SlideShare une entreprise Scribd logo

Masterless Puppet Using AWS S3 Buckets and IAM Roles

M
Malcolm Duncanson, CISSP

Sydney based cloud consultancy Cloudten's Richard Tomkinson shows how masterless Puppet can be used in concert with AWS's services including Lambda to automate server builds and manage code deployments

Données & analyses
1  sur  28
Télécharger pour lire hors ligne
©opyright   2015   Cloudten   Industries
©opyright   2015   Cloudten   Industries Copyright statement: This document contains a presentation given to the Puppet User Group by Cloudten Industries in January 2016. It has been made available freely for educational purposes. No part of this document may be reproduced or modified without the express written consent of the author.
Copyright 2015   Cloudten   Industries • Project Overview • Technology Stack • Puppet builds and deployments • Security • Issues • Q&A
Copyright 2015   Cloudten   Industries Project  Overview • Client was a startup with VC backing. • They wanted to build a mobile social media app: • Dynamically scalable up to 100,000 hits per second • Cross site active/active with real time DR • Multiple test environments to be stood up/down at will • End to end security with encryption at rest • Engaged separate mobile and web app developers
Copyright 2015   Cloudten   Industries Multiple  Development  Teams Company  A: Mobile   development  team  in   Melbourne Company  B: Web  App   development  team  in   Perth/India
Copyright 2015   Cloudten   Industries Multiple  Development  Teams • Using  Xamarin  Studio  to  create   Apple  and  Android  front  ends • Require  access  to  code  base  to   publish  WSDLs  under  web  app • Require  access  to  app  logs • Using  a  JDK  to  create  a  J2EE   app  running  in  Tomcat • Require  access  to  entire  web   app  code  base • Require  access  to  more  logs
Copyright 2015   Cloudten   Industries What  Did  We  Need  to  Solve  ? • Client didn’t have (or want) any full time IT staff. • Client did want: – Hands off builds and app deployments – Self managed consistent server fleet – No outage deployments – No direct access to infrastructure from developers
Copyright 2015   Cloudten   Industries Hosting  in  AWS • AWS provide on-demand scalable resources • Facility to implement “Infrastructure as Code” • Secure and durable object storage for code drops • Fine grained security controls to create server roles and limit developer access. • Additional services to co-ordinate deployments (Lambda, SNS, SQS)
Copyright 2015   Cloudten   Industries AWS  Autoscaling AWS can automatically add (and remove) servers to a load balancer pool based on a given metric ( eg. CPU or number of connections) Scaling  trigger  hit Scale  out  to  share  the  load
Copyright 2015   Cloudten   Industries How  does  it  work  ? • Launches and builds identical virtual machines • Destroys them with reckless abandon. • Essential to get all logs into a central store • Any generated content must be shared (i.e. can’t be stored on a local machine) • The instance launch can trigger a build process (e.g. Puppet )
Copyright 2015   Cloudten   Industries Automated  Server  Builds Start  with  base  Amazon Linux  Image Invoke  bootstrap  script Install  Puppet  RPM S3  sync  config and Puppet  manifests Puppet  Apply
Copyright 2015   Cloudten   Industries Puppet  Build  Tasks • Linux security patching and kernel hardening • Define custom package repositories • AWS tagging using facter – Querying metadata to set instance specific tags – Set tags for environment variables to be used later • Package installation, config and version enforcement – NGINX, WAF, Tomcat, monit, sumo agents etc • Configuration management – functional users, public keys, cron jobs, log rotations, system health checks
Copyright 2015   Cloudten   Industries EC2  Tagging  with  Facter # Sets hostname class common::hostname { require aws file { '/etc/hostname': ensure => 'present', owner => 'root', group => 'root', mode => '0644', content => template('common/hostname.erb'), notify => [ Exec['Set Hostname'], Exec['Set EC2 Name-tag'] ], } ... exec { 'Set Hostname': command => "/bin/hostname -F /etc/hostname", unless => "/usr/bin/test `hostname` = `/bin/cat /etc/hostname`", refreshonly => 'true', } exec { 'Set EC2 Name-tag': command => '/usr/local/bin/setec2nametag', unless => '/usr/bin/test `/usr/local/bin/facter ec2_tag_Name` = `/bin/cat /etc/hostname`', } }
Copyright 2015   Cloudten   Industries Kernel  Tuning # sysctl class class common::sysctl { file { '/etc/sysctl.conf': source => 'puppet:///modules/common/sysctl.conf', owner => 'root', group => 'root', mode => '0644', notify => Exec['Refresh sysctl'], } exec { 'Refresh sysctl': command => '/sbin/sysctl -q -p', refreshonly => 'true', } }
Copyright 2015   Cloudten   Industries Developer  Code  Drops MySQL App
Copyright 2015   Cloudten   Industries Event  Based  Triggers cron 1 2 334 4 5 5 cron control script 6 7 Complete  deployment  and   set  a  marker  file  as  a  trigger Check  for  marker. If  present  put  message   on  SQS  queue CS  checks  for  message on  queue Get   message  from  queue S3  sync  of  changes to  staging  area Puppet  applies  changes   and  restarts  services
Copyright 2015   Cloudten   Industries How  Does  that  Queue  Work  ? • Lambda creates the queue once it detects trigger file (if it doesn’t exist already) • Lambda queries the auto-scaling group and creates a message on the SQS queue for each member. It then deletes trigger file • Each message has a 30 minute expiry ( deployments usually take <5 minutes) • SQS queue has multiple consumers ( app servers) • App server checks for its own message, retrieves then deletes it once deployment is successful. • Lambda periodically checks for messages about to expire and the dead letter queue. Triggers an email alert if there is an issue.
Copyright 2015   Cloudten   Industries Puppet  Deployment  Tasks Check for changes in staging content area Sync content Check for configuration file changes in staging areas Apply changes Restart/reload relevant services Random sleep
Copyright 2015   Cloudten   Industries Puppet  Deployment  Tasks # Conf dir file { '/etc/nginx/conf': ensure => ‘directory’, source => 'puppet:///modules/nginx/conf', recurse => true notify => Service[’nginx'], require => Package[’nginx'], } # WAF rules file { '/etc/nginx/waf/modsec_waf.rules': source => 'puppet:///modules/nginx/waf/modsec_waf.rules', ... notify => Service[’waf'], require => Service[‘nginx’]. require => Package[’nginx'], }
Copyright 2015   Cloudten   Industries AWS  IAM  Users/Groups/Roles • IAM (Identity & Access Management) allows fine grained user, group and role definitions • S3 Bucket policies add a further level of security to restrict access to resources stored in S3 • Web developer bucket policy allows full access for web dev group • Mobile developer bucket policy allows full access for mobile dev group and read only access for web dev group
Copyright 2015   Cloudten   Industries IAM  Users
Copyright 2015   Cloudten   Industries IAM  Users { … { "Sid":  "AllowS3ListAccessToBucket", "Effect":  "Allow", "Principal":   { "AWS":  "arn:aws:iam::123456789101:group/webdevs" }, "Action":  "s3:ListBucket", "Resource":  "arn:aws:s3:::fdsr-­‐webcontent-­‐puppet-­‐prod" }, { "Sid":  "AllowS3AccessToModules", "Effect":  "Allow", "Principal":   { "AWS":  [ "arn:aws:iam::123456789101:group/webdevs", "arn:aws:iam::123456789101:role/iam-­‐ec2-­‐webrole", ] }, "Action":  [ "s3:AbortMultipartUpload", "s3:GetObjectAcl", "s3:DeleteObject", "s3:GetObject", "s3:PutObjectAcl", "s3:PutObject" ], "Resource":  "arn:aws:s3:::fdsr-­‐webcontent-­‐puppet-­‐prod/modules/webapp/files*" } ] }
Copyright 2015   Cloudten   Industries IAM  Users/Groups/Roles App Server
Copyright 2015   Cloudten   Industries IAM  Users/Groups/Roles IAM roles allow dynamically launched virtual servers to securely access credentials by querying locally accessible metadata at the special use IP address 169.254.169.254 $ curl http://169.254.169.254/latest/meta-data/iam/security-credentials/s3read-only { "Code" : "Success", "LastUpdated" : "2015-04-26T16:39:16Z", "Type" : "AWS-HMAC", "AccessKeyId" : "AKIAIOSFODNN7EXAMPLE", "SecretAccessKey" : "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "Token" : "token", "Expiration" : "2015-04-27T22:39:16Z" }
Copyright 2015   Cloudten   Industries Why  Masterless Puppet • Less instances to manage ( no IT staff to manage it ) • No access for developers to internal infrastructure • Not Enterprise Puppet • No need to manage Puppet certificates ( AWS API calls are all encrypted and IAM enforces authentication)
Copyright 2015   Cloudten   Industries What  Issues  Did  We  Have  ? • Enforced versions being removed from repos • Auto-scaling and healthcheck tuning • S3 sync not handling zero byte files properly • Event trigger mechanism needed tweeking • Developers storing files on local instances • S3FS. Don’t use it ! EVER !
Copyright 2015   Cloudten   Industries Who  Are  Cloudten ? • Advanced AWS Consulting Partner • Specialise in the design, delivery and support of cloud based infrastructure projects • Focus on cloud security and hybrid integration • We are a Puppet shop !
©opyright   2015   Cloudten   Industries

Recommandé

DevOps Sonatype Nexus Demo_2023.pdf
DevOps Sonatype Nexus Demo_2023.pdfDevOps Sonatype Nexus Demo_2023.pdf
DevOps Sonatype Nexus Demo_2023.pdfDevOps Tec
 
DevNation Live: Kafka and Debezium
DevNation Live: Kafka and DebeziumDevNation Live: Kafka and Debezium
DevNation Live: Kafka and DebeziumRed Hat Developers
 
Disaster Recovery and High Availability with Kafka, SRM and MM2
Disaster Recovery and High Availability with Kafka, SRM and MM2Disaster Recovery and High Availability with Kafka, SRM and MM2
Disaster Recovery and High Availability with Kafka, SRM and MM2Abdelkrim Hadjidj
 
LinkedIn Data Infrastructure Slides (Version 2)
LinkedIn Data Infrastructure Slides (Version 2)LinkedIn Data Infrastructure Slides (Version 2)
LinkedIn Data Infrastructure Slides (Version 2)Sid Anand
 
Change Data Streaming Patterns for Microservices With Debezium
Change Data Streaming Patterns for Microservices With Debezium Change Data Streaming Patterns for Microservices With Debezium
Change Data Streaming Patterns for Microservices With Debezium confluent
 
OPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
OPENSHIFT CONTAINER PLATFORM CI/CD Build & DeployOPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
OPENSHIFT CONTAINER PLATFORM CI/CD Build & DeployNatale Vinto
 
Advanced Change Data Streaming Patterns in Distributed Systems | Gunnar Morli...
Advanced Change Data Streaming Patterns in Distributed Systems | Gunnar Morli...Advanced Change Data Streaming Patterns in Distributed Systems | Gunnar Morli...
Advanced Change Data Streaming Patterns in Distributed Systems | Gunnar Morli...HostedbyConfluent
 
(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep DiveAmazon Web Services
 

Recommandé

DevOps Sonatype Nexus Demo_2023.pdf
DevOps Sonatype Nexus Demo_2023.pdfDevOps Sonatype Nexus Demo_2023.pdf
DevOps Sonatype Nexus Demo_2023.pdfDevOps Tec
 
DevNation Live: Kafka and Debezium
DevNation Live: Kafka and DebeziumDevNation Live: Kafka and Debezium
DevNation Live: Kafka and DebeziumRed Hat Developers
 
Disaster Recovery and High Availability with Kafka, SRM and MM2
Disaster Recovery and High Availability with Kafka, SRM and MM2Disaster Recovery and High Availability with Kafka, SRM and MM2
Disaster Recovery and High Availability with Kafka, SRM and MM2Abdelkrim Hadjidj
 
LinkedIn Data Infrastructure Slides (Version 2)
LinkedIn Data Infrastructure Slides (Version 2)LinkedIn Data Infrastructure Slides (Version 2)
LinkedIn Data Infrastructure Slides (Version 2)Sid Anand
 
Change Data Streaming Patterns for Microservices With Debezium
Change Data Streaming Patterns for Microservices With Debezium Change Data Streaming Patterns for Microservices With Debezium
Change Data Streaming Patterns for Microservices With Debezium confluent
 
OPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
OPENSHIFT CONTAINER PLATFORM CI/CD Build & DeployOPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
OPENSHIFT CONTAINER PLATFORM CI/CD Build & DeployNatale Vinto
 
Advanced Change Data Streaming Patterns in Distributed Systems | Gunnar Morli...
Advanced Change Data Streaming Patterns in Distributed Systems | Gunnar Morli...Advanced Change Data Streaming Patterns in Distributed Systems | Gunnar Morli...
Advanced Change Data Streaming Patterns in Distributed Systems | Gunnar Morli...HostedbyConfluent
 
(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep DiveAmazon Web Services
 
Cluster api - koss 2019
Cluster api - koss 2019Cluster api - koss 2019
Cluster api - koss 2019Esther Kim
 
AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS...
AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS...AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS...
AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS...Amazon Web Services
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 
CNCF and Cloud Native Intro
CNCF and Cloud Native IntroCNCF and Cloud Native Intro
CNCF and Cloud Native IntroCloud Native Bangalore
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsWeaveworks
 
Build and release in code with azure devops pipelines
Build and release in code with azure devops pipelinesBuild and release in code with azure devops pipelines
Build and release in code with azure devops pipelinesGian Maria Ricci
 
Change Data Streaming Patterns For Microservices With Debezium (Gunnar Morlin...
Change Data Streaming Patterns For Microservices With Debezium (Gunnar Morlin...Change Data Streaming Patterns For Microservices With Debezium (Gunnar Morlin...
Change Data Streaming Patterns For Microservices With Debezium (Gunnar Morlin...confluent
 
Ansible 101
Ansible 101Ansible 101
Ansible 101YI-CHING WU
 
stupid-simple-kubernetes-final.pdf
stupid-simple-kubernetes-final.pdfstupid-simple-kubernetes-final.pdf
stupid-simple-kubernetes-final.pdfDaniloQueirozMota
 
Disaster Recovery with MirrorMaker 2.0 (Ryanne Dolan, Cloudera) Kafka Summit ...
Disaster Recovery with MirrorMaker 2.0 (Ryanne Dolan, Cloudera) Kafka Summit ...Disaster Recovery with MirrorMaker 2.0 (Ryanne Dolan, Cloudera) Kafka Summit ...
Disaster Recovery with MirrorMaker 2.0 (Ryanne Dolan, Cloudera) Kafka Summit ...confluent
 
Microservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and KafkaMicroservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and KafkaAraf Karsh Hamid
 
A deep dive into Amazon MSK - ADB206 - Chicago AWS Summit
A deep dive into Amazon MSK - ADB206 - Chicago AWS SummitA deep dive into Amazon MSK - ADB206 - Chicago AWS Summit
A deep dive into Amazon MSK - ADB206 - Chicago AWS SummitAmazon Web Services
 
Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...
Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...
Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...Vietnam Open Infrastructure User Group
 
ActiveMQ Performance Tuning
ActiveMQ Performance TuningActiveMQ Performance Tuning
ActiveMQ Performance TuningChristian Posta
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSAmazon Web Services
 
Running Kubernetes on AWS.pdf
Running Kubernetes on AWS.pdfRunning Kubernetes on AWS.pdf
Running Kubernetes on AWS.pdfAmazon Web Services
 
Running gRPC Services for Serving Legacy API on Kubernetes
Running gRPC Services for Serving Legacy API on KubernetesRunning gRPC Services for Serving Legacy API on Kubernetes
Running gRPC Services for Serving Legacy API on KubernetesSungwon Lee
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
Know Your Topics – A Deep Dive on Topic IDs with KIP-516 with Justine Olshan ...
Know Your Topics – A Deep Dive on Topic IDs with KIP-516 with Justine Olshan ...Know Your Topics – A Deep Dive on Topic IDs with KIP-516 with Justine Olshan ...
Know Your Topics – A Deep Dive on Topic IDs with KIP-516 with Justine Olshan ...HostedbyConfluent
 
AWS PrivateLink - Deep Dive
AWS PrivateLink - Deep DiveAWS PrivateLink - Deep Dive
AWS PrivateLink - Deep DiveEnri Peters
 
AWS + Puppet = Dynamic Scale
AWS + Puppet = Dynamic ScaleAWS + Puppet = Dynamic Scale
AWS + Puppet = Dynamic ScaleShiva Narayanaswamy
 
Introduction to Packer and Suitcase: A Packer-based OS Image Build System
Introduction to Packer and Suitcase: A Packer-based OS Image Build SystemIntroduction to Packer and Suitcase: A Packer-based OS Image Build System
Introduction to Packer and Suitcase: A Packer-based OS Image Build SystemHubSpot Product Team
 

Contenu connexe

Tendances

Cluster api - koss 2019
Cluster api - koss 2019Cluster api - koss 2019
Cluster api - koss 2019Esther Kim
 
AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS...
AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS...AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS...
AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS...Amazon Web Services
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsWeaveworks
 
Build and release in code with azure devops pipelines
Build and release in code with azure devops pipelinesBuild and release in code with azure devops pipelines
Build and release in code with azure devops pipelinesGian Maria Ricci
 
Change Data Streaming Patterns For Microservices With Debezium (Gunnar Morlin...
Change Data Streaming Patterns For Microservices With Debezium (Gunnar Morlin...Change Data Streaming Patterns For Microservices With Debezium (Gunnar Morlin...
Change Data Streaming Patterns For Microservices With Debezium (Gunnar Morlin...confluent
 
stupid-simple-kubernetes-final.pdf
stupid-simple-kubernetes-final.pdfstupid-simple-kubernetes-final.pdf
stupid-simple-kubernetes-final.pdfDaniloQueirozMota
 
Disaster Recovery with MirrorMaker 2.0 (Ryanne Dolan, Cloudera) Kafka Summit ...
Disaster Recovery with MirrorMaker 2.0 (Ryanne Dolan, Cloudera) Kafka Summit ...Disaster Recovery with MirrorMaker 2.0 (Ryanne Dolan, Cloudera) Kafka Summit ...
Disaster Recovery with MirrorMaker 2.0 (Ryanne Dolan, Cloudera) Kafka Summit ...confluent
 
Microservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and KafkaMicroservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and KafkaAraf Karsh Hamid
 
A deep dive into Amazon MSK - ADB206 - Chicago AWS Summit
A deep dive into Amazon MSK - ADB206 - Chicago AWS SummitA deep dive into Amazon MSK - ADB206 - Chicago AWS Summit
A deep dive into Amazon MSK - ADB206 - Chicago AWS SummitAmazon Web Services
 
Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...
Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...
Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...Vietnam Open Infrastructure User Group
 
ActiveMQ Performance Tuning
ActiveMQ Performance TuningActiveMQ Performance Tuning
ActiveMQ Performance TuningChristian Posta
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSAmazon Web Services
 
Running gRPC Services for Serving Legacy API on Kubernetes
Running gRPC Services for Serving Legacy API on KubernetesRunning gRPC Services for Serving Legacy API on Kubernetes
Running gRPC Services for Serving Legacy API on KubernetesSungwon Lee
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
Know Your Topics – A Deep Dive on Topic IDs with KIP-516 with Justine Olshan ...
Know Your Topics – A Deep Dive on Topic IDs with KIP-516 with Justine Olshan ...Know Your Topics – A Deep Dive on Topic IDs with KIP-516 with Justine Olshan ...
Know Your Topics – A Deep Dive on Topic IDs with KIP-516 with Justine Olshan ...HostedbyConfluent
 
AWS PrivateLink - Deep Dive
AWS PrivateLink - Deep DiveAWS PrivateLink - Deep Dive
AWS PrivateLink - Deep DiveEnri Peters
 

Tendances (20)

Cluster api - koss 2019
Cluster api - koss 2019Cluster api - koss 2019
Cluster api - koss 2019
 
AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS...
AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS...AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS...
AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS...
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for Kubernetes
 
CNCF and Cloud Native Intro
CNCF and Cloud Native IntroCNCF and Cloud Native Intro
CNCF and Cloud Native Intro
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOps
 
Build and release in code with azure devops pipelines
Build and release in code with azure devops pipelinesBuild and release in code with azure devops pipelines
Build and release in code with azure devops pipelines
 
Change Data Streaming Patterns For Microservices With Debezium (Gunnar Morlin...
Change Data Streaming Patterns For Microservices With Debezium (Gunnar Morlin...Change Data Streaming Patterns For Microservices With Debezium (Gunnar Morlin...
Change Data Streaming Patterns For Microservices With Debezium (Gunnar Morlin...
 
Ansible 101
Ansible 101Ansible 101
Ansible 101
 
stupid-simple-kubernetes-final.pdf
stupid-simple-kubernetes-final.pdfstupid-simple-kubernetes-final.pdf
stupid-simple-kubernetes-final.pdf
 
Disaster Recovery with MirrorMaker 2.0 (Ryanne Dolan, Cloudera) Kafka Summit ...
Disaster Recovery with MirrorMaker 2.0 (Ryanne Dolan, Cloudera) Kafka Summit ...Disaster Recovery with MirrorMaker 2.0 (Ryanne Dolan, Cloudera) Kafka Summit ...
Disaster Recovery with MirrorMaker 2.0 (Ryanne Dolan, Cloudera) Kafka Summit ...
 
Microservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and KafkaMicroservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and Kafka
 
A deep dive into Amazon MSK - ADB206 - Chicago AWS Summit
A deep dive into Amazon MSK - ADB206 - Chicago AWS SummitA deep dive into Amazon MSK - ADB206 - Chicago AWS Summit
A deep dive into Amazon MSK - ADB206 - Chicago AWS Summit
 
Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...
Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...
Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...
 
ActiveMQ Performance Tuning
ActiveMQ Performance TuningActiveMQ Performance Tuning
ActiveMQ Performance Tuning
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKS
 
Running Kubernetes on AWS.pdf
Running Kubernetes on AWS.pdfRunning Kubernetes on AWS.pdf
Running Kubernetes on AWS.pdf
 
Running gRPC Services for Serving Legacy API on Kubernetes
Running gRPC Services for Serving Legacy API on KubernetesRunning gRPC Services for Serving Legacy API on Kubernetes
Running gRPC Services for Serving Legacy API on Kubernetes
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
Know Your Topics – A Deep Dive on Topic IDs with KIP-516 with Justine Olshan ...
Know Your Topics – A Deep Dive on Topic IDs with KIP-516 with Justine Olshan ...Know Your Topics – A Deep Dive on Topic IDs with KIP-516 with Justine Olshan ...
Know Your Topics – A Deep Dive on Topic IDs with KIP-516 with Justine Olshan ...
 
AWS PrivateLink - Deep Dive
AWS PrivateLink - Deep DiveAWS PrivateLink - Deep Dive
AWS PrivateLink - Deep Dive
 

En vedette

Introduction to Packer and Suitcase: A Packer-based OS Image Build System
Introduction to Packer and Suitcase: A Packer-based OS Image Build SystemIntroduction to Packer and Suitcase: A Packer-based OS Image Build System
Introduction to Packer and Suitcase: A Packer-based OS Image Build SystemHubSpot Product Team
 
Amazon Aurora: The New Relational Database Engine from Amazon
Amazon Aurora: The New Relational Database Engine from AmazonAmazon Aurora: The New Relational Database Engine from Amazon
Amazon Aurora: The New Relational Database Engine from AmazonAmazon Web Services
 
Self Service Agile Infrastructure for Product Teams - Pop-up Loft Tel Aviv
Self Service Agile Infrastructure for Product Teams - Pop-up Loft Tel AvivSelf Service Agile Infrastructure for Product Teams - Pop-up Loft Tel Aviv
Self Service Agile Infrastructure for Product Teams - Pop-up Loft Tel AvivAmazon Web Services
 
Deep Dive: Amazon Elastic MapReduce
Deep Dive: Amazon Elastic MapReduceDeep Dive: Amazon Elastic MapReduce
Deep Dive: Amazon Elastic MapReduceAmazon Web Services
 
OAuth 2.0 refresher Talk
OAuth 2.0 refresher TalkOAuth 2.0 refresher Talk
OAuth 2.0 refresher Talkmarcwan
 
Using cobbler in a not so small environment 1.77
Using cobbler in a not so small environment 1.77Using cobbler in a not so small environment 1.77
Using cobbler in a not so small environment 1.77chhorn
 
ILM - Pipeline in the cloud
ILM - Pipeline in the cloudILM - Pipeline in the cloud
ILM - Pipeline in the cloudAaron Carey
 
Beyond Shuffling - Effective Tips and Tricks for Scaling Spark (Vancouver Sp...
Beyond Shuffling - Effective Tips and Tricks for Scaling Spark (Vancouver Sp...Beyond Shuffling - Effective Tips and Tricks for Scaling Spark (Vancouver Sp...
Beyond Shuffling - Effective Tips and Tricks for Scaling Spark (Vancouver Sp...Holden Karau
 
Architecting for Greater Security on AWS
Architecting for Greater Security on AWSArchitecting for Greater Security on AWS
Architecting for Greater Security on AWSAmazon Web Services
 
Py.test
Py.testPy.test
Py.testsoasme
 
Using Puppet and Cobbler to Automate Your Infrastructure
Using Puppet and Cobbler to Automate Your InfrastructureUsing Puppet and Cobbler to Automate Your Infrastructure
Using Puppet and Cobbler to Automate Your InfrastructurePhil Windley
 
(CMP407) Lambda as Cron: Scheduling Invocations in AWS Lambda
(CMP407) Lambda as Cron: Scheduling Invocations in AWS Lambda(CMP407) Lambda as Cron: Scheduling Invocations in AWS Lambda
(CMP407) Lambda as Cron: Scheduling Invocations in AWS LambdaAmazon Web Services
 
Deep Dive - Amazon Elastic MapReduce (EMR)
Deep Dive - Amazon Elastic MapReduce (EMR)Deep Dive - Amazon Elastic MapReduce (EMR)
Deep Dive - Amazon Elastic MapReduce (EMR)Amazon Web Services
 
Building the enterprise data architecture
Building the enterprise data architectureBuilding the enterprise data architecture
Building the enterprise data architectureCosta Pissaris
 
Enterprise Master Data Architecture
Enterprise Master Data ArchitectureEnterprise Master Data Architecture
Enterprise Master Data ArchitectureBoris Otto
 
IOCs for modern threat landscape-slideshare
IOCs for modern threat landscape-slideshareIOCs for modern threat landscape-slideshare
IOCs for modern threat landscape-slideshareSai Kesavamatham
 

En vedette (20)

AWS + Puppet = Dynamic Scale
AWS + Puppet = Dynamic ScaleAWS + Puppet = Dynamic Scale
AWS + Puppet = Dynamic Scale
 
Introduction to Packer and Suitcase: A Packer-based OS Image Build System
Introduction to Packer and Suitcase: A Packer-based OS Image Build SystemIntroduction to Packer and Suitcase: A Packer-based OS Image Build System
Introduction to Packer and Suitcase: A Packer-based OS Image Build System
 
Amazon Aurora: The New Relational Database Engine from Amazon
Amazon Aurora: The New Relational Database Engine from AmazonAmazon Aurora: The New Relational Database Engine from Amazon
Amazon Aurora: The New Relational Database Engine from Amazon
 
Self Service Agile Infrastructure for Product Teams - Pop-up Loft Tel Aviv
Self Service Agile Infrastructure for Product Teams - Pop-up Loft Tel AvivSelf Service Agile Infrastructure for Product Teams - Pop-up Loft Tel Aviv
Self Service Agile Infrastructure for Product Teams - Pop-up Loft Tel Aviv
 
Deep Dive: Amazon Elastic MapReduce
Deep Dive: Amazon Elastic MapReduceDeep Dive: Amazon Elastic MapReduce
Deep Dive: Amazon Elastic MapReduce
 
OAuth 2.0 refresher Talk
OAuth 2.0 refresher TalkOAuth 2.0 refresher Talk
OAuth 2.0 refresher Talk
 
Using cobbler in a not so small environment 1.77
Using cobbler in a not so small environment 1.77Using cobbler in a not so small environment 1.77
Using cobbler in a not so small environment 1.77
 
ILM - Pipeline in the cloud
ILM - Pipeline in the cloudILM - Pipeline in the cloud
ILM - Pipeline in the cloud
 
Application Delivery Patterns
Application Delivery PatternsApplication Delivery Patterns
Application Delivery Patterns
 
Nginx lua
Nginx luaNginx lua
Nginx lua
 
Beyond Shuffling - Effective Tips and Tricks for Scaling Spark (Vancouver Sp...
Beyond Shuffling - Effective Tips and Tricks for Scaling Spark (Vancouver Sp...Beyond Shuffling - Effective Tips and Tricks for Scaling Spark (Vancouver Sp...
Beyond Shuffling - Effective Tips and Tricks for Scaling Spark (Vancouver Sp...
 
Architecting for Greater Security on AWS
Architecting for Greater Security on AWSArchitecting for Greater Security on AWS
Architecting for Greater Security on AWS
 
Py.test
Py.testPy.test
Py.test
 
Survival Analysis of Web Users
Survival Analysis of Web UsersSurvival Analysis of Web Users
Survival Analysis of Web Users
 
Using Puppet and Cobbler to Automate Your Infrastructure
Using Puppet and Cobbler to Automate Your InfrastructureUsing Puppet and Cobbler to Automate Your Infrastructure
Using Puppet and Cobbler to Automate Your Infrastructure
 
(CMP407) Lambda as Cron: Scheduling Invocations in AWS Lambda
(CMP407) Lambda as Cron: Scheduling Invocations in AWS Lambda(CMP407) Lambda as Cron: Scheduling Invocations in AWS Lambda
(CMP407) Lambda as Cron: Scheduling Invocations in AWS Lambda
 
Deep Dive - Amazon Elastic MapReduce (EMR)
Deep Dive - Amazon Elastic MapReduce (EMR)Deep Dive - Amazon Elastic MapReduce (EMR)
Deep Dive - Amazon Elastic MapReduce (EMR)
 
Building the enterprise data architecture
Building the enterprise data architectureBuilding the enterprise data architecture
Building the enterprise data architecture
 
Enterprise Master Data Architecture
Enterprise Master Data ArchitectureEnterprise Master Data Architecture
Enterprise Master Data Architecture
 
IOCs for modern threat landscape-slideshare
IOCs for modern threat landscape-slideshareIOCs for modern threat landscape-slideshare
IOCs for modern threat landscape-slideshare
 

Similaire à Masterless Puppet Using AWS S3 Buckets and IAM Roles

Week 4 lecture material cc (1)
Week 4 lecture material cc (1)Week 4 lecture material cc (1)
Week 4 lecture material cc (1)Ankit Gupta
 
Cloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAconCloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAconMario-Leander Reimer
 
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB201904_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019Kumton Suttiraksiri
 
Security and Advanced Automation in the Enterprise
Security and Advanced Automation in the EnterpriseSecurity and Advanced Automation in the Enterprise
Security and Advanced Automation in the EnterpriseAmazon Web Services
 
Workshop - Openstack, Cloud Computing, Virtualization
Workshop - Openstack, Cloud Computing, VirtualizationWorkshop - Openstack, Cloud Computing, Virtualization
Workshop - Openstack, Cloud Computing, VirtualizationJayaprakash R
 
Openstack workshop @ Kalasalingam
Openstack workshop @ KalasalingamOpenstack workshop @ Kalasalingam
Openstack workshop @ KalasalingamBeny Raja
 
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...Emerson Eduardo Rodrigues Von Staffen
 
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...Amazon Web Services
 
Continuous Deployment @ AWS Re:Invent
Continuous Deployment @ AWS Re:InventContinuous Deployment @ AWS Re:Invent
Continuous Deployment @ AWS Re:InventJohn Schneider
 
Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...
Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...
Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...Amazon Web Services
 
OpenStack Technology Overview
OpenStack Technology OverviewOpenStack Technology Overview
OpenStack Technology OverviewOpen Stack
 
Mythical Mysfits: Monolith to Microservices with Docker and Fargate - MAD305 ...
Mythical Mysfits: Monolith to Microservices with Docker and Fargate - MAD305 ...Mythical Mysfits: Monolith to Microservices with Docker and Fargate - MAD305 ...
Mythical Mysfits: Monolith to Microservices with Docker and Fargate - MAD305 ...Amazon Web Services
 
How (and why) to roll your own Docker SaaS
How (and why) to roll your own Docker SaaSHow (and why) to roll your own Docker SaaS
How (and why) to roll your own Docker SaaSRyan Crawford
 
Oscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby projectOscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby projectPatrick Chanezon
 
Top 3 reasons why you should run your Enterprise workloads on GKE
Top 3 reasons why you should run your Enterprise workloads on GKETop 3 reasons why you should run your Enterprise workloads on GKE
Top 3 reasons why you should run your Enterprise workloads on GKESreenivas Makam
 
Dockerization of Azure Platform
Dockerization of Azure PlatformDockerization of Azure Platform
Dockerization of Azure Platformnirajrules
 
Tear It Down, Build It Back Up: Empowering Developers with Amazon CloudFormation
Tear It Down, Build It Back Up: Empowering Developers with Amazon CloudFormationTear It Down, Build It Back Up: Empowering Developers with Amazon CloudFormation
Tear It Down, Build It Back Up: Empowering Developers with Amazon CloudFormationJames Andrew Vaughn
 
Weave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 RecapWeave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 RecapPatrick Chanezon
 

Similaire à Masterless Puppet Using AWS S3 Buckets and IAM Roles (20)

Week 4 lecture material cc (1)
Week 4 lecture material cc (1)Week 4 lecture material cc (1)
Week 4 lecture material cc (1)
 
Cloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAconCloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAcon
 
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB201904_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
 
Fiware cloud developers week brussels
Fiware cloud developers week brusselsFiware cloud developers week brussels
Fiware cloud developers week brussels
 
Security and Advanced Automation in the Enterprise
Security and Advanced Automation in the EnterpriseSecurity and Advanced Automation in the Enterprise
Security and Advanced Automation in the Enterprise
 
citus™ iot ecosystem
citus™ iot ecosystemcitus™ iot ecosystem
citus™ iot ecosystem
 
Workshop - Openstack, Cloud Computing, Virtualization
Workshop - Openstack, Cloud Computing, VirtualizationWorkshop - Openstack, Cloud Computing, Virtualization
Workshop - Openstack, Cloud Computing, Virtualization
 
Openstack workshop @ Kalasalingam
Openstack workshop @ KalasalingamOpenstack workshop @ Kalasalingam
Openstack workshop @ Kalasalingam
 
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
 
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
 
Continuous Deployment @ AWS Re:Invent
Continuous Deployment @ AWS Re:InventContinuous Deployment @ AWS Re:Invent
Continuous Deployment @ AWS Re:Invent
 
Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...
Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...
Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...
 
OpenStack Technology Overview
OpenStack Technology OverviewOpenStack Technology Overview
OpenStack Technology Overview
 
Mythical Mysfits: Monolith to Microservices with Docker and Fargate - MAD305 ...
Mythical Mysfits: Monolith to Microservices with Docker and Fargate - MAD305 ...Mythical Mysfits: Monolith to Microservices with Docker and Fargate - MAD305 ...
Mythical Mysfits: Monolith to Microservices with Docker and Fargate - MAD305 ...
 
How (and why) to roll your own Docker SaaS
How (and why) to roll your own Docker SaaSHow (and why) to roll your own Docker SaaS
How (and why) to roll your own Docker SaaS
 
Oscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby projectOscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby project
 
Top 3 reasons why you should run your Enterprise workloads on GKE
Top 3 reasons why you should run your Enterprise workloads on GKETop 3 reasons why you should run your Enterprise workloads on GKE
Top 3 reasons why you should run your Enterprise workloads on GKE
 
Dockerization of Azure Platform
Dockerization of Azure PlatformDockerization of Azure Platform
Dockerization of Azure Platform
 
Tear It Down, Build It Back Up: Empowering Developers with Amazon CloudFormation
Tear It Down, Build It Back Up: Empowering Developers with Amazon CloudFormationTear It Down, Build It Back Up: Empowering Developers with Amazon CloudFormation
Tear It Down, Build It Back Up: Empowering Developers with Amazon CloudFormation
 
Weave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 RecapWeave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 Recap
 

Dernier

Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecurePooja Nehwal
 
Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023ymrp368
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxolyaivanovalion
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAroojKhan71
 
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxfirstjob4
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxRavak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxolyaivanovalion
 
BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxBigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxolyaivanovalion
 
Ukraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSUkraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSAishani27
 
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Callshivangimorya083
 
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Industrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfIndustrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfLars Albertsson
 
CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxolyaivanovalion
 
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiLow Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiSuhani Kapoor
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfRachmat Ramadhan H
 
April 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's AnalysisApril 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's Analysismanisha194592
 
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998YohFuh
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptxAnupama Kate
 
B2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxB2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxStephen266013
 

Dernier (20)

Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
 
Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptx
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
 
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptx
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxRavak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptx
 
BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxBigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptx
 
Ukraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSUkraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICS
 
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
 
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
 
Industrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfIndustrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdf
 
CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptx
 
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiLow Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
 
Sampling (random) method and Non random.ppt
Sampling (random) method and Non random.pptSampling (random) method and Non random.ppt
Sampling (random) method and Non random.ppt
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
 
April 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's AnalysisApril 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's Analysis
 
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx
 
B2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxB2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docx
 

Masterless Puppet Using AWS S3 Buckets and IAM Roles

  • 1. ©opyright   2015   Cloudten   Industries
  • 2. ©opyright   2015   Cloudten   Industries Copyright statement: This document contains a presentation given to the Puppet User Group by Cloudten Industries in January 2016. It has been made available freely for educational purposes. No part of this document may be reproduced or modified without the express written consent of the author.
  • 3. Copyright 2015   Cloudten   Industries • Project Overview • Technology Stack • Puppet builds and deployments • Security • Issues • Q&A
  • 4. Copyright 2015   Cloudten   Industries Project  Overview • Client was a startup with VC backing. • They wanted to build a mobile social media app: • Dynamically scalable up to 100,000 hits per second • Cross site active/active with real time DR • Multiple test environments to be stood up/down at will • End to end security with encryption at rest • Engaged separate mobile and web app developers
  • 5. Copyright 2015   Cloudten   Industries Multiple  Development  Teams Company  A: Mobile   development  team  in   Melbourne Company  B: Web  App   development  team  in   Perth/India
  • 6. Copyright 2015   Cloudten   Industries Multiple  Development  Teams • Using  Xamarin  Studio  to  create   Apple  and  Android  front  ends • Require  access  to  code  base  to   publish  WSDLs  under  web  app • Require  access  to  app  logs • Using  a  JDK  to  create  a  J2EE   app  running  in  Tomcat • Require  access  to  entire  web   app  code  base • Require  access  to  more  logs
  • 7. Copyright 2015   Cloudten   Industries What  Did  We  Need  to  Solve  ? • Client didn’t have (or want) any full time IT staff. • Client did want: – Hands off builds and app deployments – Self managed consistent server fleet – No outage deployments – No direct access to infrastructure from developers
  • 8. Copyright 2015   Cloudten   Industries Hosting  in  AWS • AWS provide on-demand scalable resources • Facility to implement “Infrastructure as Code” • Secure and durable object storage for code drops • Fine grained security controls to create server roles and limit developer access. • Additional services to co-ordinate deployments (Lambda, SNS, SQS)
  • 9. Copyright 2015   Cloudten   Industries AWS  Autoscaling AWS can automatically add (and remove) servers to a load balancer pool based on a given metric ( eg. CPU or number of connections) Scaling  trigger  hit Scale  out  to  share  the  load
  • 10. Copyright 2015   Cloudten   Industries How  does  it  work  ? • Launches and builds identical virtual machines • Destroys them with reckless abandon. • Essential to get all logs into a central store • Any generated content must be shared (i.e. can’t be stored on a local machine) • The instance launch can trigger a build process (e.g. Puppet )
  • 11. Copyright 2015   Cloudten   Industries Automated  Server  Builds Start  with  base  Amazon Linux  Image Invoke  bootstrap  script Install  Puppet  RPM S3  sync  config and Puppet  manifests Puppet  Apply
  • 12. Copyright 2015   Cloudten   Industries Puppet  Build  Tasks • Linux security patching and kernel hardening • Define custom package repositories • AWS tagging using facter – Querying metadata to set instance specific tags – Set tags for environment variables to be used later • Package installation, config and version enforcement – NGINX, WAF, Tomcat, monit, sumo agents etc • Configuration management – functional users, public keys, cron jobs, log rotations, system health checks
  • 13. Copyright 2015   Cloudten   Industries EC2  Tagging  with  Facter # Sets hostname class common::hostname { require aws file { '/etc/hostname': ensure => 'present', owner => 'root', group => 'root', mode => '0644', content => template('common/hostname.erb'), notify => [ Exec['Set Hostname'], Exec['Set EC2 Name-tag'] ], } ... exec { 'Set Hostname': command => "/bin/hostname -F /etc/hostname", unless => "/usr/bin/test `hostname` = `/bin/cat /etc/hostname`", refreshonly => 'true', } exec { 'Set EC2 Name-tag': command => '/usr/local/bin/setec2nametag', unless => '/usr/bin/test `/usr/local/bin/facter ec2_tag_Name` = `/bin/cat /etc/hostname`', } }
  • 14. Copyright 2015   Cloudten   Industries Kernel  Tuning # sysctl class class common::sysctl { file { '/etc/sysctl.conf': source => 'puppet:///modules/common/sysctl.conf', owner => 'root', group => 'root', mode => '0644', notify => Exec['Refresh sysctl'], } exec { 'Refresh sysctl': command => '/sbin/sysctl -q -p', refreshonly => 'true', } }
  • 15. Copyright 2015   Cloudten   Industries Developer  Code  Drops MySQL App
  • 16. Copyright 2015   Cloudten   Industries Event  Based  Triggers cron 1 2 334 4 5 5 cron control script 6 7 Complete  deployment  and   set  a  marker  file  as  a  trigger Check  for  marker. If  present  put  message   on  SQS  queue CS  checks  for  message on  queue Get   message  from  queue S3  sync  of  changes to  staging  area Puppet  applies  changes   and  restarts  services
  • 17. Copyright 2015   Cloudten   Industries How  Does  that  Queue  Work  ? • Lambda creates the queue once it detects trigger file (if it doesn’t exist already) • Lambda queries the auto-scaling group and creates a message on the SQS queue for each member. It then deletes trigger file • Each message has a 30 minute expiry ( deployments usually take <5 minutes) • SQS queue has multiple consumers ( app servers) • App server checks for its own message, retrieves then deletes it once deployment is successful. • Lambda periodically checks for messages about to expire and the dead letter queue. Triggers an email alert if there is an issue.
  • 18. Copyright 2015   Cloudten   Industries Puppet  Deployment  Tasks Check for changes in staging content area Sync content Check for configuration file changes in staging areas Apply changes Restart/reload relevant services Random sleep
  • 19. Copyright 2015   Cloudten   Industries Puppet  Deployment  Tasks # Conf dir file { '/etc/nginx/conf': ensure => ‘directory’, source => 'puppet:///modules/nginx/conf', recurse => true notify => Service[’nginx'], require => Package[’nginx'], } # WAF rules file { '/etc/nginx/waf/modsec_waf.rules': source => 'puppet:///modules/nginx/waf/modsec_waf.rules', ... notify => Service[’waf'], require => Service[‘nginx’]. require => Package[’nginx'], }
  • 20. Copyright 2015   Cloudten   Industries AWS  IAM  Users/Groups/Roles • IAM (Identity & Access Management) allows fine grained user, group and role definitions • S3 Bucket policies add a further level of security to restrict access to resources stored in S3 • Web developer bucket policy allows full access for web dev group • Mobile developer bucket policy allows full access for mobile dev group and read only access for web dev group
  • 21. Copyright 2015   Cloudten   Industries IAM  Users
  • 22. Copyright 2015   Cloudten   Industries IAM  Users { … { "Sid":  "AllowS3ListAccessToBucket", "Effect":  "Allow", "Principal":   { "AWS":  "arn:aws:iam::123456789101:group/webdevs" }, "Action":  "s3:ListBucket", "Resource":  "arn:aws:s3:::fdsr-­‐webcontent-­‐puppet-­‐prod" }, { "Sid":  "AllowS3AccessToModules", "Effect":  "Allow", "Principal":   { "AWS":  [ "arn:aws:iam::123456789101:group/webdevs", "arn:aws:iam::123456789101:role/iam-­‐ec2-­‐webrole", ] }, "Action":  [ "s3:AbortMultipartUpload", "s3:GetObjectAcl", "s3:DeleteObject", "s3:GetObject", "s3:PutObjectAcl", "s3:PutObject" ], "Resource":  "arn:aws:s3:::fdsr-­‐webcontent-­‐puppet-­‐prod/modules/webapp/files*" } ] }
  • 23. Copyright 2015   Cloudten   Industries IAM  Users/Groups/Roles App Server
  • 24. Copyright 2015   Cloudten   Industries IAM  Users/Groups/Roles IAM roles allow dynamically launched virtual servers to securely access credentials by querying locally accessible metadata at the special use IP address 169.254.169.254 $ curl http://169.254.169.254/latest/meta-data/iam/security-credentials/s3read-only { "Code" : "Success", "LastUpdated" : "2015-04-26T16:39:16Z", "Type" : "AWS-HMAC", "AccessKeyId" : "AKIAIOSFODNN7EXAMPLE", "SecretAccessKey" : "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "Token" : "token", "Expiration" : "2015-04-27T22:39:16Z" }
  • 25. Copyright 2015   Cloudten   Industries Why  Masterless Puppet • Less instances to manage ( no IT staff to manage it ) • No access for developers to internal infrastructure • Not Enterprise Puppet • No need to manage Puppet certificates ( AWS API calls are all encrypted and IAM enforces authentication)
  • 26. Copyright 2015   Cloudten   Industries What  Issues  Did  We  Have  ? • Enforced versions being removed from repos • Auto-scaling and healthcheck tuning • S3 sync not handling zero byte files properly • Event trigger mechanism needed tweeking • Developers storing files on local instances • S3FS. Don’t use it ! EVER !
  • 27. Copyright 2015   Cloudten   Industries Who  Are  Cloudten ? • Advanced AWS Consulting Partner • Specialise in the design, delivery and support of cloud based infrastructure projects • Focus on cloud security and hybrid integration • We are a Puppet shop !
  • 28. ©opyright   2015   Cloudten   Industries