Mitchell Hashimoto – Extending Terraform for Anything as Code

Terraform is a powerful Infrastructure as Code tool for declaratively building and maintaining complex infrastructures on one or multiple cloud systems. Additionally, Terraform supports over 80 non-infrastructure providers! This talk will dive into the abstract design of Terraform and show how it can be used concretely for completely non-infrastructure use cases, including examples of these uses in the real world. We’ll also touch on how you can extend Terraform to manage anything with an API.

Conrad Hoffmann – Hardware-level data-center monitoring with Prometheus

SoundCloud <3 Prometheus. However, when it comes down to hardware, getting data into Prometheus isn’t always straight-forward. In this talk, I will provide a look into how we managed to port all our infrastructure monitoring – including SNMP, IPMI and more – to Prometheus, and even improve it along the way.

Ander Juaristi Alamos – Hitchhiker’s guide to TLS 1.3 and GnuTLS

TLS 1.3 is so different from its predecessors, some argue it should’ve been called TLS 2.0. TLS 1.3 comes with a number of new features that may or may not benefit datacenter deployment, depending on the use case. It also streamlines key establishment, making TLS 1.3 simpler, and more secure. It may be the best TLS so far, but in spite of its simplicity fitting it into the current GnuTLS API has been no easy task. This talk gives an overview of what to expect from TLS 1.3, tours around GnuTLS, its interfaces and its internal structure, and explains how we went on redesigning the current API to support TLS 1.3, without breaking anything and of course keeping backward compatibility. Our design principle: TLS 1.3 is simple – so should the interface.

Martin Schurz & Sebastian GumprichSpicing up VMWare with Ansible and InSpec

VMWare is a common hypervisor choice in large organizations, and it comes with a zoo of additional tools, options and licenses. But once you add a little bit of OpenSource to the mix, things start to get interesting. There are open APIs which integrate well with Tools like Ansible and InSpec. So it is easy to write your own scripts to verify a configuration or harden a ESX host. We will show you, how we automated our deployment, what problems we encountered and how we added some nice features.

Colin Charles – Scaling & High Availability MySQL learnings from the past decade+

The MySQL world is full of tradeoffs and choosing a High Availability (HA) solution is no exception. This session aims to look at all of the alternatives in an unbiased nature. While the landscape will be covered, including but not limited to MySQL replication, MHA, DRBD, Galera Cluster, etc. the focus of the talk will be what is recommended for today, and what to look out for. Thus, this will include extensive deep-dive coverage of ProxySQL, semi-sync replication, Orchestrator, MySQL Router, and Galera Cluster variants like Percona XtraDB Cluster and MariaDB Galera Cluster. I will also touch on group replication. Learn how we do this for our nearly 4000+ customers!

Monica Sarbu – Monitoring Kubernetes at Scale

Kubernetes is changing the game in the data centre, but also in the monitoring and troubleshooting landscape. Static tools and vertically scalable TSDBs are no longer fit for the job. Large-scale dynamic infrastructures require scalable dynamic monitoring.
This talk presents how the Elastic Stack collects logs, metrics, and APM traces from the applications running in Kubernetes:
– Collect application logs, metrics and enhance them with Kubernetes metadata
– Collect application metrics from Prometheus endpoints
– Collect Kubernetes metrics
– Collect application performance traces (APM)
– Autodiscover new pods and monitor them based on their type
– Control the monitoring via Kubernetes annotations
– Use Kibana as a single looking glass to visualize the collected data

Thomas Niedermeier – OPNsense: the “open” firewall for your datacenter

OPNsense is an open source and easy-to-use FreeBSD based firewall and routing platform. 2018 – three years after OPNsense started as a fork of pfSense® and m0n0wall – OPNsense brings the rich feature set of commercial offerings with the benefits of open and verifiable sources. A strong focus on security and code quality drives the development of the project. The modern and intuitive web interface makes configuring firewall rules funny ?
In this talk, Thomas will outline OPNsense’s FreeBSD-based architecture and how you can take advantage of additional features using OPNsense plugins. He will also show how to initially setup an OPNsense firewall, and how you use datacenter-features like High Availability & Hardware Failover or Dual Uplinks.
Open (source) makes sense – also for your firewall ?

Gianluca Arbezzano – Distributed Monitoring

Modern software development is increasingly taking a “microservice” approach that has resulted in an explosion of complexity at the network level. We have more applications running distributed across different datacenters. Distributed tracing, events, and metrics are essential for observing and understanding modern microservice architectures.
This talk is a deep dive on how to monitor your distributed system. You will get tools, methodologies, and experiences that will help you to realize what your applications expose and how to get value out from all these information.
Gianluca Arbezzano, SRE at InfluxData will share how to monitor a distributed system, how to switch from a more traditional monitoring approach to observability. Stay focused on the server’s role and not on the hostname because it’s not really important anymore, our servers or containers are fast moving part and it’s easy to detach it from the right in case of trouble than call the server by name as a cute puppet. How to design a SLO for your core services and now to iterate on them. Instrument your services with tracing using tools like Zipkin or Jaeger to measure latency between in your network.

Martin Alfke – Ops hates containers. Why?

“Docker, Docker, Docker, Docker,…” developers really love Docker. Usually one sees the no longer need for configuration management, the easy way to spin up a platform on a laptop, the low resource footprint. But how do you deploy laptops in data centers? This talk will give you an insight how we (more Ops then Dev) started to learn (and love) containers, the issues we saw when running them in larger scale and how Ops people should start dealing with Container technologies.

Mike Place – Introduction to SaltStack in the Modern Data Center

Modern-day data centers face an enormous amount of complexity, from managing and deploying distributed applications to monitoring and controlling changes in networking hardware, engineers face an unprecedented set of challenges in trying to tame the chaos. In this talk, Mike Place from SaltStack will cover how to use Salt to automate and control all the elements of a modern data center, from the physical hardware to the application packaging and deployment. He’ll also show how automation frameworks can merge with monitoring systems to create event-driven infrastructure patterns that can achieve maximum observability and quick remediation to every type of deployment.

Anton Babenko – Lifecycle of a resource. Codifying infrastructure with Terraform for the future

Immutable infrastructure is a way to success, but what about the lifecycle of individual resources. This talk is about evolution of resources, code structure, Terraform coding tricks, composition and refactoring.

Devdas Bhagat – Migrating to the cloud

This is an experience report of a migration from self-hosted services to running in the cloud. While there have been plenty of business case studies showing the benefits of a cloud migration, there are very few reports on the IT side of the migration. This talk covers the migration of Spilgames (a small Dutch games publisher) from a self-hosted Openstack and hardware based infrastructure to Google cloud, challenges, tooling (and lack thereof). This migration is still work in progress, and the talk will cover as much detail as possible.

Max Neunhöffer – The Computer Science behind a modern distributed data store

What we see in the modern data store world is a race between different approaches to achieve a distributed and resilient storage of data. Most applications need a stateful layer which holds the data. There are at least three necessary ingredients which are everything else than trivial to combine and of course even more challenging when heading for an acceptable performance. Over the past years there has been significant progress in respect in both the science and practical implementations of such data stores. In his talk Max Neunhoeffer will introduce the audience to some of the needed ingredients, address the difficulties of their interplay and show four modern approaches of distributed open-source data stores.
Topics are:
– Challenges in developing a distributed, resilient data store
– Consensus, distributed transactions, distributed query optimization and execution
– The inner workings of ArangoDB, Cassandra, Cockroach and RethinkDB
The talk will touch complex and difficult computer science, but will at the same time be accessible to and enjoyable by a wide range of developers.

Walter Gildersleeve – Puppet and the Road to Pervasive Automation

How automated is your enterprise? The benefits of increased automation are many, it promising faster release cycles, stable IT environments and reduced failures caused by human error. And while most enterprises are embracing the concept of DevOps and automation, most are only partially realizing the benefits of automation. Puppet, long a DevOps thought leader, provides a path to pervasive automation in the enterprise. Through Puppet, you can explore your entire IT estate, automate all aspects of your infrastructure lifecycle, and realize the potential of true DevOps workflows. Learn the why of automation, what it means to be automated and how to move forward towards the goal of pervasive automation.

Cornelius Schumacher – Highly Available Cloud Foundry on Kubernetes

This presentation will show how Cloud Foundry, the popular Platform as a Service framework, is deployed and configured to run in a highly available fashion on Kubernetes. It will show how to avoid single points of failures using Kubernetes features like stateful sets, readiness and liveness probes, etc. This includes how high availability extends to applications deployed by the end users of Cloud Foundry so they don’t have to worry about downtime. The presentation will include a demo of a disruptive agent simulating failures across the Kubernetes nodes and containers, while user applications are still alive and healthy. This presentation shows a real-life production use case for Kubernetes. This can be used as an example and to learn about the high-availability related features of Kubernetes. It also presents how the Kubernetes stack can be extended with Cloud Foundry to also cover the use case of Platform as a Service.

Matt Jarvis – From batch to pipelines – why Apache Mesos and DC/OS are a solution for emerging patterns in data processing

Apache Mesos is a distributed system for running other distributed systems, often described as a distributed kernel. It’s in use at massive scale at some of the worlds largest companies like Netflix, Uber and Yelp, abstracting entire data centres of hardware to allow for workloads to be distributed efficiently. DC/OS is an open source distribution of Mesos, which adds all the functionality to run Mesos in production across any substrate, both on-premise and in the cloud. In this talk, I’ll introduce both Mesos and DC/OS and talk about how they work under the hood, and what the benefits are of running these new kinds of systems for emerging cloud native workloads.

Thomas Hoppe – Self Hosted Bare Metal Kubernetes for SMEs

We recently moved our workloads onto a self Hosted K8s environment starting from Bare Metal. In this talk I would like to explain why and how and share our lessons learned.

Philipp Krenn – Providing and Supporting Docker Images

If you want to be taken seriously, you need to provide containers to your users. It’s easy — everybody is uploading containers to Docker Hub, right? Unfortunately, reality is never as easy as it sounds at first. This talk gives an overview of Elastic’s ongoing journey to providing official Docker images:

  • Docker Hub: What “official” really means and why we are using our own registry.
  • Base image: Just use Alpine — it is small and the perfect fit for containers. We tried that and reconsidered…
  • Release policy: What do you actually get in a specific tag and how are we releasing our images?
  • Support: Combine two complex systems like Elasticsearch and Docker — and you will get a lot of questions.
  • Orchestration: Our current approach for orchestration and how we are treating feature requests.

Michael Ströder – Æ-DIR — Authorized Entities Directory

This talk will present a real-world implementation of a privileged identity and access management system (IAM/PAM) based on OpenLDAP used together with OATH-LDAP for secure two-factor authentication. Æ-DIR and OATH-LDAP are both free software projects. The main goal of Æ-DIR is to follow the delegation, need-to-know and least-privilege principles as strictly as possible. The visibility of users, groups, sudoers, etc. is limited by OpenLDAP’s ACLs. All systems and services, no exception(!), have to individually authenticate to be authorized to access Æ-DIR. Especially the consequent delegation allows to almost completely abandon slow approval workflows which nicely fits the need for agile system management processes. Furthermore OATH-LDAP is presented, a two-factor authentication system, which directly uses the OpenLDAP server as a backend. It is built into Æ-DIR but can also be used separately. A highly secure enrollment process (no QR code displayed!) for two-factor HOTP authentication with yubikey tokens is shown. Finally the architecture of a SSH gateway is explained which uses the very same access control data to authorize SSH connections passing through the gateway.

Paul Puschmann – From Monolith to Microservices

Scaling up from two developer teams supporting a monolith to more than 20 developer teams powering a micro-service landscape is not only a matter of technical excellence but also the matter of culture and collaboration. This talk will show the positive aspects of our evolution as well as the things we learned to improve on.

Gabriel Hartmann & Nicole Lang – Git Things Done With GitLab!

Version control can basically be found in almost every company, team or project – no matter if it is used for creating and releasing software or providing a safe place for your setup’s configurations. A lot of professionals have chosen GitLab for making work life easier, better and more flexible. So, ever wondered why GitLab is so famous? Or why it is easy to use while still being such a feature-rich application? And how you can take a fast start with a new idea? Then come and check out GitLab with us! We will give you an introduction to GitLab and the basics needed for working with this version control software – create your project, write a Dockerfile and power it on with a runner. Git things done fast and efficiently!

Akmal Chaudhri – Apache Ignite: the in-memory hammer in your data science toolkit

Machine learning is a method of data analysis that automates the building of analytical models. By using algorithms that iteratively learn from data, computers are able to find hidden insights without the help of explicit programming. These insights bring tremendous benefits into many different domains. For business users, in particular, these insights help organizations improve customer experience, become more competitive, and respond much faster to opportunities or threats. The availability of very powerful in-memory computing platforms, such as Apache Ignite, means that more organizations can benefit from machine learning today. In this presentation we will look at some of the main components of Apache Ignite, such as the Compute Grid, Data Grid and the Machine Learning Grid. Through examples, attendees will learn how Apache Ignite can be used for data analysis.

Thomas Fricke – Three Years Running Containers with Kubernetes in Production

The talk gives a state of the art update of experiences with deploying applications in Kubernetes on scale. If in clouds or on premises, Kubernetes took over the leading role as a container operating system. The central paradigm of stateless containers connected to storage and services is the core of Kubernetes. However, it can be extended to distributed databases, Machine Learning, Windows VMs in Kubernetes. All these applications have been considered as edge cases a few years ago, however, are going more and more mainstream today.

Andy Ellicott – The Operational Brain: How New Paradigms like Machine Learning are Transforming Data Management Systems

With the advent of IoT, companies have the opportunity to put larger and larger volumes of machine data to work to optimize operations like manufacturing production, safety, security, user experience. Yet, they are finding that the old paradigms of processing this data do not help mainstream developers keep pace with the velocity of data, new analytic algorithms, and the need for real-time insight. Jodok Batlogg, founder and CTO of, believes that the solution to this problem lies at the nexus of modern open source distributed database architectures, machine learning/AI, and IoT networking. These technologies will combine to create a new data management paradigm that moves beyond traditional conceptions of databases. He believes the future lies in a central nervous system, an “operational brain” that connects directly to sensory inputs and applies artificial intelligence to control, predict, and monitor systems and things in real time. In this session, Jodok will use-real world, in-production manufacturing and cybersecurity examples of “operational brains” at work to explain the new paradigm, and discuss the concrete steps organizations can take to implement them.

Dirk Götz – Katello: Adding content management to Foreman

Katello is a collection of plugins for Foreman which adds content management to the lifecycle. With Foreman you can easily manage the lifecycle of servers starting with provisioing, handing over to config management and continuous reporting. To improve the quality of your configuration management it is recommended to establish some kind of software management. This is what Katello brings to Foreman by adding local mirrors, snapshots and staging of repositories. This talk will introduce to Foreman and Katello and provide a demo of the lifecycle management.