DRAFT 0.28
2020
Config Management Camp 2020 Ghent
2020-02-03
2020-02-05
3
00:05
https://cfp.cfgmgmtcamp.org/2020/schedule/
Europe/Brussels
2020-02-03T08:40:00+01:00
08:40
01:00
ALL
2020-171-monday-breakfast
https://cfp.cfgmgmtcamp.org/2020/talk/ZVDWN8/
false
Monday Breakfast
Break Fast
en
Coffee and Croissants
Everyone
2020-02-03T11:20:00+01:00
11:20
00:20
ALL
2020-177-monday-morning-break
https://cfp.cfgmgmtcamp.org/2020/talk/SQK3XR/
false
Monday Morning Break
Break
en
Coffee and Snacks
Drinks
Everyone
2020-02-03T13:00:00+01:00
13:00
01:00
ALL
2020-174-monday-lunch
https://cfp.cfgmgmtcamp.org/2020/talk/NZFFWB/
false
Monday Lunch
Lunch
en
Lunch (on your own)
Everyone
2020-02-03T15:40:00+01:00
15:40
00:30
ALL
2020-178-monday-afternoon-break
https://cfp.cfgmgmtcamp.org/2020/talk/DUHAKU/
false
Monday Afternoon Break
Break
en
Coffee and Snacks
Everyone
2020-02-03T09:40:00+01:00
09:40
00:50
D Aud
2020-9-untitled-config-game
https://cfp.cfgmgmtcamp.org/2020/talk/VQRGFB/
false
Untitled Config Game
Full Talk - Monday & Tuesday
en
It’s a lovely morning in the data center and you are a horrible ~goose~ devop. What sorts of trouble can you cause? For years, configuration management has been touted as a way of guarding against the fragility that comes from having humans configure things manually, but it isn’t a complete safeguard against things going wrong. In this talk I’ll cover the evolution of configuration management strategies used by operators to increase system robustness and will share stories about the ways that even mature management practices can fail. I’ll also discuss the underlying problem from a human factors and resilience engineering perspective, ways to further increase the reliability of our tools, and how those tools may keep evolving.
Ryn Daniels
2020-02-03T10:30:00+01:00
10:30
00:50
D Aud
2020-21-can-typescript-really-make-infrastructure-management-easy-
https://cfp.cfgmgmtcamp.org/2020/talk/XQNQPU/
false
Can TypeScript really make infrastructure management easy?
Full Talk - Monday & Tuesday
en
In this talk, Paul will demonstrate why TypeScript is a great language of choice for infrastructure management. Pulumi is an open source tool that allows users to write their infrastructure code in TypeScript, Python or Go.
TypeScript allows infrastructure code to have integrated testing, compile time checks as well as being able to create infrastructure APIs. This will show why a real language is more suited to infrastructure management than DSLs, JSON or YAML. In addition, he will cover how to build infrastructure that manages Serverless, PaaS and IaaS systems across multiple cloud providers.
Paul Stack
2020-02-03T11:40:00+01:00
11:40
00:50
D Aud
2020-17-configuration-management-in-2020-and-beyond
https://cfp.cfgmgmtcamp.org/2020/talk/NZG87N/
false
Configuration Management in 2020 and Beyond
Full Talk - Monday & Tuesday
en
What role does configuration management have in containerized and cloud-native infrastructure? What tools and practices have evolved to work with modern cloud platforms like Kubernetes? Is there a way out of the maze of YAML we've trapped ourselves in? In this session, Eric will share perspectives on the evolution of infrastructure platforms and the changes necessary to adapt to the landscape of today – and tomorrow.
After an introduction to cloud native concepts (spoiler: it's more than just YAML) I'll present the result of the last six months of surveying the landscape of config management tools for modern infrastructure. Using the ["Configuration Complexity Clock"](http://mikehadlow.blogspot.com/2012/05/configuration-complexity-clock.html) as a framing device, I explore different categories of tools that have emerged and provide recommendations for practitioners looking to adopt these technologies. (spoiler: don't template YAML)
Eric Sorenson
2020-02-03T12:30:00+01:00
12:30
00:05
D Aud
2020-62-why-compliance-is-essential-in-configuration-management-
https://cfp.cfgmgmtcamp.org/2020/talk/F7WCTS/
false
Why compliance is essential in configuration management?
Ignite - Monday & Tuesday
en
The challenges of automation cannot be demonstrated. It is one of DevOps' CALMS pillars. However, automation serves objectives, and among them, compliance. Puppet Remediate, Chef Inspec, SalStack SecOps, RUDDER… we are all now developing towards compliance.
Why? How does compliance become essential in configuration management? Let's open the debate and talk about it in this 5-minute quick talk.
Alexandre Brianceau
2020-02-03T12:35:00+01:00
12:35
00:05
D Aud
2020-42-manage-configuration-file-entries-with-augeasproviders
https://cfp.cfgmgmtcamp.org/2020/talk/QRR73H/
false
Manage Configuration File Entries with Augeasproviders
Ignite - Monday & Tuesday
en
The Augeasproviders project aims to ease the use of Augeas by providing native Ruby types and providers for Puppet, powered by the Augeas Ruby bindings under the hood. These resource types allow to easily edit configuration files in a clean and idempotent way with Puppet.
/media/2020/images/QRR73H/augeas.png
Raphaël Pinson
2020-02-03T12:40:00+01:00
12:40
00:05
D Aud
2020-18-principle-of-least-configuration
https://cfp.cfgmgmtcamp.org/2020/talk/7LCNLY/
false
Principle of Least Configuration
Ignite - Monday & Tuesday
en
This talk recounts the journey of developing a Linux platform to require very little in the way of configuration management, and how to virtually eliminate the need to modify code to change configuration. From configuration via scripts and evolving through a couple of configuration management products, we have used the idea of matching actions to timescales to transform how we do configuration management. We now do very little of it, and we have dramatically reduced its complexity.
Everyone's familiar with the Principal of Least Privilege, and we probably mostly agree with it.
In 2018, Mark Burgess' gave a talk at Config Management Camp, "A Brief History of Configuration - Managing Sprawl", which addressed the idea of timescales. This helped us to transform how we do configuration management, doing much less of it, and dramatically reducing the complexity of how we do it.
This talk is a brief journey through how we developed our platform to require very little in the way of ongoing configuration management, and how we virtually eliminated the need to change code to do it.
Jay Goldberg
2020-02-03T12:45:00+01:00
12:45
00:05
D Aud
2020-113-magic-yaml
https://cfp.cfgmgmtcamp.org/2020/talk/FTMVQH/
false
Magic YAML
Ignite - Monday & Tuesday
en
You think you know YAML? This talk will show you that you don't.
Julien Pivotto
2020-02-03T12:50:00+01:00
12:50
00:05
D Aud
2020-160-devops-is-dead-servers-are-dying-and-i-don-t-feel-so-great-myself-
https://cfp.cfgmgmtcamp.org/2020/talk/XYUNRM/
false
DevOps is dead, Servers are dying, and I don't feel so great myself.
Ignite - Monday & Tuesday
en
A look at the changing landscape for Operations. With SRE and Kubernetes both on the rise we’re seeing drastic changes in the way we build and operate infrastructure. At the same time Serverless has exploded onto the scene and confused things even further.
A (hopefully) humorous look at the current state of DevOps and the affects of the rise of Kubernetes and Site Reliability Engineering on DevOps, how the culture is changing (again!), the tools are changing, and how we deploy and operate applications are changing. At the same time Serverless has exploded onto the scene and the thought* leaders are once again throwing terms like NoOps around.
The future however is bright and the Savvy Operator / DevOps practitioner will thrive and everything will turn out fine, and I’ll tell you why, and offer you hugs if you are struggling with change.
Paul Czarkowski
2020-02-03T12:55:00+01:00
12:55
00:05
D Aud
2020-136-rethinking-open-source-in-the-age-of-cloud
https://cfp.cfgmgmtcamp.org/2020/talk/V3PXUY/
false
Rethinking Open Source in the Age of Cloud
Ignite - Monday & Tuesday
en
The last several years has brought explosive growth to the realm of open source. Many new projects have started, and many have went on to become foundational components of running applications at scale. Cloud providers have focused on a strategy of embracing open source not only to help build value added services, but to also make it easy to use open source on their compute platforms. Open source companies have reacted by changing their software licenses in an attempt to cut out the Cloud providers.
So what does this mean for the future of open source? In this talk we’ll revisit some of the foundational tenets of open source, and compare these ideas to where open source has evolved. We’ll also talk about the pros and cons, and maybe unintended consequences, of Cloud based computing.
Michael Ducy
2020-02-03T14:00:00+01:00
14:00
00:50
D Aud
2020-71-head-in-the-clouds-testing-infra-as-code
https://cfp.cfgmgmtcamp.org/2020/talk/M3QX7K/
false
Head in the Clouds: Testing Infra as Code
Full Talk - Monday & Tuesday
en
Infrastructure-as-code has been one of the key concepts within DevOps to allow the benefits of a full development cycle for infrastrcuture and allow better visibility of the operations process.
However, when we're writing and applying this IaC, we're often interacting with disparate systems, often geographically dispersed and with very different API's and responses. To further complicate things, different teams also have different concerns: Will this break prod? Will this cost too much? Will this comply with our policies?
We'll be discussing the different kind of testing that organisations are doing, what tools are right for each job, and how to keep the various teams happy. To do that, we'll be giving some examples with most of the popular IaC tools, where policy fits in and even covering where testing blurs the lines with observability.
/media/2020/images/M3QX7K/face-less-than-1mb.png
Peter Souter
2020-02-03T14:50:00+01:00
14:50
00:50
D Aud
2020-4-yang-and-netconf-model-based-configuration-management-for-networks
https://cfp.cfgmgmtcamp.org/2020/talk/GMYDLJ/
false
YANG and NETCONF - model-based configuration management for networks
Full Talk - Monday & Tuesday
en
In the networking world, configuration management is as much a hot topic as it is in the systems world. In contrast to the systems world, the networking world is full of proprietary devices, each with their own configuration "language". The IETF has standardized (and many vendors have implemented) a protocol to configure network equipment (NETCONF) and a data modeling language (YANG) to represent configuration and state data of the devices.
This talk will give an introduction to YANG and NETCONF, discuss how they relate to concepts in systems configuration management and how it could be used to configure traditional systems.
The NETCONF protocol ([RFC 6241](https://tools.ietf.org/html/rfc6241)) is an XML-based RPC protocol to view, install, manipulate, and delete the configuration and state of network devices.
YANG ([RFC 6020](https://tools.ietf.org/html/rfc6020)) is "a data modeling language used to model configuration and state data manipulated by the Network Configuration Protocol (NETCONF), NETCONF remote procedure calls, and NETCONF notifications. YANG is used to model the operations and content layers of NETCONF."
It can be both be used to configure devices, read their state (temperature, interface counters etc.) and allow the devices to send notifications to the NETCONF client of events happening in the system.
This combination of technologies can be seen as "SNMP on steroids without the MIBs". Many network equipment vendors implement this standard and it is used in some large-scale ISP networks.
Pieter Lexis
2020-02-03T16:00:00+01:00
16:00
00:50
D Aud
2020-126-doomed-are-the-dinosaurs-ii
https://cfp.cfgmgmtcamp.org/2020/talk/KNZY3C/
false
Doomed are the dinosaurs II
Full Talk - Monday & Tuesday
en
It may be hard to image, but some sysadmins do not operate in ideal, tightly controlled circumstances. Apparently, not every developer, application or organization is ready for Kubernetes…
In this presentation we will share a real world use case: deploying and configuring a brand new natural history museum. We’ll show how we built the museum with open source software and config management tools, dealing with a broad set of technologies, a tight schedule, a sector dominated by traditional organizations fixated on proprietary solutions and a whole bunch of actual fossils. We’ll show how far we’ve come, and what choices we made along the way.
Specifically, in this talk we will showcase in detail some of the automation code we developed in the process. For example, we will elaborate on the way how we use Ansible and AWX to configure switchports, (re)deploy computers from scratch with MAAS, configure those computers with the relevant role and provision relevant content, all in one automated workflow.
David Heijkamp
2020-02-03T16:50:00+01:00
16:50
00:50
D Aud
2020-48-dynflow-orchestration-for-your-ruby-project
https://cfp.cfgmgmtcamp.org/2020/talk/3NPFXH/
false
Dynflow - Orchestration for your Ruby project
Full Talk - Monday & Tuesday
en
This talk introduces Dynflow, the dynamic workflow engine. It starts with a high level description of what the project does and what benefits it brings to its users. Next it describes the building blocks and commonly used action modules using which the user can create complex workflows with examples where each of the modules could be useful. The final part of the talk delves into Dynflow's internals, describing both the monolithic and the new split deployment models.
Adam Ruzicka
2020-02-03T17:40:00+01:00
17:40
00:25
D Aud
2020-5-dns-as-code-with-octodns
https://cfp.cfgmgmtcamp.org/2020/talk/7LJCYW/
false
DNS as code with octoDNS
Short Talk - Monday & Tuesday
en
Versioning and keep track of your DNS records changes and automatize all the thing via Travis CI.
In this talk will be illustrate how to manage a DNS infrastructure with a git repository and pull requests, will be also show how to easy setup multiple zones backup with multiple DNS providers. Will be also outline the benefits form this approach, like a better visibility of DNS records status for all the team/company and the delegation of permissions.
Matteo Valentini
2020-02-03T14:00:00+01:00
14:00
00:50
B. Con
2020-67-your-own-kubernetes-operator-not-only-in-go
https://cfp.cfgmgmtcamp.org/2020/talk/C8NJWD/
false
Your own Kubernetes Operator: Not Only in Go
Full Talk - Monday & Tuesday
en
In Kubernetes, operators allow the API to be extended to your heart content. If one task requires too much YAML, it’s easy to create an operator to take care of the repetitive cruft, and only require a minimum amount of YAML.
On the other hand, since its beginnings, the Go language has been advertised as closer to the hardware, and is now ubiquitous in low-level programming. Kubernetes has been rewritten from Java to Go, and its whole ecosystem revolves around Go. For that reason, It’s only natural that Kubernetes provides a Go-based framework to create your own operator. While it makes sense, it requires organizations willing to go down this road to have Go developers, and/or train their teams in Go. While perfectly acceptable, this is not the only option. In fact, since Kubernetes is based on REST, why settle for Go and not use your own favorite language?
In this talk, I’ll describe what is an operator, how they work, how to design one, and finally demo a Java-based operator that is as good as a Go one.
Nicolas Fränkel
2020-02-03T14:50:00+01:00
14:50
00:50
B. Con
2020-53-the-hard-thing-about-kubernetes-it-s-the-infrastructure-
https://cfp.cfgmgmtcamp.org/2020/talk/XYKNEH/
false
The Hard Thing About Kubernetes (It's the Infrastructure!)
Full Talk - Monday & Tuesday
en
Most cloud providers now offer "easy to use" managed Kubernetes clusters, allowing us to get up and running in no time. Then our teams can just deploy containerized apps to them and life is good ..... Or is it? The truth is, this apparent simplicity fades quickly. The difficulties of adopting Kubernetes really hit hard on day two and beyond, when you need to integrate with existing infrastructure technologies and techniques. This includes IAM, networking, load balancing, DNS, monitoring, and logging, in addition to practices like continuous delivery, zero-downtime upgrades, and principle of least authority. Most of us underestimate how difficult these production concerns will be — even though it's getting easier by the day, it's still no casual walk in the park. In this talk, we'll discuss common challenges we see with end users and how we have approached addressing them. You will gain a broad awareness of these challenges so you know what to be on the lookout for and, by being proactive and going in with eyes wide open, will significantly increase the odds of success in your own team's journey to containers and Kubernetes.
Paul Stack
2020-02-03T16:00:00+01:00
16:00
00:50
B. Con
2020-81-kubernetes-as-cfgmgmt-tool
https://cfp.cfgmgmtcamp.org/2020/talk/PELMKA/
false
Kubernetes as CfgMgmt-Tool
Full Talk - Monday & Tuesday
en
Depending on the viewpoint, we can call Kubernetes a cloud, a scheduler or a configuration management tool. Kubernetes is a configuration management tool for the container platform itself, for the deployment of the application containers, the routing and loadbalancing within the container network and the provisioning of persistent storage for important container data.
Using the principle of Infrastructure as Code and a declarative model, we can define the desired state in files containing so-called Kubernetes resource configurations. By applying these configurations in a fully declarative way, we can tell Kubernetes the desired state. We can make use of version control, separation of code and data, and idempotence. By doing so, we achieve automation, standardization and reproducibility.
This talk focuses on the combination of Git and Kubernetes for the administration of the container platform. We use Git for version control of our Kubernetes resource configurations and perform a fully declarative application of these configurations to Kubernetes.
Andy Wirtz
2020-02-03T16:50:00+01:00
16:50
00:25
B. Con
2020-130-config-mgmt-for-kubernetes-workloads-with-gitops-and-helm
https://cfp.cfgmgmtcamp.org/2020/talk/FRSHZ8/
false
Config Mgmt for Kubernetes workloads with GitOps and Helm
Full Talk - Monday & Tuesday
en
Kubernetes provides a declarative API, so you can describe the desired state of the system. And then it is the role of the control plane to operate the cluster (make the actual state match the desired state).
But we still need config mgmt for API objects to the point when they are applied to the cluster.
Helm helps to organize these configs into charts, template them, and manage releases. And GitOps lets you use a git repo as a single source of truth for the desired state of the whole system. Then all changes to this state are delivered as git commits instead of using kubectl apply or helm upgrade.
In this talk I will introduce the GitOps model for operating cloud native environments and give a short demo.
After using the GitOps model for over a year I can see that it’s still in early days compared to config management tools like puppet. I will try to show what are the strong areas and what still seems to be missing.
In this talk I’ll show two CNCF projects:
* Flux CD: https://fluxcd.io/
* Helm: https://helm.sh/
Tomasz Tarczynski
2020-02-03T17:40:00+01:00
17:40
00:25
B. Con
2020-7-your-own-kubernetes-lab-with-k3s
https://cfp.cfgmgmtcamp.org/2020/talk/XYHHNR/
false
Your own kubernetes lab with k3s
Short Talk - Monday & Tuesday
en
Have a working kubernetes on your laptop as lab environment then k3s, which is a lightweight kubernetes distribution, is your friend. K3s is also an ideal way to get acquainted with kubernetes and to test out your own containerised applications before moving to a real kubernetes cluster. This talk will introduce you to k3s and guide you how to set it and show you some practical usages with demo.
gratiendhaese
2020-02-03T14:00:00+01:00
14:00
00:50
B.1.015
2020-78-hacking-terraform-engineer-your-migration-to-iac
https://cfp.cfgmgmtcamp.org/2020/talk/GACZXX/
false
Hacking Terraform: Engineer your Migration to IaC
Full Talk - Monday & Tuesday
en
**Infrastructure as Code (IaC)** is considered the predominant approach to manage Cloud Infrastructure at large scale. **Terraform** is the market-leading tool implementing this approach, including support for all big Clouds Providers. It is extremely convenient to start new projects from scratch and automate your infrastructure right away. But what if you started without? What if you want to manage big amounts of *pre-existing Cloud resources* with Terraform?
Terraform's **import** command is one building block, but using it manually for many resources is very tedious and error-prone. A complete import mechanism is announced by Hashicorp, but it is unclear when it will be implemented. In this talk I will show you how to work smart, not hard: we will automate the import into the statefile, generate the required Terraform code and engineer the correctness of the result with automated tests. All hands-on and with practical examples, that you can reuse to migrate your own infrastructure.
Constantin Weisser
2020-02-03T14:50:00+01:00
14:50
00:25
B.1.015
2020-116-terraform-configuration-without-the-mess
https://cfp.cfgmgmtcamp.org/2020/talk/ASE9RA/
false
Terraform Configuration Without The Mess
Short Talk - Monday & Tuesday
en
One of the most frequent complaints about Terraform is the state that configuration gets itself into after a repository have been living for a few years. The root cause is often that teams treat Terraform as configuration instead of code, and throw basic software engineering principles out the window as a result. In this talk, we'll look at proven patterns for writing Terraform configuration which ages well and remains an asset instead of a liability.
James Nugent
2020-02-03T15:15:00+01:00
15:15
00:25
B.1.015
2020-95-design-draw-deploy-your-aws-infrastructure-from-inception-to-production
https://cfp.cfgmgmtcamp.org/2020/talk/BAQSNP/
false
Design, Draw, Deploy your AWS infrastructure from inception to production
Short Talk - Monday & Tuesday
en
Once the infrastructure is designed you should be able to deploy it effortlessly. This has long been the goal and can now become a reality!
Cloud solution architects and DevOps engineers want to have a faster conversion from idea to product. They don’t necessarily care about the foundation on which it runs. It’s supposed to work and provide the functionality specified. So how do you go about making that happen?
What if there would be a way to draw an architecture online and get the infrastructure for it implemented as code automatically?
During the talk, I will demo how it is possible to create AWS architectural diagram in the browser and get it converted to working Terraform configurations and show it all in action.
This talk will be rather interactive and involve the audience, as I will be asking for inputs and base the demo on them.
Keywords: Terraform, terraform-aws-modules, modules.tf, open-source.
Anton Babenko
2020-02-03T16:00:00+01:00
16:00
00:50
B.1.015
2020-79-the-road-to-reliability-infrastructure-testing-explained
https://cfp.cfgmgmtcamp.org/2020/talk/XDBXDL/
false
The Road to Reliability: Infrastructure Testing explained
Full Talk - Monday & Tuesday
en
For years, there has been a shift to "Infrastructure as Code (IaC)". The code we write daily is not just the application itself, but also definition of whatever Cloud Infrastructure the application needs. Tools like Terraform, Pulumi or Cloud APIs support this approach. The code base we start with is often simple and clear, the resulting infrastructure predictable. Growing code bases, entangled components and more advanced language features such as conditional configurations make it increasingly hard to foretell if everything works as expected.
In this talk, you will learn ways to test your infrastructure code. We will cover a variety of tools and approaches, that allow you to engineer the reliability of your productive infrastructure and make you confident to roll out more infrastructure changes in less time. This is not a theoretical lesson. We will walk through real-life examples with visible benefits that you can apply yourself right away.
Constantin Weisser
2020-02-03T16:50:00+01:00
16:50
00:25
B.1.015
2020-86-vault-deploy-organizing-terraform-code-for-multiple-vault-clusters
https://cfp.cfgmgmtcamp.org/2020/talk/QZXENV/
false
Vault Deploy: Organizing Terraform Code for Multiple Vault Clusters
Short Talk - Monday & Tuesday
en
Using a Terraform Module and standing up one instance of a module is very common. And spinning up one Vault cluster is fairly straight forward. But what happens when you need to go from 1 instance to 4? This presentation covers how to develop and organize a Terraform project to manage multiple HA Vault Clusters for deployment. As a Senior Implementation Services Engineer for HashiCorp, I've been working with customers large and small to help them put Vault into production, and I will talk about the different strategies and patterns I've seen in the field.
Shobhna Shastri
2020-02-03T14:00:00+01:00
14:00
00:50
B.1.017
2020-30-maintaining-over-40-ansible-modules-4-years-later
https://cfp.cfgmgmtcamp.org/2020/talk/U7CGMZ/
false
Maintaining over 40 Ansible modules: 4 years later
Full Talk - Monday & Tuesday
en
The [Foreman](https://theforeman.org) community maintains a [collection of over 40 Ansible modules](https://github.com/theforeman/foreman-ansible-modules) for interaction with the Foreman API and the various plugin APIs. This all started with two modules in `ansible/ansible` in 2016 and escalated from there.
Today we want to share the lessons learned from these three years of module development and maintenance.
Including:
* efficient abstraction -- all modules talk to the same base API, receive the same credentials and execute similar actions, let's abstract that away!
* good tests -- nobody wants to break stuff, but you have to `assert` that.
* migrating to new API libraries -- should be fairly easy with an abstraction layer, right?
* onboarding new contributors -- (un)surprisingly the hardest part after you've built something for your own needs.
We also want to talk about what's next: How we can further improve and ease the interaction? Which challenges we see in the future?
Evgeni Golov
2020-02-03T14:50:00+01:00
14:50
00:50
B.1.017
2020-73-ansible-collaboration-within-your-organization
https://cfp.cfgmgmtcamp.org/2020/talk/KSEFVV/
false
Ansible Collaboration within your Organization
Full Talk - Monday & Tuesday
en
Ansible is an incredible tool for personal and team productivity, but sharing Ansible Role and Collection content between parts of your organization, or across teams, is hard. Sharing content publicly using galaxy.ansible.com is an option, but everything you post is now public. Alternatively, private git repos are viable, but it can be difficult to scale technical git knowledge and access within organizations.
Learn to enable Ansible collaboration within your organization using pulp_ansible - https://pulp-ansible.readthedocs.io/. You’ll learn how to upload, organize, and download Role and Collection Ansible content using the regular ansible-galaxy command line. Pulp_ansible is easy to install using Ansible itself, which we will also do. Once setup it provides a directory that individuals and teams can use to share and consume Role and Collection content with others securely and privately. You’ll also learn about the quality checks pulp_ansible provides as it analyzes content it hosts.
Brian BouterseOleksandr Saprykin
2020-02-03T16:00:00+01:00
16:00
00:25
B.1.017
2020-112-global-linux-client-with-ansible-and-foreman
https://cfp.cfgmgmtcamp.org/2020/talk/QNSP9S/
false
Global Linux client with Ansible and Foreman
Short Talk - Monday & Tuesday
en
This is the story of RLC, Roche Linux Client, deployed globally in 13 sites. Fully Integrated to our corporate environment. This talk is about how open source tools like **Ansible**, **Foreman** and **Aptly** made it all possible. Ultimately changing minds about how automation can bring value to our organisation.
RLC is based on Ubuntu desktop following LTS releases.
Mirroring and snapshot of Ubuntu package repositories allow reproducibility.
Foreman and ipxe give control and audit trail about deployments.
Ansible configures everything.
Eric Keller
2020-02-03T16:25:00+01:00
16:25
00:25
B.1.017
2020-46-rudder-and-ansible-a-love-story
https://cfp.cfgmgmtcamp.org/2020/talk/ETU7DJ/
false
Rudder and Ansible: a love story
Short Talk - Monday & Tuesday
en
Ansible as a deployment tool, and Rudder as a compliance tool. How to move your Ansible tasks to Rudder, in order to use the best of both worlds?
What's the difference between deployment and compliance?
With an historical pool of Ansible playbooks used to deploy and configure our whole infrastructure, we wanted to integrate compliance in our process to follow up changes easily and to maintain a fully known infrastructure.
What tasks could be replaced by Rudder techniques, how to choose them, and what would be the advantages?
Victor HéryFlorian Ganée
2020-02-03T16:50:00+01:00
16:50
00:50
B.1.017
2020-129-using-ansible-vault-to-secure-passwords-ssh-keys-and-secure-tokens-
https://cfp.cfgmgmtcamp.org/2020/talk/VYUYVH/
false
Using Ansible Vault to secure passwords, ssh keys and secure tokens.
Full Talk - Monday & Tuesday
en
Have you ever committed personal token, password or ssh public keys to GitHub ? or any public source code repository ? The devops culture is rapidly getting adopted and often we get to know instances where private important data was pushed to GitHub. Considering the adoption of Ansible usage this session covers below details,
1. What is Ansible, Ansible basics.
2. What is Ansible Vault ?
3. How to use Ansible Vault ?
4. Use cases of Ansible Vault.
4. Demonstration.
Amit Upadhye
2020-02-03T14:00:00+01:00
14:00
00:50
B.2.009
2020-93-observability-is-more-than-logs-metrics-traces
https://cfp.cfgmgmtcamp.org/2020/talk/BEATSF/
false
Observability is More than Logs, Metrics & Traces
Full Talk - Monday & Tuesday
en
You know the drill: DevOps is using tool(s) X. So obviously, observability can be solved by throwing some tools together as well; generally logs, metrics, and traces often called the trifecta of observability.
But observability is not a tool — it is a property of a system. Moving from many small blackboxes to a more holistic view of your system. It includes tools, but not exactly three distinct features (especially if your solution happens to support those). For example, if half your user base cannot access your service because of some bad DNS settings and external health checks are not part of your trifecta, you are none the wiser.
This is not (just) a rant, but a look at the actual value to be added and some approaches to it. Like turning your logs into richer events that align with your business. Which is not solved by fancy tools alone.
Philipp Krenn
2020-02-03T14:00:00+01:00
14:00
00:25
B.2.010
2020-158-continuous-delivery-infrastructure-edition-
https://cfp.cfgmgmtcamp.org/2020/talk/Q3HEG3/
false
Continuous Delivery: Infrastructure Edition!
Short Talk - Monday & Tuesday
en
Application delivery pipelines can make it a lot easier to quickly iterate on applications, but what about infrastructure? There’s toil hiding everywhere in infrastructure management, including processes like scaling up or down, patching, and more. On top of that, security requirements are often a huge consideration.
In this talk, we’ll explore some strategies for continuously delivering your infrastructure using an end-to-end CI/CD pipeline. We will also make use of infrastructure as code tools to manage the full infrastructure lifecycle with testing and feature flags.
Attendees will learn how this use case can help build patterns for others, and some ideas for improving their infrastructure provisioning and management!
Application delivery pipelines can make it a lot easier to quickly iterate on applications, but what about infrastructure? In this talk, we’ll explore some strategies for continuously delivering your infrastructure using an end-to-end CI/CD pipeline. Attendees will learn how this use case can help build patterns for others, and some ideas for improving their infrastructure provisioning and management!
Xander Grzywinski
2020-02-03T14:00:00+01:00
14:00
00:50
B.2.011
2020-183-automate-monitoring-with-salt-and-checkmk
https://cfp.cfgmgmtcamp.org/2020/talk/HUCXAZ/
false
Automate Monitoring with Salt and CheckMK
Full Talk - Monday & Tuesday
en
Intelligent Automation meets Intelligent Monitoring. Enable synergies between Salt & check**mk**
**Learn how to:**
- Setup quickly a full functional monitoring environment
- Add your Salt-Minions automatically to check**mk**
- Install check**mk** Monitoring Agents via Salt
- Use Salt Grains within check**mk** to define Rules
- Send check**mk** notifications via the Salt Event Bus
- React on check**mk** events with the Salt Reactor System
Philipp Lemke
2020-02-03T14:50:00+01:00
14:50
00:50
B.2.011
2020-182-running-ansible-within-salt-get-the-best-of-both-worlds
https://cfp.cfgmgmtcamp.org/2020/talk/7EUV3A/
false
Running Ansible within Salt - Get the best of both worlds
Full Talk - Monday & Tuesday
en
At SUSE we love Salt for configuration management and infrastructure orchestration. We actively develop and integrate Salt as a core component of some of our products. At times we work with customers and users who chose Ansible as their configuration management engine. They invested time and effort designing Ansible playbooks to define their infrastructure and they don't want to waste the effort. But often they then realize that with Salt they can do even more to configure and control their infrastructure with real-time, persistent monitoring, event-driven orchestration, extreme modularity, and more.
The Fluorine release of Salt comes with a new module called ansiblegate which was created by SUSE and allows Ansible to be run from within Salt, offering the best of both worlds. You can execute any Ansible module directly using Salt and you can even reuse your own Ansible playbooks and apply them using Salt.
This session will show how Salt is able to run Ansible using ansiblegate providing users with the flexibility and optionality required to manage and secure diverse infrastructure at scale. SUSE loves openness, and this project gives Ansible and Salt users alike the ability to protect existing investments while leveraging the best infrastructure automation and configuration management for the job.
Pablo Suárez Hernández
2020-02-03T16:00:00+01:00
16:00
00:50
B.2.011
2020-164-manage-virtual-machines-like-configuration-with-salt
https://cfp.cfgmgmtcamp.org/2020/talk/HR39GE/
false
Manage Virtual Machines like Configuration with Salt
Full Talk - Monday & Tuesday
en
Virtual Machines are live things, but what if I want to manage them just like configuration? [Salt](https://docs.saltstack.com/en/latest/ref/states/all/salt.states.virt.html) helps you doing it by defining the VMs using states. This talk will be showing off how to leverage this feature. The talk will quickly walk through the basics of Salt states before exploring the `virt` state. Then we will see how Salt uses [libvirt](https://libvirt.org/) to get this done.
Since this is also used by [Uyuni](https://www.uyuni-project.org/), the session will provide an insight of a real-life use case.
Cédric Bosdonnat
2020-02-03T16:50:00+01:00
16:50
00:50
B.2.011
2020-124-managing-secrets-using-saltstack-and-pillar
https://cfp.cfgmgmtcamp.org/2020/talk/9LTMZG/
false
Managing Secrets Using SaltStack and Pillar
Full Talk - Monday & Tuesday
en
When using any sort of automation system for either remote execution or configuration management, one of the major advantages is the ability to reduce repetitive tasks. Often tasks in these scenarios involve using sensitive information such as passwords. In this talk we’ll look at how the SaltStack Pillar system can be used to store secrets and securely provide them to only the Salt minions that should have access to them. We'll look at how we can take advantage of external systems to store our Pillar data.
When using any sort of automation system for either remote execution or configuration management, one of the major advantages is the ability to reduce repetition. By using state files with SaltStack, commonly used tasks can be automated so that the next time these tasks need to be performed the action is repeatable and consistent. Often tasks in these scenarios involve using sensitive information such as passwords and the need to securely store and securely provide that information arises. This is where the Salt Pillar system comes in.
In this talk we’ll walk through some basic usage of the Pillar system, including the ability to target data at specific Salt minions. We'll look at ways Pillar can help us reuse state files in multiple environments such as Dev, QA, and Production. We'll also look at ways that data can be stored encrypted while at rest using tools such as GPG. Finally, we'll look at storing pillar data in external systems such as databases like MySQL, source control systems like Git, and Hashicorp Vault.
The talk will include:
* A brief introduction to Salt Stack.
* Using SaltStack Pillar to store and provide secrets.
* Ways to encrypt the data managed by Pillar.
* Storing and retrieving Pillar using external systems such as Hashicorp Vault.
Gareth J Greenaway
2020-02-03T14:00:00+01:00
14:00
00:25
B.2.015
2020-24-the-foreman-community-update
https://cfp.cfgmgmtcamp.org/2020/talk/RSKH7F/
false
The Foreman Community Update
Short Talk - Monday & Tuesday
en
Another year, another CfgMgmt community update. I'll be going over what's new, what changed, and what our plans might look like for the future
Tomer Brisker
2020-02-03T14:25:00+01:00
14:25
00:25
B.2.015
2020-109-to-foreman-2-0-and-beyond-an-architecture-perspective
https://cfp.cfgmgmtcamp.org/2020/talk/ZEW3FP/
false
To Foreman 2.0 and beyond: an architecture perspective
Short Talk - Monday & Tuesday
en
The Foreman project is 10 years old, but there's still plenty of things to change. In this presentation we'll go over the current Foreman architecture as well as Katello before looking to the future with Foreman 2.0 and Katello 4.0.
Foreman and Katello consist of multiple services which interact with each other. In this talk we will discuss these services and how they communicate both in a vanilla Foreman (1.24) and a Katello (3.14) setup. This means Foreman, Foreman Proxy, Katello, Pulp and Candlepin with their the connections and databases. The optional services like Puppetserver, DNS, DHCP, TFTP and compute resources will also be handled.
Foreman 1.25 becomes Foreman 2.0 and there is also a rough roadmap to Katello 4.0. Major versions means dropping support.
From an architecture perspective Foreman 2.0 is not a huge change but a lot of implementation details will change. Foreman will limit database support to PostgreSQL, drop Debian Stretch and Ubuntu Xenial allowing us to only support Ruby 2.5+. Dynflow will use Redis to allow scaling out and Puma will replace Passenger. On EL7 systems PostgreSQL will be upgraded to version 10 and the Foreman Proxy will run on Ruby 2.5.
In Katello 4.0 the changes are more significant. It won't be a huge surprise that Pulp is a huge driver in the major version. Work is already under way to support Pulp 3. Pulp 3 uses PostgreSQL and Redis instead of MongoDB and Qpid in Pulp 2. For full removal of Qpid, the Candlepin event handling in Katello is also changed. From an operational perspective it will be easier to deal with fewer services.
Note this talks about architecture but not the actual delivery. That means it won't be about switching to containers but knowing your architecture can be seen as a prerequisite to containers.
Ewoud Kohl van Wijngaarden
2020-02-03T14:50:00+01:00
14:50
00:50
B.2.015
2020-27-managing-content-in-your-large-scale-datacenter-with-katello
https://cfp.cfgmgmtcamp.org/2020/talk/RD3BHY/
false
Managing Content in Your Large-Scale Datacenter with Katello
Full Talk - Monday & Tuesday
en
If you’re seeking an open-source solution for managing your physical or virtual servers’ software content, then Katello could be for you! Through Katello, magnitudes of servers’ content can be easily and quickly managed via web browser. Files and software packages can be remotely synced or uploaded and then grouped into Lifecycle Environments at a per-content-unit level. Synced content in Katello can be easily deployed onto servers and stepped through Lifecycle Environments such as Development, Testing, and Production, or as many as are needed. Katello can also keep administrators aware of CentOS/RHEL errata -- bug fixes, enhancements, and security patches.
Already an avid user of Katello? Features new to Katello within the past few years will be highlighted, such as dependency solving and Composite Content View auto-publishing. Also, to inspire new ways to use Katello, we’ll explore content-enabled Smart Proxies and see a demonstration of an automated web server deployment. Whether you’re new to Katello or a pro, you're invited to join this community presentation and discussion!
Topics discussed include:
* Syncing repositories and uploading content to the local server
* Adding filtered content to Content Views
* Setting up Lifecycle Environments such as Dev -> Test -> Prod
* Moving a provisioned and registered host through Lifecycle Environments
* Patching host content using errata
* Subscription management
* Deploying content using Remote Execution (REX)
* Provisioning and data syncing off-site using content-enabled Smart Proxies
* Highlighting of select new Katello features
* A demo of using Foreman+Katello to deploy a web server
/media/2020/images/RD3BHY/katello.png
Ian Ballou
2020-02-03T16:00:00+01:00
16:00
00:25
B.2.015
2020-36-creating-api-and-cli-for-foreman-kubevirt-compute-resource
https://cfp.cfgmgmtcamp.org/2020/talk/78UL3X/
false
Creating API and CLI for Foreman Kubevirt Compute Resource
Short Talk - Monday & Tuesday
en
This talk will go over adding an API and CLI for a new Compute Resource in Foreman.
We will start with a quick introduction to the Kubevirt Compute Resource.
Then, we will dive into the code needed for adding API endpoints and a Hammer plugin that uses the API to allow provisioning automation and management of a Compute Resource.
The main take away from the talk will be to see how easy it is to create API and CLI support for a new Compute Resource.
Shira Maximov
2020-02-03T16:25:00+01:00
16:25
00:25
B.2.015
2020-132-creating-reports-based-on-foreman-data
https://cfp.cfgmgmtcamp.org/2020/talk/7RR9NN/
false
Creating reports based on Foreman data
Short Talk - Monday & Tuesday
en
Foreman is a well known infrastructure management swiss army knife. Recently it got a new reporting engine that can be used to gather interesting data about managed hosts. In this talk I'll show how to do that, discuss possible gotchas and explain best practices.
In this talk I'll demonstrate reporting engine capabilities. I'll explain what report template is and how it's supposed to be constructed. A demo will contain building a new report template from scratch. We'll discuss safe-mode limitations and look at ways how to overcome them. I'll share best practices for writing, managing and sharing report templates. At the end I'll spend some time on performance tweaking and debugging.
Marek Hulan
2020-02-03T16:50:00+01:00
16:50
00:50
B.2.015
2020-101-getting-data-out-of-your-foreman
https://cfp.cfgmgmtcamp.org/2020/talk/8KFCEQ/
false
Getting data out of your Foreman
Full Talk - Monday & Tuesday
en
This talk will be about getting data for troubleshooting out of Foreman. I will take a look at multiple solutions, have a look at how easy they are to setup and which data they provide.
There are some additional solution to get data out of Foreman, you are probably not aware of. I will take a look at three of them focusing on how easy they are to setup and which data they provide:
* [Foreman-Elasticsearch](https://github.com/lzap/foreman-elasticsearch) provides instructions to setup Foreman, Journald, Rsyslog, and Elasticsearch to get your logs visualized
* [Foreman-Supervisory-Authority](https://github.com/timogoebel/foreman_supervisory_authority) provides integration with Elastic-APM for Application Performance Monitoring
* [Foreman-Concrete](https://github.com/timogoebel/foreman_concrete) provides integration with Sentry to collect software errors
Dirk Götz
2020-02-03T14:40:00+01:00
14:40
03:00
B.3.026
2020-184-hackerroom
https://cfp.cfgmgmtcamp.org/2020/talk/JCWCBP/
false
Hackerroom
Workshop - Wednesday
en
Hacker Room
Everyone
2020-02-03T14:50:00+01:00
14:50
00:50
B.3.036
2020-25-achieving-fully-hands-off-deployment-of-an-icinga-2-cluster-using-puppet
https://cfp.cfgmgmtcamp.org/2020/talk/WFYXGP/
false
Achieving fully hands-off deployment of an Icinga 2 cluster using Puppet
Full Talk - Monday & Tuesday
en
Although some excellent Puppet modules are provided for deploying Icinga 2, gluing everything together into a cluster with multiple satellite zones and redundancy can still be challenging, as you still need to provide the right configuration, endpoints, ... to each additional node.
This talk will introduce some techniques we use to automate this process as much as possible. By leveraging PuppetDB queries, custom Puppet functions, etc. we can achieve a level of automation where new nodes can automatically discover the endpoints they need, and bootstrapping additional satellites is as easy as flipping a feature toggle.
Additionally, techniques for leveraging Icinga 2 apply rules as much as possible are introduced, in order to define thousands of services without the need for superfluous exported resources. This means we can reduce the stress on PuppetDB, which results in a high-performance, highly scalable setup overall.
Lander Van den Bulcke
2020-02-03T16:00:00+01:00
16:00
00:50
B.3.036
2020-122-grafana-dashboard-automation
https://cfp.cfgmgmtcamp.org/2020/talk/E9DJ3F/
false
Grafana Dashboard Automation
Full Talk - Monday & Tuesday
en
This talk demonstrates technologies for automating Grafana dashboard generation and deployment.
Grafana configuration can nowadays be fully done as code, which enables code review, code reuse, and in general better workflows when working with dashboards.
This talk will present Grafonnet, a Jsonnet library to generate Grafana dashboards and some tips and tricks about how to use it efficiently and how to manage fully your Grafana instances from code. We will also explore how Jsonnet and Grafonnet enable collaboration on dashboards, using Mixins and explain how to push dashboards to Grafana, either using Kubernetes, or direct to the Grafana API.
Malcolm HolmesJulien Pivotto
2020-02-03T16:50:00+01:00
16:50
00:50
B.3.036
2020-150-rollout-all-your-prometheus-exporters-with-puppet-
https://cfp.cfgmgmtcamp.org/2020/talk/YHPERS/
false
Rollout all your Prometheus exporters with Puppet!
Full Talk - Monday & Tuesday
en
Everybody loves Prometheus. Many exporters are available to gather specific data. You can download the binaries from GitHub, start them and they will expose data via plain HTTP, without any firewalling or authentication. That would just complicate the whole setup!
A secure and automated rollout of exporters isn't easy. Also an authenticated connection from the prometheus server to the exporters requires some preparation. This talk will cover a proper concept and all details to rollout multiple exporters to many systems, completely automated with Puppet.
Tim Meusel
2020-02-03T14:50:00+01:00
14:50
00:25
B.3.037
2020-91-autopilot-but-never-let-go-of-the-wheel
https://cfp.cfgmgmtcamp.org/2020/talk/FUEYJV/
false
Autopilot, but never let go of the wheel
Short Talk - Monday & Tuesday
en
From TOIL to Continuous Delivery of Infrastructure, our tail of migrating our existing Infrastructure as code tools & wrappers so that they can be used in a CD system, but with all of the control grey-beards, enterprises & governments expect.
A tail of how we took our terraform tooling from being human focussed (and thus causing much more TOIL than was reasonable) and adapted it work within a sane set of pipelines, enabling drift checking, automated deployments & approved deployments that fit with in a multi-environment, sovereign-control organisation, while still retaining the ability to "run from your laptop" in an emergency or in bootstrap mode. We'll also cover the patterns that emerged for building tools that are both human & tool friendly, for progressive roll-out of changes & why CI/CD for VM based infrastructure requires better techniques that "fixing the build".
Simon McCartney
2020-02-03T16:00:00+01:00
16:00
00:25
B.3.037
2020-134-using-git-submodules
https://cfp.cfgmgmtcamp.org/2020/talk/USU8EM/
false
Using Git submodules
Short Talk - Monday & Tuesday
en
There are countless articles and blogs warning about the pitfalls in Git submodule usage, in effect resulting in an "avoid at all costs" recommendation. By contrast, this talk examines when and how to use Git submodules from a neutral point of view. Legitimate use cases, managing pitfalls, and alternatives will all receive their fair due.
The talk focuses on my own experiences using Git submodules.
I generally take the view that the pitfalls are often exaggerated and that there is no reason to categorically avoid Git submodules where the conditions are right.
That being said, there are conditions and pitfalls one should be aware of. As with any other tool, Git submodules have their use cases and limitations.
The talk will also include a short comparison with Git subtrees as a possible alternative to submodules.
Quirin Pamp
2020-02-03T16:50:00+01:00
16:50
00:25
B.3.037
2020-19-what-s-new-in-cfengine
https://cfp.cfgmgmtcamp.org/2020/talk/QWXZD3/
false
What's new in CFEngine
Short Talk - Monday & Tuesday
en
Come hear about what's new in CFEngine with the latest long term supported
release and share perspectives about future work to prioritize.
3.15.0 was released at the end of 2019. Come learn about the work done since the
last LTS release (3.12.0). Chat with the core development team and share your
perspective about what you would like to see worked on in preparation for our
next long term support release.
/media/2020/images/QWXZD3/agent_logo.svg.png
Nick Anderson
2020-02-04T08:30:00+01:00
08:30
01:00
ALL
2020-172-tuesday-breakfast
https://cfp.cfgmgmtcamp.org/2020/talk/RCBJRX/
false
Tuesday Breakfast
Break Fast
en
Coffee and Croissants
Everyone
2020-02-04T11:10:00+01:00
11:10
00:20
ALL
2020-179-tuesday-morning-break
https://cfp.cfgmgmtcamp.org/2020/talk/UKWAYA/
false
Tuesday Morning Break
Break
en
Coffee and Snacks
Everyone
2020-02-04T13:00:00+01:00
13:00
01:00
ALL
2020-175-tuesday-lunch
https://cfp.cfgmgmtcamp.org/2020/talk/SBNFM9/
false
Tuesday Lunch
Lunch
en
On your own
Everyone
2020-02-04T15:40:00+01:00
15:40
00:30
ALL
2020-180-tuesday-afernoon-break
https://cfp.cfgmgmtcamp.org/2020/talk/KF3CGA/
false
Tuesday Afernoon Break
Break
en
Coffee and Snacks
Everyone
2020-02-04T09:30:00+01:00
09:30
00:50
D Aud
2020-168-i-got-99-problems-and-a-bash-dsl-ain-t-one-of-them-
https://cfp.cfgmgmtcamp.org/2020/talk/BW77ZZ/
false
I got 99 problems and a bash DSL ain't one of them.
Full Talk - Monday & Tuesday
en
I got 99 problems and a bash DSL ain't one of them.
I got 99 problems and a bash DSL ain't one of them.
John Willis
2020-02-04T10:20:00+01:00
10:20
00:50
D Aud
2020-1-how-convenience-is-killing-open-standards
https://cfp.cfgmgmtcamp.org/2020/talk/FAHZWJ/
false
How Convenience Is Killing Open Standards
Full Talk - Monday & Tuesday
en
All the technical freedom and diversity we enjoy in our industry is the result of internal, grass root evangelism. Over the last couple of decades, thought leaders have strongly opposed manufacturer-centric strategies and argued the case of Open Source and Open Standards. This ultimately led to the success of Linux and Open Source we have today.
But now, two decades later, the IT industry is in upheaval again: All three major cloud providers have been pushing their serverless solutions in order to lure customers into a new form of vendor lock-in. And they succeeded: The number of serverless deployments has already surpassed those of container based ones.
“So this is how liberty dies … with thunderous applause”
I think there is no time to waste, to remind ourselves about Open Standards, their value to our industry, and why it is worth to fight for them to survive. Open Standards go beyond the boundaries of development and operation. They are the foundation of a barrier free interoperability and independent communications. The lecture aims to inspire the connection between both worlds and paradigms for a modern and flexible application infrastructure.
Bernd Erk
2020-02-04T11:30:00+01:00
11:30
00:50
D Aud
2020-14-nomad-kubernetes-without-the-complexity
https://cfp.cfgmgmtcamp.org/2020/talk/DKD9YM/
false
Nomad: Kubernetes, without the complexity
Full Talk - Monday & Tuesday
en
Nomad is a container orchestrator which is cross-platform, scalable, stable, and easy to operate. In this session, I will demonstrate how to create a Nomad cluster, and show how it's architecture and configuration differs from Kubernetes; making it easier to operate and cheaper!
We will then deploy a dotnet core application and some services into the cluster, and show how integration with other infrastructure and services can be done in a way which can reduce the complexity of your applications.
By the end of this session, you should have a good understanding of how most of your deployment problems can be solved without having to resort to the operational complexity and overheads of using Kubernetes.
Andy Davies
2020-02-04T12:30:00+01:00
12:30
00:05
D Aud
2020-39-bare-metal-provisioning-with-ansible-and-cobbler
https://cfp.cfgmgmtcamp.org/2020/talk/DW87SJ/
false
Bare Metal Provisioning with Ansible and Cobbler
Ignite - Monday & Tuesday
en
An overview of an actual bare metal provisioning scheme powered by Ansible and Cobbler, with support for several Linux flavors and virtual machines.
/media/2020/images/DW87SJ/puppies.jpg
Felix Frank
2020-02-04T12:35:00+01:00
12:35
00:05
D Aud
2020-41-terraboard-a-web-interface-to-view-terraform-data
https://cfp.cfgmgmtcamp.org/2020/talk/Q8H7KX/
false
Terraboard, a web interface to view Terraform data
Ignite - Monday & Tuesday
en
The Terraform project has grown a lot in popularity since its inception in 2015. Many resources that were not automated as code yet can now be managed this way.
The Terraboard project aims to provide a web interface to visualize and query Terraform states.
/media/2020/images/Q8H7KX/terraboard_logo_only.png
Raphaël Pinson
2020-02-04T12:40:00+01:00
12:40
00:05
D Aud
2020-45-switching-from-docker-to-cri-o
https://cfp.cfgmgmtcamp.org/2020/talk/BJYDHK/
false
Switching from Docker to CRI-O
Ignite - Monday & Tuesday
en
cri-o is considered safer than Docker lacking the latter’s privileged central daemon and, additionally, produces less overhead because it does not contain techniques already provided by, for instance, kubernetes clusters. That’s why it is gaining popularity as an alternative to Docker. The large distributions already switched to cri-o as a default backend in their container plattforms (OpenShift and CaaS). But I, personally, had to overcome a lot of uncertainties before actually starting to use it.
There were many open questions regarding the effort needed for a successful transition, change of habits or procedures:
- Is the transition irreversible?
- Where do I get images from? Are the runtimes compatible?
- Which new commands do I have to learn?
- Can I continue using my CI/CD system?
- Do I have to change my workflow?
Similar question arose in my work environment, so I started to collect these questions – and the answers.
Jan Bundesmann
2020-02-04T12:45:00+01:00
12:45
00:05
D Aud
2020-96-terraform-pulumi-but-what-do-we-really-need-
https://cfp.cfgmgmtcamp.org/2020/talk/UCZSX3/
false
Terraform, Pulumi... but what do we really need!?
Ignite - Monday & Tuesday
en
We may have too many good options to choose from, aren't we? "Terraform is going to be replaced with Pulumi" - I was told. Well, I suppose that Pulumi will be replaced with what users actually WANT to use... My observations in infrastructure as management tooling in 5 minutes.
Anton Babenko
2020-02-04T14:00:00+01:00
14:00
00:50
D Aud
2020-57-designing-and-building-a-large-scale-cd-system
https://cfp.cfgmgmtcamp.org/2020/talk/AXXBFP/
false
Designing and building a Large Scale CD system
Full Talk - Monday & Tuesday
en
A look at designing a git driven CD system for software packages used to deploy software to 100s of thousands of nodes continuously
This talk will discuss the design and implementation of a bespoke Continuous Delivery system suitable for delivering packaged software to 100s of thousands of nodes in a developer driven git based deployment scenario.
We will discus:
* What came before - twice yearly deploys and how that impact velocity and software
* How a system was designed and built that can today support 10s of deploys a day as well as handling initial node provision continuously at scale and in many locations across the world.
* We'll look at developer CLI tooling to interact with the CD system
* Observability of the system for real time global view
* Manageability of the system wrt things like circuit breakers and big red buttons to stop bad deployments
* A contract based packaging approach that was used to embed in each package its configuration management and monitoring.
We'll look at the impact this had on software building practices, quality and team happiness.
R.I.Pienaar
2020-02-04T14:50:00+01:00
14:50
00:50
D Aud
2020-117-one-tool-to-rule-them-all-infrastructure-testing-and-compliance-with-chef-inspec
https://cfp.cfgmgmtcamp.org/2020/talk/RUDALG/
false
One tool to rule them all, Infrastructure Testing and Compliance with Chef Inspec
Full Talk - Monday & Tuesday
en
In this talk, I will demonstrate the use of Chef Inspec for testing all your infrastructure with Inspec, no matter how you build it.
I will cover traditional testing, and also compliance testing on servers, plus how you can verify the state of other types of Infrastructure using APIs.
Kimball Johnson
2020-02-04T16:00:00+01:00
16:00
00:50
D Aud
2020-146-challenges-of-internet-of-things-at-scale
https://cfp.cfgmgmtcamp.org/2020/talk/XHK7LF/
false
Challenges of Internet of Things at scale
Full Talk - Monday & Tuesday
en
The Internet of Things (IoT) is the extension of Internet connectivity into physical devices and everyday objects. Embedded with electronics, internet connectivity, and other forms of hardware (such as sensors), these devices can communicate and interact with others over the internet, and they can be remotely monitored and controlled.
This means that internet connected devices are moving out of the data centers and into a new environment which brings a range of new challenges. A dominating technology in this area is GNU/Linux and although best practices have been established for GNU/Linux in the desktop and server world, the IoT space is still in its infancy and is most accurately comparable to the wild west due to the vast options in hardware configurations and software stacks.
In this presentation Mirza will cover specific areas within this space, highlight the challenges and how they are solved today using open-source technologies.
Key areas that Mirza will cover are:
- Characteristic of the connected device environment
- Software updates and life cycle management
- Device management (Configuration management)
- Security
We will also take a closer look on some of the trends that are emerging, as “server technologies” are moving towards the edge devices.
/media/2020/images/XHK7LF/IMG_5404.jpg
Mirza Krak
2020-02-04T16:50:00+01:00
16:50
00:50
D Aud
2020-64-why-you-should-revisit-mgmt
https://cfp.cfgmgmtcamp.org/2020/talk/SQELLN/
false
Why you should revisit mgmt
Full Talk - Monday & Tuesday
en
mgmt has been around for 3+ years but unless you have taken the time to dig in, you probably don't know a lot about it.
As the project was presented early and and evolved a lot in the last months, I would like to do a special-effect free presentation about what it can do and how it can help you to manage your infrastructure.
Julien Pivotto
2020-02-04T17:40:00+01:00
17:40
00:50
D Aud
2020-83-mgmt-config-autonomous-datacentres
https://cfp.cfgmgmtcamp.org/2020/talk/A88LTB/
false
Mgmt Config: Autonomous Datacentres
Full Talk - Monday & Tuesday
en
Mgmt is a real-time automation tool that is fast and safe. One goal of the tool is to allow users to model and manage infrastructure that was previously very difficult or impossible to do so previously.
The tool has two main parts: the engine, and the language. This presentation will have a large number of demos of the language.
To showcase this future, we'll show some exciting real-time demos that include scheduling, distributed state machines, and reversible resources.
As we get closer to a 0.1 release that we'll recommend as "production ready", we'll look at the last remaining features that we're aiming to land by then.
Finally we'll talk about some of the future designs we're planning and discuss our free mentoring program that helps interested hackers get involved and improve their coding, sysadmin, and devops abilities.
James (purpleidea)
2020-02-04T10:20:00+01:00
10:20
00:50
B. Con
2020-135-automating-security-response-with-serverless
https://cfp.cfgmgmtcamp.org/2020/talk/YD8UGG/
false
Automating Security Response with Serverless
Full Talk - Monday & Tuesday
en
Serverless (or Functions as a Service) tends to get thrown in the "paradigms nice for developers" bucket, but Serverless can provide meaningful benefits to Operations, DevOps, and SRE teams. In a world where everything is presented or controlled via an API, Serverless' event driven, api first philosophy can help these teams create new levels of automation that were typically the realm of runbook tooling.
In this talk we'll cover the various open source Serverless frameworks and platforms available. We'll show how to automate basic day to day operational task with Serverless functions. Finally, we will show how to build an open source, automated, Serverless based, event driven pipeline to automatically secure and protect a Kubernetes cluster. Attendees will walk away with fresh ideas on how to leverage Serverless based automation in their operational roles.
Michael Ducy
2020-02-04T11:30:00+01:00
11:30
00:50
B. Con
2020-92-cross-os-security-hardening
https://cfp.cfgmgmtcamp.org/2020/talk/ZPBPEV/
false
Cross-OS security hardening
Full Talk - Monday & Tuesday
en
We have created a Rudder policy that covers all OS that we support at our customers, or that will be coming around (i.e. beta of a new version).
For our __managed systems__, it covers distro-/OS-specific settings with a generic rule that “what makes sense everywhere, will be applied everywhere”.
For __human eyes__, it needs to have a clear design that eases understanding and maintenance.
### experiences
A rough description how to approach building a hardening policy, anyway.
* kernel module blacklists, limits & sysctls
* fine-tuning addons like auditd or OSSEC for safety and low footprint
* mixing OS-specific and globally applicable settings
* breaking vendor support (my favorite OS ain’t supported?)
* abstracting OS-specific package and service names
* docs docs docs
* the necessity of independent testing (Lynis, Packer/inSpec, Monitoring) and its boundaries
why __independent__ testing? because if we (flawed human) design the policy, we (same flawed human) should not design the final test :-)
### takeaway
We'll wrap it up while looking at some practical stuff, i.e. why nsjail is awesome as a containment technology for services.
Should you walk into the room and listen you’ll get a rough idea of sustainable policy design but also of what a sec policy looks like if it's not made only for filling checklists.
Florian Heigl
2020-02-04T12:20:00+01:00
12:20
00:25
B. Con
2020-15-web-application-firewall-friend-of-your-devops-pipeline-
https://cfp.cfgmgmtcamp.org/2020/talk/8QQMP8/
false
Web Application Firewall - Friend of your DevOps pipeline?
Short Talk - Monday & Tuesday
en
Web Application Firewalls (WAF) often raise concern about false positives, latency and other potential production problems. In addition, it is often said, that DevOps and WAF do not fit together. That is a pity, since the WAF helps to protect us from web application attacks, like those described by the OWASP Top Ten. But what if you could ensure that introducing and using a WAF went smoothly?
I will show how to integrate a WAF with WAF testing automation into a continuous integration (CI) pipeline. This pipeline ensures that developers receive early and often feedback about their WAF, saves them time and headaches down the line. In fact, DevOps, testing and automation only make sense if all components are part of the process.
Needless to mention, I as an [OWASP Core Rule Set (CRS)](https://coreruleset.org) developer and enthusiast introduced the CRS to [Puzzle ITC](https://www.puzzle.ch/) when I joined them in 2019!
By providing YAML templates, we want to make it easy for developers to introduce WAFs into projects.
Franziska Bühler
2020-02-04T12:45:00+01:00
12:45
00:25
B. Con
2020-89-seccomp-your-next-layer-of-defense
https://cfp.cfgmgmtcamp.org/2020/talk/3HGCT8/
false
seccomp — Your Next Layer of Defense
Short Talk - Monday & Tuesday
en
Why should you allow all possible system calls from your application when you know that you only need some? If you have ever wondered the same then this is the right talk for you. We are covering:
* What is seccomp in a nutshell and where could you use it.
* Practical example with Elasticsearch and Beats.
* How to collect seccomp violations with Auditd.
Because your security approach can always use an additional layer of protection.
Philipp Krenn
2020-02-04T14:00:00+01:00
14:00
00:50
B. Con
2020-166-automating-and-managing-clusters-with-helm
https://cfp.cfgmgmtcamp.org/2020/talk/FPHVRW/
false
Automating and Managing Clusters with Helm
Full Talk - Monday & Tuesday
en
Are you are one of the many people migrating their projects to Kubernetes? Have you found setting up and maintaining various app and cluster configurations an ordeal? Enter Helm, the package manager for Kubernetes.
What does a package manager have to do with this? This session has the answer! We will walk through some of the lessons learned about stability and migration with the recently released major version of Helm – Helm 3. We will cover how to avoid common mistakes and pitfalls. We will also introduce the improvements to the Helm SDK which aid the automation of your deployments in code. To wrap things up, there will be working examples of how to automate deployments and configurations.
Taylor ThomasMartin Hickey
2020-02-04T14:50:00+01:00
14:50
00:50
B. Con
2020-123-tanka-a-tool-for-managing-k8s-ksonnet-rises-again
https://cfp.cfgmgmtcamp.org/2020/talk/RM8PZH/
false
Tanka, a tool for managing K8s: ksonnet Rises Again
Full Talk - Monday & Tuesday
en
Introducing Tanka, a scalable Jsonnet based tool for deploying and managing Kubernetes Infrastructure
There are various tools available for managing Kubernetes resources. Whether they be Helm, Kustomize or others. Ksonnet offered a powerful approach with tremendous promise, but was discontinued by developers. In this presentation we will introduce Tanka, a drop in replacement for Ksonnet developed at Grafana labs and available on GitHub. For those not familiar with Ksonnet, we will introduce the Jsonnet language, and demonstrate its power as a way of interacting with Kubernetes. We will then demonstrate some of the enhancements we have already made to Tanka, and then explain our roadmap for the tooling, and how we believe it is already the best of breed configuration management solution for Kubernetes.
Malcolm Holmes
2020-02-04T16:00:00+01:00
16:00
00:50
B. Con
2020-131-kapitan-generic-configuration-management-for-kubernetes-terraform-and-other-things
https://cfp.cfgmgmtcamp.org/2020/talk/VMDCKH/
false
Kapitan: generic configuration management for Kubernetes, Terraform and other things
Full Talk - Monday & Tuesday
en
When building infrastructure with technologies such as Kubernetes and Terraform, the complexity of configuration quickly becomes hard to manage, especially with multiple engineers contributing code and config. [Kapitan](kapitan.dev) was created at DeepMind to manage complex environments to generate config, documentation and even scripts.
This talk will give you an overview of how [Kapitan](kapitan.dev) provides a generic approach to promote DRY with modularisation, abstract and parameterise configuration, manage secrets & dependencies, validate config and maintain infrastructure documentation up-to-date.
/media/2020/images/VMDCKH/kapitan_logo.png
Ricardo Amaro
2020-02-04T16:50:00+01:00
16:50
00:50
B. Con
2020-163-scalable-configuration-with-cue
https://cfp.cfgmgmtcamp.org/2020/talk/37NWX3/
false
Scalable configuration with CUE
Full Talk - Monday & Tuesday
en
CUE is a new abstract-oriented constraint-based configuration language and set of APIs. This talk dives into how it came about and the problems it solves.
This talk covers a brief history of configuration at Google as well as the ideas and experience that led to the design of CUE. Aspect-orientation is key to any successful configuration at scale. Although a complete different approach, it is what underpins the philosophy of CRDs in Kubernetes land. CUE shows an alternative constraint-based approach that can scale to very large configurations covering multiple domains. The talk concludes with a demo.
Marcel van Lohuizen
2020-02-04T14:00:00+01:00
14:00
00:50
B.1.015
2020-32-automating-the-vox-pupuli-yak-shaving
https://cfp.cfgmgmtcamp.org/2020/talk/LJ99XY/
false
Automating the Vox Pupuli Yak Shaving
Full Talk - Monday & Tuesday
en
Vox Pupuli maintains a huge amount of puppet modules and utilizes GitHub heavily for maintenance and daily tasks. We've built an app to support all the module maintainers in their daily work.
Vox Pupuli Tasks (VPT) is a web application which summarizes various informations for easy access about modules which need some attention. This helps the maintainer to focus more on the actual work rather then figuring out where attention is missing.
Also VPT uses the Github API to create comments and monitors open pull requests to notify their autors about things they may have forgotten (merge conflics, outdated states).
We also have big plans for the tool and want to bring some attention to it and find out what could be added or changed to enhance it more and more.
See [our GitHub project](https://github.com/voxpupuli/vox-pupuli-tasks#vox-pupuli-tasks---the-webapp-for-community-management) if you are curious about the code or contributing.
/media/2020/images/LJ99XY/8bit-vox.png
RobertTim Meusel
2020-02-04T14:50:00+01:00
14:50
00:25
B.1.015
2020-143-case-study-porting-the-whole-world-to-a-new-api
https://cfp.cfgmgmtcamp.org/2020/talk/9YDCRA/
false
Case study: porting the whole world to a new API
Short Talk - Monday & Tuesday
en
Designing the perfect v2 of your API is never enough: look at Perl6 or Python3. In the case of Puppet, look at the cleverly named "modern 4.x function API". The original function API was kind of a mess. It allowed global object pollution, was slow, leaked across environments, and in general contributed to Puppet master instability. But it was "good enough" and so building a new function API that addressed these issues didn't mean that people updated their modules. So I did it for them. I built a tool that ports functions from the old API to the new API and submitted a few hundred auto-generated pull requests to Puppet modules all over the Internet (maybe even to one of yours…)
I'll show you how the tool itself works, and the pull request workflow, and then talk about what this means for raising the bar on ecosystem engagement.
Ben Ford
2020-02-04T15:15:00+01:00
15:15
00:25
B.1.015
2020-99-foreman-installer-6-years-of-wrapping-puppet
https://cfp.cfgmgmtcamp.org/2020/talk/MA73XE/
false
foreman-installer: 6 years of wrapping Puppet
Short Talk - Monday & Tuesday
en
In 2013 the Foreman project started to wrap Puppet modules into an installer. After 6 years it's good to look back at how it went.
[foreman-installer](https://github.com/theforeman/foreman-installer) is a feature rich installer built on [kafo](https://github.com/theforeman/kafo) which wraps Puppet modules. The exposed Puppet modules are scanned, parameters extracted (initially only [rdoc](https://github.com/ruby/rdoc), later also [puppet-strings](https://github.com/puppetlabs/puppet-strings)) and saved into an answers file. It can expose multiple scenarios exposing different sets of modules and own defaults. All of this is exposed in to Puppet via Hiera. When upgrading, there are migrations that can be automatically applied.
In this talk we'll go over the goals of foreman-installer, how you can build your own installer and lessons learned.
Ewoud Kohl van Wijngaarden
2020-02-04T16:00:00+01:00
16:00
00:50
B.1.015
2020-37-running-puppet-from-mgmt-on-overdrive
https://cfp.cfgmgmtcamp.org/2020/talk/KWWZ9Z/
false
Running Puppet from mgmt on overdrive
Full Talk - Monday & Tuesday
en
We added Puppet support to mgmt quite early on. You can run Puppet manifests through mgmt's engine, and mgmt can in turn rely on Puppet to synchronize resources that mgmt does not natively support. This incurs a significant performance overhead to each resource check, though.
This presentation showcases a new prototype feature of mgmt that allows for the use of the Puppet bridge with no performance penalties. It features live demos, and the concept and implementation are briefly explained.
/media/2020/images/KWWZ9Z/ludicrous-speed.jpg
Felix Frank
2020-02-04T16:50:00+01:00
16:50
00:50
B.1.015
2020-140-test-your-infrastructure-with-litmus
https://cfp.cfgmgmtcamp.org/2020/talk/XZMN3A/
false
Test your infrastructure with litmus
Full Talk - Monday & Tuesday
en
We have been able to test our puppet modules using rspec-puppet and
serverspec for a while now and the quality of our code is improving because
of it. This talk will introduce the new kid on the block litmus. This talk will show you how
to use litmus to test puppet modules and how to convert your existing modules to make use of litmus.
Bram Vogelaar
2020-02-04T17:40:00+01:00
17:40
00:50
B.1.015
2020-165-that-s-not-my-puppet-things-not-to-do-and-some-alternatives-
https://cfp.cfgmgmtcamp.org/2020/talk/MSZWHA/
true
That's not my puppet - Things *not* to do (and some alternatives)!
Full Talk - Monday & Tuesday
en
Whilst best practices do involve over time (and sometimes 'advice' changes completely), there's also the other end of the spectrum where
style-guides are ignored, house 'styles' take over and the anti-patterns and worse prevail.
Fed up with being told 'it works, why shouldn't I write puppet this way?', I present a selection of puppet code witnessed in the wild.
(All from non Puppet Enterprise setups. PE users all write beautiful code and none of it ever looks like what follows, right?)
From just old code, (with better and simple to achieve improvements), to the darn right ugly, stupidly fragile or just plain broken.
Including
- Old constructs (from a land before puppet 4) (create_resource, anchor etc).
- Abuse of hiera
- Too much data
- The super hash. $data = hiera_hash('data') $jdk_version = $data['oracle']['java']['jdk']['version']
- Calling hiera from templates with local scope vars used in the hierarchy
- duplication
- Abuse of `Exec`.
- Why use a file resource when you can have an exec call `mkdir`?
- Replacing an old script with 30 chained execs
- Ruby based facts that shell out to `hostname` and `grep`
- Mono repos with forge modules seemingly randomly committed in then modified in place.
- Writing everything from scratch (even when really simple and popular forge modules exist)
Finally, is there anything we can do about this (other than venting frustration at conferences?).
Alexander Fisher
2020-02-04T14:00:00+01:00
14:00
00:50
B.1.017
2020-16-lessons-learned-from-testing-over-200-000-lines-of-infrastructure-code
https://cfp.cfgmgmtcamp.org/2020/talk/VQGZUG/
false
Lessons learned from testing over 200,000 lines of Infrastructure Code
Full Talk - Monday & Tuesday
en
If we are talking that infrastructure is code, then we should reuse practices from development for infrastructure, i.e.
* S.O.L.I.D. for Ansible.
* Pair devopsing as part of XP practices.
* Infrastructure Testing Pyramid: static/unit/integration/e2e tests.
/media/2020/images/VQGZUG/Untitled.png
Lev Goncharov
2020-02-04T14:50:00+01:00
14:50
00:50
B.1.017
2020-26-probing-ansible-bonds-with-molecule-tests
https://cfp.cfgmgmtcamp.org/2020/talk/AMU8TP/
false
Probing Ansible Bonds with Molecule tests
Full Talk - Monday & Tuesday
en
The maxim "Test all the things" has not only become a winged word, but is also correct in its basic idea.
Ansible is no exception and not least because of the planned restructuring towards a collection system, where single roles including their necessary modules should be available as entities for import, it is necessary to be able to test single Ansible roles.
The Ansible Molecule Framework - since October 2018 officially in its "new home under Ansible by RedHat" - offers these possibilities and tries to support different providers. In this talk we want to provide an insight into Molecule usage and discuss the possibilities and challenges that it brings.
Bernhard HopfenmüllerMatthias Dellweg
2020-02-04T16:00:00+01:00
16:00
00:50
B.1.017
2020-8-ansible-with-ara-on-rhel7-centos7-welcome-to-hell-
https://cfp.cfgmgmtcamp.org/2020/talk/WU37XZ/
false
Ansible with ARA on RHEL7/CentOS7, welcome to hell!
Full Talk - Monday & Tuesday
en
A lot of servers still run RHEL7 or CentOS7. But running Ansible with ARA on this moves you into dependency hell.
ARA needs Python3, CentOS delivers this, but not in `/usr/bin/python`. ARA needs `nodejs`. CentOS only has an old version..........
I will try to show you how I solved this hell and created a working Ansible with ARA environment
Installing ARA (https://ara.recordsansible.org/) used to be a breeze, but with the newest version the newest version of NodeJS is required as is Python3. Both are standard not available on RHEL7 and CentOS7, so, so tricks need to be used to get things going,
In this presentation I'll try to show the way to solve this problem
Ton Kersten
2020-02-04T16:50:00+01:00
16:50
00:50
B.1.017
2020-148-foreman-on-ansible
https://cfp.cfgmgmtcamp.org/2020/talk/H39JJZ/
false
Foreman on Ansible
Full Talk - Monday & Tuesday
en
Why to integrate Ansible and Foreman with each other and how to get the most value when using Ansible from Foreman. I will describe two primary approaches of using Ansible from Foreman. Firstly usage of ansible as a configuration management, where hosts are kept in a predefined state. The second usage as a more remote execution fashion. The talk goes over several scenarios and demonstrates how Foreman can leverage Ansible to effortlessly solve the issues present in the given scenarios and what approach is better for each use case.
Ondřej Ezr
2020-02-04T14:00:00+01:00
14:00
00:50
B.2.009
2020-3-infrastructure-as-code-in-action-how-we-built-a-platform-during-a-cloud-migration
https://cfp.cfgmgmtcamp.org/2020/talk/ZMJUP8/
false
Infrastructure as code in action ! - How we built a platform during a cloud migration
Full Talk - Monday & Tuesday
en
A large application landscape, handling 96.000 requests per minute has been successfully migrated to the cloud.
That migration was not only about focussing on the application.
While we applied an lift'n'shift approach to the application, managing the target infrastructure became crucial.
We needed to make sure that a team of 40 people was able to reproduce environments consistently across many geographies. Introducing Infrastructure as code was one of the best decisions we made.
This talk is about our journey from a client's datacenter to a fully customized cloud platform on Azure.
You will see how we used Terraform and Azure DevOps to create a platform for a connected vehicle backend.
Thorsten Jakoby
2020-02-04T14:50:00+01:00
14:50
00:50
B.2.009
2020-82-migrating-a-build-farm-from-on-prem-to-aws
https://cfp.cfgmgmtcamp.org/2020/talk/EGJCKT/
false
Migrating a build farm from on-prem to AWS
Full Talk - Monday & Tuesday
en
If you are considering a lift-and-shift from on-prem to public cloud, this talk is for you. Our team runs a centralized build farm for Nokia's software division. The build farm consists of a fleet of Jenkins Masters, a Kubernetes cluster, artifact storage, and various back-office services for monitoring and automation. This talk gives an overview of how we migrated our build farm from an on-prem OpenStack-based datacenter to AWS. It was a successful migration, but we made several mistakes along the way and would like to share what we learned.
Stack: Ansible, AWX, Terraform, Jenkins, Artifactory, Prometheus, Grafana, Elasticsearch, Kubernetes, AWS EKS
Slides: https://www.slideshare.net/ClaesBuckwalter/migrating-a-build-farm-from-onprem-to-aws
Claes Buckwalter
2020-02-04T16:00:00+01:00
16:00
00:50
B.2.009
2020-120-modernizing-the-cfengine-project
https://cfp.cfgmgmtcamp.org/2020/talk/J7H39V/
false
Modernizing the CFEngine project
Full Talk - Monday & Tuesday
en
Mark Burgess released the initial version of CFEngine in 1993. It's been used, and developed by people all around the world since then. It's a large C codebase, with a lot of history. In the last few years, we've been taking important steps to prepare the codebase for the future. We are making it more modular, reusable, safe, and maintainable.
This talk will touch on various aspects of maintaining a large open source code base. Modularity, code quality / style, contribution guidelines, collaboration. We are using parts of the codebase to develop new projects, like a new syntax checker for CFEngine policy language, and invite developers to use our codebase in their software.
We will also show some modern technologies used for code analysis and testing. We are using Jenkins, Travis, Codecov, LGTM / GitHub CodeQL, ASAN, valgrind, in our CI setup. These tools help us uncover memory leaks, bugs, security issues, regressions, etc. in an efficient way. We will focus on how easy it is to introduce these tools, even to large projects with several dependencies.
The speakers are working on the CFEngine project full time, employed by Northern.tech, the company behind Mender.io and CFEngine.
Ole Herman Schumacher ElgesemVratislav Podzimek
2020-02-04T16:50:00+01:00
16:50
00:25
B.2.009
2020-35-data-driven-configuration-with-cfengine-s-classfiltercsv-function
https://cfp.cfgmgmtcamp.org/2020/talk/7CHYSH/
false
Data-Driven Configuration with CFEngine's classfiltercsv function
Short Talk - Monday & Tuesday
en
Data-driven configuration management is a design pattern that can reduce complexity, improve outcomes, and empower engineers to make configuration changes without having to modify code. The new classfiltercsv function in CFEngine 3.14 makes it straightforward to implement a data-driven approach, allowing for:
- Using configuration rather than code to do configuration management
- Deploying simpler code that is easier to use and maintain
- Focusing on higher-order issues
While this talk demonstrates how to use CFEngine's classfiltercsv function to produce these results, the discussion of the approach to data-driven configuration may be of interest to anyone in the configuration management community.
Jay Goldberg
2020-02-04T14:00:00+01:00
14:00
00:50
B.2.010
2020-77-a-rudder-walkthrough-manage-your-configurations-through-compliance
https://cfp.cfgmgmtcamp.org/2020/talk/QVNQHD/
false
A RUDDER walkthrough: manage your configurations through compliance
Full Talk - Monday & Tuesday
en
This talk is designed for people wanting to discover or learn more about how things are done on a day-to-day basis with Rudder. Based on our experience helping Rudder users achieve their automation and compliance goals, this session will detail real-world examples, and describe and explain step-by-step the development and application of policies.
We will cover:
* policy development workflow (advanced reporting analysis, debugging methods)
* best practices in policy organization
* various productivity tips
* reporting and compliance focused policies (component names, rules organization, et.)
* commonly encountered problems
* API usage to collect information (Excel export, ...)
* audit vs. configuration
Alexis Mousset
2020-02-04T14:50:00+01:00
14:50
00:25
B.2.010
2020-60-what-s-new-in-rudder-and-future-roadmap
https://cfp.cfgmgmtcamp.org/2020/talk/VVJCGQ/
false
What’s new in RUDDER and future roadmap
Short Talk - Monday & Tuesday
en
This year, we have only released one major version. After 5.0, we moved on to... the 6.0!
What has happened in RUDDER since last year? Let's discover together this new version, as well as all the new plugins: Ansible, OpenSCAP, Zabbix... And finally, let's discuss the next development of RUDDER for 2020!
Alexandre Brianceau
2020-02-04T15:15:00+01:00
15:15
00:25
B.2.010
2020-69-using-rudder-plugins-to-package-tools-and-configuration-policies
https://cfp.cfgmgmtcamp.org/2020/talk/S9BS7Q/
false
Using RUDDER plugins to package tools and configuration policies
Short Talk - Monday & Tuesday
en
In Rudder 5.0 we have introduced a plugins’ ecosystem to make Rudder more flexible and adaptable to user needs. Plugins aim to bring new functionalities to Rudder: to plug it with other tools or simply package re-usable policy sets for example. Even though the currently available plugins cover a large range of functionalities, you may need to create new ones or extend current ones to meet your specific needs.
This talk will go through the process of plugin creation and maintaining, focusing on the ones involving proper configuration elements. This will let us see the current possibilities to import, export, share and maintain subsets of configuration policies between distinct Rudder environments.
Félix Dallidet
2020-02-04T16:00:00+01:00
16:00
00:50
B.2.010
2020-80-introduction-to-rudder-language
https://cfp.cfgmgmtcamp.org/2020/talk/A7QTCP/
false
Introduction to RUDDER Language
Full Talk - Monday & Tuesday
en
Rudder is a graphical configuration management tool, which is quite an unusual approach in this domain. This talk is about the why and how we are now introducing a new DSL for RUDDER. If you had never considered RUDDER because he didn't have a DSL, or if you want to discuss language with us, now is the right time to attend this talk!
Benoît Pecatte
2020-02-04T16:50:00+01:00
16:50
00:50
B.2.010
2020-63-feedback-on-scalability-and-load-testing-of-a-configuration-management-software
https://cfp.cfgmgmtcamp.org/2020/talk/TFCCBM/
false
Feedback on scalability and load testing of a configuration management software
Full Talk - Monday & Tuesday
en
Rudder is based on API/Web application that allows users to configure and verify their configurations. Relying on agents on every system, itchecks and remediates configurations every 5 minutes and centralizes the result of application. Each result is made up of hundreds of events that are historized, and each configuration changes involves calculating and displaying the configurations and conformities for users within a reasonable time.
A Rudder instance can handle 20 000 nodes. Can you imagine what this implies from a network, CPU and storage point of view? How to reach and maintain these performances? What are the different steps that made this possible? And what tools have been put in place?
This presentation will explain the technical stack used (Scala, PostgreSQL, C and Rust), as well as the path, failures and successes that allow us today to reproduce the environments, and also to test and validate the hypotheses to achieve and keep these results.
Nicolas CHARLES
2020-02-04T17:40:00+01:00
17:40
00:25
B.2.010
2020-87-designing-the-future-of-agent-server-communication-in-rudder
https://cfp.cfgmgmtcamp.org/2020/talk/EFSE7S/
false
Designing the future of agent-server communication in RUDDER
Short Talk - Monday & Tuesday
en
Rudder is currently used to manage more than 10k machines from the same central server,
but our agent-server communication (using HTTP for inventory collection,
syslog for reporting and a custom protocol for policy updates) was limiting us in terms of
security, performance and extensibility.
With Rudder 6, we have introduced a new communication infrastructure
to match present and future challenges with consistent security,
better performance, improved continuity through
immediate action triggers, while staying compatible with our
fully asynchronous, pull-based workflow.
The talk will focus on the design choices we made, from the use of Rust for our new
server component, to the network and message protocols we use.
It will also highlight the reasons and constraints behind them,
including ensuring a minimal operation overhead and an easy and smooth transition with no breaking change.
Alexis Mousset
2020-02-04T14:00:00+01:00
14:00
00:50
B.2.011
2020-125-agentless-saltstack
https://cfp.cfgmgmtcamp.org/2020/talk/Z99XJE/
false
Agentless SaltStack
Full Talk - Monday & Tuesday
en
Using an automation system such as SaltStack is a great way to ensure that traditional servers and desktops are kept in a consistent state. Commonly run tasks such as software updates and system configuration can be done in a way that the results are always consistent. But what about network devices? Or devices where security restrictions prevent a Salt minion from running? The solution is the SaltStack Proxy minion system and Salt SSH.
Using an automation system such as SaltStack is a great way to ensure that traditional servers and desktops are kept in a consistent state. Commonly run tasks such as software updates and system configuration can be done in a way that the results are always consistent. But what about other devices that are commonly found in a typical infrastructure setup such as routers and switches? It would be great to be able to manage these devices in a similar automated fashion. This is where the Salt Proxy minions come in. Additionally there might be situations where having a Salt minion running on a server is not allowed or possible, for these situations there is the Salt SSH system.
The talk will include:
* A brief introduction to SaltStack.
* Using SaltStack via SSH.
* A look at using Salt via Proxy Minions.
* The future of Salt-SSH and the Heist project.
Gareth J Greenaway
2020-02-04T14:50:00+01:00
14:50
00:50
B.2.011
2020-181-pop-culture-an-intro-to-plugin-oriented-programming
https://cfp.cfgmgmtcamp.org/2020/talk/QQDEPN/
false
POP Culture: An intro to Plugin Oriented Programming
Full Talk - Monday & Tuesday
en
Plugin Oriented Programing, also known as POP, is a new programming paradigm and open source project developed by SaltStack. Like any programming paradigm learning POP means thinking about programming differently. Using POP to create a plugin oriented project is easy. This introduction will help you learn how POP works and how to get started with a new POP project. In this talk we'll look at ways POP breaks new ground in:
- Memory management
- Dealing with complexity
- Subs and patterns
- App merging
We will also provide a demonstration of POP in action.
Tyler Johnson
2020-02-04T16:00:00+01:00
16:00
00:50
B.2.011
2020-144-advanced-salt-states-going-beyond-yaml
https://cfp.cfgmgmtcamp.org/2020/talk/UZ9XPL/
false
Advanced Salt States: Going Beyond YAML
Full Talk - Monday & Tuesday
en
Using an automation system such as SaltStack is a great way to ensure that traditional servers and desktops are kept in a consistent state. Commonly run tasks such as software updates and configurations can be done in a way that the results are always consistent. When using SaltStack this is accomplished using state files.
These state files are usually written using YAML, a human-readable data-serialization language, that presents the dictionaries and lists that SaltStack uses into a friendly format. Occasionally we need to go beyond the capabilities of what YAML can provide.
In this talk we'll explore some of the other ways that Salt states can be written, including using Jinja formatting and writing state files in programming languages such as Python.
Using an automation system such as SaltStack is a great way to ensure that traditional servers and desktops are kept in a consistent state. Commonly run tasks such as software updates and configurations can be done in a way that the results are always consistent. When using SaltStack this is accomplished using state files.
These state files are usually written using YAML, a human-readable data-serialization language, that presents the dictionaries and lists that SaltStack uses into a friendly format. Occasionally we need to go beyond the capabilities of what YAML can provide.
In this talk we'll explore some of the other ways that Salt states can be written, including using Jinja formatting and writing state files in programming languages such as Python.
Gareth J Greenaway
2020-02-04T16:50:00+01:00
16:50
00:50
B.2.011
2020-138-yomi-installation-of-the-os-using-saltstack
https://cfp.cfgmgmtcamp.org/2020/talk/XPFAWX/
false
Yomi - Installation of the OS using SaltStack
Full Talk - Monday & Tuesday
en
Yomi (Yet one more installer) is a new proposal for an OS installer
that is build on top of the features that a Software Configuration Tool
(StalStack) provides.
Yomi (Yet one more installer) is a new proposal for an OS installer
that is build on top of the features that a Software Configuration Tool
(StalStack) provides.
In this talk we will present the objectives of the project, the
technical decisions made, how it works internally, ways of integration
with other elements in the infrastructure (Uyuni), and an small demo
that will present the installation of MicroOS (with transactional
updates) and a normal openSUSE Tumbleweed with LVM/RAID.
/media/2020/images/XPFAWX/uyuni-logo.png
Alberto Planas
2020-02-04T14:00:00+01:00
14:00
00:50
B.2.015
2020-28-developer-stories-how-to-upgrade-to-a-moving-target-without-disturbing-users-or-your-sanity
https://cfp.cfgmgmtcamp.org/2020/talk/JZ8GMU/
false
Developer Stories: How to Upgrade to a Moving Target Without Disturbing Users or Your Sanity
Full Talk - Monday & Tuesday
en
*A Tale of Upgrading From MongoDB-based Pulp 2 to PostgreSQL-based Pulp 3 in Katello*
Whether you are a developer, system administrator, or simply a consumer of software, upgrades can be a painful experience. When was the last time your prescribed hour-long upgrade turned into a full-day endeavor? Have you been procrastinating upgrading your project’s EOL’d backend service for fear of breaking APIs? In the Katello project, we certainly have experienced these issues ourselves. After learning lessons the hard way when upgrading our backend service Pulp years ago, we’ve created a plan and are currently executing our latest upgrade to Pulp 3 now. The upgrade could be painful if we’re not careful. How can we switch to an in-development service with completely new concepts and APIs in a way that is easy for developers but still produces stable releases?
In this presentation, I will share a development story that covers prior mistakes we made and the lessons learned, the planning and architecture of incrementally introducing Pulp 3, and how we’ve maintained clear communication across the Katello and Pulp 3 teams to keep our efforts aligned.
This talk’s audience isn’t limited to developers alone; anyone in configuration management, system administration, or management fields should find it relatable as well.
The topics that will be covered are as follows:
* Introduction to Foreman, Katello, and Pulp for context
* What is so great about Pulp 3 that’s driving our upgrade plans?
* What is our final plan to migrate from Pulp 2 to Pulp 3?
* How does the upstream community affect this plan?
* Why is it bad to migrate to Pulp 3 all at once?
* What have our day-to-day challenges been during the migration and how have we handled it?
/media/2020/images/JZ8GMU/katello.png
Ian Ballou
2020-02-04T14:50:00+01:00
14:50
00:50
B.2.015
2020-31-developing-ansible-modules-for-foreman-and-katello
https://cfp.cfgmgmtcamp.org/2020/talk/KZCMLR/
false
Developing Ansible modules for Foreman and Katello
Full Talk - Monday & Tuesday
en
The [Foreman](https://theforeman.org) community maintains a [collection of over 40 Ansible modules](https://github.com/theforeman/foreman-ansible-modules) for interaction with the Foreman API and the various plugin APIs. This all started with two modules in `ansible/ansible` in 2016 and escalated from there.
Today we want to show how development of our modules works:
1. setting up a test environment (Foreman/Katello VM)
2. preparing a development environment (Python virtualenv with Ansible and dependencies)
3. understanding and adjusting the test playbooks
4. recording test fixtures (it's 2020 and we still ♥ VCR)
5. extending and fixing existing modules
6. writing completely new modules
Evgeni Golov
2020-02-04T16:00:00+01:00
16:00
00:50
B.2.015
2020-50-squeeze-the-last-drop-out-of-pulp-with-ansible
https://cfp.cfgmgmtcamp.org/2020/talk/ZEGEQL/
false
Squeeze the last drop out of pulp with ansible
Full Talk - Monday & Tuesday
en
Ansible, the radically simple IT automation engine is not stranger to pulp, the juicy software repository management tool.
In addition to its ansible based installer and its plugin for ansible content, we present the third way for pulp to interact with ansible:
'Ansible Modules for Pulp', alias Squeezer, is a collection of ansible modules to leverage the feature rich REST-API of pulp in a convenient way.
To this end we show, how repeated repository workflows can be mapped to ansible tasks.
We also discuss the possiblility to enrich bug reports with reproducers in form of playbook snippets.
Matthias Dellweg
2020-02-04T16:50:00+01:00
16:50
00:50
B.2.015
2020-128-the-baremetal-discovery-and-secureboot-provisioning-using-foreman
https://cfp.cfgmgmtcamp.org/2020/talk/RF7EVU/
false
The Baremetal Discovery and SecureBoot provisioning using Foreman
Full Talk - Monday & Tuesday
en
The Baremetal Discovery and SecureBoot provisioning using Foreman
Baremetal Discovery:
This feature enables to do bare-metal discovery of unknown systems of the network. The systems sends the facts to Foreman which then can be used to provision hosts with different parameters. The plugin also provides ability to auto provision the system as per the rules which can be defined beforehand. The talk covers,
1. Introduction to discovery plugin
2. Requirements to use discovery.
3. PXELess and PXE scenario of discovery.
4. Demo.
SecureBoot Provisioning:
The security is most important aspect of any department and so secure booting should be because its possible to have intrusion and malicious code running at the time of booting operating system. The UEFI Secure Boot was created to secure booting process from malicious component replacement attacks. Latest operating systems offers support for this by including kernel and associated drivers signed by UEFI CA certificate. The Foreman also supports provisioning over the secureboot.This talk covers,
1. What is Secure Boot ?
2. Introduction to basic Foreman provisioning ?
3. The secure boot provisioning using Foreman.
4. Challenges.
5. Demo.
Amit Upadhye
2020-02-04T17:40:00+01:00
17:40
00:25
B.2.015
2020-76-using-openapi-to-maximise-your-pulp-3-experience
https://cfp.cfgmgmtcamp.org/2020/talk/89XVDD/
false
Using OpenAPI to Maximise Your Pulp 3 Experience
Short Talk - Monday & Tuesday
en
Pulp ([pulpproject.org](https://pulpproject.org)) enables users to organize and distribute software. Now that Pulp 3.0 is generally available, it’s time to integrate it into your software delivery workflows. While the REST API is the primary integration point, it is the OpenAPI schema definition of that API that enables users to build client libraries in various languages. These clients simplify the integration with Pulp 3.
This talk will provide a brief introduction to OpenAPI. This will be followed by a demonstration of how to use the Pulp’s OpenAPI schema to generate a Python client for Pulp’s REST API. The Python client will then be used to perform various workflows in Pulp 3.
Dennis Kliban
2020-02-05T09:00:00+01:00
09:00
01:00
ALL
2020-173-wednesday-breakfast
https://cfp.cfgmgmtcamp.org/2020/talk/UPXEZN/
false
Wednesday Breakfast
Break Fast
en
Cofee and Croissants
Everyone
2020-02-05T13:05:00+01:00
13:05
01:00
ALL
2020-176-wednesday-lunch
https://cfp.cfgmgmtcamp.org/2020/talk/ZAX9MB/
false
Wednesday Lunch
Lunch
en
On your own
Everyone
2020-02-05T10:00:00+01:00
10:00
03:00
B. Con
2020-161-hands-on-with-kubernetes
https://cfp.cfgmgmtcamp.org/2020/talk/LVVXJG/
false
Hands on with Kubernetes
Workshop - Wednesday
en
A half to full day training session aimed at people that are new to Containers and Kubernetes. Each attendee will have access to a Kubernetes cluster and will finish the training with the confidence to say “I Know Kubernetes”.
A half to full day training session aimed at people that are new to Kubernetes.
The goal is to take participants from zero experience to feeling comfortable deploying applications.
The training is based on the popular https://container.training, modified slightly to use a large shared cluster.
A set of slides from the previous workshop done at OSDN in Kiev can be found here - http://k8s.camp/osdn/#1
Paul Czarkowski
2020-02-05T10:00:00+01:00
10:00
08:00
B.2.009
2020-33-foreman-construction-day
https://cfp.cfgmgmtcamp.org/2020/talk/SC9T7K/
false
Foreman Construction Day
Fringe - Wednesday
en
Foreman will be holding its usual Foreman Construction Day on Wednesday 5th February 2020, right after CfgMgmtCamp. Please join us!
The aim is to build upon on the previous 2-4 days of talks and discussions, and put it to use! We’re open to all members of our community, such as
New users looking for help getting started with Foreman
Users looking to start contributing
Code contributors to any of the core projects
UX design / improvement
Plugin authors (new or existing plugins)
Translators / documentors
This is a great opportunity to get (more) involved in the community, and spend some face-to-face hack time with other Foreman devs. Hope to see you there!
Tomer Brisker
2020-02-05T10:00:00+01:00
10:00
08:00
B.2.010
2020-47-kubernetes-mobprogramming-experiment
https://cfp.cfgmgmtcamp.org/2020/talk/RLECKH/
false
Kubernetes mobprogramming experiment
Fringe - Wednesday
en
We are going to do two tings in one workshop (how is that even possible):
- Inspired by mob programming – we are going to try an experiment in mob operations. We will get a big screen, and do everything together.
- The thing we are going to mob operate is Kubernetes - we will start from scratch and see how far we can get in one day.
We want to make this a learning experience for everyone in the room, so beginners and people experienced in mob programming and/or Kubernetes are welcome. The workshop facilitators are beginners as well, so we are here to learn together with you!
We want to have fun, so bring your best self and get your YAML editors ready!
Anders Bruvik
2020-02-05T10:00:00+01:00
10:00
03:00
B.2.011
2020-98-foreman-basics-and-provisioning
https://cfp.cfgmgmtcamp.org/2020/talk/SF3ASE/
false
Foreman - Basics and Provisioning
Workshop - Wednesday
en
This workshop will focus on basic knowledge, provisioning and orchestration for those new to Foreman.
This workshop is a shortened version of the two day long official [Foreman Training](https://github.com/NETWAYS/foreman-training/) focusing on those new to Foreman. In the workshop you will get basic knowledge of the architecture of Foreman. You will install and configure Foreman to provide several ways of provisioning. Furthermore orchestration will be added to the Foreman using the Remote Execution plugin.
While most tasks will be done in the Foreman WebUI, students should bring basic knowledge of Linux and be comfortable to use the command line for looking behind the curtain and debugging. Configuration management (Puppet or Ansible) knowledge is not required but helpful and the same applies to DNS, DHCP and Linux provisioning basics.
You should bring a Linux system with KVM and libvirt as virtualization solution, a virtual network with DHCP disabled and a CentOS 7 or Debian 9 virtual machine in this network prepared to run the foreman-installer. For preparation instructions see [the Foreman manual](https://theforeman.org/manuals/latest/index.html#2.Quickstart). Using another virtualization solution will limit your options for provisioning, but it should be possible to work around that to participate in the other exercises.
Dirk Götz
2020-02-05T14:00:00+01:00
14:00
03:00
B.2.011
2020-108-writing-ansible-module-for-fun-and-profit
https://cfp.cfgmgmtcamp.org/2020/talk/HH9T93/
false
Writing Ansible module for fun and profit
Workshop - Wednesday
en
Ansible provides a pluggable architecture that makes it easy to extend functionalities of Ansible. This workshop will be a hands-on session where I will discuss development process of the Ansible Module.
This workshop is helpful for developers and system administrators with some knowledge of Python to develop their custom modules and contribute back to the community.
In this session, I will also explain the development process and open source contribution process followed in Ansible Open Source Project.
I will focus on -
Ansible Module Architecture
Ansible development environment
Ansible Module development
Ansible Contribution process
In this workshop we will create a custom module and tests its functionality with Ansible.
Abhijeet KasurdeGanesh B Nalawade
2020-02-05T10:00:00+01:00
10:00
08:00
B.3.026
2020-139-puppet-contributor-session
https://cfp.cfgmgmtcamp.org/2020/talk/TZJE3T/
true
Puppet Contributor Session
Fringe - Wednesday
en
Collaboration session for the Puppet ecosystem.
Ben Ford
2020-02-05T10:00:00+01:00
10:00
03:00
B.3.036
2020-84-mgmt-config-hands-on-with-autonomous-datacentres
https://cfp.cfgmgmtcamp.org/2020/talk/8VQU7P/
false
Mgmt Config: Hands on with Autonomous Datacentres
Fringe - Wednesday
en
Mgmt is a real-time automation tool that is fast and safe.
It uses a real-time, reactive programming language to model the desired state over time, and a powerful event-driven engine to apply this state.
In this workshop, we'll present a number of live demos, and get you running mgmt yourself, and writing your first module.
This is the modelling language and tool that will let module authors build autonomous self-hosted mail servers, well-managed personal "home clouds", and other useful bits.
Finally we'll talk about some of the future designs we're planning and make it easy for new users to get involved and help shape the project.
A number of blog posts on the subject are available: https://purpleidea.com/tags/mgmtconfig/
Attendees are encouraged to read some before the workshop if they want a preview!
Attendees must arrive with a modern GNU+Linux machine, running golang 1.11 or newer or an equivalent virtual machine.
You will also need to complete the mgmt "quick start guide" to get mgmt running before you arrive.
https://github.com/purpleidea/mgmt/blob/master/docs/quick-start-guide.md
Doing this will leave us a maximum amount of time for hands on experience with mgmt.
If you have any difficulties, please join the #mgmtconfig IRC channel on Freenode and ask purpleidea for help.
James (purpleidea)
2020-02-05T10:00:00+01:00
10:00
03:00
B.3.037
2020-22-modern-infrastructure-as-code
https://cfp.cfgmgmtcamp.org/2020/talk/N8ZQMU/
false
Modern Infrastructure as Code
Workshop - Wednesday
en
Learn all about Infrastructure as Code: from concepts, to serverless and container technologies, including several hands-on labs to teach you best practices for managing infrastructure in public cloud and Kubernetes.
In this workshop, we will be using a new Infrastructure as Code tool, Pulumi.
You will leave this workshop with a better understanding of modern cloud architectures, the role infrastructure as code has to play in them, and with actionable best practices you can bring back to your teams today.
What You'll Learn:
We will begin with an introduction talk, briefly covering a number of topic, and then transition to hands-on labs to teach you the practicalities of using infrastructure as code to manage public cloud infrastructure on AWS and Kubernetes. You will leave knowing everything you need to be successful with infrastructure as code in your team.
Modern Cloud Architectures: Networking, clustering, containers, Kubernetes, serverless
Modern Infrastructure as Code: immutable infrastructure, automated delivery, policy as code
Infrastructure Patterns: provisioning infrastructure, versioning infrastructure, scaling applications, building and publishing container images, packaging and reusing infrastructure best practices
Paul Stack
2020-02-05T10:00:00+01:00
10:00
03:00
B.4.027
2020-145-learn-configuration-management-and-sdi-from-scratch-using-uyuni
https://cfp.cfgmgmtcamp.org/2020/talk/FAYVSX/
false
Learn configuration management and SDI from scratch using Uyuni
Workshop - Wednesday
en
Uyuni is a software-defined infrastructure and configuration management solution. You can use it to bootstrap physical servers, deploy and update packages and patches -even with content lifecycle management features- create VMs for virtualization and cloud, builds container images, tracks what runs on your Kubernetes clusters, CVE audit your machines and containers, etc. All using Salt under the hood!
In this workshop we will start from scratch: install Uyuni, register some clients machines, deploy software, subscribe machine to software channels, learn how to use the content lifecycle management features, create and manage virtual machines, etc.
Pau Garcia QuilesPablo Suárez Hernández
2020-02-05T10:00:00+01:00
10:00
03:00
B.4.039
2020-75-pulp-install-fest-ansible-container-registry-or-rpms-
https://cfp.cfgmgmtcamp.org/2020/talk/WRR7GC/
false
Pulp install - Fest (Ansible, Container Registry, or RPMs)
Workshop - Wednesday
en
Come by and install pulp_ansible, pulp_container, or pulp_rpm with the developers who make them!
https://github.com/pulp/pulp_ansible
https://github.com/pulp/pulp_container/
https://github.com/pulp/pulp_rpm
We'll be using the Ansible installer: https://github.com/pulp/ansible-pulp
Brian BouterseDennis Kliban
2020-02-05T10:00:00+01:00
10:00
03:00
B.4.041
2020-68-getting-started-with-rudder-the-most-secops-configuration-management-tool
https://cfp.cfgmgmtcamp.org/2020/talk/ZCUYEF/
false
Getting started with RUDDER, the most "secops" configuration management tool
Workshop - Wednesday
en
Security policies are increasingly complex and demanding to be implemented by operational teams. How can we be sure that our security policies are properly applied on all our servers other than through a massive and costly audit? Even if they were when they were created, how do you know if they remain perfectly compliant after a few days / weeks / months?
More generally, the problem can be generalized to a devsecops approach: how to ensure that teams work together to make system infrastructures more reliable and secure?
Discover how RUDDER, a solution based on the devops spirit that allows teams to work together, can bring its know-how during a first-hand workshop and deploy your first rules together.
Prerequisites:
* Hardware: Any machine able to run virtualization and enough RAM for the VM (4Gb of RAM seems a minimum).
* Software: Virtualbox must be installed and the network for virtualbox must be working with NAT and local network (test with one VM before coming).
* Skills: Basic linux administration
Félix Dallidet
2020-02-05T10:00:00+01:00
10:00
08:00
B.4.042
2020-170-cfengine-workshop-room
https://cfp.cfgmgmtcamp.org/2020/talk/JUCUT9/
false
CFEngine Workshop Room
Fringe - Wednesday
en
Hack Day Room
We welcome you to a day of discovering what CFEngine can do and how you make use of it.
- Influence the development of new features.
- Get help writing policy / free enterprise support
- Meet the developers
- See cool demos and upcoming features
- Share what you are working on or have a chat with fellow CFEngineers
Nils Christian Flinder Roscher-NielsenNick Anderson