OSDC 2019 | Automated patch management with Ansible and Rundeck by Andreas Lehr and Rico Spießberger

•

0 recomendaciones•154 vistas

In our On Premise hosting environment we still run a lot of applications on traditional stacks without using containers. In order to run them in a secured way we created a mature patch automation. Thanks to ansible, rundeck, icinga and a bunch of other opensource tools we are able to update and reboot most of our systems without our customers noticing. We do that throughout the day on a regular base using rundeck, or even on short notice if another “heartbleed” occurs.

Software

AUTOMATED PATCH MANAGEMENT
WITH ANSIBLE AND RUNDECK
Schwarz IT KG - @crsp & @shakalandy

ABOUT US
2
Andreas Lehr
@shakalandy
Rico Spiesberger
@crsp
“Hosting and Domain Services” department
- lidl.de
- lidl-reisen.de/.at/.ch/...
- lidl-shop.nl/.be/.cz/.pl/...
- mobile app backend (30 countries)

ABOUT SCHWARZ IT
➔ Central IT of the Schwarz Group (Lidl, Kaufland, PreZero,
GreenCycle,...)
➔ ~ 3000 employees
➔ HQ in Weinsberg/Heilbronn - Location in Berlin
➔ We have Jobs - https://jobs.schwarz
3

AUTOMATED PATCHING
5
WHY WE’VE DONE IT
HOW WE’VE DONE IT
LIVE-DEMO (sort of)

WHY AUTOMATED PATCHING?
6
manual patching takes too
much valuable time

WHY AUTOMATED PATCHING?
7
Make security and auditors
happy

WHY AUTOMATED PATCHING?
8
Have a mature and reliable
process

HOW WE’VE DONE IT
c 9
Ansible and Rundeck
• 1 week cycle for DEV/TEST/QA
• 4 week cycle for PROD
• Emergency stuff can be patched
without prior information
• Target: no manual process, but fully
automated

PATCHING WORKFLOW
10
Set Monitoring Downtime

PATCHING WORKFLOW
11
Create VMWare Snapshot

PATCHING WORKFLOW
14
finally: upgrade time

PATCHING WORKFLOW
15
reboot if needs-restarting

PATCHING WORKFLOW
c 16
● remove old kernels
● patching date > /etc/last_patching (Monitoring, motd, ansible
CMDB)
● activate Loadbalancer health checks
● clean up (yum clean up, etc)
● update “patchlist” documentation (For auditors and POs)
● remove downtime
● remove snapshot (3 days later)
after reboot tasks

IMPEDIMENTS AND RECOMMENDATIONS ON AUTOMATED PATCHING
17
have fixed timeslots

IMPEDIMENTS AND RECOMMENDATIONS ON AUTOMATED PATCHING
18
Delete Snapshots
automatically

IMPEDIMENTS AND RECOMMENDATIONS ON AUTOMATED PATCHING
19
Rebooting HW servers
takes some time…..

IMPEDIMENTS AND RECOMMENDATIONS ON AUTOMATED PATCHING
20
preload packages

IMPEDIMENTS AND RECOMMENDATIONS ON AUTOMATED PATCHING
21
have enough space in
/var/yum and /tmp

IMPEDIMENTS AND RECOMMENDATIONS ON AUTOMATED PATCHING
22
parallel patching:
ansible forks=20+ and strategy: free

Thanks. Don’t forget - https://jobs.schwarz
25

Más contenido relacionado

Similar a OSDC 2019 | Automated patch management with Ansible and Rundeck by Andreas Lehr and Rico Spießberger

AWSome Day Helsinki Intro

Amazon Web Services

AGILOS GmbH - Custom Made SAP Outsourcing and Hosting

Winfried Seeger

Disruptive Technologies and Innovation Foresight Minds DTIM Europe is the leading knowledge platform bringing together all stakeholders within manufacturing industries and the production sphere, playing an active role in Business Development, Innovation Management, Technology Foresighting and Screening, Research & Development and Organisational Change. Be part of DTIM Europe 2017 in November to gain deeper understanding of how to detect new technologies & innovations, create new business models, innovate your value chain and shape robust and value driven strategies within an industrial world that is heavily affected by the digitalization & IoT.

DTIM 2016 - Post Event Report

Ramona Kohrs

Debunking serverless myths

Yan Cui

ECS News Letter Issue #3

ECS Singapore

Join us as we explore: • Adabas & Natural 2050+ commitment to innovation and roadmap • How technology health assessments are helping identify potential risks and opportunities • Modernize by unlocking legacy and mainframe data to leverage Snowflake on AWS • New features for Adabas & Natural on Linux and the cloud • Enhanced security and administration features • How to access SQL Server from Natural • Options to skill up your staff To learn more about Software AG Adabas & Natural, please visit www.adabasnatural.com

NA Adabas & Natural User Group Meeting April 2023

Software AG

CloudCamp

RightScale

S504 mainframe and cloud (and cics) arnold

nick_garrod

Seeberger

Cisco Case Studies

So you think you want to be an internet plumber? We didn't think so. Managing your web hosting infrastructure is no small task. You’ve got to do a little bit of everything—implementing, managing, troubleshooting, repairing, updating. And sometimes if you do one little thing wrong, the whole thing goes down. At Peak Hosting, we call this being an Internet plumber, and it’s about as pleasant as it sounds. You get stuck doing all of the unpleasant stuff, and you’re probably going to run into messy problems.

Peak Hosting Corporate brochure

Peak Hosting

Bauer

Cisco Case Studies

Wie stellen Sie sicher, dass alle Projektinformationen (inkl. Bilder und Videos) auch für den langfristigen Zugriff, vollständig und revisionssicher vorliegen? Es wird erläutert, wie Sie Ihre Dokumenten-Prozesse optimieren und Informationen unter Berücksichtigung von Compliance-Anforderungen jederzeit und ortsunabhängig verfügbar machen. Dank modernen Information Management werden die Vollständigkeit der Informationen garantiert, die Nachvollziehbarkeit der Prozesse ausgewiesen und die rechtlichen Vorgaben erfüllt.

Trivadis TechEvent 2016 Office 365 and Therefore Online by Eberhard Lösch, Cl...

Trivadis

DIGITAL TRANSFORMATION IN MINING

JOULEHUB GMBH

PowerBI: Real Time streaming information from Sensors

JOULEHUB GMBH

How Autodesk Leverages Splunk as an Assurance Platform on AWS

Alan Williams

Wie passt klassische IT Governance zu Continuous Delivery? Gar nicht! Eine hochgradig automatisierte Continuous Deployment Welt stellt die Firma vor ganz neue Herausforderungen im Bereich Compliance und Governance. Klassische - manuelle - Prozesse kommen den schnellen und häufigen Releases gar nicht mehr hinterher. Die Lösung ist die Automation aller Governance prüfungen und die automatisierte Zertifizierung jeder Softwarelieferung. Das klingt banal und einfach, ist im Detail jedoch nicht einfach umzusetzen. Der Vortrag zeigt am konkreten Beispiel der DB Systel, wie wir das Thema angehen und Lösungen für die automatisierte Zertifizierung geschaffen haben.

Compliant by Default - Digitaler Wandel - 14.08.2019 - Schlomo Schapiro

Schlomo Schapiro

Building powerful apps with ArangoDB & KeyLines

Cambridge Intelligence

Business Data Lake Best Practices

Capgemini

Welcome Keynote - AWS Summit Stockholm

Amazon Web Services

In this session you will learn how to get your mobile clients under control quickly and easily using MarvelClient for iOS. From initial user setup to workspace, Recent Apps, connection documents, user preferences, notes.ini entries, local replicas, full-text indexes, mail server changes, cloud migrations, mass changes in migration projects, profile documents, running LotusScript agents, workspace pages*, database/desktop icons* and bookmarks. [* even though workspace is not supported it is used for the client to function properly] Follow Christoph on SlideShare: https://pan.news/ChristophAdlerSlideShare

MarvelClient for iOS - Client Management for Domino Mobile App

panagenda

Similar a OSDC 2019 | Automated patch management with Ansible and Rundeck by Andreas Lehr and Rico Spießberger (20)

AWSome Day Helsinki Intro

AGILOS GmbH - Custom Made SAP Outsourcing and Hosting

DTIM 2016 - Post Event Report

Debunking serverless myths

ECS News Letter Issue #3

NA Adabas & Natural User Group Meeting April 2023

CloudCamp

S504 mainframe and cloud (and cics) arnold

Seeberger

Peak Hosting Corporate brochure

Bauer

Trivadis TechEvent 2016 Office 365 and Therefore Online by Eberhard Lösch, Cl...

DIGITAL TRANSFORMATION IN MINING

PowerBI: Real Time streaming information from Sensors

How Autodesk Leverages Splunk as an Assurance Platform on AWS

Compliant by Default - Digitaler Wandel - 14.08.2019 - Schlomo Schapiro

Building powerful apps with ArangoDB & KeyLines

Business Data Lake Best Practices

Welcome Keynote - AWS Summit Stockholm

MarvelClient for iOS - Client Management for Domino Mobile App

Último

Foundation models are machine learning models which are easily capable of performing variable tasks on large and huge datasets. FMs have managed to get a lot of attention due to this feature of handling large datasets. It can do text generation, video editing to protein folding and robotics. In case we believe that FMs can help the hospitals and patients in any way, we need to perform some important evaluations, tests to test these assumptions. In this review, we take a walk through Fms and their evaluation regimes assumed clinical value. To clarify on this topic, we reviewed no less than 80 clinical FMs built from the EMR data. We added all the models trained on structured and unstructured data. We are referring to this combination of structured and unstructured EMR data or clinical data.

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...

harshavardhanraghave

Conference: Engage2024 in Antwerp Type: Workshop Speakers: Florian Vogler, Henning Kunz, Christoph Adler Title: Navigating the Future with The Hitchhiker's Guide to Notes and Domino 14 Abstract: Embark on an exhilarating journey with industry trailblazers Florian Vogler, Henning Kunz, and Christoph Adler in this not-to-be-missed workshop at the forefront of the tech universe. Get ready for a thrilling kick-off as we navigate the current state of the HCL universe, setting the stage for an exploration of the groundbreaking Notes and Domino 14. Discover the latest enhancements and revolutionary features that will redefine your experience. In this interactive session, unlock a treasure trove of tips and tricks to elevate your utilization of version 14, both with and without the game-changing panagenda MarvelClient. Brace yourself for also diving into Nomad, Nomad Web, and VoltMX, expanding your horizons in the expansive HCL landscape. Be a part of this exclusive opportunity to stay ahead in the ever-evolving world of HCL technologies. Your journey to mastering Notes and Domino 14 begins here. And remember, in the spirit of intergalactic exploration, don't forget to bring your towel!

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...

panagenda

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

Azure Native Qumulo scales elastically for common High Performance Compute (HPC) workloads based on application requirements for: Financial Services, Automotive, Genomics / Life Sciences, Media and Entertainment, Energy, Oil and Gas, etc. Performance can be dialed UP (and back down) much higher than the examples shown here. These slides offer a glimpse into ANQ's HPC capabilities, although at a smaller scale. We invite YOU to do your own testing (with a free ANQ trial) and work with us to test your HPC workloads in Azure.

Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf

ryanfarris8

Software Quality Assurance Interview Questions

Arshad QA

Test automation is a cornerstone of software development and quality assurance in today's rapidly evolving digital landscape. Its significance cannot be overstated. Businesses can enhance efficiency, productivity, and accelerate software delivery to market through automation, streamlining testing processes effectively. This comprehensive guide addresses the best practices for test automation in 2024. It offers a detailed checklist to empower you to optimize your automation efforts and maintain a competitive edge.

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf

kalichargn70th171

Many specialized tools cater to distinct stages within the software development lifecycle (SDLC). These tools target various aspects of development, delivery, and operations, each with its unique strengths. Uniting these diverse testing needs into a single continuous testing platform presents several challenges. Such a platform must seamlessly integrate with various development tools and environments, accommodate different testing methodologies, and remain flexible to adapt to organizational processes and quality standards.

The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...

kalichargn70th171

At TECUNIQUE, we're a stable and steadily growing Indian software services company with over 14 years of industry experience. Specializing in offshore software development and quality assurance services, we've built a reputation for delivering unique and effective solutions to start-ups, software development companies, enterprises, and digital agencies. We pride ourselves on our commitment to excellence and innovation. By blending insightful business domain knowledge with exceptional technical prowess, we craft tailor-made solutions that meet the unique needs of our clients. Our dedicated teams are adept in specific technologies, ensuring seamless integration of skills and delivering reliable, scalable, and high-quality software solutions aligned with our clients' preferences. Bespoke Dedicated Teams: Crafted to meet your specific needs and technology preferences, our dedicated teams are committed to delivering top-notch software solutions. Offshore Software Development: Accelerate your software development and scale up quickly with our 12+ years of expertise in offshore development. Quality Assurance Services: Ensure the quality of your software products with our dedicated teams of experienced QA professionals. IT Staff Augmentation: Overcome skill gaps with our client-centric software team, offering staff augmentation services. Expert Software Services: Unlock our capabilities in custom software development, product development, and quality assurance. Mission and Vision: Our mission at TECUNIQUE is to be the catalyst for our clients' success in the dynamic domain of software development. Rooted in our core values of respect, authenticity, and responsibility, we strive to ease the software outsourcing experience, reducing both time and cost to market for our clients. We envision ourselves as the leading Indian software services company, renowned for our unwavering commitment to excellence and innovation. www.tecunique.com

TECUNIQUE: Success Stories: IT Service provider

mohitmore19

In the past six months, the AI landscape has undergone a massive transformation, ushering in a new era of productivity with the latest in Large Language Models (LLMs) and AI technology. This deep dive unlocks how to: Create CustomGPT Models: No coding needed to tailor AI for your unique projects. Integrate your own data, including PDFs and Excel sheets, making information handling a breeze. Plus, discover how to call your own actions/integrations for even more personalized utility. Navigate Advanced Prompting: Overcome AI's memory limits and utilize Retrieval-Augmented Generation for accessing your personalized data, streamlining how you interact with AI. Stay Ahead with AI Trends: Peek into the evolving world of LLMs, featuring newcomers like Google Gemini, Anthropic Claude, Open Sora, and Twitter Grok, and understand what their advancements mean for your productivity. Witness Real-Life Transformations: Through examples and prompt demonstrations, see firsthand how these AI strategies revolutionize routine tasks, from data analysis to content creation. Learn to leverage image output and input for advanced practical use cases, adding a new dimension to your productivity toolkit. No previous coding or AI experience is needed for this talk. Stay ahead in the fast-evolving world of work. Embrace the AI revolution and transform your workflow with advanced LLM techniques. Join us to ensure you're not left behind in the productivity race.

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques

VictorSzoltysek

How To Use Server-Side Rendering with Nuxt.js

Andolasoft Inc

Unlocking the Future of AI Agents with Large Language Models

aagamshah0812

VTU technical seminar 8Th Sem on Scikit-learn

AmarnathKambale

A great deal of attention in medical devices has shifted towards cybersecurity with the ratification of section 524B of the FD&C act. This new law enables the FDA to enforce cybersecurity controls in any medical device that is capable of networked communications or that has software. In this webinar we will recap the process for managing vulnerabilities, identify categories of vulnerabilities and solutions and more.

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...

ICS

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf

kalichargn70th171

Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid

Philip Schwarz

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

InShot proinshot.com stands tall among its peers as the ultimate video editing app, offering simplicity, versatility, and power in one package. With its intuitive interface and comprehensive feature set, InShot caters to both beginners and seasoned editors alike. Whether you're creating content for social media, YouTube, or personal projects, InShot empowers you to unleash your creativity and transform your videos into captivating masterpieces. Join the millions of users who trust InShot https://www.proinshot.com/ for all their video editing needs and discover the difference for yourself!

Exploring the Best Video Editing App.pdf

proinshot.com

A Secure and Reliable Document Management System is Essential.docx

ComplianceQuest1

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live Booking Contact Details :- WhatsApp Chat :- [+91-9999965857 ] The Best Call Girls Delhi At Your Service Russian Call Girls Delhi Doing anything intimate with can be a wonderful way to unwind from life's stresses, while having some fun. These girls specialize in providing sexual pleasure that will satisfy your fetishes; from tease and seduce their clients to keeping it all confidential - these services are also available both install and outcall, making them great additions for parties or business events alike. Their expert sex skills include deep penetration, oral sex, cum eating and cum eating - always respecting your wishes as part of the experience (29-April-2024(PSS)

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live

Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

Looking to embark on a digital project in New York City? Choosing the ideal Laravel development partner is pivotal. Begin by defining your project requirements clearly. Assess potential partners' experience, expertise, and technical proficiency, checking portfolios and client testimonials. Effective communication and collaboration are paramount, so evaluate partners' communication styles and project management approaches. Consider long-term scalability and support options, and discuss pricing and contracts transparently. Lastly, trust your instincts when selecting a partner aligned with your vision and values.

How to Choose the Right Laravel Development Partner in New York City_compress...

software pro Development

OSDC 2019 | Automated patch management with Ansible and Rundeck by Andreas Lehr and Rico Spießberger

1. AUTOMATED PATCH MANAGEMENT WITH ANSIBLE AND RUNDECK Schwarz IT KG - @crsp & @shakalandy

2. ABOUT US 2 Andreas Lehr @shakalandy Rico Spiesberger @crsp “Hosting and Domain Services” department - lidl.de - lidl-reisen.de/.at/.ch/... - lidl-shop.nl/.be/.cz/.pl/... - mobile app backend (30 countries)

3. ABOUT SCHWARZ IT ➔ Central IT of the Schwarz Group (Lidl, Kaufland, PreZero, GreenCycle,...) ➔ ~ 3000 employees ➔ HQ in Weinsberg/Heilbronn - Location in Berlin ➔ We have Jobs - https://jobs.schwarz 3

4. WHAT’S WRONG HERE? 4 WTF?

5. AUTOMATED PATCHING 5 WHY WE’VE DONE IT HOW WE’VE DONE IT LIVE-DEMO (sort of)

6. WHY AUTOMATED PATCHING? 6 manual patching takes too much valuable time

7. WHY AUTOMATED PATCHING? 7 Make security and auditors happy

8. WHY AUTOMATED PATCHING? 8 Have a mature and reliable process

9. HOW WE’VE DONE IT c 9 Ansible and Rundeck • 1 week cycle for DEV/TEST/QA • 4 week cycle for PROD • Emergency stuff can be patched without prior information • Target: no manual process, but fully automated

10. PATCHING WORKFLOW 10 Set Monitoring Downtime

11. PATCHING WORKFLOW 11 Create VMWare Snapshot

12. PATCHING WORKFLOW 12 Send Notifications

13. PATCHING WORKFLOW 13 Host Preparation

14. PATCHING WORKFLOW 14 finally: upgrade time

15. PATCHING WORKFLOW 15 reboot if needs-restarting

16. PATCHING WORKFLOW c 16 ● remove old kernels ● patching date > /etc/last_patching (Monitoring, motd, ansible CMDB) ● activate Loadbalancer health checks ● clean up (yum clean up, etc) ● update “patchlist” documentation (For auditors and POs) ● remove downtime ● remove snapshot (3 days later) after reboot tasks

17. IMPEDIMENTS AND RECOMMENDATIONS ON AUTOMATED PATCHING 17 have fixed timeslots

18. IMPEDIMENTS AND RECOMMENDATIONS ON AUTOMATED PATCHING 18 Delete Snapshots automatically

19. IMPEDIMENTS AND RECOMMENDATIONS ON AUTOMATED PATCHING 19 Rebooting HW servers takes some time…..

20. IMPEDIMENTS AND RECOMMENDATIONS ON AUTOMATED PATCHING 20 preload packages

21. IMPEDIMENTS AND RECOMMENDATIONS ON AUTOMATED PATCHING 21 have enough space in /var/yum and /tmp

22. IMPEDIMENTS AND RECOMMENDATIONS ON AUTOMATED PATCHING 22 parallel patching: ansible forks=20+ and strategy: free

23. LIVE-DEMO!?!?

24. QUESTIONS?

25. Thanks. Don’t forget - https://jobs.schwarz 25

OSDC 2019 | Automated patch management with Ansible and Rundeck by Andreas Lehr and Rico Spießberger

Recomendados

Recomendados

Más contenido relacionado

Similar a OSDC 2019 | Automated patch management with Ansible and Rundeck by Andreas Lehr and Rico Spießberger

Similar a OSDC 2019 | Automated patch management with Ansible and Rundeck by Andreas Lehr and Rico Spießberger (20)

Último

Último (20)

OSDC 2019 | Automated patch management with Ansible and Rundeck by Andreas Lehr and Rico Spießberger