Uyuni Saltboot - automated image deployment and lifecycle with Uyuni

•

0 gefällt mir•49 views

Deploying images is ever evolving topic. Although much of the deployments today are concerned with containers, base systems for container host are somehow needed to be deployed as well. Let me present Saltboot, part of Uyuni stack. Saltboot is building on SaltStack to make image deployment secure and together with Uyuni provides complete image lifecycle and management - from image building, staging to deployment on target machines.

Software

Uyuni Saltboot
An Automated Image Deployment And
Lifecycle
openSUSE Conference
project@lists.opensuse.org
oSC22 @openSUSE

configuration management
patch and package management
content lifecycle management
compliance auditing
image building, …

Saltboot
salt-integrated initrd
salt states and modules
partitioning and filesystem management
filesystem image deployment concept

Images
Kiwi (https://osinside.github.io/kiwi/)
Kernel, Initrd, System (KIS)
Building integrated with Uyuni
Saltboot kiwi templates
(https://github.com/SUSE/manager-build-profiles/)

Image building
Packages
Image templates
Build hosts
Image repository

Package management
Product
Channels
Activation keys

Image profiles
link channels
and image
templates

Image building
Packages ✓
Image templates – saltboot templates ✓
Build hosts
Image repository

Build hosts
VM or real HW
OS Image
entitlement

Image building
Packages ✓
Image templates – saltboot templates ✓
Build hosts ✓
Image repository (Uyuni) ✓

Deployment
manual dd command
PXE and UEFI PXE
HTTP UEFI
...

Automated deployment
manual dd command
PXE and UEFI PXE
HTTP UEFI
...

PXE, UEFI PXE, UEFI HTTP
DHCP + TFTP
DHCP + HTTP
subnet 192.168.0.0 netmask 255.255.255.0 {
if substring (option vendor-class-identifier, 0, 10) =
"HTTPClient" {
option vendor-class-identifier "HTTPClient";
filename "http://192.168.0.1/saltboot/grub.efi";
} else {
if option arch = 00:07 {
filename "boot/grub.efi";
next-server 192.168.0.1
}
else {
filename "boot/pxelinux.0";
next-server 192.168.0.1
}
}
}

TFTP server?
Uyuni Proxy pod
– squid cache
– tftp router
– salt broker
– ssh tunnel

Proxy Pod
podman pod
k8s deployment
#> spacecmd proxy_container_config_generate_cert -- proxy.example.org uyuni.example.org 30000
root@example.org -p 8022
#> scp config.tgz containerhost:
#> ssh containerhost -- tar -xf config.tgz -C /etc/uyuni
#> ssh containerhost -- systemctl enable --now uyuni-proxy-pod

Image? Where? Where to?
Server discovery
Partitioning
Image selection

Saltboot Group
Salt pillar data
– group id
– image repo
server
– naming
PXE menu

Partitioning
Saltboot pillar
Disk selection and partitioning
Image selection

Partitioning
partitioning:
----------
disk:
----------
device:
*
disklabel:
gpt
level:
1
partitions:
----------
p1:
----------
flags:
swap
format:
swap
size_MiB:
2000

Hardware type group
Auto assignment of machines to the group
Group with common partitioning setup

Salt and saltboot security
Salt PKI
Image validation
Image encryption

Image lifecycle
Uyuni knows what is in the image
– CVE auditing
Manual image rebuilds

Weitere ähnliche Inhalte

Ähnlich wie Uyuni Saltboot - automated image deployment and lifecycle with Uyuni

Developing IT infrastructures with Puppet

Alessandro Franceschi

Centos

sandyy12

Instalando Cacti no CentOS 5

Carlos Eduardo

The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration

Erica Windisch

Build Your Own CaaS (Container as a Service)

HungWei Chiu

A Presentation about Puppet that I've made at the OSSPAC conference

ohadlevy

Continuous Delivery helps to keep your software and Docker images updated and deploy new versions in production easily. Microservices are great at reducing the attack vector and limiting the privileges or credentials access of each piece of your application. Containers provide an opportunity to implement better security, small, immutable, single process and purpose. In this session, we will discover real use case examples on how to make your CI/CD pipeline interact with Docker security tools. But security doesn’t stop where your deployment pipeline ends. How can we prepare for 0-days and policy violations that happen at run-time? Can we make it part of the CI/CD process?

CI / CD / CS - Continuous Security in Kubernetes

Sysdig

Join us to discover how to use the PHP frameworks and tools you love in the Cloud with Heroku. We will cover best practices for deploying and scaling your PHP apps and show you how easy it can be. We will show you examples of how to deploy your code from Git and use Composer to manage dependencies during deployment. You will also discover how to maintain parity through all your environments, from development to production. If your apps are database-driven, you can also instantly create a database from the Heroku add-ons and have it automatically attached to your PHP app. Horizontal scalability has always been at the core of PHP application design, and by using Heroku for your PHP apps, you can focus on code features, not infrastructure.

PHP on Heroku: Deploying and Scaling Apps in the Cloud

Salesforce Developers

Bare Metal to OpenStack with Razor and Chef

Matt Ray

Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more. In this demo, I will show how to build a Apache image from a Dockerfile and deploy a PHP application which is present in an external folder using custom configuration files.

Docker - Demo on PHP Application deployment

Arun prasath

Kubernetes for the PHP developer

Paul Czarkowski

PVS-Studio in the Clouds: Travis CI

Andrey Karpov

Uyuni is a software-defined infrastructure and configuration management solution. You can use it to bootstrap physical servers, deploy and update packages and patches -even with content lifecycle management features- create VMs for virtualization and cloud, builds container images, tracks what runs on your Kubernetes clusters, CVE audit your machines and containers, etc. All using Salt under the hood!

Uyuni, the solution to manage your Linux infrastructure

Uyuni Project

Deploying Symfony2 app with Ansible

Roman Rodomansky

E D - Environmental Dependencies in Python

Adam Englander

How to manage Azure with open source

Ubuntu Korea Community

How to manage Microsoft Azure with open source

Taehee Jang

Introduction to Docker

Nissan Dookeran

Docker-v3.pdf

Bruno Cornec

Chicago Docker Meetup Presentation - Mediafly

Mediafly

Ähnlich wie Uyuni Saltboot - automated image deployment and lifecycle with Uyuni (20)

Developing IT infrastructures with Puppet

Centos

Instalando Cacti no CentOS 5

The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration

Build Your Own CaaS (Container as a Service)

A Presentation about Puppet that I've made at the OSSPAC conference

CI / CD / CS - Continuous Security in Kubernetes

PHP on Heroku: Deploying and Scaling Apps in the Cloud

Bare Metal to OpenStack with Razor and Chef

Docker - Demo on PHP Application deployment

Kubernetes for the PHP developer

PVS-Studio in the Clouds: Travis CI

Uyuni, the solution to manage your Linux infrastructure

Deploying Symfony2 app with Ansible

E D - Environmental Dependencies in Python

How to manage Azure with open source

How to manage Microsoft Azure with open source

Introduction to Docker

Docker-v3.pdf

Chicago Docker Meetup Presentation - Mediafly

Kürzlich hochgeladen

Agnieszka Andrzejewska - BIM School Course in Kraków

bim.edu.pl

COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...

naitiksharma1124

CompTIA Security+ (Study Notes) for cs.pdf

Furqanuddin10

The Impact of PLM Software on Fashion Production

Wave PLM

INGKA DIGITAL: Linked Metadata by Design

Neo4j

Studiovity film pre-production and screenwriting software

info611746

This is a classic migration case study (the past, current and the future) at scale from a world-wide company transitioning from Confluent Platform and Confluent Cloud to self-managed Apache Kafka on Kubernetes using Strimzi. At Maersk, we have been architecting, designing and implementing our 3rd generation Event Streaming Platform. This platform is based on Kubernetes in Azure and using Strimzi to operate Apache Kafka at large scale, highly reliable, segregating data based on isolated use cases. Our 2nd generation was based on OnPrem Confluent Platform and Confluent Cloud and this presentation is the story of this migration and reasoning behind it. Furthermore, we would get into details on how we monitor (Grafana, Prometheus), alert (GoAlert and alert as code), operate and provide self-service solutions on top of Strimzi to enable business critical application in Maersk, implemented in GoLang using the GitOps deployment model with Flux and Kustomization among others. Finally, if time allows we will end with a demo of an open-source self service tool to monitor and explore the cluster with most wanted features such as topic message browsing and configuring and restarting connectors.

StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi.pdf

steffenkarlsson2

OpenChain @ LF Japan Executive Briefing - May 2024

Shane Coughlan

KLARNA - Language Models and Knowledge Graphs: A Systems Approach

Neo4j

IT Software Development Resume, Vaibhav jha 2024

vaibhav130304

How to download files safely from the internet ? Source: <a href="https://www.downloadsafely.com/">Download Safely</a> -Welcome to Secure Downloading&Surfing. Learn how to safely download files and protect your data while browsing the web. Let's dive into the world of secure surfing! Understanding the Risks Discover the potential threats associated with downloading files from the internet and the impact of malicious software on your device.

how-to-download-files-safely-from-the-internet.pdf

Mehmet Akar

"Introduction to Windows 7" serves as the foundational chapter in our guide, setting the stage for understanding the key features and functionalities of this operating system. Windows 7, released by Microsoft in 2009, quickly became one of the most popular and widely used versions of Windows due to its user-friendly interface, stability, and performance improvements over its predecessor, Windows Vista. This chapter begins by providing an overview of the Windows 7 operating system, highlighting its key attributes and improvements compared to earlier versions of Windows. It introduces users to the visual enhancements such as Aero Glass, the revamped taskbar (also known as the Superbar), and the redesigned Start menu, which all contribute to a more intuitive and streamlined user experience. Furthermore, "Introduction to Windows 7" delves into the architecture and system requirements of the operating system, helping users understand what hardware specifications are necessary for optimal performance. It covers topics such as processor requirements, RAM, disk space, and graphics capabilities, ensuring that readers have a clear 3 understanding of the hardware prerequisites for running Windows 7 smoothly. Additionally, this chapter explores the various editions of Windows 7, including Home Premium, Professional, Ultimate, and Enterprise, outlining the differences between them and helping users choose the edition that best suits their needs and requirements. Moreover, "Introduction to Windows 7" provides an overview of the installation process, guiding users through the steps required to install or upgrade to Windows 7 on their computers. It covers topics such as preparing for installation, choosing the installation type (upgrade or custom), partitioning disks, and configuring initial settings. In summary, "Introduction to Windows 7" serves as a comprehensive primer for users who are new to the operating system or seeking to refresh their understanding. By familiarizing themselves with the core concepts and features of Windows 7, readers can lay a solid foundation for exploring more advanced topics covered in subsequent chapters of this guide.

Mastering Windows 7 A Comprehensive Guide for Power Users .pdf

mbmh111980

AI/ML Infra Meetup May. 23, 2024 Organized by Alluxio For more Alluxio Events: https://www.alluxio.io/events/ Speaker: - Junchen Jiang (Assistant Professor of Computer Science, @University of Chicago) Prefill in LLM inference is known to be resource-intensive, especially for long LLM inputs. While better scheduling can mitigate prefill’s impact, it would be fundamentally better to avoid (most of) prefill. This talk introduces our preliminary effort towards drastically minimizing prefill delay for LLM inputs that naturally reuse text chunks, such as in retrieval-augmented generation. While keeping the KV cache of all text chunks in memory is difficult, we show that it is possible to store them on cheaper yet slower storage. By improving the loading process of the reused KV caches, we can still significantly speed up prefill delay while maintaining the same generation quality.

AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG

Alluxio, Inc.

In his book, The Nature of the Physical World, Sir Arthur Eddington commented that “We have to appeal to the one outstanding law — the second law of thermodynamics — to put some sense into the world.” This sense-making goes beyond the physical world, too. Entropy is also essential in the fields of information and communication theory. During this lecture for the Princeton Plasma Physics Laboratory, lecturer Andrea Goulet discussed the application of entropy-related concepts in two communication systems: software and collaborative teams. She examined how concepts that help us understand systemic statistical disorder, such as ergodic systems, Lyapunov exponents, Kolmogorov-Sinai entropy, and Shannon-entropy can help us optimize for both software quality and innovation. She also provided several domain-specific models: Lehman’s Laws and Conway’s Law for software, as well as new models from her own research that relate to entropy and innovation. Entropy helps us understand the world and achieve great things. There is an underlying beauty in its principles that we can use to advance scientific discovery. When we understand the subtleties related to balancing surprise and structure, we increase our chances for effective collaboration and finding novel solutions to complex problems.

Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...

Andrea Goulet

APVP,apvp apvp High quality supplier safe spot transport, 98% purity

amy56318795

AI/ML Infra Meetup May. 23, 2024 Organized by Alluxio For more Alluxio Events: https://www.alluxio.io/events/ Speaker: - Lu Qiu (Data & AI Platform Tech Lead, @Alluxio) - Siyuan Sheng (Senior Software Engineer, @Alluxio) Speed and efficiency are two requirements for the underlying infrastructure for machine learning model development. Data access can bottleneck end-to-end machine learning pipelines as training data volume grows and when large model files are more commonly used for serving. For instance, data loading can constitute nearly 80% of the total model training time, resulting in less than 30% GPU utilization. Also, loading large model files for deployment to production can be slow because of slow network or storage read operations. These challenges are prevalent when using popular frameworks like PyTorch, Ray, or HuggingFace, paired with cloud object storage solutions like S3 or GCS, or downloading models from the HuggingFace model hub. In this presentation, Lu and Siyuan will offer comprehensive insights into improving speed and GPU utilization for model training and serving. You will learn: - The data loading challenges hindering GPU utilization - The reference architecture for running PyTorch and Ray jobs while reading data from S3, with benchmark results of training ResNet50 and BERT - Real-world examples of boosting model performance and GPU utilization through optimized data access

AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...

Alluxio, Inc.

Implementing KPIs and Right Metrics for Agile Delivery Teams.pdf

Victor Lopez

5 Reasons Driving Warehouse Management Systems Demand

Canary7-Warehouse Management System

Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...

rajkumar669520

10 Essential Software Testing Tools You Need to Know About.pdf

kalichargn70th171

Kürzlich hochgeladen (20)

Agnieszka Andrzejewska - BIM School Course in Kraków

COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...

CompTIA Security+ (Study Notes) for cs.pdf

The Impact of PLM Software on Fashion Production

INGKA DIGITAL: Linked Metadata by Design

Studiovity film pre-production and screenwriting software

StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi.pdf

OpenChain @ LF Japan Executive Briefing - May 2024

KLARNA - Language Models and Knowledge Graphs: A Systems Approach

IT Software Development Resume, Vaibhav jha 2024

how-to-download-files-safely-from-the-internet.pdf

Mastering Windows 7 A Comprehensive Guide for Power Users .pdf

AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG

Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...

APVP,apvp apvp High quality supplier safe spot transport, 98% purity

AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...

Implementing KPIs and Right Metrics for Agile Delivery Teams.pdf

5 Reasons Driving Warehouse Management Systems Demand

Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...

10 Essential Software Testing Tools You Need to Know About.pdf

Uyuni Saltboot - automated image deployment and lifecycle with Uyuni

1. Uyuni Saltboot An Automated Image Deployment And Lifecycle openSUSE Conference project@lists.opensuse.org oSC22 @openSUSE

2. Uyuni Saltboot

4. configuration management patch and package management content lifecycle management compliance auditing image building, …

5. configuration management patch and package management content lifecycle management compliance auditing image building, …

6. Saltboot salt-integrated initrd salt states and modules partitioning and filesystem management filesystem image deployment concept

7. Saltboot salt-integrated initrd salt states and modules partitioning and filesystem management filesystem image deployment concept

8. Automated image deployment

9. Images Kiwi (https://osinside.github.io/kiwi/) Kernel, Initrd, System (KIS) Building integrated with Uyuni Saltboot kiwi templates (https://github.com/SUSE/manager-build-profiles/)

10. Images Kiwi (https://osinside.github.io/kiwi/) Kernel, Initrd, System (KIS) Building integrated with Uyuni Saltboot kiwi templates (https://github.com/SUSE/manager-build-profiles/)

11. Image building Packages Image templates Build hosts Image repository

12. Package management Product Channels Activation keys

13. Package management Product Channels Activation keys

14. Package management Product Channels Activation keys

15. Image building Packages ✓ Image templates Build hosts Image repository

16. Image profiles link channels and image templates

17. Image building Packages ✓ Image templates – saltboot templates ✓ Build hosts Image repository

18. Build hosts VM or real HW OS Image entitlement

19. Image building Packages ✓ Image templates – saltboot templates ✓ Build hosts ✓ Image repository

20. Image building Packages ✓ Image templates – saltboot templates ✓ Build hosts ✓ Image repository (Uyuni) ✓

21. Image build link image profile with build host initiate build

22. Automated image deployment

23. Deployment manual dd command PXE and UEFI PXE HTTP UEFI ...

24. Automated deployment manual dd command PXE and UEFI PXE HTTP UEFI ...

25. PXE, UEFI PXE, UEFI HTTP DHCP + TFTP DHCP + HTTP subnet 192.168.0.0 netmask 255.255.255.0 { if substring (option vendor-class-identifier, 0, 10) = "HTTPClient" { option vendor-class-identifier "HTTPClient"; filename "http://192.168.0.1/saltboot/grub.efi"; } else { if option arch = 00:07 { filename "boot/grub.efi"; next-server 192.168.0.1 } else { filename "boot/pxelinux.0"; next-server 192.168.0.1 } } }

26. TFTP server? Uyuni Proxy pod – squid cache – tftp router – salt broker – ssh tunnel

27. Proxy Pod podman pod k8s deployment #> spacecmd proxy_container_config_generate_cert -- proxy.example.org uyuni.example.org 30000 root@example.org -p 8022 #> scp config.tgz containerhost: #> ssh containerhost -- tar -xf config.tgz -C /etc/uyuni #> ssh containerhost -- systemctl enable --now uyuni-proxy-pod

28. Automated image deployment

29. Automated image deployment

30. Image? Where? Where to? Server discovery Partitioning Image selection

31. Saltboot Group Salt pillar data – group id – image repo server – naming PXE menu

32. Partitioning Saltboot pillar Disk selection and partitioning Image selection

33. Partitioning partitioning: ---------- disk: ---------- device: * disklabel: gpt level: 1 partitions: ---------- p1: ---------- flags: swap format: swap size_MiB: 2000

34. Hardware type group Auto assignment of machines to the group Group with common partitioning setup

35. Automated image deployment

36. Salt and saltboot security Salt PKI

37. Salt and saltboot security Salt PKI

38. Salt and saltboot security Salt PKI Image validation Image encryption

39. Automated image deployment

40. Image lifecycle Uyuni knows what is in the image – CVE auditing Manual image rebuilds

41. Q&A

42. https://www.uyuni-project.org/

Uyuni Saltboot - automated image deployment and lifecycle with Uyuni

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Ähnlich wie Uyuni Saltboot - automated image deployment and lifecycle with Uyuni

Ähnlich wie Uyuni Saltboot - automated image deployment and lifecycle with Uyuni (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Uyuni Saltboot - automated image deployment and lifecycle with Uyuni