SlideShare ist ein Scribd-Unternehmen logo

vmaf deployement & upgrade for software projects

Als PPTX, PDF herunterladen
Thierry Gayet
Thierry Gayet

vmaf deployement & upgrade for software projects

Software
1 von 39
lundi 13 mars 2023 VMAF DEPLOYMENT & UPGRADE Thierry GAYET
 Because the VMAF server will need to de deployed to bytel, the question on how NN6 will deliver the firmware is now an actual question.  In order to not be too specific to TESTTREE, a thinking have been done in order to see how server may be install or upgraded by using generic and common way to proceed. GOAL / INTRODUCTION 2
INTRODUCTION
VMAF – ARCH. 4 STREAMPROBE Rabbit MQ VMAF Pool of vmaf ip address (scalling) HTTPS REST API + OAUTH2 PROTOCOL : HTTPS IPV4(s) PORTS OAUTH2 TOKEN IPV4 PORT USERNAME PASSWORD QUEUE_NAME
 The streamprobe gray interface manage :  Database (mariadb start/stop, reset db  Network (ip interfaces, DNS, NTP  Security (iptables, ldaps, fail2ban, rsyslog)  Storage (fstab, create partition, format, LUKS encryption)  Upgrade  Boot  Actions (reboot,shutdown, hardware inventory STREAMPROBE’S BUILDROOT 5
 The VMAF appliance should not be specific to testtree bu must be usable by any project  That’s why the vmaf appliance has been designed with standard interfaces :  A standard REST API for commands/ input request  A common message broker (rabbitMQ) for responses GOAL 6
DEVSECOPS CYCLE
DEVSECOPS CYCLE 8
DEVSECOPS CYCLE 9
DEVSECOPS CYCLE 10
NEW APPROACH FOR UPGRADING
12 INTERNET CUSTOMER NOSQL DB BACKEND FRONTEND / GUI DOCKER REGISTRY PACKAGE REGISTRY LICENCE REGISTRY PRODUCTION INTEGRATION DEVELOPMENT NN6 NETWORK MQTT MQTT CLIENT GITLAB-CI/CD
 A customer :  View all of his devices with their version and licence  View all release in relation of the devices  Can synchronise upgrade items with the cutomer upgrade appliance  Can download upgrade items within a pgp encrypted archive  Can launch an upgrade process from the main ui to the customer’s site  NN6 team :  View all device with their current release  Locate all customer on a worldmap  Investigate on equipment using encrypted vpn (over a ssl tummel) REQUIREMENTS 13
14 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND FRONTEND / GUI NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) UPGRADE APPLIANCE
INSTALLING A SERVER
 Streamprobe  Baremetal  Native BIOS : boot from usb key generated from the img  Idrack (DELL) : using the img key  Ipmi (SUPERMICRO) : boot from usb key generated from the img  VMWARE ESXI  Ova image  Mediacast  Baremetal (supermicro)  VMWARE ESXI  Boot from an ISO image then launch an installer that register RPMS Inventory of the way to install (1/2) 16
 Smartgate vt / vt2  Baremetal :  Boot from ISO image then install docker (docker swarm orchestrator)  VMWARE ESXI  Boot from ISO image then install packages  eBox (medicast Mobile + lte gcsas server)  Fedora image install manually then install qemu images (gcow2) Inventory of the way to install (2/2) 17
 Which ALMA release V8 or v9 ?  Using an ISO image burn on an USB key, or directly the ISO image (http://mirror.almalinux.ikoula.com/9.2/isos/x86_64/)  Compatible with:  VMWARE ESXI  BAREMETAL  IDRACK (DELL)  IPMI (SUPERMICRO) ALMA 18
 May use ALMA linux but we require ALPINE as possible  Does not need any base install  HELM/CHARTs is the best deployment method to push docker container and/or services K8S 19
UPGRADING A SERVER
 A customer may :  Have several location with UPGRADE APPLIANCE  Inventory all local appliance (by type/release)  Thus, upgrade may control several point through MQTT connexion Requrements 21
22 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) FRONTEND / GUI UPGRADE APPLIANCE Licence push Architecture based on an ALMA OS Architecture based on an ALMA OS ALMA OS
23 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) FRONTEND / GUI UPGRADE APPLIANCE Licence push Architecture based on Kubernetes (K8S) K8S
Upgrade for customer network connected to Internet (ONLINE)
25 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 0. At the very beginning the customer network (DMZ) subscribe to the MQTT FRONTEND / GUI UPGRADE APPLIANCE Licence push
26 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 1. A new firwmare is released officially, an email may be sent to the customer by the backend FRONTEND / GUI UPGRADE APPLIANCE Licence push
27 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND FRONTEND / GUI NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 2. The backend will detect a new release for a customer devices and send an email may be sent to the customer by the backend UPGRADE APPLIANCE Licence push
28 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND FRONTEND / GUI NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 3. Now, the customer check his dashboard of all its devices and the release note and can decide which on to upgrade (just on, a subset or all) UPGRADE APPLIANCE Licence push
29 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 5. A message is sent to the upgrade appliance by sending a message throught MQTT. FRONTEND / GUI UPGRADE APPLIANCE Licence push
30 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 6. A synchronisation is done to get the new firmware (docker, package, licences, … ) FRONTEND / GUI UPGRADE APPLIANCE Licence push
31 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 7. Finaly the upgrade appliance upgrade all devices (by set, not all in the same time), then send a feedback over MQTT to NN6 (for the support team). FRONTEND / GUI UPGRADE APPLIANCE Licence push
Upgrade for customer network not connected to Internet (OFFLINE)
33 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Docker push https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 1. A new firwmare is released officially, an email may be sent to the customer by the backend FRONTEND / GUI UPGRADE APPLIANCE
34 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Docker push https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 2. The backend will detect a new release for a customer devices and send an email may be sent to the customer by the backend FRONTEND / GUI UPGRADE APPLIANCE Licence push
35 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Docker push https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND FRONTEND / GUI NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 3. Now, the customer check his dashboard of all its devices and the release note and can decide which on to upgrade (just on, a subset or all) UPGRADE APPLIANCE Licence push
36 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Docker push https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 4. An encrypted (pgp) tarball is now downloaded PGP TARBALL download ENCRYPTED TARBALL (static update) Generate FRONTEND / GUI UPGRADE APPLIANCE Licence push
37 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Docker push https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) ENCRYPTED TARBALL (static update) FRONTEND / GUI UPGRADE APPLIANCE Licence push 5. Now the cutomer can upload the encrypted (pgp) tarball that contains all update for the customer’s devices. Upload
38 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 6. Finaly the upgrade appliance upgrade all devices (by set, not all in the same time) ; it may be interesting to got a feedback on the serveur upgraded ! FRONTEND / GUI UPGRADE APPLIANCE Licence push
ENENSYS 4A rue des Buttes CS 37734 35 577 Cesson-Sévigné – France Phone (+33) 1 70 72 51 70 Email contact@test-tree.com www.enensys.com 39

Empfohlen

VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld
 
How Zalando runs Kubernetes clusters at scale on AWS - AWS re:Invent
How Zalando runs Kubernetes clusters at scale on AWS - AWS re:InventHow Zalando runs Kubernetes clusters at scale on AWS - AWS re:Invent
How Zalando runs Kubernetes clusters at scale on AWS - AWS re:Invent
Henning Jacobs
 
VMworld Europe 204: Technical Deep Dive on EVO: RAIL, the new VMware Hyper-Co...
VMworld Europe 204: Technical Deep Dive on EVO: RAIL, the new VMware Hyper-Co...VMworld Europe 204: Technical Deep Dive on EVO: RAIL, the new VMware Hyper-Co...
VMworld Europe 204: Technical Deep Dive on EVO: RAIL, the new VMware Hyper-Co...
VMworld
 
What_s_New_in_OpenShift_Container_Platform_4.6.pdf
What_s_New_in_OpenShift_Container_Platform_4.6.pdfWhat_s_New_in_OpenShift_Container_Platform_4.6.pdf
What_s_New_in_OpenShift_Container_Platform_4.6.pdf
chalermpany
 
Network performance test plan_v0.3
Network performance test plan_v0.3Network performance test plan_v0.3
Network performance test plan_v0.3
David Pasek
 
Network Design patters with Docker
Network Design patters with DockerNetwork Design patters with Docker
Network Design patters with Docker
Daniel Finneran
 
FreeSWITCH on Docker
FreeSWITCH on DockerFreeSWITCH on Docker
FreeSWITCH on Docker
建澄 吳
 
FreeSWITCH on Docker
FreeSWITCH on DockerFreeSWITCH on Docker
FreeSWITCH on Docker
Chien Cheng Wu
 

Empfohlen

VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld
 
How Zalando runs Kubernetes clusters at scale on AWS - AWS re:Invent
How Zalando runs Kubernetes clusters at scale on AWS - AWS re:InventHow Zalando runs Kubernetes clusters at scale on AWS - AWS re:Invent
How Zalando runs Kubernetes clusters at scale on AWS - AWS re:Invent
Henning Jacobs
 
VMworld Europe 204: Technical Deep Dive on EVO: RAIL, the new VMware Hyper-Co...
VMworld Europe 204: Technical Deep Dive on EVO: RAIL, the new VMware Hyper-Co...VMworld Europe 204: Technical Deep Dive on EVO: RAIL, the new VMware Hyper-Co...
VMworld Europe 204: Technical Deep Dive on EVO: RAIL, the new VMware Hyper-Co...
VMworld
 
What_s_New_in_OpenShift_Container_Platform_4.6.pdf
What_s_New_in_OpenShift_Container_Platform_4.6.pdfWhat_s_New_in_OpenShift_Container_Platform_4.6.pdf
What_s_New_in_OpenShift_Container_Platform_4.6.pdf
chalermpany
 
Network performance test plan_v0.3
Network performance test plan_v0.3Network performance test plan_v0.3
Network performance test plan_v0.3
David Pasek
 
Network Design patters with Docker
Network Design patters with DockerNetwork Design patters with Docker
Network Design patters with Docker
Daniel Finneran
 
FreeSWITCH on Docker
FreeSWITCH on DockerFreeSWITCH on Docker
FreeSWITCH on Docker
建澄 吳
 
FreeSWITCH on Docker
FreeSWITCH on DockerFreeSWITCH on Docker
FreeSWITCH on Docker
Chien Cheng Wu
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric Overview
Michelle Holley
 
Vsc 71-se-presentation-training
Vsc 71-se-presentation-trainingVsc 71-se-presentation-training
Vsc 71-se-presentation-training
narit_ton
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetes
William Stewart
 
Cozystack: Free PaaS platform and framework for building clouds
Cozystack: Free PaaS platform and framework for building cloudsCozystack: Free PaaS platform and framework for building clouds
Cozystack: Free PaaS platform and framework for building clouds
Andrei Kvapil
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting Techniques
Sreenivas Makam
 
DELL (OME) Open Manage Esentials network connections (TCP/UDP ports) and fire...
DELL (OME) Open Manage Esentials network connections (TCP/UDP ports) and fire...DELL (OME) Open Manage Esentials network connections (TCP/UDP ports) and fire...
DELL (OME) Open Manage Esentials network connections (TCP/UDP ports) and fire...
David Pasek
 
Next Generation Address Management with VitalQIP - Alcatel-Lucent and Perficient
Next Generation Address Management with VitalQIP - Alcatel-Lucent and PerficientNext Generation Address Management with VitalQIP - Alcatel-Lucent and Perficient
Next Generation Address Management with VitalQIP - Alcatel-Lucent and Perficient
Perficient, Inc.
 
The state of the swarm
The state of the swarmThe state of the swarm
The state of the swarm
Mathieu Buffenoir
 
kubernetes for beginners
kubernetes for beginnerskubernetes for beginners
kubernetes for beginners
Dominique Dumont
 
Canary deployment with Traefik and K3S
Canary deployment with Traefik and K3SCanary deployment with Traefik and K3S
Canary deployment with Traefik and K3S
Jakub Hajek
 
Practical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingPractical Design Patterns in Docker Networking
Practical Design Patterns in Docker Networking
Docker, Inc.
 
Automação do físico ao NetSecDevOps
Automação do físico ao NetSecDevOpsAutomação do físico ao NetSecDevOps
Automação do físico ao NetSecDevOps
Raul Leite
 
Monitoring CloudStack and components
Monitoring CloudStack and componentsMonitoring CloudStack and components
Monitoring CloudStack and components
ShapeBlue
 
Raisecom GPON Solution Training - Chapter 4 NView_V2.pptx
Raisecom GPON Solution Training - Chapter 4 NView_V2.pptxRaisecom GPON Solution Training - Chapter 4 NView_V2.pptx
Raisecom GPON Solution Training - Chapter 4 NView_V2.pptx
Jean Carlos Cruz
 
Network Automation Tools
Network Automation ToolsNetwork Automation Tools
Network Automation Tools
Edwin Beekman
 
DCHQ Cloud Application Platform | Linux Containers | Docker PaaS
DCHQ Cloud Application Platform | Linux Containers | Docker PaaSDCHQ Cloud Application Platform | Linux Containers | Docker PaaS
DCHQ Cloud Application Platform | Linux Containers | Docker PaaS
dchq
 
Altinity Cluster Manager: ClickHouse Management for Kubernetes and Cloud
Altinity Cluster Manager: ClickHouse Management for Kubernetes and CloudAltinity Cluster Manager: ClickHouse Management for Kubernetes and Cloud
Altinity Cluster Manager: ClickHouse Management for Kubernetes and Cloud
Altinity Ltd
 
Delivering Docker & K3s worloads to IoT Edge devices
Delivering Docker & K3s worloads to IoT Edge devicesDelivering Docker & K3s worloads to IoT Edge devices
Delivering Docker & K3s worloads to IoT Edge devices
Ajeet Singh Raina
 
Time Series Database and Tick Stack
Time Series Database and Tick StackTime Series Database and Tick Stack
Time Series Database and Tick Stack
Gianluca Arbezzano
 
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Scott Carlson
 
KLARNA - Language Models and Knowledge Graphs: A Systems Approach
KLARNA - Language Models and Knowledge Graphs: A Systems ApproachKLARNA - Language Models and Knowledge Graphs: A Systems Approach
KLARNA - Language Models and Knowledge Graphs: A Systems Approach
Neo4j
 
Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024
Soroosh Khodami
 

Weitere ähnliche Inhalte

Ähnlich wie vmaf deployement & upgrade for software projects

DELL (OME) Open Manage Esentials network connections (TCP/UDP ports) and fire...
DELL (OME) Open Manage Esentials network connections (TCP/UDP ports) and fire...DELL (OME) Open Manage Esentials network connections (TCP/UDP ports) and fire...
DELL (OME) Open Manage Esentials network connections (TCP/UDP ports) and fire...
David Pasek
 
Next Generation Address Management with VitalQIP - Alcatel-Lucent and Perficient
Next Generation Address Management with VitalQIP - Alcatel-Lucent and PerficientNext Generation Address Management with VitalQIP - Alcatel-Lucent and Perficient
Next Generation Address Management with VitalQIP - Alcatel-Lucent and Perficient
Perficient, Inc.
 

Ähnlich wie vmaf deployement & upgrade for software projects (20)

Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric Overview
 
Vsc 71-se-presentation-training
Vsc 71-se-presentation-trainingVsc 71-se-presentation-training
Vsc 71-se-presentation-training
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetes
 
Cozystack: Free PaaS platform and framework for building clouds
Cozystack: Free PaaS platform and framework for building cloudsCozystack: Free PaaS platform and framework for building clouds
Cozystack: Free PaaS platform and framework for building clouds
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting Techniques
 
DELL (OME) Open Manage Esentials network connections (TCP/UDP ports) and fire...
DELL (OME) Open Manage Esentials network connections (TCP/UDP ports) and fire...DELL (OME) Open Manage Esentials network connections (TCP/UDP ports) and fire...
DELL (OME) Open Manage Esentials network connections (TCP/UDP ports) and fire...
 
Next Generation Address Management with VitalQIP - Alcatel-Lucent and Perficient
Next Generation Address Management with VitalQIP - Alcatel-Lucent and PerficientNext Generation Address Management with VitalQIP - Alcatel-Lucent and Perficient
Next Generation Address Management with VitalQIP - Alcatel-Lucent and Perficient
 
The state of the swarm
The state of the swarmThe state of the swarm
The state of the swarm
 
kubernetes for beginners
kubernetes for beginnerskubernetes for beginners
kubernetes for beginners
 
Canary deployment with Traefik and K3S
Canary deployment with Traefik and K3SCanary deployment with Traefik and K3S
Canary deployment with Traefik and K3S
 
Practical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingPractical Design Patterns in Docker Networking
Practical Design Patterns in Docker Networking
 
Automação do físico ao NetSecDevOps
Automação do físico ao NetSecDevOpsAutomação do físico ao NetSecDevOps
Automação do físico ao NetSecDevOps
 
Monitoring CloudStack and components
Monitoring CloudStack and componentsMonitoring CloudStack and components
Monitoring CloudStack and components
 
Raisecom GPON Solution Training - Chapter 4 NView_V2.pptx
Raisecom GPON Solution Training - Chapter 4 NView_V2.pptxRaisecom GPON Solution Training - Chapter 4 NView_V2.pptx
Raisecom GPON Solution Training - Chapter 4 NView_V2.pptx
 
Network Automation Tools
Network Automation ToolsNetwork Automation Tools
Network Automation Tools
 
DCHQ Cloud Application Platform | Linux Containers | Docker PaaS
DCHQ Cloud Application Platform | Linux Containers | Docker PaaSDCHQ Cloud Application Platform | Linux Containers | Docker PaaS
DCHQ Cloud Application Platform | Linux Containers | Docker PaaS
 
Altinity Cluster Manager: ClickHouse Management for Kubernetes and Cloud
Altinity Cluster Manager: ClickHouse Management for Kubernetes and CloudAltinity Cluster Manager: ClickHouse Management for Kubernetes and Cloud
Altinity Cluster Manager: ClickHouse Management for Kubernetes and Cloud
 
Delivering Docker & K3s worloads to IoT Edge devices
Delivering Docker & K3s worloads to IoT Edge devicesDelivering Docker & K3s worloads to IoT Edge devices
Delivering Docker & K3s worloads to IoT Edge devices
 
Time Series Database and Tick Stack
Time Series Database and Tick StackTime Series Database and Tick Stack
Time Series Database and Tick Stack
 
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
 

Kürzlich hochgeladen

Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Andrea Goulet
 
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi.pdf
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi.pdfStrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi.pdf
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi.pdf
steffenkarlsson2
 
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdfMastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
mbmh111980
 
AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...
AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...
AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...
Alluxio, Inc.
 
JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)
Max Lee
 
AI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in Michelangelo
Alluxio, Inc.
 
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
Alluxio, Inc.
 
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Gáspár Nagy
 

Kürzlich hochgeladen (20)

KLARNA - Language Models and Knowledge Graphs: A Systems Approach
KLARNA - Language Models and Knowledge Graphs: A Systems ApproachKLARNA - Language Models and Knowledge Graphs: A Systems Approach
KLARNA - Language Models and Knowledge Graphs: A Systems Approach
 
Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024
 
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
 
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
 
5 Reasons Driving Warehouse Management Systems Demand
5 Reasons Driving Warehouse Management Systems Demand5 Reasons Driving Warehouse Management Systems Demand
5 Reasons Driving Warehouse Management Systems Demand
 
How to install and activate eGrabber JobGrabber
How to install and activate eGrabber JobGrabberHow to install and activate eGrabber JobGrabber
How to install and activate eGrabber JobGrabber
 
The Impact of PLM Software on Fashion Production
The Impact of PLM Software on Fashion ProductionThe Impact of PLM Software on Fashion Production
The Impact of PLM Software on Fashion Production
 
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi.pdf
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi.pdfStrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi.pdf
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi.pdf
 
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdf
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdfImplementing KPIs and Right Metrics for Agile Delivery Teams.pdf
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdf
 
Crafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM IntegrationCrafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM Integration
 
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdfMastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
 
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
 
AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...
AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...
AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...
 
AI/ML Infra Meetup | Perspective on Deep Learning Framework
AI/ML Infra Meetup | Perspective on Deep Learning FrameworkAI/ML Infra Meetup | Perspective on Deep Learning Framework
AI/ML Infra Meetup | Perspective on Deep Learning Framework
 
JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)
 
AI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in Michelangelo
 
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
 
A Guideline to Zendesk to Re:amaze Data Migration
A Guideline to Zendesk to Re:amaze Data MigrationA Guideline to Zendesk to Re:amaze Data Migration
A Guideline to Zendesk to Re:amaze Data Migration
 
CompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdfCompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdf
 
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
 

vmaf deployement & upgrade for software projects

  • 1. lundi 13 mars 2023 VMAF DEPLOYMENT & UPGRADE Thierry GAYET
  • 2.  Because the VMAF server will need to de deployed to bytel, the question on how NN6 will deliver the firmware is now an actual question.  In order to not be too specific to TESTTREE, a thinking have been done in order to see how server may be install or upgraded by using generic and common way to proceed. GOAL / INTRODUCTION 2
  • 4. VMAF – ARCH. 4 STREAMPROBE Rabbit MQ VMAF Pool of vmaf ip address (scalling) HTTPS REST API + OAUTH2 PROTOCOL : HTTPS IPV4(s) PORTS OAUTH2 TOKEN IPV4 PORT USERNAME PASSWORD QUEUE_NAME
  • 5.  The streamprobe gray interface manage :  Database (mariadb start/stop, reset db  Network (ip interfaces, DNS, NTP  Security (iptables, ldaps, fail2ban, rsyslog)  Storage (fstab, create partition, format, LUKS encryption)  Upgrade  Boot  Actions (reboot,shutdown, hardware inventory STREAMPROBE’S BUILDROOT 5
  • 6.  The VMAF appliance should not be specific to testtree bu must be usable by any project  That’s why the vmaf appliance has been designed with standard interfaces :  A standard REST API for commands/ input request  A common message broker (rabbitMQ) for responses GOAL 6
  • 11. NEW APPROACH FOR UPGRADING
  • 12. 12 INTERNET CUSTOMER NOSQL DB BACKEND FRONTEND / GUI DOCKER REGISTRY PACKAGE REGISTRY LICENCE REGISTRY PRODUCTION INTEGRATION DEVELOPMENT NN6 NETWORK MQTT MQTT CLIENT GITLAB-CI/CD
  • 13.  A customer :  View all of his devices with their version and licence  View all release in relation of the devices  Can synchronise upgrade items with the cutomer upgrade appliance  Can download upgrade items within a pgp encrypted archive  Can launch an upgrade process from the main ui to the customer’s site  NN6 team :  View all device with their current release  Locate all customer on a worldmap  Investigate on equipment using encrypted vpn (over a ssl tummel) REQUIREMENTS 13
  • 14. 14 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND FRONTEND / GUI NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) UPGRADE APPLIANCE
  • 16.  Streamprobe  Baremetal  Native BIOS : boot from usb key generated from the img  Idrack (DELL) : using the img key  Ipmi (SUPERMICRO) : boot from usb key generated from the img  VMWARE ESXI  Ova image  Mediacast  Baremetal (supermicro)  VMWARE ESXI  Boot from an ISO image then launch an installer that register RPMS Inventory of the way to install (1/2) 16
  • 17.  Smartgate vt / vt2  Baremetal :  Boot from ISO image then install docker (docker swarm orchestrator)  VMWARE ESXI  Boot from ISO image then install packages  eBox (medicast Mobile + lte gcsas server)  Fedora image install manually then install qemu images (gcow2) Inventory of the way to install (2/2) 17
  • 18.  Which ALMA release V8 or v9 ?  Using an ISO image burn on an USB key, or directly the ISO image (http://mirror.almalinux.ikoula.com/9.2/isos/x86_64/)  Compatible with:  VMWARE ESXI  BAREMETAL  IDRACK (DELL)  IPMI (SUPERMICRO) ALMA 18
  • 19.  May use ALMA linux but we require ALPINE as possible  Does not need any base install  HELM/CHARTs is the best deployment method to push docker container and/or services K8S 19
  • 21.  A customer may :  Have several location with UPGRADE APPLIANCE  Inventory all local appliance (by type/release)  Thus, upgrade may control several point through MQTT connexion Requrements 21
  • 22. 22 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) FRONTEND / GUI UPGRADE APPLIANCE Licence push Architecture based on an ALMA OS Architecture based on an ALMA OS ALMA OS
  • 23. 23 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) FRONTEND / GUI UPGRADE APPLIANCE Licence push Architecture based on Kubernetes (K8S) K8S
  • 24. Upgrade for customer network connected to Internet (ONLINE)
  • 25. 25 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 0. At the very beginning the customer network (DMZ) subscribe to the MQTT FRONTEND / GUI UPGRADE APPLIANCE Licence push
  • 26. 26 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 1. A new firwmare is released officially, an email may be sent to the customer by the backend FRONTEND / GUI UPGRADE APPLIANCE Licence push
  • 27. 27 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND FRONTEND / GUI NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 2. The backend will detect a new release for a customer devices and send an email may be sent to the customer by the backend UPGRADE APPLIANCE Licence push
  • 28. 28 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND FRONTEND / GUI NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 3. Now, the customer check his dashboard of all its devices and the release note and can decide which on to upgrade (just on, a subset or all) UPGRADE APPLIANCE Licence push
  • 29. 29 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 5. A message is sent to the upgrade appliance by sending a message throught MQTT. FRONTEND / GUI UPGRADE APPLIANCE Licence push
  • 30. 30 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 6. A synchronisation is done to get the new firmware (docker, package, licences, … ) FRONTEND / GUI UPGRADE APPLIANCE Licence push
  • 31. 31 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 7. Finaly the upgrade appliance upgrade all devices (by set, not all in the same time), then send a feedback over MQTT to NN6 (for the support team). FRONTEND / GUI UPGRADE APPLIANCE Licence push
  • 32. Upgrade for customer network not connected to Internet (OFFLINE)
  • 33. 33 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Docker push https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 1. A new firwmare is released officially, an email may be sent to the customer by the backend FRONTEND / GUI UPGRADE APPLIANCE
  • 34. 34 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Docker push https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 2. The backend will detect a new release for a customer devices and send an email may be sent to the customer by the backend FRONTEND / GUI UPGRADE APPLIANCE Licence push
  • 35. 35 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Docker push https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND FRONTEND / GUI NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 3. Now, the customer check his dashboard of all its devices and the release note and can decide which on to upgrade (just on, a subset or all) UPGRADE APPLIANCE Licence push
  • 36. 36 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Docker push https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 4. An encrypted (pgp) tarball is now downloaded PGP TARBALL download ENCRYPTED TARBALL (static update) Generate FRONTEND / GUI UPGRADE APPLIANCE Licence push
  • 37. 37 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Docker push https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) ENCRYPTED TARBALL (static update) FRONTEND / GUI UPGRADE APPLIANCE Licence push 5. Now the cutomer can upload the encrypted (pgp) tarball that contains all update for the customer’s devices. Upload
  • 38. 38 SECURED NETWORK DMZ INTERNET NN6 NETWORK DOCKER REGISTRY (CUSTOMER) UPGRADE BACKEND • HELM / CHART • PROVISIONNING (ANSIBLE, SALT STACK, … ) • … …. manual deploy DOCKER REGISTRY (PROD) MQTT broker MQTT CLIENT registry monitoring Manual/auto docker sync Docker push (subscribe) (publish) https://mqtt.enensys.com dockerregistry.enensys.com CUSTOMER NETWORK BACKEND NOSQL DB https://dashboard.enensys.com MQTT CLIENT PACKAGE REGISTRY (PROD) DOCKER REGISTRY (CUSTOMER) Package push packerregistry.enensys.com LOCAL GUI LICENCE REGISTRY lm.enensys.com LICENCE CUSTOMER) 6. Finaly the upgrade appliance upgrade all devices (by set, not all in the same time) ; it may be interesting to got a feedback on the serveur upgraded ! FRONTEND / GUI UPGRADE APPLIANCE Licence push
  • 39. ENENSYS 4A rue des Buttes CS 37734 35 577 Cesson-Sévigné – France Phone (+33) 1 70 72 51 70 Email contact@test-tree.com www.enensys.com 39