SlideShare a Scribd company logo

Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in Puppet - PuppetConf 2014

Puppet
Puppet

The document discusses managing trusted instances in the cloud. It outlines the problem of verifying instances provisioned in the cloud are legitimate. It then provides an overview of a solution where instances generate certificate signing requests with metadata upon launch, and a puppetmaster signs the requests after verifying the instance information with the cloud provider API. Signed certificates are returned to the instances containing the metadata, allowing the instances to be identified and classified in puppet configurations.

Technology
1 of 27
Download to read offline
2014 Presented by Cloudy with a chance of Fireballs Managing Trusted Instances in the Cloud ! ! ! ! eric sorenson eric.sorenson@puppetlabs.com
Presented by What’s the problem? Why you might care End to End Overview Walkthrough w/ AWS Related work
Presented by What's the problem?
Presented by What’s the REAL problem?
Presented by
Presented by Why you might care
Presented by
Presented by
Presented by
Presented by
Presented by +-------------------------------+ +-----------+ | | | | | Amazon EC2 API <--------+provisioner| +---------------------^---------+ +-----------+ | | +-------+ +------+---------+ | | | | | node1 +------> puppetmaster | +-------+ +----------------+ ! ! Follow along at home: https://github.com/ahpook/mrzarquon-certsigner/tree/eric0-wip
Presented by ! +----------------------------+ Prerequisites: |                            |      - Puppetmaster w/IAM credentials |  Amazon EC2 API            | <--+  and autosign policy configured |                            |       | | - AMI with user-data install or +----------------------------+ preloaded agent+ec2-utils, IAM policy permitting query tags !
Presented by { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1411031868000", "Effect": "Allow", "Action": [ "ec2:DescribeTags" ], "Resource": [ "*" ] } ] }
Presented by +----------------------------+ | | | Amazon EC2 API | | | +------^---------------------+ | +------+------+ | | Your provisioning node requests | Provisioner | <-------+ some new instances using that image, | | tagging them w/ role: 'webserver' +-------------+
Presented by [vagrant@deglitch ~]$ puppet node_aws --trace --debug create -i ami-37713107 --region=us-west-2 --instance-tags=role=webserver --type=t1.micro --keyname=certsigner --security-group=webservers Debug: Runtime environment: puppet_version=3.6.2 (Puppet Enterprise 3.4.0-rc1-790-gf96f634), ruby_version=1.9.3, run_mode=user, default_encoding=UTF-8 Info: Connecting to AWS us-west-2 ... Done Info: Instance Type: t1.micro Notice: Creating new instance ... Done Info: Instance identifier: i-abc8f0a6 Notice: Creating tags for instance ... Info: Creating tag for Created-By ... Done Info: Creating tag for role ... Done Notice: Creating tags for instance ... Done Notice: Launching server i-abc8f0a6 ... ##### Notice: Server i-abc8f0a6 is now launched Notice: Server i-abc8f0a6 public dns name: ec2-54-68-132-30.us-west-2.compute.amazonaws.com
Presented by +---------------------------------+ | | | Amazon EC2 + using your image | | | EC2 builds your instances, +----+-----------+-----------+----+ running the user-data script | | | which drops instance-specific | | | metadata into csr_attributes.yaml +---v---+ +---v---+ +---v---+ + | | | | | | | | node1 | | node2 | | node3 | <----------------+ +-------+ +-------+ +-------+
Presented by
Presented by
Presented by +-------------------------------+ | | Each node generates a CSR which | Amazon EC2 API | embeds the metadata as requested +---------------------^---------+ attributes and submits it to the | puppetmaster, which checks the | instance-ID against EC2 to verify +-------+ +------+---------+ it came from a valid instance. | | | | | node1 +------> puppetmaster | +-------+ +----------------+
Presented by +-------------------------------+ | | If the API is OK, the puppetmaster | Amazon EC2 API | signs the CSR, moving the tags, +---------------------+---------+ instance-id and any other metadata in | whitelisted extension requests | inside the signed certificate. The +-------+ +------v---------+ signed cert is retrieved by the node | | | | and normal Puppet runs can begin. | node1 <------+ puppetmaster | +-------+ +----------------+
Presented by openssl x509 -noout -text -in /var/lib/puppet/ssl/ca/signed/i-f3cef5fe.pem [ ... tons of crap trimmed ... ] X509v3 extensions: Netscape Comment: Puppet Ruby/OpenSSL Internal Certificate 1.3.6.1.4.1.34380.1.1.5: webserver 1.3.6.1.4.1.34380.1.1.3: ami-37713107 1.3.6.1.4.1.34380.1.1.2: i-f3cef5fe
Presented by ! +-------+ +----------------+ When the node checks in, the extensions | | | | will be available under the '$trusted' | node1 +----> puppetmaster | top-scope hash for classification, +-------+ +----------------+ manifests, etc. ! # puppet.conf [master] trusted_node_data = true immutable_node_data = true !
Presented by ## site.pp node default { notify { "trusted_data": message => inline_template("<%= scope.lookupvar('trusted').inspect %>") } } ! ## agent output Notice: /Stage[main]/Main/Node[default]/Notify[trusted_data]/message: defined 'message' as ' {"certname"=>"i-f3cef5fe", "authenticated"=>"remote", "extensions"=>{"pp_instance_id"=>"i-f3cef5fe", "pp_image_name"=>"ami-37713107", "1.3.6.1.4.1.34380.1.1.5"=>"webserver"}}'
Presented by Related and future work ! Signing policy for AWS: mrzarquon-certsigner Signing policy for GCE: puppetlabs-gce_compute Signing policy for in-house CMDBs? Puppet Enterprise Node Manager
Presented by
Presented by
Presented by Photo/Link Credits CERN - http://www.slideshare.net/gmccance/cern-data-centre-evolution Google maps screenshot of Apple Data Center - fair use, with attribution inline Imagery (c) 2014 Google NSA HQ, fort meade - "National Security Agency headquarters, Fort Meade, Maryland" by Unknown - http:// www.nsa.gov/about/photo_gallery/gallery.shtml. Licensed under Public domain via Wikimedia Commons - http:// commons.wikimedia.org/wiki/File:National_Security_Agency_headquarters,_Fort_Meade,_Maryland.jpg#mediaviewer/ File:National_Security_Agency_headquarters,_Fort_Meade,_Maryland.jpg Bitcoin mining rigs from buttcoin.org http://buttcoin.org/mining-rigs-3 “Cloud City at Sunset” http://balsavor.deviantart.com/art/The-Falcon-escapes-Cloud-city-143511722 han and Lando Mario Fireball - from http://www.giantbomb.com/fireball/3055-120/ © Yorkberlin | Dreamstime.com - Sorceress With Fireball Photo

Recommended

Puppet Camp DC 2014: Keynote
Puppet Camp DC 2014: KeynotePuppet Camp DC 2014: Keynote
Puppet Camp DC 2014: KeynotePuppet
 
Managing Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with AnsibleManaging Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with Ansiblefmaccioni
 
Cloudinit
CloudinitCloudinit
Cloudinitsriram_rajan
 
Network Automation with Ansible
Network Automation with AnsibleNetwork Automation with Ansible
Network Automation with AnsibleAnas
 
Red Hat Forum Tokyo - OpenStack Architecture
Red Hat Forum Tokyo - OpenStack ArchitectureRed Hat Forum Tokyo - OpenStack Architecture
Red Hat Forum Tokyo - OpenStack ArchitectureDan Radez
 
CloudOps CloudStack Days, Austin April 2015
CloudOps CloudStack Days, Austin April 2015CloudOps CloudStack Days, Austin April 2015
CloudOps CloudStack Days, Austin April 2015CloudOps2005
 
Puppet Camp Charlotte 2015: Exporting Resources: There and Back Again
Puppet Camp Charlotte 2015: Exporting Resources: There and Back AgainPuppet Camp Charlotte 2015: Exporting Resources: There and Back Again
Puppet Camp Charlotte 2015: Exporting Resources: There and Back AgainPuppet
 
Deployment with Fabric
Deployment with FabricDeployment with Fabric
Deployment with Fabricandymccurdy
 

Recommended

Puppet Camp DC 2014: Keynote
Puppet Camp DC 2014: KeynotePuppet Camp DC 2014: Keynote
Puppet Camp DC 2014: KeynotePuppet
 
Managing Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with AnsibleManaging Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with Ansiblefmaccioni
 
Cloudinit
CloudinitCloudinit
Cloudinitsriram_rajan
 
Network Automation with Ansible
Network Automation with AnsibleNetwork Automation with Ansible
Network Automation with AnsibleAnas
 
Red Hat Forum Tokyo - OpenStack Architecture
Red Hat Forum Tokyo - OpenStack ArchitectureRed Hat Forum Tokyo - OpenStack Architecture
Red Hat Forum Tokyo - OpenStack ArchitectureDan Radez
 
CloudOps CloudStack Days, Austin April 2015
CloudOps CloudStack Days, Austin April 2015CloudOps CloudStack Days, Austin April 2015
CloudOps CloudStack Days, Austin April 2015CloudOps2005
 
Puppet Camp Charlotte 2015: Exporting Resources: There and Back Again
Puppet Camp Charlotte 2015: Exporting Resources: There and Back AgainPuppet Camp Charlotte 2015: Exporting Resources: There and Back Again
Puppet Camp Charlotte 2015: Exporting Resources: There and Back AgainPuppet
 
Deployment with Fabric
Deployment with FabricDeployment with Fabric
Deployment with Fabricandymccurdy
 
Ansible
AnsibleAnsible
AnsibleRaul Leite
 
EKS에서 Opentelemetry로 코드실행 모니터링하기 - 신재현 (인덴트코퍼레이션) :: AWS Community Day Online...
EKS에서 Opentelemetry로 코드실행 모니터링하기 - 신재현 (인덴트코퍼레이션) :: AWS Community Day Online...EKS에서 Opentelemetry로 코드실행 모니터링하기 - 신재현 (인덴트코퍼레이션) :: AWS Community Day Online...
EKS에서 Opentelemetry로 코드실행 모니터링하기 - 신재현 (인덴트코퍼레이션) :: AWS Community Day Online...AWSKRUG - AWS한국사용자모임
 
Configuration management and deployment with ansible
Configuration management and deployment with ansibleConfiguration management and deployment with ansible
Configuration management and deployment with ansibleIvan Dimitrov
 
Cloud init and cloud provisioning [openstack summit vancouver]
Cloud init and cloud provisioning [openstack summit vancouver]Cloud init and cloud provisioning [openstack summit vancouver]
Cloud init and cloud provisioning [openstack summit vancouver]Joshua Harlow
 
Ansible Automation - Enterprise Use Cases | Juncheng Anthony Lin
Ansible Automation - Enterprise Use Cases | Juncheng Anthony LinAnsible Automation - Enterprise Use Cases | Juncheng Anthony Lin
Ansible Automation - Enterprise Use Cases | Juncheng Anthony LinVietnam Open Infrastructure User Group
 
Ansible best practices
Ansible best practicesAnsible best practices
Ansible best practicesStephaneFlotat1
 
Automation with Packer and TerraForm
Automation with Packer and TerraFormAutomation with Packer and TerraForm
Automation with Packer and TerraFormWesley Charles Blake
 
Create Development and Production Environments with Vagrant
Create Development and Production Environments with VagrantCreate Development and Production Environments with Vagrant
Create Development and Production Environments with VagrantBrian Hogan
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with AnsibleRayed Alrashed
 
Creating and Deploying Static Sites with Hugo
Creating and Deploying Static Sites with HugoCreating and Deploying Static Sites with Hugo
Creating and Deploying Static Sites with HugoBrian Hogan
 
Webinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and moreWebinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and morepanagenda
 
ansible why ?
ansible why ?ansible why ?
ansible why ?Yashar Esmaildokht
 
Tips for a Faster Website
Tips for a Faster WebsiteTips for a Faster Website
Tips for a Faster WebsiteRayed Alrashed
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleDharmit Shah
 
fog or: How I Learned to Stop Worrying and Love the Cloud
fog or: How I Learned to Stop Worrying and Love the Cloudfog or: How I Learned to Stop Worrying and Love the Cloud
fog or: How I Learned to Stop Worrying and Love the CloudWesley Beary
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationJohn Lynch
 
CloudInit Introduction
CloudInit IntroductionCloudInit Introduction
CloudInit IntroductionPublicis Sapient Engineering
 
Ansible Introduction - Ansible Brno #1 - David Karban
Ansible Introduction - Ansible Brno #1 - David KarbanAnsible Introduction - Ansible Brno #1 - David Karban
Ansible Introduction - Ansible Brno #1 - David Karbanansiblebrno
 
Puppet Camp New York Keynote
Puppet Camp New York KeynotePuppet Camp New York Keynote
Puppet Camp New York KeynotePuppet
 
Set up Hadoop Cluster on Amazon EC2
Set up Hadoop Cluster on Amazon EC2Set up Hadoop Cluster on Amazon EC2
Set up Hadoop Cluster on Amazon EC2IMC Institute
 
Puppet Camp DC: Puppet for Everybody
Puppet Camp DC: Puppet for EverybodyPuppet Camp DC: Puppet for Everybody
Puppet Camp DC: Puppet for EverybodyPuppet
 
What's New in Puppet Enterprise 2016.5
What's New in Puppet Enterprise 2016.5What's New in Puppet Enterprise 2016.5
What's New in Puppet Enterprise 2016.5Puppet
 

More Related Content

What's hot

EKS에서 Opentelemetry로 코드실행 모니터링하기 - 신재현 (인덴트코퍼레이션) :: AWS Community Day Online...
EKS에서 Opentelemetry로 코드실행 모니터링하기 - 신재현 (인덴트코퍼레이션) :: AWS Community Day Online...EKS에서 Opentelemetry로 코드실행 모니터링하기 - 신재현 (인덴트코퍼레이션) :: AWS Community Day Online...
EKS에서 Opentelemetry로 코드실행 모니터링하기 - 신재현 (인덴트코퍼레이션) :: AWS Community Day Online...AWSKRUG - AWS한국사용자모임
 
Configuration management and deployment with ansible
Configuration management and deployment with ansibleConfiguration management and deployment with ansible
Configuration management and deployment with ansibleIvan Dimitrov
 
Cloud init and cloud provisioning [openstack summit vancouver]
Cloud init and cloud provisioning [openstack summit vancouver]Cloud init and cloud provisioning [openstack summit vancouver]
Cloud init and cloud provisioning [openstack summit vancouver]Joshua Harlow
 
Automation with Packer and TerraForm
Automation with Packer and TerraFormAutomation with Packer and TerraForm
Automation with Packer and TerraFormWesley Charles Blake
 
Create Development and Production Environments with Vagrant
Create Development and Production Environments with VagrantCreate Development and Production Environments with Vagrant
Create Development and Production Environments with VagrantBrian Hogan
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with AnsibleRayed Alrashed
 
Creating and Deploying Static Sites with Hugo
Creating and Deploying Static Sites with HugoCreating and Deploying Static Sites with Hugo
Creating and Deploying Static Sites with HugoBrian Hogan
 
Webinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and moreWebinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and morepanagenda
 
Tips for a Faster Website
Tips for a Faster WebsiteTips for a Faster Website
Tips for a Faster WebsiteRayed Alrashed
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleDharmit Shah
 
fog or: How I Learned to Stop Worrying and Love the Cloud
fog or: How I Learned to Stop Worrying and Love the Cloudfog or: How I Learned to Stop Worrying and Love the Cloud
fog or: How I Learned to Stop Worrying and Love the CloudWesley Beary
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationJohn Lynch
 
Ansible Introduction - Ansible Brno #1 - David Karban
Ansible Introduction - Ansible Brno #1 - David KarbanAnsible Introduction - Ansible Brno #1 - David Karban
Ansible Introduction - Ansible Brno #1 - David Karbanansiblebrno
 
Puppet Camp New York Keynote
Puppet Camp New York KeynotePuppet Camp New York Keynote
Puppet Camp New York KeynotePuppet
 
Set up Hadoop Cluster on Amazon EC2
Set up Hadoop Cluster on Amazon EC2Set up Hadoop Cluster on Amazon EC2
Set up Hadoop Cluster on Amazon EC2IMC Institute
 

What's hot (20)

Ansible
AnsibleAnsible
Ansible
 
EKS에서 Opentelemetry로 코드실행 모니터링하기 - 신재현 (인덴트코퍼레이션) :: AWS Community Day Online...
EKS에서 Opentelemetry로 코드실행 모니터링하기 - 신재현 (인덴트코퍼레이션) :: AWS Community Day Online...EKS에서 Opentelemetry로 코드실행 모니터링하기 - 신재현 (인덴트코퍼레이션) :: AWS Community Day Online...
EKS에서 Opentelemetry로 코드실행 모니터링하기 - 신재현 (인덴트코퍼레이션) :: AWS Community Day Online...
 
Configuration management and deployment with ansible
Configuration management and deployment with ansibleConfiguration management and deployment with ansible
Configuration management and deployment with ansible
 
Cloud init and cloud provisioning [openstack summit vancouver]
Cloud init and cloud provisioning [openstack summit vancouver]Cloud init and cloud provisioning [openstack summit vancouver]
Cloud init and cloud provisioning [openstack summit vancouver]
 
Ansible Automation - Enterprise Use Cases | Juncheng Anthony Lin
Ansible Automation - Enterprise Use Cases | Juncheng Anthony LinAnsible Automation - Enterprise Use Cases | Juncheng Anthony Lin
Ansible Automation - Enterprise Use Cases | Juncheng Anthony Lin
 
Ansible best practices
Ansible best practicesAnsible best practices
Ansible best practices
 
Automation with Packer and TerraForm
Automation with Packer and TerraFormAutomation with Packer and TerraForm
Automation with Packer and TerraForm
 
Create Development and Production Environments with Vagrant
Create Development and Production Environments with VagrantCreate Development and Production Environments with Vagrant
Create Development and Production Environments with Vagrant
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with Ansible
 
Creating and Deploying Static Sites with Hugo
Creating and Deploying Static Sites with HugoCreating and Deploying Static Sites with Hugo
Creating and Deploying Static Sites with Hugo
 
Webinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and moreWebinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and more
 
ansible why ?
ansible why ?ansible why ?
ansible why ?
 
Tips for a Faster Website
Tips for a Faster WebsiteTips for a Faster Website
Tips for a Faster Website
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansible
 
fog or: How I Learned to Stop Worrying and Love the Cloud
fog or: How I Learned to Stop Worrying and Love the Cloudfog or: How I Learned to Stop Worrying and Love the Cloud
fog or: How I Learned to Stop Worrying and Love the Cloud
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentation
 
CloudInit Introduction
CloudInit IntroductionCloudInit Introduction
CloudInit Introduction
 
Ansible Introduction - Ansible Brno #1 - David Karban
Ansible Introduction - Ansible Brno #1 - David KarbanAnsible Introduction - Ansible Brno #1 - David Karban
Ansible Introduction - Ansible Brno #1 - David Karban
 
Puppet Camp New York Keynote
Puppet Camp New York KeynotePuppet Camp New York Keynote
Puppet Camp New York Keynote
 
Set up Hadoop Cluster on Amazon EC2
Set up Hadoop Cluster on Amazon EC2Set up Hadoop Cluster on Amazon EC2
Set up Hadoop Cluster on Amazon EC2
 

Viewers also liked

Puppet Camp DC: Puppet for Everybody
Puppet Camp DC: Puppet for EverybodyPuppet Camp DC: Puppet for Everybody
Puppet Camp DC: Puppet for EverybodyPuppet
 
What's New in Puppet Enterprise 2016.5
What's New in Puppet Enterprise 2016.5What's New in Puppet Enterprise 2016.5
What's New in Puppet Enterprise 2016.5Puppet
 
Network Automation at Shapeways
Network Automation at ShapewaysNetwork Automation at Shapeways
Network Automation at ShapewaysPuppet
 
Introduction to Puppet Enterprise 2016.5
Introduction to Puppet Enterprise 2016.5Introduction to Puppet Enterprise 2016.5
Introduction to Puppet Enterprise 2016.5Puppet
 
Introduction to Puppet Enterprise 2016.5
Introduction to Puppet Enterprise 2016.5Introduction to Puppet Enterprise 2016.5
Introduction to Puppet Enterprise 2016.5Puppet
 
Introduction to Puppet Enterprise 2016.5
Introduction to Puppet Enterprise 2016.5Introduction to Puppet Enterprise 2016.5
Introduction to Puppet Enterprise 2016.5Puppet
 
Introduction to Puppet Enterprise
Introduction to Puppet EnterpriseIntroduction to Puppet Enterprise
Introduction to Puppet EnterprisePuppet
 

Viewers also liked (7)

Puppet Camp DC: Puppet for Everybody
Puppet Camp DC: Puppet for EverybodyPuppet Camp DC: Puppet for Everybody
Puppet Camp DC: Puppet for Everybody
 
What's New in Puppet Enterprise 2016.5
What's New in Puppet Enterprise 2016.5What's New in Puppet Enterprise 2016.5
What's New in Puppet Enterprise 2016.5
 
Network Automation at Shapeways
Network Automation at ShapewaysNetwork Automation at Shapeways
Network Automation at Shapeways
 
Introduction to Puppet Enterprise 2016.5
Introduction to Puppet Enterprise 2016.5Introduction to Puppet Enterprise 2016.5
Introduction to Puppet Enterprise 2016.5
 
Introduction to Puppet Enterprise 2016.5
Introduction to Puppet Enterprise 2016.5Introduction to Puppet Enterprise 2016.5
Introduction to Puppet Enterprise 2016.5
 
Introduction to Puppet Enterprise 2016.5
Introduction to Puppet Enterprise 2016.5Introduction to Puppet Enterprise 2016.5
Introduction to Puppet Enterprise 2016.5
 
Introduction to Puppet Enterprise
Introduction to Puppet EnterpriseIntroduction to Puppet Enterprise
Introduction to Puppet Enterprise
 

Similar to Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in Puppet - PuppetConf 2014

CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster
CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster
CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster Shaun Domingo
 
How to build and run oci containers
How to build and run oci containersHow to build and run oci containers
How to build and run oci containersSpyros Trigazis
 
Kickstat File_Draft_ESXI5.1_Template
Kickstat File_Draft_ESXI5.1_TemplateKickstat File_Draft_ESXI5.1_Template
Kickstat File_Draft_ESXI5.1_TemplateLuca Viscomi
 
Couch to OpenStack: Glance - July, 23, 2013
Couch to OpenStack: Glance - July, 23, 2013Couch to OpenStack: Glance - July, 23, 2013
Couch to OpenStack: Glance - July, 23, 2013Trevor Roberts Jr.
 
Spring MVC - The Basics
Spring MVC - The BasicsSpring MVC - The Basics
Spring MVC - The BasicsIlio Catallo
 
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...Redis Labs
 
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법Open Source Consulting
 
IP Addresses
IP AddressesIP Addresses
IP Addressesadil raja
 
Couch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean Winn
Couch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean WinnCouch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean Winn
Couch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean WinnTrevor Roberts Jr.
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlOAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlMaarten Balliauw
 
VMworld 2013: The Story Behind Designing and Building a Distributed Automatio...
VMworld 2013: The Story Behind Designing and Building a Distributed Automatio...VMworld 2013: The Story Behind Designing and Building a Distributed Automatio...
VMworld 2013: The Story Behind Designing and Building a Distributed Automatio...VMworld
 
Couch to OpenStack: Nova - July, 30, 2013
Couch to OpenStack: Nova - July, 30, 2013Couch to OpenStack: Nova - July, 30, 2013
Couch to OpenStack: Nova - July, 30, 2013Trevor Roberts Jr.
 
IxVM on CML
IxVM on CMLIxVM on CML
IxVM on CMLnpsg
 
Fosscon 2012 firewall workshop
Fosscon 2012 firewall workshopFosscon 2012 firewall workshop
Fosscon 2012 firewall workshopjvehent
 
MySQL 5.7 innodb_enhance_partii_20160527
MySQL 5.7 innodb_enhance_partii_20160527MySQL 5.7 innodb_enhance_partii_20160527
MySQL 5.7 innodb_enhance_partii_20160527Saewoong Lee
 
(NET301) New Capabilities for Amazon Virtual Private Cloud
(NET301) New Capabilities for Amazon Virtual Private Cloud(NET301) New Capabilities for Amazon Virtual Private Cloud
(NET301) New Capabilities for Amazon Virtual Private CloudAmazon Web Services
 
AWS ground zero; EC2 & S3 hands-on
AWS ground zero; EC2 & S3 hands-onAWS ground zero; EC2 & S3 hands-on
AWS ground zero; EC2 & S3 hands-onVitor Domingos
 

Similar to Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in Puppet - PuppetConf 2014 (20)

CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster
CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster
CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster
 
How to build and run oci containers
How to build and run oci containersHow to build and run oci containers
How to build and run oci containers
 
Kickstat File_Draft_ESXI5.1_Template
Kickstat File_Draft_ESXI5.1_TemplateKickstat File_Draft_ESXI5.1_Template
Kickstat File_Draft_ESXI5.1_Template
 
Couch to OpenStack: Glance - July, 23, 2013
Couch to OpenStack: Glance - July, 23, 2013Couch to OpenStack: Glance - July, 23, 2013
Couch to OpenStack: Glance - July, 23, 2013
 
Development Workflows on AWS
Development Workflows on AWSDevelopment Workflows on AWS
Development Workflows on AWS
 
Spring MVC - The Basics
Spring MVC - The BasicsSpring MVC - The Basics
Spring MVC - The Basics
 
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
 
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
 
IP Addresses
IP AddressesIP Addresses
IP Addresses
 
Couch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean Winn
Couch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean WinnCouch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean Winn
Couch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean Winn
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlOAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
 
VMworld 2013: The Story Behind Designing and Building a Distributed Automatio...
VMworld 2013: The Story Behind Designing and Building a Distributed Automatio...VMworld 2013: The Story Behind Designing and Building a Distributed Automatio...
VMworld 2013: The Story Behind Designing and Building a Distributed Automatio...
 
Couch to OpenStack: Nova - July, 30, 2013
Couch to OpenStack: Nova - July, 30, 2013Couch to OpenStack: Nova - July, 30, 2013
Couch to OpenStack: Nova - July, 30, 2013
 
IxVM on CML
IxVM on CMLIxVM on CML
IxVM on CML
 
EvasionTechniques
EvasionTechniquesEvasionTechniques
EvasionTechniques
 
Fosscon 2012 firewall workshop
Fosscon 2012 firewall workshopFosscon 2012 firewall workshop
Fosscon 2012 firewall workshop
 
Oreilly solinea-managing-openstack
Oreilly solinea-managing-openstackOreilly solinea-managing-openstack
Oreilly solinea-managing-openstack
 
MySQL 5.7 innodb_enhance_partii_20160527
MySQL 5.7 innodb_enhance_partii_20160527MySQL 5.7 innodb_enhance_partii_20160527
MySQL 5.7 innodb_enhance_partii_20160527
 
(NET301) New Capabilities for Amazon Virtual Private Cloud
(NET301) New Capabilities for Amazon Virtual Private Cloud(NET301) New Capabilities for Amazon Virtual Private Cloud
(NET301) New Capabilities for Amazon Virtual Private Cloud
 
AWS ground zero; EC2 & S3 hands-on
AWS ground zero; EC2 & S3 hands-onAWS ground zero; EC2 & S3 hands-on
AWS ground zero; EC2 & S3 hands-on
 

More from Puppet

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyamlPuppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)Puppet
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscodePuppet
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twentiesPuppet
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codePuppet
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approachPuppet
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationPuppet
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliancePuppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowPuppet
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Puppet
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppetPuppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping groundPuppet
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy SoftwarePuppet
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User GroupPuppet
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsPuppet
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyPuppet
 

More from Puppet (20)

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyaml
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping ground
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
 

Recently uploaded

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in Puppet - PuppetConf 2014

  • 1. 2014 Presented by Cloudy with a chance of Fireballs Managing Trusted Instances in the Cloud ! ! ! ! eric sorenson eric.sorenson@puppetlabs.com
  • 2. Presented by What’s the problem? Why you might care End to End Overview Walkthrough w/ AWS Related work
  • 6. Presented by Why you might care
  • 11. Presented by +-------------------------------+ +-----------+ | | | | | Amazon EC2 API <--------+provisioner| +---------------------^---------+ +-----------+ | | +-------+ +------+---------+ | | | | | node1 +------> puppetmaster | +-------+ +----------------+ ! ! Follow along at home: https://github.com/ahpook/mrzarquon-certsigner/tree/eric0-wip
  • 12. Presented by ! +----------------------------+ Prerequisites: |                            |      - Puppetmaster w/IAM credentials |  Amazon EC2 API            | <--+  and autosign policy configured |                            |       | | - AMI with user-data install or +----------------------------+ preloaded agent+ec2-utils, IAM policy permitting query tags !
  • 13. Presented by { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1411031868000", "Effect": "Allow", "Action": [ "ec2:DescribeTags" ], "Resource": [ "*" ] } ] }
  • 14. Presented by +----------------------------+ | | | Amazon EC2 API | | | +------^---------------------+ | +------+------+ | | Your provisioning node requests | Provisioner | <-------+ some new instances using that image, | | tagging them w/ role: 'webserver' +-------------+
  • 15. Presented by [vagrant@deglitch ~]$ puppet node_aws --trace --debug create -i ami-37713107 --region=us-west-2 --instance-tags=role=webserver --type=t1.micro --keyname=certsigner --security-group=webservers Debug: Runtime environment: puppet_version=3.6.2 (Puppet Enterprise 3.4.0-rc1-790-gf96f634), ruby_version=1.9.3, run_mode=user, default_encoding=UTF-8 Info: Connecting to AWS us-west-2 ... Done Info: Instance Type: t1.micro Notice: Creating new instance ... Done Info: Instance identifier: i-abc8f0a6 Notice: Creating tags for instance ... Info: Creating tag for Created-By ... Done Info: Creating tag for role ... Done Notice: Creating tags for instance ... Done Notice: Launching server i-abc8f0a6 ... ##### Notice: Server i-abc8f0a6 is now launched Notice: Server i-abc8f0a6 public dns name: ec2-54-68-132-30.us-west-2.compute.amazonaws.com
  • 16. Presented by +---------------------------------+ | | | Amazon EC2 + using your image | | | EC2 builds your instances, +----+-----------+-----------+----+ running the user-data script | | | which drops instance-specific | | | metadata into csr_attributes.yaml +---v---+ +---v---+ +---v---+ + | | | | | | | | node1 | | node2 | | node3 | <----------------+ +-------+ +-------+ +-------+
  • 19. Presented by +-------------------------------+ | | Each node generates a CSR which | Amazon EC2 API | embeds the metadata as requested +---------------------^---------+ attributes and submits it to the | puppetmaster, which checks the | instance-ID against EC2 to verify +-------+ +------+---------+ it came from a valid instance. | | | | | node1 +------> puppetmaster | +-------+ +----------------+
  • 20. Presented by +-------------------------------+ | | If the API is OK, the puppetmaster | Amazon EC2 API | signs the CSR, moving the tags, +---------------------+---------+ instance-id and any other metadata in | whitelisted extension requests | inside the signed certificate. The +-------+ +------v---------+ signed cert is retrieved by the node | | | | and normal Puppet runs can begin. | node1 <------+ puppetmaster | +-------+ +----------------+
  • 21. Presented by openssl x509 -noout -text -in /var/lib/puppet/ssl/ca/signed/i-f3cef5fe.pem [ ... tons of crap trimmed ... ] X509v3 extensions: Netscape Comment: Puppet Ruby/OpenSSL Internal Certificate 1.3.6.1.4.1.34380.1.1.5: webserver 1.3.6.1.4.1.34380.1.1.3: ami-37713107 1.3.6.1.4.1.34380.1.1.2: i-f3cef5fe
  • 22. Presented by ! +-------+ +----------------+ When the node checks in, the extensions | | | | will be available under the '$trusted' | node1 +----> puppetmaster | top-scope hash for classification, +-------+ +----------------+ manifests, etc. ! # puppet.conf [master] trusted_node_data = true immutable_node_data = true !
  • 23. Presented by ## site.pp node default { notify { "trusted_data": message => inline_template("<%= scope.lookupvar('trusted').inspect %>") } } ! ## agent output Notice: /Stage[main]/Main/Node[default]/Notify[trusted_data]/message: defined 'message' as ' {"certname"=>"i-f3cef5fe", "authenticated"=>"remote", "extensions"=>{"pp_instance_id"=>"i-f3cef5fe", "pp_image_name"=>"ami-37713107", "1.3.6.1.4.1.34380.1.1.5"=>"webserver"}}'
  • 24. Presented by Related and future work ! Signing policy for AWS: mrzarquon-certsigner Signing policy for GCE: puppetlabs-gce_compute Signing policy for in-house CMDBs? Puppet Enterprise Node Manager
  • 27. Presented by Photo/Link Credits CERN - http://www.slideshare.net/gmccance/cern-data-centre-evolution Google maps screenshot of Apple Data Center - fair use, with attribution inline Imagery (c) 2014 Google NSA HQ, fort meade - "National Security Agency headquarters, Fort Meade, Maryland" by Unknown - http:// www.nsa.gov/about/photo_gallery/gallery.shtml. Licensed under Public domain via Wikimedia Commons - http:// commons.wikimedia.org/wiki/File:National_Security_Agency_headquarters,_Fort_Meade,_Maryland.jpg#mediaviewer/ File:National_Security_Agency_headquarters,_Fort_Meade,_Maryland.jpg Bitcoin mining rigs from buttcoin.org http://buttcoin.org/mining-rigs-3 “Cloud City at Sunset” http://balsavor.deviantart.com/art/The-Falcon-escapes-Cloud-city-143511722 han and Lando Mario Fireball - from http://www.giantbomb.com/fireball/3055-120/ © Yorkberlin | Dreamstime.com - Sorceress With Fireball Photo