Config Management Camp 2024 Ghent

To see our schedule with full functionality, like timezone conversion and personal scheduling, please enable JavaScript and go here.
09:15
09:15
25min
Opening Talk
Toshaan Bharvani, Kris Buytaert

Welcome + Practical instructions

D.Aud
09:40
09:40
50min
Collaborative Intelligence - both AI and Humans in the loop
Patrick Debois

Devops thrives both on automation and collaboration. Although AI and Devops have crossed paths before, 2023 opened up a whole new can of possibilities. I'll walk you through the current state of AI and humans working together through the lens of DevOps. Will we see AI team topologies soon ? Will we finally get rid of YAML ? Anything can happen between the time I wrote this abstract and me presenting. Stay tuned...

Main
D.Aud
10:40
10:40
50min
Moving from Spaghetti Infrastructure to Composable Cloud Environments
Kief Morris

Running software in the cloud should help a digital business respond quickly to its customers needs and to business opportunities. The reality is that, even using Infrastructure as Code automation tools like Terraform and CDK, infrastructure and platform teams are stuck maintaining a fragile mess of custom scripts and environments, and find themselves as an overworked bottleneck rather than an enabler for value.

It’s time we moved beyond spaghetti infrastructure architectures.

Kief Morris, the author of the O’Reilly book Infrastructure as Code and Thoughtworks global lead for infrastructure engineering practices, shares architectural patterns for infrastructure as code architecture, driven by three principles. The first principle is delivering infrastructure code as loosely coupled, composable components to share capabilities. The second is application-driven provisioning to empower product teams to deliver value. The third is distributed consistency to ensure governance and operational quality.

Main
D.Aud
11:30
11:30
50min
What's new and cool?
Adam Jacob

A whirlwind tour of everything that's new in DevOps, why they are interesting, and how they can inspire you to create the next wave of amazing technologies.

D.Aud
12:20
12:25
12:25
5min
a Pint size introduction to SLO
Bram Vogelaar

Athletes, Firemen and Doctors train everyday to be the best at their chosen profession. As engineers we spend much of our time getting stuff to production and making sure our infrastructure doesn’t burn down out right. We however spend very little time learning to understand and respond to outages. Does our platform degrade in a graceful way or what does a high CPU load really mean? What can we learn from level 1 outages to be able to run our platforms more reliably.

D.Aud
12:30
12:30
5min
Opening the documentation trapdoor: There’s something down there
Dylan Ratcliffe

We’ve all got a Confluence/Notion/Sharepoint trapdoor with some scary things that haven’t seen the light of day in years. In this Ignite session we’re going to be brave like Berk and open the trapdoor to the deepest darkest reaches of your docs and see what new techniques we can use to tame them.

D.Aud
12:35
12:35
5min
Your Business Isn't Green Enough
Felix Frank

All your servers run on Green Energy. Your cloud provider plants a tree for any VM you spin up. Your employer bought emission certificates for you and all your colleagues last christmas. And yet, the climate crisis seems to keep escalating year by year. What else can we do? This ignite talk might be disturbing, but will also try to offer some insight into our options.

Main
D.Aud
12:40
12:40
5min
Same, same but different(ly alike)? Jet in comparison to Ansible.
Mar

Jet, also known as the Enterprise Professional Orchestrator, is an open-source program developed by the community. It shares some commonalities with Ansible in terms of its features and applications. However, each of these configuration tools possesses unique characteristics that set them apart. The Ignite Talk aims to shed light on these key differences and encourages the audience to give Jet a try.

D.Aud
12:45
12:45
5min
Change Your Architecture and Save the World
Aaron Williams

Data Centers are using more and more energy to the point they are using 5-10% of the world's energy. But did you know that by changing your chip architecture to a modern architecture, you can help save the world

Ignite
D.Aud
12:50
12:50
5min
Open Source Turns to the Dark Side?? I Told Ya!
Dotan Horovits @horovits

Open Source Turns to the Dark Side?? I Told Ya!

D.Aud
14:00
14:00
50min
Ansible - State of the Community
Greg Sutcliffe

It's time for the yearly look at where we've come from, how we're doing, and where we're going.

Ansible
B.1.017
14:00
50min
Everything you need to know about OpenTofu
Sebastian Stadil

Free of commercial constraints, it is growing into its own project, with OpenTofu-exclusive features such as client-side state encryption, parameterized backends, parameterized module sources.

Come for a quick rundown on the progress on the project, followed by a community Q&A, with core opentofu contributor Sebastian Stadil.

OpenTofu
D.Aud
14:00
50min
Finding config management's place in the continuous delivery pipeline
Justin Findlay

In a small environment a single devops engineer or team of engineers can automate changes to production with a well tuned configuration management system. In a large production environment that spans the globe and contains more functional parts than a single team could manage, running config management as continuous delivery is practically untenable. Risky changes need to be incremented by smaller deployment steps or separated into smaller deliverables. High risk services and locations need more validation time before accepting changes. With many teams pushing dozens of changes to production daily, there is a need for health-mediated deployment. Ideally, service owners self-serve change management+health metrics with state enforcement completely decoupled and below the API.

B.3.036
14:00
25min
Foreman community update
Ewoud Kohl van Wijngaarden

As always, an update what has happened in the Foreman community since the previous configuration management camp.

Foreman
B.3.037
14:00
50min
Software Bill of Materials from a Software Configuration Management Perspective
Lars Bendix, Andreas Göransson

Why should developers be interested in SBoM? Because SBoMs can provide much value to their daily work and because developers are the optimal producers of SBoMs.

The first part of this talk will briefly present the main results of a white paper we published last year.

In the second part, we will dig deeper into lessons learned through constructive comments and discussions we have had with people since the publication of the white paper. We shift the focus away from Cyber Security and over to how SBoMs can be a useful resource to developers and any other part of an organisation in their day-to-day work. Finally, we talk about the consequences for how you produce and consume SBoMs and SBoM information.

After this session, you will know that SBoM is a hard-core SCM concept - and why you should love SBoMs!

Main
B.Con
14:00
25min
Terraforming with Ansible
Tim Appnel

Ansible and Terraform (OpenTofu) are two very powerful but unique automation tools that are often compared competitively. Simply put, choosing which of these tools to use is not always an "either / or" choice — often it’s an "and." In this talk we see how they can be better together.

Ansible
B.1.015
14:25
14:25
25min
CVE scanning of Foreman hosts
Bernhard Suttner

Let's discuss the possibilities of using CVE scanners like trivy and grype on Foreman hosts to improve the security of the systems - including 3rd party applications.

Which possibilities are there to integrate CVE scanners into Foreman; display the results in the Foreman UI and create a security report.

Foreman
B.3.037
14:25
25min
Showcasing Ansible Semaphore
Robert Waffen

Showcasing Ansible Semaphore

Ansible
B.1.015
14:50
14:50
50min
"Crossplane 101: From Declarative Dreams to Infrastructure Realities"
Arman Nourifar

Crossplane, a promising CNCF project, extends the power of Kubernetes to manage and provision infrastructure. It provides continuous reconciliation and declarative state management and aims to streamline infrastructure provisioning and management.

This presentation will cover key aspects, from the fundamentals of how Crossplane operates to practical insights on how to leverage its capabilities and if/where it should be used over other IaC tools like Terraform.

At the end of the presentation, I will touch up on some new features and gotchas and common practices when using Crossplane and some future nice to haves that I am looking forward to being added to the project.

Main
D.Aud
14:50
50min
Automating your Monitoring Environment with the Checkmk Ansible Collection
Lars Getwan

Discover the power of Checkmk and Ansible for comprehensive monitoring solutions!


By utilizing the Checkmk Ansible Collection, administrators can effortlessly automate their monitoring environment, leveraging the inherent efficiency of Ansible.


This Ansible collection is the result of collaborative efforts from a group of community members who shared a common goal—to seamlessly integrate Checkmk with Ansible. We are proud to say that this project has now evolved into a valuable tool for streamlined monitoring processes.


In this session, we will take you through the developmental journey of this integration. We will demonstrate how you can effectively harness the capabilities of Ansible to enhance monitoring convenience and optimize your overall workflow.

Ansible
B.3.039
14:50
50min
Content Management Automation With Katello
Ian Ballou

Katello adds a suite of content management tools to Foreman. Do you need to automate patching for thousands of systems? Do you need a snapshot of your content carried across a lifecycle? If these topics pique your interest, then Katello could be for you. In this presentation, I will give an introduction to Katello and demonstrate new features that have come out recently.

Katello
B.3.037
14:50
50min
Enhancing Ansible Content within Open Source Projects
Nejc Slabe

Ansible is a powerful tool for automating IT tasks, but it can be challenging to create and maintain high-quality playbooks. In this session, you'll learn about tools that can help you automatically scan and improve your Ansible content, as well as how to use these tools to contribute to the Ansible community and open-source projects.

We'll cover:
- tools for creating and maintaining high-quality playbooks,
- how to scan and improve public content using these tools, and
- how these tools contribute to the Ansible community and open-source projects.

Join us to learn how to use these tools to scan open-source projects and boost Ansible content, fostering collaboration and improvement in the open-source world.

Ansible
B.1.015
14:50
50min
Introduction to Event-Driven Ansible
Alexey Rusakov

Event-Driven Ansible is a relatively new addition to the Ansible ecosystem, meant to extend the number of ways automation can be triggered and to introduce a customisation point for the logic to trigger that automation, outside of any specific reporting or management system. The talk will discuss the rationale for the project, overview the functionality and features, and conclude with a few considerations on its usage.

Ansible
B.1.017
14:50
50min
Near Realtime Cloud Cost Monitoring - or why the internet is a terrible place to run a RCEaaS
Graham Hayes

As part of our learning tools at Udemy, we allow students to access real cloud (AWS, Azure, soon GCP) accounts and boot real resources.

Obviously, in the age of cryptojacking, bot nets, and people looking to make a HackerOne bounty this is a risky proposition for us, and could be open to abuse, which combined with the major cloud providers billing data being 8-12 hours delayed could cause a lot of additional cost.

To help combat this, our team prototyped a "Digital Twin" style system based on audit events for resource creation & deletion. We will run through the successes, failures, and long term issues we ran into, and how this could be fixed in the longer term, and how (and why) we abused the K8S APIs to drive an event based system for it.

B.Con
14:50
50min
Why does THIS node have THAT config?
Martin Alfke

Within Puppet one can separate code and data using Hiera - a hierarchical data backend.
Data itself can be queried from Puppet modules.
This allows Puppet developers to provide generic code, where other people - like application responsible teams - can take over the configuration details by providing data only.
Data is usually YAML format - which many people consider being simple to learn.

Hiera also allows one to make use of individual data merges to reflect individual system needs.
One might find it challenging when it comes to analysing the result of a lookup and comparing these between different nodes.
Hiera Data Manager (HDM) provides a Web UI to Hiera data.

I am going to explain Hiera, the way how you can modify results and access shared data and how HDM can help analysing data results or issues.

Puppet
B.2.015
15:55
15:55
50min
Automating project documentation for the win
Don Naro

Documentation is a critical component of any project from a user perspective and, for open-source projects, one of the most common areas for contributions. However as projects increase in size and complexity, so does the task of maintaining documentation across multiple releases. Adding numerous documentation projects significantly compounds the need for streamlined processes that reduce overhead. This talk is going to look at some pain points that the Ansible community documentation was facing at the start of the year and how we have collaboratively solved them to everyone's benefit. Along the way we'll look at some techniques, ci/cd pipelines, extending trust and ownership to the community, and lots more.

Ansible
B.1.015
15:55
50min
CI/CD Pipelines for Cloud Infrastructure
Michael Lihs

How can you automate your infrastructure-as-code deployments into a reliable, easily reproducible process that allows you to deliver infrastructure changes in small batches.

DevOps
B.3.036
15:55
50min
Holy crap, that landscape.cncf.io is crazy; how do I navigate it?
JJ Asghar

You have the backing you need to move to cloud native. But as you’re doing more research, you come across landscape.cncf.io, or someone jokingly told you to look at it. You start to wonder what craziness did you sign yourself up for. You’ve come to this talk to help gain some advice on how this comes together and hopefully leave with a better understanding of what you need to do.

Container
B.Con
15:55
50min
Patch reporting with Foreman
Jan Bundesmann

Foreman/Katello can perfectly show us the current status of our infrastructure. But how about reviewing past operations? While audits can show actions performed on foreman, patching managed hosts is not necessarily mediated through the central server.

This talks presents a way to gather package versions as a function of time. Issues we will discuss is performance of API requests and homogenizing package information for RPMs and DEBs.

Foreman
B.3.037
15:55
50min
Putting Ansible metrics in Prometheus because why not ¯\_(ツ)_/¯
David Moreau-Simard, Daniel Mellado

With thousands of available plugins, Ansible automates and orchestrates configuration management, application deployment as well as cloud, network, security and server infrastructure.

Beyond these typical scenarios, it can be a great abstraction layer to interface or glue different tools and systems together.

Given this wide range of use cases and the many ways they can all go wrong differently dozens or thousands of times a day, it would be interesting and useful to have detailed and granular metrics about individual playbooks, hosts and tasks.

We could spot improvements, regressions, spikes and bottlenecks in Grafana to make playbooks run better and faster.
If unexpected changes or failures happen, we could notify someone or something about it with Alertmanager.

In this talk we'll explain and show "why not" using an implementation that puts Ansible metrics in Prometheus using ARA Records Ansible.

At time of writing, it kind of works and puts many pieces of the puzzle together but doesn't quite use the right approach. It turns out putting historical metrics in Prometheus is not that simple.

We might just find out how to do it together if you are interested in the use case !

Ansible
B.3.039
15:55
50min
Quit Simplifying!
Florian Haas

DevOps is frequently understood as a framework to simplify complex things. This is bound to fail.

That is not DevOps' fault. Rather, this expectation is rooted in a fundamental misunderstanding about the nature of technology, business, and management. Simplification does not exist. What does exist are abstraction and automation, but since those never reduce the underlying complexity of a system, we cannot expect them to simplify anything.

Main
D.Aud
15:55
50min
Red Hat Ansible Automation Platform - What is it, what does it do??
Ton Kersten

The Ansible AAP, Ansible Automation Platform, is used by a lot of big companies. Although it is used a lot, large groups of people still have no idea what it is and what it does.

Ansible
B.1.017
15:55
50min
Strategies for Puppet code upgrade and refactoring
Alessandro Franceschi

Puppet is a mature tool and is not uncommon to find infrastructures with a quite aged code base which require both updates in the code to be compatible to newer Puppet versions and deeper refactoring to simplify the code logic or adapt it to newer business needs.
This presentation tackles this problem with practical and actionable suggestions, based on years of on field experience.

Puppet
B.2.015
16:45
16:45
50min
Ansible Execution Environment Best Practices & Automation
Niklas Werker

In this session, you'll learn best practices regarding planning, building and populating your customized Execution Environments. The presentation includes a demonstration of automated builds of Ansible Execution Environments and why you should automate it in the first place.

By attending this session you'll understand the benefits of using Ansible Execution Environments, how they help you to automate your automation dependency management, make Ansible portable and can help you with everyday challenges like release management, security and product lifecycles. This session is suitable for everyone, regardless of prior knowledge, as it explains the technical backgrounds on which the best practices are based upon.

The best practices are categorized by: * Execution Environment specific Best Practices * Ansible Best Practices * Container Best Practices * Security Best Practices

Ansible
B.1.017
16:45
50min
Dynamic Cost Modeling in the Cloud: Strategies for Optimal Cloud Management and Financial Success
Michiel Hamers, Twan Koot

We'll explore the ever-changing landscape of cloud costs and present adaptive techniques to model these costs effectively. Learn how to marry technical requirements with financial goals to achieve a balanced, optimized cloud environment.

B.Con
16:45
25min
Foreman Ansible
Nofar

As the intersection of infrastructure and configuration management gains paramount importance, our talk will delve into the seamless integration of Foreman and Ansible. Attendees will gain practical knowledge on leveraging this integration for efficient provisioning, robust configuration management, and extending automation capabilities.
The talk will include real-world use cases, demonstrations of best practices, and discussions on collaborative opportunities within the community. We aim to empower attendees with actionable insights and foster an environment of knowledge sharing.

Foreman
B.3.037
16:45
50min
GitOps with CUE
Tim Speetjens

Nobody ever wanted to become a YAML engineer, but let's face it: YAML isn't going to go away soon, so we better find a more pleasant way to deal with it.

In this presentation, you'll learn why CUE is an excellent tool to generate YAML. We will also cover one of many ways to configure your Kubernetes clusters the GitOps way.

B.3.036
16:45
50min
Mgmt Config: Lambdas Are Here
James (purpleidea)

Functional iteration with iter->map made possible by lambda functions

Mgmt is a real-time automation tool that is fast and safe.
Being a safe language, anonymous lambda functions as values are an essential form of iteration since we don't have for-loops.
It has been stalled because I was struggling with finishing the lambda implementation in the compiler.
Heroically, and with help from a brilliant friend, these are now complete and live in the repo!

We'll take you through a tour of all the plumbing that needed to be changed to support this.
We'll show lots of real-time demos to keep everyone entertained.
We'll demo some real things that we're starting to build.

A number of blog posts on the subject are available: https://purpleidea.com/tags/mgmtconfig/
Attendees are encouraged to read some before the talk if they want a preview!

D.Aud
16:45
25min
Observability? It's a Data Analytics Problem, You Fool!
Dotan Horovits @horovits

We all know logs, metrics and traces, the “three pillars of observability”. We’ve been told that by collecting them we’d gain observability into our systems, right? WRONG!

Observability is NOT logs+metrics+traces. You can diligently collect these signals and still find yourself without the required observability to detect and root-cause during a major outage or incident. Even expanding to four, six or more ''pillars'' doesn’t help. We need a paradigm shift. Observability is actually a data analytics problem.

In this inspiring and thought provoking talk, Horovits will introduce the data analytics approach, together with practical measures that will guide you in gaining real observability into your system and in getting the insights you need, when you need them. Horovits will also challenge the “holy pillar trinity” and look into additional observability data you may not have considered, and other conventions you've grown used to.

Observability
B.3.039
16:45
25min
Puppet server scaling and performance tuning
Martin Alfke

Puppet server needs enough resources to handle all agent requests in reasonable time.
In platforms with many systems, we usually see scaling by using a load balancer.
But prior scaling you want to do performance tuning first.

Puppet
B.2.015
17:10
17:10
25min
Creating Throwaway Supercomputers in the Cloud with Magic Castle
Kenneth Hoste

Magic Castle is an open-source software project that makes it easy to create your very own supercomputer on cloud resources (OpenStack, AWS, Azure, GCP, or OVH).

Using Terraform, cloud-init, and Puppet, it autonomously creates and configures a complete High Performance Computing (HPC) cluster infrastructure, including a login and management node, a set of worker nodes, the job scheduler (Slurm), a shared filesystem, a data transfer node, JupyterHub, and a shared software stack like EESSI that includes thousands of scientific software installations compiled by experts and distributed via CernVM-FS.
The cluster can be configured with autoscaling enabled, so that worker nodes are spun up on-demand when jobs are submitted, and are automatically destroyed again when the job queue is empty, which helps to reduce operation costs.

Magic Castle can be used by both experienced HPC system administrators and novices to create a dedicated HPC cluster in a matter of minutes for specific research or development projects, for training sessions, or just for fun.

In this talk you will learn how to deploy and configure your own virtual supercomputer on your preferred cloud provider, and how to get rid of it in a heartbeat when you no longer need it.

https://github.com/ComputeCanada/magic_castle

Main
B.3.039
17:10
25min
Secure your Delivery Chain
Matthias Dellweg

Public software collections like PyPi, RubyGems and Maven Central are a great source for lots of libraries in a certain language ecosystem. But in contrast to curated software distributions, they also allow indruders to jeopardize your software delivery pipelines at any point. We demonstrate how Pulp can help you create stable and reproducible build environments for your delivery chains.

Pulp
B.3.037
17:10
25min
Voxpupuli: Building Puppet containers on Github
Robert Waffen

Voxpupuli: Building Puppet containers on Github

Container
B.2.015
17:45
17:45
240min
Social Event
Everyone

Drinks across the street at the Zone (follow the crowd)

ALL
09:20
09:20
50min
We Fear Change
Coté

Changing how 10 people work is difficult, changing how 100 work is very difficult. And, barring Planck's principle, changing how 5,000 or more people work is, typically, impossible. When it comes to improving how large organizations build, release, and run software, scaling to thousands of people is the real challenge. If you're trying to move beyond your initial success at transforming how your organization builds and runs software, you've experienced this scaling challenge. Thankfully, most of the problems in this challenge are common challenges. Though you may feel cursed and alone, in our experience talking with hundreds of organizations, most of the problems are the same.

This talk will look at several of these common challenges and cover tactics to address them. Part of applying a tactic successfully is understanding why the challenge exists in the first place, which the talk starts with.

DevOps
D.Aud
10:10
10:10
50min
If Dev and Ops had a baby it would be called Winglang
Elad Ben-Israel

Building cloud systems today is way too hard! Developers are frustrated by very slow iterations and platform teams are struggling to keep up.

winglang is a new open-source "cloud oriented" programming language designed to address this pain from the ground up (pun intended). It combines cloud primitives and runtime code into a single language, and reimagines the boundaries between application and platform. It allows developers to stay in their creative flow by offering a standard library for the cloud and local simulation. But it also allows platform teams to codify security, compliance and deployment decisions through a centralized library.

In this talk Elad Ben-Israel, who created the AWS CDK, will talk about why he thinks the cloud needs a programming language and will write some winglang code on stage.

DevOps
D.Aud
11:15
11:40
11:40
50min
Non-Blocking Continuous Code Reviews - a case study
Thierry de Pauw

The problem with the current most common way of implementing code reviews using Pull Requests is that they have the nasty habit of blocking the flow of delivery.

The usual way to achieve fast Continuous Code Reviews without disrupting the flow of delivery is through Pair Programming or Team Programming. But not all teams or individuals are open to this for various good reasons.

In this session, I’ll explain how, in 2012, a novice team practising trunk-based development found an efficient uncommon way to implement continuous code reviews on mainline without ever blocking the flow of delivery.

D.Aud
12:30
12:30
5min
Assumptions are killing my deployments
Bryan Honof

When software is installed on your OS, plenty of assumptions are made. That you have an up-to-date kernel that software X is already installed that library Y exists somewhere on your system, and so on. But, of course, these assumptions don't translate well between systems, even of the same kind. So, how can we deal with this?

D.Aud
12:35
12:35
5min
Taming and Testing Your Cloud Infrastructure Locally, with Confidence
Anca Ghenade

Let’s tackle some of the common challenges faced by users working with Infrastructure as Code (IaC) in cloud environments. We can start by looking at the difficulties everyone encounters, such as managing the complex and constantly changing services, integrating IaC with existing systems, and ensuring everything stays secure and within budget.
For beginners, the journey is even tougher. They have to learn IaC basics, get skilled with tools like AWS CloudFormation, Terraform, Pulumi, or CDK, and understand how to apply best practices in their work. This includes figuring out how to spot and fix problems in their IaC scripts and how to shift existing setups to IaC.
A big part of our focus is on the importance of testing. Making sure that the infrastructure works well with every new update and passes all the tests in CI pipelines is crucial. This brings us to the question, “Wouldn’t it be great to have a tool that makes all this easier?”
This is where LocalStack, an open-source tool designed to address these very challenges, comes in. LocalStack lets users emulate specific cloud services in a container, providing a safe space to test and try out new things. We'll discuss how it works with different IaC tools and pinpoint the advantages of such a practice.
We’ll wrap up with a demo showing how to use LocalStack to deploy a project both on a real cloud provider, AWS, and locally, highlighting how LocalStack simplifies the IaC feedback loops, making it easier, more secure, and cost-effective.

Main
D.Aud
12:40
12:40
5min
How to benchmark (poorly)
Philipp Krenn

After getting a bit of a bad reputation ("benchmarketing") it looks like vendor benchmarks are in fashion again. Let's take a look at common mistakes and how to benchmark ... poorly. So you are more amused than mislead by them.

D.Aud
12:45
12:45
5min
Unstructuring your mind: Ansible vs. JSON
Felix Frank

Ansible has found its indisputable place in the operations and deployment tool chain. This happened despite the fact the rite of passage for any aspiring power user involves cursing the YAML language that powers Ansible. But YAML isn't the only skeleton in Ansible's closet. Ansible also has a rather complicated relationship with JSON and we need to talk about it.

Main
D.Aud
12:50
12:50
5min
Implementing Post Quantum Crypto for SaltStack
Justin Findlay

Since the beginning of the project, salt has used a custom cryptographic implementation based on RSA to encrypt messages between masters and minions over what is called the transport. I will present a new scheme that uses a standard implementation of mTLS. Although salt is supremely modular, the crypto backend was never made pluggable. The builtin crypto implementation is spread across several source files and is closely interconnected with both the ZeroMQ and TCP transports. Rather than insert a new crypto backend alongside the existing crypto implementation at each point across the several files, the new crypto backend uses a new, simpler design, mainly because mTLS can be used out of the box in contrast to custom RSA key management, trust on first use, static auth token seed (for reals), etc. Because of the close mixing of transport and crypto code, the opportunity was taken to introduce WebSockets as a new transport as well. Great, so what about post quantum crypto? Since the mTLS backend is not implemented in the source code, crypto algorithms and primitives, including those certified for PQC, FIPS, etc. can now be easily swapped in with no change to the user code.

D.Aud
14:00
14:00
50min
Ansible squeezed my Pulp
Stefan Joosten

Managing repositories in Pulp using Ansible, using the Pulp Squeezer
collection. A journey of a Pulp beginner setting up a Pulp server and
Pulp repositories with Ansible.

Pulp
B.3.037
14:00
50min
Automating Hybrid Clouds with Event-Driven Ansible
Ricardo Carrillo Cruz

The hybrid cloud has emerged as a dominant architecture in modern IT, blending on-premises infrastructure with public and private cloud services to create a versatile, scalable, and efficient environment for enterprises. However, managing and orchestrating resources across these diverse environments presents a complex challenge, particularly when it comes to maintaining consistency, ensuring security, and automating routine operations.

Ansible, known for its simplicity and ease of use in automation, plays a pivotal role in addressing these challenges. Its latest advancement, Event-Driven Ansible, opens new avenues for managing hybrid cloud environments more effectively. This innovative approach allows for real-time, responsive automation based on events occurring across the hybrid cloud infrastructure.

In this session, we will delve into the practical applications of Event-Driven Ansible in a hybrid cloud setting. We will explore how it can dynamically respond to events from various cloud services and on-premises resources, thereby streamlining operations in areas such as application deployment, security, disaster recovery and cost optimization.

Ansible
B.1.017
14:00
50min
Cloud Integration Testing Made Easy with LocalStack and Testcontainers
Anca Ghenade

Cloud integration tests are particularly challenging due to the high complexity of the interconnected services, dependency management, deployment and provisioning intricacies, and potentially high costs. So how can we bring the ease and speed of unit tests into these integration tests? Ideally, we’d like to use a local setup where we can quickly spin up and deploy our services in an emulated environment that’s as close as possible to the real deal. By simulating real-world scenarios and testing the integration of various parts of the system, these tests help us identify and resolve issues early in the development process. This is where Testcontainers and LocalStack work beautifully together to bring you the best of integration tests and cloud services on your machine. We’ll explore how we can enhance the testability of our applications that rely on AWS services and vastly increase the test coverage of our applications without any need for mocking or remote cloud sandbox accounts.

Container
B.3.036
14:00
50min
Code Meets IaC: How to write Pulumi and OpenTofu Providers
Daniel Bradley

Declarative IaC tools are amazing but wouldn't be useful without connecting to real systems. Take a dive into how Pulumi and OpenTofu providers are written and maintained with a core maintainer of Pulumi's provider ecosystem. Learn how to write your own providers or extend existing ones and get a little insight into the future of how IaC tools are integrated with real-world clouds.

Pulumi
D.Aud
14:00
50min
Hardening systems: from a benchmark guide to meaningful compliance
Nicolas CHARLES

New standards are constantly appearing and must be applied to a larger number of systems. Sometimes with very little time available from the law to the actual enforcement.
Applying standards on a clean state is in itself a difficult task. But when it’s on existing infrastructures, it gets very complex with potentially a lot of divergences to identify and exceptions to be made.
There are plenty of existing solutions. But they are often either one-size-fits-all, or they can audit but not remediate, or they cannot be consolidated over all the IT.
In this talk, I will present how we implemented a CIS Server benchmarks on an existing infrastructure using Rudder. It starts from the reference Excel Benchmarks from CIS to finish by the implementation of every control point, with default values and mixed audit and remediation mode. It concludes by showing how having a graphical interface makes the reporting to relevant stakeholders helpful.
This implementation involves a lot of YAML, some KCL to generate even more YAML, and unfortunately some bash scripts…

Security
B.2.015
14:00
50min
Let’s dive into Kubernetes operator creation
Horacio Gonzalez

Kubernetes Operators have emerged as a game-changing approach to simplify the deployment and management of complex applications within Kubernetes clusters. These operators leverage the power of Custom Resources and Controllers to automate tasks traditionally performed by human operators, thus streamlining the entire application lifecycle.

In this engaging and hands-on talk, we will demystify the process of creating a Kubernetes Operator. While the prospect of developing one may appear intimidating, the underlying concepts are surprisingly straightforward: define Custom Resource Definitions (CRDs) to model your application's key concepts, and craft Controllers, which are specialized pods responsible for monitoring and taking action on specific resources in the cluster.

But we're not stopping at theory! Writing an Operator doesn't have to be a dry affair. To make it more enjoyable, we've chosen an original use case filled with hand-drawn Gophers, and we'll livecode it right before your eyes to showcase its simplicity. Join us in this interactive session where we'll combine education and entertainment, making the journey of building your own Kubernetes Operator both informative and fun.

Using the Gopher REST API as a foundation, we will break down the essentials of Operator creation while adding a touch of creativity and humor. We will provide valuable insights into crafting a simple yet efficient Operator architecture capable of managing not only Kubernetes objects but also external resources. You will witness the code and the operator in action, gaining practical knowledge that empowers you to automate and enhance your application deployment and management within Kubernetes environments.

DevOps
B.Con
14:00
50min
The challenge of external data, enter Data
Martin Simons

Currently there are close to twenty configuration management systems here at Config Management Camp 2024 in Ghent .
The Configuration Items (CI) receiver their configuration information through either push or pull and then either are being configured by remote control or as an independent agent.

One of the challenges we face is the provisioning of external data, enter Data. Data serves any CI that is able to send, receive and process messages. There are, for now two types of messages Data is able to receive and process:
- Feeds triggering a response
- Service views

Data makes use of a PostgreSQL backend that has schema's accordingly:
- feeds
- context
- knowledge
Data stores and processes the information it receives from the CI feeds into the context schema
Data processes information from both schemas for use in the knowledge schema.
- The CI's in the landscape provide Data with facts or hard classes of itself in the feed message, which triggers a response by Data with a configuration view.
- Services views are specific requests to Data and trigger responses to the requestor concerning information about the landscape.
Configuring items in an IT landscape require, next to pure configuration details, information on a variety of levels. The information is related, among other things to:
- Organisation
- Domain
- Users
- The specific item itself
- Information about the environment, that relates to the purpose the item has within the IT landscape

The Data class architecture has convergence in mind. Convergence is the theoretical model in which CI's convergently work towards their desired state.

B.3.039
14:50
14:50
50min
Automating Internal Databases Operations at OVHcloud with Ansible
Julien Riou

OVHcloud, a worldwide cloud computing provider, offers numerous mission critical services that must stay up all the time. They rely on a common layer: databases.

Our role, as DBAs, is to ensure the databases are up and running, restorable, up-to-date and secured.

New databases can be requested every day. Vulnerabilities must be patched as soon as possible. Databases could be relocated. How about schema migrations? Major upgrades? User accesses? Periodic restores?

All those tasks are automated using Ansible.

This talk is a feedback on how we use Ansible and related software to perform day-to-day operations on the OVHcloud's internal databases infrastructure.

Ansible
B.1.017
14:50
50min
Bash shouldn't be bashed.
Marcel Kornegoor

Bash is cool. Bash is great. Bash is amazing. Bash is like superglue. Bash is fantastic. Bash is awesome.

-- a Bash fan

DevOps
D.Aud
14:50
50min
Creating Content for Ansible: What Is New and Ahead
Tim Appnel

Content is the lifeblood of automation. The more quality content you can generate that aligns with a broader automation project, the greater the benefits for you and your collaborators. Learn how Red Hat is investing in its Ansible automation development tools and user experience now and in the coming months and years.

Ansible
B.1.015
14:50
50min
Do you need Kubernetes to run your workloads?
Marko Bevc

There are many different ways to run your containerised workloads and probably the biggest challenge is how to run it with least effort, but still ensure you’re doing it right. What do we mean by that? It refers to following good industry and DevOps practices, having built-in security mechanisms, streamline pipeline delivery, using Infrastructure as Code configuration, easy adoption and low maintenance burden. In this talk we’ll focus on the Cloud managed services to run containers and how to use Open Source project like AWS Copilot CLI to abstract a lot of complexity away when using Cloud providers. Copilot CLI makes it easy for developers to build, release, and operate production ready containerized applications using different compute backends. I’ll cover some use cases and demonstrate how to get started, push to different environments to manage whole development lifecycle and set a well threaded path (a.k.a. internal development platform) for your teams.

Container
B.3.036
14:50
50min
Maintaining over 80 Ansible modules: 8 years later
Evgeni Golov

The Foreman community maintains a collection of over 80 Ansible modules for interaction with the Foreman API and the various plugin APIs. At cfgmgmtcamp 2020 we talked about the first four years of that journey, at cfgmgmtcamp 2023 we talked about the next three years and we fully intend to make this talk a regular thing at every camp!

Today we want to talk what happened in that one year, which promises we did (not) deliver and what challenges we had.
Including:

And of course we will also talk about what we think is next!

Foreman
B.3.037
14:50
50min
The Relevance of Data Mesh in Open Source Infrastructure Management
Walter Heck

In an era where data is the lifeblood of organizations, open source infrastructure management plays an important role in ensuring reliability and scalability. This session will explore the emerging concept of Data Mesh and its 4 main concepts: Domain ownership, Data as a product, Self-serve data platform and
Federated computational governance. I will discuss key concepts, open source tools, real-world use cases, and challenges associated with implementing Data Mesh principles in the realm of infrastructure management. By bridging the gap between Data Mesh innovation and practical infrastructure needs, this session aims to empower ConfigMgmtCamp attendees with valuable insights and actionable takeaways.

Main
B.3.039
14:50
50min
Unleashing Potential Across Teams: The Power of Infrastructure as Code
Alayshia Knighten

In the dynamic realm of modern infrastructure, challenges such as intricate security protocols and managing diverse environments are common across all technical teams. Infrastructure as Code (IaC) emerges as a transformative force, turning these challenges into opportunities for innovation.

For developers, SREs, platform engineers, and other technical professionals, this talk showcases how IaC brings unprecedented ease and agility to managing varied infrastructures. The session includes an engaging live demonstration highlighting IaC's adaptability in various scenarios. It explores its potential to unify and empower diverse technical teams.

Attendees from all technical backgrounds will discover practical strategies for implementing IaC in their projects, fostering an environment of collaboration and efficiency. This session is about reshaping coding and infrastructure management practices to enhance workflows and team dynamics across various roles. Join to see how 'Infrastructure as Code your way' can revolutionize approaches and boost productivity for many technical professions.

Pulumi
B.Con
14:50
50min
eBPF-based Security Observability & Runtime Enforcement with Cilium Tetragon
Raphaël Pinson

eBPF is used in several cloud native security tools. In this talk we’ll dive into demos and code to explore how eBPF can be used for the next generation of security enforcement tooling. This talk will cover:
- Why enforcing NetworkPolicy with eBPF has been in place for years, but preventive security for applications has taken longer.
- How Phantom attacks can compromise the use of basic system call hooks.
- How other eBPF attachment points, such as BPF LSM, can be used for preventive security.

Security
B.2.015
15:55
15:55
50min
Automating Compliance for Cloud Image Building
Kendall Moore

There are too many possibilities for base images in cloud environments and not enough time to validate which ones fulfill all of my requirements. Worse yet, I know that I have policies set by my security team that my infrastructure will be beholden to. So now what? I built an open source policy engine and image generator to implement directly into my build pipelines. I can start with any base image, apply my security policies that are verified by my security team, and now have a baseline that I can rapidly scale my infrastructure from.

B.2.015
15:55
50min
Cost reconciliation in a post CMDB world
Bram Vogelaar

Back in the day in a IT company long ago, where the BOFHs roamed and the ITIL was strong. We used to keep long lists of CIs that used to enviably and hopelessly out of date. Because we either didnt care, know or bother keeping up to date. That was totally fine in a relatively static environment the IT company of long ago. We would have our yearly inventory day and forget about it again.

Of course we all use some form of infrastructure as code right now. Some of us might go as far that "if it isn't in code it doesnt exist", but can we truly say that whatever is in the OpenTofu state really is the only thing running? What about that recurring 1$ in that dormant AWS account, where is that coming from? How about the playground projects the CEO likes to play around with in his sparetime? or that one time the opentofu destroy didnt exit cleanly and some resources weren't cleaned during that timeout, did we really manually cleanup all resources?

D.Aud
15:55
50min
From application code to deployment: Automated building, Gitops and beyond.
Michael Trip

From application code to deployment: Automated building, Gitops and beyond. From a customer question to a fully working solution. With Gitlab, ArgoCD and Kubernetes.

DevOps
B.3.036
15:55
50min
Generating Ansible modules for REST APIs without AI
Evgeni Golov, Matthias Dellweg

Writing Ansible modules is a tedious job.
Especially if all you do is to copy over the models from your app.
Especially if you want to have a module for each model, and you have hundreds of them.

Assuming the API has an API definition with OpenAPI/Swagger or Apipie, we can use the data provided by those tools to generate Ansible modules without much effort.

We'll be looking at tools like ansible.content_builder and apinsible for generating the modules, but also at general best practices how to organize a collection of modules to ensure new modules are easy to add and maintain.

Ansible
B.1.017
15:55
50min
Mastering Ansible Playbooks: Best Practices and Tools
Nejc Slabe, Jure Medvesek

Ansible playbooks are the heart of Ansible automation. They allow you to describe the desired state of your infrastructure and Ansible will take care of making it happen. But writing good playbooks takes practice.

In this session, we'll cover the best practices for writing Ansible playbooks that are clear, concise, and effective. You'll learn how to:

  • organize your playbooks into roles and tasks;
  • use variables and conditionals to make your playbooks more flexible;
  • handle errors gracefully;
  • test your playbooks thoroughly;
  • use tools to shape up your playbooks in seconds.

By the end of this session, you'll have the skills you need to write Ansible playbooks that will help you automate your infrastructure efficiently and reliably.

Ansible
B.1.015
15:55
50min
Unlocking Katello’s Deeper Potential
Ian Ballou

Many systems administrators use Katello to cache content locally in their datacenters and keep their machines patched. What these users might not know is that Katello has other features that could make their lives even easier. In this presentation, I will take a dive into features like Katello’s container registry, alternate content sources, import/export for disconnected environments, and advanced content view usage.

Katello
B.3.037
15:55
50min
Using NixOS to generate all kinds of images
Bryan Honof

Have you ever wondered if it'd be possible to generate different kinds of images with only one expression? One expression to generate a VM, Docker container, static binary, and more. Sounds good, right?

Nix
B.Con
16:45
16:45
25min
Fixing Salt's atomic file access problem
Joe Groocock

Explore how Salt's approach to file management has room for improvement with learnings from a real-world at-scale production environment. You'll learn how to solve these problems "the SRE way", and see how well they work, until they don't. We'll discuss alternative solutions as provided by Salt as well as alternative solutions that can really scale.

Salt
B.2.015
16:45
50min
Fun with downstream pipelines and artifacts in GitLab CI
Jan Bundesmann

This talk will present some insights into how to combine pipelines from different projects in GitLab CI.
The goals are

  • to allow single pipelines to run individually and
  • to pass parameters between different pipelines

However, it's not as simple as that, as our second requirement, passing parameters, can easily break the first.

DevOps
B.3.036
16:45
50min
Implementing configuration management primitives in 2024
Alexis Mousset

Configuration management primitives appear like a solved topic now, and current major solutions have converged to pretty similar choices 10+ years ago. However new needs are becoming more prominent, like observability, auditing and self-auditing abilities, in a context of growing attention for security topics. Could we benefit from reconsidering some of these design choices now to better address them?
In this talk, we will navigate through the solution space of configuration management low-level implementations (resource/promise/etc.), and explore what we can modify to provide new promising features. It will also cover implementation and programming language choices, from C to Python, Ruby, and Rust, and how these choices participate in shaping our tools strengths and weaknesses. It will feature some examples from ongoing work in Rudder, as well as other projects (mgmt, Jet, etc.)

Main
D.Aud
16:45
50min
Integrating Uyuni in Ansible and EDA
Christian Stankowic

Uyuni is a popular system management tool - it not only offers patch management, but also configuration management as it integrates SaltStack. Anyhow, the majority of users these days prefer Ansible. This talk explains and demonstrates an Ansible collection that integrates Uyuni into Ansible and Event-driven Ansible.

Ansible
B.1.017
16:45
50min
Make Containers Small Again!
Bo Maryniuk

Your containers do not have to be untrusted or huge, memorized how to run them, but can be managed with much simpler orchestration.

Container
B.Con
16:45
25min
Resource Management with the Foreman Resource Quota Plugin
Bastian Schmidt

When multiple users share a common infrastructure, there is a concern that certain users might exceed their fair share of resources. Resource quotas serve as a tool for administrators to mitigate this concern by limiting access to shared resources, ensuring fair collaboration.

The new Foreman Resource Quota plugin introduces such resource management capabilities to the Foreman. This talk presents the new plugin, outlines its features, and gives a live demonstration.

Foreman
B.3.037
16:45
50min
We're Millennials, we're system engineers, we work on Mainframe and we use Python
Arthur Coucke

We're Millennials, we're system engineers, we work on Mainframe and we use Python.

Mainframe is often seen as the 'other side', the 'old side', the one that will be decommissioned. I work at a Belgian Company with several other Millennials on Mainframe. Why do young people choose Mainframe out of all other possibilities?

I want you to show you hands-on what being a Mainframe System Engineer is by explaining some concepts. Showing the traditional interface to Mainframe but also some open source interfaces such as the Zowe CLI, Zowe Desktop and VS Code integration. Explain about datasets, jobs and USS, the Unix port built in into our Mainframe operating system called 'z/OS'. USS enables us to run open source software on the worlds first real (;-)) computer.

Main
B.1.015
17:10
17:10
25min
Mastering Server Management with Foreman
Leos Stejskal

Join us for an introduction session dedicated to exploring Foreman's capabilities in managing Linux servers.

Foreman
B.3.037
17:35
17:35
25min
An opinionated-and-certainly-not-comprehensive overview of K8s-Operation-Tools
Bernhard Hopfenmüller

A talk about K8s tools, that make life easier.
Especially to target K8s beginners, but also to collect feedback from more advanced K8s users.

B.3.036
17:35
25min
Efficient Container Image Management with Pulp and Pull-Through Caching
Lubos Mjachky

To manage the costs of pulling images from remote sources (like DockerHub), one may decide to use caching. The caching allows administrators to store frequently accessed images locally. This talk offers practical insights into employing Pulp to cache and proxy container images from remote registries. As a result, this improves reliability and redundancy, enhances offline deployments, and helps to overcome common challenges with further management.

Container
B.3.037
17:35
25min
Overcoming technical debt in config management to move to heterogeneous architecture
Dave Neary

We are increasingly seeing Arm64 instances in the cloud and on the developer workstation, and there are some benefits to integrating some Arm infrastructure for applications rather than staying x86-only in the cloud. But the actual practice of adding another architecture can lead to a lot of unwinding of invisible technical debt - platform assumptions made in shell scripts, package naming conventions in config scripts, and more. This presentation will take a real-life example, and walk through the little hiccups encoutered when moving from x86-only to x86 and Arm64 heterogeneous Kubernetes clusters, with a goal of helping others follow in these footsteps with a less steep learning curve. We will also look at how common config management tools can make the migration easier.

DevOps
D.Aud
17:35
25min
The incredible machine: when automation backfires
Matteo Valentini

Ever wanted to apply CI/CD principles and run tests for every change?
But it is too complex to set up the test environment, and launch the tests with all the updated parameters, solution? Automation!
Release your software implies a countless number of complicated steps, what solution? Automation!
So automation sometimes seems to be the solution, you automate some complex procedure and call the day.

But automation of a process sometimes can only hide the real problem and only delay the moment when you have to address the technical debt, and sometimes the automation can even also act as an amplifier of the technical debt.

Based on my experience matured on the field, this talk will show the hidden traps of automation, the drawbacks, and the lessons learned.

B.Con
17:35
25min
Where does your Ansible code come from?
Fabio Alessandro "Fale" Locati

Ansible code often gets executed with a very high level of access to ensure it can perform all the necessary actions to complete its task. This high level of access creates the risk of attacks leveraging the automation code as an attack vector.
It is possible to use cryptographic signatures to prevent the risk of executing code that has not been properly vetted.
In this talk, we will see how it is possible to integrate cryptographical assurances into Ansible, and we will delve into some implementation decisions and suggestions to ensure that the result completely satisfies the requirements.

Ansible
B.1.017
09:55
09:55
480min
Puppet Community Day
Ben Ford

Puppet's Community Day is a space for community and contributors to engage directly with each other and collaboratively learn and make some magic. Do you have a burgeoning project you want to workshop and get feedback and ideas on? Do you want get the first glimpses at changes coming to the Puppet platform? Or maybe you'd just like to help shape the next year of the Puppet community.

Puppet
B.3.036
10:00
10:00
480min
Ansible Collab - Ghent (Ansible Contributor Summit 2024.02)
Carol Chen

Ansible Collab - Ghent is a full day working session especially for community users and contributors to interact with one another, as well as with Ansible development + community teams. We will discuss important issues affecting the Ansible community to help shape the future of Ansible, with a focus on improving collaboration with our contributors.

Ansible
B.1.017
10:00
240min
Explore the World of Cilium, Tetragon & eBPF
Raphaël Pinson

Come explore the World of Cilium with us!

In this workshop, you'll have the opportunity to discover about Cilium and Tetragon, and the kernel technology that makes them possible, eBPF.

Through a collection of hands-on labs (available at https://labs-map.isovalent.com/) and the presenter's support, you'll be able to explore many topics covering Cloud Native Networking, Security, and Observability. In this gamified approach, you'll also be able to earn badges for completing labs.

Whether you're a Platform Engineer, SRE, Network Engineer, SecOps Professional, Cloud Architect, and more, you'll certainly find subjects to explore in this session!

Workshop
B.1.015
10:00
240min
Foreman Beginner Workshop
Dirk Götz

As part of the Foreman fringe event we want to provide a workshop for users new to Foreman at all or the content management provided by Katello.

Foreman
B.3.037
10:00
240min
Hands-on with Backstage on Azure: From App Service to Azure DevOps
Engin Diri

Backstage, an open-source Internal Developer Portal and part of the Cloud Native Computing Foundation (CNCF) project landscape like Kubernetes, is on the way to be the one-stop shop for all the technical and operational information of an organization. In this hands-on session, I will show you what Backstage is and how to deploy Backstage on Azure using Azure App Service and configure it to scaffold new projects using Azure DevOps. Everything will be done using Pulumi as our Infrastructure as Code (IaC) tool of choice, so you will be able to reproduce the setup in your own environment.

Pulumi
B.3.039
10:00
480min
Mgmt Hacking Day
James (purpleidea)

The main author of https://github.com/purpleidea/mgmt/ will be around to hack on mgmt and you can help us get it closer to 1.0 =D

MgmtConfig
B.2.011
10:00
240min
Revamping Host creation form: Let's fix stuff together!
Maria Svirikova

Join us for a hands-on session where we'll dive into Foreman's UI and pinpoint the highs and lows of creating hosts.

We're all about actionable feedback!
Be ready to share your horror stories but also your successful workarounds. Together we will try to come up with the solutions to the described problems. Part of the session will be also an overview of the UX proposed design and its critique.
Let's make our product even more user-friendly.

WARNING: collaborative, interactive session
To enjoy this session fully, you should be a Foreman user.

Foreman
B.4.042
10:00
240min
Workshop: Getting started with Flatcar
Mathieu Tortuyaux, Kai Lüke

Flatcar is a free and open-source operating system designed for easy automation and to securely run containers. In this tutorial, Kai and Mathieu will be your guides to get you to know the specifics of the OS and acquire the basis to become autonomous in the OS operation.

DevOps
B.4.029
14:00
14:00
240min
Pulumi Community Room
Ringo De Smet

Have a dedicated room for Pulumi content.

Pulumi
B.3.039