From Ideas to Impact: Cloud Native AI and TOC Highlights Post-KubeCon EU 2025</h1> <article> <h1>From Ideas to Impact: Cloud Native AI and TOC Highlights Post-KubeCon EU 2025</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Sat, 19 Apr 2025 14:17:00 +0000</p> <h2 id="from-ideas-to-impact-cloud-native-ai-and-toc-highlights-post-kubecon-eu-2025"><strong>From Ideas to Impact: Cloud Native AI and TOC Highlights Post-KubeCon EU 2025</strong></h2> <p>When <a href="https://www.serverbooter.com/post/cncf-cloud-native-ai-working-group-innovation-from-edge-to-core/">we previewed</a> the CNCF Cloud Native AI Working Group’s efforts ahead of KubeCon EU 2025, the tone was of curiosity and anticipation. Some still viewed AI as an outlier in the cloud-native world. But if KubeCon EU proved anything, AI has now fully arrived—and the community is building it <em>in a cloud native way</em>.</p> <p>This year’s event didn’t just validate the momentum around AI; it showcased a CNCF community that’s actively rethinking its foundations—from how Technical Advisory Groups (TAGs) work to how the community serves end users to how projects grow and graduate. The CNCF Technical Oversight Committee (TOC) had a visible and influential role throughout the week, laying down a clear marker: the next wave of cloud native isn’t just about orchestration—it’s about intelligence, usability, and sustainable growth.</p> </article> <article> <h1>CNCF Cloud Native AI Working Group: Innovation from Edge to Core!</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Thu, 27 Mar 2025 14:17:00 +0000</p> <p>Over the past six months, the Cloud Native Computing Foundation’s (CNCF) <a href="https://docs.google.com/document/d/1tS6gL5qjGLaHDtAChssqJhBVm8BIpopUA3Ddzm9LHwg/edit?tab=t.0#heading=h.tprh9feizr4r">Cloud Native AI (CNAI) Working Group</a> has been at the forefront of integrating artificial intelligence (AI) and machine learning (ML) with cloud-native technologies. This is a moment to discuss the working group’s initiatives and opportunities for contributors and enthusiasts as we prepare for KubeCon Europe 2025 in London.</p> <p>The group has been making strides in galvanizing the community around the needs of AI/ML workloads on top of cloud native environments. A significant deliverable was the publication of the “Cloud Native AI” whitepaper in March 2024.</p> </article> <article> <h1>Consulting</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Tue, 04 Mar 2025 00:00:00 +0000</p> <h1 id="consulting-services">Consulting Services</h1> <p>I offer specialized consulting services for organizations looking to build, optimize, and scale their GPU infrastructure on Kubernetes. With my experience as Engineering Lead at Snowflake, Cloud Native Lead at Truera, and Senior Engineering Kubernetes Manager at Rakuten, I bring deep technical expertise and practical insights to help you succeed.</p> <hr> <h2 id="services">Services</h2> <h3 id="gpu-infrastructure-design--architecture">GPU Infrastructure Design & Architecture</h3> <p>Design a robust GPU infrastructure strategy tailored to your AI/ML workloads:</p> <ul> <li><strong>Multi-GPU Kubernetes Architecture</strong>: Design scalable K8s clusters with GPU pooling and scheduling</li> <li><strong>MIG (Multi-Instance GPU) Strategy</strong>: Optimize GPU utilization with NVIDIA MIG technology</li> <li><strong>Hybrid Cloud GPU Deployments</strong>: Architect GPU solutions across on-premises, GCP, AWS, and Microsoft Azure</li> <li><strong>Azure GPU Expertise</strong>: AKS GPU support, Azure Machine Learning, and Azure Batch AI</li> <li><strong>Vendor-Agnostic GPU Support</strong>: Design for NVIDIA, AMD, and ARM GPU compatibility</li> </ul> <h3 id="kubernetes-for-aiml-workloads">Kubernetes for AI/ML Workloads</h3> <p>Optimize your Kubernetes platform for machine learning and AI workloads:</p> </article> <article> <h1>Fun Times at The Kubernetes Forum Seoul and Sydney 2019</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Wed, 18 Dec 2019 14:17:00 +0000</p> <p>Hello everyone! I’m excited to write this post about my experience at the Kubernetes Forum Seoul and Sydney 2019. My journey started in San Francisco on Friday evening, December 6th, 2019, on a flight to Seoul.</p> <p></p> <p></p> <p>I arrived in Seoul on Sunday, December 8th, in the morning and had plenty of time during the day to rest in the hotel at the venue, <a href="https://www.seouldragoncity.com/">The Seoul Dragon City</a>. As speakers, we were invited along with the organizers and community leaders to an event dinner in the <a href="https://sdc-club.com/en/convention/room-goguryeo.php">Goguryeo room</a>. During that time, we had a great start networking with fellow industry leaders with an opportunity to connect. In my opinion, the number of people was just right to talk to most of the guests at dinner.</p> </article> <article> <h1>Speaking</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Sat, 30 Nov 2019 14:17:00 +0000</p> <h1 id="speaking-engagements">Speaking Engagements</h1> <p>A curated collection of talks and presentations I’ve given from 2018-2026, covering cloud-native technologies, container runtimes, security, and AI infrastructure.</p> <hr> <h2 id="upcoming-talks">Upcoming Talks</h2> <h3 id="observing-chaos-real-time-monitoring-of-ai-driven-kubernetes-destruction"><strong>Observing Chaos: Real-Time Monitoring of AI-Driven Kubernetes Destruction</strong></h3> <p>📅 <em>KubeCon + CloudNativeCon EU 2026</em> | Amsterdam, Netherlands 🎤 <em>with Josh Halley, Cisco</em> 🔗 <a href="https://sched.co/2CW1T">Event Details</a></p> <hr> <h2 id="2025">2025</h2> <h3 id="in-ai-we-trust-securing-the-future-one-agent-at-a-time"><strong>In AI We Trust? Securing the Future, One Agent at a Time</strong></h3> <p>📅 <em>KubeCon + CloudNativeCon NA 2025</em> | Atlanta, Georgia 🎤 <em>Panel Discussion</em> 🎥 <a href="https://youtu.be/AWajuymQH-A">Video</a> | 🔗 <a href="https://sched.co/27FWu">Event Details</a></p> </article> <article> <h1>Speaking</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Sat, 30 Nov 2019 14:17:00 +0000</p> <p><a href="https://serverbooter.com/page/speaking/">This page has been moved</a></p> </article> <article> <h1>Running Scylla in Kata Containers</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Mon, 16 Apr 2018 14:17:00 +0000</p> <p>The Kata community has been busy getting the first release out the door.</p> <p>Virtual Machines have been around in the industry for over 20 years. One of the most attractive features of Kata is that it runs containers in VMs and VMs are very stable and provide very good isolation of your compute resources hardware. Furthermore, virtualization systems like KVM, Xen and VMware provide multiple ways to attach to dedicated storage. VMware takes this step even further by providing things like Storage VMotion.</p> </article> <article> <h1>The Boom of Container Runtimes</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Sun, 04 Mar 2018 14:17:00 +0000</p> <p>It has been about 4 years since Docker exploded into the scene of Cloud Infrastructure. With that came a shift in cloud applications from monolithic to microservices. Containers made it easy for developers to deploy directly to production mostly caring about the scope of her/his microservice.</p> <p>Enter container orchestration tools such as Kubernetes, Mesos, AWS ECS, GKE, Azure Container Service which allow cloud operations to manage containers at scale. Setup these tools with a redundant masters as quorum systems (k8s, mesos) and add hundreds of nodes or slaves and automatically scale your containers up and down depending on demand.</p> </article> <article> <h1>Working At Branch</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Wed, 04 Oct 2017 14:17:00 +0000</p> <p>It has been about 4 months since I started working at <a href="https://branch.io">Branch</a> and wanted to reflect on what it’s been like.</p> <p>I can truly say that I’m enjoying everything about it. The environment is fantastic, my co-workers are awesome, and we all come from various backgrounds.</p> <p>I like the fact that the company takes their values seriously and the founding team is focused on making working at Branch the best experience you’ve ever had in your career. There’s also a very strong focus on diversity as the founding team puts it: The more diverse we are, the better we will be positioned in the long run. Being more diverse allow us to bring in different points of view and experiences that in the end help us progress more efficiently. I can’t say that there are many places like that.</p> </article> <article> <h1>Kubernetes on GCP</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Sat, 13 May 2017 16:28:29 +0000</p> <p>Kubernetes has come a long way over the last 2 years and I was so excited to learn about during <a href="https://serverbooter.com/post/cloudnativecon-kubecon-europe/">CloudNativeCon/Kubecon Berlin</a> this year.</p> <p>As of Today <a href="https://github.com/kubernetes/kops">Kops</a> the standard tool for installing Kubernetes on AWS doesn’t support GCP yet (it’s in the works). However you can still setup your cluster using good old <a href="https://github.com/kubernetes/kubernetes/blob/master/cluster/kube-up.sh">kube-up.sh</a>. There’s also a pretty good explanation on the <a href="https://kubernetes.io/docs/getting-started-guides/gce/">k8s docs</a>. Make sure you install the <a href="https://cloud.google.com/sdk/">Google Cloud SDK</a> with gcloud and all their utils.</p> </article> <article> <h1>DC/OS on GCP</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Thu, 11 May 2017 16:28:29 +0000</p> <p>DC/OS is the commercialized <a href="http://mesos.apache.org/">Mesos</a> distribution + extras maintained by Mesosphere. I found it very straight forward to setup in GCP with the out of the box <a href="https://github.com/raravena80/dcos-gce">Ansible scripts</a> provided by Mesosphere.</p> <p>For starters I followed everything described in the <a href="https://github.com/raravena80/dcos-gce/blob/master/README.md">README</a>.</p> <p>Then, I had to modify the <code>group_vars/all</code> file in the playbook</p> <pre tabindex="0"><code>--- project: <my-gcp-project-id> subnet: default login_name: <my-gcp-login-id-with-no-email> bootstrap_public_ip: 10.128.0.10 # This IP need to match the network in the zone zone: us-central1-c master_boot_disk_size: 200 # 200 is the recommended in GCP as of 05-2017 master_machine_type: n1-standard-1 master_boot_disk_type: pd-standard agent_boot_disk_size: 200 agent_machine_type: n1-standard-1 agent_boot_disk_type: pd-standard agent_instance_type: "MIGRATE" agent_type: private start_id: 0001 end_id: 0001 gcloudbin: gcloud image: 'centos-7-v20161027' image_project: 'centos-cloud' bootstrap_public_port: 8080 cluster_name: cluster_name scopes: "default=https://www.googleapis.com/auth/cloud-platform" dcos_installer_filename: dcos_generate_config.sh dcos_installer_download_path: "https://downloads.dcos.io/dcos/stable/{{ dcos_installer_filename }}" home_directory: "/home/{{ login_name }}" downloads_from_bootstrap: 2 dcos_bootstrap_container: dcosinstaller </code></pre><p>Then to create the master I ran:</p> </article> <article> <h1>Parsing Deeply Nested JSON in Go</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Fri, 28 Apr 2017 16:28:29 +0000</p> <p>Parsing deeply nested json in Go is a bit challenging due to the fact that the language doesn’t provide many helpers to do so. If you do that in Ruby or Python it’s pretty straight forward running some like this in Python <code>j = json.load(jsonstring)</code> or in Ruby <code>j = JSON.load(jsonstring)</code>.</p> <p>In go generally you have to prefine your structs and run through an <code>Unmarshal</code> function which means that most of the times you need to know ahead of time what the nest level and structure of your target json is to parse it. For example:</p> </article> <article> <h1>CloudNativeCon KubeCon Europe</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Tue, 25 Apr 2017 16:28:29 +0000</p> <p>This same blog entry is <a href="https://www.cncf.io/blog/2017/04/18/diversity-scholarship-series-berlin-eyes-cloud-infrastructure-fanatic/">here</a>. Thanks to the cncf folks who helped me put this together.</p> <hr> <p>I’ve attended many conferences before, but I was happy to get the diversity scholarship to attend CloudNativeCon + KubeCon Europe 2017 in Berlin as there is always so much more to learn. It was my first time attending an event organized by the Linux Foundation, and I hope to attend more in the future. I loved all the insights and advances that I obtained through all of the highlighted Cloud Native projects including Kubernetes, gRPC, OpenTracing, Prometheus, Linkerd, Fluentd and OpenDNS from the variety of industry leaders. The keynotes were quite memorable as well, including the Kubernetes 1.6 updates by Aparna Sinha (Google), Federation from Kelsey Hightower (Google), Kubernetes Security Updates from Clayton Coleman (Red Hat), Helm from Michelle Noorali (Deis), Scaling Kubernetes from Joe Beda (Heptio) and Quay from Brandon Phillips (CoreOS).</p> </article> <article> <h1>About Me</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Tue, 25 Apr 2017 16:24:50 +0000</p> <p>Ricardo is a Cloud Native AI Lead. He’s an open-source enthusiast, currently serving on the CNCF TOC and as Lead for the CNCF Cloud Native AI Initiatives. He has also co-chaired the CNCF TAG-Runtime. Recently, he led the publication of the Cloud Native AI Whitepaper and is currently leading various initiatives within the Cloud Native AI Working Group.</p> <p>He has worked in tech and software engineering roles for over 25 years. He comes from a diverse professional background, having held various roles at large companies such as Rakuten, Cisco, and VMware, as well as at startups like Truera, Branch Metrics, and Coupa.</p> </article> <article> <h1>LXC Playing</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Sat, 29 Oct 2016 16:28:29 +0000</p> <p>Over the last couple of years Docker has seen incredible growth across the tech industry. Its use ties together with deployment of Microservices in most Cloud based companies. Docker is easy to use and its in constant development. In the last month I decided to venture and try something different that has been around even before Docker but in a more primitive form. You see containers have been around before Docker for a long time and even before that with the introduction of chroot in 1979. Containers were first introduced in Solaris in 2005 with the introduction of Solaris Containers, described as ‘chroot’ on steroids. Then later in 2008 with adoption of the Containers name by LXC. (what Docker was based on initially) and also the inclusion of user namespaces in the Linux Kernel 3.8.</p> </article> <article> <h1>Docker First Impressions</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Fri, 07 Mar 2014 16:28:29 +0000</p> <p>For the last few days I’ve been taking at crack at using the recent <a href="https://www.docker.io/">Docker</a> container deployment tool that I’ve been hearing a lot buzz about. In essence, it’s a wrapper on top of Linux <a href="https://linuxcontainers.org/">LXC containers</a>, writen in the new friendly and not so popular yet <a href="http://golang.org/">Go</a> language developed at Google.</p> <p>Just a little bit of background, for those of you not familiar with LXC containers, they are pretty much defined as <code>chroot</code> on steroids. Basically, you can run isolated virtual environments in a single Linux machine and make it look like that they are different machines. These environments give you the advantage of being isalated and at the same they are able to use the same Linux exectutables and memory space to improve speed and footprint size.</p> </article> <article> <h1>Ansible Playbook for PaperTrail on Ubuntu</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Tue, 29 Oct 2013 11:54:00 +0000</p> <p>This posts describes how to create a simple <a href="http://www.ansible.com">Ansible</a> task on how to setup <a href="https://www.papertrailapp.com">PaperTrail</a> on Ubuntu.</p> <p>It’s a follow up to a previous <a href="https://serverbooter.com/post/how-to-create-an-ansible-playbook-to-configure-haproxy/">blog</a> describing an Ansible Playbook to setup an HAProxy system. This Ansible <code>task</code> can be included in the HAProxy playbook as well as any other playbooks with something like this:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nn">---</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="nt">PLAYBOOK</span><span class="p">:</span><span class="w"> </span><span class="l">Install papertrail on Ubuntu</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="nn">---</span><span class="w"> </span></span></span><span class="line"><span class="cl">- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">scout</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hosts</span><span class="p">:</span><span class="w"> </span><span class="l">all</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">user</span><span class="p">:</span><span class="w"> </span><span class="l"><user-with-sudo></span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">sudo</span><span class="p">:</span><span class="w"> </span><span class="kc">True</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tasks</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">include</span><span class="p">:</span><span class="w"> </span><span class="l">tasks/papertrail.yml</span><span class="w"> </span></span></span></code></pre></div><p>Next, we define the <code>task</code> that includes installing the dependencies rsyslog and libssl-dev. Also we copy a specific rsyslog configuration for papertrail.</p> </article> <article> <h1>Simple Clouformation With Multiple AWS Accounts</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Thu, 24 Oct 2013 16:28:29 +0000</p> <p>In this post I’ll describe how to create a simple AWS CloudFormation template so that we can deploy stack using multiple AWS accounts. In other words a common JSON CloudFormation template that can be use to bring up a stack in multiple accounts. The way we are able to do this is by having exact copies of the <a href="http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ComponentsAMIs.html">EC2 AMIs</a> on all the accounts and regions where we are deploying our stack.</p> </article> <article> <h1>Ansible Playbook for Scout on Ubuntu</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Tue, 22 Oct 2013 00:00:00 +0000</p> <p>This is a sample Ansible task (<a href="http://www.ansibleworks.com">http://www.ansibleworks.com</a>) on how to setup Scout (<a href="https://www.scoutapp.com">https://www.scoutapp.com</a>) on Ubuntu. It needs to be included in an ansible playbook.</p> <p>It’s a follow up to a previous [blog]({% post_url 2013-10-21-how-to-create-an-ansible-playbook-to-configure-haproxy %}) describing an Ansible Playbook to setup an HAProxy system. This Ansible task can be included in the HAProxy playbook as well as any other playbooks with something like this:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nn">---</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="nt">PLAYBOOK</span><span class="p">:</span><span class="w"> </span><span class="l">Install scout on Ubuntu</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="nn">---</span><span class="w"> </span></span></span><span class="line"><span class="cl">- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">scout</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hosts</span><span class="p">:</span><span class="w"> </span><span class="l">all</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">user</span><span class="p">:</span><span class="w"> </span><span class="l">user-with-sudo</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">sudo</span><span class="p">:</span><span class="w"> </span><span class="kc">True</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">vars</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">scout_key</span><span class="p">:</span><span class="w"> </span><span class="l">YourScoutAPIKeyFromTheirWebsite</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tasks</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">include</span><span class="p">:</span><span class="w"> </span><span class="l">tasks/scout.yml</span><span class="w"> </span></span></span></code></pre></div><p>We start by defining a “task” file:</p> </article> <article> <h1>Upgrade Linux Kernel on Chromebook</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Mon, 21 Oct 2013 22:15:00 +0000</p> <p>So after installing ChrUbuntu on my Acer C7 Chromebook, I’m very pleased that with the help of this blog I was able to upgrade the Linux Kernel to 3.8.11</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">raravena@chromebook:~/git/blog-src$ uname -a </span></span><span class="line"><span class="cl">Linux chromebook 3.8.11 <span class="c1">#3 SMP Thu Oct 17 07:41:20 PDT 2013 x86_64 x86_64 x86_64 GNU/Linux</span> </span></span></code></pre></div><p>These are the modified steps:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="cp">#!/bin/bash </span></span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="nb">set</span> -x </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Grab verified boot utilities from ChromeOS.</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl">mkdir -p /usr/share/vboot </span></span><span class="line"><span class="cl">mount -o ro /dev/sda3 /mnt </span></span><span class="line"><span class="cl">cp /mnt/usr/bin/vbutil_* /usr/bin </span></span><span class="line"><span class="cl">mkdir -p /usr/bin/old_bins </span></span><span class="line"><span class="cl">cp /mnt/usr/bin/old_bins/vbutil_* /usr/bin/old_bins/. </span></span><span class="line"><span class="cl">cp /mnt/usr/bin/dump_kernel_config /usr/bin </span></span><span class="line"><span class="cl">rsync -avz /mnt/usr/share/vboot/ /usr/share/vboot/ </span></span><span class="line"><span class="cl">umount /mnt </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># On the Acer C7, ChromeOS is 32-bit, so the verified boot binaries need a</span> </span></span><span class="line"><span class="cl"><span class="c1"># few 32-bit shared libraries to run under ChrUbuntu, which is 64-bit.</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl">apt-get install libc6:i386 libssl1.0.0:i386 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Fetch ChromeOS kernel sources from the Git repo.</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl">apt-get install git-core </span></span><span class="line"><span class="cl"><span class="nb">cd</span> /usr/src </span></span><span class="line"><span class="cl">git clone https://git.chromium.org/git/chromiumos/third_party/kernel-next.git </span></span><span class="line"><span class="cl"><span class="nb">cd</span> kernel-next </span></span><span class="line"><span class="cl">git checkout origin/chromeos-3.8 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Configure the kernel</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># First we patch ``base.config`` to set ``CONFIG_SECURITY_CHROMIUMOS``</span> </span></span><span class="line"><span class="cl"><span class="c1"># to ``n`` ...</span> </span></span><span class="line"><span class="cl">cp ./chromeos/config/base.config ./chromeos/config/base.config.orig </span></span><span class="line"><span class="cl">sed -e <span class="se">\ </span></span></span><span class="line"><span class="cl"> <span class="s1">'s/CONFIG_SECURITY_CHROMIUMOS=y/CONFIG_SECURITY_CHROMIUMOS=n/'</span> <span class="se">\ </span></span></span><span class="line"><span class="cl"> ./chromeos/config/base.config.orig > ./chromeos/config/base.config </span></span><span class="line"><span class="cl">./chromeos/scripts/prepareconfig chromeos-intel-pineview </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># ... and then we proceed as per Olaf's instructions</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl">yes <span class="s2">""</span> <span class="p">|</span> make oldconfig </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Build the Ubuntu kernel packages</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl">apt-get install kernel-package </span></span><span class="line"><span class="cl">make-kpkg kernel_image kernel_headers </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Backup current kernel and kernel modules</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="nv">tstamp</span><span class="o">=</span><span class="k">$(</span>date +%Y-%m-%d-%H%M<span class="k">)</span> </span></span><span class="line"><span class="cl">dd <span class="k">if</span><span class="o">=</span>/dev/sda6 <span class="nv">of</span><span class="o">=</span>/kernel-backup-<span class="nv">$tstamp</span> </span></span><span class="line"><span class="cl">cp -Rp /lib/modules/3.4.0 /lib/modules/3.4.0-backup-<span class="nv">$tstamp</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Install kernel image and modules from the Ubuntu kernel packages we</span> </span></span><span class="line"><span class="cl"><span class="c1"># just created.</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl">dpkg -i /usr/src/linux-*.deb </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Extract old kernel config</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl">vbutil_kernel --verify /dev/sda6 --verbose <span class="p">|</span> tail -1 > /config-<span class="nv">$tstamp</span>-orig.txt </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Add ``disablevmx=off`` to the command line, so that VMX is enabled (for VirtualBox & Co)</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl">sed -e <span class="s1">'s/$/ disablevmx=off/'</span> <span class="se">\ </span></span></span><span class="line"><span class="cl"> /config-<span class="nv">$tstamp</span>-orig.txt > /config-<span class="nv">$tstamp</span>.txt </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Wrap the new kernel with the verified block and with the new config.</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl">vbutil_kernel --pack /newkernel <span class="se">\ </span></span></span><span class="line"><span class="cl"> --keyblock /usr/share/vboot/devkeys/kernel.keyblock <span class="se">\ </span></span></span><span class="line"><span class="cl"> --version <span class="m">1</span> <span class="se">\ </span></span></span><span class="line"><span class="cl"> --signprivate /usr/share/vboot/devkeys/kernel_data_key.vbprivk <span class="se">\ </span></span></span><span class="line"><span class="cl"> --config<span class="o">=</span>/config-<span class="nv">$tstamp</span>.txt <span class="se">\ </span></span></span><span class="line"><span class="cl"> --vmlinuz /boot/vmlinuz-3.8.11 <span class="se">\ </span></span></span><span class="line"><span class="cl"> --arch x86_64 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Make sure the new kernel verifies OK.</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl">vbutil_kernel --verify /newkernel </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Copy the new kernel to the KERN-C partition.</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl">dd <span class="k">if</span><span class="o">=</span>/newkernel <span class="nv">of</span><span class="o">=</span>/dev/sda6 </span></span></code></pre></div><p>I ran into an error while compiling the kernel, but gladly was able to fix it</p> </article> <article> <h1>How To Create an Ansible Playbook to Configure HAProxy</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Mon, 21 Oct 2013 00:00:00 +0000</p> <p>This is the continuation for <a href="https://serverbooter.com/post/setup-a-simple-haproxy-config/">Setup a simple HAproxy config</a></p> <p>It explains how to create an Ansible playbook to automate the haproxy configuration.</p> <p>If you’d like to find out more about Ansible you can read up on it on their website: <a href="http://www.ansible.com">http://www.ansible.com</a></p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nn">---</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="c"># Set up and configure an HaProxy server (Ubuntu flavor)</span><span class="w"> </span></span></span><span class="line"><span class="cl">- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">haproxy</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hosts</span><span class="p">:</span><span class="w"> </span><span class="l">all</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">user</span><span class="p">:</span><span class="w"> </span><span class="l">userwithsudoaccess</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">sudo</span><span class="p">:</span><span class="w"> </span><span class="kc">True</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tags</span><span class="p">:</span><span class="w"> </span><span class="l">haproxy</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">vars_files</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">"vars/main.yml"</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tasks</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># haproxy package for Ubuntu</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">include</span><span class="p">:</span><span class="w"> </span><span class="l">tasks/haproxy-apt.yml</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># Specific haproxy tasks follow here</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">Copy haproxy logrotate file</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">action</span><span class="p">:</span><span class="w"> </span><span class="p">></span><span class="sd"> </span></span></span><span class="line"><span class="cl"><span class="sd"> copy src=files/haproxy.logrotate dest=/etc/logrotate.d/haproxy </span></span></span><span class="line"><span class="cl"><span class="sd"> mode=0644 owner=root group=root</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">Create haproxy rsyslog configuration</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">action</span><span class="p">:</span><span class="w"> </span><span class="p">></span><span class="sd"> </span></span></span><span class="line"><span class="cl"><span class="sd"> copy src=files/haproxy-rsyslog.conf </span></span></span><span class="line"><span class="cl"><span class="sd"> dest=/etc/rsyslog.d/49-haproxy.conf </span></span></span><span class="line"><span class="cl"><span class="sd"> mode=0644 owner=root group=root</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">notify</span><span class="p">:</span><span class="w"> </span><span class="l">restart rsyslog</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">Configure system rsyslog</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">action</span><span class="p">:</span><span class="w"> </span><span class="p">></span><span class="sd"> </span></span></span><span class="line"><span class="cl"><span class="sd"> copy src=files/rsyslog.conf </span></span></span><span class="line"><span class="cl"><span class="sd"> dest=/etc/rsyslog.conf </span></span></span><span class="line"><span class="cl"><span class="sd"> mode=0644 owner=root group=root</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">notify</span><span class="p">:</span><span class="w"> </span><span class="l">restart rsyslog</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">Create haproxy configuration file</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">action</span><span class="p">:</span><span class="w"> </span><span class="p">></span><span class="sd"> </span></span></span><span class="line"><span class="cl"><span class="sd"> template src=templates/haproxy.cfg.j2 dest=/etc/haproxy/haproxy.cfg </span></span></span><span class="line"><span class="cl"><span class="sd"> mode=0644 owner=root group=root</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">notify</span><span class="p">:</span><span class="w"> </span><span class="l">restart haproxy</span><span class="w"> </span></span></span></code></pre></div><p>The following file that contains the variables needed for the haproxy playbook it should located under vars (vars/main.yml)</p> </article> <article> <h1>Setup a Simple HAProxy Config</h1> <p>raravena80@gmail.com (Ricardo Aravena) — Mon, 21 Oct 2013 00:00:00 +0000</p> <p>Here’s simple haproxy configuration to get you started, you probably want to stick this under /etc/haproxy/haproxy.cfg</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-plain" data-lang="plain"><span class="line"><span class="cl">global </span></span><span class="line"><span class="cl"> log 127.0.0.1 local0 </span></span><span class="line"><span class="cl"> log 127.0.0.1 local1 notice </span></span><span class="line"><span class="cl"> maxconn 4096 </span></span><span class="line"><span class="cl"> user haproxy </span></span><span class="line"><span class="cl"> group haproxy </span></span><span class="line"><span class="cl"> daemon </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">defaults </span></span><span class="line"><span class="cl"> log global </span></span><span class="line"><span class="cl"> mode http </span></span><span class="line"><span class="cl"> option httplog </span></span><span class="line"><span class="cl"> option dontlognull </span></span><span class="line"><span class="cl"> retries 3 </span></span><span class="line"><span class="cl"> option redispatch </span></span><span class="line"><span class="cl"> maxconn 4096 </span></span><span class="line"><span class="cl"> contimeout 5000 </span></span><span class="line"><span class="cl"> clitimeout 50000 </span></span><span class="line"><span class="cl"> srvtimeout 50000 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> stats enable </span></span><span class="line"><span class="cl"> stats auth admin:password </span></span><span class="line"><span class="cl"> stats uri /monitor </span></span><span class="line"><span class="cl"> stats refresh 5s </span></span><span class="line"><span class="cl"> option httpchk GET /status </span></span><span class="line"><span class="cl"> retries 5 </span></span><span class="line"><span class="cl"> option redispatch </span></span><span class="line"><span class="cl"> errorfile 503 /etc/haproxy/errors/503.http </span></span><span class="line"><span class="cl"> errorfile 400 /etc/haproxy/errors/400.http </span></span><span class="line"><span class="cl"> errorfile 403 /etc/haproxy/errors/403.http </span></span><span class="line"><span class="cl"> errorfile 408 /etc/haproxy/errors/408.http </span></span><span class="line"><span class="cl"> errorfile 500 /etc/haproxy/errors/500.http </span></span><span class="line"><span class="cl"> errorfile 502 /etc/haproxy/errors/502.http </span></span><span class="line"><span class="cl"> errorfile 503 /etc/haproxy/errors/503.http </span></span><span class="line"><span class="cl"> errorfile 504 /etc/haproxy/errors/504.http </span></span><span class="line"><span class="cl"> balance roundrobin # each server is used in turns, according to assigned weight </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">listen http-in </span></span><span class="line"><span class="cl"> bind :80 </span></span><span class="line"><span class="cl"> monitor-uri /haproxy # end point to monitor HAProxy status (returns 200) </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> # option httpclose </span></span><span class="line"><span class="cl"> server server1 server1.mydomain.com:8080 weight 1 maxconn 2000 check inter 4000 </span></span><span class="line"><span class="cl"> server server2 server2.mydomain.com:8080 weight 1 maxconn 2000 check inter 4000 </span></span><span class="line"><span class="cl"> server server3 server3.mydomain.com:8080 weight 1 maxconn 2000 check inter 4000 </span></span><span class="line"><span class="cl"> rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address </span></span></code></pre></div><p>You also want to setup logging using rsyslog, you can syslog-ng or other loggers too as well, but the configuration is different.</p> </article> </main></body></html>