Uyuni Saltboot - automated image deployment and lifecycle with Uyuni

•

0 j'aime•49 vues

Deploying images is ever evolving topic. Although much of the deployments today are concerned with containers, base systems for container host are somehow needed to be deployed as well. Let me present Saltboot, part of Uyuni stack. Saltboot is building on SaltStack to make image deployment secure and together with Uyuni provides complete image lifecycle and management - from image building, staging to deployment on target machines.

Logiciels

Uyuni Saltboot
An Automated Image Deployment And
Lifecycle
openSUSE Conference
project@lists.opensuse.org
oSC22 @openSUSE

configuration management
patch and package management
content lifecycle management
compliance auditing
image building, …

Saltboot
salt-integrated initrd
salt states and modules
partitioning and filesystem management
filesystem image deployment concept

Images
Kiwi (https://osinside.github.io/kiwi/)
Kernel, Initrd, System (KIS)
Building integrated with Uyuni
Saltboot kiwi templates
(https://github.com/SUSE/manager-build-profiles/)

Image building
Packages
Image templates
Build hosts
Image repository

Package management
Product
Channels
Activation keys

Image profiles
link channels
and image
templates

Image building
Packages ✓
Image templates – saltboot templates ✓
Build hosts
Image repository

Build hosts
VM or real HW
OS Image
entitlement

Image building
Packages ✓
Image templates – saltboot templates ✓
Build hosts ✓
Image repository (Uyuni) ✓

Deployment
manual dd command
PXE and UEFI PXE
HTTP UEFI
...

Automated deployment
manual dd command
PXE and UEFI PXE
HTTP UEFI
...

PXE, UEFI PXE, UEFI HTTP
DHCP + TFTP
DHCP + HTTP
subnet 192.168.0.0 netmask 255.255.255.0 {
if substring (option vendor-class-identifier, 0, 10) =
"HTTPClient" {
option vendor-class-identifier "HTTPClient";
filename "http://192.168.0.1/saltboot/grub.efi";
} else {
if option arch = 00:07 {
filename "boot/grub.efi";
next-server 192.168.0.1
}
else {
filename "boot/pxelinux.0";
next-server 192.168.0.1
}
}
}

TFTP server?
Uyuni Proxy pod
– squid cache
– tftp router
– salt broker
– ssh tunnel

Proxy Pod
podman pod
k8s deployment
#> spacecmd proxy_container_config_generate_cert -- proxy.example.org uyuni.example.org 30000
root@example.org -p 8022
#> scp config.tgz containerhost:
#> ssh containerhost -- tar -xf config.tgz -C /etc/uyuni
#> ssh containerhost -- systemctl enable --now uyuni-proxy-pod

Image? Where? Where to?
Server discovery
Partitioning
Image selection

Saltboot Group
Salt pillar data
– group id
– image repo
server
– naming
PXE menu

Partitioning
Saltboot pillar
Disk selection and partitioning
Image selection

Partitioning
partitioning:
----------
disk:
----------
device:
*
disklabel:
gpt
level:
1
partitions:
----------
p1:
----------
flags:
swap
format:
swap
size_MiB:
2000

Hardware type group
Auto assignment of machines to the group
Group with common partitioning setup

Salt and saltboot security
Salt PKI
Image validation
Image encryption

Image lifecycle
Uyuni knows what is in the image
– CVE auditing
Manual image rebuilds

Contenu connexe

Similaire à Uyuni Saltboot - automated image deployment and lifecycle with Uyuni

Developing IT infrastructures with Puppet

Alessandro Franceschi

Centos

sandyy12

Instalando Cacti no CentOS 5

Carlos Eduardo

The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration

Erica Windisch

Build Your Own CaaS (Container as a Service)

HungWei Chiu

A Presentation about Puppet that I've made at the OSSPAC conference

ohadlevy

Continuous Delivery helps to keep your software and Docker images updated and deploy new versions in production easily. Microservices are great at reducing the attack vector and limiting the privileges or credentials access of each piece of your application. Containers provide an opportunity to implement better security, small, immutable, single process and purpose. In this session, we will discover real use case examples on how to make your CI/CD pipeline interact with Docker security tools. But security doesn’t stop where your deployment pipeline ends. How can we prepare for 0-days and policy violations that happen at run-time? Can we make it part of the CI/CD process?

CI / CD / CS - Continuous Security in Kubernetes

Sysdig

Join us to discover how to use the PHP frameworks and tools you love in the Cloud with Heroku. We will cover best practices for deploying and scaling your PHP apps and show you how easy it can be. We will show you examples of how to deploy your code from Git and use Composer to manage dependencies during deployment. You will also discover how to maintain parity through all your environments, from development to production. If your apps are database-driven, you can also instantly create a database from the Heroku add-ons and have it automatically attached to your PHP app. Horizontal scalability has always been at the core of PHP application design, and by using Heroku for your PHP apps, you can focus on code features, not infrastructure.

PHP on Heroku: Deploying and Scaling Apps in the Cloud

Salesforce Developers

Bare Metal to OpenStack with Razor and Chef

Matt Ray

Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more. In this demo, I will show how to build a Apache image from a Dockerfile and deploy a PHP application which is present in an external folder using custom configuration files.

Docker - Demo on PHP Application deployment

Arun prasath

Kubernetes for the PHP developer

Paul Czarkowski

PVS-Studio in the Clouds: Travis CI

Andrey Karpov

Uyuni is a software-defined infrastructure and configuration management solution. You can use it to bootstrap physical servers, deploy and update packages and patches -even with content lifecycle management features- create VMs for virtualization and cloud, builds container images, tracks what runs on your Kubernetes clusters, CVE audit your machines and containers, etc. All using Salt under the hood!

Uyuni, the solution to manage your Linux infrastructure

Uyuni Project

Deploying Symfony2 app with Ansible

Roman Rodomansky

E D - Environmental Dependencies in Python

Adam Englander

How to manage Azure with open source

Ubuntu Korea Community

How to manage Microsoft Azure with open source

Taehee Jang

Introduction to Docker

Nissan Dookeran

Docker-v3.pdf

Bruno Cornec

Chicago Docker Meetup Presentation - Mediafly

Mediafly

Similaire à Uyuni Saltboot - automated image deployment and lifecycle with Uyuni (20)

Developing IT infrastructures with Puppet

Centos

Instalando Cacti no CentOS 5

The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration

Build Your Own CaaS (Container as a Service)

A Presentation about Puppet that I've made at the OSSPAC conference

CI / CD / CS - Continuous Security in Kubernetes

PHP on Heroku: Deploying and Scaling Apps in the Cloud

Bare Metal to OpenStack with Razor and Chef

Docker - Demo on PHP Application deployment

Kubernetes for the PHP developer

PVS-Studio in the Clouds: Travis CI

Uyuni, the solution to manage your Linux infrastructure

Deploying Symfony2 app with Ansible

E D - Environmental Dependencies in Python

How to manage Azure with open source

How to manage Microsoft Azure with open source

Introduction to Docker

Docker-v3.pdf

Chicago Docker Meetup Presentation - Mediafly

Dernier

Salesforce unveiled the Salesforce Zero Copy Partner Network, a global alliance of tech and solution providers developing secure, bidirectional zero-copy interfaces with Salesforce Data Cloud. This innovative approach enables seamless data actioning across the Salesforce Einstein Platform. Brian Miliham, Salesforce’s President and COO, highlighted the challenge companies face with fragmented data. This ecosystem empowers businesses to harness all their data, irrespective of its location, maximizing the potential for personalized customer experiences and facilitating quicker, cost-effective AI integration within Salesforce.

Salesforce Introduced Zero Copy Partner Network to Simplify the Process of In...

CloudMetic

SQL Injection Introduction and Prevention

Mohammed Fazuluddin

How to install and activate eGrabber JobGrabber

eGrabber

Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024

MulesoftMunichMeetup

This is a classic migration case study (the past, current and the future) at scale from a world-wide company transitioning from Confluent Platform and Confluent Cloud to self-managed Apache Kafka on Kubernetes using Strimzi. At Maersk, we have been architecting, designing and implementing our 3rd generation Event Streaming Platform. This platform is based on Kubernetes in Azure and using Strimzi to operate Apache Kafka at large scale, highly reliable, segregating data based on isolated use cases. Our 2nd generation was based on OnPrem Confluent Platform and Confluent Cloud and this presentation is the story of this migration and reasoning behind it. Furthermore, we would get into details on how we monitor (Grafana, Prometheus), alert (GoAlert and alert as code), operate and provide self-service solutions on top of Strimzi to enable business critical application in Maersk, implemented in GoLang using the GitOps deployment model with Flux and Kustomization among others. Finally, if time allows we will end with a demo of an open-source self service tool to monitor and explore the cluster with most wanted features such as topic message browsing and configuring and restarting connectors.

StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi.pdf

steffenkarlsson2

GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates

Neo4j

Building a notification campaign might seem easy and it is easy to get started with a simple set up. But once the scale kicks in, it becomes every important to have a resilient architecture that can handle hundreds of thousands of recipients. This talk will focus on the Serverless services consumed in building the architecture and the various architectural decisions. The talk covers the various challenges in building an architecture of this sorts and how we overcame them using Serverless services.

Lessons Learned from Building a Serverless Notifications System.pdf

Srushith Repakula

architecting-ai-in-the-enterprise-apis-and-applications.pdf

WSO2

The Mythical Technical Debt (Brooke, please, forgive me.) <This talk is designed for a technical audience> In software-intensive systems development, we often face trade-offs between speed and long-term maintainability. These trade-offs accumulate as technical debt, the hidden cost of short-term decisions that can impact future development. Technical debt goes beyond the initial choices made when creating software. It encompasses design decisions, coding practices, or anything that might hinder future development efforts. By effectively identifying and managing this debt, we can build robust and scalable software systems. In this talk, we'll explore different types of technical debt and their impact on projects. We'll delve into practical methods to identify, measure, and reduce it. Finally, we'll see how to turn technical debt into an advantage, using it as a springboard for innovation with real-world examples.

The mythical technical debt. (Brooke, please, forgive me)

Roberto Bettazzoni

AI Hackathon.pptx

ERRORhackerboy

API Development involves designing, building, and implementing Application Programming Interfaces (APIs) that enable seamless communication and data exchange between different software systems. There are various types of APIs, including RESTful APIs, SOAP APIs, GraphQL, and WebSocket APIs, each serving specific purposes. API specifications, such as OpenAPI Specification (OAS) and GraphQL Schema Definition Language (SDL), define the structure and behavior of APIs. Documentation plays a crucial role in API development, providing clear instructions, examples, and troubleshooting guidance for developers who want to integrate with the API. Click Here For More Details: https://www.connectinfosoft.com/rest-api-development-service/

What is an API Development- Definition, Types, Specifications, Documentation.pdf

Connect Infosoft Technologies Private Limited

In his book, The Nature of the Physical World, Sir Arthur Eddington commented that “We have to appeal to the one outstanding law — the second law of thermodynamics — to put some sense into the world.” This sense-making goes beyond the physical world, too. Entropy is also essential in the fields of information and communication theory. During this lecture for the Princeton Plasma Physics Laboratory, lecturer Andrea Goulet discussed the application of entropy-related concepts in two communication systems: software and collaborative teams. She examined how concepts that help us understand systemic statistical disorder, such as ergodic systems, Lyapunov exponents, Kolmogorov-Sinai entropy, and Shannon-entropy can help us optimize for both software quality and innovation. She also provided several domain-specific models: Lehman’s Laws and Conway’s Law for software, as well as new models from her own research that relate to entropy and innovation. Entropy helps us understand the world and achieve great things. There is an underlying beauty in its principles that we can use to advance scientific discovery. When we understand the subtleties related to balancing surprise and structure, we increase our chances for effective collaboration and finding novel solutions to complex problems.

Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...

Andrea Goulet

If you weren't able to make it to Florida Dreamin' last Fall, then you are in luck. We are bringing you one of the most talked about sessions during the conference. You won't want to miss this insightful presentation from Cyndy Ferguson, Team Lead, Client Success Manager, Craftsman Technology Group titled: Why I hire and train Junior Admins, and why you should too! Presentation Description: You say you don't have time to hire, train and mentor Junior Admins? But you have time to interview 50 people, none of whom fit your current Salesforce Admin job description? Let me show you how to hire, train, and retain Freshies or Junior Admins, while saving time, money and your sanity. I have developed 30-day, 60-day, 90-day, and 180-day plans to skill up new Admins and make your life easier. Also, join us to get some key highlights for the Summer '24 Release that will impact and provide value to most Orgs. These updates will be available in your Sandbox and Production Orgs during the months of May and June presented by Marc Lester, Engagement Manager, Coastal. Did you know most new features are included with your initial purchase? Explore the latest innovations in the release to maximize your ROI from Salesforce. Some features in Summer ’24 will affect all users immediately after the release goes live, which are already available in your Sandbox and Production Orgs. If you haven't already done so, consider communicating these changes to your users so they understand the updates and know how to best take advantage of them. Other features require direct action by an administrator before users can benefit from the new functionality. Learn about some of each of these features and enhancements and which ones will benefit your organization the most.

Jax, FL Admin Community Group 05.14.2024 Combined Deck

Marc Lester

Top Mobile App Development Companies 2024

XongoLab Technologies LLP

Malaysia E-Invoice digital signature docpptx

Mok TH

These are the slides of my OpenSIPS Summit 2024 presentation about automating your test calls. It dives into why automated call testing is crucial, how to integrate it into your CI/CD pipeline and how to extend testing of single calls into load testing and testing of other protocols. The presentation also provides details how open source components such as sipp, asterisk and rtpengine are used to implement agents to generate test calls for SIP, Fax and WebRTC at scale.

Automate your OpenSIPS config tests - OpenSIPS Summit 2024

Andreas Granig

Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan

Neo4j

Odoo is superior to Shopify in terms of building e-commerce websites because of it all-in-one functionality, vast customization and its costs-effectiveness. It combines the ERP, CRM, accounting and inventory management which simplify the whole eCommerce business further on. Due to the open source nature of Odoo platform, it is easy to customize and integrate it with other ERP systems. This makes it perfect for different businesses as it can be adjusted to the unique needs of different businesses. Its optimum pricing, including a free version, and low running costs making Odoo a viable, practical and affordable alternative in the long-term to Shopify.

Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024

Primacy Infotech

Unlock the secrets to success in the competitive world of food delivery app development with our comprehensive guide for 2024. From innovative features to cutting-edge technologies, discover the strategies that will elevate your food delivery business to new heights. Download now for expert insights and actionable tips for more visit, https://foodorderingwebsite.com/food-delivery-app-development/.

Food Delivery Business App Development Guide 2024

Chirag Panchal

OpenChain @ LF Japan Executive Briefing - May 2024

Shane Coughlan

Dernier (20)

Salesforce Introduced Zero Copy Partner Network to Simplify the Process of In...

SQL Injection Introduction and Prevention

How to install and activate eGrabber JobGrabber

Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024

StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi.pdf

GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates

Lessons Learned from Building a Serverless Notifications System.pdf

architecting-ai-in-the-enterprise-apis-and-applications.pdf

The mythical technical debt. (Brooke, please, forgive me)

AI Hackathon.pptx

What is an API Development- Definition, Types, Specifications, Documentation.pdf

Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...

Jax, FL Admin Community Group 05.14.2024 Combined Deck

Top Mobile App Development Companies 2024

Malaysia E-Invoice digital signature docpptx

Automate your OpenSIPS config tests - OpenSIPS Summit 2024

Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan

Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024

Food Delivery Business App Development Guide 2024

OpenChain @ LF Japan Executive Briefing - May 2024

Uyuni Saltboot - automated image deployment and lifecycle with Uyuni

1. Uyuni Saltboot An Automated Image Deployment And Lifecycle openSUSE Conference project@lists.opensuse.org oSC22 @openSUSE

2. Uyuni Saltboot

4. configuration management patch and package management content lifecycle management compliance auditing image building, …

5. configuration management patch and package management content lifecycle management compliance auditing image building, …

6. Saltboot salt-integrated initrd salt states and modules partitioning and filesystem management filesystem image deployment concept

7. Saltboot salt-integrated initrd salt states and modules partitioning and filesystem management filesystem image deployment concept

8. Automated image deployment

9. Images Kiwi (https://osinside.github.io/kiwi/) Kernel, Initrd, System (KIS) Building integrated with Uyuni Saltboot kiwi templates (https://github.com/SUSE/manager-build-profiles/)

10. Images Kiwi (https://osinside.github.io/kiwi/) Kernel, Initrd, System (KIS) Building integrated with Uyuni Saltboot kiwi templates (https://github.com/SUSE/manager-build-profiles/)

11. Image building Packages Image templates Build hosts Image repository

12. Package management Product Channels Activation keys

13. Package management Product Channels Activation keys

14. Package management Product Channels Activation keys

15. Image building Packages ✓ Image templates Build hosts Image repository

16. Image profiles link channels and image templates

17. Image building Packages ✓ Image templates – saltboot templates ✓ Build hosts Image repository

18. Build hosts VM or real HW OS Image entitlement

19. Image building Packages ✓ Image templates – saltboot templates ✓ Build hosts ✓ Image repository

20. Image building Packages ✓ Image templates – saltboot templates ✓ Build hosts ✓ Image repository (Uyuni) ✓

21. Image build link image profile with build host initiate build

22. Automated image deployment

23. Deployment manual dd command PXE and UEFI PXE HTTP UEFI ...

24. Automated deployment manual dd command PXE and UEFI PXE HTTP UEFI ...

25. PXE, UEFI PXE, UEFI HTTP DHCP + TFTP DHCP + HTTP subnet 192.168.0.0 netmask 255.255.255.0 { if substring (option vendor-class-identifier, 0, 10) = "HTTPClient" { option vendor-class-identifier "HTTPClient"; filename "http://192.168.0.1/saltboot/grub.efi"; } else { if option arch = 00:07 { filename "boot/grub.efi"; next-server 192.168.0.1 } else { filename "boot/pxelinux.0"; next-server 192.168.0.1 } } }

26. TFTP server? Uyuni Proxy pod – squid cache – tftp router – salt broker – ssh tunnel

27. Proxy Pod podman pod k8s deployment #> spacecmd proxy_container_config_generate_cert -- proxy.example.org uyuni.example.org 30000 root@example.org -p 8022 #> scp config.tgz containerhost: #> ssh containerhost -- tar -xf config.tgz -C /etc/uyuni #> ssh containerhost -- systemctl enable --now uyuni-proxy-pod

28. Automated image deployment

29. Automated image deployment

30. Image? Where? Where to? Server discovery Partitioning Image selection

31. Saltboot Group Salt pillar data – group id – image repo server – naming PXE menu

32. Partitioning Saltboot pillar Disk selection and partitioning Image selection

33. Partitioning partitioning: ---------- disk: ---------- device: * disklabel: gpt level: 1 partitions: ---------- p1: ---------- flags: swap format: swap size_MiB: 2000

34. Hardware type group Auto assignment of machines to the group Group with common partitioning setup

35. Automated image deployment

36. Salt and saltboot security Salt PKI

37. Salt and saltboot security Salt PKI

38. Salt and saltboot security Salt PKI Image validation Image encryption

39. Automated image deployment

40. Image lifecycle Uyuni knows what is in the image – CVE auditing Manual image rebuilds

41. Q&A

42. https://www.uyuni-project.org/

Uyuni Saltboot - automated image deployment and lifecycle with Uyuni

Recommandé

Recommandé

Contenu connexe

Similaire à Uyuni Saltboot - automated image deployment and lifecycle with Uyuni

Similaire à Uyuni Saltboot - automated image deployment and lifecycle with Uyuni (20)

Dernier

Dernier (20)

Uyuni Saltboot - automated image deployment and lifecycle with Uyuni