sig-security
Ansible
Our great sponsors
sig-security | Ansible | |
---|---|---|
20 | 388 | |
1,940 | 61,068 | |
1.9% | 0.9% | |
9.8 | 9.8 | |
1 day ago | about 6 hours ago | |
HTML | Python | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
sig-security
- Practicing Threat Modeling to Assess and Fortify Open Source Security [pdf]
-
Cloud Native Applications - Part 2: Security
Cloud Native Security Whitepaper
-
Does Kubernetes support SELinux?
As Daniel Walsh himself wrote in a blog post, CRI-O integrates very well with SELinux and prevents dangerous actions like a container loading an old, unmaintained and therefore potentially vulnerable kernel module and breaking out of the isolation. Additionally, the Kubernetes API itself contains resources to specifically configure SELinux labels for containers. Doesn't sound like something they would do for a tool that "doesn't work with Kubernetes", according to some. Also, the CNCF security whitepaper mentions SELinux as a tool that can be used to provide isolation and limit privileges, which is as much as we could expect from an high-level, architecturally-minded document.
- Cloud Native Security Whitepaper v2
- Cloud Native Security Whitepaper [pdf]
- Catalog of Supply Chain Compromises
- tag-security/supply-chain-security/compromises at main · cncf/tag-security
- supply-chain-security - Catalog of Supply Chain Compromises
-
Secure software supply chain: why every link matters
Fortunately, not every attack has a big enough impact to appear in the newspaper, but let’s analyze some of the most relevant and recent ones. Many other examples of different types of supply chain attacks are also collected by the CNCF in their Catalog of Supply Chain Compromises.
Ansible
-
Interesting Uses of Ansible's ternary filter
They support for-if from python, too: https://jinja.palletsprojects.com/en/3.1.x/templates/#loop-f... but I haven't tried the "recursive" keyword to know if ansible supports that. I say "ansible supports that" because they don't just drop jinja2 into ansible and call it a draw, they have a bunch of custom execution integrations: https://github.com/ansible/ansible/blob/v2.16.3/lib/ansible/...
-
The 2024 Web Hosting Report
To manage a VM, you can use something as simple as just manual actions over SSH, or can use tools like Ansible, Hashicorp's Packer and Terraform or other automations. For an app where there is minimal load and security/reliability concern, VMs are still a great option that provide a lot of value for the buck
-
A Journey to Find an Ultimate Development Environment
In this article's context, it is simply a tool that provides a declarative way to automate your machine/OS to configure the development machine as you want (install package, modify the configuration, etc). Examples of these tools are Ansible, Puppet, etc.
-
The Director of "Toy Story" Also Drew the BSD Daemon Logo
Now we're getting more tangential, but for years, Ansible releases were named for Van Halen songs (see old Changelog here: https://github.com/ansible/ansible/blob/v1.8.4/CHANGELOG.md)
-
Running stateful workloads on Kubernetes with Rook Ceph
In the lab to follow, we'll quickly provision a 3-node kubeadm cluster (1 master, 2 workers) on the cloud provider of your choice using an automation stack comprised of OpenTofu and Ansible, then deploy Rook Ceph using the official Helm charts and confirm that we are now able to successfully create CSI volume snapshots from PVCs by reusing the MinIO example from our last article.
- Looking for a way to remote in to K's of raspberry pi's...
- ansible builder collections path
-
The Bullhorn #119 (Ansible Newsletter)
Ansible-Core ↗
-
How to perform this when statement (invalid YAML)
The lookup works fine when parsed as say a msg and braced in "{{ }}" but we're told not to use jinja delimiters in when statements (no idea on the whys to that to be honest) - The issue lies around the first ": " and yaml sees that everything preceding this being a mapping... I have tried all manner of fixes described in YAML syntax error when string contains a colon + space · Issue #2769 · ansible/ansible (github.com) but no dice... the error is a variety of 'The error was: template error while templating string' type errors depending on what attempted fix I'm applying..
-
uyuni – open-source configuration and infrastructure management
IBM -> RedHat -> Ansible (https://docs.ansible.com/platform.html)
I think the new ansible docs are opaque, and the new "everything is an ansible collection" scheme makes troubleshooting any issues reported by users hundreds of times harder than "the old days"
I keep this (https://github.com/ansible-community/ansible-build-data/blob...) bookmarked because it's the only way to match up what "ansible 8.1.0" (https://pypi.org/project/ansible/8.1.0/) even means since it for damn sure not any of this: https://github.com/ansible/ansible/releases (they used to have a 'release' pinned on that releases tab saying "these are not the droids you are looking for"). I believe I tried asking for them to update the completely erroneous pypi "source code" link to point to that repo and ... well, one can see how well that turned out
What are some alternatives?
cool-system - The Cloud Optimized Operational Lab (COOL) system
Cloud-Init - unofficial mirror of Ubuntu's cloud-init
mkosi - 💽 Build Bespoke OS Images
pyinfra - pyinfra automates infrastructure using Python. It’s fast and scales from one server to thousands. Great for ad-hoc command execution, service deployment, configuration management and more.
slsa - Supply-chain Levels for Software Artifacts
Home Manager using Nix - Manage a user environment using Nix [maintainer=@rycee]
spack - A flexible package manager that supports multiple versions, configurations, platforms, and compilers.
Fabric - Simple, Pythonic remote execution and deployment.
badPods - A collection of manifests that will create pods with elevated privileges.
cloudinit - Official upstream for the cloud-init: cloud instance initialization
cyclonedx-gomod - Creates CycloneDX Software Bill of Materials (SBOM) from Go modules
(R)?ex - Rex, the friendly automation framework