stuff with the result"
debug:
var: result
11. Northern NJ Red Hat Users Group11
● Does your organization (or team) do automated provisioning?
‣ Do you have to manually request or provision storage?
‣ Do you have to download a finishing script and run it?
‣ Does it mean manually notifying the requester?
Manual vs Push-button vs Automated
Think “Integrated Automation” where systems are communicating with other systems
12. Northern NJ Red Hat Users Group12
● For example: remove ssh host keys
● Set HOSTNAME=localhost.localdomain in /etc/sysconfig/network
● Remove generated udev rules: rm -rf /etc/udev/rules.d/70-*
● Etc, etc, etc…..
○ https://access.redhat.com/solutions/2271601
● Sys-unconfig was a good tool for this, but < RHEL 6 only
● Ansible role exists for this:
https://galaxy.ansible.com/rhevm-qe-automation/ansible-role-seal/
● Linux Sysprep
○ https://github.com/ifireball/linux-sysprep
Sealing your images
Seal your images appropriately!
13. Northern NJ Red Hat Users Group13
● Detect a condition or event
● Provision new instance
● Finish the instance via Cloud-init plus Ansible
● Verify that it’s able to perform the desired workload
● Add to Load Balancer
○ Modules exist for F5, NetScaler, AWS Elastic Load Balancer
● Global Load Balancers help deliver the Multi-cloud vision
○ This can be achieved with DNS
○ Many different solutions for this task
Auto-scaling
Auto-scaling is the fruit of automated provisioning
14. Northern NJ Red Hat Users Group14
● Cloud answer to kickstart + firstboot
● Works with RHV, OpenStack, AWS, etc
● Capabilities include:
○ Setting a default locale
○ Setting an instance hostname
○ Generating instance SSH private keys
○ Adding SSH keys to a user’s
.ssh/authorized_keys so they can log in
○ Setting up ephemeral mount points
○ Configuring network devices
● Integrate with Ansible for further customization!
Cloud-init
17. Northern NJ Red Hat Users Group17
● Leveraging the lessons from the Software Development Lifecycle
● Build
○ Defined set of installable software and configurations
○ Changes over time (Patches, improvements, features, etc)
○ One build == multiple server instances
○ Build version is updated as build evolves
● Role and Profile
○ A Role is a specific software configuration that fulfills a business role
○ A profile is a re-usable “building block”, like Base Server, Oracle host, Tomcat.
(re) Introducing SOE
18. Northern NJ Red Hat Users Group18
● Inception, Development and Release
○ The inception stage is when a new build is initiated
○ The development stage is when a new build is
designed, developed and tested
○ During the maintenance stage, the new build is
continuously updated
● Maintenance and Retirement
○ Maintenance workflows are highly dependent on the
organisation’s attitude towards risk and stability.
○ Once the build is retired, it will no longer be updated.
No new servers should be built using a retired build
and servers currently on the retired build should be
migrated to currently maintained build, or
redeployed.
Build Lifecycle