Here are the slides from Neil Armitage's PuppetConf 2016 presentation called Changing the Engine While in Flight. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
OpenStack Summit Vancouver: Lessons learned on upgradesFrédéric Lepied
Deploying OpenStack in production at any scale, upgrade support is one of the requirements to have a successful deployment. Without upgrade management, adeployment will have bugs and security issues from day 1. Also in longer term, it will miss the latest features that OpenStack offers.
Configuration Management Evolution at CERNGavin McCance
The document discusses CERN's evolution to using Puppet, Foreman, OpenStack and other open source tools for configuration management and infrastructure automation. It summarizes the key benefits of the new approach, including improved stability, scalability, and the ability to hire staff with relevant skills. Some ongoing challenges discussed are ensuring stability and scalability as the number of managed systems grows, integrating the new tools with existing site systems, and developing processes for collaborative development while preventing conflicts between teams.
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...Daniel Krook
Presentation at the OpenStack Summit in Tokyo, Japan on October 29, 2015.
http://sched.co/49vI
This talk will cover the pros and cons of four different OpenStack deployment mechanisms. Puppet, Chef, Ansible, and Salt for OpenStack all claim to make it much easier to configure and maintain hundreds of OpenStack deployment resources. With the advent of large-scale, highly available OpenStack deployments spread across multiple global regions, the choice of which deployment methodology to use has become more and more relevant.
Beyond the initial day-one deployment, when it comes to the day-two and beyond questions of updating and upgrading existing OpenStack deployments, it becomes all the more important choose the right tool.
Come join the Bluebox and IBM team to discuss the pros and cons of these approaches. We look at each of these four tools in depth, explore their design and function, and determine which scores higher than others to address your particular deployment needs.
Daniel Krook - Senior Software Engineer, Cloud and Open Source Technologies, IBM
Paul Czarkowski - Cloud Engineer at Blue Box, an IBM company
Daniel Krook - Senior Software Engineer, Cloud and Open Source Technologies, IBM
Build cloud like Rackspace with OpenStack AnsibleJirayut Nimsaeng
Build cloud like Rackspace with OpenStack Ansible Workshop in 2nd Cloud OpenStack-Container Conference and Workshop 2016 at Grand Postal Building, Bangrak, Bangkok on September 22-23, 2016
An Evaluation of OpenStack Deployment Frameworksshane_gibson
Symantec evaluated several OpenStack deployment frameworks to test provisioning OpenStack clusters from bare metal. They tested Fuel Web, MaaS/JuJu, Crowbar, Foreman, and Rackspace Private Cloud. Crowbar had the fastest time to deploy a full OpenStack cluster and met most of Symantec's requirements. The evaluation provided feedback to vendors on improving automation, resiliency, and managing complex configurations when deploying OpenStack at scale.
1) The OpenStack Icehouse release focused on improving operator-driven updates, integrated release efficiency at scale, and tighter platform integration.
2) Key features included rolling upgrades with no downtime, consistent experience across drivers through rigorous testing, and allowing users to access public and private clouds with a single identity.
3) The number of OpenStack contributors grew by 32% for Icehouse, with over 350 new features added while focusing on testing, maturity and stability.
OpenStack Best Practices and Considerations - terasky tech dayArthur Berezin
- Arthur Berezin presented on best practices for deploying enterprise-grade OpenStack implementations. The presentation covered OpenStack architecture, layout considerations including high availability, and best practices for compute, storage, and networking deployments. It provided guidance on choosing backend drivers, overcommitting resources, and networking designs.
OpenStack Summit Vancouver: Lessons learned on upgradesFrédéric Lepied
Deploying OpenStack in production at any scale, upgrade support is one of the requirements to have a successful deployment. Without upgrade management, adeployment will have bugs and security issues from day 1. Also in longer term, it will miss the latest features that OpenStack offers.
Configuration Management Evolution at CERNGavin McCance
The document discusses CERN's evolution to using Puppet, Foreman, OpenStack and other open source tools for configuration management and infrastructure automation. It summarizes the key benefits of the new approach, including improved stability, scalability, and the ability to hire staff with relevant skills. Some ongoing challenges discussed are ensuring stability and scalability as the number of managed systems grows, integrating the new tools with existing site systems, and developing processes for collaborative development while preventing conflicts between teams.
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...Daniel Krook
Presentation at the OpenStack Summit in Tokyo, Japan on October 29, 2015.
http://sched.co/49vI
This talk will cover the pros and cons of four different OpenStack deployment mechanisms. Puppet, Chef, Ansible, and Salt for OpenStack all claim to make it much easier to configure and maintain hundreds of OpenStack deployment resources. With the advent of large-scale, highly available OpenStack deployments spread across multiple global regions, the choice of which deployment methodology to use has become more and more relevant.
Beyond the initial day-one deployment, when it comes to the day-two and beyond questions of updating and upgrading existing OpenStack deployments, it becomes all the more important choose the right tool.
Come join the Bluebox and IBM team to discuss the pros and cons of these approaches. We look at each of these four tools in depth, explore their design and function, and determine which scores higher than others to address your particular deployment needs.
Daniel Krook - Senior Software Engineer, Cloud and Open Source Technologies, IBM
Paul Czarkowski - Cloud Engineer at Blue Box, an IBM company
Daniel Krook - Senior Software Engineer, Cloud and Open Source Technologies, IBM
Build cloud like Rackspace with OpenStack AnsibleJirayut Nimsaeng
Build cloud like Rackspace with OpenStack Ansible Workshop in 2nd Cloud OpenStack-Container Conference and Workshop 2016 at Grand Postal Building, Bangrak, Bangkok on September 22-23, 2016
An Evaluation of OpenStack Deployment Frameworksshane_gibson
Symantec evaluated several OpenStack deployment frameworks to test provisioning OpenStack clusters from bare metal. They tested Fuel Web, MaaS/JuJu, Crowbar, Foreman, and Rackspace Private Cloud. Crowbar had the fastest time to deploy a full OpenStack cluster and met most of Symantec's requirements. The evaluation provided feedback to vendors on improving automation, resiliency, and managing complex configurations when deploying OpenStack at scale.
1) The OpenStack Icehouse release focused on improving operator-driven updates, integrated release efficiency at scale, and tighter platform integration.
2) Key features included rolling upgrades with no downtime, consistent experience across drivers through rigorous testing, and allowing users to access public and private clouds with a single identity.
3) The number of OpenStack contributors grew by 32% for Icehouse, with over 350 new features added while focusing on testing, maturity and stability.
OpenStack Best Practices and Considerations - terasky tech dayArthur Berezin
- Arthur Berezin presented on best practices for deploying enterprise-grade OpenStack implementations. The presentation covered OpenStack architecture, layout considerations including high availability, and best practices for compute, storage, and networking deployments. It provided guidance on choosing backend drivers, overcommitting resources, and networking designs.
OpenStack in action 4! Alessandro Pilotti - OpenStack, Hyper-V and WindowseNovance
Windows can run as a guest operating system on OpenStack. Cloudbase-Init allows customization of Windows instances at boot time through plugins. Hyper-V can be used as the hypervisor for OpenStack, and the Hyper-V Nova compute driver and Neutron plugin support integration with OpenStack. Templates in Heat allow automated provisioning of multi-server Windows environments. Puppet, Chef, Crowbar, and SUSE Cloud can be used to deploy and manage Hyper-V compute nodes running OpenStack.
Sergey Dzyuban "To Build My Own Cloud with Blackjack…"Fwdays
Cloud providers like Amazon or Google have a great user experience to create and manage PaaS. But is it possible to reproduce the same experience and flexibility locally, in the on-premise datacenter? What if your own infrastructure grows to fast and your team can’t deal with it in the old way? What does Jenkins, .NET microservices and TVs for daily meetings have in common?
This talk shares our experience using DC/OS (datacenter operating system) for building flexible and stable infrastructure. I will show the evolution of private cloud from the first steps with Vagrant to the hybrid cloud with instance groups in Google Cloud, the benefits it gives us and the problems we get instead.
dodai is a Cluster as a Service (CaaS) tool comprised of dodai-deploy and dodai-compute. dodai-deploy is a software management tool for distributed environments that provides templates for deploying software like OpenStack, Hadoop, and SGE. It is fast, scalable, and easy to use. dodai-compute is a bare metal version of Nova that provides the same interface for operating physical machines and separates networks logically with OpenFlow switches. The presentation demonstrated installing an OpenStack Folsom cloud on EC2 using dodai's new "Install as a Service" functionality.
Cloud providers like Amazon or Goggle have great user experience to create and manage PaaS and IaaS services. But is it possible to reproduce same experience and flexibility locally, in on premise datacenter? This talk describes success story of creation private cloud based on DC/OS cluster. It is used to host and share different services like hadoop or kafka for development teams, dynamically manage services and resource pools with GKE integration.
OpenStack is an open source cloud computing platform that can manage large networks of virtual machines and physical servers. It uses a distributed architecture with components like Nova (compute), Swift (object storage), Cinder (block storage), and Quantum (networking). OpenStack has been successful due to its scalability, support for multiple hypervisors including Hyper-V, and compatibility with popular programming languages like Python. While OpenStack is best suited for large public and private clouds, its complex installation and lack of unified deployment tools can present challenges, especially for small to mid-sized clouds.
Enhancing OpenStack FWaaS for real world applicationopenstackindia
This document discusses enhancing the performance and capabilities of OpenStack's firewall-as-a-service (FWaaS). It proposes improvements to FWaaS performance by validating firewall rules and distributing rules only to relevant routers. It also discusses scheduling firewall rules based on time and enabling logging of firewall packets to help with debugging, threat analysis, and rule tuning. The document outlines integrating firewall logging with OpenStack using IPTables rules and collecting logs in a centralized server for analysis. Finally, it proposes extending the Horizon UI to make firewall logs accessible to tenants.
WebSockets allow for bi-directional communication between a client and server that reduces overhead compared to traditional HTTP requests. This enables real-time updates and instant notifications. Common use cases include chat applications, data feeds that change frequently, and workflow notifications. While browser support is now widespread, adoption has been slowed by compatibility with older browsers, SEO concerns, and firewall configurations that expect HTTP. The Socket.io library makes it easy to use WebSockets with Node.js. Demonstrations show WebSockets enabling a hot potato game, updating app data in real-time, and powering a chat room.
Chef is an open source configuration management and service integration automation tool that has been integral to a number of large successful OpenStack deployments. This talk will provide a brief introduction to Chef and why it frequently the configuration tool of choice for large deployments and discuss the use of Chef within the OpenStack ecosystem (development, testing, deploying and managing the installation). Chef also provides the ability to manage the instances running on top of Nova through the knife-openstack plugin.
Open stack in action enovance-quantum in actioneNovance
This document summarizes a presentation about Quantum, the OpenStack networking project. It introduces the speakers and their backgrounds working on OpenStack. It describes Quantum's role in providing networking for IaaS components like Nova, Swift, Cinder, and its transformation of clouds into SDN with the right plugins. Common Quantum plugins are presented along with their supported networking features. The document outlines limitations in the Folsom release and expected improvements in Grizzly, and notes early production uses of Quantum. It concludes by discussing the future of Quantum and an upcoming OpenStack workshop.
Netflix uses containers to run both batch jobs and services. For batch jobs, containers simplify resource management and allow jobs like model training and media encoding to easily share resources. Services are more complex to run in containers due to challenges like constant resizing, statefulness, and networking. Netflix addresses these challenges through solutions like a VPC networking driver and reusing existing infrastructure services for containers. Looking ahead, Netflix aims to run more containers at larger scale for areas like developer experience, continuous integration, and internal resource optimization.
Docker, Containers, and the Future of Application Delivery document discusses:
- The challenges of running applications across different environments due to variations in stacks and hardware ("N x N" compatibility problem).
- How Docker addresses this by allowing applications and their dependencies to be packaged into standardized software containers that can run consistently across any infrastructure similar to how shipping containers standardized cargo transportation.
- The benefits of Docker for developers in building applications once and running them anywhere without dependency or compatibility issues, and for operations in simplifying configuration management and automation.
DevOps Fest 2019. Stanislav Kolenkin. Сonnecting pool Kubernetes clusters: Fe...DevOps_Fest
On this IT sense, we will talk about the Federation.
The Federation is a very flexible tool for connecting several clusters and gives us a lot possibilities in K8s control.
With the help of the Federation, we can easily:
- sync resources across clusters
- cross cluster discovery
We will also discuss how to connect several Kubernetes clusters into one network, how to reach services in each Kubernetes cluster...
Cloud Foundry is an open source platform as a service (PaaS) that supports building, deploying, and running applications on the cloud. It supports multiple frameworks like Java, Ruby, Scala, and Node.js and services like SQL, NoSQL, messaging, and analytics. Cloud Foundry uses a distributed architecture with no single point of failure and provides automatic scaling and self-healing capabilities.
PPTV is using CloudStack 3.0.2 in its production environment. Currently there are more than 150 hosts, and migrate their apps to cloud everyday (10 host per day). At the end of 2013, there will be more than 1000 hosts in a CloudStack environment.
The document discusses Ceph, an open source distributed storage platform that provides unified object, block, and file storage. It describes how the speaker's company Hostvn deployed Ceph in production, including using it with OpenStack. They started with a small proof-of-concept cluster using all SSD drives before expanding to a larger cluster with more nodes. Key lessons learned included keeping the design simple, monitoring performance closely during rebalancing, and realizing there is no one-size-fits-all model for Ceph deployment. Future plans include upgrading networking and replacing current storage with Ceph.
This document discusses benchmarking OpenStack at scale using Rally. Rally allows OpenStack developers and operators to generate relevant and repeatable benchmarking data on how their cloud operates under different workloads and levels of load. It provides examples of synthetic stress tests and real-life workload scenarios that can be used for benchmarking. The goals of Rally are to help identify performance bottlenecks, validate optimizations, and provide historical data for comparing cloud performance over time as OpenStack and deployments evolve.
PuppetConf 2016: Case Study: Puppets in the Government – Kathy Lee (co-author...Puppet
Here are the slides from Kathy Lee's PuppetConf 2016 presentation called Case Study: Puppets in the Government. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf. 2016: External Data in Puppet 4 – R.I. PienaarPuppet
Here are the slides from R.I. Pienaar's PuppetConf 2016 presentation called External Data in Puppet 4. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
OpenStack in action 4! Alessandro Pilotti - OpenStack, Hyper-V and WindowseNovance
Windows can run as a guest operating system on OpenStack. Cloudbase-Init allows customization of Windows instances at boot time through plugins. Hyper-V can be used as the hypervisor for OpenStack, and the Hyper-V Nova compute driver and Neutron plugin support integration with OpenStack. Templates in Heat allow automated provisioning of multi-server Windows environments. Puppet, Chef, Crowbar, and SUSE Cloud can be used to deploy and manage Hyper-V compute nodes running OpenStack.
Sergey Dzyuban "To Build My Own Cloud with Blackjack…"Fwdays
Cloud providers like Amazon or Google have a great user experience to create and manage PaaS. But is it possible to reproduce the same experience and flexibility locally, in the on-premise datacenter? What if your own infrastructure grows to fast and your team can’t deal with it in the old way? What does Jenkins, .NET microservices and TVs for daily meetings have in common?
This talk shares our experience using DC/OS (datacenter operating system) for building flexible and stable infrastructure. I will show the evolution of private cloud from the first steps with Vagrant to the hybrid cloud with instance groups in Google Cloud, the benefits it gives us and the problems we get instead.
dodai is a Cluster as a Service (CaaS) tool comprised of dodai-deploy and dodai-compute. dodai-deploy is a software management tool for distributed environments that provides templates for deploying software like OpenStack, Hadoop, and SGE. It is fast, scalable, and easy to use. dodai-compute is a bare metal version of Nova that provides the same interface for operating physical machines and separates networks logically with OpenFlow switches. The presentation demonstrated installing an OpenStack Folsom cloud on EC2 using dodai's new "Install as a Service" functionality.
Cloud providers like Amazon or Goggle have great user experience to create and manage PaaS and IaaS services. But is it possible to reproduce same experience and flexibility locally, in on premise datacenter? This talk describes success story of creation private cloud based on DC/OS cluster. It is used to host and share different services like hadoop or kafka for development teams, dynamically manage services and resource pools with GKE integration.
OpenStack is an open source cloud computing platform that can manage large networks of virtual machines and physical servers. It uses a distributed architecture with components like Nova (compute), Swift (object storage), Cinder (block storage), and Quantum (networking). OpenStack has been successful due to its scalability, support for multiple hypervisors including Hyper-V, and compatibility with popular programming languages like Python. While OpenStack is best suited for large public and private clouds, its complex installation and lack of unified deployment tools can present challenges, especially for small to mid-sized clouds.
Enhancing OpenStack FWaaS for real world applicationopenstackindia
This document discusses enhancing the performance and capabilities of OpenStack's firewall-as-a-service (FWaaS). It proposes improvements to FWaaS performance by validating firewall rules and distributing rules only to relevant routers. It also discusses scheduling firewall rules based on time and enabling logging of firewall packets to help with debugging, threat analysis, and rule tuning. The document outlines integrating firewall logging with OpenStack using IPTables rules and collecting logs in a centralized server for analysis. Finally, it proposes extending the Horizon UI to make firewall logs accessible to tenants.
WebSockets allow for bi-directional communication between a client and server that reduces overhead compared to traditional HTTP requests. This enables real-time updates and instant notifications. Common use cases include chat applications, data feeds that change frequently, and workflow notifications. While browser support is now widespread, adoption has been slowed by compatibility with older browsers, SEO concerns, and firewall configurations that expect HTTP. The Socket.io library makes it easy to use WebSockets with Node.js. Demonstrations show WebSockets enabling a hot potato game, updating app data in real-time, and powering a chat room.
Chef is an open source configuration management and service integration automation tool that has been integral to a number of large successful OpenStack deployments. This talk will provide a brief introduction to Chef and why it frequently the configuration tool of choice for large deployments and discuss the use of Chef within the OpenStack ecosystem (development, testing, deploying and managing the installation). Chef also provides the ability to manage the instances running on top of Nova through the knife-openstack plugin.
Open stack in action enovance-quantum in actioneNovance
This document summarizes a presentation about Quantum, the OpenStack networking project. It introduces the speakers and their backgrounds working on OpenStack. It describes Quantum's role in providing networking for IaaS components like Nova, Swift, Cinder, and its transformation of clouds into SDN with the right plugins. Common Quantum plugins are presented along with their supported networking features. The document outlines limitations in the Folsom release and expected improvements in Grizzly, and notes early production uses of Quantum. It concludes by discussing the future of Quantum and an upcoming OpenStack workshop.
Netflix uses containers to run both batch jobs and services. For batch jobs, containers simplify resource management and allow jobs like model training and media encoding to easily share resources. Services are more complex to run in containers due to challenges like constant resizing, statefulness, and networking. Netflix addresses these challenges through solutions like a VPC networking driver and reusing existing infrastructure services for containers. Looking ahead, Netflix aims to run more containers at larger scale for areas like developer experience, continuous integration, and internal resource optimization.
Docker, Containers, and the Future of Application Delivery document discusses:
- The challenges of running applications across different environments due to variations in stacks and hardware ("N x N" compatibility problem).
- How Docker addresses this by allowing applications and their dependencies to be packaged into standardized software containers that can run consistently across any infrastructure similar to how shipping containers standardized cargo transportation.
- The benefits of Docker for developers in building applications once and running them anywhere without dependency or compatibility issues, and for operations in simplifying configuration management and automation.
DevOps Fest 2019. Stanislav Kolenkin. Сonnecting pool Kubernetes clusters: Fe...DevOps_Fest
On this IT sense, we will talk about the Federation.
The Federation is a very flexible tool for connecting several clusters and gives us a lot possibilities in K8s control.
With the help of the Federation, we can easily:
- sync resources across clusters
- cross cluster discovery
We will also discuss how to connect several Kubernetes clusters into one network, how to reach services in each Kubernetes cluster...
Cloud Foundry is an open source platform as a service (PaaS) that supports building, deploying, and running applications on the cloud. It supports multiple frameworks like Java, Ruby, Scala, and Node.js and services like SQL, NoSQL, messaging, and analytics. Cloud Foundry uses a distributed architecture with no single point of failure and provides automatic scaling and self-healing capabilities.
PPTV is using CloudStack 3.0.2 in its production environment. Currently there are more than 150 hosts, and migrate their apps to cloud everyday (10 host per day). At the end of 2013, there will be more than 1000 hosts in a CloudStack environment.
The document discusses Ceph, an open source distributed storage platform that provides unified object, block, and file storage. It describes how the speaker's company Hostvn deployed Ceph in production, including using it with OpenStack. They started with a small proof-of-concept cluster using all SSD drives before expanding to a larger cluster with more nodes. Key lessons learned included keeping the design simple, monitoring performance closely during rebalancing, and realizing there is no one-size-fits-all model for Ceph deployment. Future plans include upgrading networking and replacing current storage with Ceph.
This document discusses benchmarking OpenStack at scale using Rally. Rally allows OpenStack developers and operators to generate relevant and repeatable benchmarking data on how their cloud operates under different workloads and levels of load. It provides examples of synthetic stress tests and real-life workload scenarios that can be used for benchmarking. The goals of Rally are to help identify performance bottlenecks, validate optimizations, and provide historical data for comparing cloud performance over time as OpenStack and deployments evolve.
PuppetConf 2016: Case Study: Puppets in the Government – Kathy Lee (co-author...Puppet
Here are the slides from Kathy Lee's PuppetConf 2016 presentation called Case Study: Puppets in the Government. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf. 2016: External Data in Puppet 4 – R.I. PienaarPuppet
Here are the slides from R.I. Pienaar's PuppetConf 2016 presentation called External Data in Puppet 4. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: DevOps Where You Wouldn't Have Expected – Thomas Limoncelli,...Puppet
Here are the slides from Thomas Limoncelli's PuppetConf 2016 presentation called DevOps Where You Wouldn't Have Expected. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Here are the slides from Anjuan Simmons' PuppetConf 2016 presentation called Debugging Diversity. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Site Launch Automation: From Days to Minutes – Kristen Crawf...Puppet
Here are the slides from Kristen Crawford's PuppetConf 2016 presentation called Site Launch Automation: From Days to Minutes. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Multi-Tenant Puppet at Scale – John Jawed, eBay, Inc.Puppet
Here are the slides from John Jawed's PuppetConf 2016 presentation called Multi-Tenant Puppet at Scale. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Deconfiguration Management: Making Puppet Clean Up Its Own M...Puppet
Here are the slides from Josh Snyder's presentation called Deconfiguration Management: Making Puppet Clean Up Its Own Mess. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Turning Pain Into Gain: A Unit Testing Story – Nadeem Ahmad ...Puppet
This document summarizes a presentation given by Jordan Moldow and Nadeem Ahmad at PuppetConf 2016 titled "From Pain To Gain: A Puppet Unit Testing Story". The presentation discusses the challenges the team at Box faced with manually testing Puppet configurations and their process of implementing unit testing to improve the testing workflow. Some of the key challenges addressed included long wait times for manual tests, inability to test all configurations, and lack of repeatability. The team started with basic unit testing using rspec-puppet but encountered issues with undefined facts, default attributes, and production-only functions. They created the box_spec_helper tool to address these problems and enable tests to run automatically and in parallel. This significantly reduced test
The document discusses various ways to avoid accumulating technical debt when managing infrastructure and security as an operations team. It recommends automating processes like deployments, upgrades, and monitoring to reduce manual work. Other tips include using tools that isolate services, following security advisories, and documenting procedures to avoid "derployments" during incident response. The overarching message is to embrace automation to save time and minimize human errors that can introduce technical debt.
PuppetConf 2016: Writing Custom Types to Manage Web-Based Applications – Tim ...Puppet
Here are the slides from Tim Cinel's PuppetConf 2016 presentation called Writing Custom Types to Manage Web-Based Applications. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: High Availability for Puppet – Russ Mull & Zack Smith, PuppetPuppet
Here are the slides from Russ Mull and Zack Smith's presentation High Availability for Puppet. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Enjoying the Journey from Puppet 3.x to 4.x – Rob Nelson, AT&T Puppet
Here are the slides from Rob Nelson's PuppetConf 2016 presentation called Enjoying the Journey from Puppet 3.x to 4.x. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Moving from Exec to Types and Providers – Martin Alfke, exam...Puppet
Here are the slides from Martin Alfke's PuppetConf 2016 presentation called Moving from Exec to Types and Providers. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...Puppet
Here are the slides from Rick Sherman's PuppetConf 2016 presentation called Why Network Automation Matters, and What You Can Do About It. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Puppet Troubleshooting – Thomas Uphill, Wells FargoPuppet
Here are the slides from Thomas Uphill's presentation called Puppet Troubleshooting. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: The Future of Testing Puppet Code – Gareth Rushgrove, PuppetPuppet
This document discusses testing Puppet code. It begins by explaining why testing Puppet is important due to the large amount of Puppet code and its use across many platforms. It then provides an overview of existing Puppet testing tools like puppet-lint, rspec-puppet, and beaker-rspec. It notes different types of Puppet users have varying needs and experiences with testing. Key challenges discussed are improving the getting started experience, adopting acceptance testing more widely, providing consistent interfaces, and addressing the Ruby dependency of many tools. The document concludes that the community has powerful tools but needs more consistent user experiences and workflows to help beginners test Puppet code.
PuppetConf 2016: How You Actually Get Hacked – Ben Hughes, EtsyPuppet
Here are the slides from Ben Hughes's PuppetConf 2016 presentation called How You Actually Get Hacked. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Successful Puppet Implementation in Large Organizations – Ja...Puppet
Here are the slides from James Sweeny's PuppetConf 2016 presentation called Successful Puppet Implementation in Large Organizations. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Puppet and vRealize Automation: The Next Generation – Ganesh...Puppet
Here are the slides from Ganesh Subramaniam's PuppetConf 2016 presentation called Puppet and vRealize Automation: The Next Generation. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Security Roadmap: How We Are Helping You When Everything is ...Puppet
Here are the slides from Beth Cornils & Verne Lindner's PuppetConf 2016 presentation called How We Are Helping You When Everything is Burning. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Nordic infrastructure Conference 2017 - SQL Server in DevOpsTravis Wright
SQL Server is coming to Linux in the next major version of SQL Server. Having SQL Server in Linux containers makes it much easier for dev/test, CI/CD, and build automation pipelines to be automated. This session describes some of the common challenges currently faced in trying to use SQL Server in Linux containers and how to overcome them. Integration with Red Hat Open Shift is also discussed.
The document discusses the infrastructure challenges faced by Edison Nation, an old Rails 2.3 application with over 100,000 members and a distributed team. It covered topics like moving to newer Linux distributions, improving automation, upgrading Rails, implementing load balancing, and switching to Unicorn and Nginx for better performance under heavy load after the site was featured unexpectedly on Nightline TV. It also discussed using Puppet for configuration management, MCollective for orchestration, Graylog2 for log management, and other techniques for scaling the infrastructure.
This document discusses best practices for scaling Jenkins. It recommends using a powerful virtual machine for the master server and configuring plugins, build tools, and logging agents via Puppet or Chef. For slave servers, it suggests considering dedicated systems or quickly spun up VMs, monitoring resources, and segregating heavier jobs. The document also provides tips for optimizing job configuration, such as keeping steps minimal, ensuring jobs are under source control, and using plugins to reduce complexity.
Experiences from Running Masterless Puppet - PuppetConf 2014Puppet
This document summarizes Spotify's experiences with running Puppet in a masterless configuration. Some key points:
- Spotify previously used multiple Puppet masters but switched to a masterless setup to allow for more flexible workflows and continuous delivery of applications and configurations.
- In the masterless setup, each node runs Puppet apply directly using Hiera data to determine which modules to use for that run.
- Benefits of the masterless approach include easier debugging and ability to control modules on a per-node basis. Drawbacks require more manual configuration.
- Spotify uses a custom Ruby wrapper, PuppetDB for facts/catalog storage, and a secret management service to support the masterless infrastructure.
Database as a Service (DBaaS) on KubernetesObjectRocket
Learn about ObjectRocket's adventures in Kubernetes. We'll cover why we chose Kubernetes for our DBaaS platform, the challenges we faced, and how we overcame them. A presentation for DevWeek Austin 2018.
There is a growing trend today of enterprises leveraging both Amazon Web Services (AWS) and on-premise OpenStack-based private clouds. However, the default networking option in OpenStack remains broken and the plethora of confusing plug-ins makes networking in OpenStack mysterious and difficult to manage.
Enter MidoNet, the open source network virtualization solution from Midokura favored by DevOps cultures in web scale enterprises and service providers around the world. This session will present case studies from several end user deployments, showing how they use MidoNet to build, run and manage large-scale virtual networks in OpenStack clouds. The session will also discuss how transitioning from a public to private cloud enables organizations to accomplish much more with the same resources, without over-simplifying the inherent complexity of running an OpenStack cloud.
There is a growing trend today of enterprises leveraging both Amazon Web Services (AWS) and on-premise OpenStack-based private clouds. However, the default networking option in OpenStack remains broken and the plethora of confusing plug-ins makes networking in OpenStack mysterious and difficult to manage.
Enter MidoNet, the open source network virtualization solution from Midokura favored by DevOps cultures in web scale enterprises and service providers around the world. This session will present case studies from several end user deployments, showing how they use MidoNet to build, run and manage large-scale virtual networks in OpenStack clouds. The session will also discuss how transitioning from a public to private cloud enables organizations to accomplish much more with the same resources, without over-simplifying the inherent complexity of running an OpenStack cloud.
- Ecwid is an e-commerce SaaS platform with around 900,000 stores and 110 million monthly visitors supported by a 90 person IT operations team.
- The team developed sandboxes to quickly test software changes by automatically provisioning testing environments from code repositories in around 15 minutes, allowing for daily releases compared to monthly previously.
- Over time, the sandboxes evolved from a fragile bash script implementation prone to failures to a more robust solution using configuration management tools, custom programming, and automation to more reliably and quickly provision 50 test environments daily within budget.
Towards automated testing - CloudStack Collab Conferenceamoghvk
This document proposes an automated testing environment for CloudStack to continuously run basic verification tests (BVTs), enable community testing, and keep the master branch stable. It describes an architecture using Jenkins for continuous integration, Cobbler for provisioning management and hypervisor servers, and Marvin tests to check for regressions. The implementation is outlined, along with plans for easy replication of the testing environment and enhancements to integrate additional hypervisors and improve testing.
CIBox is a continuous integration framework that allows for multidimensional testing before code is merged into the master branch. It provides tools and configurations for local development environments, automated testing, code reviews, and deployment. The framework uses Ansible playbooks to provision and configure Jenkins, Vagrant, databases, and other tools on a CI server. It also generates codebases with scripts for continuous integration testing in Vagrant virtual machines before code is merged.
Dodai is a CaaS (Cluster as a Service) solution consisting of dodai-deploy and dodai-compute. Dodai-deploy is a software management tool that provides templates for deploying software like OpenStack and Hadoop in a distributed environment quickly and scalably using its web UI and CLI. Dodai-compute is a bare metal version of Nova that can operate on physical machines and provide resources to users. The latest versions support multiple operating systems, OpenStack Folsom, and an "Install as a Service" feature to deploy clusters on demand.
Moving Windows Applications to the CloudRightScale
This document summarizes a webinar about moving Windows to the cloud. It discusses:
- Key differences between Windows in the cloud vs on-premises like dynamic IP addresses, ephemeral instances, and bringing your own licenses.
- Challenges of Windows in the cloud like inconsistent images, inflexible pre-installed software, and lack of automation.
- How RightScale addresses these with consistent "RightImages", scriptable and versioned "ServerTemplates", and automation of deployments using "RightLink".
- A demonstration of automating user creation across servers using RightLink tags and remote execution.
- Next steps involve scripting application installation, enabling existing Windows images with Right
Provisioning Oracle Fusion Middleware Environments with Chef and PuppetEdwin Biemond
Provisioning Oracle Fusion Middleware Environments with Chef and Puppet
This session presents case studies and experiences involving automated provisioning of Oracle Fusion Middleware environments with the popular DevOps tools Chef and Puppet. In addition, it discusses experiences in orchestrating multinode environments with these tools, together with others such as MCollective and some custom-built tooling. The presentation also covers issues such as installing, creating domains, patching, configuring resources such as JDBC, and deploying applications. It also spends a little time on how this provisioning can contribute to building an environment for cloud-based automated acceptance testing.
Building Efficient Parallel Testing Platforms with DockerLaura Frank Tacho
We often use containers to maintain parity across development, testing, and production environments, but we can also use containerization to significantly reduce time needed for testing by spinning up multiple instances of fully isolated testing environments and executing tests in parallel. This strategy also helps you maximize the utilization of infrastructure resources. The enhanced toolset provided by Docker makes this process simple and unobtrusive, and you’ll see how Docker Engine, Registry, and Compose can work together to make your tests fast.
OpenStack Summit 2013 Hong Kong - OpenStack and WindowsAlessandro Pilotti
OpenStack summit session about how to deploy Windows instances using Cloudbase-Init and Heat!
The session takes care of explaining all the issues you might encounter, for example how to choose the rioght KVM VirtIO drivers.
Improving WordPress Development and Deployments with DockerBrett Palmer
This presentation will discuss how we use Docker to improve our development and deployment of WordPress sites. The presentation describes how themes and plugins can be developed locally and then packaged into a Docker container. A Jenkins pipeline is used with Git to automatically run a build and deploy the new WordPress container onto a test server where automated Selenium scripts are executed. Based on the results of the tests the container is tagged as a production candidate. A deployment pipeline is then used to execute a Blue-Green deployment on the latest update to production. Once the deployment is proven to work through automated testing the router is switched to the new deployment. The overall process helps reduce the risk of production updates to WordPress, themes, and plugins as well as reduce security concerns caused by randomly installing plugins by users. The presentation will also discuss strategies for running a WordPress database both outside and inside of a Docker container. It will discuss the pros and cons of each approach.
Presentation given at Salt Lake City WordCamp 2019, Oct 12, 2019. (https://2019.slc.wordcamp.org/).
This document discusses how Vagrant was implemented at Wingify Engineering to help establish a DevOps culture. Previously, Wingify had issues with environments not matching production, difficult setups, and isolation between devs and ops. Vagrant provided developers similar environments to production using the same OS and configuration management. It simplified management through tools like "vagrant up", "vagrant ssh", and "vagrant destroy". This improved testing and reduced issues in production. It also improved collaboration by allowing ops to test configurations and devs to better understand infrastructure. Overall Vagrant helped establish closer alignment between devs and ops through shared responsibility of infrastructure.
Arch9 - A cloud based continuous delivery implementationPavel Chunyayev
Presentation shows the evolution of different configuration management tool from imperative cod on a mutable infrastructure through declarative code back to the imperative code with immutable infrastructure.
Similar to PuppetConf 2016: Changing the Engine While in Flight – Neil Armitage, VMware (20)
Puppet camp2021 testing modules and controlrepoPuppet
This document discusses testing Puppet code when using modules versus a control repository. It recommends starting with simple syntax and unit tests using PDK or rspec-puppet for modules, and using OnceOver for testing control repositories, as it is specially designed for this purpose. OnceOver allows defining classes, nodes, and a test matrix to run syntax, unit, and acceptance tests across different configurations. Moving from simple to more complex testing approaches like acceptance tests is suggested. PDK and OnceOver both have limitations for testing across operating systems that may require customizing spec tests. Infrastructure for running acceptance tests in VMs or containers is also discussed.
This document appears to be for a PuppetCamp 2021 presentation by Corey Osman of NWOPS, LLC. It includes information about Corey Osman and NWOPS, as well as sections on efficient development, presentation content, demo main points, Git strategies including single branch and environment branch strategies, and workflow improvements. Contact information is provided at the bottom.
The document discusses operational verification and how Puppet is working on a new module to provide more confidence in infrastructure health. It introduces the concept of adding check resources to catalogs to validate configurations and service health directly during Puppet runs. Examples are provided of how this could detect issues earlier than current methods. Next steps outlined include integrating checks into more resource types, fixing reporting, integrating into modules, and gathering feedback. This allows testing and monitoring to converge by embedding checks within configurations.
This document provides tips and tricks for using Puppet with VS Code, including links to settings examples and recommended extensions to install like Gitlens, Remote Development Pack, Puppet Extension, Ruby, YAML Extension, and PowerShell Extension. It also mentions there will be a demo.
- The document discusses various patterns and techniques the author has found useful when working with Puppet modules over 10+ years, including some that may be considered unorthodox or anti-patterns by some.
- Key topics covered include optimization of reusable modules, custom data types, Bolt tasks and plans, external facts, Hiera classification, ensuring resources for presence/absence, application abstraction with Tiny Puppet, and class-based noop management.
- The author argues that some established patterns like roles and profiles can evolve to be more flexible, and that running production nodes in noop mode with controls may be preferable to fully enforcing on all nodes.
Applying Roles and Profiles method to compliance codePuppet
This document discusses adapting the roles and profiles design pattern to writing compliance code in Puppet modules. It begins by noting the challenges of writing compliance code, such as it touching many parts of nodes and leading to sprawling code. It then provides an overview of the roles and profiles pattern, which uses simple "front-end" roles/interfaces and more complex "back-end" profiles/implementations. The rest of the document discusses how to apply this pattern when authoring Puppet modules for compliance - including creating interface and implementation classes, using Hiera for configuration, and tools for reducing boilerplate code. It aims to provide a maintainable structure and simplify adapting to new compliance frameworks or requirements.
This document discusses Kinney Group's Puppet compliance framework for automating STIG compliance and reporting. It notes that customers often implement compliance Puppet code poorly or lack appropriate Puppet knowledge. The framework aims to standardize compliance modules that are data-driven and customizable. It addresses challenges like conflicting modules and keeping compliance current after implementation. The framework generates automated STIG checklists and plans future integration with Puppet Enterprise and Splunk for continued compliance reporting. Kinney Group cites practical experience implementing the framework for various military and government customers.
Enforce compliance policy with model-driven automationPuppet
This document discusses model-driven automation for enforcing compliance. It begins with an overview of compliance benchmarks and the CIS benchmarks. It then discusses implementing benchmarks, common challenges around configuration drift and lack of visibility, and how to define compliance policy as code. The key points are that automation is essential for compliance at scale; a model-driven approach defines how a system should be configured and uses desired-state enforcement to keep systems compliant; and defining compliance policy as code, managing it with source control, and automating it with CI/CD helps achieve continuous compliance.
This document discusses how organizations can move from a reactive approach to compliance to a proactive approach using automation. It notes that over 50% of CIOs cite security and compliance as a barrier to IT modernization. Puppet offers an end-to-end compliance solution that allows organizations to automatically eliminate configuration drift, enforce compliance at scale across operating systems and environments, and define policy as code. The solution helps organizations improve compliance from 50% to over 90% compliant. The document argues that taking a proactive automation approach to compliance can turn it into a competitive advantage by improving speed and innovation.
Automating it management with Puppet + ServiceNowPuppet
As the leading IT Service Management and IT Operations Management platform in the marketplace, ServiceNow is used by many organizations to address everything from self service IT requests to Change, Incident and Problem Management. The strength of the platform is in the workflows and processes that are built around the shared data model, represented in the CMDB. This provides the ‘single source of truth’ for the organization.
Puppet Enterprise is a leading automation platform focused on the IT Configuration Management and Compliance space. Puppet Enterprise has a unique perspective on the state of systems being managed, constantly being updated and kept accurate as part of the regular Puppet operation. Puppet Enterprise is the automation engine ensuring that the environment stays consistent and in compliance.
In this webinar, we will explore how to maximize the value of both solutions, with Puppet Enterprise automating the actions required to drive a change, and ServiceNow governing the process around that change, from definition to approval. We will introduce and demonstrate several published integration points between the two solutions, in the areas of Self-Service Infrastructure, Enriched Change Management and Automated Incident Registration.
This document promotes Puppet as a tool for hardening Windows environments. It states that Puppet can be used to harden Windows with one line of code, detect drift from desired configurations, report on missing or changing requirements, reverse engineer existing configurations, secure IIS, and export configurations to the cloud. Benefits of Puppet mentioned include hardening Windows environments, finding drift for investigation, easily passing audits, compliance reporting, easy exceptions, and exporting configurations. It also directs users to Puppet Forge modules for securing Windows and IIS.
Simplified Patch Management with Puppet - Oct. 2020Puppet
Does your company struggle with patching systems? If so, you’re not alone — most organizations have attempted to solve this issue by cobbling together multiple tools, processes, and different teams, which can make an already complicated issue worse.
Puppet helps keep hosts healthy, secure and compliant by replacing time-consuming and error prone patching processes with Puppet’s automated patching solution.
Join this webinar to learn how to do the following with Puppet:
Eliminate manual patching processes with pre-built patching automation for Windows and Linux systems.
Gain visibility into patching status across your estate regardless of OS with new patching solution from the PE console.
Ensure your systems are compliant and patched in a healthy state
How Puppet Enterprise makes patch management easy across your Windows and Linux operating systems.
Presented by: Margaret Lee, Product Manager, Puppet, and Ajay Sridhar, Sr. Sales Engineer, Puppet.
The document discusses how Puppet can be used to accelerate adoption of Microsoft Azure. It describes lift and shift migration of on-premises workloads to Azure virtual machines. It also covers infrastructure as code using Puppet and Terraform for provisioning, configuration management using Puppet Bolt, and implementing immutable infrastructure patterns on Azure. Integrations with Azure services like Key Vault, Blob Storage and metadata service are presented. Patch management and inventory of Azure resources with Puppet are also summarized.
This document discusses using Puppet Catalog Diff to analyze the impact of changes between Puppet environments or catalogs. It provides the command line usage and options for Puppet Catalog Diff. It also discusses how to integrate Puppet Catalog Diff into CI/CD pipelines for automated impact analysis when merging code changes. Additional resources like GitHub projects and Dev.to posts are provided for learning more about diffing Puppet environments and catalogs.
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
ServiceNow and Puppet can be integrated in four key areas: 1) Self-service infrastructure allows non-Puppet experts to control infrastructure through a ServiceNow interface; 2) Enriched change management automatically generates ServiceNow change requests from Puppet changes and populates them with impact details; 3) Automated incident registration forwards details of configuration drift corrections in Puppet to ServiceNow to create incidents; and 4) Up-to-date asset management would periodically upload Puppet inventory data to ServiceNow to keep the CMDB accurate without disruptive discovery runs.
This document discusses how Puppet Relay uses Tekton pipelines to orchestrate containerized workflows. It provides an overview of how Tekton fits into the Relay architecture, with Tekton controllers managing taskrun pods to execute workflow steps defined in YAML. Triggers can initiate workflows based on events, with reusable and composable steps for tasks like provisioning infrastructure or clearing resources. Relay also includes features for parameters, secrets, outputs, and approvals to customize workflows. An ecosystem of open source integrations provides sample workflows and steps for common use cases.
100% Puppet Cloud Deployment of Legacy SoftwarePuppet
This document discusses deploying legacy software into the AWS cloud using Puppet. It proposes modeling AWS resources like security groups, autoscaling groups, and launch configurations as Puppet resources. This would allow Puppet to provision the underlying AWS infrastructure and configure servers launched in autoscaling groups. It acknowledges challenges around server reboots but suggests they can be addressed. In summary, it argues custom Puppet resources can easily model AWS resources and using Puppet to configure autoscaling servers is possible despite some challenges around rebooting servers during deployment.
This document discusses a partnership between Republic Polytechnic's School of Infocomm and Puppet to promote DevOps practices. It introduces several people involved with the partnership and outlines their mission to prepare more IT companies and individuals for jobs in the DevOps field through training courses. The document describes some short courses offered on DevOps topics and using the Puppet and Microsoft Azure platforms. It provides an example of how Republic Polytechnic has automated infrastructure configuration using Puppet to save time and reduce errors. There is a request at the end for readers to register their interest in DevOps by completing a survey.
This document discusses continuous compliance and DevSecOps best practices followed by financial services organizations.
Continuous compliance is defined as an ongoing process of proactive risk management that delivers predictable, transparent, and cost-effective compliance results. It involves continuously monitoring compliance controls, providing real-time alerts for failures and remediation recommendations, and maintaining up-to-date policies. Best practices for continuous compliance discussed include defining CIS controls and benchmarks, achieving transparent compliance dashboards and automated fixes for breaches.
DevSecOps is introduced as bringing security earlier in the application development lifecycle to minimize vulnerabilities. It aims to make everyone accountable for security. Challenges discussed include security teams struggling to keep up with DevOps pace and
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyPuppet
The document discusses using Puppet and Vault together to dynamically manage SSL certificates. Puppet can use the vault_cert resource to request signed certificates from Vault and configure services to use the certificates. On Windows, some additional logic is needed to retrieve certificates' thumbprints and bind services to certificates using those thumbprints. This approach provides automated certificate renewal and distribution across platforms.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Must Know Postgres Extension for DBA and Developer during MigrationMydbops
Mydbops Opensource Database Meetup 16
Topic: Must-Know PostgreSQL Extensions for Developers and DBAs During Migration
Speaker: Deepak Mahto, Founder of DataCloudGaze Consulting
Date & Time: 8th June | 10 AM - 1 PM IST
Venue: Bangalore International Centre, Bangalore
Abstract: Discover how PostgreSQL extensions can be your secret weapon! This talk explores how key extensions enhance database capabilities and streamline the migration process for users moving from other relational databases like Oracle.
Key Takeaways:
* Learn about crucial extensions like oracle_fdw, pgtt, and pg_audit that ease migration complexities.
* Gain valuable strategies for implementing these extensions in PostgreSQL to achieve license freedom.
* Discover how these key extensions can empower both developers and DBAs during the migration process.
* Don't miss this chance to gain practical knowledge from an industry expert and stay updated on the latest open-source database trends.
Mydbops Managed Services specializes in taking the pain out of database management while optimizing performance. Since 2015, we have been providing top-notch support and assistance for the top three open-source databases: MySQL, MongoDB, and PostgreSQL.
Our team offers a wide range of services, including assistance, support, consulting, 24/7 operations, and expertise in all relevant technologies. We help organizations improve their database's performance, scalability, efficiency, and availability.
Contact us: info@mydbops.com
Visit: https://www.mydbops.com/
Follow us on LinkedIn: https://in.linkedin.com/company/mydbops
For more details and updates, please follow up the below links.
Meetup Page : https://www.meetup.com/mydbops-databa...
Twitter: https://twitter.com/mydbopsofficial
Blogs: https://www.mydbops.com/blog/
Facebook(Meta): https://www.facebook.com/mydbops/
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
The Department of Veteran Affairs (VA) invited Taylor Paschal, Knowledge & Information Management Consultant at Enterprise Knowledge, to speak at a Knowledge Management Lunch and Learn hosted on June 12, 2024. All Office of Administration staff were invited to attend and received professional development credit for participating in the voluntary event.
The objectives of the Lunch and Learn presentation were to:
- Review what KM ‘is’ and ‘isn’t’
- Understand the value of KM and the benefits of engaging
- Define and reflect on your “what’s in it for me?”
- Share actionable ways you can participate in Knowledge - - Capture & Transfer
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
2. WHOAMI
• Senior DevOps Engineer at VMware focusing on internal cloud
deployments.
• Nearly 30 Years of Ops/DBA/Developer experience from IBM Mainframes
upwards.
• Based in Palo Alto but work from the
Scottish Highlands J
2
3. Background
• In Oct 2014 VMware acquired the assets of Continuent Inc
• The Continuent team joined VMware’s Hybrid Cloud Business Unit.
• Focusing on bringing DBaaS into vCloudAir
• Needed to migrate Continuent Test/Dev/QA Systems from a mix of outsourced
resources into a new internal vSphere Cluster
• Needs to be non disruptive as product launches are planned
3
NoteThere were some last minute
changes for Continuent which made
some of the slides inconsistent
4. What is(was) Continuent
• Commercial Continuent Tungsten focused on MySQL asynchronous Clustering
• Open Source Tungsten Replicator, moving data from
– MySQL to MySQL
– Oracle to MySQL
– MySQL to Oracle
– MySQL or Oracle to Hadoop
– MySQL or Oracle to Redshift
• Around 20 globally dispersed Engineers and Support staff
4
5. Where were our servers?
5
AWS EastAWS West
RackSpace
Dallas
Hetzner
AWS Singapore
Online.net
6. What we had
• Around 50 Physical and Virtual Linux Hosts running
– Customer facing Website (Joomla)
– Jenkins Environment
– Test and QA Clusters
– Support Jump hosts for accessing Customer sites
– Puppet Master
• All with different configurations some going back 10 years
• Some under Puppet control mainly covering Users and Firewalls
• Centos 4,5 & 6, Ubuntu 12.14…...................
6
7. What we had
• CI Pipelines in Jenkins containing
– 10+ build jobs
– 200+ Unit and Integration tests
– Integration tests running against MySQL, Oracle, Hadoop and AWS Redshift.
7
8. Why Puppet
• A few years ago we compare Puppet vs Chef and getting started with Puppet
was easier
• Looked at Ansible when it matured but didn’t see it as a good choice,
centralized server made sense
• Not a Puppet ‘fanboy’, it’s a tool in our toolbox.
8
9. State Pre migration
• Several machines already ‘puppetized’
• Initial adoption was triggered by several hacks so the modules concentrated on
– Firewalls – controlling ingress into the nodes
– Users – disabling root, maintaining SSH keys for users
– Moving SSH to a new port
– Using a jump host as a gateway
– Initial separate puppet module for tungsten setup (now forked into a OSS
module)
• https://github.com/continuent/continuent-puppet-tungsten
9
10. Why Migrate
• VMware not keen on paying AWS J
• Dealing with multiple vendors was hard
• Hardware was old and no longer met our requirements
• We had around 40 QA hosts QA Team wanted 400+
• Move from external Subversion to internal Git
10
11. Where we were going
• Brand new vSphere 6 cluster running vSAN - 29 x Dell PE R730xd; 24C,
512GB
• Around 300TB of shared vSAN Disk
• 70 x Dell PE R730xd; 12C, 128GB for
physical host testing (Hadoop etc)
• Totally isolated only port 80 and 443
to outside world.
11
13. Constraints/Concerns
• We had committed to ship multiple releases of Continuent Tungsten post
acquisition
• We had to ship them as customers needed re-assurance
• We couldn’t break the QA environment based on 1 and 2 above
• The environment we were moving into was new and
we had limited vCenter knowledge
13
15. New Enviroment (Take 1)
• 29 Hosts Clustered into a single vCenter environment
• Single vSAN Cluster of 320TB
• Deployed a Puppet Master and PuppetDB server
• Started work on new modules
15
16. 2 days later
• All the VM’s deployed had gone
• vSAN cluster had failed
• It appears some one had purchased SSD’s which were not
supported by vSAN
• (this took about 2 weeks to discover)
16
17. New environment (Take 2)
• 29 Hosts Clustered into a single vCenter environment
• ESX hosts set up to used both local disks and a borrowed VNX San
• Deployed a Puppet Master and PuppetDB server
• Started work on new modules
17
19. Infrastructure
19
Jump Puppet DNS NAT SVN
‘External 10.x Network using eth0
Internal 192.168.x Network using eth1
Physical Network
Virtual Hosts
Virtual Network
PuppetManual
20. Puppet modules
• ’Base’ class applied to all hosts
– Users and SSH keys
– Default packages per O/S – Centos and Ubuntu initially
– Remote syslog
– NTP
– Nagios
– eth1 Management
• RDBMS specific
• Jenkins and Monitoring rely heavily on exported resources from the Base
class.
20
21. What are exported resources?
21
“An exported resource declaration specifies a desired state for a resource, does
not manage the resource on the target system, and publishes the resource for
use by other nodes. Any node (including the node that exported it) can
then collect the exported resource and manage its own copy of it.”
https://docs.puppet.com/puppet/latest/reference/lang_exported.html
22. What are exported resources?
22
VM
Information Puppet
Master
DNS
Server
Information
Information Puppet
DB
Puppet
Master
Information
33. Jenkins configuration
• Several hundred tests in Jenkins
• Pre-migration each test specified a cluster to run on.
• Led to bottle necks and problems when a cluster is unavailable
• In the new environment a test just specifies the number of nodes and the O/S it
needs
33
34. Jenkins configuration
• Puppet creates the Jenkins slave using data from exported resources.
• Metadata inserted into the workspace by puppet to allow the test to find the
correct hosts
34
36. Completed Environment
• VM’s deployed using PowerShell to clone template, set hostname and add IP
for eth0
• Nodes booted and ran puppet
• Internal DNS was set correctly in template so puppet agent found the
puppetmaster
• Node configured from puppet master
• Monitoring automatically populated on Nagios hosts when puppet ran on that
host
• DNS records updated in DNS servers
• Cluster registered itself with Jenkins server as a new available node via
exported resources
36
37. Parallel Running
• Tests manually copied from old Jenkins host to new host
• Tests ran in parallel for approx. 1 month
• The only real difference was run time 1day on old env -> 1 hour in new env
• Old environment was decommissioned
37
38. Enhancements
• Needed to start using Windows and SQL Server
• Played with puppet enterprise to look a the puppet sql server module
• Could see the use but it took too long to get the PO approved.
38
39. Future
• VMware EOL all Continuent products in May 2016.
• Continuent Software is being spun back off into a separate Company.
• Currently working on migrating environment back to AWS (using Puppet).
• About 75% of the environment has now been decommissioned and reallocated
to new projects.
• Lessons learnt have been carried through to the next project.
39
40. Lessons Learnt
• Initial investment is high but the long term payoff is good
• Resist the temptation to go a quick hack rather than modify the puppet module
• Resist the temptation to go a quick hack rather than modify the puppet module
• We had lots of issues around memory usage on puppetDB when running 3.7.x
– Allocate lots of JVM memory
– Not run 4.0.x at the same scale yet so I don’t know if it’s fixed.
• Make sure modules are in a SCS system we use Git.
– Develop locally and push to a repo
– Puppet Master pulls the latest code
40