Session
Schedule FOSDEM 2022
Infra Management

Running trusted payloads with Nomad and Waypoint

D.infra
Bram Vogelaar
<p>Things like Infrastructure as Code, Service Discovery and Config Management can and have helped us to quickly build and rebuild infrastructure but we haven't nearly spend enough time to train our self to review, monitor and respond to outages.</p> <p>With the the introduction of CI/CD best practices into our day to day workflows we protect ourselves for introducing "bad" code into production and exposing flaws to our (end-)users. But what about influences from bad actors in- and out-side our projects. This talk will focus on the additional steps we can add to our Waypoint build pipelines to also protect ourselves to so called supply chain attacks while running our jobs in Nomad. We ll discuss scanning for vulnerabilities in incoming code, packages and images and signing the content artifacts we trust before exposing them to our users.</p>

Additional information

Type devroom

More sessions

2/5/22
Infra Management
D.infra
<p>CUE (https://cuelang.org/) solves a previously unsolved technical problem in the configuration space. It does so by taking a compositional approach that reduces the complexity of managing configuration from a combinatorial problem to a linear problem. CUE is based on 20 years of experience in the field of configuration. Its declarative, aspect-oriented approach is powerful yet simple, making it possible to manage large amounts of configuration data and policies in multiple formats (JSON, ...
2/5/22
Infra Management
Evgeni Golov
D.infra
<p>With the Foreman Project dropping support for EL7 in Foreman 3.3 (~Summer 2022), it's finally time to tackle that migration to EL8 you have been putting off for a while now. In this session we will present various ways how you can migrate your installation from EL7 to EL8, with the main focus on the in-place upgrade using LEAPP/ELevate.</p> <p>The Foreman Project is planning to <a ...
2/5/22
Infra Management
Vincent Rubiolo
D.infra
<p>With redpesk, we provide customers the ability to cross-build an embedded, CentOS Stream-based Linux distribution in the cloud. This requires a significant infrastructure: Koji/RPM builders, Angular-based WebUI, Gitlab forge, network and RPM package dependency management, Qemu test lab management, all need to come together and be connected, in a mix of Qemu virtual machines and LXC containers. Fortunately, Ansible and Proxmox comes to the rescue to manage this complexity.</p> <p>In this talk, ...
2/5/22
Infra Management
David Moreau-Simard
D.infra
<p>ARA Records Ansible playbooks and makes them easier to understand and troubleshoot. The author will explain why he created the project back in 2016 and how it might be useful for a wide range of use cases wherever Ansible runs from. Including a live demo, we'll see how it works under the hood and you can expect to walk away from the presentation with an understanding on how to get started for your own Ansible playbooks within minutes.</p> <p>ARA Records Ansible playbook results in local ...
2/5/22
Infra Management
Kai L√ľke
D.infra
<p>Flatcar Container Linux is a minimal base OS to run containers. As a friendly fork of CoreOS Container Linux it continues the project under a new name. The main features are the A/B partitions for automatic updates and rollbacks, and the integration of Ignition for declarative configuration on first boot. Declarative configuration is a key element for managing machines following the principle of Immutable Infrastructure, but causes friction if it means that the whole machine has to be ...
2/5/22
Infra Management
D.infra
<p>The use of Bare Metal to run containerized workload is coming back into popularity. There are multiple reasons for this increase of interest. First, the rise of big data analytics, high performance computing, machine learning workloads that need high-bandwidth and low latency and sometimes even requires access to special hardware devices like GPUs or DPUs. And at the same time, in the telecommunication space, the 5G networks technology stacks that drive the need for IPv6, SR-IOV, Container ...
2/5/22
Infra Management
tkramm
D.infra
<p>An introduction (live demo with questions and answers) into RPort - a new open-source software for remote access and remote management of heterogeneous it-landscapes. Use the UI, the command line or an REST API to manage servers and desktop efficiently from a central place.</p> <p>RPort is a comprehensive solution for remote management of servers and desktop systems. Even if they are behind firewalls, routers and NAT. RPort is built on the client-server principle, clients connect to the ...