CfgMgmtCamp 2025 Ghent

Breakfast and Coffee & Tea - Day 1

Opening Day 1

Why is it that we're so good at building things that work, as long as nobody asks what "it works" means? Why is it that we're so good at shipping changes to production, as long as nobody asks what counts as "a change"? Together we'll go on a journey, touring the space of where humans meet configuration as code with a blend of stories, visions, laments, and insights.

In this talk, OpenTofu cofounder Sebastian Stadil will provide an update on the project, as well as share popular tricks and tips when migrating to, or using at scale, OpenTofu!

You may or may not remember Steve Ballmer's famous "developers, developers, developers" cheer from the late 90's, but Microsoft has known something for a very long time that some OSS companies might learn from. When a tool or product exists in order to run third-party content -- that third-party content is the real value of your tool because without that content, there's no reason to buy the product.

Commercially supported open source projects often lose track of this real value. And all too often, they learn that hard fact after community-hostile decisions decimate their ecosystem. SaltStack learned this the hard way, so did Hashi, Chef, and others.

I'd like to talk about the idea that the ecosystem is the product and the thing that you build and sell only exists to support it. It's a subtle but important shift in mindset that I think helps keep focus on what's really important, and I'm using it to help direct the projects that I'm working on now.

An intro to some of the AI assistance opportunities available to the discerning ops persona, and how they score for some common tasks; Do they make things simpler or harder ?

Buckle up for a wild chase through the nuances of GitLab.
I’ll share all the practical insights, lesser-known tips, and small wins I've stumbled upon over the last few years.
We’ll cover Identity and Access Management, GitLab's User Interface and, of course, Pipelines, a.k.a.

• Who gets the keys?
• There's a lot of buttons!
• GitLabs biggest rabbit hole: CI

Whether you’re a seasoned GitLab user or just starting out, this talk promises actionable insights and time-saving techniques to enhance your GitLab experience within only 5 minutes.

Let's go over what Chef has on the plate!

You’ve heard about emacs vs vim , or maybe vscode vs jetbrains, I’m here to tell you there’s a text editor that is on every POSIX machine none of us know. ed, and in this ignite talk I’ll tell you everything you need to know to use it.

In this session we will explore the difference between single vs parallel queues as operational models for a salt master's MWorker pool. You can take from this discussion one more argument in favor of a single queue model (at least when humans are not involved), which yields a clear performance increase. We will also cover some jinja caching additions and how to disable an unneeded pillar render.

As one of the big events on the Ansible Community calendar, CfgMgmtCamp is an opportunity to get together and review how we're doing as a community.

This talk is aimed at anyone with an interest in Ansible, as all voices are welcome in the discussion of how to shape the community in the coming year.

This presentation covers automating AWS services with Ansible, focusing on key modules and recommended practices for managing resources like EC2 and S3. It highlights recent updates and invites community collaboration. Come join us and see how Ansible can make AWS automation easy and reliable!

Over the past year, Foreman has seen significant updates that enhance its flexibility, performance, and support for modern infrastructure needs. In this session, we’ll walk through the key changes and new features, including enhancements in host provisioning, Secure Boot support, the integration of GitHub Actions (GHA) into Foreman, and expanded IPv6 capabilities, which is currently in the refinement stage. We will also cover the upgrade from PatternFly 4 to PatternFly 5, the Ruby 3 upgrade, and the Rails 7 upgrade. Additionally, we will highlight the Foreman Birthday event, the introduction of popular use-case demos, and improvements to the documentation and the docs team. This talk will provide insights into how these updates improve Foreman’s functionality and address evolving user needs, helping administrators manage their environments with greater ease and security.

Most DevOps/Agile people have never heard about Software Configuration Management (SCM). Those who have consider SCM to be either a bureaucratic obstacle or a superfluous task. After all isn't DevOps/Agile a complete development method and it doesn't (explicitly) mention SCM.

That couldn't be more mistaken. All projects need to apply SCM concepts and principles to avoid that a certain amount of chaos reigns. Outside the software world it has long since been common practise to use configuration management. For many aspects software projects are no different from non-software projects.

In this presentation, I would like to take things to the extreme and put forward my view on what, when and how to introduce SCM in a young, agile start-up. Just about the most informal, light-weight and fast-paced setup one could imagine.

Even if your company is not a young, agile start-up maybe your needs (the what) and your priorities (the when) could/should be the same, though the implementation (the how) will probably differ.

To understand the inner workings of Kubernetes and to prepare for the K8s certification exams, I decided to create a K8s cluster from scratch, the hard way, on premises (“de meterkast”) on virtual machines all using Alpine Linux. This talk is how I tried to do it, how I succeeded, failed and added a CEPH cluster and ETCD cluster along the way. It includes a lot of technical details, but if there is one thing that you should learn during this talk, it’s not about K8s at all: Containers are not VMs!

In this talk well discuss what's happened in the open source product releases from Puppet to developer tools recently and what direction we're thinking.. did anyone say Puppet 9?

We will also look at an overview of the state of community and where we think we can focus working better together.

The Dockerfile is widely used to create container images, but it's fraught with problems like a lack of reproducibility, gaps in security, and sub-optimal dependency management. These problems lead to large image sizes, unpredictable build processes, and a lot of management challenges.

In this talk we will address these problems and show how Flox can change the standard way we build container images to make it more secure and simpler.

Through practical examples we will look at how companies use Flox to empower their developers to create efficient, reliable, and secure container images. And why stop there, when Flox provides a way to improve your whole SDLC!

This presentation will be useful for both advanced container users and new ones, since at Flox we focus heavily on providing the best DX while not compromising security

We’ve been working with the same automation primitives since the beginning - scripts that define our infrastructure, our configuration, and that glue everything together. In this talk we break down why we think the future of how you design automation will instead be based on a hypergraph of functions. Using real examples from System Initiative, we will show you what it’s like to build automation this way today, and get you thinking about what it’s possible to do together in the future.

It's been a year since we last met on CfgMgmtCamp.
In this talk we want to take a short tour to outline the most important user visible changes.
To this end we want to highlight specifically our revamped Website where all documentation for the project are now united.
Also we are proud to finally present a GUI.

When it comes into infrastructure deployment, Terraform/OpenTofu has become a go-to tool for many engineers. A variety of providers enables the usage of a broad range of hyperscalers and applications. Even though most integrations might already be available by now, there are still some missing spots in the landscape.

With some Golang basics and the Terraform SDK, you can craft a provider Minimum Viable Product in a couple of hours - let a me (a lousy developer) show you how!

With each generation of Puppet, we have worked hard to improve upon it and increase its ease of use, however with this comes the unfortunate need to upgrade and change and Puppet 7 to Puppet 8 has shown to be a particularly challenging one, so let's talk about how we can make it easier.

We will discuss the state of multiple host management aspects in IPv6 world

Pulp is an open source project that makes it easy for developers to fetch, upload, and distribute Software Packages on-prem or in the cloud. In this session I will share what my team has learned while operating Pulp over the last 2 years. I will also discuss what changes we want to make in Pulp 4 as a result of this experience.

Introduction to Ansible development tools (ADT) and why is it required?
What is included in ADT?
Enhanced capabilities of Ansible VS Code extension
Working with Ansible development container
Scaffolding with Ansible plugins for Red Hat Developer Hub (RHDH)

Testing Puppet code can be a hassle, but voxbox is here to save the day!

As we all know, infrastructure automation has evolved beyond simple scripting, yet many organizations still rely on copying and pasting tasks from online sources into Ansible playbooks. While it seems expedient and "works on my machine", this approach introduces technical debt, reduces maintainability, and increases security risks. This session will demonstrate how Ansible Development Tools provide an intuitive and integrated experience for authoring automation content as an alternative to ad-hoc practices with disconnected tooling.

During this talk, we'll take a look at tools like the VSCode extension, ansible-creator, ansible-lint, and navigator, as well as Ansible development environments. We'll examine how automation developers can seamlessly author reliable, idempotent playbooks that are tested, validated, and documented. We'll also show how to use the same tools and practices to generate, test, and build Ansible collections to distribute and share your automation content.

By embracing Ansible development tools, organizations can avoid playbooks that increase the risk of deployment failure and move towards robust automation content that has predictable results, scales reliably across environments, and gives teams confidence to rapidly iterate and roll out improvements in production environments.

It is very common now for developers to code and test their applications on VMs, either locally hosted or on the cloud. As individuals have editor preferences (nvim, vscode, etc), so they have hypervisor. Once you create a bolt inventory file listing the server or servers, then bolt can easily configure those servers using custom puppet code. Instead of manually creating the bolt inventory, it is easy to create a dynamic inventory plugin--if it doesn't already exist--to suit your particular use case. This talk illustrates how we setup our own local dynamic inventory plugins to help with our automated development and testing.

Foreman is a large application and getting it our users reliably requires effort. During this talk we'll go through how software gets from developers to users by using exciting things like processes and procedures.

Getting to multi mllion cores of managed infrastructure, with no drama. Stories from the trenches of how Red Hat scales our managed OpenShift services in hybrid cloud with Automation and Config Management. And Automation that manages Automation. And automation that manages automation that manages automation.

How to setup a Puppet Environment which manages more than 100k nodes?
What kind of requirements or limitations do we have to take care about?
How to support all internal tenants and projects?
How to roll out global changes?

This talk will provide insights in high volume Puppet setup and why we need a fully automated base infrastructure and how we can achieve this

What's new and what's todo.
We will show what has happened regarding APT content-management in Katello, e.g. 'Structured APT'.
And give an outlook on what will be done next, e.g. Errata for Debian/Ubuntu.

We show how the CUE registry allows reproducible sharing of configuration and how this registry serves as a platform for unified configuration management.

Nix offers an alternative to the well-known container-based deployment flow, and can offer several benefits compared to those container-based deployments.
However, it's not immediately obvious how you would use nix to deploy services on machines running Linux distributions other than the nix-native NixOS.
To address this, we developed a tool called system-manager, which allows you to manage certain aspects of the system configuration of a Linux system using nix, while leaving others to be managed using the usual tools of the underlying distribution.

The module system is a powerful Nix DSL for writing high-level abstractions. In this talk, I'll give you an introduction to the module system, showcasing its wide range of use cases: Starting from simple development shells, over dotfile and system management, all the way to multi-host abstractions.

Foreman AMA

Description: Most of us remember how long it took for Puppet to get Debian 12 packages. The build pipeline was long and complex and used a lot of internal tooling that had to be updated manually.
In current news though, the new OpenVox build pipeline has been totally revamped and simplified and adding support for RHEL 10 took about 10 minutes. Most of that was spent waiting for the build to complete. Nick would like to explain how it works and what we still have left to do.

In this talk, I’ll share how we built a custom workflow to harness Terragrunt’s run-all feature in Atlantis, allowing us to run Terraform across multiple, interdependent stacks in parallel. I’ll walk you through the challenges we faced, the bugs we tackled, and the lessons we learned so you don’t have to reinvent the wheel. Our setup relies on Terraform and GitLab, but it’s easy to adapt for OpenTofu or other version control and CI/CD tools. If you’re looking to streamline Terragrunt-based infrastructure workflows without the headaches, this talk is for you!

Knowledge of terraform or tofu is required. You must have an idea of what terragrunt run-all is and what is used for. Knowledge of Atlantis is not required.

Katello adds a suite of content management tools to Foreman. Content distribution & mirroring, patching, lifecycle management, and access management are all included. In this presentation, I will give an introduction to Katello and demonstrate new features that have come out recently.

During this talk, I will walk you through the process of deploying NixOS on the nodes of a Turing Pi cluster board. More specifically, we will deploy NixOS with a single command.

This talk show how you can use Ansible and Icinga to manage your infrastructure, having event driven and request driven infrastructure.
This setup allows you to use Ansible and Request Tracker to drive new hardware adoption and automate internal requests for resources.
In the same way Ansible and Icinga are used to auto remediate know incidents as to reduce human interventions and reduce the on-call support.

Secure Boot is part of UEFI, which uses cryptographic mechanisms to ensure the authenticity of the software loaded and executed by the firmware.

Foreman will support provisioning of Secure Boot enabled hosts for any supported Linux operating system in near future. In our presentation we want to give an insight into how Secure Boot works in general, which changes were necessary in Foreman to support Secure Boot for all operating systems, and how provisioning of a Secure Boot enabled host actually works.

Monitoring Kubernetes doesn’t have to be complicated. In this talk, I’ll introduce a new module we’re developing for Icinga, currently in beta, that simplifies Kubernetes monitoring in the same way Icinga has for traditional infrastructure. We’ll explore how this module makes it easier to monitor your clusters’ health and performance, allowing you to identify issues early. Whether you’re new to Kubernetes or managing large-scale clusters, this session will provide a preview of what’s to come and how it can streamline your monitoring processes. Feedback and insights are welcome as we refine the tool.

The Puppet Report Processor is a component in Open Source Puppet that collects data about nodes during Puppet runs and processes the information into reports. Puppet can send this data to dashboards, but sometimes, customized handling of this data is needed. Writing a custom report processor allows you to tailor reports for specific use cases, such as logging specific metrics, integrating with other monitoring tools, or alerting based on custom-defined conditions. Custom processors enable deeper, more targeted insights into your infrastructure.

Uyuni is a configuration & infrastructure management tool that saves time, costs and headaches when managing and updating tens, hundreds or even thousands of machines.

With automated patch and package management, it enables the deployment of patches and packages based on software channels and repositories that can be assigned.

Uyuni makes it easier to onboard and manage any Linux server connected to the network, from IoT edge devices to Kubernetes environment, no matter where it is located (private or 3rd party data center or in the public cloud).

Uyuni is a single tool for automated deployment of hardened OS templates (bare metal/VM/container) to tens of thousands of servers and IoT devices for faster, consistent and repeatable provisioning and configuration without compromising speed or security.

The CVE audit feature allows to check the status of public security patches and with OpenSCAP it's also possible to check for specification compliance and apply remediation right from Uyuni.

Managing secrets in Kubernetes can be a complex and overwhelming process, especially with the wide range of available options. This talk, designed for intermediate users, aims to demystify the process by providing a practical roadmap drawn from my own journey. I will explore common challenges and share insights from transitioning through various approaches, from Kubernetes' built-in secrets to external tools like Sealed Secrets, CSI Secrets Store, and External Secrets. Through real-world examples and lessons learned, attendees will leave with actionable strategies to manage secrets more securely and efficiently in their Kubernetes environments, while contributing to stronger community practices and more resilient applications.

A real life view into how an enterprise company uses Choria for orchestration and what we had to build around it. This talk gives the basics of Choria along with infrastructure considerations such as running only from Jenkins and code considerations including control repo organization, org specific stdlib and interacting with other teams.

Declarative systems work better when they encompass more of their domain.
Nix is a general configuration language with the power to bridge multiple domains.
This talk will focus briefly on a couple of projects to explore how Nix can be used, and lays out a vision for functional DevOps, to provide a unified experience for
- build: a brief analysis of the Nix architecture
- operating system configuration: principles behind NixOS
- process managers: Nix processmgmt and Nix RFC 163 services
- continuous integration: Hercules CI
- deployment of distributed systems: NixOps4

Why would you want to develop Ansible in a container or a cloud? How could this help your development workflow or interaction with your team?

This session aims to navigate through the concept of an Ansible Development Environment, exploring what it entails and how to effectively manage and distribute these environments, whether locally, across teams, or within cloud infrastructure.

We will cover:
- Introduction to Ansible Development Environments
- Key Technologies and Tools
- For instance: Dev Containers, DevPod, Eclipse Che or Coder
- Best Practices for Managing and Distributing Development Environments
- Motivation and Use Cases
- Live Demos
- Problem-Solution Mapping: What tool fits certain use cases?

Managing compliance in infrastructure as code environments is essential but can be daunting. Enter compliance_engine, a new open-source Ruby gem designed to streamline the mapping of compliance standards to Puppet code. Building on the foundation of SIMP's compliance_markup, this reimagined backend prioritizes performance, flexibility, and maintainability.

In this session, we’ll explore the evolution from compliance_markup to compliance_engine, highlighting the architectural improvements that make it faster and easier to use. We’ll dive into real-world examples, demonstrating how the gem simplifies the enforcement of compliance policies, reduces complexity, and supports emerging standards. Attendees will gain insights into the challenges of implementing compliance as code and learn how compliance_engine can transform their approach to regulatory compliance in Puppet environments.

Kubernetes is the most popular container orchestration platform out there, and for anyone who wants to do GitOps on Kubernetes, ArgoCD is a leading open source project in this space. This presentation will walk you through the management of multi-architecture applications for Kubernetes with ArgoCD.

What is new in HDM Release 3?

Born of a real world requirement from an EDA customer, this session details how you can use Python and Boto3 to modify the kernel command line parameters on first boot of an EC2 instance. This is something that according to conventional wisdom "cannot be done", and is only possible on the second boot. Yet on in a large compute environment, every second of billable runtime matters, both to keep costs down, and improve overall runtimes. With a little inventiveness and a little open source magic, is actually entirely possible to achieve this efficiency, and in this session I will show you how.

Join me for a chat on how we prepare trainees for roles in tech in our organisation in a fun and engaging way.
I'll share how we structure our three year traineeship program, taking our new colleagues from total beginners to competent professionals!

Whether you're someone who is training, or getting trained - let's think about shaping the next generation of industry professionals. We'll explore training plans, learning tips, and teamwork strategies together. Don't miss how we help trainees step smoothly into their future roles as developers and system administrators.

Join me for a brief, laid-back discussion on building a future where our trainees shine in their tech careers.

As organizations increasingly adopt containerization, Kubernetes has become the de facto standard for orchestrating clusters. However, for many teams, the complexity and overhead of managing a Kubernetes cluster can be daunting. In this talk, we'll explore an alternative approach to container orchestration that leverages Ansible's automation capabilities and Podman's container manager.
We'll discuss how to use Ansible to define and manage containerized applications and services. We'll also dive into the world of Podman, a powerful, lightweight alternative to Docker that provides an easier and more secure way to run containers.

Katello provides patching, lifecycle management, and more to Foreman. While most users use Katello to keep EL and Debian machines up to date, did you know that it also has a container registry? Come to this presentation to learn how to use the container registry and what features are coming in the near future.

Overview of possibilities to assign classes to nodes

Configuration management is nothing new for Michael Stahnke. In this ignite talk, he’ll be looking at Nix, the functional package manager (and a bit of NixOS) from a foundational point of view and contrasting it from the theory and foundations coming from Puppet (with a few other tool comparisons thrown in).

While configuration management’s role in delivering applications has changed over the years, the time is ripe to take what we’ve learned in the last 15 years - through containers, cloud native architectures and massively distributed systems - and develop a continually evolving approach.

This will have some humor, some information, and some ideas about where we could head in the configuration management space given our cumulative knowledge.

As nftables becomes the standard for Linux packet filtering, we can efficiently automate Linux firewalls across multiple protocol layers. This session introduces a Rust-based SDK for nftables automation, covering programmatic options, practical applications, and insights from real-world implementations. Attendees will learn about nftables’ capabilities, common challenges in automation, and how lessons from Rust can apply across other languages and automation frameworks.

Breakfast and Coffee & Tea - Day 1

Opening Day 2

Troubleshooting can be one of the most difficult aspects of software operations.

There are several reasons for this. One is that our views of the systems we run are often mediated through limited forms of observability. At their best, such tools tend to show us only state, not how systems got into a state.

Another problem is that issues can be intermittent, and difficult to reproduce. Many of the most challenging issues involve systems that are not broken, merely slow or consuming excessive resources.

There is uncertainty, and, often, there is a lot of pressure to get things resolved quickly. Much of the time, we don't really understand the system end-to-end when we begin an investigation.

So how do we do this work? This talk will dive into what we know about how the best troubleshooters succeed at their work, combining what we know from cognitive science research on 'cognition in the wild' in a variety of domains with my own research on troubleshooting activities in software.

Drawing on principles from Lean thinking, value stream mapping, and Team Topologies, this talk explores how to change the way we design and build Infrastructure as Code to accelerate development rather than create bottlenecks.

How did I end up here?..
I don't know really, but we can look back at what happened together, the chances I got, and how I navigated them.

ARA (ARA Records Ansible) is an Ansible development tool that makes it much easier to understand, troubleshoot and debug Ansible content during development process. This tool can also help you to collaborate with your team members on Ansible content development.

This talk will cover the following topics:

• What is ARA and how it works
• How to set up ARA in your environment
• How to use ARA to understand, troubleshoot and debug Ansible content
• How to use ARA to collaborate with your team members on Ansible content development
• How to integrate ARA into your CI/CD pipeline
• How to use ARA to track changes in your Ansible content

This talk is designed for Ansible content developers of all levels. Whether you are a seasoned expert or just starting with Ansible,

Already successfully presented at both the London Ansible MeetUp and AnsibleFest 2021, this newly revised session (adapted to the exciting Ignite format) aims to promote interest and excitement in the field of positive psychology, and demonstrate how you don't need to work in this field to benefit from it. In fact, the design of Ansible directly supports positive psychology, and in this session I will demonstrate how.

Yaml can be a good compromise between free form text and the rigidity of a markup language depending on the schema imposed. Jinja imitates python's strong, implicit typing but as a template imposed on yaml, it's both structureless and fundamentally at conflict with a whitespace-sensitive language such as yaml. Allowing users to dynamically assemble source data in production means they can't test before that point. Can we shift invariant parts of config left into CI while keeping CI fixed while production continues to grow?

Resources are often downloaded from the internet, also in automation scripts. It is often impossible or cumbersome to validate the downloads integrity and authenticity. At Asfaload, we want to propose a solution we think is both practical and efficient.

Re-kicking failed pipelines and workflows can become tedious particularly when these are transient failures, impacting performance and costing resources. In this talk we will show you how you can improve the reliability of your pipelines, through the use of an automated workflow re-starter which will automatically trigger a rerun of your workflows in Github Actions.

A lot of people ask me about what's changed in Puppet since older versions 4 or 3 or older so this whistlestop ignite will look to highlight how Puppet has changed and give some quick tips what to look for and modernize

As AI integration becomes crucial for advanced data systems, automation is essential to managing these increasingly complex environments. This talk will explore the use of Ansible to automate the deployment of a Neo4j GenAI environment on Fedora. By leveraging Ansible playbooks, we will set up a fully functional AI-powered graph database that integrates with OpenAI for retrieval-augmented generation (RAG) tasks. The session will guide technical users through best practices for automating Neo4j environments, configuring AI APIs, and handling large-scale data queries efficiently using modern infrastructure-as-code techniques.

The Foreman project has recently moved big parts of its CI to GitHub Actions (GHA), to allow better re-use of code between repositories, easier control of CI by repository owners and to reduce the maintenance cost of infrastructure. As with any other migration, this was not painless, but we learned a lot, created many useful snippets and found more places for improvement.

In this talk we will share the benefits of this migration for developers, show how the created workflows can be used in other projects, but also highlight problems that GHA has over Jenkins and what we plan to do to fix these.

Modern IT environments require infrastructure testing to ensure that systems are reliable, secure, and functioning as expected. Without thorough testing, undetected issues can lead to system failures, security vulnerabilities, and significant downtime, which can be costly and damaging.

We share our experiences with tools such as testinfra, serverspec or goss to ensure the functionality of lab and customer environments. Framework such as DevSec can support achieving industry recognized security standards and benchmarks. Highlighting the challenges and best practices in testing multiple identically configured environments, the session provides insights in projects from the field.

Kubernetes is still quite a popular choice with wide community adoption to run containerised workloads in the Cloud, but it doesn’t come with batteries included. And some of that is intentional to allow freedom to make different choices or extend its functionality as needed. For example scaling compute nodes is one of the things which is not built-in. Making sure you’re doing it in most efficient and cost-efficient way is paramount. But it’s not just efficienty than separates Karpenter (an open-source node lifecycle management) from other options, but also how it can help you stay on top with compliance, patching and drift. The project has come a long way in the last couple of year and it was also adopted by CNCF/SIG Autoscaling making it alternative approach compared to de-facto Cluster Autoscaler project. I this talk I’ll show how to set it up, different use cases and demonstrate hands-on what to expect in the real world scenario.

"People don't want to work anymore!
"We can't find good employees!"
"We'd totally want better gender parity, but we just don't get applications from women!"

If quotes like this bounce around in your organisation, it's doing something wrong. Horribly wrong.

Unlock the full potential of your Azure infrastructure with the combined power of Bicep and the Microsoft Graph API. We can now leverage Graph objects within Bicep.

In this session, we will explore how Bicep, Azure’s domain-specific language for deploying resources, can be seamlessly integrated with the Graph to enhance your Infrastructure as Code (IaC) strategy.

Puppet is a mature tool, the company behind it has changed over the years and most of the people who developed it, are no more working there.
For somebody Puppet is old, solving problems that are no more current.
Yet, Puppet is still around , and as long as there'll be systems to manage over time, there'll be the need of such a tool.
The question is if the tool of choice is going to be Puppet or not.
What's its present and future?
We will analyse the current Puppet situation, market demand and perception, and spend our two cents on what could be done to improve perception, usage and adoption.
We will also try to raise the topic with the people in the audience, when the presentation will turn into a discussion, possibly stirring ideas and suggestions.

As automation becomes ever more important, safe and secure management of secrets is paramount. It is vital that secrets are managed in a secure, centralized manner and that control is thus maintained over them. In this session we will explore the integration of Ansible with Conjur Open Source, and how this lends itself perfectly to secure, centralized secrets management. As a bonus, we'll even explore how Conjur Open Source can be used in a wider context to provide secrets to other platforms, and even rotation of credentials on a Linux server can be managed.

Ansible engineering has been working on transforming AWX to a pluggable, service-oriented architecture. We’ve announced plans via the community forum and have said that the transformation will make AWX more scalable and easier to contribute to.

This talk focuses on some of the challenges the Ansible engineering team at Red Hat have faced with AWX and how the re-architecture work is intended to resolve them. We’ll also have a look at some of the pain points for contributors and how Red Hat wants to remove obstacles for the community. Finally, we’ll have a brief look at what the future might hold for AWX after the re-architecture work is complete.

Using open source projects to bootstrap will help you bring your product to market faster, right? We all know that idea, and countless startups have proven it true. But it’s what you do afterwards that really matters. Being a good open source citizen is more than just chucking your source code at a GitHub repository (or worse, only part of your source code!) and expecting to reap the benefits of an open source community forever.

A true open source company invites collaboration and actively participates. Its engineers and product managers engage with pull requests and issues and help steward feature growth that actually matters to the users. It communicates openly with its community about statuses and roadmaps, even when the news isn’t super rosy. And it contributes fixes upstream to the projects it uses.

This isn’t just idealism. Ignoring community leads to stagnation and a poor market fit. I’m sure we’ve all seen examples of that. This talk will explore how companies can genuinely contribute to the open source community, building real connections and creating lasting impact together with their users.

Let's see how Foreman, an open-source lifecycle management tool, simplifies the provisioning process by leveraging customized NetBoot ISO images.

We'll cover the basics of Foreman, its integration with PXE boot workflows, how NetBoot ISO can be helpful in your environment, and use cases that might improve your workflows, like automating provisioning or provisioning in an environment without managed DHCP.

While Infrastructure as Code (IaC) has become the standard for managing cloud resources using tools like Terraform, Pulumi, and Bicep, writing templates can still be a time-consuming task. But what if infrastructure could be automatically inferred from your application code? In this session, we’ll explore the emerging concept of "Infrastructure from Code" and evaluate the maturity of tools like Radius, Dapr, and Nitric. Are these tools ready to replace IaC? Join us to find out if it’s time to make the leap to a more seamless infrastructure experience.

In a world of fast-moving AI adoption, the big players want you to play with their versions of AI. The problem, though, is that their AI is usually built in a way that is closed off from the eyes of our tech community, with little or no oversight for choices and legal grey areas for usage and adoption.

What if I told you there was a way to get the best of both worlds? An AI solution that can be externally verified and trusted legally, and we want you, yes, you, to join us in building a genuinely transparent AI solution.

This is what the Granite and Granite-Code foundational models are. You can read the paper on how the model was initially trained and have IBM's lawyers back up claims made from using Granite or Granite-Code usage. Can your other AI providers say that? Will they give you the design documents on how they built it from the ground up? Or will they put their lawyers behind your usage of their AI? Would you put your business at risk of using something like this when the legal area is so grey and ever-changing?

But that's only a point in time; you also need to add skills and knowledge to the ever-growing AI system, which is where InstructLab comes into play. During this presentation/workshop, we will be showing you why you should care about Open Source AI, teach you how to leverage a purely Open Source AI for a local "co-pilot" like experience, and then help train the Granite foundational model with new knowledge, giving you the skills to help build a genuinely transparent AI.
Join us and learn with us. We want to build a future of transparency and legal protection for AI engineers.

Managing complex network infrastructure can be daunting, especially when dealing with multiple protocols and devices. This session demonstrates how Ansible’s validated network content simplifies the entire process. We’ll explore using the network.base, network.bgp, network.ospf, network.interfaces, and network.backup collections to automate deployment, validation, and backup workflows.

This talk will walk through and provide examples and war stories on how kubernetes can be used not only in large scale environments but also in small and small-ish scale environments.

We're nearly two decades into cloud. Where have all the apps gone? You'd think it'd be simple to answer that question: probably all in the cloud, right? It turns out the answer is elusive. I've tried for years! It could be as much as 70%, or as low as 30%. Maybe. Those numbers could be hokum. These are apps you manage and write, you should know where they tend to live. This talk will go over my latest investigations into this mystery with no goal other than gather up the clues and wire them up with red crazy board string. I'll then speculate how that newly updated crazy board can drive how you think about what about it, if anything.

Within Puppet one can separate code and data using Hiera - a hierarchical data backend.
Data itself can be queried from Puppet modules.
This allows Puppet developers to provide generic code, where other people - like application responsible teams - can take over the configuration details by providing data only.
Data is usually YAML format - which many people consider being simple to learn.

Hiera also allows one to make use of individual data merges to reflect individual system needs.
One might find it challenging when it comes to analysing the result of a lookup and comparing these between different nodes.
Hiera Data Manager (HDM) provides a Web UI to Hiera data.

I am going to explain Hiera, the way how you can modify results and access shared data and how HDM can help analysing data results or issues.

Ansible roles were introduced to simplify the organization and reuse of automation tasks, providing a structured, portable way to manage tasks, configurations, dependencies, and variables. Originally intended to streamline complex playbooks, roles have become a cornerstone of efficient Ansible usage. However, many users still fail to fully understand how to leverage their full potential.
In this presentation, we will start by revisiting the foundational concepts of Ansible roles and their intended use. We will then explore the noteworthy enhancements and features added to Ansible roles in recent years.
Attendees will learn recommended practices to maximize the utility of Ansible roles, including strategies for modular role design, effective use of variables, argument specifications, and defaults, and techniques for role testing and validation. By adopting these practices, you can enhance the maintainability and scalability of your automation projects.
Finally, we will look ahead to upcoming developments aimed at further enhancing the portability and maintainability of Ansible roles. This includes new features and improvements that will make it easier to share, reuse, and manage roles across diverse environments.
Join us to ensure you’re not just using Ansible roles, but using them right.

We’re one of the few companies running a fully IPv6-native cloud solution. While AWS claims full IPv6 support, there are always caveats. Many well-known open-source tools we use also face IPv6 issues. I've led this migration twice — failed once, succeeded in my current role — and felt like I was pioneering it both times. This experience could benefit others.

Foreman has had support for using Ansible as a remote execution provider for some time already, but only in push mode. This talk will explore one of the ways how we could run Ansible on managed hosts without ever opening a SSH connection to them.

Do you have an idea for automating something but don’t know where to start? Are you interested in becoming an Ansible developer? This talk is for you!

Modules are individual units of code that perform specific tasks. You can think of modules as the building blocks of Ansible automation. There are already thousands of Ansible modules for all kinds of tasks, such as the “yum” and “apt” modules for package management, the “file” and “copy” modules for file handling on Linux systems, to the “kubernetes”, “aws”, and “azure” modules for cloud platforms. As new technologies and use cases emerge, so does the need for corresponding modules.

Join this session to get a brief overview of the module development process. You’ll learn the basics of creating a new module, find out what tools you should use, and how you can contribute your work to the Ansible community.

This session will also briefly explain how modules work, and their lifecycle, during task execution, which might be of interest to Ansible users in general. During this part of the session, we'll look at various network transport concepts related to modules, such as SSH and WinRM for execution on Windows hosts.

In this talk, we will introduce Kairos, an open-source project that aims to create immutable Operating Systems designed for Kubernetes. This includes a toolset that simplifies operations at the edge in a cloud-native way.

Edge computing has become increasingly popular due to its ability to save costs by processing information closer to the data before sending filtered and computed information to a centralized application or data warehouse hosted in the cloud. Kubernetes is an ideal solution for edge computing because it natively builds components that facilitate the lifecycle management of modern edge applications.

However, as we scale the number of edge locations, we face operational challenges, such as interacting with cluster configurations at scale without creating unique configurations for each location, ensuring security for remote clusters and applications, upgrading Kubernetes clusters without specific domain knowledge, and minimizing disruptions during maintenance windows for smaller form factor hardware.

Kairos acts as an engine delivering immutable Kubernetes-enabled Linux OS from OCI conformant container images. It provides unique capabilities such as VPN peer-to-peer mesh, a distributed ledger to automate Kubernetes cluster bootstrapping and coordination, and zero-touch provisioning with a QR code scan. But more importantly, it uses a declarative model backed by Kubernetes CRDs. It manages distributed Kubernetes operations at the edge from a centralized Kubernetes cluster.

In this presentation, we will explain the foundations and concepts of Kairos and demonstrate its capabilities.

Years before Eli Goldratt would publish his Theory of Constraints, William Edwards (Ed) Deming was applying statistical analysis and physics to fix problems with productivity. In this session, John Willis, co-author of ‘The DevOps Handbook’, and author of ‘Demings Journey to Profound Knowledge,’ will introduce you to Deming’s life and research, and show you how his work still heavily influences DevOps and Platform Engineering today. From the real-life Rosie the Riveter to a hacker writing US cybersecurity law, Deming’s ingenuity and system of thinking, the System of Profound Knowledge, changed how we think in the modern world.

In today's complex IT environments, it is more important than ever to automate tasks and processes. Event-Driven Ansible is a new feature of Ansible that allows you to automate IT tasks based on events that occur in your IT environment. This session will provide an introduction to Event-Driven Ansible, including what it is, how it works, and the benefits of using it. We will also discuss some examples of how Event-Driven Ansible can be used in real-world scenarios.

Grafana alone is nice, but might be a bit meaningless if one has no Anomaly Detection and Root Cause Analysis. How do we do our data actionable and proactive?

We use Puppet for about 1200 Linux machines. This talk will recount our journey in upgrading from Puppet 7 to Puppet 8. I will talk about the incompatible changes to be aware of, how we handled them, and general strategy for handling Puppet major upgrades.

Ansible yaml code is easy to write but hard to understand and reason about, hard to maintain, debug and test.
All of this until you take a functional programming perspective look at an Ansible code. Concepts from functional programming like pure functions, effects, composition, lazy evaluations and others are very much applicable and very useful in Ansible.Allow me to show you how concepts from functional programming can help you simplify Ansible content development, make your Ansible content bullet proof tested, easy to maintain, understand and reuse.
This talk does not require any prior knowledge of functional programming. It is designed to be useful to both beginners and experienced Ansible content developers.

Since the day Kargo was released, I have been exploring the idea of using it not only to deliver and promote applications but also to deliver infrastructure through its progressive delivery capabilities. Using Kubernetes-based tools like Crossplane or Pulumi, we can define infrastructure as code and deliver it progressively to our management clusters and then promote this infrastructure through different stages without the need for extra CD script magic.

Let me show you how Kargo helps platform engineering streamline and automate the progressive rollout of infrastructure changes to all stages. This talk will cover the basics of Kargo and how to use it with Infrastructure as Code tools.

I was asked to submit a Steve Ballmer style "Automation! Automation! Automation!" lightning talk, but that's really not my style.

So let's instead talk about containers!

Especially containers for Foreman.
Suiteable for running in production, with plugins and auxilary services like Candlepin and Pulp.
Running like normal system services with Podman and systemd or on your Kubernetes cluster.

We've had a Dockerfile in the main Foreman repository for over 5 years (May 2019), have been publishing it to Quay for a long time and I've heard people actually been using it. But it's not flexible (no plugins!), mainly aimed at developers and not well maintained overall (no CI until 2023!).

In this talk we will present the current iteration (luckily not actually #42!) of a possible design for running a production Foreman with plugins, bells and whistles in a container environment. We will also discuss what this (probably) means for future deployments on Foreman and upgrades of existing setups.

Your organisation has been using Puppet to manage its infrastructure, but it's grown organically over time with best practices and the long-term implications of decisions never really being thought about. A new Puppet administrator has just been handed responsibility for the Puppet infrastructure, we need to help them out.

Building on the best practices and techniques for using Ansible development tools for authoring playbooks and collections, this session focuses on the critical next step: comprehensively testing and validating your Ansible content for production environments. While creating well-structured content is essential, maintaining quality at scale requires automated testing pipelines that can validate each change consistently and reliably.

In this follow-up session, we'll demonstrate testing best practices with Ansible Navigator and Molecule. We'll also explore how to use easily incorporate Ansible testing with Pytest and how the tox-ansible plugin can simply testing across multiple Python interpreters and Ansible versions. We'll also focus on how to transform manual testing procedures into automated workflows using a GitHub Action.

Attendees will leave this talk with the tools and knowledge to stop wondering if their Ansible content will work in production and start knowing that it will!

Uyuni is an open-source configuration and infrastructure management solution for software-defined infrastructure. In case of using it in the large scale environments there could be different challenges and any of such deployment requires tweaking to meet the requirements of the exact use case.

Breakfast and Coffee & Tea - Day 3

Ansible Contributor Summit is a full day working session for community users and contributors to interact with each another along with Ansible development teams. We will discuss important issues facing the Ansible community with a goal to shape the future of Ansible in a way that improves and increases collaboration.

As part of the Foreman fringe event we want to provide a workshop for users new to Foreman at all or the orchestration functionality of Remote Execution

Heard about Nix or NixOS but never taken the chance to try it? We will help you get started with this hands-on workshop!

Join us for an Icinga Meetup, where monitoring enthusiasts, DevOps professionals, and system administrators come together to share knowledge, exchange ideas, and explore the latest in the world of monitoring. This meetup is an opportunity to connect with the Icinga community, learn about new features, and discover best practices for monitoring modern infrastructures.

This will be an opportunity for users of Pulp to share their experiences with each other and a couple of Pulp developers. Part of the time will be dedicated to gathering requirements for Pulp 4.

Puppets community day is a chance for Puppet staff, community contributors and users to get together and talk about all things Puppet, Bolt and the various open source development tools used to develop and maintain code.

SELinux is such an important part of your security posture, and with data breaches becoming more frequent and significant, it is now more important than ever to ensure you have taken every precaution to secure your environment. Unfortunately, SELinux is one of those technologies that strikes fear into the heart of so many, with a large number of people still disabling it to work around issues. In this hands on workshop, we will start from a ground up implementation of an SELinux policy, taking you through its background, why you should be considering it, and how to build up (and debug) a policy from nothing for a custom application of our own creation.

Day on how to use and Author using System Initiative

We will explore how to use CUE with the central registry, including validating JSON and YAML as well as using CUE with JSON Schema.

Run through the hands-on labs that accompany the lecture. Ideal for practitioners of Chef and anyone with a laptop curious to see Chef cook with recipes and scripts.

Are you new to Infrastructure as Code (IaC) or a seasoned expert exploring alternatives to Terraform? Perhaps you’re simply curious about Pulumi. Whatever your starting point, join us for a hands-on lab to dive into this open-source IaC solution.

Rather than just hearing about Pulumi’s benefits, you'll have the chance to form your own opinion by coding a small infrastructure project in Azure.

This lab is a fantastic opportunity to familiarize yourself with Pulumi’s core concepts while exploring advanced features, such as:

• General functionality (declarative IaC, state management, backends, providers)
• Resources, inputs, and outputs
• Configuration and environment management with stacks
• Security and encryption of secrets
• Integration with existing infrastructure
• Usage within a CI/CD pipeline

Come and experience Pulumi in action!

During this hands-on exercise, you will learn what is InstructLab and how you can leverage it to easily extend Large Language Models with your data and run them on your infrastructure. The tool makes it easy to download, run and chat with models locally on your laptop.

Heard of Nix, but too afraid of its learning curve?
Fear no more!
Bryan & Co. will stick around to work and help on everything Nix/NixOS related.
From packaging simple Go applications in NixPkgs, all the way to complex NixOS module questions, nothing's off the table.