diff --git a/Hermes/yunzhi/Obsidian-Claude-Code-第二大脑协作指南.md b/Hermes/yunzhi/Obsidian-Claude-Code-第二大脑协作指南.md new file mode 100644 index 00000000..7f8d501e --- /dev/null +++ b/Hermes/yunzhi/Obsidian-Claude-Code-第二大脑协作指南.md @@ -0,0 +1,104 @@ +--- +title: "Obsidian + Claude Code:第二大脑与 AI 代理协作指南" +tags: + - AI + - Obsidian + - Claude-Code + - 第二大脑 + - 个人知识管理 + - LLM +source: "Ben's Abundance Lab × Internet Vin 播客" +duration: "58:56" +date: 2025-02-20 +transcribed_by: Whisper (OpenAI) +translated_by: 云智 +--- + +# Obsidian + Claude Code:第二大脑与 AI 代理协作指南 + +> **来源**:Ben's Abundance Lab × Internet Vin 播客访谈 +> **日期**:2025 年 2 月 20 日 +> **主题**:如何将 Obsidian 与 Claude Code 配对使用,构建真正的个人 AI 操作系统 +> **时长**:约 59 分钟 +> **转录**:Whisper (OpenAI, base model, CPU) +> **翻译**:云智 + +--- + +## 段落 1 [00:00 → 01:13] + +这就是 Obsidian,Obsidian 是人们用作第二大脑的小工具,但真正酷的是,他们将它与 Claude 代码配对,并从中得到了疯狂的结果。它确实改变了游戏规则,现在我采用黑曜石的速度很慢,因为对我来说,它看起来有点令人畏惧。所以我有我的朋友 Vin,他清楚地解释了黑曜石是什么,你如何将它与 Claude 代码一起使用?如何设置这些命令,真正让克劳德和所有法学硕士发挥最大作用,这是一个令人难以置信的剧集,就像一个真正改变游戏规则的剧集,因为我认为那些了解如何使用黑曜石和如何一起使用克劳德代码的人他们将能够过上更快乐、更健康和更富裕的生活为什么因为它为你提供了令人难以置信的想法,所以我知道那些坚持到这一集结束的人我认为对于他们中的很多人来说这绝对会改变他们如何使用人工智能,这将是一种超级有影响力的方式,因为你会在正确的时间正确的时刻获得更好的想法,这会让你更快乐、更健康、更富有地享受这一集 + +--- + +## 段落 2 [01:21 → 04:26] + +我有我亲爱的朋友 Vin,在播客中也称为 Internet Vin。我真的恳求他上场,我恳求他,我恳求这个人上场,并在本播客节目结束时教我们一件非常具体的事情。人们要学什么?我希望您了解如何使用 Claude 代码和 Obsidian 作为思考伙伴 我希望您了解如何停止必须一遍又一遍地向代理解释事情并只传递特定文件,我希望您了解如何使用 Obsidian 和 Claude 代码来注意到您认为如果没有这些工具您自己不会注意到的事情,一切都可以从您的嘴唇传到上帝的耳朵。让我们开始吧 好吧,首先就像什么是克劳德代码 所以克劳德代码就像您可以在命令行界面中使用的代理一样。所以基本上你可以使用这个工具来控制你的计算机,你可以通过自然语言使用它所以我可以说创建一个文件或在我的桌面上创建一个文件,用纯文本说“你好格雷格”对,它会去执行此操作,这真的很酷。这是以前不可能实现的新功能,在此之前,我必须到桌面打开一些文本编辑器,然后创建该文件,现在该文件位于我的桌面上,所以我可以说打开该文件,我们开始吧。你好格雷格。现在这太疯狂了,有趣的是,如果你有一个可以在你的计算机上进行控制和做事的代理,这意味着无论你向它描述什么,它都可以开始做,所以当你向它描述一个项目时,或者你与代理进行长时间的对话时,嗯,它可以做越来越复杂的事情,它拥有的信息越多,它可以做的事情就越复杂。就像与这个代理就一个特定项目进行一个小时的对话就像我不想创建一个新会话来解释所有我不想一遍又一遍地一遍又一遍地解释嗯很多人都在网络上使用云或聊天GPT,它有内存之类的东西但是你不能喜欢控制你不知道内存里有什么,你不知道它知道什么和不知道什么所以需要有某种像你一样的方式知道将信息传递给这些代理会更容易、更快 你可以提供的信息越好,信息越快,你可以提供的信息就越多,如果它能为你做的事情就越多,你可以委托给它的东西就越好,越快 好吧,现在,即使我假设我像你知道的那样,假设我在这里写了一个大项目描述,对吧 创建一个文件来描述你知道一个项目 um + +--- + +## 段落 3 [04:29 → 17:06] + +关于呃待办事项列表应用程序,嗯,它的设计非常简单,可以从呃所有日历MI消息中读取,嗯,我的插槽和松弛和解释坐在任务列表中,它认为我应该做的任务我不知道一些想法所以现在这是一个可以在我的桌面上的文件当我使用云代码时我可以做的是我可以引用该文件并在我想要的时候传递它为什么这很重要是因为它是老游戏的上下文是的,是的,我不想一遍又一遍地这样做,当我在这几天里工作时,我不会记得像我们谈论过的那样,所以我想要某种我可以传递的文件,哦,对不起,格雷格,让我们说,是的,这就是很多人在使用云代码时面临的问题,就像他们正在使用它一样,然后他们说好吧,没关系。这不像是改变游戏规则,问题是他们没有,他们不是,他们没有在正确的时间提供正确的上下文,是的,所以这就是这样,这就像它写的一个项目描述,显然我可以将其传递进去,这就像一个这就像我刚刚创建的一般描述,但是你可以使它们变得非常复杂,你可以随着时间的推移将它们构建成强大的文件。所以我们知道云代码可以创建文件,它可以重复并且可以立即读取文件,所以现在我可以说,假设我创建了一个新会话。所以这是一个新的会议 现在我可以说我想从事这个项目,我去这里,这将是在这里做破折号。哦,现在我不需要再次解释该文件,我需要我不需要再次解释该项目,对吧,所以它将读取该文件,并且它将像“你知道,这为我节省了很多时间,这个伟大的项目节省了很多时间”,然后再深入研究几个问题来确定第一个会话的范围,所以这将继续。那么现在黑曜石是什么?右黑曜石是这个工具,它有点像位于 Markdown 文件集合之上的界面,所以这里就像这样读取 Markdown 文件。我如何使用黑曜石故事开发 对我有一个每日笔记 这是我的每日笔记。这也是一个 markdown 文件,我应该做我自己的基本分析,思考事物在成长并变得更加主流时如何保持纯粹对,这只是我拥有的一个文件,你知道就像 Greg Eisenberg 的文件一样,我没有把它放在一起,这很奇怪。是的,这很奇怪,所以我制作了一些文件,比如我从别人那里学到的东西的笔记以及类似的东西。所以我有不同的文件来处理所有正确的事情,有趣的是,黑曜石与这整个东西相互作用被称为保险库,它与文件夹的不同之处在于,黑曜石不仅与你知道的文件文件夹进行交互,而且它的作用是它还允许你建立相互连接文件之间的关系,所以我今天可以说。我在 Greg Eisenberg 的播客上,现在这个文件链接到了 Greg Eisenberg 文件 超级有趣 超级有趣,所以当人们喜欢像人们一样 有很多人真的很喜欢使用黑曜石和像黑曜石这样的工具,因为它具有形成相互关系的能力 这是独特的,只是在计算机上有一个文件夹无法显示这些相互关系 所以当你开始随着时间的推移不断制作这些相互关系时,它会变得非常有趣 对,所以什么这里发生了一些可视化,所以这里这些圆圈中的每一个都是一个文件,并且它显示了它如何连接到所有其他文件,无论在哪里写了东西,所以这里就像个人代理基础设施对,所以我可以看看你知道,我想我还应该对此添加一点评论,以及做这个演示的困难之处这里有很多个人信息,因为这就像我个人的事情所以我什至不知道要显示什么就在屏幕上,对吗?但这是做这样的演示的一部分,这有点奇怪和有趣,但你可以看到个人代理基础设施链接到代理人工智能。这里有一个电报链接 这里有一个给 Shopify 创始人 Toby 点赞的链接。 有一个类似存在日志爪形机器人的链接,你知道,然后就像我有一个播客也称为其他东西,就像你看到的那样,我显然做了很多类似的事情,思考得很好,所以我也可以假设我去格雷格·艾森伯格,我去本地图表。这就像我每次写关于格雷格·艾森伯格关于时间限制的正确笔记一样。我如何使用黑曜石,这很有趣 嗯,所以如果我正在听你的讲话并且我也爱你 如果我正在听一个节目并且我正在选择不同的模式我可以我可以将其引用回格雷格所以这真的很有趣,但这就是人们喜欢黑曜石的原因是因为这些相互关系你可以打开一个文件然后你知道,我刚刚打开这个文件然后我就像哦有趣我提到了格雷格艾森伯格 我可以单击它,它就会转到该文件。这很有趣,对吧?它表明它更适合它 它的工作方式更像你的大脑工作方式 你的大脑一直连接这些模式 这是一个问题。是的。是的,所以我明白为什么它很有趣但是这如何让我获得更好的输出呢?确切地。是的,接下来就是黑曜石发布这个名为黑曜石 CLI 的新工具,它允许您使用云代码,它可以读取黑曜石库中的所有文件,这是一个文本文件文件夹,但是使用黑曜石 CLI,它不仅可以为云代码提供它可以读取和访问的文件,还可以为云代码提供有关这些文件相互关系的信息,因此您可以看到,云代码可以看到该文件已连接到该文件这个文件和这个文件 就什么云代码可以理解你以及什么云代码可以理解你正在处理的事情之间的所有关系而言,这变得非常有趣它可以开始浮现出你正在思考的事情的模式,而你自己没有看到你可能已经在这个库中写了一年的一些想法它可能是一个潜在的想法,它可以立即说嘿你知道你一直在写同样的模式和初创公司或者在你正在处理的这个特定项目中吗你在这些不同领域所做的每一个注释,并且第一次看到它可以像一个巨大的灯泡效应,它可以导致巨大的进步,你正在学习,你正在理解你对世界的看法,还有你正在做的事情,嗯,所以我现在已经写了,我想演示它实际上是如何工作的,即如何将信息传递到代理中,如果没有黑曜石和云代码,这是不可能的所以这里有一些我使用的命令,但我不使用希望你害怕所有这些东西我知道这看起来很激烈但是嗯这里是嗯这是我有一些命令,这只是我创建的终端,我在黑曜石中运行它你不需要使用这个你也可以在你自己的终端会话中使用任何你想要的工具执行此操作但我把它放在黑曜石中因为我想一起看到它我想向你展示如何集成和自定义这个环境所以这是一个很酷的事情所以上下文斜线上下文加载关于我的生活工作的完整上下文在当前状态下读取上下文文件每日笔记并遵循反向链接来构建完整的图片所以我将在这里向您展示所以就像比方说我打开一个新会话在我的桌面上的云中现在就像我要开始做某事但是在我开始工作之前我可以输入上下文演示现在它将读取一大堆关于我当前完成情况的文件就像我已经预加载一样我现在已经在所有这些上下文中进行了预加载,因此您可以看到它将开始读取所有这些文件它正在读取自述文件它正在读取有关 new 的上下文,这是我正在工作的一家媒体公司它正在读取其他内容。它正在读取我的个人信息,其他内容是我的节目它正在读取个人工作流程上下文,因此我不必担心它不知道我想知道的关键信息我只是执行了一个命令,现在它将完成所有信息所以我今天可以使用斜杠,这是一个早间回顾,一个帖子日历任务 iMessages 在过去一周的日常笔记中进入当天的优先计划 为什么这很重要? 好吧,当然你可以设置一个代理,并让它访问你的日历、你的任务、iMessages 和类似的东西,但遗憾的是,它没有关于你正在考虑的事情的所有信息,以及为什么如果我每天写一些我感兴趣的特定技术、项目或事物的笔记,我的日历是否会积极反映,就像它是否与我实际正在写的主题相匹配如果代理有这样的背景,你可以它可以更有效地为你提供有关你应该做什么或做什么的信息不做或它可以更有效地决定哪些内容应该在您的日历中或不在您的日历中这是另一个斜线关闭日如果日处理提取操作项目表面保险库连接检查置信标记需要更新所以我有一堆假设我考虑并给它们一个置信度评级这是我正在研究的一个想法我对此感觉非常可靠。这是我正在研究的另一个想法。我不确定。这些就像日常运营的事情,但这就是我最常使用黑曜石的东西,这是思考工具,我真的非常非常喜欢与法学硕士作为思考伙伴一起工作,这是我最喜欢使用法学硕士的方式,我知道人们喜欢使用代理和法学硕士来构建东西,但我真的很喜欢使用他们与我一起思考,当我觉得你知道的时候进行构建,我真的有一种新颖的看待事物的方式。所以让我们看看这里 所以幽灵 这是他的命令,让它按照我的方式回答问题 它从金库中构建一个语音配置文件,然后用该声音写入,然后评估保真度 所以我只能说我对人工智能的看法,我将向您展示这个挑战主题 使用金库自己的历史进行压力测试当前的信念 发现矛盾反证和思维转变 如果我想确保我作为一个人和作为一个人不断发展,为什么这很重要以我的技能,我想确保你知道我的观点过于偏见或有限,所以这可以挑战我出现金库暗示的表面想法,但从不从分散的前提、未命名的模式、未明确的方向得出结论,这是超级超级有用的,因为很多时候你知道我可能会被困在很多不同的方式中,比如多年来,只是有人对我说了一件简单的事情,只是说嘿,这只是命名这个想法嘿,你知道你一直在围绕这个转圈吗模式?巨大突破斜线漂移它将我陈述的注意力意图与 30 至 60 天内的实际行为进行比较。我在这个播客上避免的想法人们可能会喜欢这个具有跨域模式检测和图形分析功能的深度 30 天金库皮肤,以生成跨所有域的想法。这不仅给了我关于我应该做的类似事情的想法,就像它给了我关于工具和类似事情的想法,而且它也给了我关于类似电影的想法。我应该看产品。我应该再次购买受我在金库中写的类似事物影响的东西 + +--- + +## 段落 4 [17:10 → 17:23] + +Trace 追踪一个想法在整个金库中如何随着时间的推移而演变。让我们看看其中的一些内容 跟踪演示 所以我已经做了这个,它的工作方式是我就像在这里创建一个选项卡,我可以像云一样 + +--- + +## 段落 5 [17:25 → 22:25] + +Trace 和我必须创建所有这些命令的演示版本,因为我的保管库中有多少个人信息,但我什至不知道我什至无法控制屏幕上显示的内容,我有一个愚蠢的问题,就像我们看到的所有命令一样,这些命令是您创建的还是黑曜石创建的,这些是我创建的命令,您可以通过仅要求云代码创建特定命令来轻松创建它们我们可以包含在显示注释和描述中就像链接一样人们可以点击访问一些供应商呃技能如果是的话,当然是的,所以你可以在这里看到我所做的就是我刚刚输入了斜杠跟踪演示演示只是因为我公开展示了我如何使用黑曜石所以它的作用是跟踪我的我开发的方式以及我通过我的保险库导航这个想法的方式所以我这里有一个非常有趣的例子所以在这里我做了它,我和我让它运行,它正在做的就像它说的那样一切都追踪你与黑曜石的关系是如何演变的 让我开始构建一个词汇表并在保险库中进行搜索 所以当你有一个“喜欢”时,现在它开始通过保险库读取所有这些不同的文件 它可以看到使用黑曜石 CLI 连接的所有文件 这是很多人 这是我自己永远无法完成的事情 阅读所有这些文件以了解它们如何相互关联 这对于我作为一个人来说是不可能的 然后这是吐出来的。我现在拥有构建此跟踪所需的一切。这是完整的演变跟踪我如何使用黑曜石首次出现于 2025 年 1 月 11 日,时间跨度为 13 个月。这与这个金库有关,特别是指这里的所有文件。它说,2024年12月前的金库,我在多伦多西部做笔记的文章,日期为2024年12月1日,描述了一个完整的系统,其中黑曜石根本不起任何作用。该系统是通过mac Whisper的音频转储,LLM对话循环可以opio用于空间映射,用于认知摩擦的物理笔记本,融合土地,用于跟踪碎片的竞技场,管道是捕获过程结晶,这是基线黑曜石不在其中图片发现和怀疑 2025 年 1 月至 5 月 保险库中的第一个每日笔记 原始的兴奋与不确定性混合在一起 我可能也可以将转录放在这里作为存储它们的一种方式 当前的理论是,就定向链接做笔记而言并不是那么有用,但我不知道它说的是所选工具最初我是后环链接,它在这里说我如何使用黑曜石笔记关于反向链接的关键认识最初我是向后链接到一般术语播客或身体健康或电影制作我意识到这不是使用黑曜石的最有用的方法,最重要的事情是为我的每个模式理论项目或观点创建注释,并将它们记录在我的脑海中,然后链接到这些注释,所以这就像从我写过的东西中提取出来,它正在形成这个概念的历史,我可以用任何我能做到的东西来做到这一点,比如初创公司。我可以用一个特定的项目来做到这一点,我的关系就像一个爱好,一切都对,然后到 2026 年 1 月的第四阶段,一个月的爆炸性建筑一切仍然需要,然后就像一切仍然需要我积极提示和管理每个部分会话下一个解锁是弄清楚如何让代理任务按主题运行摩擦不再是黑曜石本身,而是金库和代理执行之间的边界所以你可以看到我真的在推动自己正确,这很酷。这对我来说是非常有用的事情,让我了解我对这个工具的使用是如何演变的,只是我认为我可以只是做笔记,然后关于我一生中所有这些不同的事情,就像作为父母一样,我可以反思我正在学习的不同事情,这是荒谬的。 我只是觉得这太疯狂了 一台计算机可以拥有这么多关于我的信息并呈现这些模式 我无法自己这么快地做到这一点 这对我来说是多么伟大的工具 就像我现在就在这里 而且我是你知道的,因为我正在思考事情,它给了我关于我的生活和我正在从事的项目的正确想法 所以我可以说你知道,我与黑曜石的关系随着时间的推移而演变的方式很有趣 这让我思考了很多关于 + +--- + +## 段落 6 [22:28 → 29:12] + +我与计算机的关系随着时间的推移而演变,从我还是个孩子的时候到现在,很有趣这些事情是如何发生并随着时间的推移而复合的我们并没有真正意识到它所以它就像一个音符,它是一个想法。所以这是一个例子所以我认为擅长黑曜石的一部分听起来就像反思你知道将反思插入你的日常生活中因为很多人你知道,我们正在从一个会议转移到另一个会议。我们很忙。我们是父母,你知道,我们长大了,当然我们会在笔记本上写下一些东西,但我觉得随着年龄的增长,我们实际上写和反思的东西越来越少。是的,你知道,你是如何将反思融入到你的生活中的?是的,我认为嗯,对我来说,这确实是有两个原因,我认为反思很有趣,做笔记很有趣,一是能够像我一样回顾它们真是太棒了,显然我现在可以使用代理但对我来说,回去看看这些笔记并意识到哦,就像我是一个不断改变我的技能的人,不断改变的项目不断发展,这只是一个使得它成为生活中令人惊奇的一部分,能够反思事物如何随着时间的推移而变化以及你如何随着时间的推移而变化以及世界如何随着时间的推移而变化但另一件事是,这也有一个功能性原因我喜欢做笔记的原因是因为当我坐在电脑上时,这就是我产生想法的方式,然后我把事情写下来。例如,这就是想法的来源。这件事我刚刚写在这里。这只是一个简短的说明,我只是实时进行。我现在只是在编造它,但是通过写出来,我觉得我把它更多地内化了,而且我喜欢有好的想法。我喜欢进步所以因为我喜欢有好的想法,我喜欢进步写作就是我这样做的方式所以我想你知道如果你想培养像写作一样的习惯我想首先你必须将它与这样的想法联系起来这就是你进步的方式这就是你产生想法的方式这就是你形成原始思维方式的另一件事我要说的是,现在写作是你将事情委托给代理的一种重要方式这就像一个全新的,这是它的一个全新的方面。因此,如果您可以养成写作习惯,您就有更多的背景信息可以传递给代理,这会大大增加您可以委派的类似事物的数量以及您可以构建的事物的数量,我希望这是一个很好的答案。这与张开的爪子有什么关系,因为如果你想到张开的爪子,它本质上是你在最好的情况下知道的你的延伸。是的,它可以去做你知道的事情,呃,根据你的指导独立削减。那么你如何才能和谐地使用黑曜石、张开爪和反射命令是的,所以我想如果你看一下这里是我执行的一个命令的示例,它就像一个计划命令嗯,所以我要求这个东西做什么,正如我所说的计划我说我可以在今天 2 月 20 日下午 2 点与 Greg Eisenberg 开会吗?是的,它的作用当然是你可以查看我的日历和类似的东西,但它也会查看我的每日笔记。它将审视我关心的事情,然后给我一些观点。所以它说你的一天已经堆积如山,你今天早上已经在格雷格的播客上录制,然后是团队午餐郊游并与彼得和文斯会面,你的 2 月 17 日笔记显示格雷格这一集已经成为最重要的内容,因为专门的格雷格·艾森伯格笔记不,不是两个,所以建议不是下午 2 点。但您可能根本不需要单独的会议 是的,这实际上是正确的答案。这与开放爪有什么关系 开放爪就像自主代理一样,如果您将其设置为那样做,它就可以做事情,而无需一直提示它,它可以自己做出决定并为您构建东西 嗯,现在开放爪可以做的事情与我刚刚执行此命令的方式相同,开放爪也可以自己做这件事 它可以去读取我的金库,找到连接,然后做出决定 代表我,对我有更深入的了解,现在而不是像管理代理或与另一个人谈论某件事的工作。 我只专注于管理这个保险库,这就像新的来源,我只是不断地尝试和制作它,以便这个保险库拥有所需的所有信息,这样我就可以委托给代理,嗯代理可以从这个保险库源中提取并做出决定,如果它没有做出正确的决定。我正在改变金库里的一些东西。我不一定专门与代理人合作,嗯,这是我对这个问题的猜测。我认为这很有趣 是的,我想呃,让我有点担心的一件事是,如果黑曜石真的是你的第二个大脑,给你的第二个大脑提供张开的爪子访问是可怕的,是的,我会说这是嗯基本嗯,我想说的是,这项技术的奇怪元素,我故意给了嗯黑曜石,我的意思是对不起云代码或任何代理访问大量信息。我是故意这样做的,因为我与此的关系是,我想了解这些东西是什么,我想了解它们揭示的内容,你知道我们与计算机的关系正在如何变化,但这很奇怪。就像你必须真正考虑你与这些代理分享了多少信息以及这是否是正确的决定而且我认为嗯,看看隐私作为一个概念如何演变和变化以及我们为之奋斗或不为之奋斗以及喜欢我们世界的未来,即使有这些命令中的每一个,这将是非常有趣的。我必须创建一个新版本的演示版本,这样当我在这个播客的屏幕上时我就不会透露太多的个人信息即使这样,这也像是一个难以抉择的事情。你知道,我可以输入演示版本但是谁知道屏幕上会显示什么,你知道 + +--- + +## 段落 7 [29:14 → 29:31] + +您还想显示哪些其他命令,嗯,所以有 Connect,这是允许的,它允许我使用两个域并使用保管库链接图连接它们,所以我只能说我在这里做了一个 + +--- + +## 段落 8 [29:33 → 35:09] + +我只是要求它呃连接电影制作和世界建设,所以它遍历并读取所有这些不同的文件然后它可以开始说好吧,让我们连接这两个概念所以电影制作中的笔记呃电影制作附近的笔记所以我就像35个电影观看列表我与托比的第一次会面笔记世界建筑附近嗯世界建设论文嗯作为一家媒体公司的新人。所以这些是我正在考虑的不同的事情所以在采访门户和构建的世界之间架起一座桥梁在电影制作中如果我注意到一些具体的东西并提出有关它的问题它将打开一个进入一个人的内部世界的门户,这个世界通常是一个由概念、信仰和愿景组成的广阔宇宙所以世界建设论文我希望我的博客向你展示我所看重的东西和我相信的东西我担心的就像古埃及的坟墓我希望我的博客成为一个在我去世后很长时间你可以挖掘和检查的地方这些是我写的东西我可以开始看到这些想法如何连接在一起 桥接始终在线纪录片等于持续的世界建设 始终在线纪录片是一种创意策略,公司通过纪录片不断叙述他们的角色追求冲突和愿景所以这些就像我正在写的东西,它向我展示了它们之间的联系方式嗯,我认为这会变得非常有趣,具体取决于你愿意连接在一起的事物类型你也可能会对此感到非常疯狂,这取决于你在金库中写的内容我可以像这样连接沙瓦玛和初创公司,如果我想要的话,看看这些东西之间的联系,再次,真的很有趣,因为所有这一切都发生得非常快,我不需要向电影解释任何这些,我只需输入一些东西,就像斜线连接电影制作世界建筑一样,你使用的很多例子都是个人反思。是的,你怎么想,呃,你知道,例如,不要参加会议,就像你有麦片或双子座笔记一样,你知道做笔记或将其放入黑曜石或嗯,顺便说一句,当我说笔记时,这些可能是你甚至没有参加的会议,他们可能就像你知道汤米会见了文斯,他们开了这个会议,我想把它放在这里。是的。嗯,你觉得怎么样?所以这是一个很好的问题所以我认为你可以使用这些保险库,但是你想使用它们,如果你想把格兰诺拉麦片会议记录放在这里,你可以把你想要的任何文本放在这里,你可以把它们放在这里,你必须确保你知道也许你正在做这样的事情,对吗?所以你就像开会一样,然后你就像好吧,这些是你知道的项目一,然后每次你开会时,嗯,你记下格兰诺拉麦片笔记,然后把它们放在这里,对吗?所以你就像会见 Greg Eisenberg Vin Plus Vin 然后你知道该文件现在已创建,你可以删除你的趋势,你可以将你的会议笔记放到这里现在它在保险库中,然后你可以将其传递给代理,否则代理会发现它,对吗?特别是如果你开始标记,比如我的播客或那里的东西现在它已连接所以现在它的代理有更多的上下文,现在它知道这个转录本与另一个文件相关的趋势很好嗯,我认为这取决于你我认为你在这里输入的信息量取决于你想要如何使用保管库以及你想要如何将事物委托给代理人也许你甚至想为不同的目的创建不同的保管库对我来说,我使用法学硕士和代理作为提高我对主题的理解水平的一种方式所以我用它进行很多反思和类似的事情所以我不希望代理写入文件就像我可以轻松地让它做到这一点就像我可以说即使在这里我也要求它写一些我今天可以谈论的命令的描述但我不,我不想我不希望它创建一个文件来执行此操作,因为我想控制我的所有文件黑曜石 因为我总是想从我对事物的看法中提取出来,而不是它对事物的看法,如果它开始在这个保险库中创建自己的文件那么我不知道就像当它找到这些模式时它是否找到了关于事物的模式? 它是写出来的,还是在寻找我写过的东西的模式所以我为自己创建了一个规则,就像这些东西之间的严格分离一样,我只想在这里写一些东西,然后我会写出我认为应该包含的内容对是的,是的,继续。不,我只是想说,你知道,我可以看到将其用于你自己的思考的力量,我也可以看到你知道,一双眼睛真正擅长的力量,你知道,在互联网上寻找基于趋势和类似内容的信息,以你想要的方式提炼它,并将其放入你的世界也很有趣。是的,完全是的,我认为,如果你问黑曜石,如果你要求云代码浏览你的黑曜石文件并生成想法,你知道你应该构建好的工具的想法,那么你可以说好吧,酷如果那是如果我有一个我应该构建的工具的想法,只需生成一个描述,然后构建该工具,所以完全一样 + +--- + +## 段落 9 [35:12 → 50:03] + +是的,我想展示这个,就像上次的反思一样,就像你知道的,我是一个我构建了这个名为 idea browser.com 的东西,每一天我们都会给出这个经过验证的启动想法。是的,理论上有人可以去,你知道抓住这些信息,把它放在黑曜石金库中,然后基于此基本上,你知道帮助他们完全正确地构建实际的东西是的,所以我想向你展示这个,因为我认为它真的会成功,他们会将其从反射领域带入构建领域,但唯一的问题是这需要一点时间,所以这是对的。是的,所以另一件事是,对于所有这些命令,我注意到的另一种模式是它们需要一点时间,因为它正在读取如此多的文件,我想说,使用黑曜石和使用可访问此黑曜石库的云代码之间有很大区别,我注意到我的所有请求都花费了更长的时间,这只是因为它读取的内容太多,所以就像看看这个所以这是想法演示所以我将运行一个全面的想法一代。让我从并行收集金库结构和上下文开始然后如果你看看它在做什么真的很有趣所以它就像黑曜石孤儿是的,所以它就像我猜孤儿就像文件一样,它们自己没有连接到正确的事物所以这很有趣它知道黑曜石死胡同黑曜石解析了黑曜石标签计数所以它只是试图找出所有这些东西之间的某种联系嗯,然后它说好的每日阅读,所以它正在阅读我的每日笔记然后它发现了这个名为新上下文的文件,这是一家媒体公司正在制定的新文件然后它就像读取文件其他东西上下文那是播客我要对你们说的另一件事是我确实管理嗯,我写我为相当广泛的项目创建上下文文件。我会告诉你,我不知道我是否要展示这个,因为它非常个人化,但就像其他东西一样,看看其他东西的工作环境最近发生了什么变化,通过前往旧金山纽约市记录客人来前端加载配置文件。这是超级个人的东西但是其他东西是什么节目研究的格式核心信念是坚实的基础最好的对话感觉就像发现坚实你知道,这是正在研究它的团队,所以发生的事情这又是非常个人的,但这是它刚刚引入的背景,所以现在它知道谁在我的播客上工作最近的假设假设是什么?我正在探索嗯,它刚刚得到了这些信息。这就像个人工作流程上下文超级个人文件中的其中一件事一样,但它显示了,嗯,你知道,呃,我的每日日程安排是什么样的,你知道我在个人生活中必须做的事情,所以这就像拉动我喜欢如何工作,我不喜欢如何工作,个人代理基础设施是另一回事。让我们看看如果我把它拉出来会发生什么 这是一个项目,我想在其中采取一步来增加我的个人基础设施工作流程委托 但是您想要用代理来描述它,了解越来越多地委托给代理意味着什么 实施方法 所以这就像我正在写的 关于我如何考虑个人使用代理的文件 再说一遍,这是其中一个文件的示例。正在读书。这只是其中之一,所以您像其他东西一样看到了个人工作流程,并且将所有这些都考虑到了此任务中。 我要求它做的事情是为我产生想法从你的日常笔记日历和保险库结构中收集数据这需要一些时间,因为它再次从多个来源提取其中之一是它只是通过大量信息,大量信息,所以需要更长的时间你知道,它已经持续了五分钟好吧,这就是我注意到的事情,但对我来说,这就是我想要的,我想要我想要我想要的回应法学硕士与我所写的内容非常相关,我想了很多,我认为这就是我和代理人能够最好地合作的方式,我只是专注于不断注意到我目前在我正在从事的项目方面的情况以及我的理解是什么以及我发现有趣的东西我想保持这一点并使其尽可能最新和尽可能深入所以每当我与代理人交谈时,它始终能够最好地代表我在那个时刻的身份是的,这就是你的目标,这是我们所有人都应该问自己的问题,是的,代理人是否拥有关于我的偏好、我的梦想、我的希望和我的目标的项目的最新信息,因为你的它只与正确的最新版本一样好?是的,代理拥有的信息的质量100%完全决定了它能为你做什么,如果它对你了解不多,它就不能为你做很多事情,但如果它了解很多,那么它可以为你做一些事情,我认为甚至你的一些人在某些方面说起来有点奇怪,但我的意思是,你甚至不了解自己,我的意思是这是有道理的,因为最终这就像蒸馏一样它的核心。是的,黑曜石中的城市和云代码正在将这些点连接起来。现在,作为企业主或个人,在我们的个人生活中,将这些点连接起来实际上是相当困难的,比如为什么人们会以多种方式去找治疗师。是的,如果你去看治疗师,你知道你有一个人在做大部分的谈话,想一想,你做了很多反思,治疗师和教练在某种程度上指导你,这就是它在很多方面所做的事情,我并不是说不要去找你的治疗师,你知道,但我是,但我的观点是它可以帮助你帮助你发现它们是什么以及你如何将它们联系起来是的,绝对对我来说,是的,这真的很令人兴奋,是的,这只是计算机的疯狂时代所以让我们看看这件事完成了。这是一份创意生成报告 Vault 关系探索。所以这是相当密集的,就像得到一份想法报告一样,我认为这真的会展示我们如何让你从反思转向可操作的结构亮点。再说一次,这只是黑曜石的东西,值得注意的是,这里有一些国防技术的东西,只是加拿大正在增长的一个主题,大量的智力投资也孤立地存在,孤立的代理软件所以孤立只是意味着这些是文件。我还没有真正链接随机笔记。我刚刚写过一次或一些东西 嗯未解决的链接,揭示了潜在的兴趣 隐藏的关系再次所有反射的东西都很好 什么是工作黑曜石云代码是一个组合系统正在为我工​​作这正在产生真正的突破、思考和输出 每个域结构的日在森林中。 这基本上是我开始分割我的日程安排,每天都有一个特定的焦点这很酷,这是非常真实的格雷格·艾森伯格情节作为一个强制功能它将几个月的关于黑曜石和代理的思考压缩成一个清晰的论文,并带有非常真实的演示你知道参加节目并这样做迫使我综合我所知道和呈现的一切但这就是我们将要构建的可操作的东西工具斜线毕业生斜线命令基于每日笔记的每日笔记想法提取器是充满想法 对不起,每日笔记充满了想法标签和永远不会开发的有趣想法 保险库有九个想法标签,但数百个未被发现的见解构建了一个命令,扫描最近的每日笔记 识别标记或未标记的想法并提示您决定 创建一个独立的笔记 添加到现有文件或关闭 这将每日笔记流变成结构化的想法管道 黑曜石保险库为新 它说我只需要为新的黑曜石保险库管理和设置 这意味着与我创建此保险库保险库的方式相同它有我所有的想法和模式以及类似的一切,为什么我不为我的团队创建一个呢?作为一个团队,我们可以在他们喜欢的地方向这个库提出问题,我们都可以为其做出贡献。这里我们开始使用工具来开始使用所有外部文档的这种类型是什么?有趣的时间封锁行为,强制执行一天一个时间封锁应用程序,强制执行每个域的一天意味着因为我每天都在努力专注于我生活的一个方面的一件事,这就是说为什么不创建一个时间封锁应用程序,迫使你这样做有趣的系统来实施黑曜石特工处理逮捕的一句话。这实际上是 Greg Eisenberg Eisenberg 准备的演示三版本,你已经在想象它了,下一步是实际构建它,从小处开始,在每日笔记中安排与人就本周主题进行通话,并让 Otis 或 Claude 机器人或张开爪子拿起它并处理它,所以这就是说,也许你可以从笔记本身进行委派,这就是我解释超级有趣的方式是的,只是排队委派,就像这甚至就像一个新的 UX 模式。我什至不知道你是否可以构建像这些不同的工具主题来研究克里斯托弗·亚历山大的模式语言应用于数字空间有趣黑山学院作为体育场的模型体育场是我们在多伦多无作者媒体作为一个概念的物理空间深圳的硬件生态系统实际上如何工作来编写和发布这将是有用的上下文架构文章计算机作为一个地方软件书籍将成为时尚多伦多理论实际上是编辑思维杂志与这不是你的对话这些都是真实的人亚伦体育场研讨会主持人关于成为技术编程的锚 这是一个我们多伦多没有的空间,用来破坏另一种人的程序,关于制作旗舰系列的程序 Steph Ango 黑曜石 CEO 关于金库作为一个地方 所以这就像是的,这太疯狂了。它建议我应该会见的前五名高影响力的人现在就建立毕业生指挥部或每周进行手动创意审查,嗯,这太疯狂了。这实际上很疯狂,事实上它是纯文本的,只是不是没有图像,这并不容易阅读,但我有点喜欢它,因为它就像便装,你知道我的意思吗?是的,我的意思是我喜欢这种审美,因为我是一个书呆子,但你可以只是说你知道你可以你可以说显然你可以只是说你能把它变成我桌面上一个漂亮的可读 HTML 文件吗?这很难读,而且它会做到这一点,所以我的意思是,如果你不这样做,那就说明如果你不喜欢那样,就按照你想要的方式去做,你知道我的意思吗? 我喜欢这样的审美 但是是的,这就是你如何摆脱反思,当然,你知道,当然我们也可以像这里这样说你知道如果我们不想这样做我们也可以说它推荐了斜杠毕业生命令所以我只能说构建斜杠毕业生命令嗯嗯对,这很有趣,这就是你如何开始构建很多像这样的命令它开始建议你就像只是去构建它好我开始实际上就像我自己构建它们一样,哦,尝试自己思考命令,但是,是的,我说我开始问代理,等一下,你认为哪些命令会有趣,公正,这可能有用,我想做的另一件事是,当我使用一点法学硕士时,我喜欢转向更高层次的抽象,我的意思是我可以说,哦,做一个命令,告诉我每天应该关注什么,这就像一个命令但当我想到的另一件事是你可以退后一步,我可以说基于我的黑曜石金库和你对我的了解形成对你认为我的理解水平的理解,就像你认为我的技能水平是在一个人和我正在从事的项目方面,并基于此建议命令的种类。我应该使用它,将我从该级别提升到更高级别,就像您知道的那样,让它为我建议命令,而不是我建议命令,我可以在它们之间进行选择。所以看看这个。这就是这,这是代理的想法 基于它在我的保险库中读到的内容,基于我正确记录的笔记,所以让我们看看这是什么每日笔记想法提取器 想法见解和原始思维在细节和每日笔记中积累,但很少会发展成独立的笔记,它们可以通过反向链接复合 此命令扫描最近的每日笔记,显示最佳候选者,并帮助决定将其推广为一个想法或正确的东西 所以这就是它的工作方式 它扫描它交叉的所有最近的每日笔记与现有保险库的参考,它为候选人提供了如果创建一个新的独立笔记,则在保险库路线中创建笔记,将笔记写成一篇小型文章或工作文档,从其起源的日常笔记中捕获核心主张或问题上下文,现在与其他保险库笔记的连接作为反向链接,所有这些东西都像它捕获核心主张或问题一样,你可能会看到这个并认为好吧。这只是代理生成的文本,但它对我来说也有不同的影响,因为我知道我正在写很多关于这些事情的文章。我知道我知道就像迷你论文一样,这些词对我来说意味着特定的事情,这太疯狂了。这是非常上下文化的,我知道它在说什么,因为我花了很多时间在这个工具上,而且我花了很多时间写作,所以是的,我创建了,它将创建该命令 + +--- + +## 段落 10 [50:05 → 50:34] + +是的,这太疯狂了,因为我只是要做笔记,我有一个并行代理,它正在查看我的笔记并给我想法,以及我如何证明我的工作流程并证明我的生活然后它不仅可以建议它只是构建这个东西而且它已经完成了,我们在这里斜杠毕业生。我可以点击它它会疯狂地运行如果我是开放人工智能或人类我会购买黑曜石 + +--- + +## 段落 11 [50:37 → 50:54] + +正确,因为这是缺失的环节。是的,太疯狂了。顺便说一下,这是一个缺失的环节,事实上有像你这样的人已经向我推销了这一点。我已经下载了黑曜石。我认为这是一个免费工具,对吗?是的,它是开源的,我已经下载了它,但我还没有 + +--- + +## 段落 12 [50:57 → 53:27] + +造成我的错误是因为我想要你,我知道这会很棒。我知道我会经历这个,这实际上超出了我的预期,就像这样的事实,就像它没有意义,没有意义,如果你是,如果你认真使用它,如果你认真使用它来吸收你的想法,并充分利用它们,如果你认真对待构建,你知道人们所说的个人操作系统呃,并且你没有使用像这样的集中式笔记工具。是的,使用markdown作为基础那么你没有正确使用llm。是的,或者至少没有达到极限 是的,是的,完全正确。你没有充分利用它。是的,你没有充分利用它所以我认为这件事的困难之处在于它需要它确实需要很多时间而要真正正确地设置它需要呃,就像是的,我的意思是它需要很多时间并且并且UI是并且是如此令人畏惧,因为它是一个空白画布而且它不是像嘿,你应该喜欢在这里写下你的偏好,或者你知道,你必须想出这些想法你们自己。是的,但这仍然很神奇,对吧?因为我的意思是,即使当我们与其他人一起工作时,我们也必须找到一种方法来向他们解释事情,我只是觉得这太酷了,现在我们可以与这些代理一起工作,我们仍然需要向他们解释事情,但我们只需要解释一次,因为一旦我们将其记录到文件中,我们总是可以引用该文件,对项目或偏好或任何东西的解释,它总是在那里,你可以将它传递进去,是的,文件就像本质上完美的完美记忆。是的,对吗?人类有记忆,就像我们回忆事物一样。是的,但是有大量的研究表明,我们所记得的事实与现实完全不同,例如,当我们去佐贺夫人那里理发时,我本可以认为我的发型是最好的,你知道,这就是我的记忆所记得的。有一个很棒的发型,但谁知道这可能是我现在剪过的最糟糕的发型 + +--- + +## 段落 13 [53:30 → 58:56] + +黑曜石或任何你最终使用的工具,比如房间,你知道,如果我写了是的,就像内存一样,Markdown 文件是完美的,所以当我链接它或我回忆起它时,它会给我一个完美的数据点,你知道这些文件的另一件事是你希望它们没有偏见,基本上人类在编写反射方面存在偏见。是的,在那一刻。是的,这太疯狂了,是的,这太疯狂了,而且有所有这些不同的方面。这是它的隐私性以及这意味着什么 它的力量在于,现在你可以用自然语言使用这些计算机,然后将其委托给它们 事实上,像我这样的人正在使用这些工具,并试图找出如何以这种方式将东西委托给代理 有像我这样的人以不同的方式更加核心,并推动他们 我只是认为这是一个如此疯狂的时代,因为我认为我们可能正在观察一个根本性的转变人类与计算机的关系 我真的很高兴能在这一切发生的时候还活着 我很好奇这一切将如何解开?嗯,这很酷的是 99.99 9% 的人不会花时间去实际建立这样的东西并使其成为他们日常生活的一部分,可以说,阿尔法是在带领一个更有生产力、更快乐、更健康、更好、更多赚钱的职业方面,在于与法学硕士一起使用这样的东西。我想是的,我并不是说今天要下载城市,我与他们没有任何隶属关系或其他什么,但我是说,选择一个听起来像是我们都应该做的事情,我是说我给自己这个建议就像我没有理由不写下来并将“是”反映到降价文件中。是的,法学硕士使用 Markdown 文件就是氧气。是的,就像人们认为代币是氧气一样。是的,但它们不是 是的,markdown 火焰是像思考人类是什么的记忆 是的,你知道是人类 人类的能量还是它的记忆,你知道我们被称为什么,你知道我的意思是,这就像一个哲学问题,也许两者都有一点,但它是你知道的,我认为 MD 文件有一些非常令人着迷的东西,因为为了拥有一台真正的计算机,它们被低估了经验和当今时代。是的,这里肯定发生了一些根本性的转变,是的,这太棒了。是的,就像我的工作很糟糕一样,你知道,我正在实时学习,对吧?就像我,我什至没有正确的词汇来解释这一点,是的,我也没有,我也没有,我正在努力,我正在尝试实时弄清楚,这就是为什么我认为我知道我展示了一些东西,对我来说,我会做一些事情,或者我会看到一些东西,我的朋友们就像他们有点笑,因为我只是坐在我的电脑前,只是绊倒了,我想这是因为我真的很喜欢电脑,我不敢相信这是可能的。我不敢相信我可以像小时候一样在计算机上做笔记然后突然间这个代理可以扫描它并因此构建东西并且就像我永远看不到的连接模式这太疯狂了。这很疯狂,从根本上来说,你是对的。它只是相互关联的 Markdown 文件的集合。是的,很酷的人。我很欣赏你。我不知道你是否能看到我的想法,但我现在的想法很混乱。感谢上帝,是的,我想对你做正确的事。我也喜欢每次都这么说,但我会一直对你这么说。我真的真的真的真的很感谢你所做的一切,我认为你的模式识别和模式匹配真的被低估了。我认为你做了很多事情。我认为如果你没有真正注意的话,这并不难看出,我只是想说谢谢你所做的一切,你总是在节目中发出新的声音。我看到了。我真的很感激,认识你我很荣幸,是的,谢谢你给我这个机会。谢谢你所做的一切,我感谢你,本,你的传奇。 我将在节目笔记和描述中包含在他的 youtube 节目播客上跟踪互联网货车下的犯罪链接,您可以去看看他,人们请使用其中一些工具,让我知道您的想法,请让 Vinn 知道您的想法,然后我会恳求您回到节目中,我希望您再次回来,伙计。谢谢。谢谢你 + +--- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-1-gruntwork-landing-zone-architecture.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-1-gruntwork-landing-zone-architecture.md index 843965fa..2a468426 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-1-gruntwork-landing-zone-architecture.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-1-gruntwork-landing-zone-architecture.md @@ -11,7 +11,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 1_ Gruntwork Landing Zone Architecture.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 1 Gruntwork Landing Zone Architecture diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-10-aws-landing-zone-lz-data-collection-tagging-related-security.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-10-aws-landing-zone-lz-data-collection-tagging-related-security.md index 765e3e47..38d7ca05 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-10-aws-landing-zone-lz-data-collection-tagging-related-security.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-10-aws-landing-zone-lz-data-collection-tagging-related-security.md @@ -12,7 +12,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 10_ AWS  Landing Zone (LZ) Data Collection, Tagging _ Related Security.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 10 AWS Landing Zone (LZ) Data Collection, Tagging Related Security @@ -21,7 +21,7 @@ status: summarized **Type:** VIDEO | **Category:** 01_AWS-Landing-Zone -**Status:** 🟡 Awaiting Whisper transcription → Summary +**Status:** ✅ 已完成(Gemini 摘要) --- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-14-octane-hub-on-aws-real-life-experience-moving-production-services-i.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-14-octane-hub-on-aws-real-life-experience-moving-production-services-i.md index 747a7b70..2b4845c9 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-14-octane-hub-on-aws-real-life-experience-moving-production-services-i.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-14-octane-hub-on-aws-real-life-experience-moving-production-services-i.md @@ -11,7 +11,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 14_ Octane Hub on AWS_ Real life experience moving production services into the new land.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 14 Octane Hub on AWS: Real-Life Experiences @@ -20,7 +20,7 @@ status: summarized **Type:** VIDEO | **Category:** 01_AWS-Landing-Zone -**Status:** ✅ 已完成摘要 +**Status: ✅ 已完成摘要** --- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-17-active-directory-services-in-gruntwork-aws-lzs.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-17-active-directory-services-in-gruntwork-aws-lzs.md index f5871de4..ed6945ef 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-17-active-directory-services-in-gruntwork-aws-lzs.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-17-active-directory-services-in-gruntwork-aws-lzs.md @@ -12,7 +12,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 17_ Active Directory Services in Gruntwork AWS LZs.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 17 Active Directory Services in Gruntwork AWS LZs @@ -21,7 +21,7 @@ status: summarized **Type:** VIDEO | **Category:** 01_AWS-Landing-Zone -**Status:** 🟡 Awaiting Whisper transcription → Summary +**Status: 🟡 Awaiting Whisper transcription → Summary** --- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-25-labs-landing-zone-overview-itom-teams.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-25-labs-landing-zone-overview-itom-teams.md index d47cb9e8..f68fe90a 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-25-labs-landing-zone-overview-itom-teams.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-25-labs-landing-zone-overview-itom-teams.md @@ -1,8 +1,8 @@ --- -title: "CTP Topic 25 Labs Landing Zone overview - ITOM teams" +title: CTP Topic 25 Labs Landing Zone overview - ITOM teams type: cloud-learning source-type: video -category: "DevOps & SRE/01_AWS-Landing-Zone" +category: DevOps & SRE/01_AWS-Landing-Zone tags: - AWS - Landing-Zone @@ -10,9 +10,9 @@ tags: - ITOM - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 25_ Labs Landing Zone overview - ITOM teams.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 25_ Labs Landing Zone overview - ITOM teams.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 25 Labs Landing Zone overview - ITOM teams @@ -27,7 +27,26 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Labs Landing Zone Overview + +The Labs landing zone is based on the Gruntworks reference architecture and AWS standards, utilizing a multi-account strategy. The entire stack is managed through infrastructure as code (Terraform), using a library of common functions accessible for review and modification. *Everything should be managed using Terraform or some other code-based mechanism.* + +Key components include: + +* **Shared Account:** Hosts the Jenkins master for the CI/CD pipeline (Gruntworks production grade), hardened AMIs, and a Docker container store. +* **Logs Account:** Secure storage for AWS Config and CloudTrail logs, with access controlled by the security team. +* **Security Account:** Manages user accounts and access, primarily for cross-account access and shared accounts, with most access being federated. +* **Core Accounts:** + * Active Directory: Manages Windows instances and IDPs (all in Swimford.net). + * DNS: Manages AWS Swimford.net, allowing for local domains or referencing the wider infrastructure. +* **Network Account:** Central hub for network communication, managing traffic via Transit Gateway and JetPult firewall. All internet access is routed through here, managed by the network team via tags. Pulse VPN access is also managed here, providing access to the micro focus network. +* **Shared Service Accounts:** Provide access to services like monitoring (45 arc site) and Qualys. +* **Product Account:** The primary working environment, built to standard infrastructure-as-code modules. It can have multiple accounts (production, staging, development). Logs are shipped to the logs account, and Jenkins manages automation within the account. + +When deploying a product account, key requirements include defining IP address ranges and agreeing on specific tags with the network team for firewall access. *Access through that firewall is all managed by tags.* The team recommends using their Terraform modules for deploying subnets. + +The standard Jenkins-based pipelines scan GitHub Enterprise repositories for changes, running Terragrunt plans or applies based on the branch. Internet connectivity is restricted; access to specific corporate network locations requires a request to the network services team. The pipelines are continuously being improved for robustness and security, including pre-commit checks and Fortify scans. + --- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-25-labs-landing-zone-overview-itom-teams.md.bak b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-25-labs-landing-zone-overview-itom-teams.md.bak new file mode 100644 index 00000000..8e687139 --- /dev/null +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-25-labs-landing-zone-overview-itom-teams.md.bak @@ -0,0 +1,52 @@ +--- +title: CTP Topic 25 Labs Landing Zone overview - ITOM teams +type: cloud-learning +source-type: video +category: DevOps & SRE/01_AWS-Landing-Zone +tags: + - AWS + - Landing-Zone + - Labs + - ITOM + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 25_ Labs Landing Zone overview - ITOM teams.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 25 Labs Landing Zone overview - ITOM teams + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 25_ Labs Landing Zone overview - ITOM teams.mp4` + +**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-26-standard-ami-build-publish-share-processes.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-26-standard-ami-build-publish-share-processes.md index bff75832..2bfa6322 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-26-standard-ami-build-publish-share-processes.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-26-standard-ami-build-publish-share-processes.md @@ -11,7 +11,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 26_ Standard AMI – build, publish, share processes.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 26 Standard AMI – build, publish, share processes @@ -20,7 +20,7 @@ status: summarized **Type:** VIDEO | **Category:** 01_AWS-Landing-Zone -**Status:** 🟡 Awaiting Whisper transcription → Summary +**Status:** ✅ 已完成(Gemini 摘要) --- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-28-aws-tag-validation-tool.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-28-aws-tag-validation-tool.md index e6ce67d4..2d01855e 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-28-aws-tag-validation-tool.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-28-aws-tag-validation-tool.md @@ -12,7 +12,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 28_ AWS Tag Validation Tool.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 28 AWS Tag Validation Tool @@ -21,7 +21,7 @@ status: summarized **Type:** VIDEO | **Category:** 01_AWS-Landing-Zone -**Status:** 🟡 Awaiting Whisper transcription → Summary +**Status:** ✅ 已完成(Gemini 摘要) --- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-34-azure-landing-zone-architecture-overview.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-34-azure-landing-zone-architecture-overview.md index 866fbe1f..5e8bc997 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-34-azure-landing-zone-architecture-overview.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-34-azure-landing-zone-architecture-overview.md @@ -1,16 +1,16 @@ --- -title: "CTP Topic 34 Azure Landing Zone Architecture Overview" +title: CTP Topic 34 Azure Landing Zone Architecture Overview type: cloud-learning source-type: video -category: "DevOps & SRE/01_AWS-Landing-Zone" +category: DevOps & SRE/01_AWS-Landing-Zone tags: - Azure - Landing-Zone - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 34_ Azure Landing Zone Architecture Overview.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 34_ Azure Landing Zone Architecture Overview.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 34 Azure Landing Zone Architecture Overview @@ -25,7 +25,16 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Azure Landing Zone Architecture Overview + +Kishore Garlopati presents an overview of the upcoming Azure Landing Zones implementation within Micro Focus, detailing how it will simplify Azure adoption for various teams and enable them to deploy workloads to the Azure cloud. The primary goal is to minimize cross-team dependencies through automation, granting teams greater independence in deploying innovative solutions within the Azure environment. + +The architecture begins with enrollment into Azure Enterprise, utilizing Azure Active Directory for user authentication. Azure employs management groups, similar to parent directories in Windows, to organize the entities within Micro Focus. These are divided into four areas: platform, landing zones, decommission, and sandbox. The platform includes identity management and connectivity subscriptions, each with a specific purpose and managed by dedicated teams to enhance security. *The core reason of these individual or isolated subscriptions is you are basically containing a subscription for a specific purpose.* + +Identity subscriptions manage access policies, while connectivity subscriptions serve as a central hub for all inbound and outbound Azure traffic, incorporating security measures like DDoS protection and checkpoint firewalls. Landing zones are designed to be scalable, modular, and fully automated, providing a template-based approach for new projects. These zones emphasize identity access management, auditing, compliance, security monitoring, and networking. Decommissioned subscriptions are for unused resources, and sandbox subscriptions offer isolated environments for experimentation. *This sandbox is a is an interesting one because these landings on subscriptions allows your workloads.* + +Privileged Identity Management (PIM) and privileged access groups manage user access, ensuring appropriate role and policy enforcement. Terraform Cloud is used for infrastructure automation, leveraging Terraform states to manage dependencies between subscriptions. This layered approach allows teams to access necessary data without exposing sensitive information. + --- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-34-azure-landing-zone-architecture-overview.md.bak b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-34-azure-landing-zone-architecture-overview.md.bak new file mode 100644 index 00000000..a3d2f7c0 --- /dev/null +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-34-azure-landing-zone-architecture-overview.md.bak @@ -0,0 +1,50 @@ +--- +title: CTP Topic 34 Azure Landing Zone Architecture Overview +type: cloud-learning +source-type: video +category: DevOps & SRE/01_AWS-Landing-Zone +tags: + - Azure + - Landing-Zone + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 34_ Azure Landing Zone Architecture Overview.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 34 Azure Landing Zone Architecture Overview + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 34_ Azure Landing Zone Architecture Overview.mp4` + +**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-35-aws-landing-zone-design-refresher-saas-labs.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-35-aws-landing-zone-design-refresher-saas-labs.md index a4004555..cf6333b1 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-35-aws-landing-zone-design-refresher-saas-labs.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-35-aws-landing-zone-design-refresher-saas-labs.md @@ -1,8 +1,8 @@ --- -title: "CTP Topic 35 AWS Landing Zone Design Refresher (SaaS Labs)" +title: CTP Topic 35 AWS Landing Zone Design Refresher (SaaS Labs) type: cloud-learning source-type: video -category: "DevOps & SRE/01_AWS-Landing-Zone" +category: DevOps & SRE/01_AWS-Landing-Zone tags: - AWS - Landing-Zone @@ -10,9 +10,9 @@ tags: - Labs - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 35_ AWS Landing Zone Design Refresher (SaaS _ Labs).mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 35_ AWS Landing Zone Design Refresher (SaaS _ Labs).mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 35 AWS Landing Zone Design Refresher (SaaS Labs) @@ -27,7 +27,14 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## AWS Landing Zone Design Refresher + +This session provides an overview of AWS Landing Zones, focusing on their design, updates, and differences between SaaS and Labs environments. The primary goal of landing zones is to support diverse AWS use cases while ensuring reuse, control, auditing, and management. *Our AWS landing zones, they're built infrastructure as code as you'd expect on terraform templates using the grunt work framework.* + +AWS SaaS landing zones offer customer-dedicated environments with product accounts for each product area, such as Snacks. These accounts connect to shared services accounts for security, logging, and networking. The core accounts group includes Active Directory, DNS, and network accounts to support IT services within the micro-focus infrastructure. The shared service accounts host services like artifactory, cyberqualice, cyber EPO, ArcSight, and monitoring. Grunt work accounts manage AMIs, logs, and security across all accounts. Product accounts host IT products, projects, applications, and supporting AWS resources, managed by individual project teams. + +Recent changes to the landing zones include network segmentation to block direct connectivity to SaaS workloads, decommissioning of the Gruntworks Cloud Trail in favor of CCOEs Cloud Trail, and proposed rerouting of ingress traffic via checkpoints in the network account. Native AWS backup is likely to be mandated, and management VPCs may be removed for new accounts. The key difference between SaaS and Labs is that SaaS is for production, while Labs is for development, with plans to introduce internet access into Labs. *Basically, the only answer is that SAS is production, Labs is development.* The PoC landing zone will be combined with Labs to maximize shared resources. The Cloud Technology Design Forum aims to standardize and centralize microfocus's cloud delivery offering, including landing zone designs. + --- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-35-aws-landing-zone-design-refresher-saas-labs.md.bak b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-35-aws-landing-zone-design-refresher-saas-labs.md.bak new file mode 100644 index 00000000..ac6d07a0 --- /dev/null +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-35-aws-landing-zone-design-refresher-saas-labs.md.bak @@ -0,0 +1,52 @@ +--- +title: CTP Topic 35 AWS Landing Zone Design Refresher (SaaS Labs) +type: cloud-learning +source-type: video +category: DevOps & SRE/01_AWS-Landing-Zone +tags: + - AWS + - Landing-Zone + - SaaS + - Labs + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 35_ AWS Landing Zone Design Refresher (SaaS _ Labs).mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 35 AWS Landing Zone Design Refresher (SaaS Labs) + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 35_ AWS Landing Zone Design Refresher (SaaS _ Labs).mp4` + +**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-40-saas-database-architecture-on-aws-cloud.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-40-saas-database-architecture-on-aws-cloud.md index 574affaa..e056bbc0 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-40-saas-database-architecture-on-aws-cloud.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-40-saas-database-architecture-on-aws-cloud.md @@ -1,8 +1,8 @@ --- -title: "CTP Topic 40 SaaS Database Architecture On AWS Cloud" +title: CTP Topic 40 SaaS Database Architecture On AWS Cloud type: cloud-learning source-type: video -category: "DevOps & SRE/01_AWS-Landing-Zone" +category: DevOps & SRE/01_AWS-Landing-Zone tags: - SaaS - Database @@ -10,9 +10,9 @@ tags: - AWS - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 40_ SaaS Database Architecture On AWS Cloud.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 40_ SaaS Database Architecture On AWS Cloud.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 40 SaaS Database Architecture On AWS Cloud @@ -27,7 +27,18 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## SAS Database Architecture on AWS Cloud + +The SAS database team is a global team located in the US, Canada, India, and Israel, providing 24/7 support. The team consists of certified professionals, including Oracle certified professionals, DBAs, and security professionals. They manage over 500 databases and 1000+ DB servers on-premise and in the public cloud, having migrated numerous DB servers and databases to the public cloud. + +The team supports various regions, including Sacramento and Reading for on-premise data centers, and AWS regions like Canada, Frankfurt, London, Oregon, North Virginia, and Sydney. They support database flavors such as Oracle, Vertica, Postgres, DynamoDB, SQL Server, MongoDB, and MySQL, utilizing AWS technologies like Postgres Aurora, Elasticsearch, AWS RDS, EFS, S3, and EBS. Databases reside mostly on application VPCs with integrated security measures. + +For database monitoring, performance tuning, and gap analysis, tools like Micro Focus Sidescope, Oracle OEM, Ignite, AWS CloudWatch, and Questsoft Foglight are used. Day-to-day operations are managed through a ticketing tool, with an on-call DBA resource. The team actively participates in squads and executes a minimum of 10 changes a month, handling 400-500 SSRs and IMs monthly. They provide layer 1 and layer 3 support, using technologies like shell scripting, Terraform, AWS CLI, and PowerShell for automation. *Data center migrations and cloud provisioning were key automation projects.* + +Key projects include data center migrations, onboarding new customers, database security enhancements, DB-AD integrations, SOX compliance, database consolidation, and DB patching. The team is also working on Oracle Golden Gate for multi-tenancy, adopting cloud-native technologies, and enhancing the Pretty Tool for on-demand backups and database migrations. Future plans involve new AMI automations, storage compression, RI instance optimization, AWS cloud-native backups, and enhancements to the DB apps tool. *The idea was to move those databases seamless without downtime or with minimum downtime.* + +For high availability, Oracle uses Data Guard technology, Postgres uses a classic active-passive mechanism (with plans to use Active Active), and RDS uses RDS high availability. Databases are run in two availability zones within a region, with a primary database in one zone, a standby database in the second, and a witness in the third to observe and manage failovers. Reporting databases have a read-only warehouse in the third availability zone, with secure VPN access for customers to run operational warehousing queries. + --- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-40-saas-database-architecture-on-aws-cloud.md.bak b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-40-saas-database-architecture-on-aws-cloud.md.bak new file mode 100644 index 00000000..744a7d7f --- /dev/null +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-40-saas-database-architecture-on-aws-cloud.md.bak @@ -0,0 +1,52 @@ +--- +title: CTP Topic 40 SaaS Database Architecture On AWS Cloud +type: cloud-learning +source-type: video +category: DevOps & SRE/01_AWS-Landing-Zone +tags: + - SaaS + - Database + - Architecture + - AWS + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 40_ SaaS Database Architecture On AWS Cloud.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 40 SaaS Database Architecture On AWS Cloud + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 40_ SaaS Database Architecture On AWS Cloud.mp4` + +**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-44-aws-backup-in-micro-focus.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-44-aws-backup-in-micro-focus.md index 9b98f328..8f9c6bf2 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-44-aws-backup-in-micro-focus.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-44-aws-backup-in-micro-focus.md @@ -11,7 +11,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 44_ AWS Backup in Micro Focus.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 44 AWS Backup in Micro Focus @@ -20,7 +20,7 @@ status: summarized **Type:** VIDEO | **Category:** 01_AWS-Landing-Zone -**Status:** ✅ 已完成摘要 +**Status:** ✅ 已完成(Gemini 摘要) --- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-46-netapps-on-aws.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-46-netapps-on-aws.md index 712eb2b1..13d4caa3 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-46-netapps-on-aws.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-46-netapps-on-aws.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 46 NetApps on AWS" +title: CTP Topic 46 NetApps on AWS type: cloud-learning source-type: video -category: "DevOps & SRE/01_AWS-Landing-Zone" +category: DevOps & SRE/01_AWS-Landing-Zone tags: - NetApp - AWS - Storage - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 46_ NetApps on AWS.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 46_ NetApps on AWS.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 46 NetApps on AWS @@ -26,7 +26,53 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## NetApp on AWS: A Cloud Transformation Program Learning Session + +Sandeep and Yael presented a training session on NetApp, covering basic components, architecture, data tiering, security, backup/DR strategy, migration from on-prem to cloud, current NetApp usage, architecture, and a demonstration. + +### Traditional NetApp + +NetApp is a storage system, with ONTAP as its operating system. It features controller nodes connected to disk enclosures, supporting SSD, SATA, SAS, and FC disks. NetApp primarily supports SMB, NFS, FC, FCOE, and ISCSI protocols, often configured as a single node or HA pair (high availability pair). + +Key components include: +* **Aggregate:** A collection of disks forming a RAID group. +* **Volume (FlexVolume):** A data container hosted on top of an aggregate, presented to hosts for data storage, accessible via NFS or CIFS. +* **Qtree:** A further segmentation of a volume, similar to directories in UNIX or folders in Windows, with special attributes like permissions and quota management. +* **LUN (Logical Unit Number):** A logical representation of storage, hosted on a volume or Qtree, presented to hosts via FC or ISKSI as block-level storage. +* **Logical Interface (Lift):** An interface on top of a physical network card, hosting an IP address or WWPN, used for node management, inter-cluster replication, cluster management, and data serving. +* **Storage Virtual Machine (SVM):** A virtual segmentation of a NetApp system, enabling multi-tenancy, treating each SVM as a separate operating system with no data flow between them. *At least one SVM is needed for a cluster.* + +### NetApp in AWS (Cloud Volume ONTAP - CVO) + +CVO is a software-only storage appliance hosted on EC2 instances, functioning as nodes. It can be a single node or HA pair, utilizing a mediator instance to aid during takeover and give back processes. The nodes are deployed across multiple availability zones with synchronous replication. EBS disks (GP3, GP2, IEO, IEO1, ST1) are used as storage, managed via Cloud Manager. + +High availability is maintained through a floating IP concept, where clients access data via a unique IP address that migrates to the serving node in case of failure. Takeover give back refers to the process of a serving node taking over services from a failed node and relinquishing them when the failed node recovers. + +### Data Tiering + +Data tiering involves using various storage media to optimize cost, performance, and availability. NetApp in AWS stores active data on EBS and inactive data on S3. Data inactive for 30 days or more is automatically moved to S3 and pulled back to EBS when accessed. *NetApp stores the active data in EBS and inactive data to S3.* + +### Data Security + +NetApp supports encryption via AWS Key Management Service and NetApp Encryption Solution (volume or aggregate encryption), both offering 256-bit encryption. Virus scanning is integrated with McAfee Antivirus (VSES), using an external scan server. Scanning options include on-access (for SMB/CIFS) and on-demand (for NFS) scanning. + +### Backup and DR + +Snapshots are point-in-time, read-only file system images that create copies of volumes using pointers, minimizing space consumption. SnapMirror is a tool for replicating data between NetApps, copying volumes and their snapshots. It requires peering relationships between clusters and SVMs, with optional encryption. Baseline copies perform initial full data replication, while subsequent updates copy only the changes. Destination volumes in a SnapMirror relationship are read-only. + +### Migration + +Tools for migrating from on-prem to AWS include: +* **SnapMirror:** Fast, block-level replication, preserving D-Dupe and compression. +* **NetApp XCP:** File-based tool, copying data at the file level with concurrent sessions. +* **NetApp Cloud Sync:** Used for AWS migrations, supporting NetApp to NetApp, NFS, SMB, NetApp to S3/EFS, and EFS/S3 to NetApp. +* **AWS DataSync:** AWS-provided file-based tool for NetApp to EFS or S3 migrations. +* **Silver Peak:** A WAN optimizer for compressing packets. + +### Current NetApp Usage and Future Plans + +The organization has around 15 NetApp clusters in various AWS regions, hosting approximately 1.3 petabytes of data. Cloud Manager is used for central management, with storage operations maintaining and supporting the NetApps. Monitoring is currently done through Cityscope and WebTool, with plans to use AWS native services. S3 tiering is enabled for most NetApps, and FSX for NetApp is under POC. There are also plans to use Terraform for deploying NetApps. + --- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-46-netapps-on-aws.md.bak b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-46-netapps-on-aws.md.bak new file mode 100644 index 00000000..b64aec8b --- /dev/null +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-46-netapps-on-aws.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 46 NetApps on AWS +type: cloud-learning +source-type: video +category: DevOps & SRE/01_AWS-Landing-Zone +tags: + - NetApp + - AWS + - Storage + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 46_ NetApps on AWS.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 46 NetApps on AWS + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 46_ NetApps on AWS.mp4` + +**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-47-enterprise-architecture-cloud-standards.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-47-enterprise-architecture-cloud-standards.md index eb7eacc7..4c93109e 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-47-enterprise-architecture-cloud-standards.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-47-enterprise-architecture-cloud-standards.md @@ -1,16 +1,16 @@ --- -title: "CTP Topic 47 Enterprise Architecture Cloud Standards" +title: CTP Topic 47 Enterprise Architecture Cloud Standards type: cloud-learning source-type: video -category: "DevOps & SRE/01_AWS-Landing-Zone" +category: DevOps & SRE/01_AWS-Landing-Zone tags: - Enterprise-Architecture - Cloud-Standards - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 47_Enterprise Architecture Cloud Standards.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 47_Enterprise Architecture Cloud Standards.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 47 Enterprise Architecture Cloud Standards @@ -25,7 +25,21 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Enterprise Architecture Cloud Standards + +[slide:N] +The session will cover landing zones, their purpose, the role of enterprise architecture in cloud environments, guardrails, and the need for community input. The speaker, Lindsay, an enterprise architect with a development background, aims to provide a learner's perspective on cloud architecture. + +A landing zone is a framework for hosting cloud workloads, focusing on security, compliance, and manageability. Key components include account structure, networking, security, access management, and telemetry. *The account structure aligns with environments (dev, staging, production), and roles define access based on zero trust and least privilege principles.* The landing zone provides pre-configured networking and security, reducing the security review burden on application teams. Centralized logging and auditing are provided within the framework. + +Benefits of using landing zones include a pre-designed security model, pre-built compliance, and visible cost control. Infrastructure automation, using Terraform, enables efficient environment configuration. *Terraform allows specifying the desired environment in code, promoting standardization and testability.* Terragrunt, a wrapper for Terraform, aids in generating different environments. The framework eliminates reinvention, allowing application teams to focus on application-specific tasks. + +Enterprise architecture helps articulate the cloud architecture, informing application teams about available resources and requirements. Guardrails capture mandatory requirements and optimal practices for scalability, cost minimization, and flexibility. The enterprise architecture team has created a page on the intranet site with business architecture concepts, data connections, application information, and technology roadmaps. + +The cloud guardrails document covers design concepts, capabilities, and best practices. Key design concepts include cloud-first, leveraging well-architected frameworks, infrastructure as code (Terraform), and resource tagging. The document provides guidance on executable packaging, functional partitioning, capacity management, and identity management. + +Executable packaging prioritizes using existing cloud services and managed services to minimize custom code. Functional partitioning involves breaking monolithic applications into smaller, independent blocks or serverless functions. The speaker emphasizes the need for input from application teams to refine the guardrails and incorporate real-world experiences. *We want your knowledge collected here for reuse and help help to help other app developers down the road.* + --- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-47-enterprise-architecture-cloud-standards.md.bak b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-47-enterprise-architecture-cloud-standards.md.bak new file mode 100644 index 00000000..65dd1360 --- /dev/null +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-47-enterprise-architecture-cloud-standards.md.bak @@ -0,0 +1,50 @@ +--- +title: CTP Topic 47 Enterprise Architecture Cloud Standards +type: cloud-learning +source-type: video +category: DevOps & SRE/01_AWS-Landing-Zone +tags: + - Enterprise-Architecture + - Cloud-Standards + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 47_Enterprise Architecture Cloud Standards.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 47 Enterprise Architecture Cloud Standards + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 47_Enterprise Architecture Cloud Standards.mp4` + +**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-50-ami-roadmap-for-aws-amis.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-50-ami-roadmap-for-aws-amis.md index 204b7457..ebc6c2ef 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-50-ami-roadmap-for-aws-amis.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-50-ami-roadmap-for-aws-amis.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 50 AMI Roadmap for AWS AMIs" +title: CTP Topic 50 AMI Roadmap for AWS AMIs type: cloud-learning source-type: video -category: "DevOps & SRE/01_AWS-Landing-Zone" +category: DevOps & SRE/01_AWS-Landing-Zone tags: - AWS - AMI - Roadmap - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 50_ AMI Roadmap for AWS AMIs.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 50_ AMI Roadmap for AWS AMIs.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 50 AMI Roadmap for AWS AMIs @@ -26,7 +26,18 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## AMI Roadmap for AWS AMIs + +The Cloud Transformation Program held a learning session to discuss the AMI roadmap for AWS AMIs. The session covered the CCOE AMI roadmap, end-of-life operating systems, AMI notifications, change logs, new features, the process for adding new AMIs, current supported AMIs, and the roadmap. + +The CCOE provides hardened AMIs on a bi-monthly basis aligned with security standards. The session focused on the roadmap, not the hardened AMIs themselves. The current available AMIs include three versions of Ubuntu, CentOS 7 and 8, Reddit 8.4 ARM, Amazon Linux 2, and four versions of Windows operating systems. + +The roadmap includes planned releases for new operating systems. In November, SLES 15 and Reddit 9 will be released. In January 2023, open Susa 15 and Amazon Linux 2022 will be added. In March 2023, Rocky 8 and Rocky 9 will be available. May 2023 will see Reddit 9.4 ARM and Ubuntu 22.04 ARM. *Starting May 2023, all ARM processors related to AMIs will be released.* The order was created mainly by ADM requirements. Any requirements to change the prioritization of the roadmap should go through the demand pipeline process. + +Windows Server 2008 and 2008 R2 are end-of-life since January 2020, CentOS 8 since December 2021, and Windows Server 2012 will be by October 2023. Red Hat 7 will be end-of-life by June 2024, as will CentOS 7. AMI notifications are sent via email to those on the CCOE notifications PDL. A change log is now available in the CCRE portal, representing the latest changes from the previous release. *This change log focuses on changes done by CCRE.* + +The features contained in the AMIs include domain join services, enabling SSHR, integrating McAfee antivirus services, enabling DNS settings, updating the cloud init process, enabling the SSM client, and edge installations. The process of adding new AMI integration and validation involves integrating services, enabling features, and undergoing a build and test process. The AMIs are shared with every account in the organization, including the AMI itself, EBS volumes, and KMS keys. + --- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-50-ami-roadmap-for-aws-amis.md.bak b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-50-ami-roadmap-for-aws-amis.md.bak new file mode 100644 index 00000000..bcc596c2 --- /dev/null +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-50-ami-roadmap-for-aws-amis.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 50 AMI Roadmap for AWS AMIs +type: cloud-learning +source-type: video +category: DevOps & SRE/01_AWS-Landing-Zone +tags: + - AWS + - AMI + - Roadmap + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 50_ AMI Roadmap for AWS AMIs.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 50 AMI Roadmap for AWS AMIs + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 50_ AMI Roadmap for AWS AMIs.mp4` + +**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-51-architecting-with-aws-purpose-built-databases.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-51-architecting-with-aws-purpose-built-databases.md index 4f747158..f3e38e0c 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-51-architecting-with-aws-purpose-built-databases.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-51-architecting-with-aws-purpose-built-databases.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 51 Architecting with AWS purpose-built databases" +title: CTP Topic 51 Architecting with AWS purpose-built databases type: cloud-learning source-type: video -category: "DevOps & SRE/01_AWS-Landing-Zone" +category: DevOps & SRE/01_AWS-Landing-Zone tags: - AWS - Database - Purpose-Built - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 51_ Architecting with AWS purpose-built databases.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 51_ Architecting with AWS purpose-built databases.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 51 Architecting with AWS purpose-built databases @@ -26,7 +26,24 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Architecting with AWS Purpose-Built Databases + +Femi George, a database sales specialist from AWS, discussed purpose-built databases for modern applications, covering modern applications, the rationale for purpose-built databases, key AWS databases, and the evolving role of DBAs/developers in the cloud. + +Modern applications have evolved from client-server models due to changing customer requirements, new devices, diverse data types, and economic considerations. Key questions include scalability, global delivery with low latency, and developer access. The approach involves starting with the use case and selecting the best tool for the job, avoiding a one-size-fits-all approach. *We need to start thinking of the right purpose built database for the right application.* + +Considerations for purpose-built databases include application scale, user numbers, access patterns, usage spikes, and performance requirements like latency and availability. Duolingo uses DynamoDB for personalized data, ElastiCache for common words/phrases, and Aurora for transactional data. AWS offers a range of purpose-built databases, including relational (e.g., RDS, Aurora) and NoSQL (key-value, document, in-memory, graph) options, along with time series, ledger, and wide-column databases. + +Relational databases are suitable for fixed schemas and maintaining referential integrity. Amazon RDS provides fully managed traditional and open-source databases, handling backups and patching. Data endpoints in RDS facilitate easy application access. Amazon Aurora, a cloud-native database, offers MySQL and PostgreSQL compatibility with enhanced performance, scalability, and security. *Amazon Aurora has two flavors, MySQL and PostgreSQL.* Aurora separates storage and compute, improving IO and availability. + +Key-value data is popular among developers and forms the basis of NoSQL databases. Amazon DynamoDB is a key-value and document database with single-digit millisecond performance at any scale, supporting trillions of requests per day. Netflix uses DynamoDB for resilience and low-latency access to JSON documents. Document databases extend key-value stores by enabling deeper querying within JSON files. Amazon DocumentDB is compatible with MongoDB and offers flexible schemas. + +Apache Cassandra, a wide-column database, is used for large-scale applications with unstructured schemas. Amazon Keyspaces is a managed service for Cassandra-compatible databases, offering serverless options. In-memory databases, like Amazon ElastiCache (Redis, Memcached), are used for caching, media streaming, session stores, and real-time analytics. Peloton uses ElastiCache Redis for immediate feedback to customers. + +Graph databases (e.g., Amazon Neptune) are suitable for fraud detection, social networking, and recommendations. They help uncover correlations that relational databases struggle with. Time series databases (e.g., Amazon Timestream) are designed for high-volume, time-based data analysis, such as data from IoT devices. + +The role of the DBA is evolving in the cloud. While AWS manages much of the platform, DBAs still handle tasks like restoring databases, managing access, and optimizing queries. The focus shifts from platform management to application innovation. + --- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-51-architecting-with-aws-purpose-built-databases.md.bak b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-51-architecting-with-aws-purpose-built-databases.md.bak new file mode 100644 index 00000000..2739ae87 --- /dev/null +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-51-architecting-with-aws-purpose-built-databases.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 51 Architecting with AWS purpose-built databases +type: cloud-learning +source-type: video +category: DevOps & SRE/01_AWS-Landing-Zone +tags: + - AWS + - Database + - Purpose-Built + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 51_ Architecting with AWS purpose-built databases.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 51 Architecting with AWS purpose-built databases + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 51_ Architecting with AWS purpose-built databases.mp4` + +**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-58-aws-ec2-image-builder.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-58-aws-ec2-image-builder.md index 7fe51158..03ccee48 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-58-aws-ec2-image-builder.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-58-aws-ec2-image-builder.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 58 AWS EC2 image builder" +title: CTP Topic 58 AWS EC2 image builder type: cloud-learning source-type: video -category: "DevOps & SRE/01_AWS-Landing-Zone" +category: DevOps & SRE/01_AWS-Landing-Zone tags: - AWS - EC2 - Image-Builder - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 58_ AWS EC2 image builder.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 58_ AWS EC2 image builder.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 58 AWS EC2 image builder @@ -26,7 +26,20 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## AWS EC2 Image Builder + +AWS EC2 Image Builder is a managed AWS service to automate the creation, management, and distribution of AMIs and Docker images using components like image pipelines, image recipes, and infrastructure configurations. Image pipelines define how AMIs are published, including installations, security hardening, and distribution schedules. + +Image recipes, written in YAML, define the source AMI for creating an output AMI, while container recipes support Docker images. Components are individual steps executed within the source AMI, such as installing packages or running shell commands. *A component is basically just a particular step that you want to execute in order to achieve the output AMI.* Infrastructure configurations define instance attributes like instance type, VPC, subnet, and security groups. Distribution settings manage the distribution of AMIs across different regions and accounts. + +The current AMI publishing process involves OS-specific hardening scripts in GitLab repositories and Jenkins pipelines launching Packer to build and share images. Some product teams have developed parallel image bakeries, while others use manual processes with limited automation. The current approach has shortcomings, including longer turnaround times for modifications, AMI compatibility issues across landing zones, and limited automation in manual image bakeries. *Due to these limitations and these things what happens is eventually the product teams try to cater to their requirements by developing some kind of workflow or CI CD pipelines wherein they consume that CCOE AMI and they try to update or install whatever packages they require for their requirement or try to fulfill the functionalities which were lacking in the base AMI.* + +Image Builder offers advantages such as increased productivity through automation, efficient image testing during the build process, incorporation of hardening standards, and easy image distribution. It integrates with AWS Organizations and AWS RAM for distributing AMIs across managed accounts. Supported OSes include Amazon Linux, Windows Server, Red Hat Linux, CentOS, Ubuntu, and SUSE, with the list expected to expand. + +A POC has implemented end-to-end pipelines for CentOS 7 and Ubuntu 18, using CCOE hardening scripts converted into individual components. Terraform modules are in place for creating resources, with a consolidated module simplifying consumption for product teams. Testing scenarios are incorporated within components to validate execution, and AWS Inspector is integrated for AMI scanning against security standards. A Lambda workflow triggers scans, sends email notifications, and uploads reports to S3, maintaining a historical data of published AMIs. Qualys scan integration is under evaluation. + +Product groups can use a service module to add components to the golden AMI. A component is a script, and components should be added in alphabetical order. The HCL file is used to create and manage components. Logs are published in CloudWatch. The image builder process requires approval, and the approval process is still under development. + --- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-58-aws-ec2-image-builder.md.bak b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-58-aws-ec2-image-builder.md.bak new file mode 100644 index 00000000..75787ae2 --- /dev/null +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-58-aws-ec2-image-builder.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 58 AWS EC2 image builder +type: cloud-learning +source-type: video +category: DevOps & SRE/01_AWS-Landing-Zone +tags: + - AWS + - EC2 + - Image-Builder + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 58_ AWS EC2 image builder.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 58 AWS EC2 image builder + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 58_ AWS EC2 image builder.mp4` + +**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-66-exposing-the-differences-between-postgresql-rds-and-aurora.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-66-exposing-the-differences-between-postgresql-rds-and-aurora.md index 61521e3b..fdb8e7b6 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-66-exposing-the-differences-between-postgresql-rds-and-aurora.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-66-exposing-the-differences-between-postgresql-rds-and-aurora.md @@ -1,8 +1,8 @@ --- -title: "CTP Topic 66 Exposing the differences between PostgreSQL RDS and Aurora" +title: CTP Topic 66 Exposing the differences between PostgreSQL RDS and Aurora type: cloud-learning source-type: video -category: "DevOps & SRE/01_AWS-Landing-Zone" +category: DevOps & SRE/01_AWS-Landing-Zone tags: - AWS - RDS @@ -10,9 +10,9 @@ tags: - PostgreSQL - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 66_ Exposing the differences between PostgreSQL RDS and Aurora.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 66_ Exposing the differences between PostgreSQL RDS and Aurora.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 66 Exposing the differences between PostgreSQL RDS and Aurora @@ -27,7 +27,47 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## RDS vs. Aurora: Key Differences + +Greg Klau presented a detailed comparison of PostgreSQL on Amazon RDS and Aurora, focusing on performance, cost, and use cases. The session covered choosing between the two, running blue-green and cross-region operations, monitoring, and network performance tweaks for high availability. + +### Key Differences and Considerations + +* **Minimum Size and Cost:** RDS offers smaller, cheaper instances suitable for small databases, while Aurora has a higher minimum size and cost due to its architecture. +* **Maximum Size and Performance:** Aurora scales to larger databases and offers better IO performance, making it suitable for databases exceeding 10-20 terabytes. +* **Auto Scaling:** Aurora offers auto-scaling (Serverless v2) but with limitations on instance shapes, versions, and regions. +* **Recovery Time Objective (RTO):** Aurora boasts a 30-second RTO, compared to RDS's two minutes in the event of an AZ failure. +* **Storage Flexibility:** RDS provides more storage options (GP2, GP3, provisioned IOPS, magnetic), while Aurora charges per IO. +* *With RDS, you get to choose multiple different storage mechanisms.* +* *Aurora IO is generally unbounded because they're motivated to give you as much IO as you can consume because they're charging you per IO.* + +### Architectural Comparison + +* **RDS:** Uses compute with attached storage (EBS). Multi-AZ setup involves another compute and storage node for failover. Replication across regions is asynchronous. +* **Aurora:** Employs six EBS volumes across three availability zones, managed by Amazon. Adding compute uses the same cluster volume, avoiding data replication for read replicas. Aurora Global allows multi-region setups with asynchronous replication. +* *With Aurora, you get six EBS volumes. They're spread across three availability zones.* +* **Endpoints:** RDS has one endpoint per cluster, while Aurora has separate writer and reader endpoints. + +### Database Switchover and Failover + +* **RDS:** Requires blocking access, forcing a new primary, destroying the old cluster, and rebuilding it as a standby. +* **Aurora:** Allows clean, managed switchovers using Aurora Global, without re-replication. Failover involves promoting a secondary region and re-adding the failed region as a new global cluster after it recovers. + +### Blue-Green Deployments (Aurora MySQL Only) + +* Aurora MySQL supports blue-green deployments for major version upgrades, creating a duplicate environment for testing before switching over. This involves logical replication to a green environment, with guardrails to prevent data loss. + +### Monitoring + +* Both RDS and Aurora offer monitoring options via CloudWatch, Grafana, and Performance Insights. Performance Insights provides a view of database load, query performance, and wait times. +* Aurora utilizes free local storage (ephemeral SSD) for temporary work, which is fixed per instance type. RDS uses EBS for temporary storage. + +### High Availability Performance Tweaks + +* Lower DNS time to live (TTL) to one second for faster failover. +* Adjust TCP Keep-Alive settings to detect database failures quickly. +* Use JDBC connection string overloading with reader and writer endpoints for resilience. + --- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-66-exposing-the-differences-between-postgresql-rds-and-aurora.md.bak b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-66-exposing-the-differences-between-postgresql-rds-and-aurora.md.bak new file mode 100644 index 00000000..3037fbd5 --- /dev/null +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-66-exposing-the-differences-between-postgresql-rds-and-aurora.md.bak @@ -0,0 +1,52 @@ +--- +title: CTP Topic 66 Exposing the differences between PostgreSQL RDS and Aurora +type: cloud-learning +source-type: video +category: DevOps & SRE/01_AWS-Landing-Zone +tags: + - AWS + - RDS + - Aurora + - PostgreSQL + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 66_ Exposing the differences between PostgreSQL RDS and Aurora.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 66 Exposing the differences between PostgreSQL RDS and Aurora + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 66_ Exposing the differences between PostgreSQL RDS and Aurora.mp4` + +**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-68-introduction-to-redshift.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-68-introduction-to-redshift.md index 9306ad69..c6cc18b6 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-68-introduction-to-redshift.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-68-introduction-to-redshift.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 68 Introduction to Redshift" +title: CTP Topic 68 Introduction to Redshift type: cloud-learning source-type: video -category: "DevOps & SRE/01_AWS-Landing-Zone" +category: DevOps & SRE/01_AWS-Landing-Zone tags: - AWS - Redshift - Data-Warehouse - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 68_ Introduction to Redshift.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 68_ Introduction to Redshift.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 68 Introduction to Redshift @@ -26,7 +26,16 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## AWS Redshift Architecture and Components + +This learning session covers AWS Redshift, focusing on its architecture, management, and key components. The session aims to provide a foundational understanding of Redshift, including its features like columnar operations, row-based operations, MPP (Massively Parallel Processing), data compression, and the significance of distinct and hot keys. + +Redshift is a fully managed, petabyte-scale data warehouse solution in the cloud. *It is designed for data warehousing, enabling quick data retrieval from large datasets.* It supports online analytical processing (OLAP) and offers advantages such as easy installation, maintenance of backups, point-in-time recovery, and cross-region disaster recovery. + +Redshift architecture involves client applications communicating with Redshift clusters via JDBC and ODBC drivers, connecting to a leader node. The leader node manages schema, warehouse metadata, and query planning, distributing instructions to compute nodes. Compute nodes, determined by the instance type, execute queries across slices, processing data and returning results to the leader node. *The leader node then stores results in buffers for quick retrieval, enhancing performance.* Instance types include dense compute, dense storage, and RA3, each offering varying levels of compute power, RAM, and storage capacity. RA3 is noted for its cost-effectiveness and large storage capacity, utilizing AWS-managed NVMe storage. + +Key features of Redshift include MPP, which enables parallel processing of queries across multiple compute nodes, improving query speed and response times. Data storage can be columnar or row-based; columnar storage is optimized for data warehouse operations due to faster performance and efficient memory usage. Data compression techniques, including LZO, further enhance performance by reducing data size. The sort key and dist key play a crucial role in optimizing queries and managing data distribution across compute nodes. + --- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-68-introduction-to-redshift.md.bak b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-68-introduction-to-redshift.md.bak new file mode 100644 index 00000000..14db4092 --- /dev/null +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-68-introduction-to-redshift.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 68 Introduction to Redshift +type: cloud-learning +source-type: video +category: DevOps & SRE/01_AWS-Landing-Zone +tags: + - AWS + - Redshift + - Data-Warehouse + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 68_ Introduction to Redshift.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 68 Introduction to Redshift + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 68_ Introduction to Redshift.mp4` + +**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-7-saas-landing-zone-design.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-7-saas-landing-zone-design.md index 07d54ee3..f6136dd8 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-7-saas-landing-zone-design.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-7-saas-landing-zone-design.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 7 SaaS Landing Zone design" +title: CTP Topic 7 SaaS Landing Zone design type: cloud-learning source-type: video -category: "DevOps & SRE/01_AWS-Landing-Zone" +category: DevOps & SRE/01_AWS-Landing-Zone tags: - AWS - Landing-Zone - SaaS - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 7_ SaaS Landing Zone design.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 7_ SaaS Landing Zone design.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 7 SaaS Landing Zone design @@ -26,7 +26,53 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## SAS Landing Zone Design + +The session covers the high-level design for the new production SAS Landing Zone, emphasizing a single landing zone approach for all products to reduce overhead and costs, a departure from the per-product group (PG) landing zones used in dev labs. The design incorporates AWS accounts, Terraform modules, and TerraGrant for deployment. + +Key components include core accounts (shared, logs, security), baseline accounts (network, DNS, Active Directory), shared services accounts (software factory, cyber, ARC site, monitoring), and product accounts. + +*The SAS landing zone will use a single landing zone for all the product groups.* + +### Core Accounts + +These accounts are based on the grant work reference architecture and include: + +* **Shared Account:** Hosts hardened AMIs and a master Jenkins server for managing deployments. The master Jenkins initiates Lambda functions within each account to trigger Jenkins slaves, enhancing security by preventing direct exposure of the master Jenkins to jobs or credentials. +* **Logs Account:** A centralized account for logs from every account (CloudTrail, Config, Flowlogs), accessible primarily to the security team, with read access for products to their specific logs. +* **Security Account:** Hosts IAM roles inherited within each account, with the ability for account owners to attach additional policies to restrict role usage. + +### Baseline Accounts + +These accounts are essential for product functionality and include: + +* **Network Account:** Contains a regional transit gateway connecting all accounts, with a checkpoint appliance for monitoring traffic based on a tagging approach. Resources require specific tags to access destinations like the internet or on-prem networks. +* **DNS Account:** Hosts Route 53, with each product having its own hosted zone for managing DNS records. +* **Active Directory Account:** Includes two AD nodes for domain joining and controlling resource access. + +### Shared Services Accounts + +These accounts provide internal production services to product accounts: + +* Software Factory accounts (45 hubs, Octane Hub, Artifactory). +* Cyber account (Qalis). +* ARC site account. +* Monitoring account (OBM, potentially Sitescope). + +### Product Accounts + +Each product account features a public subnet for internet exposure via a load balancer and internet gateway, while workloads reside in private subnets. A web application firewall (WAF) monitors incoming traffic, and CloudFront is available as a CDN. + +*The workload itself is going to be under private subnet.* + +### Automation and Deployment + +Terraform is used for automation, with each account having its own GitHub repository. Changes to Terraform code trigger Jenkins via a GitHub hook, initiating a deployment process through the management VPC, Lambda, and ECS cluster. A review process, including code review and plan output review, is implemented before applying changes, with staging environments used for testing before production deployment. + +### Remote Access + +Remote access is transitioning from Checkpoint VPN to Pulse VPN, requiring operators to use a VPN client and authenticate against the AD. Future plans involve SD1 replacing some network components. + --- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-7-saas-landing-zone-design.md.bak b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-7-saas-landing-zone-design.md.bak new file mode 100644 index 00000000..3beab661 --- /dev/null +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-7-saas-landing-zone-design.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 7 SaaS Landing Zone design +type: cloud-learning +source-type: video +category: DevOps & SRE/01_AWS-Landing-Zone +tags: + - AWS + - Landing-Zone + - SaaS + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 7_ SaaS Landing Zone design.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 7 SaaS Landing Zone design + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 7_ SaaS Landing Zone design.mp4` + +**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-72-implementing-an-enterprise-dr-strategy-using-aws-backup.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-72-implementing-an-enterprise-dr-strategy-using-aws-backup.md index 7b69fc40..50a84333 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-72-implementing-an-enterprise-dr-strategy-using-aws-backup.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-72-implementing-an-enterprise-dr-strategy-using-aws-backup.md @@ -1,8 +1,8 @@ --- -title: "CTP Topic 72 Implementing an Enterprise DR Strategy using AWS Backup" +title: CTP Topic 72 Implementing an Enterprise DR Strategy using AWS Backup type: cloud-learning source-type: video -category: "DevOps & SRE/01_AWS-Landing-Zone" +category: DevOps & SRE/01_AWS-Landing-Zone tags: - AWS - DR @@ -10,9 +10,9 @@ tags: - Enterprise - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 72_ Implementing an Enterprise DR Strategy using AWS Backup.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 72_ Implementing an Enterprise DR Strategy using AWS Backup.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 72 Implementing an Enterprise DR Strategy using AWS Backup @@ -27,7 +27,20 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Implementing an Enterprise DR Strategy Using AWS Backup + +Sabith from AWS discusses disaster recovery (DR) strategies using AWS Backup, differentiating between high availability and disaster recovery. He recaps basic concepts like RTO and RPO, introduces AWS Backup, and presents reference architectures. + +*We should always be prepared for a situation that everything falls all the time.* The shared responsibility model defines AWS's and the customer's roles in ensuring a resilient cloud environment. Human errors, technical failures, and natural disasters are major categories to consider when creating DR plans. + +High availability ensures a system performs its functions, measured by mean time between failures. Disaster recovery focuses on data loss prevention and recovery, while high availability focuses on system uptime and service availability. + +Recovery Point Objective (RPO) defines the acceptable data loss, while Recovery Time Objective (RTO) defines the acceptable downtime. Architectural patterns range from multi-site active-active (minimal interruption, high cost) to backup and restore (lower cost, longer interruption). AWS Backup is a fully managed, policy-based backup service that simplifies data protection. It supports numerous resource types and integrates with AWS Organizations for cross-account backup copies. + +AWS Backup uses backup plans to define what, when, and how to back up, storing recovery points in backup vaults. It integrates with IAM policies for access control and AWS Backup Audit Manager (BAM) for compliance reporting. AWS Backup integrates with underlying services through data plane and control plane integrations. Full backups capture all data, while incremental backups only capture changes since the last backup. + +AWS Backup offers immutable recovery points, automated scalability, and compliance features. Vault Lock in compliance mode prevents even root users from deleting recovery points until their lifecycle ends, deterring ransomware. Customers often use a vault or bunker account for storing backup copies, separate from workload accounts, to protect against compromises. A forensic account can be used to regularly test recovery points and scan for malware. + --- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-72-implementing-an-enterprise-dr-strategy-using-aws-backup.md.bak b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-72-implementing-an-enterprise-dr-strategy-using-aws-backup.md.bak new file mode 100644 index 00000000..4a10b980 --- /dev/null +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-72-implementing-an-enterprise-dr-strategy-using-aws-backup.md.bak @@ -0,0 +1,52 @@ +--- +title: CTP Topic 72 Implementing an Enterprise DR Strategy using AWS Backup +type: cloud-learning +source-type: video +category: DevOps & SRE/01_AWS-Landing-Zone +tags: + - AWS + - DR + - Backup + - Enterprise + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 72_ Implementing an Enterprise DR Strategy using AWS Backup.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 72 Implementing an Enterprise DR Strategy using AWS Backup + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 72_ Implementing an Enterprise DR Strategy using AWS Backup.mp4` + +**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-73-aws-backup-implementation-of-the-cloud-transformation-program.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-73-aws-backup-implementation-of-the-cloud-transformation-program.md index b4d0a245..6dd94d61 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-73-aws-backup-implementation-of-the-cloud-transformation-program.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-73-aws-backup-implementation-of-the-cloud-transformation-program.md @@ -1,16 +1,16 @@ --- -title: "CTP Topic 73 AWS Backup implementation of the Cloud Transformation Program" +title: CTP Topic 73 AWS Backup implementation of the Cloud Transformation Program type: cloud-learning source-type: video -category: "DevOps & SRE/01_AWS-Landing-Zone" +category: DevOps & SRE/01_AWS-Landing-Zone tags: - AWS - Backup - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 73_ AWS Backup implementation of the Cloud Transformation Program.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 73_ AWS Backup implementation of the Cloud Transformation Program.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 73 AWS Backup implementation of the Cloud Transformation Program @@ -25,7 +25,14 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> The session covers the AWS backup implementation of the cloud transformation program, focusing on the CTP backup strategy, AWS backup audit manager, and the AWS backup module. The SRE core, SRE product, and architecture teams collaborated on a design to provide product groups with flexibility in their backup strategies. + +Key points include the assumed backup policy for production workloads, which requires customer data to be backed up regularly (at least once in 24 hours) with a retention policy of at least 30 days, and two backup locations. AWS backup was adopted as the strategic tool for backup in AWS for the cloud transformation program to standardize backup processes. An SRE model was developed to allow product groups to create and control their own backups, aligned with the assumed backup policy, enabling independent backup and restore operations in their DRA accounts. + +AWS backup was chosen because it is a native service managed by AWS, simplifying data protection at scale and supporting multiple AWS resources. It supports TAC based backup plans, cross-account and cross-region backups, immutability for backups, out-of-the-box audit reports and frameworks, and point-in-time recovery for S3 and RDS. The design involves taking initial backups within the source accounts and copying them to a remote account and region, ideally a dedicated DR account for each production workload account. *This keeps backups within the DR account for immediate restore, avoiding time-consuming data copies.* If a DR account is unavailable, a Databunker account can be used as a centralized account for storing backups. The SRE backup model simplifies the adoption of AWS backup by creating AWS backup plans, selections, local AWS backup vaults, KMSKN policies, additional vaults in the DR account, Enroll policies, lifecycle policies, SNS topic creations, audit reports, and optional point-in-time restore for SRE and RDS. *The SRE models were adjusted to optionally create custom KMS kits, which is a fundamental requirement for having a remote account and region for the AWS backup processes.* + +The AWS backup audit manager provides out-of-the-box reports and compliance reports. Reports can be exported to an S3 bucket in CSV or JSON format, providing insights into the status of backups, resources backed up, creation date, recovery point, backup duration, and size. SNS notifications can be configured to receive alerts regarding the status of backups. The AWS backup audit manager framework includes controls that help evaluate backup practices, providing compliance reports. Controls include ensuring backup resources are protected by a backup plan, minimum frequency and retention, prevention of manual deletion of recovery points, encryption of recovery points, and scheduled cross-region and cross-account backups. + --- diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-73-aws-backup-implementation-of-the-cloud-transformation-program.md.bak b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-73-aws-backup-implementation-of-the-cloud-transformation-program.md.bak new file mode 100644 index 00000000..58d5dde8 --- /dev/null +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-73-aws-backup-implementation-of-the-cloud-transformation-program.md.bak @@ -0,0 +1,50 @@ +--- +title: CTP Topic 73 AWS Backup implementation of the Cloud Transformation Program +type: cloud-learning +source-type: video +category: DevOps & SRE/01_AWS-Landing-Zone +tags: + - AWS + - Backup + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 73_ AWS Backup implementation of the Cloud Transformation Program.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 73 AWS Backup implementation of the Cloud Transformation Program + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 73_ AWS Backup implementation of the Cloud Transformation Program.mp4` + +**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/learning-sessions-standard-amis-updates-20231205-160324-meeting-recording-2.md b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/learning-sessions-standard-amis-updates-20231205-160324-meeting-recording-2.md index 961ba281..c48d2f73 100644 --- a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/learning-sessions-standard-amis-updates-20231205-160324-meeting-recording-2.md +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/learning-sessions-standard-amis-updates-20231205-160324-meeting-recording-2.md @@ -1,51 +1,26 @@ ---- -title: "Learning Sessions Standard AMIs Updates - 20231205 160324-Meeting Recording (2)" -type: cloud-learning -source-type: video -category: "DevOps & SRE/01_AWS-Landing-Zone" -tags: - - AWS - - AMI - - Updates - - CTP -date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Learning Sessions _ Standard AMIs Updates - 20231205_160324-Meeting Recording (2).mp4" -audio-source: "" -status: raw ---- -# Learning Sessions Standard AMIs Updates - 20231205 160324-Meeting Recording (2) -**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Learning Sessions _ Standard AMIs Updates - 20231205_160324-Meeting Recording (2).mp4` +# learning sessions standard amis updates 20231205 160324 meeting recording 2 -**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone +## Standard AMI Updates and Overview -**Status:** 🟡 Awaiting Whisper transcription → Summary +The session provides a high-level overview and updates regarding Amazon Machine Images (AMIs). The standard AMIs are based on AWS AMIs but include OS hardening, the latest patches, and security updates. These AMIs also support domain joining, security tools, endpoint protection, access integration, a QALIS agent, SSM agent, DNS settings, Microsoft Edge for Windows AMIs, and GP3 EBS storage. ---- +The AMIs are built, tested, and shared to all AWS accounts every two months, and are immediately available as private AMIs. Currently, 23 different AMIs are supported, including various versions of Amazon Linux, CentOS, Oracle Enterprise Linux, Red Hat, Rocky Linux, SUSE Linux, Ubuntu, and Windows servers. The latest three releases are available in 12 regions, and older AMIs are archived for 12 months. -## 摘要 +The AMI release process follows a standard software release process, with changes developed on feature branches and merged into an integration branch. Jenkins multi-branch pipelines are used for building and testing the AMIs, including scripted tests and AWS Inspector. The publishing process involves copying the AMIs to different regions and sharing them to multiple organizations, with encryption and automatic creation of necessary grants. *The AMIs are then thrown through all of the test suites, and we'll see a couple of those as they come up in later slides, and then we verify that nothing seems to have regressed at that point.* -> 待转录后由 LLM 生成 +## Roadmap, Notifications, and End-of-Life ---- +The current roadmap includes a future release of Amazon Linux 2023, X64, planned for January. New AMI requests must go through the demand pipeline and take approximately 60 days to release. AMI notifications are sent out with each release, including links to relevant documents and the portal. A change log is available in the portal, detailing the changes included in each release. -## 关键概念 +Several operating systems are reaching end-of-life, including CentOS 7 and Red Hat 7 in June 2024. *CentOS 7 will be replaced by Rocky Linux, which is already available as a standard AMI.* OpenSUSE Leap 15 and OEL 7 will reach end-of-life in December 2024. -- +## New Features and Validation ---- +New features are injected into the release cycles based on various inputs, such as the migration from Trellix to Sentinel-1. The AMIs are designed to work across multiple landing zones and domain controller environments. The new landing zone uses secrets instead of parameter stores, and all automations now use cloud-based init. AMI utilization is monitored to track how frequently and how many AMIs are being used. -## 行动项 +A robotic framework has been integrated to automate basic test cases and validations, reducing the validation time for one AMI from three-four days to 60 minutes. An SSM patching solution is available for long-running instances that cannot be refreshed frequently. The AMIs are validated and tested according to the highest security standards, with penetration testing conducted periodically. +via model google/gemini-2.0-flash -- - ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +Cached · google/gemini-2.0-flash diff --git a/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/learning-sessions-standard-amis-updates-20231205-160324-meeting-recording-2.md.bak b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/learning-sessions-standard-amis-updates-20231205-160324-meeting-recording-2.md.bak new file mode 100644 index 00000000..961ba281 --- /dev/null +++ b/knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/learning-sessions-standard-amis-updates-20231205-160324-meeting-recording-2.md.bak @@ -0,0 +1,51 @@ +--- +title: "Learning Sessions Standard AMIs Updates - 20231205 160324-Meeting Recording (2)" +type: cloud-learning +source-type: video +category: "DevOps & SRE/01_AWS-Landing-Zone" +tags: + - AWS + - AMI + - Updates + - CTP +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Learning Sessions _ Standard AMIs Updates - 20231205_160324-Meeting Recording (2).mp4" +audio-source: "" +status: raw +--- + +# Learning Sessions Standard AMIs Updates - 20231205 160324-Meeting Recording (2) + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Learning Sessions _ Standard AMIs Updates - 20231205_160324-Meeting Recording (2).mp4` + +**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/02_IAM/ctp-topic-11-ad-integration-and-login-using-ad-accounts.md b/knowledgebase/DevOps & SRE/02_IAM/ctp-topic-11-ad-integration-and-login-using-ad-accounts.md index 8771858e..37b34d16 100644 --- a/knowledgebase/DevOps & SRE/02_IAM/ctp-topic-11-ad-integration-and-login-using-ad-accounts.md +++ b/knowledgebase/DevOps & SRE/02_IAM/ctp-topic-11-ad-integration-and-login-using-ad-accounts.md @@ -12,7 +12,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 11_ AD Integration, and Login using AD accounts.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 11 AD Integration, and Login using AD accounts @@ -21,7 +21,7 @@ status: summarized **Type:** VIDEO | **Category:** 02_IAM -**Status:** 🟡 Awaiting Whisper transcription → Summary +**Status:** ✅ 已完成(Gemini 摘要) --- diff --git a/knowledgebase/DevOps & SRE/02_IAM/ctp-topic-5-aws-identity-and-access-management-iam.md b/knowledgebase/DevOps & SRE/02_IAM/ctp-topic-5-aws-identity-and-access-management-iam.md index 2b6f380e..efe5ca98 100644 --- a/knowledgebase/DevOps & SRE/02_IAM/ctp-topic-5-aws-identity-and-access-management-iam.md +++ b/knowledgebase/DevOps & SRE/02_IAM/ctp-topic-5-aws-identity-and-access-management-iam.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 5 - AWS Identity and Access Management (IAM)" +title: CTP Topic 5 - AWS Identity and Access Management (IAM) type: cloud-learning source-type: video -category: "DevOps & SRE/02_IAM" +category: DevOps & SRE/02_IAM tags: - AWS - IAM - Security - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 5 - AWS Identity and Access Management (IAM).mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 5 - AWS Identity and Access Management (IAM).mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 5 - AWS Identity and Access Management (IAM) @@ -26,7 +26,35 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## AWS Identity and Access Management (IAM) Explained + +This session covers AWS Identity and Access Management (IAM), focusing on users, groups, roles, and policies, and how they relate to accessing AWS via the CLI and federation. The discussion emphasizes accessing landing zone accounts and determining the appropriate method. + +Key points include: +* IAM dashboard resources: users, groups, customer managed policies, roles, and identity providers. +* Federated access: Users gain access to accounts via Active Directory (AD) groups, which grant specific roles. +* `accounts.json`: This file, located in the root of every landing zone, contains a list of account numbers. +* IAM users are primarily for service accounts; federation is the preferred method for user management. +* User groups are less relevant due to the focus on federated user management. +* Roles are used by services or users and tie together permissions. +* Policies define permissions, specifying what actions are allowed or denied on resources. +* *Roles don't enable actions; they tie together who can do something and what they can do.* +* Policies can be AWS-managed or customer-managed. + +Federated users log in via their organization's AD, which maps to an IAM role. Command-line access via federation requires a tool called PFSSO. *We only want to allow the access that is strictly required.* Least privilege model: Granting only the necessary permissions is crucial. + +Configuring permissions typically involves a service accessing AWS resources, requiring a role and policy. Terraform modules can define IAM roles, including an assumed role policy and inline policy blocks. Policies should be fine-grained, limiting access to only the required resources. Inline policies are tied to a specific role, while managed policies can be reused across multiple roles. + +Key takeaways: +* Federation is the primary method for user access. +* Roles and policies are central to managing permissions. +* Least privilege is a guiding principle when defining policies. +* Consider using inline policies for role-specific permissions and managed policies for reusable permissions. +* When defining pterogrant modules, ensure policies are not too wide open. +* VSM requests are required to gain account access through Federation. +* User attributes beyond usernames are supported, including additional STS values and tags. +* Cross-account role assumption is possible, where principles in specified accounts can assume a role. + --- diff --git a/knowledgebase/DevOps & SRE/02_IAM/ctp-topic-5-aws-identity-and-access-management-iam.md.bak b/knowledgebase/DevOps & SRE/02_IAM/ctp-topic-5-aws-identity-and-access-management-iam.md.bak new file mode 100644 index 00000000..5add4ba9 --- /dev/null +++ b/knowledgebase/DevOps & SRE/02_IAM/ctp-topic-5-aws-identity-and-access-management-iam.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 5 - AWS Identity and Access Management (IAM) +type: cloud-learning +source-type: video +category: DevOps & SRE/02_IAM +tags: + - AWS + - IAM + - Security + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 5 - AWS Identity and Access Management (IAM).mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 5 - AWS Identity and Access Management (IAM) + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 5 - AWS Identity and Access Management (IAM).mp4` + +**Type:** VIDEO | **Category:** 02_IAM + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/02_IAM/learning-sessions-identity-governance-vsm-replacement-20231128-160326-meeting-re.md b/knowledgebase/DevOps & SRE/02_IAM/learning-sessions-identity-governance-vsm-replacement-20231128-160326-meeting-re.md index 51b00c72..8c7eca62 100644 --- a/knowledgebase/DevOps & SRE/02_IAM/learning-sessions-identity-governance-vsm-replacement-20231128-160326-meeting-re.md +++ b/knowledgebase/DevOps & SRE/02_IAM/learning-sessions-identity-governance-vsm-replacement-20231128-160326-meeting-re.md @@ -10,7 +10,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Learning Sessions _ Identity Governance VSM replacement -20231128_160326-Meeting Recording (1).mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Learning Sessions Identity Governance VSM replacement -20231128 160326-Meeting Recording (1) @@ -23,28 +23,10 @@ status: raw --- -## 摘要 +## Identity Governance and VSM Replacement -> 待转录后由 LLM 生成 +The learning session covers identity governance, focusing on the replacement of Virtual SM (VSM), a DXC tool, with identity governance (IG). The objective is to understand identity governance, its necessity, micro-focused IG, its utilization with control tower and counter-automation, the plan to replace VSM with IG, and how to use the IGA portal. ---- +Identity governance is a framework for managing digital identities efficiently, minimizing risk, and maintaining compliance. Key questions addressed by identity governance include: *who currently has access to our systems, who should have access, and how is the access being done?* It comprises identity management, access management, and identity auditing. Microfocus's IGA governs access through resources, providing workflows for approving and revoking access, as well as monitoring and auditing access. IG is used to provide access to both internal and external users, including contractors, with time-limited access. -## 关键概念 - -- - ---- - -## 行动项 - -- - ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +IG integrates with AWS Identity Center to provide access to resources via IAM. Groups in Active Directory represent roles, and IG governs access to these groups. A bridge is established using Azure AD domain services for authentication. IG controls Active Directory groups and workflows, while IAM connects to Azure to Cobdom domain. The plan is to replace VSM with IG for all accounts, using the same architecture as VSM, but with IG connected to Coptum domain. Changes include adding owner information to Active Directory groups and automating the account owner as the first-level approver. A POC is underway to validate the architecture and process. Gaining access involves searching for the resource in the IG portal, requesting access, and filling out a form. The request goes through an approval flow, and upon approval, access is granted automatically. diff --git a/knowledgebase/DevOps & SRE/02_IAM/learning-sessions-identity-governance-vsm-replacement-20231128-160326-meeting-re.md.bak b/knowledgebase/DevOps & SRE/02_IAM/learning-sessions-identity-governance-vsm-replacement-20231128-160326-meeting-re.md.bak new file mode 100644 index 00000000..51b00c72 --- /dev/null +++ b/knowledgebase/DevOps & SRE/02_IAM/learning-sessions-identity-governance-vsm-replacement-20231128-160326-meeting-re.md.bak @@ -0,0 +1,50 @@ +--- +title: "Learning Sessions Identity Governance VSM replacement -20231128 160326-Meeting Recording (1)" +type: cloud-learning +source-type: video +category: "DevOps & SRE/02_IAM" +tags: + - Identity-Governance + - VSM + - CTP +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Learning Sessions _ Identity Governance VSM replacement -20231128_160326-Meeting Recording (1).mp4" +audio-source: "" +status: raw +--- + +# Learning Sessions Identity Governance VSM replacement -20231128 160326-Meeting Recording (1) + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Learning Sessions _ Identity Governance VSM replacement -20231128_160326-Meeting Recording (1).mp4` + +**Type:** VIDEO | **Category:** 02_IAM + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/03_Terraform/ctp-topic-12-using-ses-smtp-service-terraform-module.md b/knowledgebase/DevOps & SRE/03_Terraform/ctp-topic-12-using-ses-smtp-service-terraform-module.md index e6ed592e..a1d6ab9e 100644 --- a/knowledgebase/DevOps & SRE/03_Terraform/ctp-topic-12-using-ses-smtp-service-terraform-module.md +++ b/knowledgebase/DevOps & SRE/03_Terraform/ctp-topic-12-using-ses-smtp-service-terraform-module.md @@ -12,7 +12,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 12_ Using SES SMTP service terraform module.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 12 Using SES SMTP service terraform module @@ -21,7 +21,7 @@ status: summarized **Type:** VIDEO | **Category:** 03_Terraform -**Status:** 🟡 Awaiting Whisper transcription → Summary +**Status:** ✅ 已完成(Gemini 摘要) --- diff --git a/knowledgebase/DevOps & SRE/03_Terraform/ctp-topic-16-cross-account-terraform-modules.md b/knowledgebase/DevOps & SRE/03_Terraform/ctp-topic-16-cross-account-terraform-modules.md index 21b2b6bc..3a860988 100644 --- a/knowledgebase/DevOps & SRE/03_Terraform/ctp-topic-16-cross-account-terraform-modules.md +++ b/knowledgebase/DevOps & SRE/03_Terraform/ctp-topic-16-cross-account-terraform-modules.md @@ -11,7 +11,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 16_ Cross-account Terraform modules.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 16 Cross-account Terraform modules @@ -20,7 +20,7 @@ status: summarized **Type:** VIDEO | **Category:** 03_Terraform -**Status:** 🟡 Awaiting Whisper transcription → Summary +**Status:** ✅ 已完成(Gemini 摘要) --- diff --git a/knowledgebase/DevOps & SRE/03_Terraform/ctp-topic-48-terraform-vs-terragrunt.md b/knowledgebase/DevOps & SRE/03_Terraform/ctp-topic-48-terraform-vs-terragrunt.md index 7ba94421..f7df6411 100644 --- a/knowledgebase/DevOps & SRE/03_Terraform/ctp-topic-48-terraform-vs-terragrunt.md +++ b/knowledgebase/DevOps & SRE/03_Terraform/ctp-topic-48-terraform-vs-terragrunt.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 48 Terraform vs Terragrunt" +title: CTP Topic 48 Terraform vs Terragrunt type: cloud-learning source-type: video -category: "DevOps & SRE/03_Terraform" +category: DevOps & SRE/03_Terraform tags: - Terraform - Terragrunt - IaC - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 48_ Terraform vs Terragrunt.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 48_ Terraform vs Terragrunt.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 48 Terraform vs Terragrunt @@ -26,7 +26,24 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Terraform vs. Terragrunt + +Bob, an AWS Solutions Architect and Tech Lead, contrasts Terraform and Terragrunt, emphasizing the importance of understanding their differentiation for both high-level strategy/design roles and low-level development/debugging roles. + +Terraform, founded by HashiCorp, is a Golang application used to provision, change, and version-control resources across various environments. A key selling point is its cloud-agnostic nature. The plan command allows users to preview changes before implementation, providing a distinct advantage. *To run Terraform consistently, it ties the desired state to the existing environment using a state file.* For enterprise-scale use, storing this file in a safe, accessible location is crucial, with cloud vendors offering persistence solutions. + +Terragrunt is presented as a thin wrapper around Terraform, promoting the DRY (don't repeat yourself) principle. All Terraform commands work with Terragrunt; a Terraform plan becomes a Terragrunt plan. The language, including blocks and attributes, remains consistent. Terragrunt helps manage provider and remote state blocks, which can be complex and error-prone when declared multiple times across different environments. *Terragrunt offers a way to use information in a repeatable way without hard coding values.* + +Terraform and Terragrunt have similar commands and languages, but differ in their approach to reusability and state management. Terraform's core is cloud-agnostic, while its vendor-specific parts require separate modules for each cloud provider. Terragrunt helps streamline configurations across environments. + +Additional points: +* Terraform Enterprise is a CI platform with workspaces. +* Gruntwork offers pre-built, customizable modules and a Terraform native AWS landing zone. +* Atlantis integrates Terraform with GitHub for infrastructure provisioning. +* Tools like tfsec aid in maintaining security through static code analysis. +* Terratest enables test automation for improved stability and velocity in the software delivery pipeline. +* Cloud cost customization tools can help visualize the cost implications of changes before deployment. + --- diff --git a/knowledgebase/DevOps & SRE/03_Terraform/ctp-topic-48-terraform-vs-terragrunt.md.bak b/knowledgebase/DevOps & SRE/03_Terraform/ctp-topic-48-terraform-vs-terragrunt.md.bak new file mode 100644 index 00000000..1519375a --- /dev/null +++ b/knowledgebase/DevOps & SRE/03_Terraform/ctp-topic-48-terraform-vs-terragrunt.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 48 Terraform vs Terragrunt +type: cloud-learning +source-type: video +category: DevOps & SRE/03_Terraform +tags: + - Terraform + - Terragrunt + - IaC + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 48_ Terraform vs Terragrunt.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 48 Terraform vs Terragrunt + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 48_ Terraform vs Terragrunt.mp4` + +**Type:** VIDEO | **Category:** 03_Terraform + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-cloud-transformation-programme-20230808-183322-meeting-recordi.md b/knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-cloud-transformation-programme-20230808-183322-meeting-recordi.md index 49cb6361..283228c1 100644 --- a/knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-cloud-transformation-programme-20230808-183322-meeting-recordi.md +++ b/knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-cloud-transformation-programme-20230808-183322-meeting-recordi.md @@ -10,7 +10,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Learning Sessions _ Cloud Transformation Programme-20230808_183322-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Learning Sessions Cloud Transformation Programme-20230808 183322-Meeting Recording @@ -23,28 +23,8 @@ status: raw --- -## 摘要 +The learning session focuses on ECS deployment using infrastructure as code, presented by JP and Raja M. The session is part of a weekly series on Tuesdays, emphasizing interactive learning with Q&A opportunities. Recordings and presentations are available on a SharePoint site, with notifications sent beforehand. -> 待转录后由 LLM 生成 +JP discusses the business and technology background of ECS, while Raja details the ECS module developed within CTP and SRE. The industry faces challenges like unpredictability and the need for agility, pushing businesses towards infrastructure as code. *Businesses have to thrive in the middle of all these challenges and it is forged by code.* Dynamic scaling is crucial due to unpredictable load patterns, requiring technologies to evolve. ECS (Elastic Container Services) is an AWS proprietary technology that integrates with AWS services, offering advantages and challenges compared to EKS or native Kubernetes. ---- - -## 关键概念 - -- - ---- - -## 行动项 - -- - ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +The ECS model, built on the grant work repository, allows creating Docker containers as logical units and supports EC2 instances or target deployments. It features auto-scaling, auto-healing, and canary deployments. The module supports a listener approach for centralized ECS management and integrates with AWS services. *We have implemented the listener approach because we have seen many of the products are you know they are downloading the quotes from the grant work and using locally.* Prerequisites for using the module include VPC, ELB security group, and EFS volume mounting. Configurations can be passed via YAML or JSON, with integration support for AWS CloudWatch, Splunk, Grafana, and Prometheus. diff --git a/knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-cloud-transformation-programme-20230808-183322-meeting-recordi.md.bak b/knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-cloud-transformation-programme-20230808-183322-meeting-recordi.md.bak new file mode 100644 index 00000000..49cb6361 --- /dev/null +++ b/knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-cloud-transformation-programme-20230808-183322-meeting-recordi.md.bak @@ -0,0 +1,50 @@ +--- +title: "Learning Sessions Cloud Transformation Programme-20230808 183322-Meeting Recording" +type: cloud-learning +source-type: video +category: "DevOps & SRE/03_Terraform" +tags: + - Terraform + - CTP + - IaC +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Learning Sessions _ Cloud Transformation Programme-20230808_183322-Meeting Recording.mp4" +audio-source: "" +status: raw +--- + +# Learning Sessions Cloud Transformation Programme-20230808 183322-Meeting Recording + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Learning Sessions _ Cloud Transformation Programme-20230808_183322-Meeting Recording.mp4` + +**Type:** VIDEO | **Category:** 03_Terraform + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-cloud-transformation-programme-deploying-rds-via-terraform.md b/knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-cloud-transformation-programme-deploying-rds-via-terraform.md index 604f4b8a..7ca5505c 100644 --- a/knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-cloud-transformation-programme-deploying-rds-via-terraform.md +++ b/knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-cloud-transformation-programme-deploying-rds-via-terraform.md @@ -11,7 +11,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Learning Sessions _ Cloud Transformation Programme-Deploying RDS via Terraform.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Learning Sessions Cloud Transformation Programme-Deploying RDS via Terraform @@ -24,28 +24,8 @@ status: raw --- -## 摘要 +Greg from the DBRE team discusses deploying RDS via Terraform, advocating its use over the console for deploying any size RDS into Amazon. The presentation covers why infrastructure as code is helpful, clarifies the use of grunt work modules, and introduces SRE core modules. It also includes technical details, live demos of deployment, maintenance, upgrades, and monitoring/alarming. -> 待转录后由 LLM 生成 +Key benefits of infrastructure as code include speed, flexibility, consistency, disaster recovery, documentation, and automation. *The code is the documentation.* There are two main options for deploying RDS: the bare-bones RDS module and the more comprehensive RDS service. The grunt work RDS service is recommended due to its pre-built features like KMS key encryption and CloudWatch alarming. The SRE core modules are less fully featured than the grunt work service. ---- - -## 关键概念 - -- - ---- - -## 行动项 - -- - ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +To deploy an RDS database, use Terragrunt, a wrapper around Terraform, to keep code clean and avoid repeating variables. *We use Terragrunt, which is basically it's a wrapper around Terraform, and it allows you to keep your code clean and you're not repeating your variables all the time.* Use a tagged release instead of the master branch for stability. Basic variables include VPC, database type (Oracle, Postgres), port, and license model. For day two operations like scaling, patching, and major version upgrades, changes are made in the TerraGrant file and applied via GitHub pull requests and Atlantis. Monitoring is achieved through CloudWatch dashboards and alarms, with considerations for burstable instance shapes and CPU credits. diff --git a/knowledgebase/DevOps & SRE/05_FinOps/learning-sessions-fy24q1-cost-optimisation-20230912.md b/knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-cloud-transformation-programme-deploying-rds-via-terraform.md.bak similarity index 50% rename from knowledgebase/DevOps & SRE/05_FinOps/learning-sessions-fy24q1-cost-optimisation-20230912.md rename to knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-cloud-transformation-programme-deploying-rds-via-terraform.md.bak index b03ac3e9..604f4b8a 100644 --- a/knowledgebase/DevOps & SRE/05_FinOps/learning-sessions-fy24q1-cost-optimisation-20230912.md +++ b/knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-cloud-transformation-programme-deploying-rds-via-terraform.md.bak @@ -1,23 +1,24 @@ --- -title: "Learning Sessions - FY24Q1 Cost Optimisation - 20230912" +title: "Learning Sessions Cloud Transformation Programme-Deploying RDS via Terraform" type: cloud-learning -source-type: pptx -category: "DevOps & SRE/05_FinOps" +source-type: video +category: "DevOps & SRE/03_Terraform" tags: - - Cost-Optimization - - FinOps - - FY24 + - Terraform + - RDS + - IaC + - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Learning Sessions - FY24Q1 Cost Optimisation - 20230912.pptx" +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Learning Sessions _ Cloud Transformation Programme-Deploying RDS via Terraform.mp4" audio-source: "" status: raw --- -# Learning Sessions - FY24Q1 Cost Optimisation - 20230912 +# Learning Sessions Cloud Transformation Programme-Deploying RDS via Terraform -**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Learning Sessions - FY24Q1 Cost Optimisation - 20230912.pptx` +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Learning Sessions _ Cloud Transformation Programme-Deploying RDS via Terraform.mp4` -**Type:** PPTX | **Category:** 05_FinOps +**Type:** VIDEO | **Category:** 03_Terraform **Status:** 🟡 Awaiting Whisper transcription → Summary diff --git a/knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-ecs-deployment-using-iac-20230808-183322-meeting-recording.md b/knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-ecs-deployment-using-iac-20230808-183322-meeting-recording.md index aba73853..ea3a150a 100644 --- a/knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-ecs-deployment-using-iac-20230808-183322-meeting-recording.md +++ b/knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-ecs-deployment-using-iac-20230808-183322-meeting-recording.md @@ -12,7 +12,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Learning Sessions _ ECS Deployment using IAC -20230808_183322-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Learning Sessions ECS Deployment using IAC -20230808 183322-Meeting Recording @@ -25,28 +25,8 @@ status: raw --- -## 摘要 +The learning session focuses on ECS deployment using infrastructure as code, presented by JP and Raja M. The session is part of a weekly series on Tuesdays, emphasizing interactive learning with Q&A opportunities. Recordings and presentations are available on a SharePoint site, with notifications sent beforehand. -> 待转录后由 LLM 生成 +JP discusses the business and technology background of ECS, while Raja details the ECS module developed within CTP and SRE. The industry faces challenges like unpredictability and the need for agility, pushing businesses towards infrastructure as code. *Businesses have to thrive in the middle of all these challenges and it is forged by code.* Dynamic scaling is crucial due to unpredictable load patterns, requiring technologies to evolve. ECS (Elastic Container Services) is an AWS proprietary technology that integrates with AWS services, offering advantages and challenges compared to EKS or native Kubernetes. ---- - -## 关键概念 - -- - ---- - -## 行动项 - -- - ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +The ECS model, built on the grant work repository, allows creating Docker containers as logical units and supports EC2 instances or target deployments. It features auto-scaling, auto-healing, and canary deployments. The module supports a listener approach for centralized ECS management and integrates with AWS services. *We have implemented the listener approach because we have seen many of the products are you know they are downloading the quotes from the grant work and using locally.* Prerequisites for using the module include VPC, ELB security group, and EFS volume mounting. Configurations can be passed via YAML or JSON, with integration support for AWS CloudWatch, Splunk, Grafana, and Prometheus. diff --git a/knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-ecs-deployment-using-iac-20230808-183322-meeting-recording.md.bak b/knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-ecs-deployment-using-iac-20230808-183322-meeting-recording.md.bak new file mode 100644 index 00000000..aba73853 --- /dev/null +++ b/knowledgebase/DevOps & SRE/03_Terraform/learning-sessions-ecs-deployment-using-iac-20230808-183322-meeting-recording.md.bak @@ -0,0 +1,52 @@ +--- +title: "Learning Sessions ECS Deployment using IAC -20230808 183322-Meeting Recording" +type: cloud-learning +source-type: video +category: "DevOps & SRE/03_Terraform" +tags: + - AWS + - ECS + - IaC + - Terraform + - CTP +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Learning Sessions _ ECS Deployment using IAC -20230808_183322-Meeting Recording.mp4" +audio-source: "" +status: raw +--- + +# Learning Sessions ECS Deployment using IAC -20230808 183322-Meeting Recording + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Learning Sessions _ ECS Deployment using IAC -20230808_183322-Meeting Recording.mp4` + +**Type:** VIDEO | **Category:** 03_Terraform + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-29-cloud-monitoring-saas-lz-accounts.md b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-29-cloud-monitoring-saas-lz-accounts.md index 3989729a..95aa8d2c 100644 --- a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-29-cloud-monitoring-saas-lz-accounts.md +++ b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-29-cloud-monitoring-saas-lz-accounts.md @@ -1,8 +1,8 @@ --- -title: "CTP Topic 29 Cloud Monitoring – SaaS LZ accounts" +title: CTP Topic 29 Cloud Monitoring – SaaS LZ accounts type: cloud-learning source-type: video -category: "DevOps & SRE/04_EKS" +category: DevOps & SRE/04_EKS tags: - AWS - Monitoring @@ -10,9 +10,9 @@ tags: - Landing-Zone - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 29_ Cloud Monitoring – SaaS LZ accounts.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 29_ Cloud Monitoring – SaaS LZ accounts.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 29 Cloud Monitoring – SaaS LZ accounts @@ -27,7 +27,14 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## AWS Cloud Monitoring with OpsBridge + +The session covers AWS cloud monitoring using Micro Focus OpsBridge, focusing on a new Cloud Monitoring feature. This containerized solution can be deployed on-prem or on AWS EKS and supports monitoring over 20 AWS data services, with data stored in an optic data lake using Vertica for performance dashboarding and reporting. The architecture collects data from CloudWatch metrics using read-only access to monitored accounts, correlating data and updating the configuration management database. + +Key points include deployment, monitoring setup, and operations. Cloud Monitoring is enabled within OpsBridge, requiring a one-time IAM role setup in customer accounts for read-only access. *Tag-based monitoring is emphasized as a best practice, with automation to identify missing tags.* The solution uses a single instance to monitor multiple accounts and regions. + +Data consumption occurs via event dashboards, topology views, and performance dashboards. The solution is being developed in collaboration with the product R&D team, with new reporting features expected in the next release. The demo showcased event perspectives, performance dashboards, and topology views, highlighting event details, historical usage, and hierarchical resource presentation. The operational model's impact on application teams was discussed, including data feedback, OpsBridge expertise, and outage detection capabilities. + --- diff --git a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-29-cloud-monitoring-saas-lz-accounts.md.bak b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-29-cloud-monitoring-saas-lz-accounts.md.bak new file mode 100644 index 00000000..020c259e --- /dev/null +++ b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-29-cloud-monitoring-saas-lz-accounts.md.bak @@ -0,0 +1,52 @@ +--- +title: CTP Topic 29 Cloud Monitoring – SaaS LZ accounts +type: cloud-learning +source-type: video +category: DevOps & SRE/04_EKS +tags: + - AWS + - Monitoring + - SaaS + - Landing-Zone + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 29_ Cloud Monitoring – SaaS LZ accounts.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 29 Cloud Monitoring – SaaS LZ accounts + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 29_ Cloud Monitoring – SaaS LZ accounts.mp4` + +**Type:** VIDEO | **Category:** 04_EKS + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md index 96002324..f82a3806 100644 --- a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md +++ b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md @@ -1,8 +1,8 @@ --- -title: "CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone" +title: CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone type: cloud-learning source-type: video -category: "DevOps & SRE/04_EKS" +category: DevOps & SRE/04_EKS tags: - AWS - EKS @@ -10,9 +10,9 @@ tags: - Landing-Zone - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 39_ Implementing EKS in the AWS Lab Landing Zone.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 39_ Implementing EKS in the AWS Lab Landing Zone.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone @@ -27,7 +27,21 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> Spencer and Guy discuss implementing Elastic Kubernetes Service (EKS) in the AWS landing zone, focusing on a use case with Octane, a Microfocus SaaS application that is IP-hungry. They faced challenges with the limited range of IP addresses in AWS labs run on the Microfocus network. + +The solution involved creating a private subnet within their own space, not connected to the main subnet, to provide a large number of IPs for EKS to use. *The problem was was that this wasn't supported in the EKS sort of solution that was given to us.* They utilized Terraform and Terragrunt modules to create the lab, working with SRE to enable EKS to create its own subnet and use its own IPs within each pod. + +Key points: +* The EKS module has a flag for custom networking configuration to control IP allocation. +* They demonstrated how to call the EKS module within Terraform code, specifying the subnet and mappings between federated accounts/roles. +* They showed how to access the EKS cluster, get pods, and access both internal Microfocus network resources and external resources from within a pod. +* *Within the spec configuration, we basically have to put host network equals true.* +* They addressed a question about container hardening guidelines, explaining that they had discussions with security teams and implemented strong security measures. +* They mentioned that AWS may have contributed to the idea of this solution. +* Atlantis cannot currently deploy EKS clusters; a Terragrunt module on Jenkins is used instead. +* Mapping roles allows connection to the cluster and visibility of EKS components in the AWS console. +* The number of node groups is currently hardcoded but will be made configurable in future versions. + --- diff --git a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md.bak b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md.bak new file mode 100644 index 00000000..998fd2a8 --- /dev/null +++ b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md.bak @@ -0,0 +1,52 @@ +--- +title: CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone +type: cloud-learning +source-type: video +category: DevOps & SRE/04_EKS +tags: + - AWS + - EKS + - Kubernetes + - Landing-Zone + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 39_ Implementing EKS in the AWS Lab Landing Zone.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 39_ Implementing EKS in the AWS Lab Landing Zone.mp4` + +**Type:** VIDEO | **Category:** 04_EKS + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-42-grafana-observability-dashboard.md b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-42-grafana-observability-dashboard.md index dc01ec12..92dc3b0c 100644 --- a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-42-grafana-observability-dashboard.md +++ b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-42-grafana-observability-dashboard.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 42 Grafana Observability dashboard" +title: CTP Topic 42 Grafana Observability dashboard type: cloud-learning source-type: video -category: "DevOps & SRE/04_EKS" +category: DevOps & SRE/04_EKS tags: - Grafana - Observability - Dashboard - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 42_ Grafana_Observability dashboard.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 42_ Grafana_Observability dashboard.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 42 Grafana Observability dashboard @@ -26,7 +26,28 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Grafana Observability and Dashboards + +Grafana is an open-source web application used for data visualization through charts and dashboards. It supports various data sources, including metrics (CPU load, memory usage) and logs (timestamps, debug levels). Data producers like Jenkins, CA servers, and AWS CloudWatch inject data into these sources, which Grafana then visualizes. *Grafana does not exist differently data source by itself. It needs to be expressed from the data, all kinds of data sources.* + +The infrastructure architecture involves users accessing Grafana through a load balancer and auto-scaling groups. Grafana is installed in a monitoring account and configured to access other product team AWS accounts via IAM role policies. A Grafana monitoring role is assumed from a Terraform service catalog repo, granting access to various landing zone source accounts. + +Grafana offers user-level and team-level access controls, with roles like editor, viewer, and admin. Data sources are created with specific ARNs to access AWS accounts. Dashboards are dynamic, fetching data based on product team access. A sample dashboard includes CPU, I/O, network, EBS, and estimated charges monitoring. Alerting systems can be configured to notify channels like Microsoft Teams of high CPU usage or service downtime. + +### Terraform and Automation + +Terraform is used to automate Grafana resource provisioning. Modules exist for data sources and Grafana organizations. A demo scenario simulates onboarding Grafana for a new product group account using LZSAP. The process involves creating folders, calling modules, and using JSON input variables to define organization names and user access. + +Dashboards are provisioned with data sources and regions as inputs. Grafana offers flexibility in dashboard layout and data visualization. Product teams can leverage these modules and customize dashboards with application-specific logs or custom CloudWatch metrics. + +### Network Monitoring and Roadmap + +Network monitoring is achieved using Prometheus as a data source for checkpoint and firewall instances. A tool called norm is referenced to fetch metrics via the SNMP protocol. Key dashboards display packet in/out transfers, interface metrics, and CPU/disk usage. + +The roadmap includes implementing alerting and notification rules, refining network monitoring dashboards, building application-specific dashboards, and enabling product groups to consume Grafana Terraform modules. The goal is to replace Micro Focus tools with Grafana for end-to-end monitoring. *We would like to build application specific dashboards which can basically give us key insight with respect to our applications that are running over there.* + +Grafana offers open-source and paid versions (Grafana Enterprise and Grafana Cloud). User management is currently within the Grafana database but will move to LDAP or SSO. + --- diff --git a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-42-grafana-observability-dashboard.md.bak b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-42-grafana-observability-dashboard.md.bak new file mode 100644 index 00000000..f389f588 --- /dev/null +++ b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-42-grafana-observability-dashboard.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 42 Grafana Observability dashboard +type: cloud-learning +source-type: video +category: DevOps & SRE/04_EKS +tags: + - Grafana + - Observability + - Dashboard + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 42_ Grafana_Observability dashboard.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 42 Grafana Observability dashboard + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 42_ Grafana_Observability dashboard.mp4` + +**Type:** VIDEO | **Category:** 04_EKS + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-54-esm-saas-log-analytics.md b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-54-esm-saas-log-analytics.md index 5926a134..2a328026 100644 --- a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-54-esm-saas-log-analytics.md +++ b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-54-esm-saas-log-analytics.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 54 ESM SaaS Log Analytics" +title: CTP Topic 54 ESM SaaS Log Analytics type: cloud-learning source-type: video -category: "DevOps & SRE/04_EKS" +category: DevOps & SRE/04_EKS tags: - Log-Analytics - SaaS - ESM - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 54_ ESM SaaS Log Analytics.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 54_ ESM SaaS Log Analytics.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 54 ESM SaaS Log Analytics @@ -26,7 +26,22 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## ESM SAS Log Analytics + +Jackie, an ITOM ESM SAS architect, discusses Log Analytics, covering concepts, architecture, regional setup, provisioning, security, and a demo of a counter solution. He also briefly compares different solutions. + +The presentation begins with an overview of the ELK stack (Elasticsearch, Logstash, Kibana) and its open-source alternative, OpenSearch. Applications collect logs via BEATS, which are then aggregated and processed by Logstash to give meaning to each column, before being stored in Elasticsearch or OpenSearch. Kibana is used as a front-end for log file visualization and analysis. + +*The application collects your log, it's called the BEATS.* The architecture involves two VPCs: one for the application and another for logging. Filebeat, running as a container, continuously ships logs from the application VPC to the logging VPC. Logstash processes these logs, and OpenSearch stores them. End users can view logs via Kibana, connecting from a specified network. Redis is used as an optional buffer to prevent Logstash overload. + +Due to legal reasons like GDPR, farms are split regionally, with farms in Oregon, the US, and Europe. Provisioning is done via CloudFormation or Terraform, but security hardening and continuous optimization pose challenges. Security measures include encryption at rest (using encrypted nodes and hardware-level encryption on NVMe devices) and in transit (using TLS 1.2). Traffic between VPCs is private, not over the internet. Index-based access control and RBAC are implemented for different user roles. + +A demo shows how to search for specific IDs or services within the logs. A comparison of solutions like Logz.io, AWS OpenSearch, self-hosted ELK, and Microfocus OBA is provided. Logz.io is a managed ELK solution, while OBA offers more mature commercial options with automated clustering. ELK is easy to configure but complex to manage, while OBA is more mature with commercial options. ELK supports fine-grained access control, while OBA supports column-level access control. + +Cost estimates are provided based on a single farm usage with 14 days retention and 100GB processed daily. Logz.io costs around $4,000, while AWS OpenSearch costs around $1,500 or less. Self-hosted options can be very low cost but require more maintenance. Availability SLAs vary, with Logz.io offering 99.8% and AWS OpenSearch offering 99.9%. Disaster recovery is covered by the vendor for Logz.io, while AWS OpenSearch automatically captures snapshots. + +Recommendations for starting with Log Analytics include beginning with Logz.io for its trial period, then transitioning to AWS OpenSearch or self-hosted options for more control. The presentation concludes with a Q&A session covering GDPR requirements, log acquisition, cost details, scaling, and comparisons to other solutions. *We have already built up all the farms.* + --- diff --git a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-54-esm-saas-log-analytics.md.bak b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-54-esm-saas-log-analytics.md.bak new file mode 100644 index 00000000..997b1379 --- /dev/null +++ b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-54-esm-saas-log-analytics.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 54 ESM SaaS Log Analytics +type: cloud-learning +source-type: video +category: DevOps & SRE/04_EKS +tags: + - Log-Analytics + - SaaS + - ESM + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 54_ ESM SaaS Log Analytics.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 54 ESM SaaS Log Analytics + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 54_ ESM SaaS Log Analytics.mp4` + +**Type:** VIDEO | **Category:** 04_EKS + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-59-achieving-reliability-with-amazon-eks.md b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-59-achieving-reliability-with-amazon-eks.md index 968b5ff3..e62b3d22 100644 --- a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-59-achieving-reliability-with-amazon-eks.md +++ b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-59-achieving-reliability-with-amazon-eks.md @@ -1,8 +1,8 @@ --- -title: "CTP Topic 59 Achieving reliability with Amazon EKS" +title: CTP Topic 59 Achieving reliability with Amazon EKS type: cloud-learning source-type: video -category: "DevOps & SRE/04_EKS" +category: DevOps & SRE/04_EKS tags: - AWS - EKS @@ -10,9 +10,9 @@ tags: - Reliability - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 59_ Achieving reliability with Amazon EKS.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 59_ Achieving reliability with Amazon EKS.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 59 Achieving reliability with Amazon EKS @@ -27,7 +27,20 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## EKS Reliability with AWS + +Surav Paul, a Senior Solutions Architect from AWS, presented on EKS (Elastic Kubernetes Service), covering container offerings and reliability practices. The session aimed to be interactive, encouraging questions about shared responsibility models, reliability-based practices, application reliability, and data plane reliability. + +When considering container offerings on AWS, users can choose between Amazon Elastic Container Service (ECS) and Elastic Kubernetes Service (EKS). ECS is recommended for those starting their container adoption journey, offering a simple interface with native AWS service integrations. EKS is suitable for those familiar with the Kubernetes ecosystem, providing flexibility with open community initiatives. *ECS is a more AWS opinionated way of running containers.* Both ECS and EKS offer multiple compute options, including VM images, serverless deployments (AWS Fargate), and on-prem deployments. + +Reliability in a system means it offers predictable behavior even when failures occur. Key concerns include failure detection, graceful service degradation, deterministic failure modes, self-healing capabilities, and on-demand scaling. Reliability concerns are grouped under application, control plane, and data plane categories. The shared responsibility model dictates that AWS manages control plane components (state store, scheduler, controller manager, API servers), while customers manage aspects like worker nodes, operating systems, and application configurations. *With Fargate, you don't have to worry about managing the nodes or worrying about patching or upgrading the nodes.* + +Application reliability involves avoiding singleton pods and spreading application pods across availability zones using pod anti-affinity or topology spread constraints. Topology spread constraints offer finer-grained control over workload distribution. Collecting metrics via the metrics server is crucial for scaling, with HPA (Horizontal Pod Autoscaler) using CPU utilization and memory consumption by default, and custom/external metrics available. VPA (Vertical Pod Autoscaler) can right-size pods, but runtime adjustments cause restarts. Deployment strategies include rolling upgrades, blue-green deployments, and canary deployments, each with different levels of control and complexity. Liveness, readiness, and startup probes are essential for monitoring pod health, and pod disruption budgets ensure minimum service levels during maintenance. + +Control plane reliability involves monitoring control plane metrics (API server requests, HCT state store size) to prevent issues. Securing cluster authentication by creating a secure user with super admin role is crucial. Admission webhooks should be carefully configured and tested to avoid obstructing the control plane. Cluster upgrades have control plane and data plane phases, with EKS platform versions handling patch releases transparently. Minor version upgrades have a 14-month support cycle before automatic upgrades occur. + +Data plane reliability involves using tools like node problem detector, reserving system resources, implementing quality of service, and configuring resource quotas and limit ranges. Pod priority and control preemption are also important. + --- diff --git a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-59-achieving-reliability-with-amazon-eks.md.bak b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-59-achieving-reliability-with-amazon-eks.md.bak new file mode 100644 index 00000000..850bbfea --- /dev/null +++ b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-59-achieving-reliability-with-amazon-eks.md.bak @@ -0,0 +1,52 @@ +--- +title: CTP Topic 59 Achieving reliability with Amazon EKS +type: cloud-learning +source-type: video +category: DevOps & SRE/04_EKS +tags: + - AWS + - EKS + - Kubernetes + - Reliability + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 59_ Achieving reliability with Amazon EKS.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 59 Achieving reliability with Amazon EKS + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 59_ Achieving reliability with Amazon EKS.mp4` + +**Type:** VIDEO | **Category:** 04_EKS + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-60-monitor-aws-using-hyperscale-observability-with-grafana.md b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-60-monitor-aws-using-hyperscale-observability-with-grafana.md index f9dec24f..91aebcbb 100644 --- a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-60-monitor-aws-using-hyperscale-observability-with-grafana.md +++ b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-60-monitor-aws-using-hyperscale-observability-with-grafana.md @@ -1,8 +1,8 @@ --- -title: "CTP Topic 60 Monitor AWS using Hyperscale Observability with Grafana" +title: CTP Topic 60 Monitor AWS using Hyperscale Observability with Grafana type: cloud-learning source-type: video -category: "DevOps & SRE/04_EKS" +category: DevOps & SRE/04_EKS tags: - AWS - Grafana @@ -10,9 +10,9 @@ tags: - Hyperscale - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 60_ Monitor AWS using Hyperscale Observability with Grafana.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 60_ Monitor AWS using Hyperscale Observability with Grafana.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 60 Monitor AWS using Hyperscale Observability with Grafana @@ -27,7 +27,20 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Monitoring AWS Using Hyperscale Observability with Grafana + +This session is a continuation of a previous session about Grafana. It focuses on recent capabilities and features now available. Vinay covers the session, in place of Sashi, who is on leave. + +The session recaps previous discussions, including the effective use of Grafana with different data sources, creating queries, and customizing visualizations. Grafana's ability to provision infrastructure and applications using Terraform modules (dashboard as code) is highlighted, along with its use for SNMP-based network infrastructure monitoring. The move from the open-source version of Grafana to the enterprise license version is emphasized to leverage the full potential of Grafana. + +Key highlights explored through demonstrations include data source integration, event tracking, alert integrations, instance monitoring, and resource tracking. Optic DR, an internal monitoring solution and plugin of VaticaDB, is crucial for pulling data into Grafana dashboards. *Opsbridge monitoring solutions use a dashboard to display even triggered by the monitoring systems.* Grafana's alert system is flexible and can be configured to use different notification channels, with the ability to forward alerts to Opsbridge to create incidents. Instance monitoring helps identify resource utilization, and resource tagging categorizes resources for effective management. + +The session covers the use of a Terraform module for product teams, which creates Grafana organizations, users, folders, IAM roles, and dashboards for AWS services. *The product team can consume the modules by using sample telegram HCL file.* Default dashboards are provided for accounts onboarded to code, with prerequisites outlined in a readme file. Several default dashboards are offered to product teams, such as billing information dashboards that display resource utilization and EC2 dashboards that can be customized. Customized dashboards can consolidate all services into a single view, though this is typically limited to one account and one region. + +EC2 inventory dashboards, using data from Optic DR, provide a view of running and non-running EC2 instances and identify whether resources are tagged. Event dashboards display daily active events triggered by OpsBridge AWS monitoring solutions, with ongoing integration of alerts generated by Grafana. Future roadmap items include SSO authentication, reporting capabilities, URL monitoring, process monitoring, log monitoring, and integration with other products like PagerDuty and Slack Manager. + +The session concludes with a discussion of next steps and collaboration, encouraging users to leverage available dashboards and provide feedback or enhancement requests. The team also addresses questions about the cost impact of joining the service, clarifying that default metrics do not incur additional costs, but custom metrics may. + --- diff --git a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-60-monitor-aws-using-hyperscale-observability-with-grafana.md.bak b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-60-monitor-aws-using-hyperscale-observability-with-grafana.md.bak new file mode 100644 index 00000000..e8571358 --- /dev/null +++ b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-60-monitor-aws-using-hyperscale-observability-with-grafana.md.bak @@ -0,0 +1,52 @@ +--- +title: CTP Topic 60 Monitor AWS using Hyperscale Observability with Grafana +type: cloud-learning +source-type: video +category: DevOps & SRE/04_EKS +tags: + - AWS + - Grafana + - Observability + - Hyperscale + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 60_ Monitor AWS using Hyperscale Observability with Grafana.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 60 Monitor AWS using Hyperscale Observability with Grafana + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 60_ Monitor AWS using Hyperscale Observability with Grafana.mp4` + +**Type:** VIDEO | **Category:** 04_EKS + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-64-scaling-out-with-amazon-eks.md b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-64-scaling-out-with-amazon-eks.md index 7b673414..cf55d584 100644 --- a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-64-scaling-out-with-amazon-eks.md +++ b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-64-scaling-out-with-amazon-eks.md @@ -1,8 +1,8 @@ --- -title: "CTP Topic 64 Scaling out with Amazon EKS" +title: CTP Topic 64 Scaling out with Amazon EKS type: cloud-learning source-type: video -category: "DevOps & SRE/04_EKS" +category: DevOps & SRE/04_EKS tags: - AWS - EKS @@ -10,9 +10,9 @@ tags: - Scaling - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 64_ Scaling out with Amazon EKS.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 64_ Scaling out with Amazon EKS.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 64 Scaling out with Amazon EKS @@ -27,7 +27,26 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Scaling Out with Amazon EKS + +The 64th Cloud Transformation Program session covers scaling out with Amazon EKS, with a special guest presenter from AWS. The session is interactive and encourages questions, with a survey link to be shared for feedback. + +Suravpul, a senior solutions architect from AWS, discusses scaling workloads using the horizontal pod autoscaler (HPA), event-driven autoscaling with KEDA, capacity autoscaling (cluster autoscaler and Carpenter), addressing IP exhaustion, and scaling cluster components like DNS. + +The horizontal pod autoscaler (HPA) is the standard Kubernetes mechanism for scaling application workloads, using metrics to determine replica requirements. It supports CPU and memory utilization out of the box via a metrics server. Custom and external metrics, such as those from load balancers or messaging middleware, can also be used. *The horizontal pod autoscaler is going to pull the metrics and it is going to calculate how many replicas are required for your application workload.* The speaker notes that the gap between the target threshold and 100% utilization is important, and addresses flapping via period seconds and stabilization window seconds settings. HPA currently considers resource consumption only at the pod level, not at the container level. + +KEDA allows scaling application workloads based on external events, using a custom resource definition called a scaled object. It can scale applications from zero replicas, or publish metrics for the horizontal pod autoscaler to use. + +Capacity autoscaling can be achieved using Fargate or EC2 instances. For EC2 instances, cluster autoscaler or Carpenter can be used. Cluster autoscaler is tied to auto scaling groups and node groups, updating the desired capacity of the auto scaling group based on the number of pending pods. It considers CPU and memory requests, and supports mixed instances policies. *The scaling decision that is made by the cluster auto scaler, it is done on the number of pending pods in the cluster.* Auto-discovery is recommended, and changes to min/max configuration should be made at the managed node group or auto scaling group level. + +Carpenter is an open-source Kubernetes native capacity auto scaler that directly interacts with the EC2 API, offering dynamic on-demand provisioning and improved speed. It does not depend on pre-configured node groups or auto scaling groups. Carpenter uses the concept of a provisioner to define requirements for EC2 instances, matched with workload requirements using node selectors and affinity terms. Reclamation is disabled by default, so TTL or cluster consolidation must be enabled. Carpenter is recommended for clusters with varying capacity and workload requirements. + +To address IP exhaustion, switching to IPv6 addressing is recommended. If not possible, custom networking can be used with carrier-grade NAT. For IPv6, a dual-stack VPC is recommended, with nodes supporting dual-stack IP addresses but pods having only IPv6 addresses. Interaction between IPv6 pods and IPv4 destinations is configured by utilizing matting at two different layers. + +Additional considerations for scaling include enabling API server priority and fairness metrics, enabling caching and disabling compression, removing underutilized nodes, and limiting scaling spikes. Scaling the DNS component (CoreDNS) and installing node local DNS cache are also important. + +The presentation concludes by recommending the EKS best practices guides, specifically the scalability section. + --- diff --git a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-64-scaling-out-with-amazon-eks.md.bak b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-64-scaling-out-with-amazon-eks.md.bak new file mode 100644 index 00000000..7d5a0148 --- /dev/null +++ b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-64-scaling-out-with-amazon-eks.md.bak @@ -0,0 +1,52 @@ +--- +title: CTP Topic 64 Scaling out with Amazon EKS +type: cloud-learning +source-type: video +category: DevOps & SRE/04_EKS +tags: + - AWS + - EKS + - Kubernetes + - Scaling + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 64_ Scaling out with Amazon EKS.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 64 Scaling out with Amazon EKS + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 64_ Scaling out with Amazon EKS.mp4` + +**Type:** VIDEO | **Category:** 04_EKS + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-67-cloud-native-observability-using-opentelemetry.md b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-67-cloud-native-observability-using-opentelemetry.md index 8814bfea..6ff5a92c 100644 --- a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-67-cloud-native-observability-using-opentelemetry.md +++ b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-67-cloud-native-observability-using-opentelemetry.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 67 Cloud native observability using OpenTelemetry" +title: CTP Topic 67 Cloud native observability using OpenTelemetry type: cloud-learning source-type: video -category: "DevOps & SRE/04_EKS" +category: DevOps & SRE/04_EKS tags: - OpenTelemetry - Observability - Cloud-Native - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 67_ Cloud native observability using OpenTelemetry.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 67_ Cloud native observability using OpenTelemetry.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 67 Cloud native observability using OpenTelemetry @@ -26,7 +26,14 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> Surav from AWS presented a session on observability for Amazon EKS, covering the need for observability, code instrumentation using open telemetry, defining pipelines, AWS Distro for Open Telemetry collector deployment patterns, and observability deployment options on EKS and ECS. + +Observability is essential for managing complexity as systems evolve. *Building observable applications is a developer responsibility.* Key signals to collect include traces, metrics, and logs, enabling reactive and proactive troubleshooting. AWS offers native options like CloudWatch and X-Ray, alongside open-source solutions such as Yeager, Zipkin, Prometheus, and Grafana, either self-hosted or managed. The AWS Distro for Open Telemetry (ADOT) is a secure, production-ready solution with AWS-developed components, offering support for operational issues. + +Open Telemetry provides a vendor-agnostic instrumentation library, simplifying code instrumentation. The Open Telemetry collector uses receivers, processors, and exporters to manage signals. Receivers collect signals, processors transform them, and exporters send them to destinations. *A trace captures the processing time taken at individual layers in your application call stack.* ADOT includes the AWS SIG V4 extension for seamless integration with AWS services. Collecting metrics from both application and infrastructure layers allows comprehensive application views, including business-level metrics, service maps from X-Ray traces, and application logs. Correlation IDs, like the X-ray trace ID, enable deep links to trace views from log events. + +ADOT is a repackaged Open Telemetry collector with AWS-developed components. It offers receivers like Prometheus and X-ray, processors like batch and filter, and exporters like X-ray, CloudWatch, Prometheus, and EMF. In ECS deployments, the AWS ECS container metrics receiver collects infrastructure metrics, while the Prometheus remote write exporter sends metrics to Prometheus. The SIGV4 Auth extension is used for AWS API calls. ADOT can be deployed as a sidecar container or a separate task, with configurations for scraping targets and defining pipelines. Deployment patterns include sidecar, separate task, demon set, and high-availability replicas. The ADOT add-on for EKS simplifies deployment with an operator and Terraform module, including prebuilt Grafana dashboards. Costs depend on the destination service, such as metric storage for Prometheus or trace ingestion for X-ray. An observability workshop and best practices site offer further guidance. + --- diff --git a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-67-cloud-native-observability-using-opentelemetry.md.bak b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-67-cloud-native-observability-using-opentelemetry.md.bak new file mode 100644 index 00000000..9f125ffd --- /dev/null +++ b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-67-cloud-native-observability-using-opentelemetry.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 67 Cloud native observability using OpenTelemetry +type: cloud-learning +source-type: video +category: DevOps & SRE/04_EKS +tags: + - OpenTelemetry + - Observability + - Cloud-Native + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 67_ Cloud native observability using OpenTelemetry.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 67 Cloud native observability using OpenTelemetry + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 67_ Cloud native observability using OpenTelemetry.mp4` + +**Type:** VIDEO | **Category:** 04_EKS + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-70-eks-deployment-using-iac.md b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-70-eks-deployment-using-iac.md index 9531ef5b..c2c830e9 100644 --- a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-70-eks-deployment-using-iac.md +++ b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-70-eks-deployment-using-iac.md @@ -1,8 +1,8 @@ --- -title: "CTP Topic 70 EKS deployment using IAC" +title: CTP Topic 70 EKS deployment using IAC type: cloud-learning source-type: video -category: "DevOps & SRE/04_EKS" +category: DevOps & SRE/04_EKS tags: - AWS - EKS @@ -10,9 +10,9 @@ tags: - Kubernetes - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 70_ EKS deployment using IAC.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 70_ EKS deployment using IAC.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 70 EKS deployment using IAC @@ -27,7 +27,31 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## EKS Deployment Using Infrastructure As Code + +This session covers EKS cluster deployment via Infrastructure as Code (IAC), focusing on managing containers and worker nodes using the SRE EKS module. Key capabilities include cluster autoscaling, ingress controller, and custom networking. The agenda includes comparing containers and VMs, discussing EKS features, and demonstrating EKS deployment via Terraform and Service Catalog. Monitoring the EKS stack and containers for proactive alerting is also covered. + +The discussion begins with the differences between VMs and containers, highlighting the benefits of containers such as reduced boot time, memory efficiency, and portability. Kubernetes is presented as a framework for running distributed systems resiliently, automating rollouts/rollbacks, load balancing, and horizontal pod scaling. + +EKS, a managed Kubernetes service by Amazon, offers features like fully managed control planes and autoscaling worker nodes. *Zero downtime rolling deployments for worker node updates* and IAM RBAC mapping for least privilege access are implemented. The SRE EKS module integrates an ALB ingress controller for traffic management and EMI custom networking for pods to handle CIDR limitations. + +### Deployment Methods + +Two deployment methods are detailed: + +1. **Terraform:** Using a `tera-grant.scl` file, users can define environment variables, EKS cluster version, and worker node types (CPU, GPU, or default). Integration with AWS Secret Manager is included for engineering contact notifications. +2. **Service Catalog:** This method allows users to create EKS clusters via a module with version selection and worker node type configuration. It provides more control over security and permissions. + +*Service Catalog allows creating, organizing, and governing AWS resources with permission control.* + +### Custom Networking and Autoscaling + +Custom networking for pods addresses CIDR limitations by adding a virtual EMI to assign IP addresses to pods. The Kubernetes cluster autoscaler automatically scales worker nodes based on resource needs. Future implementation of Carpenter is being considered for more efficient instance type creation based on pod requirements. + +### Monitoring + +Monitoring is achieved using CloudWatch agent and FluentBit deployed as demon sets. Container Insights needs to be enabled to publish metrics to CloudWatch. The process involves applying manifest files within the cluster to set up CloudWatch logs and metrics. AWS Open Telemetry can also be used for monitoring. Centralized Grafana instances are available for visualizing metrics via templated dashboards, including an EKS-specific dashboard. + --- diff --git a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-70-eks-deployment-using-iac.md.bak b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-70-eks-deployment-using-iac.md.bak new file mode 100644 index 00000000..af249d4f --- /dev/null +++ b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-70-eks-deployment-using-iac.md.bak @@ -0,0 +1,52 @@ +--- +title: CTP Topic 70 EKS deployment using IAC +type: cloud-learning +source-type: video +category: DevOps & SRE/04_EKS +tags: + - AWS + - EKS + - IaC + - Kubernetes + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 70_ EKS deployment using IAC.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 70 EKS deployment using IAC + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 70_ EKS deployment using IAC.mp4` + +**Type:** VIDEO | **Category:** 04_EKS + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-8-implementation-of-cloud-monitoring-using-micro-focus-operations-brid.md b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-8-implementation-of-cloud-monitoring-using-micro-focus-operations-brid.md index 4eae936a..9fcf8b4b 100644 --- a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-8-implementation-of-cloud-monitoring-using-micro-focus-operations-brid.md +++ b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-8-implementation-of-cloud-monitoring-using-micro-focus-operations-brid.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 8 Implementation of Cloud monitoring using Micro Focus Operations Bridge Monitoring Sol" +title: CTP Topic 8 Implementation of Cloud monitoring using Micro Focus Operations Bridge Monitoring Sol type: cloud-learning source-type: video -category: "DevOps & SRE/04_EKS" +category: DevOps & SRE/04_EKS tags: - AWS - Monitoring - Observability - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 8_ Implementation of Cloud monitoring using Micro Focus Operations Bridge Monitoring Sol.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 8_ Implementation of Cloud monitoring using Micro Focus Operations Bridge Monitoring Sol.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 8 Implementation of Cloud monitoring using Micro Focus Operations Bridge Monitoring Sol @@ -26,7 +26,16 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Cloud Monitoring Using OBM Implementation + +The session covers the implementation of cloud monitoring using Microfocus's Operations Bridge Manager (OBM), a solution designed to address gaps in existing monitoring systems like Sitescope, especially with the increasing shift towards public cloud environments. OBM offers a dynamic monitoring solution for AWS core services, enhanced security, and improved dynamic capabilities compared to Sitescope. + +The current architecture involves data collection from various sources (infrastructure, servers, applications, hardware, and networks) using data collectors like Sitescope, HPCM, and norm, feeding into regional OBMs. These regional OBMs then send data to a global OBM, which acts as a manager of managers. The global OBM integrates with smacks, enabling the OSE team to escalate and create tickets for events. A new regional OBM setup is planned for AWS cloud monitoring in a lab landing zone environment in Frankfurt. The OBM account will be part of the digital factory landing zone, interacting with core accounts like shared, logs, and security accounts. The regional OBM collects data from different AWS accounts through an operation agent and CloudWatch API, forwarding it to the on-premise global OBM. + +The architecture includes an OBM AWS account with an OBM application, a Postgres RDS database, and a separate instance with an operation agent. The operation agent collects data using OBM management packs, specifically the AWS management pack, which instructs the agent to gather data from different accounts. *The agent uses role-based access to collect data from CloudWatch API, eliminating the need to install servers in customer accounts and share sensitive access keys.* The management pack solution uses policies to define monitoring intervals, specific metrics, and data collection from specific accounts, matching data against thresholds to trigger events. *Whenever new instances are added, policies are automatically deployed, and monitoring begins, offering dynamic monitoring capabilities.* + +For onboarding new customers, an IAM role with CloudWatch read-only access needs to be created, and the AWS account where the OBM and operation agent reside must be added to the trust relationship tab. The role ARN is then added as a policy in the OBM account's IAM role, attached to the agent node. The process involves specifying the role ARN, account ID, namespaces/services to be monitored, metrics, thresholds, monitoring frequency, and title format. The title format is enriched to provide useful information for the service center team, facilitating escalation and runbook execution. CloudWatch custom metrics can be used for metrics not exposed by default. The OBM management pack solution can monitor any public cloud vendor (Amazon, Azure, Google Cloud) and any AWS service with data exposed to CloudWatch metrics, using both metrics and logs. The solution is dynamic and customizable, with all data collected from the OBM account without requiring any installations in customer accounts. + --- diff --git a/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-8-implementation-of-cloud-monitoring-using-micro-focus-operations-brid.md.bak b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-8-implementation-of-cloud-monitoring-using-micro-focus-operations-brid.md.bak new file mode 100644 index 00000000..065bc616 --- /dev/null +++ b/knowledgebase/DevOps & SRE/04_EKS/ctp-topic-8-implementation-of-cloud-monitoring-using-micro-focus-operations-brid.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 8 Implementation of Cloud monitoring using Micro Focus Operations Bridge Monitoring Sol +type: cloud-learning +source-type: video +category: DevOps & SRE/04_EKS +tags: + - AWS + - Monitoring + - Observability + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 8_ Implementation of Cloud monitoring using Micro Focus Operations Bridge Monitoring Sol.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 8 Implementation of Cloud monitoring using Micro Focus Operations Bridge Monitoring Sol + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 8_ Implementation of Cloud monitoring using Micro Focus Operations Bridge Monitoring Sol.mp4` + +**Type:** VIDEO | **Category:** 04_EKS + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-1-of-3-compute-optimization.md b/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-1-of-3-compute-optimization.md index 38589ae5..79e930b1 100644 --- a/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-1-of-3-compute-optimization.md +++ b/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-1-of-3-compute-optimization.md @@ -11,7 +11,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions - EKS Optimization part 1 of 3 - Compute Optimization with Karpenter - 20250204_170113-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions - EKS Optimization part 1 of 3 - Compute Optimization with Karpenter - 20250204 170113-Meeting Recording @@ -24,28 +24,37 @@ status: raw --- -## 摘要 +## EKS Optimization with Carpenter -> 待转录后由 LLM 生成 +This session introduces Carpenter, an open-source compute infrastructure management tool for Kubernetes clusters, addressing challenges associated with the traditional Cluster Autoscaler. Carpenter offers native integration with Kubernetes, direct EC2 fleet API communication, and intelligent workload placement and consolidation based on cost and utilization. ---- +Key differences between Carpenter and Cluster Autoscaler: +* Carpenter integrates with Kubernetes workload scheduling constructs. +* It directly communicates with the EC2 fleet API, reducing latency. +* It provides native experiences for workload placement and node consolidation. -## 关键概念 +Two core components of Carpenter: node pools and node classes. Node pools define scheduling constraints and capacity limits, while node classes define instance provisioning details like subnets, node roles, and AMIs. -- +Carpenter supports Kubernetes scheduling constraints like node selectors, affinity, taints, tolerations, and topology spread, along with AWS placement requirements such as purchasing options, processor architectures, and availability zones. It can identify zonal requirements based on volume claims and storage classes, simplifying workload definitions compared to Cluster Autoscaler. ---- +_*Carpenter has native integration with Kubernetes and it complements the native Kubernetes spot pod scheduling constraints that is available for your workloads.*_ -## 行动项 +Carpenter natively supports spot interruptions without requiring additional components like the node termination handler. It uses EventBridge and SQS to handle spot interruption notifications, instance rebalance notifications, health events, and instance state change events. -- +Node pools can be designed for various scenarios, including single node pools, mixed compute/accelerated nodes, or isolated node pools based on cost, security, or multi-tenancy. Weighted node pools can prioritize instances based on existing commitments or reservations. ---- +Carpenter simplifies data plane management by removing pain points associated with node groups, integrating node termination handlers, and providing native integration with Kubernetes scheduling constraints. It also helps consolidate compute instances for greater cost efficiency. -## 相关视频 +_*Carpenter not only does the auto-scaling bit, but it also removes the pain points of working with node groups.*_ -> 配对视频笔记链接(生成后填入) +Carpenter can automatically upgrade AMIs or use defined AMIs, referring to the parameter store for the latest EKS optimized AMIs for the corresponding control plane version. It identifies drifts between the desired state and running machines, rolling out changes in a rolling upgrade fashion. ---- +AMI selection can be pinned to specific versions or use custom AMIs. The AMI family setting tells Carpenter what user data to inject when spinning up instances. -*最后更新: 2026-04-14* +Consolidation policies can be configured with fine-grained budgets, such as preventing consolidation during peak business hours or limiting the percentage of instances disrupted at a time. + +Carpenter publishes logs and emits Prometheus metrics for observability, with community-maintained dashboards available for visualization. + +Onboarding is simple, requiring Carpenter to be deployed on nodes not managed by Carpenter, such as a small node group or Fargate instances. Migration guides are available for migrating from Cluster Autoscaler. + +The session is the first in a series of three, with subsequent sessions covering the Bottlerocket operating system and EKS Auto Mode. diff --git a/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-1-of-3-compute-optimization.md.bak b/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-1-of-3-compute-optimization.md.bak new file mode 100644 index 00000000..38589ae5 --- /dev/null +++ b/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-1-of-3-compute-optimization.md.bak @@ -0,0 +1,51 @@ +--- +title: "Public Cloud Learning Sessions - EKS Optimization part 1 of 3 - Compute Optimization with Karpenter - 20250204 170113-Meeting Recording" +type: cloud-learning +source-type: video +category: "DevOps & SRE/04_EKS" +tags: + - AWS + - EKS + - Karpenter + - Cost-Optimization +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions - EKS Optimization part 1 of 3 - Compute Optimization with Karpenter - 20250204_170113-Meeting Recording.mp4" +audio-source: "" +status: raw +--- + +# Public Cloud Learning Sessions - EKS Optimization part 1 of 3 - Compute Optimization with Karpenter - 20250204 170113-Meeting Recording + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions - EKS Optimization part 1 of 3 - Compute Optimization with Karpenter - 20250204_170113-Meeting Recording.mp4` + +**Type:** VIDEO | **Category:** 04_EKS + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md b/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md index 8bfb1d7f..0c799259 100644 --- a/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md +++ b/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md @@ -11,7 +11,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions - EKS Optimization part 2 of 3 - Running Containers with Bottlerocket OS - 20250218_170127-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions - EKS Optimization part 2 of 3 - Running Containers with Bottlerocket OS - 20250218 170127-Meeting Recording @@ -24,28 +24,12 @@ status: raw --- -## 摘要 +## EKS Optimization: Running Containers with Water Rocket OS -> 待转录后由 LLM 生成 +This session focuses on Water Rocket OS and its benefits for running containerized workloads in EKS. Water Rocket is a Linux-based operating system designed specifically for hosting containers, differing from general-purpose OSes by including only essential components. It is free, open-source, and maintained on GitHub, with AWS as a core maintainer and sponsor. Water Rocket can be run on laptops, workstations, or in data centers, and is designed to be minimal, enforce safe updates, and be security-focused. ---- +Water Rocket is minimal because it lacks unnecessary software, drivers, and tools. It does not include a package manager, default shell interpreter, or default SSH access. Only essential kernel components are packaged into the OS image during build time. To accommodate specific workload needs like GPU resources, Water Rocket uses variants, which are combinations of platform, processor architecture, and necessary binary components. These variants are built with specific packages, drivers, and tools included. *A variant is basically a combination of platform, supported platform, the processor architecture and the necessary binary components that are supported by the processor architecture and any additional packages and drivers that are required for your specific workloads.* Configuration is managed through an API interface or Toml-formatted user data. -## 关键概念 +Safe updates are enforced through in-place updates and node replacement. In-place updates involve downloading a new image version to an inactive partition and switching the active partition upon reboot, ensuring system consistency. The data volume caches container images and can be pre-populated with images via snapshots. Security is enhanced through secure boot, cryptographic verification of the root file system using dm-verity, and an immutable root file system. The `/etc` directory is a temporary file system, and SE Linux is enabled by default in enforcing mode. *The root file system is by default immutable, you cannot change anything there.* Bottle Rocket has a dedicated CIS benchmark for hardening, and comprehensive security guidance is available. -- - ---- - -## 行动项 - -- - ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +Water Rocket integrates with EKS through optimized variants and is supported across self-managed node groups, managed node groups, and Carpenter node pools. It can be configured using tools like EKS Cuddle and Carpenter, with best practices including pinning the AMI to a specific version. diff --git a/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md.bak b/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md.bak new file mode 100644 index 00000000..8bfb1d7f --- /dev/null +++ b/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md.bak @@ -0,0 +1,51 @@ +--- +title: "Public Cloud Learning Sessions - EKS Optimization part 2 of 3 - Running Containers with Bottlerocket OS - 20250218 170127-Meeting Recording" +type: cloud-learning +source-type: video +category: "DevOps & SRE/04_EKS" +tags: + - AWS + - EKS + - Bottlerocket + - OS +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions - EKS Optimization part 2 of 3 - Running Containers with Bottlerocket OS - 20250218_170127-Meeting Recording.mp4" +audio-source: "" +status: raw +--- + +# Public Cloud Learning Sessions - EKS Optimization part 2 of 3 - Running Containers with Bottlerocket OS - 20250218 170127-Meeting Recording + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions - EKS Optimization part 2 of 3 - Running Containers with Bottlerocket OS - 20250218_170127-Meeting Recording.mp4` + +**Type:** VIDEO | **Category:** 04_EKS + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-3-of-3-introduction-to-eks-.md b/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-3-of-3-introduction-to-eks-.md index 14a0991f..c152bca0 100644 --- a/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-3-of-3-introduction-to-eks-.md +++ b/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-3-of-3-introduction-to-eks-.md @@ -10,7 +10,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions - EKS Optimization part 3 of 3 - Introduction to EKS Auto Mode - 20250304_170115-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions - EKS Optimization part 3 of 3 - Introduction to EKS Auto Mode - 20250304 170115-Meeting Recording @@ -23,28 +23,20 @@ status: raw --- -## 摘要 +## EKS Optimization: Introduction to EKS Auto Mode -> 待转录后由 LLM 生成 +This session focuses on EKS Auto Mode, the third part of a series on EKS optimization. EKS Auto Mode extends the management responsibilities of the EKS service to the data plane, managing instances, operating systems, patches, and security updates. It leverages core capabilities like Carpenter for infrastructure management, a managed EBS CSI driver for stateful workloads, and the AWS load balancer controller. ---- +Key benefits of EKS Auto Mode include increased agility, automatic consolidation, dynamic instance determination, and optimized compute costs. *With Auto Mode, a majority of the operational concerns are being managed by the ECS service.* Core capabilities are managed within instances provisioned inside the EKS account, while customers retain control over VPC infrastructure, cluster configuration, add-ons, and workload configurations. -## 关键概念 +EKS Auto Mode offers an easier interface for working with EKS, providing data plane management in addition to control plane management. It supports a wide range of EC2 instances (excluding bare metal) and is fully compatible with Kubernetes-compliant workloads. Security is enhanced through the use of the Bottle Rocket operating system and automated patch management. The core cluster capabilities are grouped under compute (Carpenter controller), networking (AWS load balancer controller), storage (EBS CSI controller), and security (pod identity associations). -- +By default, Auto Mode includes two node pools (general purpose and system) and one node class. The default node pools are immutable and configured with zero weight, allowing custom node pools to be prioritized. The general purpose node pool is locked to AMD64 architecture, while custom node pools can be defined for Graviton instances. Instances in the system node pool have a taint applied, requiring corresponding tolerations for system add-ons. ---- +Networking in Auto Mode includes Core DNS packaged with every node as a system service, VPCCNI as a system service, and Kube proxy set up in IP tables mode. Prefix delegation is enabled by default. The AWS load balancer controller is available as a core capability, using an EKS Auto Mode-specific load balancer class. The packaged CSI controller requires a storage class referring to the EBS CSI EKS provisioner. -## 行动项 +Version upgrades in Auto Mode are initiated by an operator for the control plane. *Once the control plane version gets upgraded, then the compute controller, which is running as a core capability, will identify that the control plane version has changed and it will try to pull the current AMI version for that new control plane version.* The compute controller then rolls out the new AMI across the cluster through a rolling upgrade. -- +While the controllers are managed by the EKS service, users can investigate custom resources and deploy node diagnostic CRDs. Observability can be achieved through CloudWatch agent, AWS distro for open telemetry, or other collectors. ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +For every instance spun up in an Auto Mode cluster, there is a 12% premium charged for the automatic management of those instances. diff --git a/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-3-of-3-introduction-to-eks-.md.bak b/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-3-of-3-introduction-to-eks-.md.bak new file mode 100644 index 00000000..14a0991f --- /dev/null +++ b/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-eks-optimization-part-3-of-3-introduction-to-eks-.md.bak @@ -0,0 +1,50 @@ +--- +title: "Public Cloud Learning Sessions - EKS Optimization part 3 of 3 - Introduction to EKS Auto Mode - 20250304 170115-Meeting Recording" +type: cloud-learning +source-type: video +category: "DevOps & SRE/04_EKS" +tags: + - AWS + - EKS + - Auto-Mode +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions - EKS Optimization part 3 of 3 - Introduction to EKS Auto Mode - 20250304_170115-Meeting Recording.mp4" +audio-source: "" +status: raw +--- + +# Public Cloud Learning Sessions - EKS Optimization part 3 of 3 - Introduction to EKS Auto Mode - 20250304 170115-Meeting Recording + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions - EKS Optimization part 3 of 3 - Introduction to EKS Auto Mode - 20250304_170115-Meeting Recording.mp4` + +**Type:** VIDEO | **Category:** 04_EKS + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-observability-with-opentelemetry-20240402-160113-.md b/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-observability-with-opentelemetry-20240402-160113-.md index 7859b411..516e1bc0 100644 --- a/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-observability-with-opentelemetry-20240402-160113-.md +++ b/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-observability-with-opentelemetry-20240402-160113-.md @@ -9,7 +9,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- Observability with OpenTelemetry - 20240402_160113-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions- Observability with OpenTelemetry - 20240402 160113-Meeting Recording @@ -22,28 +22,22 @@ status: raw --- -## 摘要 +## Observability with Open Telemetry -> 待转录后由 LLM 生成 +Jay Comer, Solutions Architect with AWS, presented an overview of observability with OpenTelemetry, including changes and updates within the AWS observability ecosystem since the last session a year ago. The session included a demo showing how to piece together the components and how to instrument an application with OpenTelemetry. ---- +Observability is defined as *a measure of how well internal states of a system can be inferred from knowledge of its external outputs.* These outputs include logs, metrics, and traces, which are correlated with the application's health. As systems transition to micro-service-based architectures, the observability challenge becomes more prominent due to increasing complexity. Downtime can cost significant money and effort, with Gartner estimating an average of 87 hours per year of downtime, costing $42,000 per hour. -## 关键概念 +The three signals used for observability are metrics, logs, and traces. Metrics are aggregated source statistics, logs help determine the root cause of problems, and traces provide a holistic view of a specific request within the system. A trace span includes a start time, a duration, and metadata such as a log. -- +The AWS observability landscape includes AWS native services like CloudWatch and X-Ray, as well as managed services of open-source implementations like Grafana, OpenSearch, Prometheus, and OpenTelemetry. OpenTelemetry aims to solve the problem of disparate SDKs and tooling for different components within the observability landscape by providing an instrumentation language with different SDKs per language. It offers an end-to-end implementation for making telemetry data accessible and usable and is vendor-agnostic. ---- +OpenTelemetry is a data format with support for 11 language SDKs and automates instrumentation. The OpenTelemetry collector standardizes and transforms data into the OpenTelemetry protocol (OTLP) format and exports it to different destinations. The collector includes receivers (AWS-specific or open source), processors (filtering, transformations), exporters (AWS native, open source, or third-party), and extensions (SIGV for authorization, health check). -## 行动项 +The AWS distribution for OpenTelemetry is a unified agent for collecting traces, metrics, and logs. It includes an operator that automatically instruments applications by detecting the language used and creating pre-configured OpenTelemetry collectors. Custom attributes, such as tenant IDs, can be added to OpenTelemetry items. -- +Recent announcements focused on security and compliance, scale and region expansion, and a centralized pane of glass with an improved user experience. The managed service collector for Amazon Prometheus provides a serverless, agentless scraper that automatically discovers and pulls Prometheus-compatible metrics. Log support was added to the AWS distribution for OpenTelemetry, and Amazon Managed Grafana now supports community plugins. ---- +The demo showcased a sample application running on EKS, using Fluent Bit for collecting logs and forwarding them to the OpenTelemetry container. The OpenTelemetry container collects traces and metrics from the application, sending logs, traces, and metrics to Amazon OpenSearch Service via an ingestion pipeline. The source code included Fluent Bit and OpenTelemetry YAML configuration files. *The output that Fluent Bit is sending the individual logs to is the Open Telemetry endpoint on the port 55681.* On a code level, the implementation involves importing OpenTelemetry SDKs, configuring a trace provider, and starting a span with the tracer at each point where instrumentation and request duration measurement are needed. -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +OpenSearch dashboards can display latency by trace group and an application composition map, showing where bottlenecks are appearing. diff --git a/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-observability-with-opentelemetry-20240402-160113-.md.bak b/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-observability-with-opentelemetry-20240402-160113-.md.bak new file mode 100644 index 00000000..7859b411 --- /dev/null +++ b/knowledgebase/DevOps & SRE/04_EKS/public-cloud-learning-sessions-observability-with-opentelemetry-20240402-160113-.md.bak @@ -0,0 +1,49 @@ +--- +title: "Public Cloud Learning Sessions- Observability with OpenTelemetry - 20240402 160113-Meeting Recording" +type: cloud-learning +source-type: video +category: "DevOps & SRE/04_EKS" +tags: + - OpenTelemetry + - Observability +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- Observability with OpenTelemetry - 20240402_160113-Meeting Recording.mp4" +audio-source: "" +status: raw +--- + +# Public Cloud Learning Sessions- Observability with OpenTelemetry - 20240402 160113-Meeting Recording + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- Observability with OpenTelemetry - 20240402_160113-Meeting Recording.mp4` + +**Type:** VIDEO | **Category:** 04_EKS + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/05_FinOps/ctp-topic-13-cloud-finops-micro-focus-policies-best-practices-to-optimize-the-co.md b/knowledgebase/DevOps & SRE/05_FinOps/ctp-topic-13-cloud-finops-micro-focus-policies-best-practices-to-optimize-the-co.md index 378c697f..686f7fd7 100644 --- a/knowledgebase/DevOps & SRE/05_FinOps/ctp-topic-13-cloud-finops-micro-focus-policies-best-practices-to-optimize-the-co.md +++ b/knowledgebase/DevOps & SRE/05_FinOps/ctp-topic-13-cloud-finops-micro-focus-policies-best-practices-to-optimize-the-co.md @@ -11,7 +11,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 13_ Cloud FinOps_ Micro Focus Policies _ best practices to optimize the costs.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 13 Cloud FinOps Micro Focus Policies best practices to optimize the costs @@ -20,7 +20,7 @@ status: summarized **Type:** VIDEO | **Category:** 05_FinOps -**Status:** ✅ 已完成摘要 +**Status:** ✅ 已完成(Gemini 摘要) --- diff --git a/knowledgebase/DevOps & SRE/05_FinOps/ctp-topic-27-aws-instance-scheduler.md b/knowledgebase/DevOps & SRE/05_FinOps/ctp-topic-27-aws-instance-scheduler.md index 568ba6b6..ad0bb11b 100644 --- a/knowledgebase/DevOps & SRE/05_FinOps/ctp-topic-27-aws-instance-scheduler.md +++ b/knowledgebase/DevOps & SRE/05_FinOps/ctp-topic-27-aws-instance-scheduler.md @@ -11,7 +11,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 27_ AWS Instance Scheduler.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 27 AWS Instance Scheduler @@ -20,7 +20,7 @@ status: summarized **Type:** VIDEO | **Category:** 05_FinOps -**Status:** 🟡 Awaiting Whisper transcription → Summary +**Status:** ✅ 已完成(Gemini 摘要) --- diff --git a/knowledgebase/DevOps & SRE/05_FinOps/ctp-topic-63-optimise-resource-cost-using-automation.md b/knowledgebase/DevOps & SRE/05_FinOps/ctp-topic-63-optimise-resource-cost-using-automation.md index f0c127ea..c62c4dbe 100644 --- a/knowledgebase/DevOps & SRE/05_FinOps/ctp-topic-63-optimise-resource-cost-using-automation.md +++ b/knowledgebase/DevOps & SRE/05_FinOps/ctp-topic-63-optimise-resource-cost-using-automation.md @@ -11,7 +11,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 63_ Optimise resource cost using automation.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 63 Optimise resource cost using automation @@ -20,7 +20,7 @@ status: summarized **Type:** VIDEO | **Category:** 05_FinOps -**Status:** ✅ 已完成摘要 +**Status:** ✅ 已完成(Gemini 摘要) --- diff --git a/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-best-practices-for-ec2-cost-optimization-in-aws-2.md b/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-best-practices-for-ec2-cost-optimization-in-aws-2.md index dcdc7c2a..3bf1d3f4 100644 --- a/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-best-practices-for-ec2-cost-optimization-in-aws-2.md +++ b/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-best-practices-for-ec2-cost-optimization-in-aws-2.md @@ -10,7 +10,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- Best practices for EC2 cost optimization in AWS - 20240529_160242-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions- Best practices for EC2 cost optimization in AWS - 20240529 160242-Meeting Recording @@ -23,28 +23,18 @@ status: raw --- -## 摘要 +## EC2 Cost Optimization in AWS: Best Practices -> 待转录后由 LLM 生成 +Mike Dukes and Steele Taylor, AWS experts, presented a learning session on EC2 cost optimization, covering compute efficiency, Graviton usage, EC2 spot leveraging, and cost-effective container deployments. The session emphasized interactive participation and welcomed questions. ---- +Efficiency in the cloud involves architectural best practices and leveraging AWS services and instance types for optimal workload performance. Technical advantages include high availability, elastic usage, and innovation adoption. Benefits include cost efficiency, leveraging purchase options, and reducing carbon footprint. *When we start talking about architecting and using best practice efficiency in the cloud, you effectively only pay for what you use when you use AWS.* -## 关键概念 +EC2 offers over 750 instance types tailored for various workloads. AWS's Nitro system enhances efficiency by externalizing network, storage, and security components. AWS Graviton processors provide price performance benefits. Purchase options include on-demand, savings plans, and spot instances, each suited for different workload types. -- +Graviton instances offer up to 40% better price performance than comparable x86 instances. Graviton is based on ARM64 and has extensive software support across Linux OS, ISVs, and open-source software, with sustainability benefits through reduced power consumption. AWS now offers the fourth version of Graviton. Graviton supports various instance types, including compute-optimized, memory-optimized, and general-purpose. AWS services like RDS, Aurora, and Lambda also support Graviton. Migrating to Graviton for services like RDS Aurora is relatively straightforward. *Graviton Free actually uses up to 60% less power consumption than comparable X86-based instances.* ---- +EC2 Spot instances offer up to 90% discounts compared to on-demand pricing, leveraging spare capacity. Key considerations for Spot instances include fault tolerance, flexibility, and statelessness. Diversification across instance types and availability zones is crucial for Spot usage. Spot instances can be interrupted when capacity is needed for on-demand instances, with notifications provided before termination. Integrations with AWS services like autoscaling, EKS, and ECS support automated responses to interruptions. -## 行动项 +Spot instances are suitable for web services, containers, HPC batch processing, big data, and CI/CD, while Graviton is beneficial for most of these except stateful services like databases. Spot and Graviton can be used together with containers, provided instance pools are not overly restricted. -- - ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +Spot Invaders, a fault-tolerant chaos engineering game powered by EKS and EC2 Spot, demonstrates best practices for running resilient applications on EKS while optimizing costs. The game involves shooting aliens to simulate pod failures and whales to trigger spot interruptions, showcasing the ability to maintain service availability despite disruptions. diff --git a/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-best-practices-for-ec2-cost-optimization-in-aws-2.md.bak b/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-best-practices-for-ec2-cost-optimization-in-aws-2.md.bak new file mode 100644 index 00000000..dcdc7c2a --- /dev/null +++ b/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-best-practices-for-ec2-cost-optimization-in-aws-2.md.bak @@ -0,0 +1,50 @@ +--- +title: "Public Cloud Learning Sessions- Best practices for EC2 cost optimization in AWS - 20240529 160242-Meeting Recording" +type: cloud-learning +source-type: video +category: "DevOps & SRE/05_FinOps" +tags: + - AWS + - EC2 + - Cost-Optimization +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- Best practices for EC2 cost optimization in AWS - 20240529_160242-Meeting Recording.mp4" +audio-source: "" +status: raw +--- + +# Public Cloud Learning Sessions- Best practices for EC2 cost optimization in AWS - 20240529 160242-Meeting Recording + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- Best practices for EC2 cost optimization in AWS - 20240529_160242-Meeting Recording.mp4` + +**Type:** VIDEO | **Category:** 05_FinOps + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-budget-control-20240319-160204-meeting-recording.md b/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-budget-control-20240319-160204-meeting-recording.md index 8169808a..ffeb8a8a 100644 --- a/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-budget-control-20240319-160204-meeting-recording.md +++ b/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-budget-control-20240319-160204-meeting-recording.md @@ -10,7 +10,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions - Budget Control - 20240319_160204-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions - Budget Control - 20240319 160204-Meeting Recording @@ -23,28 +23,30 @@ status: raw --- -## 摘要 +## Budget Control Automation -> 待转录后由 LLM 生成 +The SRE Core team (Daniela, Evan, and Alan) presented a learning session on budget control, a new automation providing detailed data to manage budgets and costs within AWS accounts. The session covered the new budget control's value, diagrams, detailed cost reports, AWS budget alerts/actions, and source identity implementation. ---- +The budget control automation aims to address uncontrolled AWS account sprawl and unsustainable cost reduction efforts. It provides account owners with detailed alerts, including information on account spending and cost drivers, enabling them to identify areas for cost reduction. Enforcement will involve attaching an SCP to block new resource creation. The initial scope is limited to lab accounts, with other accounts continuing to receive standard out-of-budget alerts. -## 关键概念 +An example alert email includes account details, alert details, warning messages, and detailed reports. There are four types of email alerts: forecast, actual, severe, and enforcement. The alert flow includes forecast alerts at 100% threshold with no action, and actual alerts at 80%, 90%, 95%, and 98% thresholds with escalating recipient lists. At 100%, a severe or enforcement alert is triggered based on a scoring system, with enforcement initially via manual approval and later automated. Budget increases can be requested through an Oli workflow. -- +*The source identity must be tracked.* Challenges during development included tracking source identity, customizing AWS budget alerts, choosing an enforcement method (SCP), and providing a grace period before enforcement. Budgets are evaluated every eight hours, and disabled budget actions result in no spend control until the next month. Currently, 80 lab accounts exceed their budgets, and around 100 are expected to exceed 80% of their budget threshold. ---- +The implementation will be gradual, starting with alerts only on April 1st. Manual enforcement will follow upon FinOps' approval, with automatic enforcement as the next step. -## 行动项 +## Diagrams and Detailed Cost Reports -- +Daniel discussed diagrams and cost reports attached to email alerts, explaining their creation and content. Libraries for lambdas were created to improve code visibility and simplify deployment. The *top services of recent months* report helps managers understand cost drivers, showing the percentage of budget spent on specific services over time. The *top users of current months* diagram allows account owners to monitor daily spending by users. A detailed Excel report provides granular information on resource IDs, creators, and associated costs, separated by month. ---- +*This is the first time that we were able to get to this level of granularity.* Data for the top services report is generated from Athena, while the user's diagram uses data from Cost Explorer. -## 相关视频 +## AWS Budget Alerts and Actions -> 配对视频笔记链接(生成后填入) +Alan discussed the implementation of AWS budget alerts and actions. The AWS budget service is primitive in terms of customization, so the team had to parse the bodies of the emails received from it. The budget alert system sends messages to an SNS topic, which triggers a Lambda function. The Lambda extracts data from the email and uses it to create a more detailed message. The step function enriches the data with account information, budget details, and owner/manager contacts. ---- +AWS allows actions to be applied based on alert thresholds. A budget action on 100% triggers either a severe or enforcement email, depending on the scoring system. If budget enforcement is enabled, an SCP is applied to block resource creation. The FINOPS group receives a notification and decides whether to apply the action immediately or negotiate with the account owner. -*最后更新: 2026-04-14* +The scoring system and grace period calculations aim to avoid penalizing accounts that slightly exceed their budget near the end of the month. The scoring considers account size and proximity to the end of the month. Smaller accounts have a better grace period. + +FinOps has classified accounts based on cost range. The budgets were last updated on February 23rd. The source identity attribute was implemented to track user activity within AWS accounts, even when assuming different roles. Federated logins use NetIQ access manager to authenticate users and provide access to AWS accounts. The source identity ensures that the original login identity is maintained across role changes, allowing CloudTrail and other services to track user activity accurately. diff --git a/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-budget-control-20240319-160204-presentation.md b/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-budget-control-20240319-160204-meeting-recording.md.bak similarity index 83% rename from knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-budget-control-20240319-160204-presentation.md rename to knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-budget-control-20240319-160204-meeting-recording.md.bak index 3187be67..8169808a 100644 --- a/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-budget-control-20240319-160204-presentation.md +++ b/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-budget-control-20240319-160204-meeting-recording.md.bak @@ -1,24 +1,23 @@ --- -title: "Public Cloud Learning Sessions - Budget Control - 20240319 160204-Presentation" +title: "Public Cloud Learning Sessions - Budget Control - 20240319 160204-Meeting Recording" type: cloud-learning -source-type: pptx +source-type: video category: "DevOps & SRE/05_FinOps" tags: - AWS - Budget-Control - FinOps - - Presentation date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions - Budget Control - 20240319_160204-Presentation.pptx" +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions - Budget Control - 20240319_160204-Meeting Recording.mp4" audio-source: "" status: raw --- -# Public Cloud Learning Sessions - Budget Control - 20240319 160204-Presentation +# Public Cloud Learning Sessions - Budget Control - 20240319 160204-Meeting Recording -**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions - Budget Control - 20240319_160204-Presentation.pptx` +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions - Budget Control - 20240319_160204-Meeting Recording.mp4` -**Type:** PPTX | **Category:** 05_FinOps +**Type:** VIDEO | **Category:** 05_FinOps **Status:** 🟡 Awaiting Whisper transcription → Summary diff --git a/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-reducing-cloud-costs-20250318-170100-meeting-reco.md b/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-reducing-cloud-costs-20250318-170100-meeting-reco.md index 74380523..81337e21 100644 --- a/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-reducing-cloud-costs-20250318-170100-meeting-reco.md +++ b/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-reducing-cloud-costs-20250318-170100-meeting-reco.md @@ -10,7 +10,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- Reducing Cloud Costs - 20250318_170100-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions- Reducing Cloud Costs - 20250318 170100-Meeting Recording @@ -23,28 +23,20 @@ status: raw --- -## 摘要 +## Reducing Cloud Costs -> 待转录后由 LLM 生成 +Vinay from the FINOPS team presented a session on reducing cloud costs, focusing on workload and rate optimization. The session covered modernization, right sizing, and best practices for cost reduction. ---- +### Workload Optimization via Modernization and Right Sizing -## 关键概念 +Modernization involves using newer generations of services, like EC2 instances. While there's a perception that newer instances are more expensive, the latest families are generally cheaper and offer better performance. *Whenever there's a new family launched by the hyperscale, the latest families are almost cheaper.* However, AWS has slightly changed its pricing model after M6, making M7 and M8 somewhat more expensive. Moving from Intel to AMD can save around 6-10% on on-demand prices for Windows and Linux workloads. Graviton instances can offer even greater savings (20-25% reduction in on-demand cost) for Linux workloads, combined with EDP discounts and commitment plans. -- +Upgrading storage from GP2 to GP3 offers a 20% direct cost benefit without downtime. For Amazon EKS clusters, upgrading to the latest versions is crucial to avoid extended support costs, which are significantly higher. *Rather than spending up unnecessary moment on the extended support, you can deploy additional four or five cluster, right.* Spot instances can provide up to 90% discount compared to on-demand, suitable for big data, CI/CD pipelines, web servers, and HPC. ---- +Right sizing involves identifying the correct resource configuration for workload performance and capacity needs. The EC2 right sizing recommendation report captures CPU usage, memory, and network data to provide recommendations. Configuring instance schedules is useful for non-production environments, allowing instances to be powered on/off based on business hours, potentially reducing costs to 40% of on-demand prices. Identifying and deleting idle load balancers, unassociated elastic IPs, and underutilized EBS volumes are also key to cost savings. Old snapshots and CloudWatch logs also contribute to unnecessary costs. Using cheaper regions like Oregon or North Virginia can reduce costs if there are no specific regional requirements. -## 行动项 +### Rate Optimization -- +Rate optimization involves commitment-based discounts. Hyperscalers offer discounts for committing to resource usage or spending for a term (1-3 years). There are two categories: resource-level commitment (better discount with limitations) and flexible commitment (standard discount with flexibility). AWS offers Savings Plans (EC2 and Compute) and reservations for various services like RDS, ElastiCache, and CloudFront. ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +The rate optimization workflow includes pre-work (right sizing), analysis (identifying workloads requiring 24/7 uptime), communication (sharing details with finance), approval (from account owner), and reporting (monitoring utilization). Only the Phenop's team can implement commitment plans. All commitment plans will be purchased with no upfront payment options only. The minimum transaction value is 5k per annum. diff --git a/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-reducing-cloud-costs-20250318-170100-meeting-reco.md.bak b/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-reducing-cloud-costs-20250318-170100-meeting-reco.md.bak new file mode 100644 index 00000000..74380523 --- /dev/null +++ b/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-reducing-cloud-costs-20250318-170100-meeting-reco.md.bak @@ -0,0 +1,50 @@ +--- +title: "Public Cloud Learning Sessions- Reducing Cloud Costs - 20250318 170100-Meeting Recording" +type: cloud-learning +source-type: video +category: "DevOps & SRE/05_FinOps" +tags: + - AWS + - Cost-Optimization + - FinOps +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- Reducing Cloud Costs - 20250318_170100-Meeting Recording.mp4" +audio-source: "" +status: raw +--- + +# Public Cloud Learning Sessions- Reducing Cloud Costs - 20250318 170100-Meeting Recording + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- Reducing Cloud Costs - 20250318_170100-Meeting Recording.mp4` + +**Type:** VIDEO | **Category:** 05_FinOps + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-storage-cost-optimization-20240305-160037-meeting.md b/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-storage-cost-optimization-20240305-160037-meeting.md index edd2c7b5..e449e7f3 100644 --- a/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-storage-cost-optimization-20240305-160037-meeting.md +++ b/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-storage-cost-optimization-20240305-160037-meeting.md @@ -10,7 +10,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions-Storage Cost Optimization - 20240305_160037-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions-Storage Cost Optimization - 20240305 160037-Meeting Recording @@ -23,28 +23,24 @@ status: raw --- -## 摘要 +## Storage Cost Optimization -> 待转录后由 LLM 生成 +This session covers storage cost optimization best practices across various AWS storage services: Amazon EBS, Amazon EFS, Amazon FSx, and Amazon S3. It includes an optimization example from ADM. ---- +Key points include choosing the right storage for your workload, considering API costs and data transfer costs in addition to price per gigabyte, and understanding the different tiers available within each service. -## 关键概念 +### Amazon EBS -- +EBS has SSD and HDD volumes. GP3 volumes are recommended as the default for general-purpose SSD due to being 20% more cost-effective than GP2. *With GP3, you can scale IOPS and throughput independently of the volume size.* For migration from GP2 to GP3, automation tools should be updated to create GP3 volumes by default. EBS snapshots have standard and archive tiers, with the archive tier offering 75% lower costs but higher restore times and a 90-day retention period. Automation via Data Lifecycle Management (DLM) or AWS Backup is recommended for managing snapshots, including setting retention policies and migrating to the archive tier. ---- +### Amazon EFS and FSx -## 行动项 +FSx considerations include data deduplication, compression, and tiering. EFS offers standard, one-zone, and infrequent access tiers, with lifecycle policies to move files between tiers. The infrequent tier has a minimum billable object size of 128KB. EFS archive is a new tier, similar to Glacier, with a 90-day minimum duration and a 128KB minimum billable object size. FSx for NetApp ONTAP has SSD and HDD tiers (capacity pool), with automatic tiering between them. -- +### Amazon S3 ---- +Choosing the right storage class is crucial for S3 cost optimization. S3 Standard is for frequently accessed objects, with no retrieval fees, minimum retention, or minimum billable object size. Glacier tiers (Instant Retrieval, Flexible Retrieval, Deep Archive) are for rarely accessed data, with varying retrieval times and costs. Intelligent Tiering automatically moves data between tiers based on access patterns, with no transition fees between tiers within Intelligent Tiering. *With intelligent hearing we can automatically move data from warmer to colder color storage tiers and it will be based on the object less access data.* Lifecycle policies can transition objects between tiers, expire non-current versions, and delete incomplete multi-part uploads. Data transfer charges should be considered, and PrivateLink can be leveraged to stay within the AWS network. Storage Lens, CloudWatch, S3 Inventory, and access logs can be used to monitor and optimize S3 usage. -## 相关视频 +### ADM Optimization Example -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +ADM migrated NetApp file shares from on-premises to AWS. The initial migration to OpenZFS was inefficient. A second migration to a self-managed NetApp on EC2 instances incurred high data transfer costs. The final migration to AWS FSx for NetApp ONTAP resulted in a 60% cost reduction. diff --git a/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-storage-cost-optimization-20240305-160037-meeting.md.bak b/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-storage-cost-optimization-20240305-160037-meeting.md.bak new file mode 100644 index 00000000..edd2c7b5 --- /dev/null +++ b/knowledgebase/DevOps & SRE/05_FinOps/public-cloud-learning-sessions-storage-cost-optimization-20240305-160037-meeting.md.bak @@ -0,0 +1,50 @@ +--- +title: "Public Cloud Learning Sessions-Storage Cost Optimization - 20240305 160037-Meeting Recording" +type: cloud-learning +source-type: video +category: "DevOps & SRE/05_FinOps" +tags: + - AWS + - Storage + - Cost-Optimization +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions-Storage Cost Optimization - 20240305_160037-Meeting Recording.mp4" +audio-source: "" +status: raw +--- + +# Public Cloud Learning Sessions-Storage Cost Optimization - 20240305 160037-Meeting Recording + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions-Storage Cost Optimization - 20240305_160037-Meeting Recording.mp4` + +**Type:** VIDEO | **Category:** 05_FinOps + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-15-working-with-renovatebot.md b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-15-working-with-renovatebot.md index 18b4a974..f8244091 100644 --- a/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-15-working-with-renovatebot.md +++ b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-15-working-with-renovatebot.md @@ -11,7 +11,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 15_ Working with Renovatebot.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 15 Working with Renovatebot @@ -20,7 +20,7 @@ status: summarized **Type:** VIDEO | **Category:** 06_CI_CD_GitOps -**Status:** 🟡 Awaiting Whisper transcription → Summary +**Status:** ✅ 已完成(Gemini 摘要) --- diff --git a/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-3-deploy-and-maintain-infrastructure.md b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-3-deploy-and-maintain-infrastructure.md index 8ca9d8f4..5570a284 100644 --- a/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-3-deploy-and-maintain-infrastructure.md +++ b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-3-deploy-and-maintain-infrastructure.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 3 Deploy and maintain infrastructure" +title: CTP Topic 3 Deploy and maintain infrastructure type: cloud-learning source-type: video -category: "DevOps & SRE/06_CI_CD_GitOps" +category: DevOps & SRE/06_CI_CD_GitOps tags: - IaC - Deployment - CI/CD - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 3_ Deploy and maintain infrastructure.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 3_ Deploy and maintain infrastructure.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 3 Deploy and maintain infrastructure @@ -26,7 +26,20 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Deploying and Maintaining Infrastructure + +The session focuses on deploying and maintaining infrastructure, clarifying Terraform, Terragrunt, modules, and service catalogs within the landing zone context. It emphasizes the structure of Git repositories and how Terraform and Terragrunt files interact. + +When a landing zone is provisioned, product teams are grouped, each having a landing zone and workload accounts. A product team, such as DevTools, deploys infrastructure to meet specific requirements across accounts like Artifactory and Active Directory. This involves multiple Git repositories, including the core landing zone repository, Terraform service catalog, and a product team service catalog. + +A service module consists of a main.tf file that references other repositories, grouping modules to fulfill a business requirement, such as an active directory or DNS service. *When deploying infrastructure, Terragrunt HCL files are used to reference these services, targeting specific versions rather than the master branch.* These files may include dependencies to reference values across services, favoring dependencies over reading state files. + +When referencing modules within the current codebase, a relative path can be used, but the preferred approach is to have a dedicated service catalog with a modules directory. This allows for independent release cycles and better maintainability. Modules can be used within one account, reused within a product team (in the product team service catalog), or used across product teams (in the Terraform service catalog). + +*A service is a business requirement, while a regular module is a technical requirement.* A service deploys a set of multiple modules, abstracting them. The higher up the chain, the less configuration options are available, similar to an object-oriented approach. + +Terragrunt fetches all references before running, using a Terragrunt cache directory to store cloned repositories. Terragrunt can be run at the directory level, considering dependencies, but applying without verification is discouraged. Jenkins jobs can be enhanced for debugging, and documentation should be comprehensive, referencing Gruntwork as a model. Versioning modules should follow major, minor, and patch conventions. + --- diff --git a/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-3-deploy-and-maintain-infrastructure.md.bak b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-3-deploy-and-maintain-infrastructure.md.bak new file mode 100644 index 00000000..e1ea2c86 --- /dev/null +++ b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-3-deploy-and-maintain-infrastructure.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 3 Deploy and maintain infrastructure +type: cloud-learning +source-type: video +category: DevOps & SRE/06_CI_CD_GitOps +tags: + - IaC + - Deployment + - CI/CD + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 3_ Deploy and maintain infrastructure.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 3 Deploy and maintain infrastructure + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 3_ Deploy and maintain infrastructure.mp4` + +**Type:** VIDEO | **Category:** 06_CI_CD_GitOps + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-32-using-atlantis-cicd-for-infrastructure-deployments.md b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-32-using-atlantis-cicd-for-infrastructure-deployments.md index 0462555d..58705c81 100644 --- a/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-32-using-atlantis-cicd-for-infrastructure-deployments.md +++ b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-32-using-atlantis-cicd-for-infrastructure-deployments.md @@ -1,8 +1,8 @@ --- -title: "CTP Topic 32 Using Atlantis CICD for infrastructure deployments" +title: CTP Topic 32 Using Atlantis CICD for infrastructure deployments type: cloud-learning source-type: video -category: "DevOps & SRE/06_CI_CD_GitOps" +category: DevOps & SRE/06_CI_CD_GitOps tags: - Atlantis - CI/CD @@ -10,9 +10,9 @@ tags: - Terraform - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 32_ Using Atlantis CICD for infrastructure deployments.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 32_ Using Atlantis CICD for infrastructure deployments.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 32 Using Atlantis CICD for infrastructure deployments @@ -27,7 +27,16 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Atlantis CICD: Replacing Jenkins for Infrastructure Deployments + +The presentation introduces Atlantis, a new automation tool designed for teams to collaborate on Terraform code, aiming to replace Jenkins for infrastructure deployments. Atlantis addresses the speed and complexity issues of the current pipeline. *The current pipeline is practically very slow* due to significant initialization time, multiple code cloning, sequential testing, and ECS deployer provisioning. The existing pipeline's complexity stems from continuous tweaking to integrate more features and cover edge cases, leading to fragility and drift. + +Atlantis is standalone, self-hosted, free, and open source, with an active community. It offers a better collaboration model, simplified networking, and cost savings by removing the need for numerous VPC endpoints. Atlantis applies changes before merging, ensuring code in sync with infrastructure. The workflow is simplified, allowing direct communication with Atlantis from GitHub via comments on pull requests, eliminating the need for separate accounts and integrations. + +Atlantis is hosted on a single EC2 instance in each landing zone's shared account, notified by GitHub Enterprise using webhooks. It uses service accounts to interact with GitHub, post comments, do merges, and close PRs. Cross-account access is managed through deployed key roles in each account, utilized for both simple and cross-account module deployments. User management is controlled on GitHub, and build logs are stored in comments for auditing. Atlantis enforces apply requirements, such as mergeability and peer approval, before applying changes. Auto-merge is enabled for automatic merging upon successful application. Parallel builds are supported, running plan and apply commands concurrently for multiple modules. + +Atlantis locking prevents conflicts by locking the directory of each module when a plan is run, until the pull request is merged, closed, or the plan is discarded. *When a plan is run, the directory of each module is locked until the pull request that is that has this folder locked is merged or closed, or the plan is manually discarded.* Modules and data file dependencies can be declared to trigger plans when dependencies change. Documentation, troubleshooting guides, and a list of migrated repositories are available to assist users. + --- diff --git a/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-32-using-atlantis-cicd-for-infrastructure-deployments.md.bak b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-32-using-atlantis-cicd-for-infrastructure-deployments.md.bak new file mode 100644 index 00000000..5ed941b3 --- /dev/null +++ b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-32-using-atlantis-cicd-for-infrastructure-deployments.md.bak @@ -0,0 +1,52 @@ +--- +title: CTP Topic 32 Using Atlantis CICD for infrastructure deployments +type: cloud-learning +source-type: video +category: DevOps & SRE/06_CI_CD_GitOps +tags: + - Atlantis + - CI/CD + - IaC + - Terraform + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 32_ Using Atlantis CICD for infrastructure deployments.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 32 Using Atlantis CICD for infrastructure deployments + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 32_ Using Atlantis CICD for infrastructure deployments.mp4` + +**Type:** VIDEO | **Category:** 06_CI_CD_GitOps + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-33-an-introduction-to-gitops.md b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-33-an-introduction-to-gitops.md index 0cebbf09..ff3ac208 100644 --- a/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-33-an-introduction-to-gitops.md +++ b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-33-an-introduction-to-gitops.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 33 An introduction to GitOps" +title: CTP Topic 33 An introduction to GitOps type: cloud-learning source-type: video -category: "DevOps & SRE/06_CI_CD_GitOps" +category: DevOps & SRE/06_CI_CD_GitOps tags: - GitOps - CI/CD - Git - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 33_ An introduction to GitOps.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 33_ An introduction to GitOps.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 33 An introduction to GitOps @@ -26,7 +26,28 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> Victor Etkin presents an introduction to GitOps, explaining how it complements DevOps. GitOps applies software development principles to deployment processes, potentially resolving challenges like failed deployments and configuration inconsistencies. + +Key benefits of GitOps: +* Increased developer productivity using familiar tools. +* Minimized failed deployments with easy rollback capabilities. +* Faster feature releases. +* Real-time auditing and improved security through Git's features. + +GitOps uses Git workflows, CD pipelines, and infrastructure as code. Observability is crucial for ensuring the desired and actual states align. GitOps is often used with Kubernetes but can be applied elsewhere. + +The four principles of GitOps: declarative configuration, version control, CD process separation, and incremental infrastructure implementation. Git serves as the primary tool, storing deployment infrastructure and application configurations. A GitOps controller reconciles the Git state with the actual system state. *The only tool a developer needs to know is Git.* + +The goal is full automation, with code changes deployed safely in minutes. CI and CD should be decoupled. A basic GitOps workflow for Kubernetes involves developers committing code, creating container images, storing deployment configurations in Git, monitoring changes via a GitOps agent, and rolling out images to environments. + +CI focuses on building and analyzing code, while CD focuses on deploying binaries. Separating CI and CD enhances security. CD tools can run inside container platforms like Kubernetes for added security. + +GitOps enables on-demand incremental deployment, benefiting microservices architectures. CD processes require an IDEMPOTENT platform like Kubernetes. *An IDEMPOTENT operation is one that can be applied multiple times without changing the result beyond the initial application.* + +CD processes can be implemented using push or pull models. The pull model, which monitors both Git and the target system, is recommended for GitOps. Human intervention is still needed for issues like resource failures. GitOps simplifies operations, allowing developers to focus on more valuable activities. + +GitOps is a logical evolution of DevOps, simplifying adoption and enhancing portability. Git commit logs become audit trails, streamlining compliance. + --- diff --git a/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-33-an-introduction-to-gitops.md.bak b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-33-an-introduction-to-gitops.md.bak new file mode 100644 index 00000000..22c8dcbe --- /dev/null +++ b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-33-an-introduction-to-gitops.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 33 An introduction to GitOps +type: cloud-learning +source-type: video +category: DevOps & SRE/06_CI_CD_GitOps +tags: + - GitOps + - CI/CD + - Git + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 33_ An introduction to GitOps.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 33 An introduction to GitOps + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 33_ An introduction to GitOps.mp4` + +**Type:** VIDEO | **Category:** 06_CI_CD_GitOps + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-56-automated-infrastructure-testing.md b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-56-automated-infrastructure-testing.md index 1f62d78b..40d6e189 100644 --- a/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-56-automated-infrastructure-testing.md +++ b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-56-automated-infrastructure-testing.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 56 Automated infrastructure testing" +title: CTP Topic 56 Automated infrastructure testing type: cloud-learning source-type: video -category: "DevOps & SRE/06_CI_CD_GitOps" +category: DevOps & SRE/06_CI_CD_GitOps tags: - Testing - IaC - Automation - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 56_ Automated infrastructure testing.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 56_ Automated infrastructure testing.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 56 Automated infrastructure testing @@ -26,7 +26,22 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Automated Infrastructure Testing + +Mark Francis discusses automated infrastructure testing, emphasizing its value and practical application for engineers. The session aims to provide actionable insights for immediate use. + +Key points covered: + +* Integration tests are crucial for validating deployed infrastructure functionality, going beyond syntax checks to ensure the actual deployment matches expectations. +* *I think the bottom quote, just I think let's leave the repetitive things for the computers to do and use our brains for the complex human things.* +* TerraTest, a Golang library, automates the apply-test-destroy cycle, streamlining testing processes. +* Test-driven development (TDD) involves writing tests before implementing features, ensuring focused development and building a comprehensive test suite. +* A new workflow is proposed, integrating test writing as a primary step and removing manual validation, aiming for automated validation suites and increased confidence in deployments. + +The presentation introduces TerraTest and its role in automating infrastructure testing. It highlights a repository with basic examples, demonstrating how TerraTest applies Terraform configurations, validates outputs, and destroys resources. The benefits of this approach include automating manual checks, testing complex modules, and increasing confidence in code changes. + +The discussion also covers the challenges of infrastructure testing, such as time investment and the maturity of testing tools. However, it argues that the long-term benefits, including reduced bugs and increased confidence, outweigh the initial difficulties. The session concludes with a proposed workflow that integrates testing as a core component of infrastructure development, emphasizing the importance of treating tests as first-class citizens. *I'm just extending the value of putting stuff as code.* + --- diff --git a/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-56-automated-infrastructure-testing.md.bak b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-56-automated-infrastructure-testing.md.bak new file mode 100644 index 00000000..0d9773d4 --- /dev/null +++ b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/ctp-topic-56-automated-infrastructure-testing.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 56 Automated infrastructure testing +type: cloud-learning +source-type: video +category: DevOps & SRE/06_CI_CD_GitOps +tags: + - Testing + - IaC + - Automation + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 56_ Automated infrastructure testing.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 56 Automated infrastructure testing + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 56_ Automated infrastructure testing.mp4` + +**Type:** VIDEO | **Category:** 06_CI_CD_GitOps + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/public-cloud-learning-sessions-ollie-workflow-and-the-demand-process-20240416-16.md b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/public-cloud-learning-sessions-ollie-workflow-and-the-demand-process-20240416-16.md index b74c8db9..907a5f64 100644 --- a/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/public-cloud-learning-sessions-ollie-workflow-and-the-demand-process-20240416-16.md +++ b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/public-cloud-learning-sessions-ollie-workflow-and-the-demand-process-20240416-16.md @@ -10,7 +10,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- Ollie Workflow and The Demand Process - 20240416_160113-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions- Ollie Workflow and The Demand Process - 20240416 160113-Meeting Recording @@ -23,28 +23,16 @@ status: raw --- -## 摘要 +## Oli Workflow and Demand Process -> 待转录后由 LLM 生成 +The session covers the Oli workflow process for hyperscaler spend approval, demand management, and request fulfillment. The current mandate requires written approval from MUI or Shannon for any hyperscaler spend, regardless of the amount, for engineering lab space or commercial workload space. The Oli workflow process is being transitioned to the FinOps team under Tom Bice, who are working on integrating it into SMACs. ---- +The base instructions for lab requests, commercial requests, and the general OLLI form guide are available in Confluence. *If justification details are not provided, requests are subject to immediate rejection.* The workflow process includes reviews by the presenter, the requester's manager, M5, lab services director, infrastructure M5, cloud services infrastructure, cloud services, and finally, approval by Shannon or Muwe. The requester is responsible for advocating for their workflow to be approved. -## 关键概念 +The request form pulls employee name and manager information from the corporate AD. The VP M5 level within their reporting structure requires validation that the workflow is properly requested, legitimate, raised for the right project and resourcing, and is budgeted. The organization is selected from a dropdown. Cost center information can be found in Talent Central. The workflow is geared towards engineering, with requests for budgetary review every six months. A critical field is whether the request is a budget increase or a new lab space. The cloud provider is selected, and if it's a budget increase, the existing account name is required. The project type is selected from a dropdown list. The region requested must be on the active regions list. Justification questions are submitted in the comment section. -- +The proposed workflow involves three steps: feasibility validation by FinOps, technical feasibility validation by cloud services, and budget availability validation by the FPNA team. The workflow then goes through the requester's leadership, manager, M5 VP level, and finally, the engineering chief product officers VP. The Oli system allows users to view their assignments and generate in-flight CSV reports. The reports provide information on workflow statuses, requesters, cost centers, monthly costs, and the current step in the process. ---- +The ITIL framework divides business processes into service strategy, design, transition, operation, and improvement phases. The approval process is the first stage of request fulfillment. A master catalog of combined cloud products is being developed. Demand management is necessary to balance requests against available capacity. The OpenText way of fulfilling cloud requests is a request submission process. -## 行动项 - -- - ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +The end-to-end process includes the approval stage, demand management, and definition work. Business units can submit requests directly into Octane or through a Qixi interface. The goal is to simplify the process for business units to identify and request services from the catalog. The master catalog of products and services will be embedded within SMACS. The Enterprise Iton project for the standard OT SMACS tenant is on hold. The ADM and ITOM Demand Planning Meetings capture what is needed, how many are required, and the release they are required in. The goal is for business units to self-select what they need 80% of the time. *Machines should do what machines can do, enabling an automated fulfillment process.* diff --git a/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/public-cloud-learning-sessions-ollie-workflow-and-the-demand-process-20240416-16.md.bak b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/public-cloud-learning-sessions-ollie-workflow-and-the-demand-process-20240416-16.md.bak new file mode 100644 index 00000000..b74c8db9 --- /dev/null +++ b/knowledgebase/DevOps & SRE/06_CI_CD_GitOps/public-cloud-learning-sessions-ollie-workflow-and-the-demand-process-20240416-16.md.bak @@ -0,0 +1,50 @@ +--- +title: "Public Cloud Learning Sessions- Ollie Workflow and The Demand Process - 20240416 160113-Meeting Recording" +type: cloud-learning +source-type: video +category: "DevOps & SRE/06_CI_CD_GitOps" +tags: + - Workflow + - Demand-Process + - Agile +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- Ollie Workflow and The Demand Process - 20240416_160113-Meeting Recording.mp4" +audio-source: "" +status: raw +--- + +# Public Cloud Learning Sessions- Ollie Workflow and The Demand Process - 20240416 160113-Meeting Recording + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- Ollie Workflow and The Demand Process - 20240416_160113-Meeting Recording.mp4` + +**Type:** VIDEO | **Category:** 06_CI_CD_GitOps + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/07_Security/ctp-topic-21-supply-chain-security-in-micro-focus.md b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-21-supply-chain-security-in-micro-focus.md index 1580e267..2c28d85d 100644 --- a/knowledgebase/DevOps & SRE/07_Security/ctp-topic-21-supply-chain-security-in-micro-focus.md +++ b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-21-supply-chain-security-in-micro-focus.md @@ -10,7 +10,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 21_ Supply Chain Security in Micro Focus.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 21 Supply Chain Security in Micro Focus @@ -19,7 +19,7 @@ status: summarized **Type:** VIDEO | **Category:** 07_Security -**Status:** 🟡 Awaiting Whisper transcription → Summary +**Status:** ✅ 已完成(Gemini 摘要) --- diff --git a/knowledgebase/DevOps & SRE/07_Security/ctp-topic-24-micro-focus-product-privacy-framework.md b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-24-micro-focus-product-privacy-framework.md index 3308aa36..01c58a81 100644 --- a/knowledgebase/DevOps & SRE/07_Security/ctp-topic-24-micro-focus-product-privacy-framework.md +++ b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-24-micro-focus-product-privacy-framework.md @@ -11,7 +11,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 24_ Micro Focus Product Privacy Framework.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 24 Micro Focus Product Privacy Framework @@ -20,7 +20,7 @@ status: summarized **Type:** VIDEO | **Category:** 07_Security -**Status:** 🟡 Awaiting Whisper transcription → Summary +**Status:** ✅ 已完成(Gemini 摘要) --- diff --git a/knowledgebase/DevOps & SRE/07_Security/ctp-topic-37-secrets-certificates-management.md b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-37-secrets-certificates-management.md index 2f965d70..132cfc1d 100644 --- a/knowledgebase/DevOps & SRE/07_Security/ctp-topic-37-secrets-certificates-management.md +++ b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-37-secrets-certificates-management.md @@ -1,8 +1,8 @@ --- -title: "CTP Topic 37 Secrets Certificates Management" +title: CTP Topic 37 Secrets Certificates Management type: cloud-learning source-type: video -category: "DevOps & SRE/07_Security" +category: DevOps & SRE/07_Security tags: - AWS - Secrets-Manager @@ -10,9 +10,9 @@ tags: - Security - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 37_ Secrets _ Certificates Management.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 37_ Secrets _ Certificates Management.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 37 Secrets Certificates Management @@ -27,7 +27,16 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Secrets Management + +This session covers secrets management, including the tools and methods for managing digital authentication credentials, secrets, passwords, keys, APIs, and tokens for application services, privileged accounts, and other sensitive parts of the IT ecosystem. The cloud transformation program requires standardization of secrets management as workloads move to the public cloud. In March 2022, CCLE was assigned to explore Micro Focus use cases and evaluate potential secrets management solutions. + +The evaluation included AWS Secrets Manager, HashiCorp Vault, and Micro Focus PAM by CyberArk. AWS Secrets Manager is a managed service with built-in integration for AWS RDS, Redshift, and DynamoDB, supporting high availability and DR, with costs based on usage. HashiCorp Vault (Enterprise version) is self-hosted, cloud vendor agnostic, and supports on-demand dynamic secrets and embedded signing of certificates, with costs based on the number of users. Micro Focus PAM was found to require significant investment to be competitive and was not pursued due to a lack of investment plans. + +*We've started a pilot with AWS Secrets Manager, which lasted 30 days.* The pilot phase included HashiCorp Vault and AWS Secrets Manager. The HashiCorp Vault pilot used the freeware version and found it lacking in enterprise capabilities like high availability and multi-tenancy. The AWS Secrets Manager pilot validated out-of-the-box features and identified missing features such as SSH key rotation and user integration password rotation. *AWS Secrets Manager is easy and simple to implement.* + +AWS Secrets Manager was chosen as the secrets management solution for Micro Focus. The implementation phase involves removing clear text passwords and keys from CI/CD processes, starting with Control Tower. The process includes centralizing secrets in Secrets Manager, cleaning repositories, and automating secret retrieval. AWS manages secrets at the account level, which can reduce costs and increase security. + --- diff --git a/knowledgebase/DevOps & SRE/07_Security/ctp-topic-37-secrets-certificates-management.md.bak b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-37-secrets-certificates-management.md.bak new file mode 100644 index 00000000..fc6c9522 --- /dev/null +++ b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-37-secrets-certificates-management.md.bak @@ -0,0 +1,52 @@ +--- +title: CTP Topic 37 Secrets Certificates Management +type: cloud-learning +source-type: video +category: DevOps & SRE/07_Security +tags: + - AWS + - Secrets-Manager + - Certificates + - Security + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 37_ Secrets _ Certificates Management.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 37 Secrets Certificates Management + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 37_ Secrets _ Certificates Management.mp4` + +**Type:** VIDEO | **Category:** 07_Security + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/07_Security/ctp-topic-49-container-lifecycle-hardening-standards.md b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-49-container-lifecycle-hardening-standards.md index e311de02..733ca723 100644 --- a/knowledgebase/DevOps & SRE/07_Security/ctp-topic-49-container-lifecycle-hardening-standards.md +++ b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-49-container-lifecycle-hardening-standards.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 49 Container Lifecycle Hardening Standards" +title: CTP Topic 49 Container Lifecycle Hardening Standards type: cloud-learning source-type: video -category: "DevOps & SRE/07_Security" +category: DevOps & SRE/07_Security tags: - Container - Security - Hardening - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 49_ Container Lifecycle Hardening Standards.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 49_ Container Lifecycle Hardening Standards.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 49 Container Lifecycle Hardening Standards @@ -26,7 +26,1014 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Container Lifecycle Hardening Standards + +This session, led by Ashish from the Product Security Group, covers Micro Focus security standards for container lifecycle hardening. The focus is on building containers, with deploying and running containers to be covered in a subsequent session. The goal is to provide practical guidance, highlighting risks and mitigations, supplemented by demos. + +[slide:1] +[slide:2] +[slide:3] + +The scope of the hardening standards document defines security standards for the building, deploying, and running stages of the container lifecycle. The presentation aims to simplify the detailed document, providing an introduction to the standards, associated risks, and mitigation strategies, along with demos. + +[slide:4] + +The session focuses on 11 standards for building container images: + +* Start from a Micro Focus base image. +* Use an init system. +* Ensure images do not contain sensitive information. +* Use a read-only container file system. +* Use empty volume for temporary file systems having system information. +* Image scanning for vulnerability source inspection. +* Ensure containers run a single application. +* Disable access to Kubernetes API. +* Use private service account and our namespace role and role binding. +* Avoid use of host networking. +* Avoid use of host port. + +[slide:5] +[slide:6] + +### Key Standards and Mitigations + +**Micro Focus Base Image:** Use Micro Focus base images instead of default images to avoid vulnerabilities associated with open-source default images. *Use micro focus base image which are configured to be secure with non and trust weighted components.* + +**Init System:** Employ an init system like *teeny* to handle signals and prevent zombie processes, which can exhaust resources. A demo illustrated how *teeny* prevents zombie processes in Kubernetes. + +**Sensitive Information:** Avoid including sensitive data in container images. Instead, use secret management capabilities like Kubernetes secrets and fetch the information during runtime. + +**Read-Only File System:** Implement a read-only container file system to protect against malicious attacks. A demo showed how setting the *readOnlyRootFilesystem* flag to *true* prevents unauthorized file creation. + +**Empty Volume:** Use emptyDir volumes for temporary files with sensitive information, instead of host paths, to ensure data is cleaned up when the pod is removed. + +**Image Scanning:** Utilize image scanning tools to identify vulnerabilities and mitigate potential issues. + +**Single Application:** Run only one application per container to prevent process interference if one application is compromised. *If one application is compromised process in one application can interfere with the process of other application in the same container.* + +**Kubernetes API Access:** Disable access to the Kubernetes API within containers unless necessary, to limit the impact of potential compromises. This can be achieved by setting *automountServiceAccountToken* to *false*. + +**Private Service Account:** Use private service accounts with specific roles instead of default service accounts to control permissions and minimize privilege escalation. + +**Host Networking and Ports:** Avoid using host networking and host ports to prevent port conflicts and maintain network isolation. + +[slide:7] +[slide:8] +[slide:9] +[slide:10] +[slide:11] +[slide:12] +[slide:13] +[slide:14] +[slide:15] +[slide:16] +[slide:17] +[slide:18] +[slide:19] +[slide:20] +[slide:21] +[slide:22] +[slide:23] +[slide:24] +[slide:25] +[slide:26] +[slide:27] +[slide:28] +[slide:29] +[slide:30] +[slide:31] +[slide:32] +[slide:33] +[slide:34] +[slide:35] +[slide:36] +[slide:37] +[slide:38] +[slide:39] +[slide:40] +[slide:41] +[slide:42] +[slide:43] +[slide:44] +[slide:45] +[slide:46] +[slide:47] +[slide:48] +[slide:49] +[slide:50] +[slide:51] +[slide:52] +[slide:53] +[slide:54] +[slide:55] +[slide:56] +[slide:57] +[slide:58] +[slide:59] +[slide:60] +[slide:61] +[slide:62] +[slide:63] +[slide:64] +[slide:65] +[slide:66] +[slide:67] +[slide:68] +[slide:69] +[slide:70] +[slide:71] +[slide:72] +[slide:73] +[slide:74] +[slide:75] +[slide:76] +[slide:77] +[slide:78] +[slide:79] +[slide:80] +[slide:81] +[slide:82] +[slide:83] +[slide:84] +[slide:85] +[slide:86] +[slide:87] +[slide:88] +[slide:89] +[slide:90] +[slide:91] +[slide:92] +[slide:93] +[slide:94] +[slide:95] +[slide:96] +[slide:97] +[slide:98] +[slide:99] +[slide:100] +[slide:101] +[slide:102] +[slide:103] +[slide:104] +[slide:105] +[slide:106] +[slide:107] +[slide:108] +[slide:109] +[slide:110] +[slide:111] +[slide:112] +[slide:113] +[slide:114] +[slide:115] +[slide:116] +[slide:117] +[slide:118] +[slide:119] +[slide:120] +[slide:121] +[slide:122] +[slide:123] +[slide:124] +[slide:125] +[slide:126] +[slide:127] +[slide:128] +[slide:129] +[slide:130] +[slide:131] +[slide:132] +[slide:133] +[slide:134] +[slide:135] +[slide:136] +[slide:137] +[slide:138] +[slide:139] +[slide:140] +[slide:141] +[slide:142] +[slide:143] +[slide:144] +[slide:145] +[slide:146] +[slide:147] +[slide:148] +[slide:149] +[slide:150] +[slide:151] +[slide:152] +[slide:153] +[slide:154] +[slide:155] +[slide:156] +[slide:157] +[slide:158] +[slide:159] +[slide:160] +[slide:161] +[slide:162] +[slide:163] +[slide:164] +[slide:165] +[slide:166] +[slide:167] +[slide:168] +[slide:169] +[slide:170] +[slide:171] +[slide:172] +[slide:173] +[slide:174] +[slide:175] +[slide:176] +[slide:177] +[slide:178] +[slide:179] +[slide:180] +[slide:181] +[slide:182] +[slide:183] +[slide:184] +[slide:185] +[slide:186] +[slide:187] +[slide:188] +[slide:189] +[slide:190] +[slide:191] +[slide:192] +[slide:193] +[slide:194] +[slide:195] +[slide:196] +[slide:197] +[slide:198] +[slide:199] +[slide:200] +[slide:201] +[slide:202] +[slide:203] +[slide:204] +[slide:205] +[slide:206] +[slide:207] +[slide:208] +[slide:209] +[slide:210] +[slide:211] +[slide:212] +[slide:213] +[slide:214] +[slide:215] +[slide:216] +[slide:217] +[slide:218] +[slide:219] +[slide:220] +[slide:221] +[slide:222] +[slide:223] +[slide:224] +[slide:225] +[slide:226] +[slide:227] +[slide:228] +[slide:229] +[slide:230] +[slide:231] +[slide:232] +[slide:233] +[slide:234] +[slide:235] +[slide:236] +[slide:237] +[slide:238] +[slide:239] +[slide:240] +[slide:241] +[slide:242] +[slide:243] +[slide:244] +[slide:245] +[slide:246] +[slide:247] +[slide:248] +[slide:249] +[slide:250] +[slide:251] +[slide:252] +[slide:253] +[slide:254] +[slide:255] +[slide:256] +[slide:257] +[slide:258] +[slide:259] +[slide:260] +[slide:261] +[slide:262] +[slide:263] +[slide:264] +[slide:265] +[slide:266] +[slide:267] +[slide:268] +[slide:269] +[slide:270] +[slide:271] +[slide:272] +[slide:273] +[slide:274] +[slide:275] +[slide:276] +[slide:277] +[slide:278] +[slide:279] +[slide:280] +[slide:281] +[slide:282] +[slide:283] +[slide:284] +[slide:285] +[slide:286] +[slide:287] +[slide:288] +[slide:289] +[slide:290] +[slide:291] +[slide:292] +[slide:293] +[slide:294] +[slide:295] +[slide:296] +[slide:297] +[slide:298] +[slide:299] +[slide:300] +[slide:301] +[slide:302] +[slide:303] +[slide:304] +[slide:305] +[slide:306] +[slide:307] +[slide:308] +[slide:309] +[slide:310] +[slide:311] +[slide:312] +[slide:313] +[slide:314] +[slide:315] +[slide:316] +[slide:317] +[slide:318] +[slide:319] +[slide:320] +[slide:321] +[slide:322] +[slide:323] +[slide:324] +[slide:325] +[slide:326] +[slide:327] +[slide:328] +[slide:329] +[slide:330] +[slide:331] +[slide:332] +[slide:333] +[slide:334] +[slide:335] +[slide:336] +[slide:337] +[slide:338] +[slide:339] +[slide:340] +[slide:341] +[slide:342] +[slide:343] +[slide:344] +[slide:345] +[slide:346] +[slide:347] +[slide:348] +[slide:349] +[slide:350] +[slide:351] +[slide:352] +[slide:353] +[slide:354] +[slide:355] +[slide:356] +[slide:357] +[slide:358] +[slide:359] +[slide:360] +[slide:361] +[slide:362] +[slide:363] +[slide:364] +[slide:365] +[slide:366] +[slide:367] +[slide:368] +[slide:369] +[slide:370] +[slide:371] +[slide:372] +[slide:373] +[slide:374] +[slide:375] +[slide:376] +[slide:377] +[slide:378] +[slide:379] +[slide:380] +[slide:381] +[slide:382] +[slide:383] +[slide:384] +[slide:385] +[slide:386] +[slide:387] +[slide:388] +[slide:389] +[slide:390] +[slide:391] +[slide:392] +[slide:393] +[slide:394] +[slide:395] +[slide:396] +[slide:397] +[slide:398] +[slide:399] +[slide:400] +[slide:401] +[slide:402] +[slide:403] +[slide:404] +[slide:405] +[slide:406] +[slide:407] +[slide:408] +[slide:409] +[slide:410] +[slide:411] +[slide:412] +[slide:413] +[slide:414] +[slide:415] +[slide:416] +[slide:417] +[slide:418] +[slide:419] +[slide:420] +[slide:421] +[slide:422] +[slide:423] +[slide:424] +[slide:425] +[slide:426] +[slide:427] +[slide:428] +[slide:429] +[slide:430] +[slide:431] +[slide:432] +[slide:433] +[slide:434] +[slide:435] +[slide:436] +[slide:437] +[slide:438] +[slide:439] +[slide:440] +[slide:441] +[slide:442] +[slide:443] +[slide:444] +[slide:445] +[slide:446] +[slide:447] +[slide:448] +[slide:449] +[slide:450] +[slide:451] +[slide:452] +[slide:453] +[slide:454] +[slide:455] +[slide:456] +[slide:457] +[slide:458] +[slide:459] +[slide:460] +[slide:461] +[slide:462] +[slide:463] +[slide:464] +[slide:465] +[slide:466] +[slide:467] +[slide:468] +[slide:469] +[slide:470] +[slide:471] +[slide:472] +[slide:473] +[slide:474] +[slide:475] +[slide:476] +[slide:477] +[slide:478] +[slide:479] +[slide:480] +[slide:481] +[slide:482] +[slide:483] +[slide:484] +[slide:485] +[slide:486] +[slide:487] +[slide:488] +[slide:489] +[slide:490] +[slide:491] +[slide:492] +[slide:493] +[slide:494] +[slide:495] +[slide:496] +[slide:497] +[slide:498] +[slide:499] +[slide:500] +[slide:501] +[slide:502] +[slide:503] +[slide:504] +[slide:505] +[slide:506] +[slide:507] +[slide:508] +[slide:509] +[slide:510] +[slide:511] +[slide:512] +[slide:513] +[slide:514] +[slide:515] +[slide:516] +[slide:517] +[slide:518] +[slide:519] +[slide:520] +[slide:521] +[slide:522] +[slide:523] +[slide:524] +[slide:525] +[slide:526] +[slide:527] +[slide:528] +[slide:529] +[slide:530] +[slide:531] +[slide:532] +[slide:533] +[slide:534] +[slide:535] +[slide:536] +[slide:537] +[slide:538] +[slide:539] +[slide:540] +[slide:541] +[slide:542] +[slide:543] +[slide:544] +[slide:545] +[slide:546] +[slide:547] +[slide:548] +[slide:549] +[slide:550] +[slide:551] +[slide:552] +[slide:553] +[slide:554] +[slide:555] +[slide:556] +[slide:557] +[slide:558] +[slide:559] +[slide:560] +[slide:561] +[slide:562] +[slide:563] +[slide:564] +[slide:565] +[slide:566] +[slide:567] +[slide:568] +[slide:569] +[slide:570] +[slide:571] +[slide:572] +[slide:573] +[slide:574] +[slide:575] +[slide:576] +[slide:577] +[slide:578] +[slide:579] +[slide:580] +[slide:581] +[slide:582] +[slide:583] +[slide:584] +[slide:585] +[slide:586] +[slide:587] +[slide:588] +[slide:589] +[slide:590] +[slide:591] +[slide:592] +[slide:593] +[slide:594] +[slide:595] +[slide:596] +[slide:597] +[slide:598] +[slide:599] +[slide:600] +[slide:601] +[slide:602] +[slide:603] +[slide:604] +[slide:605] +[slide:606] +[slide:607] +[slide:608] +[slide:609] +[slide:610] +[slide:611] +[slide:612] +[slide:613] +[slide:614] +[slide:615] +[slide:616] +[slide:617] +[slide:618] +[slide:619] +[slide:620] +[slide:621] +[slide:622] +[slide:623] +[slide:624] +[slide:625] +[slide:626] +[slide:627] +[slide:628] +[slide:629] +[slide:630] +[slide:631] +[slide:632] +[slide:633] +[slide:634] +[slide:635] +[slide:636] +[slide:637] +[slide:638] +[slide:639] +[slide:640] +[slide:641] +[slide:642] +[slide:643] +[slide:644] +[slide:645] +[slide:646] +[slide:647] +[slide:648] +[slide:649] +[slide:650] +[slide:651] +[slide:652] +[slide:653] +[slide:654] +[slide:655] +[slide:656] +[slide:657] +[slide:658] +[slide:659] +[slide:660] +[slide:661] +[slide:662] +[slide:663] +[slide:664] +[slide:665] +[slide:666] +[slide:667] +[slide:668] +[slide:669] +[slide:670] +[slide:671] +[slide:672] +[slide:673] +[slide:674] +[slide:675] +[slide:676] +[slide:677] +[slide:678] +[slide:679] +[slide:680] +[slide:681] +[slide:682] +[slide:683] +[slide:684] +[slide:685] +[slide:686] +[slide:687] +[slide:688] +[slide:689] +[slide:690] +[slide:691] +[slide:692] +[slide:693] +[slide:694] +[slide:695] +[slide:696] +[slide:697] +[slide:698] +[slide:699] +[slide:700] +[slide:701] +[slide:702] +[slide:703] +[slide:704] +[slide:705] +[slide:706] +[slide:707] +[slide:708] +[slide:709] +[slide:710] +[slide:711] +[slide:712] +[slide:713] +[slide:714] +[slide:715] +[slide:716] +[slide:717] +[slide:718] +[slide:719] +[slide:720] +[slide:721] +[slide:722] +[slide:723] +[slide:724] +[slide:725] +[slide:726] +[slide:727] +[slide:728] +[slide:729] +[slide:730] +[slide:731] +[slide:732] +[slide:733] +[slide:734] +[slide:735] +[slide:736] +[slide:737] +[slide:738] +[slide:739] +[slide:740] +[slide:741] +[slide:742] +[slide:743] +[slide:744] +[slide:745] +[slide:746] +[slide:747] +[slide:748] +[slide:749] +[slide:750] +[slide:751] +[slide:752] +[slide:753] +[slide:754] +[slide:755] +[slide:756] +[slide:757] +[slide:758] +[slide:759] +[slide:760] +[slide:761] +[slide:762] +[slide:763] +[slide:764] +[slide:765] +[slide:766] +[slide:767] +[slide:768] +[slide:769] +[slide:770] +[slide:771] +[slide:772] +[slide:773] +[slide:774] +[slide:775] +[slide:776] +[slide:777] +[slide:778] +[slide:779] +[slide:780] +[slide:781] +[slide:782] +[slide:783] +[slide:784] +[slide:785] +[slide:786] +[slide:787] +[slide:788] +[slide:789] +[slide:790] +[slide:791] +[slide:792] +[slide:793] +[slide:794] +[slide:795] +[slide:796] +[slide:797] +[slide:798] +[slide:799] +[slide:800] +[slide:801] +[slide:802] +[slide:803] +[slide:804] +[slide:805] +[slide:806] +[slide:807] +[slide:808] +[slide:809] +[slide:810] +[slide:811] +[slide:812] +[slide:813] +[slide:814] +[slide:815] +[slide:816] +[slide:817] +[slide:818] +[slide:819] +[slide:820] +[slide:821] +[slide:822] +[slide:823] +[slide:824] +[slide:825] +[slide:826] +[slide:827] +[slide:828] +[slide:829] +[slide:830] +[slide:831] +[slide:832] +[slide:833] +[slide:834] +[slide:835] +[slide:836] +[slide:837] +[slide:838] +[slide:839] +[slide:840] +[slide:841] +[slide:842] +[slide:843] +[slide:844] +[slide:845] +[slide:846] +[slide:847] +[slide:848] +[slide:849] +[slide:850] +[slide:851] +[slide:852] +[slide:853] +[slide:854] +[slide:855] +[slide:856] +[slide:857] +[slide:858] +[slide:859] +[slide:860] +[slide:861] +[slide:862] +[slide:863] +[slide:864] +[slide:865] +[slide:866] +[slide:867] +[slide:868] +[slide:869] +[slide:870] +[slide:871] +[slide:872] +[slide:873] +[slide:874] +[slide:875] +[slide:876] +[slide:877] +[slide:878] +[slide:879] +[slide:880] +[slide:881] +[slide:882] +[slide:883] +[slide:884] +[slide:885] +[slide:886] +[slide:887] +[slide:888] +[slide:889] +[slide:890] +[slide:891] +[slide:892] +[slide:893] +[slide:894] +[slide:895] +[slide:896] +[slide:897] +[slide:898] +[slide:899] +[slide:900] +[slide:901] +[slide:902] +[slide:903] +[slide:904] +[slide:905] +[slide:906] +[slide:907] +[slide:908] +[slide:909] +[slide:910] +[slide:911] +[slide:912] +[slide:913] +[slide:914] +[slide:915] +[slide:916] +[slide:917] +[slide:918] +[slide:919] +[slide:920] +[slide:921] +[slide:922] +[slide:923] +[slide:924] +[slide:925] +[slide:926] +[slide:927] +[slide:928] +[slide:929] +[slide:930] +[slide:931] +[slide:932] +[slide:933] +[slide:934] +[slide:935] +[slide:936] +[slide:937] +[slide:938] +[slide:939] +[slide:940] +[slide:941] +[slide:942] +[slide:943] +[slide:944] +[slide:945] +[slide:946] +[slide:947] +[slide:948] +[slide:949] +[slide:950] +[slide:951] +[slide:952] +[slide:953] +[slide:954] +[slide:955] +[slide:956] +[slide:957] +[slide:958] +[slide:959] +[slide:960] +[slide:961] +[slide:96 + --- diff --git a/knowledgebase/DevOps & SRE/07_Security/ctp-topic-49-container-lifecycle-hardening-standards.md.bak b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-49-container-lifecycle-hardening-standards.md.bak new file mode 100644 index 00000000..a04c8268 --- /dev/null +++ b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-49-container-lifecycle-hardening-standards.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 49 Container Lifecycle Hardening Standards +type: cloud-learning +source-type: video +category: DevOps & SRE/07_Security +tags: + - Container + - Security + - Hardening + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 49_ Container Lifecycle Hardening Standards.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 49 Container Lifecycle Hardening Standards + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 49_ Container Lifecycle Hardening Standards.mp4` + +**Type:** VIDEO | **Category:** 07_Security + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/07_Security/ctp-topic-52-3-lines-of-defence-3lod-framework-cloud-security-posture-management.md b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-52-3-lines-of-defence-3lod-framework-cloud-security-posture-management.md index 65898ebf..6638a101 100644 --- a/knowledgebase/DevOps & SRE/07_Security/ctp-topic-52-3-lines-of-defence-3lod-framework-cloud-security-posture-management.md +++ b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-52-3-lines-of-defence-3lod-framework-cloud-security-posture-management.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 52 3 Lines of Defence (3LoD) framework Cloud Security Posture Management (CSPM)" +title: CTP Topic 52 3 Lines of Defence (3LoD) framework Cloud Security Posture Management (CSPM) type: cloud-learning source-type: video -category: "DevOps & SRE/07_Security" +category: DevOps & SRE/07_Security tags: - Security - CSPM - 3LoD - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 52_ 3 Lines of Defence (3LoD) framework _ Cloud Security Posture Management (CSPM).mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 52_ 3 Lines of Defence (3LoD) framework _ Cloud Security Posture Management (CSPM).mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 52 3 Lines of Defence (3LoD) framework Cloud Security Posture Management (CSPM) @@ -26,7 +26,20 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Three Lines of the Fence Framework and Cloud Security Posture Management + +Coyote, Head of Enterprise Application Security, discussed the three lines of defense model and cloud security posture management. The three lines of defense model was approved by ELT mid-year and serves as the organization's go-to model. + +The previous fragmented security models with multiple security teams and policies led to an audit that recommended a better framework for clear roles and responsibilities. The first line of defense is the business units, responsible for implementing and managing security controls in their areas. The second line is the group's office, responsible for policies, incident response, and cyber tooling, acting as advisors to the first line. The third line involves auditing to ensure the first and second lines are compliant, providing assurance to the business. *The key organization drivers are regulatory compliance, centralized platform, cloud migration, baseline controls, and greater security response coverage.* + +Key organizational drivers include regulatory compliance, a centralized platform, cloud migration, baseline controls, and improved security response. Work streams implemented as a result include policy review and consolidation, incident response engagement, development of cybersecurity risk and control metrics, cybersecurity tools review, and security architecture standards and patterns. The cloud architecture pattern aims to be agnostic, reusable, and applicable across AWS, Azure, and GCP environments, developed with input from BU leads. + +Cloud security posture management (CSPM) addresses siloed management and the lack of a central view of public cloud security posture, which led to incidents and prolonged response times. A CSPM should consolidate misconfigurations from multiple cloud accounts into a single platform, provide compliance framework views (CIS, NIST, ISO), and allow custom policies. Core features include discovery, monitoring, assessment, and protection. Cloud Guard was selected after a POC of two vendors. + +Cloud Guard's core features include posture management, asset management, network configuration exploration, event management, identity management, and intelligence. *Cloud Guard provides the ability to assess the compliance of public cloud accounts.* It uses built-in and custom rule sets, manages assets in onboarded cloud environments, visualizes network policies, and offers in-depth views of security groups. The system also provides intelligence by ingesting cloud trail logs and applying rules to detect anomalies and potential issues. + +New accounts are onboarded into Cloud Guard as part of the creation process, ensuring comprehensive coverage and application of relevant rulesets. The organization is working to improve prevention rates by enforcing rules and enhancing visibility, aiming to minimize the gap between deviations and corrections. The speaker also addressed questions about log aggregation, the decommissioning of CCYE guard rails, and how teams are adapting to alerts from the CSPM. + --- diff --git a/knowledgebase/DevOps & SRE/07_Security/ctp-topic-52-3-lines-of-defence-3lod-framework-cloud-security-posture-management.md.bak b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-52-3-lines-of-defence-3lod-framework-cloud-security-posture-management.md.bak new file mode 100644 index 00000000..e34b3338 --- /dev/null +++ b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-52-3-lines-of-defence-3lod-framework-cloud-security-posture-management.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 52 3 Lines of Defence (3LoD) framework Cloud Security Posture Management (CSPM) +type: cloud-learning +source-type: video +category: DevOps & SRE/07_Security +tags: + - Security + - CSPM + - 3LoD + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 52_ 3 Lines of Defence (3LoD) framework _ Cloud Security Posture Management (CSPM).mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 52 3 Lines of Defence (3LoD) framework Cloud Security Posture Management (CSPM) + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 52_ 3 Lines of Defence (3LoD) framework _ Cloud Security Posture Management (CSPM).mp4` + +**Type:** VIDEO | **Category:** 07_Security + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/07_Security/ctp-topic-55-aws-firewall-manager.md b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-55-aws-firewall-manager.md index 55233843..116565d7 100644 --- a/knowledgebase/DevOps & SRE/07_Security/ctp-topic-55-aws-firewall-manager.md +++ b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-55-aws-firewall-manager.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 55 AWS Firewall Manager" +title: CTP Topic 55 AWS Firewall Manager type: cloud-learning source-type: video -category: "DevOps & SRE/07_Security" +category: DevOps & SRE/07_Security tags: - AWS - Firewall-Manager - Security - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 55_ AWS Firewall Manager.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 55_ AWS Firewall Manager.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 55 AWS Firewall Manager @@ -26,7 +26,29 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## AWS Firewall Manager + +AWS Firewall Manager is a management service to centrally configure firewall rules and security rules across accounts and applications within organizations. It provides a dashboard view of compliant and non-compliant resources, with options for auto-remediation. It offers features for WAF, network firewall, and AWS Shield, with a focus on managing security groups. + +The primary reasons for adopting Firewall Manager in Grand Torque Landing Zone are to address the challenges of managing security policies across multiple landing zones (RLABS, R&D, SAS, CAT) with varying security requirements. Initially, LAPS Landing Zone used Checkpoint Firewall with wide-open security group rules. However, the production SAS Landing Zone, which serves external customers via public subnets, necessitated additional security rules to protect against traffic not scanned by Checkpoint. *We have gone through these policies and we come up with some baseline security groups.* + +The rollout process involves creating security group policies in the Firewall Manager account, specifying the target accounts or OUs, and applying the baseline security groups to existing and new instances. This approach centralizes management, reduces the time spent rolling out security policies, and addresses issues related to shared services like QALIS, which scans instances in product accounts. Firewall Manager uses AWS Config and Lambda to trigger events and enforce policies. + +There are three types of firewall security policies: +* **Common security groups:** Attaches baseline security groups while allowing product teams to add their own. +* **Audit and enforcement security group rules:** Denies over-permissive rules, offering options for manual action or auto-remediation. +* A third type cleans up unused redundant security groups. + +Prerequisites for setting up Firewall Manager include administrator access within the OU and AWS Config enabled in all accounts. Security groups are created in specific VPCs and regions, and prefix lists are used to easily share and update rules across accounts using RAM (Resource Access Manager). *RAM is like it's a tool available within this AWS where you can specify or you can share your AWS resources to any other account that you wanted to specify.* + +The Firewall Manager account is separate and not tied to any specific landing zone, enabling cross-landing zone deployment. A pipeline, such as the Atlantis server in the digital factory landing zone, is used to deploy changes to the Firewall Manager. The service manages security policies and can be used across different landing zones. The prefix list facilitates sharing security group rules. + +For SAS landing zone accounts, all security groups will be applied as baseline security groups. Two security groups will be created in the policy: one for common shared prefix lists and another for allowing shared account CIDR to reach instances. Before rollout, product teams will be engaged to address any concerns. + +Firewall Manager can also manage WAF rules, allowing for baseline rules to be rolled out from the Firewall Manager while letting product teams add additional rule sets. + +A demo was conducted to show the creation of a common security group policy via Terraform and TerraGrant code, demonstrating how it attaches to EC2 instances automatically. The demo involved creating a security policy in the Firewall Manager account and associating it with a playground production account. The policy included a rule allowing SSH traffic. The security group was automatically attached to an existing EC2 server in the playground account. A new EC2 instance was created, and the security group was automatically attached to it as well. Deleting the policy in the Firewall Manager account automatically removed the security group from the instances. + --- diff --git a/knowledgebase/DevOps & SRE/07_Security/ctp-topic-55-aws-firewall-manager.md.bak b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-55-aws-firewall-manager.md.bak new file mode 100644 index 00000000..0ff223fa --- /dev/null +++ b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-55-aws-firewall-manager.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 55 AWS Firewall Manager +type: cloud-learning +source-type: video +category: DevOps & SRE/07_Security +tags: + - AWS + - Firewall-Manager + - Security + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 55_ AWS Firewall Manager.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 55 AWS Firewall Manager + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 55_ AWS Firewall Manager.mp4` + +**Type:** VIDEO | **Category:** 07_Security + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/07_Security/ctp-topic-62-aws-secrets-manager.md b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-62-aws-secrets-manager.md index 4b3228a5..3bcfb7b7 100644 --- a/knowledgebase/DevOps & SRE/07_Security/ctp-topic-62-aws-secrets-manager.md +++ b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-62-aws-secrets-manager.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 62 AWS Secrets Manager" +title: CTP Topic 62 AWS Secrets Manager type: cloud-learning source-type: video -category: "DevOps & SRE/07_Security" +category: DevOps & SRE/07_Security tags: - AWS - Secrets-Manager - Security - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 62_ AWS Secrets Manager.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 62_ AWS Secrets Manager.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 62 AWS Secrets Manager @@ -26,7 +26,20 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## AWS Secrets Manager + +This session is a follow-up to a session held in July of the previous year. The presenters are Nurit and Daniel. The session covers a summary of the previous learning session, introduces the AWS Secrets Management Standard document, shares implementation opportunities, and provides GitHub links. + +The previous session covered the journey of choosing a secrets management platform, with a POC phase for both HashiCorp Vault and AWS Secrets Manager. AWS Secrets Manager was chosen as the more cost-effective solution. *AWS Secrets Manager is easy and simple to implement.* Missing features can be developed in multiple languages. The next steps included removing clear text passwords and keys from the CI/CD process of Control Tower, sharing code and documentation, and providing an AWS Secrets Management standard document for managing Secrets. + +The standard document started as a best practices document and became the standard document for Secrets Management in public cloud. It is based on the implementation done with Control Tower and is aligned with general best practices. The document covers how to use AWS Secrets Manager correctly, with a phased approach: centralize the Secrets, adjust automations to retrieve the Secrets, and then start with secret rotation. *With that idea, developers actually do not need to have direct access to their Secrets.* The document also outlines the advantages and drawbacks of using AWS Secrets Manager, including cost information, and provides recommendations for Lambda usage and opportunities for custom Secrets management solutions. + +Implementation opportunities include improving Control Tower stacks, Oracle DB user password rotation for Control Tower Dev Database, and a POC for a centralized mail service to support send grid key rotation without application restart. The phase approach involves centralizing secrets, automating retrieval, and rotation. Daniel provides a deep understanding of how those opportunities were implemented. Centralizing and working with microservices helps with physical improvement, false isolation, program and language agnostic development, easier deployment, visibility, faster time to market, and the ability to experiment. + +The Control Tower stacks were redesigned to centralize parameters and secrets, ensuring that all stacks use the same secret. The database team collaborated to improve password rotation, removing the need to send passwords via email. The new system grants access to the secret by roles through AWS credentials. The solution uses a Lambda function to connect to the Oracle instance and perform the rotation. The centralized email service of Sendgrid aims to solve the problem of multiple teams needing to rotate the Sendgrid API, which often requires code changes and application restarts. The proposed solution centralizes the SMTP service and rotation, offering the service to all teams. The solution involves rotating keys for Sangrid, with the ability to auto-rotate keys or escalate permissions. The SMTP service solution provides the SMTP server on port 1025, allowing accounts to consume the service without being aware of the backend. + +Victor demoed logging into an Oracle database without knowing the password, using a JDBC wrapper and AWS SDK to retrieve secrets from Secrets Manager. The username is controlled by the role and access. Secrets can be tagged for classification and access control. AWS Secrets Manager does not require clients, unlike HashiCorp Vault. + --- diff --git a/knowledgebase/DevOps & SRE/07_Security/ctp-topic-62-aws-secrets-manager.md.bak b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-62-aws-secrets-manager.md.bak new file mode 100644 index 00000000..a9bfb1c7 --- /dev/null +++ b/knowledgebase/DevOps & SRE/07_Security/ctp-topic-62-aws-secrets-manager.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 62 AWS Secrets Manager +type: cloud-learning +source-type: video +category: DevOps & SRE/07_Security +tags: + - AWS + - Secrets-Manager + - Security + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 62_ AWS Secrets Manager.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 62 AWS Secrets Manager + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 62_ AWS Secrets Manager.mp4` + +**Type:** VIDEO | **Category:** 07_Security + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/07_Security/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md b/knowledgebase/DevOps & SRE/07_Security/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md index b0aa5be5..ec999771 100644 --- a/knowledgebase/DevOps & SRE/07_Security/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md +++ b/knowledgebase/DevOps & SRE/07_Security/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md @@ -10,7 +10,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- GIS Security Policies - 20241015_160257-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions (OpenText)- GIS Security Policies - 20241015 160257-Meeting Recording @@ -23,28 +23,29 @@ status: raw --- -## 摘要 +## GIS Security Policies -> 待转录后由 LLM 生成 +The public Cloud Learning session on GIS security policies was presented by Mike and Ed from the Global Information Security Team (GIS). The session covered an overview of the teams in GIS and security policies. ---- +GIS is a pillared organization with classic security elements. Key teams include: -## 关键概念 +* Security Operations: Keeps the lights on and provides reassurance when issues arise. +* Compliance: Facilitates certifications and ensures adherence to policies. +* Governance, Risk, and Validation: Manages risk, oversees admin roles, and conducts quarterly reviews. +* Privacy Group: A recent addition, still being integrated into the organization. -- +Open Text uses a layered approach to security, collaborating with various teams to define *what* needs to be done, while working with other teams to determine *how*. The organization has a large compliance offering, certified across multiple industries and government entities. Certifications like FedRAMP enable sales into various verticals. ---- +To prove its claims, Open Text conducts annual third-party tests, including tabletop exercises for incident and breach readiness, consistently scoring in the top tier. Red teaming exercises are also performed to evaluate the organization without prior knowledge. Advanced threat assessments and internal/third-party pen testing are regularly conducted. Customer audits are performed, sometimes leading to remediation activities. -## 行动项 +Tool components are used proactively to monitor environments, along with detection and threat hunting combined with threat intelligence and pen testing. The organization has a large SIM implementation, processing 225 billion log rugs monthly, triaging around 350 cases a month. Open Text leverages its own tools like BrightCloud as a feed into threat intelligence. -- +Open Text's posture framework is based on ISO 27001, recently updated in 2022 with 11 new control aspects. The organization has a supporting library for its Global Information Security Policy (GISP), reviewed quarterly with leadership. Awareness of security is raised through communications and campaigns, focusing on continuous improvement and awareness. ---- +The overarching policy is the Global Information Security Policy, supported by various policies. Policies define *what* needs to be done, while providing flexibility for *how* it is implemented. Feedback is encouraged for continuous improvement. -## 相关视频 +A security awareness program includes monthly communications and fishing exercises. The focus is on how many people report suspicious activity. A team works with sales and legal to review customer requests, handling opportunities worth over $100 million a month. They also work on contractual wording to ensure realistic commitments. Presentations are given to customers to reassure them about Open Text's security maturity. -> 配对视频笔记链接(生成后填入) +The speaker views policies as foundational elements, with operations, tools, and processes built on that framework. The GIS budget and procurement process is managed, along with M&A due diligence. An AI knowledge tool is being developed to provide easy access to policy information and customer responses. A risk organization is being overseen by the compliance area. A GIS Validations team performs access management and reviews. A privacy operations team is being integrated into governance and compliance areas. A business continuity team ensures awareness of global events that could impact Open Text employees. ---- - -*最后更新: 2026-04-14* +The main services of the operations team include Cyber Response Center, Security Assurance, Threat Intelligence, Cloud Security, and Security Tools and Engineering. The compliance organization focuses on compliance program management, security roadmap, product risk assessments, continuous compliance and audit delivery, enablement and automation, and program delivery for federal authorizations. diff --git a/knowledgebase/DevOps & SRE/07_Security/public-cloud-learning-sessions-opentext-gis-security-policies-important-informat.md b/knowledgebase/DevOps & SRE/07_Security/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md.bak similarity index 69% rename from knowledgebase/DevOps & SRE/07_Security/public-cloud-learning-sessions-opentext-gis-security-policies-important-informat.md rename to knowledgebase/DevOps & SRE/07_Security/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md.bak index c3555f29..b0aa5be5 100644 --- a/knowledgebase/DevOps & SRE/07_Security/public-cloud-learning-sessions-opentext-gis-security-policies-important-informat.md +++ b/knowledgebase/DevOps & SRE/07_Security/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md.bak @@ -1,24 +1,23 @@ --- -title: "Public Cloud Learning Sessions (OpenText)- GIS Security Policies important information - 20241015 160257" +title: "Public Cloud Learning Sessions (OpenText)- GIS Security Policies - 20241015 160257-Meeting Recording" type: cloud-learning -source-type: pptx +source-type: video category: "DevOps & SRE/07_Security" tags: - OpenText - Security-Policies - GIS - - Presentation date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- GIS Security Policies important information - 20241015_160257.pptx" +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- GIS Security Policies - 20241015_160257-Meeting Recording.mp4" audio-source: "" status: raw --- -# Public Cloud Learning Sessions (OpenText)- GIS Security Policies important information - 20241015 160257 +# Public Cloud Learning Sessions (OpenText)- GIS Security Policies - 20241015 160257-Meeting Recording -**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- GIS Security Policies important information - 20241015_160257.pptx` +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- GIS Security Policies - 20241015_160257-Meeting Recording.mp4` -**Type:** PPTX | **Category:** 07_Security +**Type:** VIDEO | **Category:** 07_Security **Status:** 🟡 Awaiting Whisper transcription → Summary diff --git a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-18-wide-area-networking-in-aws-cloud.md b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-18-wide-area-networking-in-aws-cloud.md index 6418ea40..ec47ca86 100644 --- a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-18-wide-area-networking-in-aws-cloud.md +++ b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-18-wide-area-networking-in-aws-cloud.md @@ -11,7 +11,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 18_ Wide Area Networking in AWS Cloud.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 18 Wide Area Networking in AWS Cloud @@ -20,7 +20,7 @@ status: summarized **Type:** VIDEO | **Category:** 08_Networking -**Status:** 🟡 Awaiting Whisper transcription → Summary +**Status:** ✅ 已完成(Gemini 摘要) --- diff --git a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-19-configuring-dns-within-aws-lzs.md b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-19-configuring-dns-within-aws-lzs.md index b0651469..5d1ababf 100644 --- a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-19-configuring-dns-within-aws-lzs.md +++ b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-19-configuring-dns-within-aws-lzs.md @@ -11,7 +11,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 19_ Configuring DNS within AWS LZs.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 19 Configuring DNS within AWS LZs @@ -20,7 +20,7 @@ status: summarized **Type:** VIDEO | **Category:** 08_Networking -**Status:** 🟡 Awaiting Whisper transcription → Summary +**Status:** ✅ 已完成(Gemini 摘要) --- diff --git a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-22-global-dns-service-offerings.md b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-22-global-dns-service-offerings.md index 5b0d11e1..57e60340 100644 --- a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-22-global-dns-service-offerings.md +++ b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-22-global-dns-service-offerings.md @@ -10,7 +10,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 22_ Global DNS service offerings.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 22 Global DNS service offerings @@ -19,7 +19,7 @@ status: summarized **Type:** VIDEO | **Category:** 08_Networking -**Status:** 🟡 Awaiting Whisper transcription → Summary +**Status:** ✅ 已完成(Gemini 摘要) --- diff --git a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-31-network-segregation-and-secure-access-to-the-new-aws-landing-zones.md b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-31-network-segregation-and-secure-access-to-the-new-aws-landing-zones.md index f8274d8b..e8ac150e 100644 --- a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-31-network-segregation-and-secure-access-to-the-new-aws-landing-zones.md +++ b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-31-network-segregation-and-secure-access-to-the-new-aws-landing-zones.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 31 Network segregation and secure access to the new AWS landing zones" +title: CTP Topic 31 Network segregation and secure access to the new AWS landing zones type: cloud-learning source-type: video -category: "DevOps & SRE/08_Networking" +category: DevOps & SRE/08_Networking tags: - AWS - Network-Security - Landing-Zone - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 31_ Network segregation and secure access to the new AWS landing zones.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 31_ Network segregation and secure access to the new AWS landing zones.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 31 Network segregation and secure access to the new AWS landing zones @@ -26,7 +26,16 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Network Segregation and Secure Access to AWS Landing Zones + +The primary driver for this initiative is to address security concerns related to internal systems accessing production workloads in the new AWS landing zones. Currently, on-prem systems and VPN users have access due to shared network configurations, raising security and compliance issues. The goal is to segregate network access while maintaining necessary access for run teams. + +The proposed solution involves two main parts: network segregation and secure access. Network segregation will be implemented using checkpoints to control server-to-server communications and block direct access from internal networks to AWS segments. *The SPI features will be enabled with default deny enabled and allowances made for require services and network segments into the landing zones.* Secure access will be facilitated through AWS Systems Manager (SSM), which provides remote access via a browser-based session or AWS CLI, eliminating the need for VPN. + +Authenticated users will assume roles granting access to the SSM agent on the target EC2 instance, leveraging existing access controls. This approach offers enhanced security with two-factor authentication and a secure connection within the AWS network. While this solution is considered temporary or a backup until SD-WAN is implemented, it offers cost and speed advantages by removing reliance on third-party management. *SSM gives users remote access via a browser based session.* The implementation is in progress, with testing planned to address urgent security risks associated with production workloads on AWS landing zones. + +Concerns were raised about the SSM agent's presence in all AWS-derived AMIs, with some suggesting it may need explicit installation on certain systems. The long-term goal is to move towards infrastructure as code to minimize console access and enhance security, with break-glass access reserved for emergencies. The current solution doesn't address credential theft but isolates the network. A question was raised about how users with multiple accounts for different roles can use SSM, as the current setup is designed for individual accounts. This edge case will be examined further. + --- diff --git a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-31-network-segregation-and-secure-access-to-the-new-aws-landing-zones.md.bak b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-31-network-segregation-and-secure-access-to-the-new-aws-landing-zones.md.bak new file mode 100644 index 00000000..a33c9c6b --- /dev/null +++ b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-31-network-segregation-and-secure-access-to-the-new-aws-landing-zones.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 31 Network segregation and secure access to the new AWS landing zones +type: cloud-learning +source-type: video +category: DevOps & SRE/08_Networking +tags: + - AWS + - Network-Security + - Landing-Zone + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 31_ Network segregation and secure access to the new AWS landing zones.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 31 Network segregation and secure access to the new AWS landing zones + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 31_ Network segregation and secure access to the new AWS landing zones.mp4` + +**Type:** VIDEO | **Category:** 08_Networking + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-36-sendgrid-as-an-email-service.md b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-36-sendgrid-as-an-email-service.md index 59674c83..75ff3185 100644 --- a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-36-sendgrid-as-an-email-service.md +++ b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-36-sendgrid-as-an-email-service.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 36 SendGrid as an email service" +title: CTP Topic 36 SendGrid as an email service type: cloud-learning source-type: video -category: "DevOps & SRE/08_Networking" +category: DevOps & SRE/08_Networking tags: - SendGrid - Email - AWS - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 36_ SendGrid as an email service.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 36_ SendGrid as an email service.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 36 SendGrid as an email service @@ -26,7 +26,18 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Cloud Transformation Program: SendGrid Email Service & Cyber Suite Standards + +The Cloud Transformation Program session covered the adoption of SendGrid as a standard email service and provided an update on Cyber Suite standards. Rejoy Ganapati and Rajiv presented SendGrid, while Yu-Yan provided the Cyber Suite update. + +SendGrid is being adopted as the standard email service for both classic and new landing zones, replacing the existing semantic message gateway and SES solutions. The existing semantic message gateway has security concerns because it relays mail to the public internet through port 25, which is not secure. Additionally, the relay servers are not compatible with cloud environments and are hosted on a soon-to-be-decommissioned on-premises network. The current SES setup has a limitation of only 50 recipients per message. + +SendGrid overcomes these issues by allowing up to 1,000 recipients per message and being fully cloud-compatible. *Almost 30 billion emails per month customers are already used across the whole country.* It offers real-time monitoring logs, two-factor authentication, and end-to-end encryption using TLS. The support plan covers 5 million emails per month. Two architectures are available: direct sending to SendGrid (requires TLS) and relaying via servers for applications lacking TLS support. *We were looking for the maximum number of recipients per message.* Data flow involves relay servers in various locations (London, India, Tokyo, etc.) sending mail through private circuits to a US-based data center for processing. + +Key configuration requirements for direct sending include using the software.microcopy.com domain, connectivity to smtp.sendgrid.net on port 587, and TLS enablement. Domain-specific email blocking is not supported, and the sender email address must use the software.microcopy.com domain. Email logs are retained for seven days, and API keys are rotated every 180 days for security. SPF and DKIM records are essential for valid email sending to avoid emails landing in junk folders or being rejected. + +Yu-Yan from PSAC provided an update on Cyber Suite standards, presenting an updated version of the standard Cyber Suite documentation. The updated documentation includes a list of Cyber Suites considered standard by different industry standards like FIPS, Java, Golang, Node.js, and OpenCel for CNC++. An optional Cyber Suite is available for backward compatibility, but it includes CBC (Cipher Block Chaining) which is considered weak. For more choices, products can select cyphers from different portions, including K exchange, authentication, encryption, and hash. It is recommended that products using cyphers outside the standard and optional suites be reviewed by the PSAC team. + --- diff --git a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-36-sendgrid-as-an-email-service.md.bak b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-36-sendgrid-as-an-email-service.md.bak new file mode 100644 index 00000000..cac53426 --- /dev/null +++ b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-36-sendgrid-as-an-email-service.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 36 SendGrid as an email service +type: cloud-learning +source-type: video +category: DevOps & SRE/08_Networking +tags: + - SendGrid + - Email + - AWS + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 36_ SendGrid as an email service.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 36 SendGrid as an email service + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 36_ SendGrid as an email service.mp4` + +**Type:** VIDEO | **Category:** 08_Networking + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-43-vmware-cloud-on-aws.md b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-43-vmware-cloud-on-aws.md index 9527518f..58b9a336 100644 --- a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-43-vmware-cloud-on-aws.md +++ b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-43-vmware-cloud-on-aws.md @@ -1,8 +1,8 @@ --- -title: "CTP Topic 43 VMware Cloud on AWS" +title: CTP Topic 43 VMware Cloud on AWS type: cloud-learning source-type: video -category: "DevOps & SRE/08_Networking" +category: DevOps & SRE/08_Networking tags: - VMware - AWS @@ -10,9 +10,9 @@ tags: - Hybrid-Cloud - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 43_ VMware Cloud on AWS.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 43_ VMware Cloud on AWS.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 43 VMware Cloud on AWS @@ -27,7 +27,27 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## VMware Cloud on AWS: An Introduction + +The Cloud Transformation Office program hosted a session on VMware Cloud on AWS (VMC on AWS), presented by Brian Reeves, Michael Riley, and Mike Armstrong from VMware. The session aimed to provide an understanding of VMC on AWS and its potential benefits for organizations. + +VMware and AWS partnered to enable vSphere workloads on Amazon's backend servers, offering a middle ground for organizations not ready for a full native cloud migration. *This allows applications to move back and forth in seconds.* VMC on AWS provides access to AWS services and aims to be economical. The presenters covered use cases, cost benefits, and a technical demonstration of the platform. + +Mike O'Reilly, a staff cloud solutions architect at VMware, explained that VMC on AWS is a jointly engineered cloud service where the VMware hypervisor is natively installed on AWS hardware. *This is not just something where VMware showed up at Amazon and dropped off a box of CDs.* VMC on AWS is running vSphere 8 and provides access to AWS services with low latency. VMware and Amazon manage the underlying infrastructure, allowing users to focus on their workloads. The service is available across multiple regions and availability zones globally. + +Key features and benefits include: +* Same toolset as on-premises environments. +* Integration with AWS services. +* On-demand scalability. +* Any-to-any vSphere migration using HCX. +* Various use cases such as next-generation application development, cloud migrations, virtual desktops, and disaster recovery. + +The service is available in numerous regions worldwide and has various certifications for security and compliance. The infrastructure is built on i3.metal and i3en.metal server hosts from Amazon, which are organized into clusters within availability zones and regions. Stretched clusters across availability zones are also possible for increased resilience. + +A live demo showcased the VMware Cloud service portal, including the Developer Center with API Explorer for various APIs. The demo also showed how to create a new software-defined data center (SDDC) and manage the environment through vCenter, similar to on-premises setups. A follow-me help button provides access to VMware engineers for assistance. + +Brian Reeves discussed the economics of VMC on AWS, highlighting that VMware sells an entire host, enabling over-provisioning and cost reduction. VMC on AWS offers a 27% cost saving compared to going to a regular cloud. The cloud economics team can perform a Total Cost of Ownership (TCO) calculation to compare costs with on-premises or other hyperscalers. + --- diff --git a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-43-vmware-cloud-on-aws.md.bak b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-43-vmware-cloud-on-aws.md.bak new file mode 100644 index 00000000..6a5d0deb --- /dev/null +++ b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-43-vmware-cloud-on-aws.md.bak @@ -0,0 +1,52 @@ +--- +title: CTP Topic 43 VMware Cloud on AWS +type: cloud-learning +source-type: video +category: DevOps & SRE/08_Networking +tags: + - VMware + - AWS + - Networking + - Hybrid-Cloud + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 43_ VMware Cloud on AWS.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 43 VMware Cloud on AWS + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 43_ VMware Cloud on AWS.mp4` + +**Type:** VIDEO | **Category:** 08_Networking + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-45-automatic-ip-address-allocation-with-ipam.md b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-45-automatic-ip-address-allocation-with-ipam.md index bf241581..1a0c2f42 100644 --- a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-45-automatic-ip-address-allocation-with-ipam.md +++ b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-45-automatic-ip-address-allocation-with-ipam.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 45 Automatic IP address allocation with IPAM" +title: CTP Topic 45 Automatic IP address allocation with IPAM type: cloud-learning source-type: video -category: "DevOps & SRE/08_Networking" +category: DevOps & SRE/08_Networking tags: - AWS - IPAM - Networking - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 45_ Automatic IP address allocation with IPAM.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 45_ Automatic IP address allocation with IPAM.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 45 Automatic IP address allocation with IPAM @@ -26,7 +26,22 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Automatic IP Address Allocation Using IPAM + +IPAM (IP address management) provides the ability to effectively manage, control, monitor, and assign IP address space within a company. It automates IP address management tasks in a centralized and easily accessible manner. Currently, IP addresses are managed in Excel sheets, which is inefficient. Info blocks NIOA appliance provides IPAM functionality as a seamless extension of distributed grid framework, DNS, and DHCP with a unified management console. + +The current architecture involves a grid master and various AWS cloud accounts. API calls are made to interact with the grid. Extensible attributes have been defined for cloud usage, including space owner, company, subnet name, compartment type, and status. + +The current VPC provisioning approach involves collecting data from the business unit (BU) regarding their IP address needs. The SRE team raises a request to the network team, who calculates the optimal CIDR range and updates a spreadsheet. The SRE team then prepares a YAML file to provision the VPC. *Managing the IP address in a spreadsheet takes time and it's not a good approach.* + +The new approach automates subnet calculation using Infoblox NIOS. If the requested network address is less than 24, the VPC module is run. If it is more than 24, mandatory approval from the network team is required. The key difference is that IP addresses are no longer requested from the network team, and the network.yml file is not prepared manually. NIOS automatically provides the next available IP address. + +The new YAML file includes a new info blocks block with business contact, engineering contact, and date. It does not contain CIDR subnet IP addresses. Instead, it specifies the desired subnet size (e.g., /22). A parent cider is included, which is a constant value per region. The VPC name is now included in the YAML file, allowing for multiple VPCs. + +The new system is fully automated, querying info box to get the next available block and provision accordingly. It aims to reduce handoffs and provide a single source of truth. The system is backward compatible, meaning existing VPC configurations using the old YAML file will continue to work. The goal is for any new VPC that we don't have to engage the network team every time we want to create a VPC with the subnets. + +The implementation also allows for specifying availability zone IDs for subnets. *We are not asking for IP address from the network team.* The system also supports de-provisioning, where destroying a VPC will remove all entries from the IPAM grid. Safeguards are in place to prevent accidental deletion of VPCs, such as requiring a special flag in Terragrant.htl. + --- diff --git a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-45-automatic-ip-address-allocation-with-ipam.md.bak b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-45-automatic-ip-address-allocation-with-ipam.md.bak new file mode 100644 index 00000000..8ac4759d --- /dev/null +++ b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-45-automatic-ip-address-allocation-with-ipam.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 45 Automatic IP address allocation with IPAM +type: cloud-learning +source-type: video +category: DevOps & SRE/08_Networking +tags: + - AWS + - IPAM + - Networking + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 45_ Automatic IP address allocation with IPAM.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 45 Automatic IP address allocation with IPAM + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 45_ Automatic IP address allocation with IPAM.mp4` + +**Type:** VIDEO | **Category:** 08_Networking + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-61-workload-vpc-provision-with-ipam-automation.md b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-61-workload-vpc-provision-with-ipam-automation.md index e02f3576..0c4ee4ec 100644 --- a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-61-workload-vpc-provision-with-ipam-automation.md +++ b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-61-workload-vpc-provision-with-ipam-automation.md @@ -1,8 +1,8 @@ --- -title: "CTP Topic 61 Workload VPC provision with IPAM Automation" +title: CTP Topic 61 Workload VPC provision with IPAM Automation type: cloud-learning source-type: video -category: "DevOps & SRE/08_Networking" +category: DevOps & SRE/08_Networking tags: - AWS - VPC @@ -10,9 +10,9 @@ tags: - Automation - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 61_ Workload VPC provision with IPAM Automation.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 61_ Workload VPC provision with IPAM Automation.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 61 Workload VPC provision with IPAM Automation @@ -27,7 +27,16 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## IPAM and Workload VPC Provisioning Automation + +Pushka, a principal SRE, presented an overview of IPAM (IP Address Management) and its integration with workload VPC provisioning, including recent enhancements. The session covered the benefits of IPAM, its architecture, and a demo of the automated VPC provisioning process. + +IPAM automates IP address management, eliminating manual intervention and reducing errors. It uses Infoblox grid, which consists of containers and IP addresses, and includes extensible attributes (metadata) for each IP address, such as owner, company, and status. The current workload VPC approach is automated, using IPAM YAML files that specify parameters like business contact, engineering contact, and parent CIDR. *We don't need to worry about IP address. If it's beyond IP address is 22 or greater, then only we need to take the approval.* Availability Zone IDs (az id) are used instead of names (az name) to avoid inconsistencies. + +Enhancements include provisioning multiple VPCs, email notifications, additional CIDR support, non-routable IP address support (using 10.2.0.0/16), and approval requirements for /22 or smaller CIDR blocks. Overlapping IP addresses are prevented by Infoblox grid, which manages all IP addresses. A demo showed how to provision a VPC, including the justification process for larger CIDR blocks. *So we just need to put the information at the right place and everything will work.* + +The approval process for CIDR blocks smaller than /22 involves submitting a justification that is reviewed by the network team. If approved, the VPC provisioning proceeds; otherwise, it fails. Email notifications are sent to the user and the network team throughout the process. Infoblox maintains a list of provisioned IPs against each AWS account, accessible via the Infoblox grid interface. The Infoblox architecture includes a master database in a Houston data center, with redundant systems for DNS, NTP, and DHCP services. + --- diff --git a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-61-workload-vpc-provision-with-ipam-automation.md.bak b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-61-workload-vpc-provision-with-ipam-automation.md.bak new file mode 100644 index 00000000..762db648 --- /dev/null +++ b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-61-workload-vpc-provision-with-ipam-automation.md.bak @@ -0,0 +1,52 @@ +--- +title: CTP Topic 61 Workload VPC provision with IPAM Automation +type: cloud-learning +source-type: video +category: DevOps & SRE/08_Networking +tags: + - AWS + - VPC + - IPAM + - Automation + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 61_ Workload VPC provision with IPAM Automation.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 61 Workload VPC provision with IPAM Automation + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 61_ Workload VPC provision with IPAM Automation.mp4` + +**Type:** VIDEO | **Category:** 08_Networking + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-69-best-practices-for-migrating-on-premises-iod-virtual-machines-to-vm.md b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-69-best-practices-for-migrating-on-premises-iod-virtual-machines-to-vm.md index bd371d00..5672a87a 100644 --- a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-69-best-practices-for-migrating-on-premises-iod-virtual-machines-to-vm.md +++ b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-69-best-practices-for-migrating-on-premises-iod-virtual-machines-to-vm.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 69 Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A" +title: CTP Topic 69 Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A type: cloud-learning source-type: video -category: "DevOps & SRE/08_Networking" +category: DevOps & SRE/08_Networking tags: - VMware - Migration - VMWare-Cloud-AWS - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 69_ Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 69_ Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 69 Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A @@ -26,7 +26,14 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> The session covers best practices for migrating on-premises virtual machines to VMware Cloud on AWS, based on experience and consultant support from VMware. It includes an overview of VMware Cloud, its deployment, security considerations, migration practices, automation, and a live demo. + +The VMware Cloud environment is hosted on AWS infrastructure, offering services like vSphere, connectivity, and firewalls. It enables seamless migration of workloads with minimal changes, saving time and reducing downtime. *It hardly takes a VM migration with few minutes, which will enable them operated in the cloud infrastructure.* Benefits include easy deployment, interoperability, and infrastructure on demand. The architecture involves connecting the on-premises cloud to the Frankfurt AWS region via Direct Connect, utilizing a virtual transit gateway for seamless migration connectivity. The infrastructure includes compute and management gateways, with the latter managed by VMware and AWS. + +Network and security considerations include using segments (VLANs), VPNs, NATs, and firewalls. The setup involves connecting customer premises to the VMware cloud through BGP protocol and a virtual gateway. HCX (Hybrid Cloud Extender) facilitates multi-cloud management, allowing viewing of on-premises vSphere from STDC and vice versa. Account structure involves VMware owning the STDC, with clusters and ESX nodes (EC2 bare metal instances) managed by VMware. Cost implications involve data transfer charges, with costs varying based on the number of STDCs and regions. *Anything which leaves definitely attracts cost.* Workload migration involves assessing compute sizing, configuration, and network requirements. Pre- and post-migration activities are automated, gathering metrics and configuring settings. HCX manager is used for seamless migrations, supporting up to 200 VMs per iteration. + +Two migration methods are used: the UI method provided by VMware Cloud and a solution developed by the CCOE team using over-sell scripts. The UI method is straightforward, while the CCOE solution uses an input file with VM details for automated migration. Post-migration, VMs are managed through a Brown to Manage system, integrating SMACS suite and HCMX with a content pack for user management. The demo showcased preparing an input file, accessing HCX appliance in vCenter, configuring interconnect settings, and initiating migration. Post-migration tasks include ensuring proper network adapter connections and enabling tags for end-user access. + --- diff --git a/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-69-best-practices-for-migrating-on-premises-iod-virtual-machines-to-vm.md.bak b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-69-best-practices-for-migrating-on-premises-iod-virtual-machines-to-vm.md.bak new file mode 100644 index 00000000..65feb6bf --- /dev/null +++ b/knowledgebase/DevOps & SRE/08_Networking/ctp-topic-69-best-practices-for-migrating-on-premises-iod-virtual-machines-to-vm.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 69 Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A +type: cloud-learning +source-type: video +category: DevOps & SRE/08_Networking +tags: + - VMware + - Migration + - VMWare-Cloud-AWS + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 69_ Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 69 Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 69_ Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A.mp4` + +**Type:** VIDEO | **Category:** 08_Networking + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/09_Serverless_AI/hands-on-aiops-best-practices-guide-to-implementing-aiops.md b/knowledgebase/DevOps & SRE/09_Serverless_AI/hands-on-aiops-best-practices-guide-to-implementing-aiops.md deleted file mode 100644 index c4f26641..00000000 --- a/knowledgebase/DevOps & SRE/09_Serverless_AI/hands-on-aiops-best-practices-guide-to-implementing-aiops.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: "Hands-on AIOps Best Practices Guide to Implementing AIOps" -type: cloud-learning -source-type: pdf -category: "DevOps & SRE/09_Serverless_AI" -tags: - - AIOps - - Best-Practices -date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Hands-on AIOps Best Practices Guide to Implementing AIOps.pdf" -audio-source: "" -status: raw ---- - -# Hands-on AIOps Best Practices Guide to Implementing AIOps - -**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Hands-on AIOps Best Practices Guide to Implementing AIOps.pdf` - -**Type:** PDF | **Category:** 09_Serverless_AI - -**Status:** 🟡 Awaiting Whisper transcription → Summary - ---- - -## 摘要 - -> 待转录后由 LLM 生成 - ---- - -## 关键概念 - -- - ---- - -## 行动项 - -- - ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-introduction-to-artificial-intelligence-ai-machin.md b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-introduction-to-artificial-intelligence-ai-machin.md index fad6d9af..d19a4722 100644 --- a/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-introduction-to-artificial-intelligence-ai-machin.md +++ b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-introduction-to-artificial-intelligence-ai-machin.md @@ -10,7 +10,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions-Introduction to Artificial Intelligence (AI) Machine Learning (ML) - 20240206_160153-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions-Introduction to Artificial Intelligence (AI) Machine Learning (ML) - 20240206 160153-Meeting Recording @@ -23,28 +23,20 @@ status: raw --- -## 摘要 +## Introduction to AI/ML with AWS -> 待转录后由 LLM 生成 +The session introduces AI/ML, generative AI in AWS, and implementing the data science lifecycle in AWS, presented by Suraav Paul, AWS Senior Solutions Architect. It covers how AI/ML is transforming businesses and how Amazon and AWS are accelerating this transformation. ---- +AI replicates tasks needing human intelligence, often seeking probabilistic outcomes via machine learning, which uses data to create decision logic or models. Classification AI identifies patterns, predictive AI forecasts trends, and generative AI creates content using foundation models (FMs). Amazon has invested in ML for 20 years, using it for recommendations, robotics, forecasting, and Alexa. -## 关键概念 +AWS helps customers use AI in four areas: enhancing customer experiences, enabling better decisions, improving operations, and creating new products. The AI Use Case Explorer helps customers find relevant AI use cases. Responsible AI includes fairness, explainability, robustness, governance, transparency, and privacy/security. AWS offers pre-built algorithms, models, and solutions, democratizing access to AI/ML with tools like Amazon SageMaker Canvas. -- +*We believe most customer experiences and applications will be reinvented with generative AI, powered by foundation models with billions of parameters.* ---- +Amazon Bedrock is a fully managed service for building and scaling generative AI applications with foundation models, allowing customization with proprietary data while maintaining security and privacy. Bedrock offers access to various FMs, including Amazon Titan models, which provide capabilities, competitive pricing, and strong performance. Data customization techniques include fine-tuning (using labeled datasets) and continued pre-training (using unlabeled datasets). Retrieval augmented generation (RAG) fetches data from company sources for relevant responses. Agents for Amazon Bedrock plan and execute multi-step tasks using company systems and data sources. Guardrails for Amazon Bedrock enables safeguards tailored to application requirements and responsible AI policies. -## 行动项 +ML Ops combines machine learning and operations, involving people, technology, and processes for collaborative ML solutions. It requires a diverse team and a culture that encourages collaboration. The ML Ops process includes data, training, and inference pipelines. The data pipeline involves data collection, integration, and preparation using services like Amazon S3 and Amazon Redshift. The training pipeline focuses on feature engineering, model training, and hyperparameter tuning using SageMaker. The inference pipeline deploys and monitors models using SageMaker's real-time endpoint. ML Ops addresses concerns around data provenance, model management, and deployment workflows, in addition to DevOps practices like CI/CD and monitoring. -- +During the Q&A, it was clarified that training data used from a company won't be used generally by the model. For first-party models, no additional licensing is needed, but third-party models have their own licensing agreements. Bedrock stores data only for the request-response cycle, ensuring data privacy. Previously trained models can be imported to SageMaker, while Bedrock offers a managed environment without needing to manage deployment infrastructure. ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +*AI is a way to describe any system that can replicate tasks that previously required human intelligence.* diff --git a/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-introduction-to-artificial-intelligence-ai-machin.md.bak b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-introduction-to-artificial-intelligence-ai-machin.md.bak new file mode 100644 index 00000000..fad6d9af --- /dev/null +++ b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-introduction-to-artificial-intelligence-ai-machin.md.bak @@ -0,0 +1,50 @@ +--- +title: "Public Cloud Learning Sessions-Introduction to Artificial Intelligence (AI) Machine Learning (ML) - 20240206 160153-Meeting Recording" +type: cloud-learning +source-type: video +category: "DevOps & SRE/09_Serverless_AI" +tags: + - AI + - ML + - Machine-Learning +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions-Introduction to Artificial Intelligence (AI) Machine Learning (ML) - 20240206_160153-Meeting Recording.mp4" +audio-source: "" +status: raw +--- + +# Public Cloud Learning Sessions-Introduction to Artificial Intelligence (AI) Machine Learning (ML) - 20240206 160153-Meeting Recording + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions-Introduction to Artificial Intelligence (AI) Machine Learning (ML) - 20240206_160153-Meeting Recording.mp4` + +**Type:** VIDEO | **Category:** 09_Serverless_AI + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-ai-use-cases-20241126-160106-meeting-rec.md b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-ai-use-cases-20241126-160106-meeting-rec.md index ae97ecbb..2882b2a8 100644 --- a/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-ai-use-cases-20241126-160106-meeting-rec.md +++ b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-ai-use-cases-20241126-160106-meeting-rec.md @@ -10,7 +10,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- AI Use Cases - 20241126_160106-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions (OpenText)- AI Use Cases - 20241126 160106-Meeting Recording @@ -23,28 +23,14 @@ status: raw --- -## 摘要 +## AI Use Cases with AWS Experts -> 待转录后由 LLM 生成 +Stephen Frank, an AWS AI specialist, discusses AI innovation opportunities, leveraging data, and accelerating AI use cases. The session covers the evolution of AI, from its focus on mimicking human behavior to machine learning, deep learning, and the current Gen2 AI using large language models (LLMs). ---- +Key factors driving the growth of Gen2 AI include the massive increase in data production since the 2000s and the availability of greater computational capacity. Cloud computing has enabled machine learning by providing the necessary resources. Enterprise software companies are early adopters of generative AI, integrating it into their core products for customer-facing applications. -## 关键概念 +Amazon has been using AI and machine learning in its core products and services for 25 years, applying its learnings to new offerings for customers. Common AI use cases include creating new customer experiences, extrapolating core insights from data, automating processes, and generating new content. For enterprise software, AI can optimize internal processes, enable new features, and create new offerings. *Data is key to differentiation, as generative AI applications integrate with existing business data to control outcomes.* Various methods exist for working with data, including retrieval-augmented generation (RAG), fine-tuning, and continued pre-training. -- +AWS offers a three-layered product strategy: infrastructure for foundation model training and inferences, Amazon Bedrock (a flagship product providing API access to various foundation models), and ready-to-use AI applications. Amazon SageMaker is a fully managed machine learning platform for data scientists and platform engineers. Amazon Bedrock allows access to various models without third-party access to data, ensuring GDPR compliance. Amazon Q is a pre-built AI system for knowledge summarization, content creation, and insight extraction, connecting to various data sources using natural language prompts. ---- - -## 行动项 - -- - ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +Key considerations for AI implementation include fostering a culture of experimentation, ensuring flexibility in model selection, and prioritizing security, governance, and compliance. Responsible AI practices, including fairness, explainability, and transparency, are crucial. Best practices include prioritizing people, assessing risk, and iterating across the AI lifecycle. *When implementing your services, we do have to look at this more holistically.* diff --git a/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-ai-use-cases-20241126-160106-presentatio.md b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-ai-use-cases-20241126-160106-meeting-rec.md.bak similarity index 80% rename from knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-ai-use-cases-20241126-160106-presentatio.md rename to knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-ai-use-cases-20241126-160106-meeting-rec.md.bak index cdf98bd2..ae97ecbb 100644 --- a/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-ai-use-cases-20241126-160106-presentatio.md +++ b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-ai-use-cases-20241126-160106-meeting-rec.md.bak @@ -1,24 +1,23 @@ --- -title: "Public Cloud Learning Sessions (OpenText)- AI Use Cases - 20241126 160106-Presentation" +title: "Public Cloud Learning Sessions (OpenText)- AI Use Cases - 20241126 160106-Meeting Recording" type: cloud-learning -source-type: pdf +source-type: video category: "DevOps & SRE/09_Serverless_AI" tags: - AI - Use-Cases - OpenText - - Presentation date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- AI Use Cases - 20241126_160106-Presentation.pdf" +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- AI Use Cases - 20241126_160106-Meeting Recording.mp4" audio-source: "" status: raw --- -# Public Cloud Learning Sessions (OpenText)- AI Use Cases - 20241126 160106-Presentation +# Public Cloud Learning Sessions (OpenText)- AI Use Cases - 20241126 160106-Meeting Recording -**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- AI Use Cases - 20241126_160106-Presentation.pdf` +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- AI Use Cases - 20241126_160106-Meeting Recording.mp4` -**Type:** PDF | **Category:** 09_Serverless_AI +**Type:** VIDEO | **Category:** 09_Serverless_AI **Status:** 🟡 Awaiting Whisper transcription → Summary diff --git a/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-event-driven-architecture-part-1-2024091.md b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-event-driven-architecture-part-1-2024091.md index 232dcd65..f074b6d9 100644 --- a/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-event-driven-architecture-part-1-2024091.md +++ b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-event-driven-architecture-part-1-2024091.md @@ -20,7 +20,7 @@ status: processed **Type:** VIDEO | **Category:** 09_Serverless_AI -**Status:** 🟢 Processed +**Status:** ✅ 已完成(Gemini 摘要) --- diff --git a/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-event-driven-architecture-part-2-2024091.md b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-event-driven-architecture-part-2-2024091.md index 019a9c43..406e7f3c 100644 --- a/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-event-driven-architecture-part-2-2024091.md +++ b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-event-driven-architecture-part-2-2024091.md @@ -11,7 +11,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- Event Driven Architecture - part 2 - 20240917_161635-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions (OpenText)- Event Driven Architecture - part 2 - 20240917 161635-Meeting Recording @@ -24,28 +24,28 @@ status: raw --- -## 摘要 +## Event-Driven Architecture Best Practices -> 待转录后由 LLM 生成 +Event-driven architecture helps decouple applications, allowing for logical decomposition of business functionality. It enables process isolation, which can be scaled and monitored independently, minimizing the impact of failures in one part of the system on the rest. *Event is nothing but it's like a change in the state or an update*. ---- +In event-driven architecture, there are three parts: event producer, event consumer, and event broker. Event brokers can be event routers (SNS, EventBridge) or event stores (SQS, Kinesis). Event routers filter events and route them to the right consumer, while event stores stream events and require consumers to filter the events they want. EventBridge is more feature-rich than SNS, allowing events from a source product to trigger other AWS services. -## 关键概念 +Choreography involves different microservices communicating with each other, while orchestration happens within the same microservice. AWS Step Functions is a workflow service that builds state machines, where each step is a state and transitions move from one state to the next. -- +### Best Practices for Event-Driven Architecture ---- +When designing systems, especially microservices, it's important to consider best practices for event-driven architecture. Events can be sparse (minimal information) or full state descriptions (many details). Sparse events are small and great for frequently changing data, but may require consumers to retrieve more details, potentially overwhelming services. Full state descriptions include more detail, but may be limited by EventBridge payload sizes. -## 行动项 +Idempotency ensures that executing the same request multiple times yields the same result. Services processing events should follow idempotency to avoid unintended side effects. AWS Lambda automatically retries asynchronous invocations, so idempotency is crucial for managing orders and payments. -- +To increase scale and resiliency, an event store like SQS can buffer events between microservices. SQS holds messages until services are available to process them. For unordered events, EventBridge or standard SQS queues can be used, but applications must handle out-of-order messages. To preserve event ordering, SQS FIFO or Kinesis Data Streams can be used. ---- +### Team Independence -## 相关视频 +When implementing event-driven architectures, it's important to consider team independence. Platform teams create the foundational layer, while consumer teams use events for various purposes. Decentralized ownership is generally preferred over centralized ownership. Fan-out patterns using SNS topics or EventBridge rules can distribute events to different teams. -> 配对视频笔记链接(生成后填入) +Best practices include a cloud center of excellence, decentralized team ownership, centralized networking, security, and observability strategies. Common messaging patterns include the competing consumer pattern, where only one consumer can consume a message at a time (achieved with SQS). Hybrid deliveries use EventBridge rules to route messages to different microservices. ---- +### Common Messaging Patterns -*最后更新: 2026-04-14* +Streams and routers involve choreographing or orchestrating services based on event rules. EventBridge can route requests to specific microservices based on rules. Best practices for EventBridge include using single rule per subscriber, avoiding the default event bus for custom events, and using dead-letter queues to handle failed events. *Everything fails every time means like whatever you have designed and whatever workload you are running it may fail any time*. diff --git a/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-event-driven-architecture-20240917-16163.md b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-event-driven-architecture-part-2-2024091.md.bak similarity index 72% rename from knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-event-driven-architecture-20240917-16163.md rename to knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-event-driven-architecture-part-2-2024091.md.bak index e2c9b94c..019a9c43 100644 --- a/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-event-driven-architecture-20240917-16163.md +++ b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-event-driven-architecture-part-2-2024091.md.bak @@ -1,23 +1,24 @@ --- -title: "Public Cloud Learning Sessions (OpenText)- Event Driven Architecture - 20240917 161635 - presentation" +title: "Public Cloud Learning Sessions (OpenText)- Event Driven Architecture - part 2 - 20240917 161635-Meeting Recording" type: cloud-learning -source-type: pdf +source-type: video category: "DevOps & SRE/09_Serverless_AI" tags: - EDA + - Event-Driven - Architecture - OpenText date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- Event Driven Architecture - 20240917_161635 - presentation.pdf" +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- Event Driven Architecture - part 2 - 20240917_161635-Meeting Recording.mp4" audio-source: "" status: raw --- -# Public Cloud Learning Sessions (OpenText)- Event Driven Architecture - 20240917 161635 - presentation +# Public Cloud Learning Sessions (OpenText)- Event Driven Architecture - part 2 - 20240917 161635-Meeting Recording -**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- Event Driven Architecture - 20240917_161635 - presentation.pdf` +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- Event Driven Architecture - part 2 - 20240917_161635-Meeting Recording.mp4` -**Type:** PDF | **Category:** 09_Serverless_AI +**Type:** VIDEO | **Category:** 09_Serverless_AI **Status:** 🟡 Awaiting Whisper transcription → Summary diff --git a/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-generative-ai-prompt-engineering-2024111.md b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-generative-ai-prompt-engineering-2024111.md index 37f97503..a729e3f5 100644 --- a/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-generative-ai-prompt-engineering-2024111.md +++ b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-generative-ai-prompt-engineering-2024111.md @@ -10,7 +10,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- Generative AI & Prompt Engineering - 20241112_160112-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions (OpenText)- Generative AI & Prompt Engineering - 20241112 160112-Meeting Recording @@ -23,28 +23,30 @@ status: raw --- -## 摘要 +## Generative A.I. and Front-Engineering -> 待转录后由 LLM 生成 +The learning session covers Generative A.I. on AWS, common use cases, AWS services like Amazon Q, Amazon Better or Amazon SageMaker, and the basics of Front-Engineering. Basic familiarity with Generative A.I. concepts and terminology is required. ---- +Shikad Holtzman, a technical account manager based in Israel, discusses innovation opportunities, common use cases across industries, and how to make Generative AI applications valuable for business using data. The presentation includes AWS services and prompt engineering concepts. -## 关键概念 +Generative AI can create value by creating new experiences, boosting employee productivity, extracting insights, and fostering creativity. Use cases span customer experience (chatbots, virtual assistants), employee activities (code generation, summarization), business operations (document processing), and creative tasks (image generation). Amazon uses AI/ML, including Generative AI, for innovation, such as summarizing customer reviews on product pages. -- +*Your data is your differentiator and it is what makes the difference between generic application to a specific application that can actually bring business to your value, to your business, sorry.* ---- +To create specific generative applications, techniques include retrieval augmented generation, fine-tuning, and continued retraining. Retrieval augmented generation is the cheapest and easiest, connecting multiple data sources without retraining the model. Fine-tuning involves retraining the model with labeled examples. Continued retraining adapts the model to a specific domain using unlabeled data. -## 行动项 +AWS allows users to move quickly, use their own data, and scale using its global infrastructure. The AWS Generative AI stack has three layers: infrastructure, services (Amazon Bedrock), and applications. -- +Amazon SageMaker is a managed service for the entire life cycle of building, training, and deploying foundation models. SageMaker Jumpstart provides access to publicly available foundation models and third-party models. AWS also offers dedicated chips like AWS trainium and AWS inferencia for training and inference. ---- +Amazon Bedrock is a fully managed service providing access to a wide range of foundation models from Anthropic, Meta, and Amazon (Titan models), including multi-modal and image models. Bedrock includes customization options, a managed RAG solution (knowledge bases), fine-tuning, continued training, agents, and responsible AI capabilities. -## 相关视频 +*None of your data nor not the prompts, not the data that you are using for customizing the model is being shared with the model providers.* -> 配对视频笔记链接(生成后填入) +Guardrails for Amazon Bedrock allow users to filter harmful content based on their own policies. ---- +Amazon Q is an AI-powered assistant with flavors like Amazon Q for business and Amazon Q developer. Amazon Q for business connects to multiple data sources for search, summarization, and insight extraction, maintaining existing permissions. Amazon Q for developer focuses on code generation, unit testing, and code migration. -*最后更新: 2026-04-14* +Prompt engineering involves creating, designing, and optimizing prompts to guide the LLM's response, ensuring accuracy and relevancy. LLMs are trained on data created by humans, so prompts should consider human responses. The process is iterative, involving testing and refining prompts against use cases. Instructions should be clear, accurate, and specific. + +Components of a prompt include instructions, context, user input, and an output indicator. Basic techniques include one-shot prompting and few-shot prompting, where examples are provided to the model. Chain of thoughts involves providing the model with step-by-step thinking to solve complex tasks. diff --git a/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-generative-ai-prompt-engineering-2024111.md.bak b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-generative-ai-prompt-engineering-2024111.md.bak new file mode 100644 index 00000000..37f97503 --- /dev/null +++ b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-generative-ai-prompt-engineering-2024111.md.bak @@ -0,0 +1,50 @@ +--- +title: "Public Cloud Learning Sessions (OpenText)- Generative AI & Prompt Engineering - 20241112 160112-Meeting Recording" +type: cloud-learning +source-type: video +category: "DevOps & SRE/09_Serverless_AI" +tags: + - Generative-AI + - Prompt-Engineering + - OpenText +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- Generative AI & Prompt Engineering - 20241112_160112-Meeting Recording.mp4" +audio-source: "" +status: raw +--- + +# Public Cloud Learning Sessions (OpenText)- Generative AI & Prompt Engineering - 20241112 160112-Meeting Recording + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- Generative AI & Prompt Engineering - 20241112_160112-Meeting Recording.mp4` + +**Type:** VIDEO | **Category:** 09_Serverless_AI + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-serverless-computing-20240903-160139-mee.md b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-serverless-computing-20240903-160139-mee.md index 4f06a228..2ec550e5 100644 --- a/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-serverless-computing-20240903-160139-mee.md +++ b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-serverless-computing-20240903-160139-mee.md @@ -11,7 +11,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- Serverless Computing - 20240903_160139-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions (OpenText)- Serverless Computing - 20240903 160139-Meeting Recording @@ -24,28 +24,14 @@ status: raw --- -## 摘要 +## Serverless Computing on AWS -> 待转录后由 LLM 生成 +This session covers serverless computing with a focus on AWS Lambda, step functions, and API Gateway. Modern businesses face pressure to innovate quickly, maintain security and compliance, respond to events, and increase profitability. Serverless computing simplifies cloud application management by shifting operational tasks to the cloud provider, allowing development teams to focus on code. ---- +Customers adopt serverless models for faster time to market, business focus, lower TCO, pay-per-use, scalability, and built-in security. AWS offers a range of serverless services, including Lambda, Fargate, and EventBridge. AWS and the customer share operational responsibilities. AWS manages infrastructure in serverless environments, while customers manage code. -## 关键概念 +AWS compute offerings include EC2, Fargate, and Lambda. EC2 offers flexibility and control, while Lambda allows developers to focus on business logic. *Lambda functions are triggered by events, which are changes in state.* Lambda handles load balancing, auto scaling, and security. Lambda functions can be triggered synchronously, asynchronously, or via event source mapping. When writing Lambda functions, developers need to consider the handler, event object, and context. -- +Lambda permissions include execution roles (what the Lambda function can do) and resource-based policies (who can trigger the Lambda function). AWS Lambda includes a dashboard and metrics reported to CloudWatch, such as requests, errors, latency, and throttling. Amazon Q can be used to debug Lambda functions. Test events can be created to test Lambda functions. Versioning and aliases are important for managing code changes. *Whenever you see that you have written code and you want that this code is final, you can publish as a new version.* Lambda layers allow sharing common code across multiple Lambda functions. Lambda supports both x86 and ARM64 architectures. ARM64 offers better price performance. Lambda power tuning can be used to compare performance and cost. ---- - -## 行动项 - -- - ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +Step functions orchestrate multiple AWS services. Step functions are serverless workflow services based on state machines. Step functions have two flavors: standard and express. API Gateway is a managed service for creating, publishing, and securing APIs. API Gateway offers edge-optimized, regional, and private options. The Serverless Application Model (SAM) is a tool for local development and deployment of serverless applications. SAM is built on top of CloudFormation. SAM local can be used to test Lambda functions locally. diff --git a/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-serverless-computing-20240903-160139-mee.md.bak b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-serverless-computing-20240903-160139-mee.md.bak new file mode 100644 index 00000000..4f06a228 --- /dev/null +++ b/knowledgebase/DevOps & SRE/09_Serverless_AI/public-cloud-learning-sessions-opentext-serverless-computing-20240903-160139-mee.md.bak @@ -0,0 +1,51 @@ +--- +title: "Public Cloud Learning Sessions (OpenText)- Serverless Computing - 20240903 160139-Meeting Recording" +type: cloud-learning +source-type: video +category: "DevOps & SRE/09_Serverless_AI" +tags: + - Serverless + - AWS + - Lambda + - OpenText +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- Serverless Computing - 20240903_160139-Meeting Recording.mp4" +audio-source: "" +status: raw +--- + +# Public Cloud Learning Sessions (OpenText)- Serverless Computing - 20240903 160139-Meeting Recording + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- Serverless Computing - 20240903_160139-Meeting Recording.mp4` + +**Type:** VIDEO | **Category:** 09_Serverless_AI + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-10-aws-landing-zone-lz-data-collection-tagging-related-security.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-10-aws-landing-zone-lz-data-collection-tagging-related-security.md index 0b2ad2f1..125fc98e 100644 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-10-aws-landing-zone-lz-data-collection-tagging-related-security.md +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-10-aws-landing-zone-lz-data-collection-tagging-related-security.md @@ -8,7 +8,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 10_ AWS  Landing Zone (LZ) Data Collection, Tagging _ Related Security.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 10 AWS Landing Zone (LZ) Data Collection, Tagging Related Security @@ -23,7 +23,18 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## AWS Landing Zones: Data Collection, Tagging, and Security + +The session focuses on AWS landing zones, specifically data collection, tagging, and related security measures, including a demo. The primary goal is to explain tagging, its purpose, and how it's changing security practices. + +A high-level review of deploying a new landing zone covers OUs, SCPs (security control policies), and resource tagging. The discussion highlights how firewalls interact with tagged resources and the advantages over traditional firewall rules. Pradeep demonstrates the firewall and its policy sets, along with an EC2 deployment example to illustrate policy enforcement. + +*We ask a lot of questions so that we can then turn around and make sure we're putting the appropriate posture in the cloud and that we're protecting the resources appropriately.* A new strategy using layers of OUs to examine tags ensures correct tagging and necessary security controls. For instance, an ADM user cannot alter their tag to ITOM. SCPs are deny policies that grant resource access based on tag matching. When collecting machine information, the focus is on understanding what's being moved to the cloud and applying appropriate tags. + +An example tag base includes machine names, owners (preferably PDLs), types (e.g., R&D), business units, products, environments (e.g., production), server roles, accounts, and app IDs. A layered approach is used in the firewall policies, starting with geo-blocking and progressing through type, BU, product, environment, and role checks. *Inter product is not allowed. Inter product is communications allowed.* The introduction of inline layers checks account numbers, streamlining rule management and automation. Tagging enables dynamic cloud environments without constant firewall adjustments, as policies are tag-based rather than IP-based. + +The demo shows a Checkpoint firewall setup in the Frankfurt landing zone, reviewing tags and policy configurations. It demonstrates deploying an EC2 instance with tags and the errors that occur when tags are missing or incorrect. SCPs control which tags can be used in specific accounts. The ordered layer requires traffic to pass through each layer sequentially, while the inline layer uses a parent-child rule structure based on account numbers. + --- diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-20-program-demand-process-flow-and-poc-onboarding.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-20-program-demand-process-flow-and-poc-onboarding.md index a72ad549..31c438d2 100644 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-20-program-demand-process-flow-and-poc-onboarding.md +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-20-program-demand-process-flow-and-poc-onboarding.md @@ -11,7 +11,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 20_ Program demand process flow and PoC onboarding.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 20 Program demand process flow and PoC onboarding @@ -20,7 +20,7 @@ status: summarized **Type:** VIDEO | **Category:** 10_OpenText-Series -**Status:** 🟡 Awaiting Whisper transcription → Summary +**Status:** ✅ 已完成(Gemini 摘要) --- diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-23-introduction-to-the-technical-architecture-team-and-function.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-23-introduction-to-the-technical-architecture-team-and-function.md index 80c80d79..ed129e15 100644 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-23-introduction-to-the-technical-architecture-team-and-function.md +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-23-introduction-to-the-technical-architecture-team-and-function.md @@ -10,7 +10,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 23_ Introduction to the Technical Architecture team and function.mp4" audio-source: "" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 23 Introduction to the Technical Architecture team and function @@ -19,7 +19,7 @@ status: summarized **Type:** VIDEO | **Category:** 10_OpenText-Series -**Status:** 🟡 Awaiting Whisper transcription → Summary +**Status:** ✅ 已完成(Gemini 摘要) --- diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-30-managing-change.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-30-managing-change.md index 21b670fa..79e3b665 100644 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-30-managing-change.md +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-30-managing-change.md @@ -11,7 +11,7 @@ date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 30_ Managing change.mp4" audio-source: "/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 30_ Managing change.mp3" transcript-source: "/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 30_ Managing change.txt" -status: summarized +status: summarized (Gemini 摘要) --- # CTP Topic 30 Managing change @@ -20,7 +20,7 @@ status: summarized **Type:** VIDEO | **Category:** 10_OpenText-Series -**Status:** ✅ 已完成 +**Status:** ✅ 已完成(Gemini 摘要) **讲者:** Brendan Starnig (SRE Function Lead, Platform Engineering) diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-4-using-agile-to-run-the-cloud-transformation-program.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-4-using-agile-to-run-the-cloud-transformation-program.md index 0b025e53..deacc60e 100644 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-4-using-agile-to-run-the-cloud-transformation-program.md +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-4-using-agile-to-run-the-cloud-transformation-program.md @@ -1,16 +1,16 @@ --- -title: "CTP Topic 4 Using Agile to run the Cloud Transformation Program" +title: CTP Topic 4 Using Agile to run the Cloud Transformation Program type: cloud-learning source-type: video -category: "DevOps & SRE/10_OpenText-Series" +category: DevOps & SRE/10_OpenText-Series tags: - Agile - Cloud-Transformation - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 4_ Using Agile to run the Cloud Transformation Program.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 4_ Using Agile to run the Cloud Transformation Program.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 4 Using Agile to run the Cloud Transformation Program @@ -25,7 +25,16 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Agile Framework and Cloud Transformation Program + +Heather Norris, project manager on the cloud transformation program, discussed the agile principles and methodologies used, covering the journey from its start to current practices, and offering tips for future improvements. Key aspects of agile include team collaboration and communication. The presentation covered agile frameworks, ceremonies (meetings), plan and board activities, and key takeaways. + +The program initially used the Scrum framework with two-week sprints, which included product backlogs, sprint planning, retrospectives, reviews, and daily scrums. *The big problem with Scrum, in my opinion, is that you can't make changes throughout the sprints, we are not advised to.* Due to the inevitable changes in the program, a transition to a Kanban structure with continuous flow was necessary. Kanban allows changes at any time and focuses on continuous delivery rather than releases at the end of each sprint. The current framework is a hybrid, primarily using Kanban but retaining fixed ceremonies from Scrum, specifically daily stand-ups and retrospectives. + +Daily stand-ups are designed to quickly inform everyone of what's going on in the team. These sessions should be brief (15-30 minutes) and focus on updates reflected in the planner board, answering what was completed yesterday, what's being done today, and any blockers. Retrospectives are important for rapid feedback and improving the development culture, helping to understand what's working well and what's not. *Agile is all about getting that rapid feedback to make the product and make the, you know, the development culture better.* Action items with owners should be detailed to drive improvements. + +The Microsoft Planner board is used to manage projects, add user requirements, and centralize information. The board follows a Kanban structure with columns for backlog, to do, in progress, program key decisions, and icebox. Key practices include assigning a single owner to each task, even with multiple contributors, and clearly defining roles such as oversight. Linking dependent cards and using priorities and due dates are also crucial. Changes to prioritization, dates, owners, or progress should always be communicated with comments on the cards. + --- diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-4-using-agile-to-run-the-cloud-transformation-program.md.bak b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-4-using-agile-to-run-the-cloud-transformation-program.md.bak new file mode 100644 index 00000000..f0c1f095 --- /dev/null +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-4-using-agile-to-run-the-cloud-transformation-program.md.bak @@ -0,0 +1,50 @@ +--- +title: CTP Topic 4 Using Agile to run the Cloud Transformation Program +type: cloud-learning +source-type: video +category: DevOps & SRE/10_OpenText-Series +tags: + - Agile + - Cloud-Transformation + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 4_ Using Agile to run the Cloud Transformation Program.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 4 Using Agile to run the Cloud Transformation Program + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 4_ Using Agile to run the Cloud Transformation Program.mp4` + +**Type:** VIDEO | **Category:** 10_OpenText-Series + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-41-nfrs-and-error-budgets.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-41-nfrs-and-error-budgets.md index 5895a54e..28dd5db8 100644 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-41-nfrs-and-error-budgets.md +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-41-nfrs-and-error-budgets.md @@ -1,14 +1,14 @@ --- -title: "CTP Topic 41 NFR’s and Error Budgets" +title: CTP Topic 41 NFR’s and Error Budgets type: cloud-learning source-type: video -category: "DevOps & SRE/10_OpenText-Series" +category: DevOps & SRE/10_OpenText-Series tags: - uncategorized date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 41_ NFR’s and Error Budgets.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 41_ NFR’s and Error Budgets.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 41 NFR’s and Error Budgets @@ -23,7 +23,24 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## NFRs and Error Budgets + +Brendan Standing, head of SRE at Micro Focus, discusses non-functional requirements (NFRs) and error budgets in the context of cloud and agile development. The goal is to drive collaboration between product groups and operations to meet customer expectations, ensure operational requirements in an agile manner, and understand error budget boundaries to deliver features quickly and reliably. + +An NFR is a criterion used to judge a system's operation, while an error budget is the maximum time a system can fail without consequences. Historically, NFRs in on-premise data centers were complex and slowed progress, but the focus now is on agile implementation in the cloud. + +The cloud landscape shifts ownership, with cloud providers handling infrastructure as a service, platform as a service, or software as a service. AWS's shared responsibility model means the company no longer manages data centers but must architect and manage services in the cloud to meet NFRs. *We want to drive collaboration across our product groups and operations to ensure our obligation to our customers.* + +An epic for NFR templates aims to integrate NFRs into sprint backlogs, ensuring consideration for any major change. NFRs should be more prescriptive in the cloud, leveraging cloud-native services. Examples include specific backup procedures using AWS backup with defined cadences and testing, as well as DR planning with quarterly testing and infrastructure as code. + +Error budgets measure the amount of unreliability a service can have before impacting customers. Developers can take more risks if within budget but must make safer choices if not. Error budgets normalize failure and bridge the gap between development and operations. They are derived from service level objectives (SLOs) and measured by service level indicators (SLRs). + +SLRs are quantifiable measures of reliability, SLOs define how a service should perform, and SLAs are customer-level agreements. Error budget equals one less the availability SLO. For example, with a 99.9% uptime SLO, the error budget is 0.1%. *Error budgets normalize failure as part of the development process.* + +Perfect availability is 100%, and the error budget falls between the SLO and 100%. Monitoring capabilities are crucial to measure whether error budgets are met or exceeded. Smaller iterations of changes and well-tested deployments are essential. Monitoring should quickly show whether error budgets are underutilized or exceeded. + +Chaos engineering involves intentionally causing faults to test system resilience and ensure NFRs are met. NFRs should be testable and automated. The next steps involve working with product groups to integrate NFRs into backlogs, refine them, and develop SLOs. + --- diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-41-nfrs-and-error-budgets.md.bak b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-41-nfrs-and-error-budgets.md.bak new file mode 100644 index 00000000..7b1a4c00 --- /dev/null +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-41-nfrs-and-error-budgets.md.bak @@ -0,0 +1,48 @@ +--- +title: CTP Topic 41 NFR’s and Error Budgets +type: cloud-learning +source-type: video +category: DevOps & SRE/10_OpenText-Series +tags: + - uncategorized +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 41_ NFR’s and Error Budgets.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 41 NFR’s and Error Budgets + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 41_ NFR’s and Error Budgets.mp4` + +**Type:** VIDEO | **Category:** 10_OpenText-Series + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-53-why-bother-with-cloud.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-53-why-bother-with-cloud.md index 3c8d39a6..1f71012c 100644 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-53-why-bother-with-cloud.md +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-53-why-bother-with-cloud.md @@ -1,16 +1,16 @@ --- -title: "CTP Topic 53 Why bother with Cloud" +title: CTP Topic 53 Why bother with Cloud type: cloud-learning source-type: video -category: "DevOps & SRE/10_OpenText-Series" +category: DevOps & SRE/10_OpenText-Series tags: - Cloud - Strategy - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 53_ Why bother with Cloud_.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 53_ Why bother with Cloud_.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 53 Why bother with Cloud @@ -25,7 +25,37 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Cloud Transformation Program Update + +The Cloud Transformation Program aims to consolidate infrastructure, reduce costs, and enable innovation across Micro Focus. The program presented its progress and plans to stakeholders, emphasizing cost reduction and increased revenue opportunities through cloud adoption. + +The program addressed the extent of urban sprawl, which refers to the vast amount of infrastructure across data centers. A 2022 presentation to the Executive Leadership Team (ELT) highlighted nearly 20,000 assets across 14 data centers, costing millions in power and rent alone. *Micro Focus has the world's largest commercial footprint.* Despite a $2.5 billion annual revenue, Micro Focus's VMware footprint is larger than companies eight times its size, with hardware utilization under 40%. Migrating three products out of Bublikan led to decommissioning 575 physical servers, replaced by only 240 virtual servers in the cloud. 40% of applications in Redding were simply switched off upon exit, and Houston has 89 empty racks and 360 unused servers. + +The benefits of moving to the cloud extend beyond cost savings, fostering innovation and increasing revenue. Cloud adoption enables product groups to enhance their products, improve disaster recovery, and explore new markets. A cloud-first policy provides a secure and resilient platform for innovation. Accomplishments in the past year include delivering a SAS landing zone, a landing zone in Tokyo, and managing the Dart divestiture. Live customer SAS workloads were migrated out of Redding into the cloud, and a SAS region was established in Oregon. + +## Landing Zones and Terminology + +The program clarified its terminology, particularly the concept of landing zones. Three types of landing zones have been delivered: labs, SAS, and corporate. Labs lack direct internet connectivity and customer data, while SAS zones support customer access and data. Corporate landing zones are a hybrid, hosting internal applications without customer data. The enterprise platform includes public cloud providers (AWS), SRE, CCOE, architecture groups, automation, security, and financial control. + +## Financial Oversight and ROI + +A consistent account tagging framework has been implemented across 609 AWS accounts to improve financial reporting. This framework allows for tracking spending and informing product groups about their consumption. The program is also working to refine figures related to return on investment (ROI), addressing commercial contracts and software components. Cloud adoption enables product groups to be more responsive to customers and open up new revenue opportunities in new regions. + +## Key Objectives and Future Plans + +Major objectives for the current fiscal year include: +* Establishing landing zones in Canada and Australia (completed). +* Standing up a corporate IT landing zone (completed). +* Implementing an AWS account tagging framework (completed). +* Delivering provisioning capabilities for demos and user training (Q2). +* Improving the AWS account creation process (Q2 & Q3). +* Closing the UAHD data center (Q2). +* Migrating workloads out of the classic landing zone (Q2). +* Establishing an Azure landing zone (Q3). +* Moving more workloads onto the enterprise platform (Q4). + +Currently, 55% of AWS costs are spent outside of landing zones, lacking automation, security, and financial control. The program is also focused on utilizing cloud-native services and tools to optimize costs and efficiency. *We're trying to give them the information so that they can understand how they are spending.* + --- diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-53-why-bother-with-cloud.md.bak b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-53-why-bother-with-cloud.md.bak new file mode 100644 index 00000000..409f867e --- /dev/null +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-53-why-bother-with-cloud.md.bak @@ -0,0 +1,50 @@ +--- +title: CTP Topic 53 Why bother with Cloud +type: cloud-learning +source-type: video +category: DevOps & SRE/10_OpenText-Series +tags: + - Cloud + - Strategy + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 53_ Why bother with Cloud_.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 53 Why bother with Cloud + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 53_ Why bother with Cloud_.mp4` + +**Type:** VIDEO | **Category:** 10_OpenText-Series + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-57-product-backlog-managing-demand.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-57-product-backlog-managing-demand.md index 0d21c3ec..660cfb82 100644 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-57-product-backlog-managing-demand.md +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-57-product-backlog-managing-demand.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 57 Product backlog managing demand" +title: CTP Topic 57 Product backlog managing demand type: cloud-learning source-type: video -category: "DevOps & SRE/10_OpenText-Series" +category: DevOps & SRE/10_OpenText-Series tags: - Product-Backlog - Demand-Management - Agile - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 57_ Product backlog_ managing demand.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 57_ Product backlog_ managing demand.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 57 Product backlog managing demand @@ -26,7 +26,22 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## Product Backlog: Managing Demand + +This session covers managing the product backlog, including why it's needed, how it's managed, and its effects. The backlog is a holding area for upcoming features, highlighting needs, benefits, and priorities. Managing it involves understanding the value, importance, effort, and complexity of each piece of work. + +New requests should be submitted through SMACs to start the timer and ensure tracking. While email or chat are acceptable for initial contact, SMACs is the most reliable method. Demand is reviewed in twice-weekly meetings with Matthew Chapman, David Grant, Brendan, and others to assess understanding, value, and priority. A calculator with about 20 questions helps determine the simplicity, cost, and ambition of each request. *We need a way to make sure it's transparent and we're holding everything up to the light and looking everything for the same lens as we are.* + +Once assessed, opportunities move into Octane as features with task lists. New teams undergo a prerequisite phase to align expectations and understand product needs. Planning involves mapping out upcoming work and important dates, typically six sprints ahead. Sprints allocate around 50% for new demand and 50% for support tickets and tech debt. Larger product groups like ADM and ITOM have fortnightly sessions to align plans and priorities. *It means that for ADM they can effectively plan all of the work that's going into their sprints with the engineers that are working solidly on their work.* + +The prerequisite phase is crucial for product teams entering the transformation journey to the enterprise landing zone. It addresses questions about checklists, end goals, and stakeholder involvement. This phase gathers business and technical requirements, translating them into workable designs. Key components include introductory sessions, AWS account creation (reviewed with the PCG team), solution design and refinement, GitHub repository creation, and firewall tag definition. The effort estimate for the product team is about two hours, spread over one or two weeks. + +After the prerequisite phase, SRE engineers build the account and hand it over, providing access details for the console and GitHub. A short demo of EC2 instances and other resources is given, along with CTP training videos. Two weeks of hyper care support is provided post-handover. + +Existing product groups can request support via SMACs, email, or Teams. The support team assesses risk, complexity, and urgency. Defects are addressed in the current sprint, assigned to the original squad. A Teams channel is created for communication between the product group, SRE engineer, solution architect, and delivery manager. Change requests or enhancements are discussed with the solution architect to integrate them into the existing account. + +Different support request types include adding VPCs, creating subnets, and managing roles/tags. Public subnets are generally restricted to production environments. The team provides guidance on using Atlantis or grant forms for self-service tasks. For urgent requests, the team assesses capacity and dependencies, potentially requiring additional approval from networking. Communication involves agreeing on timelines and providing updates through the Teams channel. Standard videos and wiki pages are shared for common requests. + --- diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-57-product-backlog-managing-demand.md.bak b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-57-product-backlog-managing-demand.md.bak new file mode 100644 index 00000000..8957d3a9 --- /dev/null +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-57-product-backlog-managing-demand.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 57 Product backlog managing demand +type: cloud-learning +source-type: video +category: DevOps & SRE/10_OpenText-Series +tags: + - Product-Backlog + - Demand-Management + - Agile + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 57_ Product backlog_ managing demand.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 57 Product backlog managing demand + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 57_ Product backlog_ managing demand.mp4` + +**Type:** VIDEO | **Category:** 10_OpenText-Series + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-6-aws-workspaces-demo.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-6-aws-workspaces-demo.md index 09c2fca5..8725b31f 100644 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-6-aws-workspaces-demo.md +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-6-aws-workspaces-demo.md @@ -1,17 +1,17 @@ --- -title: "CTP Topic 6 AWS Workspaces Demo" +title: CTP Topic 6 AWS Workspaces Demo type: cloud-learning source-type: video -category: "DevOps & SRE/10_OpenText-Series" +category: DevOps & SRE/10_OpenText-Series tags: - AWS - Workspaces - Demo - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 6_ AWS Workspaces Demo.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 6_ AWS Workspaces Demo.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 6 AWS Workspaces Demo @@ -26,7 +26,14 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## AWS Workspaces Demo + +AWS Workspaces is a solution that provides users with a desktop environment, accessible via web browser or a downloaded client application. These remote desktops can be pre-configured with specific tooling or be vanilla Windows installations. The primary goal is to provide an AWS workspace with preconfigured tooling, enabling users to become productive quickly. *The hope is that within half an hour, 45 minutes of making a request for a workspace, you've run a Terra Grunt plan against a piece of infrastructure.* + +The workspace includes tools like PF SSO, Terraform, TerraGrunt, Git, and VS Code, running on Windows Server 2016 due to Pulse UI compatibility issues with Amazon Linux. To request a workspace, users currently email Naga, who sets up an account. The process may integrate with Active Directory in the future. Users receive an email from Amazon Workspaces with setup details, including a registration code and username. + +Once logged in, users can access the AWS console using Federation, GitHub Enterprise, and generate SSH keys. *As you can see, we can successfully access GitHub Enterprise as well.* A config file is created for GitHub authentication. The demonstration included cloning a repository, authenticating PFSSO, and running a TerraGrunt plan, which was achieved in approximately 21 minutes. The workspace stays active for an hour after use and can be customized with additional tooling as needed. + --- diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-6-aws-workspaces-demo.md.bak b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-6-aws-workspaces-demo.md.bak new file mode 100644 index 00000000..84cbc44f --- /dev/null +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-6-aws-workspaces-demo.md.bak @@ -0,0 +1,51 @@ +--- +title: CTP Topic 6 AWS Workspaces Demo +type: cloud-learning +source-type: video +category: DevOps & SRE/10_OpenText-Series +tags: + - AWS + - Workspaces + - Demo + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 6_ AWS Workspaces Demo.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 6 AWS Workspaces Demo + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 6_ AWS Workspaces Demo.mp4` + +**Type:** VIDEO | **Category:** 10_OpenText-Series + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-65-tracing-the-value-delivered-in-cloud-transformation.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-65-tracing-the-value-delivered-in-cloud-transformation.md index a31ee36b..1b36753e 100644 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-65-tracing-the-value-delivered-in-cloud-transformation.md +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-65-tracing-the-value-delivered-in-cloud-transformation.md @@ -1,16 +1,16 @@ --- -title: "CTP Topic 65 Tracing the value delivered in Cloud Transformation" +title: CTP Topic 65 Tracing the value delivered in Cloud Transformation type: cloud-learning source-type: video -category: "DevOps & SRE/10_OpenText-Series" +category: DevOps & SRE/10_OpenText-Series tags: - Value-Tracing - Cloud-Transformation - CTP date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 65_ Tracing the value delivered in Cloud Transformation.mp4" +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 65_ Tracing the value delivered in Cloud Transformation.mp4 audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # CTP Topic 65 Tracing the value delivered in Cloud Transformation @@ -25,7 +25,20 @@ status: raw ## 摘要 -> 待转录后由 LLM 生成 +> ## CTP Value Delivery + +The presentation covers processes, value, value streams, benefits quantification, and prioritization of CTP work using the weighted shortest job first method. It also touches on breaking down value into component features and outlines next steps for capturing and utilizing value. + +A process is a methodical set of steps designed to achieve a specific output and outcome, driven by inputs like data, resources, time, money, and know-how. Processes transform inputs into outputs and outcomes, with actions triggered by events like month-end or sprint planning. Outcomes can be hard (time, cost, quality) or soft (improved health, wellbeing, security). *A simple way of thinking of an outcome is that there's usually going to be a desirable change in some important attribute or indicator.* + +Value is defined as the monetary worth of something, determined by the customer, involving a fair return or equivalent goods. Lean identifies three types of activity within a process: value-adding, value-enabling, and waste. Value streams are sets of activities that deliver a product or service to a customer. Scaled Agile defines operational value streams (OVS) for customer-facing solutions and development value streams (DVS) for internal products. + +To capture value, a holistic framework is needed, considering financial, productivity, quality, and experience benefits. The focus should be on revenue increase, cost reduction, risk position improvement, and serviceable obtainable market (SOM) size. For each demand, the demand manager captures these five things from the product team. Financial figures should be annualized. The size of the job is obtained from the delivery manager. *What we want to do is deliver the maximum value early back into the business for the least amount of effort.* + +The weighted shortest job first method prioritizes work based on cost of delay (business value + time criticality + risk and opportunity) divided by size of job. This method helps sequence work for maximum economic benefit. To break down value at a feature level, options include attributing all value to a single feature, evenly apportioning value across features, or unevenly apportioning based on criteria like reach, impact, or effort. + +Next steps involve demand managers capturing business benefits from product teams for new demands. Product teams should identify business benefits and provide estimates for business value, risk, opportunity, and time criticality. The goal is to sequence CTP work for maximum economic benefit, learning and fine-tuning the process as it's implemented. + --- diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-65-tracing-the-value-delivered-in-cloud-transformation.md.bak b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-65-tracing-the-value-delivered-in-cloud-transformation.md.bak new file mode 100644 index 00000000..af708d93 --- /dev/null +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/ctp-topic-65-tracing-the-value-delivered-in-cloud-transformation.md.bak @@ -0,0 +1,50 @@ +--- +title: CTP Topic 65 Tracing the value delivered in Cloud Transformation +type: cloud-learning +source-type: video +category: DevOps & SRE/10_OpenText-Series +tags: + - Value-Tracing + - Cloud-Transformation + - CTP +date-added: 2026-04-14 +video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 65_ Tracing the value delivered in Cloud Transformation.mp4 +audio-source: "" +status: raw +--- + +# CTP Topic 65 Tracing the value delivered in Cloud Transformation + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 65_ Tracing the value delivered in Cloud Transformation.mp4` + +**Type:** VIDEO | **Category:** 10_OpenText-Series + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-applicable-business-analysis-techniques-20240109-.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-applicable-business-analysis-techniques-20240109-.md index 78b15909..1450ae9f 100644 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-applicable-business-analysis-techniques-20240109-.md +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-applicable-business-analysis-techniques-20240109-.md @@ -9,7 +9,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- Applicable Business Analysis Techniques - 20240109_160114-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions- Applicable Business Analysis Techniques - 20240109 160114-Meeting Recording @@ -22,28 +22,24 @@ status: raw --- -## 摘要 +## Business Analysis Techniques Learning Session -> 待转录后由 LLM 生成 +This learning session introduces business analysis, T-shaped skill sets, and learning resources. It focuses on three techniques for defining new work: BOSCARD (Background, Objectives, Scope, Constraints, Assumptions, Risks, Roles, Deliverables), the stakeholder wheel, and a method for gathering requirements that combines agile user stories with metadata. ---- +Business analysis aligns business needs with change solutions, considering IT and process changes, training, and role shifts. The business analysis process involves investigating the current situation, analyzing needs, identifying solutions, evaluating options, and defining requirements. Benefits include clarity and consistency. *Business analysis helps us work out what changes will be beneficial in our business architecture, including changes to IST systems and defining the requirements for those changes.* -## 关键概念 +T-shaped skills are valuable in agile squads, combining core expertise with a broad understanding of related skills. Business analysis skills bridge the gap between business problems and technical solutions. Resources for learning business analysis include the BCS and IIBA curriculums. -- +### BOSCARD Technique ---- +BOSCARD defines complex new work by clarifying background, objectives, scope, constraints, assumptions, risks, roles, and deliverables. It helps avoid confusion about goals, timelines, and deliverables. *If you can get scope tied down early on and agreed, that's priceless.* -## 行动项 +### Stakeholder Wheel -- +The stakeholder wheel identifies all stakeholders for a project, including customers, partners, regulators, employees, managers, owners, and competitors. Identifying stakeholders early prevents changes and uncovers risks. The wheel starts with the customer and moves clockwise. Stakeholder analysis can involve mapping stakeholders on a power/influence grid or creating a RACI (Responsible, Accountable, Consulted, Informed) chart. ---- +### Requirements Gathering -## 相关视频 +Combining user stories with metadata adds rigor to requirements capture. User stories capture the what, who, and why, but lack versioning, dependencies, and traceability. The Scaled Agile Framework (SAFe) includes features, capabilities, and non-functional requirements in addition to stories. -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +A detailed Excel sheet example captures requirements for a garage business, including user stories, versioning, dependencies, traceability, scheduling, acceptance criteria, and categorization (business, technical, functional). The INVEST acronym (Independent, Negotiable, Valuable, Estimable, Small, Testable) is used to check requirements. *Every requirement should be independent, meaning not duplicating something else, that's the I in invest, negotiable, so the business should state what they need, but be open to how it's implemented.* diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-applicable-business-analysis-techniques-20240109-.md.bak b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-applicable-business-analysis-techniques-20240109-.md.bak new file mode 100644 index 00000000..78b15909 --- /dev/null +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-applicable-business-analysis-techniques-20240109-.md.bak @@ -0,0 +1,49 @@ +--- +title: "Public Cloud Learning Sessions- Applicable Business Analysis Techniques - 20240109 160114-Meeting Recording" +type: cloud-learning +source-type: video +category: "DevOps & SRE/10_OpenText-Series" +tags: + - Business-Analysis + - Techniques +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- Applicable Business Analysis Techniques - 20240109_160114-Meeting Recording.mp4" +audio-source: "" +status: raw +--- + +# Public Cloud Learning Sessions- Applicable Business Analysis Techniques - 20240109 160114-Meeting Recording + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- Applicable Business Analysis Techniques - 20240109_160114-Meeting Recording.mp4` + +**Type:** VIDEO | **Category:** 10_OpenText-Series + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-aws-end-user-compute-services-20240430-160120-mee.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-aws-end-user-compute-services-20240430-160120-mee.md index 1350d2c6..767b1b9f 100644 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-aws-end-user-compute-services-20240430-160120-mee.md +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-aws-end-user-compute-services-20240430-160120-mee.md @@ -10,7 +10,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- AWS end user compute services - 20240430_160120-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions- AWS end user compute services - 20240430 160120-Meeting Recording @@ -23,28 +23,31 @@ status: raw --- -## 摘要 +## AWS and User Compute Services -> 待转录后由 LLM 生成 +Christian O'Donough from AWS presented a learning session on AWS and user compute (EUC) services, covering virtual desktops, application streaming, and security considerations. The session aimed to provide an introduction to AWS EUC services, explain how to decide which service is best, and discuss security aspects of Amazon Workspaces and AppStream 2.0. ---- +The global pandemic accelerated the shift to remote and hybrid work models, requiring organizations to adapt quickly. Modern workforces include diverse users with varying needs, from task workers to knowledge workers, using both company-issued and personal devices. IT organizations face challenges in maintaining productivity, ensuring security, and managing costs in this hybrid environment. AWS EUC portfolio addresses these challenges with virtual desktops and application streaming services. -## 关键概念 +AWS offers several EUC options: +* **Workspaces and AppStream 2.0:** All-inclusive virtual desktop services, differing in persistence. Workspaces are fully persistent, while AppStream 2.0 offers selective persistence. +* **Workspace Core:** Provides access to Workspaces VDI infrastructure via API for third-party solutions like Horizon View or Citrix. +* **Workspace Web:** A low-cost, secure web browser for internal websites and SaaS applications. +* **AppStream 2.0:** A secure, reliable, and scalable solution for streaming applications from any location. +* *AppStream 2.0 is a great low cost alternative for customers that don't require a fully persistent desktop.* -- +The choice of service depends on the use case. Workspaces suit knowledge workers needing a full desktop, while AppStream is suitable for labs, training, and bastion hosts. Workspace Web is ideal for secure browsing. Fully persistent desktops (Workspaces) offer a one-to-one instance management, where application states and settings persist between sessions. Non-persistent desktops (AppStream) provide a fresh desktop at each logon, with options for creating application and storage connectors for some persistence. ---- +Operational excellence considerations include OS requirements. Workspaces supports Ubuntu and Windows, while AppStream is exploring other Linux flavors. AppStream instances are created from a base image, simplifying application management. Workspaces are deployed from bundles, allowing users to install applications with appropriate permissions. Monitoring is supported through CloudWatch events and third-party agents. -## 行动项 +Reliability considerations include autonomy, user configuration persistence (Workspaces), and network latency. WSP protocol is designed for high-latency networks. Disaster recovery strategies involve building out workspaces in another region or utilizing AppStream's auto-scaling capabilities. -- +Performance-wise, all services support cut and paste with configurable policies. AppStream supports file uploads/downloads and offers a Windows client for native application support. Workspaces support smart cards, webcams, and various native clients. Hardware requirements vary, with AppStream offering more instance types. ---- +Cost optimization is achieved through concurrency of use (AppStream) and auto-stop features (Workspaces). A newer multi-tenant approach for AppStream allows multiple users per instance. Security measures include Active Directory integration, encryption, IAM profiles, and device authentication. *With so many remote workers organizations are struggling to protect endpoints, as well as their IP and data from bad actors.* -## 相关视频 +Workspaces maximize agility, productivity, security, and reliability while controlling costs. It suits hybrid workforces, BYOD users, developers, and compute-intensive workloads. The architecture involves a service VPC (managed by AWS) and a customer VPC, with two network interfaces for each workspace. -> 配对视频笔记链接(生成后填入) +AppStream offers application streaming and virtual desktops with selective persistence. It allows centralized app management, flexible hardware types, and branding options for ISVs. Use cases include non-persistent desktops, secure access to corporate resources, online trials, and cloud migrations. Admins can control file movement to limit data transfer. ---- - -*最后更新: 2026-04-14* +Maintaining a strong security posture involves secure streaming protocols, built-in data protection policies, device certificates, multi-factor authentication, and VPC interface endpoints. SAML-based authentication enhances security and streamlines user experience. diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-aws-end-user-compute-services-20240430-160120-mee.md.bak b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-aws-end-user-compute-services-20240430-160120-mee.md.bak new file mode 100644 index 00000000..1350d2c6 --- /dev/null +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-aws-end-user-compute-services-20240430-160120-mee.md.bak @@ -0,0 +1,50 @@ +--- +title: "Public Cloud Learning Sessions- AWS end user compute services - 20240430 160120-Meeting Recording" +type: cloud-learning +source-type: video +category: "DevOps & SRE/10_OpenText-Series" +tags: + - AWS + - End-User-Computing + - Workspaces +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- AWS end user compute services - 20240430_160120-Meeting Recording.mp4" +audio-source: "" +status: raw +--- + +# Public Cloud Learning Sessions- AWS end user compute services - 20240430 160120-Meeting Recording + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- AWS end user compute services - 20240430_160120-Meeting Recording.mp4` + +**Type:** VIDEO | **Category:** 10_OpenText-Series + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-evolving-from-dr-to-recovery-assurance-2.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-evolving-from-dr-to-recovery-assurance-2.md index c0236418..1996a6bf 100644 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-evolving-from-dr-to-recovery-assurance-2.md +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-evolving-from-dr-to-recovery-assurance-2.md @@ -11,7 +11,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText) - Evolving from DR to Recovery Assurance - 20240723_160210-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions (OpenText) - Evolving from DR to Recovery Assurance - 20240723 160210-Meeting Recording @@ -24,28 +24,12 @@ status: raw --- -## 摘要 +The learning session focuses on evolving disaster recovery (DR) mechanisms to recovery assurance, presented by Jim Rose. The primary objectives include understanding the current state of DR for OpenText solutions and the trend toward site reliability engineering (SRE) and observability engineering to enhance recovery assurance. -> 待转录后由 LLM 生成 +Jim Rose discusses the CrowdStrike incident, where a software vulnerability caused widespread system outages, emphasizing the importance of robust DR strategies. *CrowdStrike was not us, but we have had some disruptions.* He highlights past incidents like the 2003 Power Grid outage and the 2017 WannaCry ransomware attack to illustrate potential disaster impacts. OpenText has experienced incidents, driving the need for improved end-to-end system management. ---- +Key DR terms include Recovery Time Objective (RTO), the time to restore services after an event, and Recovery Point Objective (RPO), the amount of data that might be lost. OpenText's RTO and RPO vary from minutes to days based on customer contracts. Testing is often reactive, manual, and customer-scheduled, involving many teams and significant effort. *Every person who is a SME on some part of this has to be involved in developing a plan.* The company aims to shift to a more proactive stance for better scalability. -## 关键概念 +Several factors are driving change, including the increasing use of AWS, GCP, and Azure for hosting solutions. Testing in hyperscalers has limitations, such as focusing on zone failures rather than other potential issues. Hybrid solutions, where only part of the service can be failed over, pose additional challenges. The current model lacks a consistent approach across the organization, especially for systems that have not been tested. -- - ---- - -## 行动项 - -- - ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +The discussion covers four key areas: design, software, build, and environments. Recoverability should be a design principle, with mechanisms for data and environment recovery conceived early. Software should provide telemetry to understand system health continuously, with self-healing capabilities. The build process should include a customer zero environment for validating new products and releases. Environments should leverage observability engineering and SRE to improve resilience and capacity. Automation is seen as a future opportunity to reduce manual effort and time delays in DR processes. diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-evolving-from-dr-to-recovery-assurance-2.md.bak b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-evolving-from-dr-to-recovery-assurance-2.md.bak new file mode 100644 index 00000000..c0236418 --- /dev/null +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-evolving-from-dr-to-recovery-assurance-2.md.bak @@ -0,0 +1,51 @@ +--- +title: "Public Cloud Learning Sessions (OpenText) - Evolving from DR to Recovery Assurance - 20240723 160210-Meeting Recording" +type: cloud-learning +source-type: video +category: "DevOps & SRE/10_OpenText-Series" +tags: + - OpenText + - DR + - Recovery + - BCP +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText) - Evolving from DR to Recovery Assurance - 20240723_160210-Meeting Recording.mp4" +audio-source: "" +status: raw +--- + +# Public Cloud Learning Sessions (OpenText) - Evolving from DR to Recovery Assurance - 20240723 160210-Meeting Recording + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText) - Evolving from DR to Recovery Assurance - 20240723_160210-Meeting Recording.mp4` + +**Type:** VIDEO | **Category:** 10_OpenText-Series + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-github-enterprise-to-gitlab-migration-20.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-github-enterprise-to-gitlab-migration-20.md index 1d981069..944d5eff 100644 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-github-enterprise-to-gitlab-migration-20.md +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-github-enterprise-to-gitlab-migration-20.md @@ -11,7 +11,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText) - GitHub Enterprise to GitLab migration - 20240625_170052-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions (OpenText) - GitHub Enterprise to GitLab migration - 20240625 170052-Meeting Recording @@ -24,28 +24,21 @@ status: raw --- -## 摘要 +## GitHub Enterprise to GitLab Migration -> 待转录后由 LLM 生成 +The session covers the migration of source code from GitHub Enterprise to GitLab, driven by the company's decision to standardize on GitLab as the golden standard for source control. The GitHub license is expiring at the end of December, with no intention to renew, while the GitLab license covers up to 8,500 users. The migration approach is self-serve, with teams defining their needs and transforming their pipelines, with assistance from the Build Hub team when needed. ---- +Key points include: -## 关键概念 +* Project Thor aims to integrate micro-focus and open-text tooling, with GitLab as the centralized system for source control. +* The Build Hub team manages central tools like GitLab and provides support for software delivery pipelines. +* *Each team will define what they have in GitHub today, how they're using it, and they will plan to move it and change their pipelines.* +* Definition of done includes code migration, pipeline transformation, and updating PHT (Product Hub platform). +* Permissions for source repos in GitLab will be controlled by PHT, allowing self-service access management. +* Personal repos are allowed in GitLab but should not contain product source code and will not be mapped in PHT. -- +Migration approaches include mirroring (synchronizing GitHub repo to GitLab) and shift and lift (copying code to GitLab and transforming pipelines). Tracking will be done via PHT, with regular updates to dev managers and build advocates. Planning guidelines include inventorying GitHub assets, identifying pipelines, and understanding network connectivity. ---- +A significant challenge is the service account standard, requiring service accounts to be linked to a person, with expiring passwords. Other standards include repo naming conventions and segregation of duties. Network connectivity challenges were addressed by creating a GitLab proxy in Brook Park, accessible through SD1. *The current solution that is working and is efficient and is actually reporting to scale.* Commercial instances connecting to GitLab may require an exception from the GIS team. -## 行动项 - -- - ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +Implementation steps involve installing GitLab plugins, getting early access to GitLab, mapping repos to PHT, setting up service accounts, and updating pipelines. The session also touched on the importance of testing network connectivity before planning the migration. diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-github-enterprise-to-gitlab-migration-20.md.bak b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-github-enterprise-to-gitlab-migration-20.md.bak new file mode 100644 index 00000000..1d981069 --- /dev/null +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-github-enterprise-to-gitlab-migration-20.md.bak @@ -0,0 +1,51 @@ +--- +title: "Public Cloud Learning Sessions (OpenText) - GitHub Enterprise to GitLab migration - 20240625 170052-Meeting Recording" +type: cloud-learning +source-type: video +category: "DevOps & SRE/10_OpenText-Series" +tags: + - GitHub + - GitLab + - Migration + - OpenText +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText) - GitHub Enterprise to GitLab migration - 20240625_170052-Meeting Recording.mp4" +audio-source: "" +status: raw +--- + +# Public Cloud Learning Sessions (OpenText) - GitHub Enterprise to GitLab migration - 20240625 170052-Meeting Recording + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText) - GitHub Enterprise to GitLab migration - 20240625_170052-Meeting Recording.mp4` + +**Type:** VIDEO | **Category:** 10_OpenText-Series + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-product-hub-pht-overview-and-qa-20240806.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-product-hub-pht-overview-and-qa-20240806.md index deaf9644..92b08681 100644 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-product-hub-pht-overview-and-qa-20240806.md +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-product-hub-pht-overview-and-qa-20240806.md @@ -10,7 +10,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- Product Hub (PHT) Overview and Q&A - 20240806_170251-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions (OpenText)- Product Hub (PHT) Overview and Q&A - 20240806 170251-Meeting Recording @@ -23,28 +23,12 @@ status: raw --- -## 摘要 +## Product Hub (PhD) Overview and Q&A -> 待转录后由 LLM 生成 +The session provides an overview of the Product Hub (PhD), also known as the Product Hierarchy Tracker. PhD gathers product-related information, driven by product or development managers. It stores official products and their divisions, including business units and lines of business, differing from master products in the official product naming registry. ---- +A product is a software distribution with its own CI/CD pipeline or release cycle. *A product may also be part of another parent product, but if that particular product has its own cycle, like its own CACD pipeline or its own distribution, then we may treat that particular component or module as a product in PhD.* Each product consists of metadata like attributes, source reports, artifact reports, and user information, integrated into external applications like PSMQ, P2M, ITLS, and Backstage. Components are libraries without CI/CD pipelines and may or may not be part of a product. If a component needs ITLS review or scanning, it should be created as a product. -## 关键概念 +PhD has hierarchy levels: business units, lines of business, and products. Business units have engineering and PM leaders, while lines of business have owners and PM leaders. Products are managed by product and development managers and relate to a master product. Requesting a new product is a self-serve process; after submission, it goes to LOB approval, where the line of business owner reviews it. Active products have regular releases; maintenance mode indicates only hotfixes or bug fixes, and inactive means no releases. Product information includes business unit, line of business, product name, product manager, development manager, and status. Attributes store metadata like alternate names, build advocates, and release gate mechanisms (e.g., P2M). Source and artifact repos are mapped for source control permissions, managed through PhD. Related products and components specify relationships, with source repo permissions shared to child products with read-only access. -- - ---- - -## 行动项 - -- - ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +PhD integrates with applications like Jira, Value Edge, PSMQ, and OSS. Source repo creation in GitLab takes 24 hours to reflect in PhD, and empty groups/repositories cannot be searched. Artifact repo permissions are enabled for new structures. For product name/status changes, contact erphd@opentext.com; for technical questions, contact aangetoolsupport@opentext.com. The demo covered filtering products, hierarchy levels (business units, lines of business, master products, products), and creating new products. *Requesting for a new product is a self-serve process.* The process includes filling in BU, LOB, product name, and manager information. Attributes like release gate mechanism are mandatory. Source repos and artifact repos can be mapped, with source repo ownership taken by the product. Dependencies can be specified, and product teams/guests can be mapped for access control. Teams can be created with engineering (right access) or moderator (maintainer access) types. Components are created by role managers and do not have CI/CD pipelines or approval processes. diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-product-hub-pht-overview-and-qa-20240806.md.bak b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-product-hub-pht-overview-and-qa-20240806.md.bak new file mode 100644 index 00000000..deaf9644 --- /dev/null +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-product-hub-pht-overview-and-qa-20240806.md.bak @@ -0,0 +1,50 @@ +--- +title: "Public Cloud Learning Sessions (OpenText)- Product Hub (PHT) Overview and Q&A - 20240806 170251-Meeting Recording" +type: cloud-learning +source-type: video +category: "DevOps & SRE/10_OpenText-Series" +tags: + - Product-Hub + - PHT + - OpenText +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- Product Hub (PHT) Overview and Q&A - 20240806_170251-Meeting Recording.mp4" +audio-source: "" +status: raw +--- + +# Public Cloud Learning Sessions (OpenText)- Product Hub (PHT) Overview and Q&A - 20240806 170251-Meeting Recording + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- Product Hub (PHT) Overview and Q&A - 20240806_170251-Meeting Recording.mp4` + +**Type:** VIDEO | **Category:** 10_OpenText-Series + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-product-hub-pht-overview-and-qa-importan.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-product-hub-pht-overview-and-qa-importan.md deleted file mode 100644 index 7bd2188c..00000000 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-product-hub-pht-overview-and-qa-importan.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: "Public Cloud Learning Sessions (OpenText) - Product Hub (PHT) Overview and Q&A important information - 20240806 170251" -type: cloud-learning -source-type: pptx -category: "DevOps & SRE/10_OpenText-Series" -tags: - - uncategorized -date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText) - Product Hub (PHT) Overview and Q&A important information - 20240806_170251.pptx" -audio-source: "" -status: raw ---- - -# Public Cloud Learning Sessions (OpenText) - Product Hub (PHT) Overview and Q&A important information - 20240806 170251 - -**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText) - Product Hub (PHT) Overview and Q&A important information - 20240806_170251.pptx` - -**Type:** PPTX | **Category:** 10_OpenText-Series - -**Status:** 🟡 Awaiting Whisper transcription → Summary - ---- - -## 摘要 - -> 待转录后由 LLM 生成 - ---- - -## 关键概念 - -- - ---- - -## 行动项 - -- - ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-meet.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-meet.md index 581ce0d6..b6a4cca0 100644 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-meet.md +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-meet.md @@ -9,7 +9,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- OpenText Tagging Standard v2 - 20250429_170111-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions- OpenText Tagging Standard v2 - 20250429 170111-Meeting Recording @@ -22,28 +22,33 @@ status: raw --- -## 摘要 +## Open Text Tagging Standard V2 -> 待转录后由 LLM 生成 +Martin Rosler presented the Open Text Tagging Standard V2, emphasizing the value of standardized tags for cloud resources, container images, and Kubernetes objects. The session aimed to increase awareness of the tagging standard and prepare attendees to apply compliant tags. ---- +The three main drivers for the standard are: +* Saving money through cloud cost optimization. +* Reducing risk by easily identifying technical contacts for resources. +* Improving efficiency via automation using tags as filters and selectors. -## 关键概念 +*It is about taking resources and you will learn more in the presentation about what kinds of object and what exactly and so on.* The standard helps with cost allocation, improved security and compliance, cloud service delivery, and resource organization. Currently, Open Text manages around 3,500 cloud accounts across 48 landing zone types, highlighting the need for consistency. The tagging standard, initiated in 2023 by the Phenops team, now includes guidelines for Kubernetes objects and container images. -- +The scope of the tagging standard includes cloud accounts, cloud resources (compute, storage, network), Kubernetes objects (namespaces, pods, deployments, services, config maps), and container images. The standard is complementary to existing tagging practices, encouraging the adoption of standard tags alongside proprietary ones, with a gradual deprecation of the latter. ---- +Key concepts include: +* Using a specific lowercase syntax with underscores for cloud resources. +* Prefixing tags to ensure unambiguous semantics (e.g., OT\_ for cloud tags, app.opentext.com for Kubernetes labels, com.opentext.image for container image tags). +* Defining the terms customer and tenant clearly, where customer refers to the company being hosted for, and tenant represents the contractual agreement or software instance. +* Distinguishing between environment (Open Text's perspective) and service instance (customer's perspective). -## 行动项 +The Wiki page provides details on proposed tags, including definitions, applicability, and permitted values. Examples of tags for cloud accounts and resources include OT business unit (OTPU) and OT technical contact. Kubernetes objects have similar tags like product, customer, and environment, along with Kubernetes-specific tags like part of, name, and version. Container images include tags for product, title, description, and vendor, with special labels for base images and their versions. -- +*Texts are key value pairs that typically have a tag key and an optionally a key value, which you can attach to cloud resources, cloud accounts, container images, Kubernetes objects and other things.* ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +Best practices for applying tags include: +* Using infrastructure as code (e.g., Terraform) to automate tag creation and maintenance. +* Creating checks and reports to detect missing tags. +* Avoiding storing sensitive data in tags. +* Being cautious about mandating tags for easily derivable information (e.g., region, account ID). +* Handling indirect creation of resources (e.g., Kubernetes creating load balancers) using annotations. +* Being careful with tags that frequently change to minimize maintenance overhead. diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-pres.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-meet.md.bak similarity index 78% rename from knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-pres.md rename to knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-meet.md.bak index 07c66e02..581ce0d6 100644 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-pres.md +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-meet.md.bak @@ -1,23 +1,22 @@ --- -title: "Public Cloud Learning Sessions- OpenText Tagging Standard v2 - 20250429 170111-Presentation" +title: "Public Cloud Learning Sessions- OpenText Tagging Standard v2 - 20250429 170111-Meeting Recording" type: cloud-learning -source-type: pdf +source-type: video category: "DevOps & SRE/10_OpenText-Series" tags: - OpenText - Tagging-Standard - - Presentation date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- OpenText Tagging Standard v2 - 20250429_170111-Presentation.pdf" +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- OpenText Tagging Standard v2 - 20250429_170111-Meeting Recording.mp4" audio-source: "" status: raw --- -# Public Cloud Learning Sessions- OpenText Tagging Standard v2 - 20250429 170111-Presentation +# Public Cloud Learning Sessions- OpenText Tagging Standard v2 - 20250429 170111-Meeting Recording -**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- OpenText Tagging Standard v2 - 20250429_170111-Presentation.pdf` +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- OpenText Tagging Standard v2 - 20250429_170111-Meeting Recording.mp4` -**Type:** PDF | **Category:** 10_OpenText-Series +**Type:** VIDEO | **Category:** 10_OpenText-Series **Status:** 🟡 Awaiting Whisper transcription → Summary diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-thor-platform-flows-20241210-160056-meet.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-thor-platform-flows-20241210-160056-meet.md index b4c54a71..3bbbfe32 100644 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-thor-platform-flows-20241210-160056-meet.md +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-thor-platform-flows-20241210-160056-meet.md @@ -10,7 +10,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- Thor Platform & Flows - 20241210_160056-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions (OpenText)- Thor Platform & Flows - 20241210 160056-Meeting Recording @@ -23,28 +23,10 @@ status: raw --- -## 摘要 +## Platform and Flows: A Summary -> 待转录后由 LLM 生成 +Arnold Dacan presented an overview of the platform and its data flows, including updates on the foreign store platform system layout using on source build related data flows, tool to tool data flow, source code data flow, and artifacts data flow. The session covered Project Thor, supply chain security, and the current tooling landscape. The presentation emphasized the importance of standardization, consolidation, and automation to improve developer experience and security. ---- +Key discussion points included the five pillars of Project Thor: agile and right cycle management, product and release governance, the developer portal (backstage), security and vice as governance, and build hub. The goal is to standardize tooling across the platform, integrating governance models and promoting tools like GitLab, Artifactory, and various internal tools. *The main ingredient in the supply chain is our source code, our IP that is intended to live in GitLab.* The presentation highlighted the current state of the source and build supply chain, emphasizing the flow of source code from GitLab through the manufacturing process (build farms) to Artifactory and ultimately to customer environments. -## 关键概念 - -- - ---- - -## 行动项 - -- - ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +The presentation detailed the geographical distribution of engineering resources, highlighting the distinction between the legacy Micro Focus network and the OpenText network. The main presence for tooling, source, and build is in Brook Park, with expansions to Sacramento for disaster recovery and business continuity. Data flows for source code, artifacts, and tool-to-tool connections were explained, including the role of GitLab proxies, GitLab geo for business continuity, and code signing processes. *We are trying to standardize in get lab, anti factory, PMS and UCMDB are back end services with started to grow and will grow further for supply chain security.* The session concluded with a look at the next phase of Project Thor, focusing on saving engineers time, enhancing supply chain security, and creating a seamless, integrated platform. diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-thor-platform-flows-20241210-160056-pres.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-thor-platform-flows-20241210-160056-meet.md.bak similarity index 77% rename from knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-thor-platform-flows-20241210-160056-pres.md rename to knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-thor-platform-flows-20241210-160056-meet.md.bak index 07adb886..b4c54a71 100644 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-thor-platform-flows-20241210-160056-pres.md +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-opentext-thor-platform-flows-20241210-160056-meet.md.bak @@ -1,24 +1,23 @@ --- -title: "Public Cloud Learning Sessions (OpenText)- Thor Platform & Flows - 20241210 160056-Presentation" +title: "Public Cloud Learning Sessions (OpenText)- Thor Platform & Flows - 20241210 160056-Meeting Recording" type: cloud-learning -source-type: pdf +source-type: video category: "DevOps & SRE/10_OpenText-Series" tags: - Thor - Platform - OpenText - - Presentation date-added: 2026-04-14 -video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- Thor Platform & Flows - 20241210_160056-Presentation.pdf" +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- Thor Platform & Flows - 20241210_160056-Meeting Recording.mp4" audio-source: "" status: raw --- -# Public Cloud Learning Sessions (OpenText)- Thor Platform & Flows - 20241210 160056-Presentation +# Public Cloud Learning Sessions (OpenText)- Thor Platform & Flows - 20241210 160056-Meeting Recording -**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- Thor Platform & Flows - 20241210_160056-Presentation.pdf` +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- Thor Platform & Flows - 20241210_160056-Meeting Recording.mp4` -**Type:** PDF | **Category:** 10_OpenText-Series +**Type:** VIDEO | **Category:** 10_OpenText-Series **Status:** 🟡 Awaiting Whisper transcription → Summary diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-tagging-standards-for-all-hyperscalers-20240123-1.md b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-tagging-standards-for-all-hyperscalers-20240123-1.md index 3672a78a..f2bdfa81 100644 --- a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-tagging-standards-for-all-hyperscalers-20240123-1.md +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-tagging-standards-for-all-hyperscalers-20240123-1.md @@ -12,7 +12,7 @@ tags: date-added: 2026-04-14 video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- Tagging Standards for all hyperscalers - 20240123_160135-Meeting Recording.mp4" audio-source: "" -status: raw +status: summarized (Gemini 摘要) --- # Public Cloud Learning Sessions- Tagging Standards for all hyperscalers - 20240123 160135-Meeting Recording @@ -21,32 +21,19 @@ status: raw **Type:** VIDEO | **Category:** 10_OpenText-Series -**Status:** 🟡 Awaiting Whisper transcription → Summary --- -## 摘要 +## Open Text Tagging Standards for Hyperscalers -> 待转录后由 LLM 生成 +The aim is to establish a tagging standard across all of Open Text to optimize hyperscaler costs (AWS, GCP, and Azure), which are projected to be around $500 million over the next three years. Reducing cloud waste from an industry average of 30% to 15% could save approximately $25 million annually and improve sustainability. A formal finance organization led by Tom Bice is focused on providing reporting across the business, requiring detailed annotation of resources and accounts through tagging. ---- +Tagging is essential for cost allocation, optimization, resource responsibility, and classifying resources (production, labs, customer data). The tagging pipeline involves enabling specific tags for billing in the billing console, which then includes the value of those tags in the cost and usage report (CUR) for reporting via HCMX, Phenops, QuickSight, and Power BI. Consistency in tagging is crucial to avoid ad hoc tag mapping, which is difficult to manage and doesn't compensate for untagged resources. *If we can agree the tags that need to go here, we don't have to do this and we can get out the analysis results.* -## 关键概念 +The goals of the Open Text tagging standard include supporting key business reporting, applying to all Open Text accounts across all hyperscalers, and being practical for quick implementation. The standard uses the terms tag and account (label and project in GCP). Due to the varying implementations of tagging across hyperscalers, the standard adopts the lowest common denominator, which is GCP's restrictive character set (lowercase, digits, hyphens, and underscores). Many concepts apply at both the account and resource level, using the same tag name and value set. Tags are prefixed with OT_ to differentiate them, with exceptions for existing tags like environment, BU, and cost center, and special cases like name in AWS. -- +The standard was developed over three months with input from a working group and other contributors and was approved on October 3rd of last year. Tags that are not required are those easily obtained directly for FINOPs or UCMDB collection, such as account, region, hyperscaler, and resource name. Proposed tags include business unit (BU), OT technical contact, cost center, customer, tenant, environment, OT master product, custom fields, platform, cost type, and customer data. The standard is currently on Confluence, and access can be provided if needed. ---- +Implementation involves piloting with product teams to refine the standard and ensure it delivers value in FinOps. Tagging is currently owned by FinOps, with coordination to ensure results and address any issues. A list of product short codes and business units will be maintained in Confluence, backed by Excel, until a proper product hub implementation is available. Future plans include implementing a tagging dictionary and potentially forming a committee to govern the standard. A KPI for tagging, such as 99% of taggable resources being tagged, may be enforced via SCPs or tagging policies. -## 行动项 - -- - ---- - -## 相关视频 - -> 配对视频笔记链接(生成后填入) - ---- - -*最后更新: 2026-04-14* +There's a history of tagging in Micro Focus, with tags specified by the network team for the checkpoint firewall and tags related to the CCRE guardrails. The checkpoint firewall currently references only account number and role, while the CCRE guardrails have a more extensive list. Rationalizing tagging policies and SCPs is ongoing to simplify administration and enforcement. Setting tags is typically done using Terraform, with modules like AWS instance module having a tags parameter. Default tags can be included in the provider definition for easy application across resources. *Typically what you do is almost every module that you've got inside Terraform, so like the AWS instance module there, there's a tags parameter that you could use.* diff --git a/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-tagging-standards-for-all-hyperscalers-20240123-1.md.bak b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-tagging-standards-for-all-hyperscalers-20240123-1.md.bak new file mode 100644 index 00000000..3672a78a --- /dev/null +++ b/knowledgebase/DevOps & SRE/10_OpenText-Series/public-cloud-learning-sessions-tagging-standards-for-all-hyperscalers-20240123-1.md.bak @@ -0,0 +1,52 @@ +--- +title: "Public Cloud Learning Sessions- Tagging Standards for all hyperscalers - 20240123 160135-Meeting Recording" +type: cloud-learning +source-type: video +category: "DevOps & SRE/10_OpenText-Series" +tags: + - Tagging-Standard + - AWS + - Azure + - GCP + - FinOps +date-added: 2026-04-14 +video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- Tagging Standards for all hyperscalers - 20240123_160135-Meeting Recording.mp4" +audio-source: "" +status: raw +--- + +# Public Cloud Learning Sessions- Tagging Standards for all hyperscalers - 20240123 160135-Meeting Recording + +**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions- Tagging Standards for all hyperscalers - 20240123_160135-Meeting Recording.mp4` + +**Type:** VIDEO | **Category:** 10_OpenText-Series + +**Status:** 🟡 Awaiting Whisper transcription → Summary + +--- + +## 摘要 + +> 待转录后由 LLM 生成 + +--- + +## 关键概念 + +- + +--- + +## 行动项 + +- + +--- + +## 相关视频 + +> 配对视频笔记链接(生成后填入) + +--- + +*最后更新: 2026-04-14* diff --git a/openclaw/Agents/Agent-TOOLS-章节权限矩阵.md b/openclaw/Agents/Agent-TOOLS-章节权限矩阵.md index 87630ae5..6b806e2e 100644 --- a/openclaw/Agents/Agent-TOOLS-章节权限矩阵.md +++ b/openclaw/Agents/Agent-TOOLS-章节权限矩阵.md @@ -10,7 +10,8 @@ tags: [] # Agent TOOLS 章节权限矩阵 -> 更新时间:2026-04-13 +> 更新时间:2026-04-15 +> 2026-04-15: 新增第23章 yt-dlp,分配给全部 Agent > 2026-04-13: 新增第22章 Claude Code,分配给全部7个Agent > 2026-04-13: 星枢(xingshu)工作目录变更为 workspace-agent-xingshu,agentId 从 main 改为 xingshu > 2026-04-11: 新增玄策(xuance),章节1,2,3,11,13,16,17 @@ -43,7 +44,8 @@ tags: [] | 19 | Ubuntu Docker 通过 proxychains4 走代理拉取镜像 | | ✅ | ✅ | | | ✅ | ✅ | | | 20 | memory-lancedb-pro 场景指令手册 | ✅ | | | ✅ | | | | ✅ | | 21 | Hermes Agent | | | ✅ | | | ✅ | ✅ | | -| 22 | Claude Code 调用方法 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | | +| 22 | Claude Code 调用方法 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | +| 23 | yt-dlp (网络视频下载) | ✅ | ✅ | ✅ | ✅ | | | | | --- diff --git a/openclaw/Agents/TOOLS标准模板.md b/openclaw/Agents/TOOLS标准模板.md index c37f100a..8ebdf743 100644 --- a/openclaw/Agents/TOOLS标准模板.md +++ b/openclaw/Agents/TOOLS标准模板.md @@ -992,3 +992,47 @@ sleep 8 && tmux capture-pane -t claude-work -p # 确认已启动后即可发送 2. **命令行参数直接传任务** → 特殊字符引发 shell 转义错误,用 stdin 管道 3. **`max-turns` 太小** → 任务没跑完就超时,复杂任务设 25-30 4. **环境变量 `ANTHROPIC_API_KEY`** → 需在 settings.json 或环境变量中配置 + +## 23. yt-dlp (网络视频下载) (2026-04-15) + +### 功能 +从 Internet 下载视频文件,支持 Twitter/X、YouTube 等多种平台。 + +### 安装位置 +``` +/opt/homebrew/bin/yt-dlp +``` + +### 基本用法 + +#### 直接下载到当前目录 +```bash +yt-dlp "视频URL" +``` + +#### 下载并传输到 NAS +```bash +# 1. 下载到本地 +yt-dlp "视频URL" + +# 2. 通过 pipe 传输到 NAS +cat video.mp4 | ssh nas "cat > /volume2/knowledgebase/video.mp4" +``` + +### 常用选项 + +| 选项 | 说明 | +|------|------| +| `-o filename` | 指定输出文件名 | +| `--audio-format mp3` | 只下载音频并转为 MP3 | +| `--write-auto-sub` | 下载自动生成的字幕 | + +### 应用场景 +- Twitter/X 视频链接下载 +- YouTube 视频下载 +- 其他支持的视频平台 + +### ⚠️ 注意事项 +- 大文件通过 SSH pipe 传输时可能有连接问题 +- 视频默认保存到执行命令的当前目录 +- 临时文件建议放在 `~/.openclaw/temp//attachments/` 目录 diff --git a/openclaw/openclaw备份任务.md b/openclaw/openclaw备份任务.md index 2957227b..606ebc14 100644 --- a/openclaw/openclaw备份任务.md +++ b/openclaw/openclaw备份任务.md @@ -14,6 +14,9 @@ tags: [] | 日期 | 时间 | 服务器 | 备份文件 | 状态 | | ---------- | ----- | -------- | ------------------------------------ | ---- | +| 2026-04-15 | 22:00 | Mac Mini | openclaw-macmini-20260415220017.tar | ✅ 成功 | +| 2026-04-15 | 22:00 | Ubuntu1 | openclaw-ubuntu1-20260415220017.tar | ✅ 成功 | +| 2026-04-15 | 22:00 | Ubuntu2 | openclaw-ubuntu2-20260415220017.tar | ✅ 成功 | | 2026-04-14 | 22:00 | Mac Mini | openclaw-macmini-20260414220015.tar | ✅ 成功 | | 2026-04-14 | 22:00 | Ubuntu1 | openclaw-ubuntu1-20260414220015.tar | ✅ 成功 | | 2026-04-14 | 22:00 | Ubuntu2 | openclaw-ubuntu2-20260414220015.tar | ✅ 成功 | diff --git a/openclaw/xinghui/Hermes-Agent新手教程-2026-04-15.md b/openclaw/xinghui/Hermes-Agent新手教程-2026-04-15.md new file mode 100644 index 00000000..2c199799 --- /dev/null +++ b/openclaw/xinghui/Hermes-Agent新手教程-2026-04-15.md @@ -0,0 +1,45 @@ +--- +title: "Hermes Agent新手教程:从入门到精通,附带变现方式" +source: "https://x.com/jiroucaigou/status/2044249069699428665" +author: "努力赚钱的菜狗 (@jiroucaigou)" +date: "2026-04-15" +type: social-media-highlight +tags: + - Hermes + - AI-Agent + - 教程 + - 变现 +--- + +# Hermes Agent新手教程:从入门到精通,附带变现方式 + +**来源**: Twitter/X @jiroucaigou +**时间**: 2026-04-15 02:58:53 +**链接**: https://twitter.com/jiroucaigou/status/2044249069699428665 + +**互动数据**: ❤️ 186 | 🔁 48 | 💬 42 + +--- + +## 内容摘要 + +Hermes总结来是更高级的龙虾。它更稳定更省钱,会自动进化并且更好用。 + +之前有人靠安装龙虾提车,学会Hermes教程拿去赚钱,这一次轮到你买车。 + +本推带来从安装到实战的新手教程。 + +--- + +## 关键信息 + +- **主题**: Hermes Agent 教程 +- **定位**: 更高级的龙虾替代品 +- **优势**: 更稳定、更省钱、自动进化、更好用 +- **变现方式**: 帮人安装/教学 Hermes 赚钱 + +--- + +## 推文链接 + +> http://x.com/i/article/2040075365398560768 diff --git a/openclaw/xingshu/MEMORY.md b/openclaw/xingshu/MEMORY.md deleted file mode 100644 index 8fd34b89..00000000 --- a/openclaw/xingshu/MEMORY.md +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: MEMORY.md - 长期记忆 -source: -author: shenwei -published: -created: -description: -tags: [] ---- - -# MEMORY.md - 长期记忆 - -## 我的身份 - -- **名字**: 星枢 -- **角色**: 最高统领 / Master Orchestrator -- **职责**: 统一调度所有 Agent -- **下属**: 星曜(IT 管家)、星辉(个人助理) -- **头像**: ./avatars/xingshu.jpg - ---- - -## 知识库路径 - -- **Obsidian笔记目录**: `/Users/weishen/Workspace/nexus` - - 用户指定的Obsidian笔记根目录 - - 以后提及"obsidian笔记目录"即指此路径 - -- **星枢专属笔记**: `/Users/weishen/Workspace/nexus/openclaw/xingshu` - - 用于记录我的专属思考、调度决策、团队协作笔记 - -- **知识库**: `/Users/weishen/Workspace/nexus/openclaw/knowledgebase` - - 用户创建的Obsidian知识库,存放各类知识文档 - ---- - -### 📂 Obsidian Git 仓库配置 - -- **仓库路径**: `/Users/weishen/Workspace/nexus` -- **Remote URL**: `ssh://git@192.168.3.189:2222/admin/nexus.git` -- **认证方式**: SSH(已配置osxkeychain,无需输入密码) -- **可直接执行**: `git add` → `git commit -m "备注"` → `git push` -- **配置用户**: weishen / ishenwei@gmail.com - ---- - -### ⚠️ 重要原则(必须牢记) - -**讨论/头脑风暴阶段**: -- 未经用户允许,**禁止**安装任何程序、技能或工具 -- 未经用户允许,**禁止**编写任何代码 -- 未经用户允许,**禁止**创建任何文件或项目 -- 必待用户确认全部方案后,方可实施后续步骤 -- 节奏由用户掌控,一切行动需等待指令 - ---- - -### :star: 每日必做 - -1. **每天第一次对话时**: 自动创建当天的记忆文件 `memory/YYYY-MM-DD.md` -2. **记录内容**: 对话中的重要操作、决策、用户要求等 -3. **用户要求**: 当用户说"请记住xxxx"时必须记录到记忆文件 -4. **同步规则**: MEMORY.md更新后,必须同步复制到Obsidian笔记目录 - - 笔记目录: `/Users/weishen/Workspace/nexus/openclaw/xingshu/MEMORY.md` - -*此为每日必执行的routine,不可遗漏。* - ---- - -## 🔧 常用工具配置 - -### 发送邮件 -- **方式**: AgentMail 插件 -- **配置状态**: ✅ 已启用 -- **使用**: 用户说"发送邮件"时,直接使用 AgentMail 发送 - ---- - -## 🖥️ 服务器架构 - -| 服务器 | IP | 运行的 Agent | -|--------|-----|-------------| -| **Mac Mini** (中央控制节点) | 192.168.3.189 | xingshu (星枢), xingyao (星曜), xinghui (星辉), RabbitMQ | -| **Ubuntu2** (开发服务器) | 192.168.3.45 | yunhan, yunce, yunjiang, yunzhi | -| **Ubuntu1** (准生产服务器) | 192.168.3.47 | fengheng, fengchi, fengji | \ No newline at end of file diff --git a/openclaw/每日复盘/2026-04-14.md b/openclaw/每日复盘/2026-04-14.md index 935106ce..c0300c0a 100644 --- a/openclaw/每日复盘/2026-04-14.md +++ b/openclaw/每日复盘/2026-04-14.md @@ -72,3 +72,118 @@ ### 💡 经验与教训 (Learnings) - **命令参数验证**:遇到未知或长期未用的脚本时,先运行 `--help` 确认参数。 - **复杂命令执行策略**:面对多节点的复杂连续命令,将其写入临时 `sh` 脚本执行更可靠。 + +--- +## 【xinghui】星辉 每日复盘 - 2026-04-14(第二次复盘) + +> ⚠️ 注:第一次复盘(23:00自动执行)已记录当日活动。本条基于Django Admin详细日报补充分析。 + +### 📋 今日主要活动 + +1. **09:13 sushi[苏轼]每日早安激励故障排查** — 排查cron任务失败(cron: job execution timed out) + - 根因:MiniMax API Token出现HTTP 500错误("your current token plan not support model, MiniMax-M2.7 (2061)") + - 系统尝试多级降级(MiniMax-M2.5 → M2.5-highspeed → M2.5-Lightning)全部失败,最终超过120秒超时 + - 修复方案:将sushi cron任务的模型从MiniMax改为gemini + - 排查过程中执行了多个exec命令查看cron runs、gateway日志、openclaw cron list + +2. **全天多次笔记同步**(共9次:11:04, 11:58, 12:01, 12:28, 16:02, 16:25, 18:54, 19:21, 21:18) + - 11:04:Nexus/iCloud均Already up to date + - 11:58:Nexus推送be67293(20个文件) + - 12:01:Nexus推送be67293(22个文件) + - 12:28:Nexus拉取ba87044(大量删除旧文件) + - 16:02:Nexus推送c6e3d3c(485 files changed, 大规模重组) + - 16:25:Nexus推送ba87044(CLAUDE.md更新+清理wiki空文件) + - 18:54:Nexus推送b6a3ed5(145 files, Technical→AI重组) + - 19:21-19:24:**循环问题** — 用户重复发送导致同一sync被多次触发(7次重复User消息,seq 785-801) + - 21:18:Nexus推送51502fd(3个文件修改) + +### 💡 教训与反思 + +- **MiniMax API Token计划问题**:当API返回"your current token plan not support model"时,所有基于该provider的模型都会失败,降级策略无效。需要备用provider(gemini)作为fallback,且fallback模型应提前验证可用性 +- **19:21笔记同步循环**:用户在等待响应时重复发送"再做下笔记同步",导致同一操作被触发多次。所有exec最终都返回成功或Already up to date,说明git操作本身是幂等的,但连续触发造成资源浪费 +- **笔记同步频率**:今天共9次同步请求,说明用户有频繁同步的需求,但系统应提供更好的状态反馈机制 +- **openclaw cron命令使用注意**:使用`openclaw cron list`时报错"unknown command 'show'",`openclaw cron runs`正常工作;使用`openclaw cron edit`时报错"required option '-m, --message ' not specified"(正确的edit命令需要`-m`参数) + +### 🔧 待改进项 + +- **笔记同步响应优化**:收到请求后立即发送"🔄 开始同步...",再执行git操作,最后报告结果,全程让用户感知进度 +- **考虑添加sync状态锁**:防止同一操作被并发触发 +- **MiniMax Token问题**:需持续关注,备用方案已就位(gemini) + +### 📝 明日关注 + +- sushi每日早安激励任务(09:00)是否正常执行(已改为gemini模型) +- MiniMax API Token状态是否恢复 +- 笔记同步循环问题是否需要技术改进 + +--- + +*复盘时间:2026-04-15 23:00 CST(基于Django Admin日报)* + +--- + +## 【xingshu】星枢 每日复盘 - 2026-04-14(晚间补充) + +> ⚠️ 注:本条目基于Django Admin日报(17:00后晚间场)补充,09:13场次已另记。 + +### 📋 今日主要活动(17:00后晚间场) + +1. **NAS DevOps视频知识库构建**(17:15 - 19:11) + - 用户提出将NAS上`/volume2/work/Public Cloud Learning Sessions/`的19GB视频纳入Obsidian知识库 + - 制定分级处理方案:L1清理+目录结构 → L2 Whisper音频转录 → L3搜索增强 + - 创建10个分类目录(AWS Landing Zone、IAM、Terraform、EKS、FinOps、CI/CD、Security、Networking、Serverless AI、OpenText Series) + - Python脚本批量生成112个Obsidian笔记文件 + - 修复3个文件名编码问题(不间断空格`\xa0`、弯引号`'`、EM dash) + - Git提交推送(commit `beb4478`) + +2. **目录归属纠正**(17:33) + - 用户指出不应将笔记放在`wiki/`目录(llm-wiki-agent领地) + - 立即迁移:`wiki/DevOps & SRE/` → `knowledgebase/DevOps & SRE/` + - Git提交推送(commit `c976744`),NAS同步完成 + +3. **音频转录测试**(19:09 - 19:18) + - 验证NAS ffmpeg:发现群晖版ffmpeg缺失AAC解码器 + - 在Mac mini上安装完整版ffmpeg(`brew install ffmpeg`) + - SSH数据流管道传输(绕过scp特殊字符问题) + - 成功提取第一个MP3(23MB视频 → 3MB音频,VBR 128kbps) + - 测试summarize skill对音频生成摘要:成功(Gemini 3.1 Pro) + - 测试summarize --extract参数获取原始Transcript:成功 + +### 🔴 遇到的问题及错误 + +| 错误 | 根因 | 解决方案 | +|------|------|---------| +| Python脚本语法错误(嵌套引号) | 脚本中SSH命令的嵌套引号转义 | 重写为更简洁的管道命令 | +| NAS ffmpeg报"decoder aac"错误 | 群晖ffmpeg编译时禁用AAC解码 | 改用Mac mini本地ffmpeg | +| SCP传输含特殊字符文件名失败 | scp对括号、空格处理不稳定 | 改用`ssh nas "cat > file" < local_file` | +| 写入wiki/目录被纠正 | wiki/为llm-wiki-agent领地 | 迁移至knowledgebase/ | +| 3个视频文件未匹配分类 | 文件名含不间断空格、弯引号等 | 添加特殊字符映射表 | + +### 💡 经验与教训 + +1. **目录归属意识**:Obsidian Nexus中`wiki/`目录由llm-wiki-agent负责,不应混入其他笔记;`knowledgebase/`是更适合放置学习资料的位置 +2. **文件名编码问题**:NAS上文件名可能含不间断空格(\xa0)、弯引号('/')等,肉眼不可见,需用hexdump或repr定位 +3. **FFmpeg编解码器**:群晖NAS自带ffmpeg功能受限,生产环境应在计算资源充足的机器(Mac mini M系列)上处理 +4. **SSH文件传输**:对于含特殊字符的文件名,`ssh user@host "cat > path" < local_file`比scp更可靠 +5. **summarize skill**:支持`--transcriber whisper`指定音频转录后端,`--extract`可单独获取原始Transcript,`--format md --markdown-mode llm`可美化排版 + +### 📊 统计数据 + +| 指标 | 数值 | +|------|------| +| 视频文件数量 | 112个 | +| 总视频容量 | ~19GB | +| 生成Obsidian笔记 | 112个 | +| 分类数量 | 10类 | +| Git提交 | 2次(beb4478, c976744) | +| 音频测试 | 1个成功(3MB MP3) | + +### 📝 明日关注 + +- Whisper批量音频转录任务是否可安排定时执行 +- summarize skill对长音频(>1小时)的处理效果 +- 是否需要建立音频转录的自动化流水线 + +--- + +*复盘时间:2026-04-15 23:15 CST(xingshu每日复盘cron)* diff --git a/openclaw/每日复盘/2026-04-15.md b/openclaw/每日复盘/2026-04-15.md new file mode 100644 index 00000000..ebb2bc0d --- /dev/null +++ b/openclaw/每日复盘/2026-04-15.md @@ -0,0 +1,65 @@ + +--- +## 【xingjiang】星匠 每日复盘 - 2026-04-15 + +今日(2026-04-15)在 Django Admin 中未检索到 xingjiang 的对话记录(页面 404),系统内无活动。 +无新的错误与经验教训总结。 + +## 【xingyao】星曜 每日复盘 - 2026-04-15 + +### 今日概况 +**报告时间**: 2026-04-15 23:10(距当天结束约50分钟) +**Django Admin 状态**: 2026-04-15 的报告尚未生成(正常 — 当天还有约50分钟);最新可用数据为 2026-04-14 + +**2026-04-14 主要数据**: +- Sessions: 1 +- Messages: 562 +- Model: MiniMax-M2.7 +- Tokens: 17.5M + +### 主要活动 + +#### 1. 完成任务:Nexus 仓库初始化并通过 HTTP 推送 +- 将 nexus 仓库的 remote URL 切换为 `http://192.168.3.17:8418/ishenwei/nexus` +- 成功提交未跟踪文件 (commit `2849178`) +- 首次推送 main 分支到 Gitea HTTP 地址 +- 更新两处 MEMORY.md + +#### 2. 调试 Gitea SSH 配置(进行中,未完全解决) +- 用户将 Mac Mini 的 SSH 公钥添加到 Gitea +- 尝试启用 Gitea SSH push 功能,遇到多层障碍 + +### 错误与教训 + +#### Gitea SSH on Synology 多层失败模式 + +| # | 问题 | 根因 | 状态 | +|---|------|------|------| +| 1 | SSH URL 格式错误(`ishenwei@` 应为 `sc-gitea@`) | 对 Gitea SSH 用户名理解错误 | 修正 | +| 2 | `SSH_PORT=2222` 配置后端口仍关闭 | Synology Gitea 启动脚本只运行 `gitea web`,不启动内置 SSH 服务 | 需手动修改启动脚本或使用 Docker | +| 3 | `gitea serv` 执行失败:`permission denied /var/packages/gitea/var/conf.ini` | conf.ini 权限不足(640) | 已 chmod 644 | +| 4 | `sc-gitea` 用户 home 目录不可访问 | `/var/packages/gitea/home/` 权限不正确 | 需 `chmod 700` | +| 5 | `synopkg restart` 无法直接运行 | Synology 环境变量限制 | 需通过 DSM UI 或 `synopkg` 命令 | + +#### 关键认知 + +1. **Synology Gitea 包不支持内置 SSH**:Synology 的 Gitea 套件包管理器只启动 `gitea web` 进程,不会启动 `gitea server`(SSH 守护进程)。`SSH_DOMAIN`/`SSH_PORT` 配置项在只运行 `gitea web` 时无效。 + +2. **Gitea SSH 的两种模式**: + - **Builtin SSH** (`gitea server`):Gitea 自己在端口 22 或 SSH_PORT 上监听 SSH 连接 + - **External SSH** (推荐 Synology):复用系统 SSH(端口 22),通过 `authorized_keys` 的 `command=...` 触发 `gitea serv` + + 用户使用 external SSH 模式(authorized_keys 方式),此时 Gitea 配置文件里的 `SSH_PORT` 并不控制监听端口,监听由系统 SSH 服务(端口 22)负责。 + +3. **正确的 Gitea SSH URL 格式**: + - 端口 22(系统 SSH):`scp-style: sc-gitea@192.168.3.17:ishenwei/nexus.git` 或 `ssh://sc-gitea@192.168.3.17/ishenwei/nexus.git` + - 自定义端口:需 `gitea server` 运行在自定义端口,`SSH_PORT` 配置才生效 + +4. **推荐方案**:继续使用 HTTP 推送(Gitea HTTP push 已配置完成且工作正常);如需 SSH,建议在 Synology 上用 Docker 部署 Gitea 或单独配置 `gitea server` 进程。 + +### 待办 / 跟进 +- [ ] Gitea SSH push 功能完整打通(需要用户在 Synology 上完成配置修正后测试) +- [ ] SSH URL 格式已修正为 `sc-gitea@192.168.3.17:2222/ishenwei/nexus.git`(端口 2222),但 2222 尚未开放 +- [ ] 确认 2026-04-15 的完整日报数据(明天复盘时补录) + +--- diff --git a/wiki/concepts/AI结对执行.md b/wiki/concepts/AI结对执行.md new file mode 100644 index 00000000..00ffd563 --- /dev/null +++ b/wiki/concepts/AI结对执行.md @@ -0,0 +1,41 @@ +--- +title: "AI 结对执行" +type: concept +tags: [vibe-coding, AI, pair-programming] +--- + +## Definition +AI 结对执行(AI Pair Programming)是 Vibe Coding 范式的第三原则:开发者扮演导演角色,AI 扮演执行者角色,类似结对编程(Pair Programming)但人类提供方向判断和审美决策,AI 负责具体实现。 + +## Human vs AI Responsibilities +| 角色 | 人类(导演) | AI(执行者) | +|------|------------|-------------| +| 架构决策 | ✅ | ❌ | +| 需求理解 | ✅ | ✅(辅助澄清) | +| 代码编写 | ❌ | ✅ | +| 测试验证 | ✅(审查) | ✅(自测脚本) | +| 审美判断 | ✅ | ❌ | +| Bug 修复 | ✅(引导) | ✅(执行) | + +## Tools That Enable It +- **Cursor**:Composer 模型支持多文件编辑和 AI 对话 +- **Windsurf**:Tab 自动补全 + AI 建议 +- **Trae**:Remote SSH 开发环境 +- **Claude Code**:Print Mode 非交互批量执行 + +## Relationship to Vibe Coding Formula +Vibe Coding = 规划驱动 + 上下文固定 + AI 结对执行 +- 规划驱动:确定做什么 +- 上下文固定:保证 AI 不跑偏 +- AI 结对执行:具体怎么做 + +## Related Concepts +- [[Vibe Coding]]:AI 结对执行是 Vibe Coding 三要素之一 +- [[规划驱动]]:结对前的人类准备工作 +- [[上下文固定]]:结对时的行为约束机制 +- [[Cursor]]:AI 结对执行的首选 IDE + +## Aliases +- AI Pair Programming +- 氛围结对 +- 导演模式 diff --git a/wiki/concepts/Anthropic-Skills-官方库.md b/wiki/concepts/Anthropic-Skills-官方库.md new file mode 100644 index 00000000..e8b6ae86 --- /dev/null +++ b/wiki/concepts/Anthropic-Skills-官方库.md @@ -0,0 +1,43 @@ +--- +title: "Anthropic Skills 官方库" +type: concept +tags: [anthropic, claude, skill, github, open-source] +last_updated: 2026-01-08 +--- + +## Definition +Anthropic 官方在 GitHub 发布的 Skills 仓库(github.com/anthropics/skills),收藏数突破 3.2 万,原封不动地拆解了 Claude.ai 网页版的生产级能力。 + +## Source +- GitHub: https://github.com/anthropics/skills + +## Core Content + +### 三大类别 + +#### 1. 办公自动化四大件(Office Suite) +- Word/PDF/PPT/Excel 的创建、编辑、分析、重写 +- 格式控制、边界处理、容错策略 +- 每一步包含 Prompt 结构、参数含义 + +#### 2. 开发者工具箱(Developer Tools) +- MCP Server +- Web 应用测试 +- Artifacts 构建 +- 自动化验证流程 + +#### 3. 创意类 Skills(Creative) +- 算法艺术 +- Canvas 设计 +- 主题生成工厂 +- 重点:设计思路可复用、输入约束、输出稳定 + +## Key Value +"它是 Anthropic 把 Claude 线上真正在跑的生产级能力,原封不动地拆解开来,摊在桌面上给你看。" + +本质上是官方在教你"怎么像我们一样开发 AI 应用"。 + +## Connections +- [[Anthropic]] ← 发布者 +- [[Claude Skills]] ← 具体实现 +- [[Awesome-Claude-Skills]] ← 第三方精选仓库 diff --git a/wiki/concepts/Claude-Skills.md b/wiki/concepts/Claude-Skills.md new file mode 100644 index 00000000..e834a558 --- /dev/null +++ b/wiki/concepts/Claude-Skills.md @@ -0,0 +1,32 @@ +--- +title: "Claude Skills" +type: concept +tags: [claude, anthropic, skill, workflow] +last_updated: 2026-01-08 +--- + +## Definition +Claude Skills 是 Anthropic 官方发布的 AI 技能指南,本质是"写给 Claude 的说明书 + SOP(标准作业程序)"。 + +## Core Properties +- **说明书**:清晰描述任务目标、输入约束、输出格式 +- **SOP**:将反复执行、有固定流程的任务拆解为 AI 可理解、稳定复用、自动执行的步骤 +- **可组合**:多个 Skills 可串联形成复杂工作流 + +## Key Distinction from Prompt Engineering +| Prompt Engineering | Skills | +|---|---| +| 优化单次输出质量 | 优化整套流程的稳定性与可复用性 | +| 依赖模型能力 | 结构化流程,降低模型依赖 | +| 单点优化 | 系统化、工程化 | + +## Official Resources +- [[Anthropic Skills 官方库]]:github.com/anthropics/skills,3.2 万收藏 +- [[Awesome-Claude-Skills]]:ComposioHQ、VoltAgent、BehiSecc 维护的精选仓库 +- [[Skill 聚合站]]:skillsmp.com、aitmpl.com/skills、claudemarketplaces.com + +## Connections +- [[AI技能封装]] ← 具体实现 +- [[Prompt工程]] ← 范式升级来源 +- [[Anthropic Skills 官方库]] ← 官方资源 +- [[Agent Skill 设计模式]] ← 设计模式框架 diff --git a/wiki/concepts/Git自动同步.md b/wiki/concepts/Git自动同步.md new file mode 100644 index 00000000..0e251654 --- /dev/null +++ b/wiki/concepts/Git自动同步.md @@ -0,0 +1,23 @@ +--- +title: "Git自动同步" +type: concept +tags: [Obsidian, Git, 版本控制] +sources: ["养虾日记3-Obsidian-Gitea持久化笔记系统.md"] +last_updated: 2026-04-15 +--- + +## Definition +Git自动同步指 Obsidian Git 插件设置为 Auto commit-and-sync interval(如 10 分钟),插件自动 commit + push,无需手动操作。 + +## Key Value +AI 批量改文件的能力越强,越需要版本管理来兜底。Git 自动同步让这个兜底机制完全无需人工干预。 + +## Mechanism +- Obsidian Git 插件(社区插件)→ Auto commit interval +- commit + push 全自动 +- Gitea 私有仓库存储,历史版本任意回溯 + +## Related Concepts +- [[LLM Wiki]]:Git自动同步是 LLM Wiki 版本控制的实现层 +- [[Gitea]]:承载仓库的 Git 服务 +- [[Obsidian]]:笔记前端 diff --git a/wiki/concepts/Graph-View.md b/wiki/concepts/Graph-View.md new file mode 100644 index 00000000..07c701a7 --- /dev/null +++ b/wiki/concepts/Graph-View.md @@ -0,0 +1,21 @@ +--- +title: "Graph View" +type: concept +tags: [Obsidian, 知识管理] +sources: ["养虾日记3-Obsidian-Gitea持久化笔记系统.md"] +last_updated: 2026-04-15 +--- + +## Definition +Obsidian 的 Graph View 将所有 Wiki 页面以节点展示,双链关系自动连线,是知识网络的可视化健康检查工具。 + +## Two Usage Patterns +- **健康检查**:没有任何页面链接指向它 → 孤岛页面,需要补上交叉引用 +- **发现盲区**:某个概念被很多页面提到但自己还没有独立页面 → 图谱里显示为灰色幽灵节点 + +## Karpathy's Insight +Graph View 是 LLM Wiki 的"知识盲区探测器":灰色幽灵节点提醒应该为它建一个专页。 + +## Related Concepts +- [[LLM Wiki]]:Graph View 是 LLM Wiki 范式的重要工具 +- [[知识可发现性]]:双向链接 + Graph View 让知识形成网络而非孤岛 diff --git a/wiki/concepts/KPI卡片.md b/wiki/concepts/KPI卡片.md new file mode 100644 index 00000000..e3433568 --- /dev/null +++ b/wiki/concepts/KPI卡片.md @@ -0,0 +1,30 @@ +--- +title: "KPI 卡片" +type: concept +tags: [kpi, bi, 可视化, 指标] +sources: [] +last_updated: 2025-03-14 +--- + +## Definition +Dashboard 顶部的一组数字指标看板,每个卡片展示一个关键业务指标的最新值,用于快速判断业务整体健康度。 + +## TikTok Shop 场景标准 KPI +| KPI | 计算方式 | 意义 | +|-----|---------|------| +| 总产品数 | COUNT(*) | 市场体量 | +| 热卖产品数 | COUNT(sold > X) | 爆品数量 | +| 平均评分 | AVG(rating) | 整体质量 | +| 平均最终价格 | AVG(final_price) | 价格带定位 | +| 总 GMV | SUM(final_price × sold) | 整体交易额 | +| 折扣商品占比 | COUNT(discount > 0) / COUNT(*) | 促销密度 | + +## 设计规范 +- 放置在 Dashboard 第一行 +- 双行排列(3+3 或 4+2) +- Big Number Chart 类型,只显示数字和同比变化 + +## Related Concepts +- [[Superset Dashboard]]:载体 +- [[电商选品分析]]:应用场景 +- [[选品评分模型]]:关联指标 diff --git a/wiki/concepts/LLM-Wiki.md b/wiki/concepts/LLM-Wiki.md new file mode 100644 index 00000000..182e289e --- /dev/null +++ b/wiki/concepts/LLM-Wiki.md @@ -0,0 +1,29 @@ +--- +title: "LLM Wiki" +type: concept +tags: [AI知识管理, RAG, 知识积累] +sources: ["养虾日记3-Obsidian-Gitea持久化笔记系统.md", "Personal-Knowledge-Base-RAG.md"] +last_updated: 2026-04-15 +--- + +## Definition +LLM Wiki 是一种 AI 知识管理范式:AI 在执行任务过程中**增量构建和维护一个持久化的 Wiki**,页面之间互相链接,知识越积越厚,而非每次从零检索。 + +## Core Distinction: LLM Wiki vs RAG + +| | RAG | LLM Wiki | +|--|-----|---------| +| 知识积累 | 不积累,每次从零检索 | 增量构建,页面间互相链接 | +| 检索方式 | 向量相似度检索 | 双向链接 + Graph View 发现 | +| 知识边界 | 受知识库文档限制 | 知识随任务执行不断扩展 | +| 适用场景 | 静态文档问答 | 持续执行任务的 Agent | + +## Key Claims +- RAG 的局限:每次对话从零开始,知识不积累,无法形成知识网络 +- LLM Wiki 的优势:AI 在执行任务过程中顺手维护链接、更新摘要、添加 Tag、标记新旧矛盾 +- Graph View 是知识健康检查工具:孤岛页面(无页面链接指向它)需要补上交叉引用 + +## Related Concepts +- [[RAG]]:对比范式 +- [[个人知识库]]:LLM Wiki 的具体实现之一 +- [[知识可发现性]]:双向链接 + Graph View 让知识形成网络而非孤岛 diff --git a/wiki/concepts/Memory-in-AI-Agent.md b/wiki/concepts/Memory-in-AI-Agent.md new file mode 100644 index 00000000..87c1d283 --- /dev/null +++ b/wiki/concepts/Memory-in-AI-Agent.md @@ -0,0 +1,32 @@ +--- +title: "Memory in AI Agent" +type: concept +tags: [memory, ai-agent, 上下文, n8n] +sources: [] +last_updated: 2025-03-06 +--- + +## Definition +Memory(记忆)是 AI Agent 保持多轮对话上下文连贯性的机制,通过在每次交互中注入历史消息,使 Agent 能够记住之前的对话内容,输出更相关和连贯的响应。 + +## 工作原理 +1. 每次对话 → 将历史消息追加到 context +2. Agent 在决策时读取完整 context +3. 结合 Memory + 当前输入 → 生成响应 + +## N8N 实现 +N8N AI Agent 节点内置 Memory 配置,支持: +- 对话历史注入 +- 与外部数据库(如 [[Airtable]])联动存储长期记忆 + +## 与传统 Workflow 的区别 +- Workflow:完全确定性,每次执行相同输入=相同输出 +- 带 Memory 的 Agent:输入相同但上下文不同,输出可能变化 + +## Related Entities +- [[Airtable]]:外部存储媒介 +- [[n8n]]:工作流平台 + +## Related Concepts +- [[Agentic System]]:依赖 Memory 实现多轮交互 +- [[Workflow vs Agent]]:Agent 的 Memory 是其与 Workflow 本质区别 diff --git a/wiki/concepts/NFS永久挂载.md b/wiki/concepts/NFS永久挂载.md new file mode 100644 index 00000000..c23e1655 --- /dev/null +++ b/wiki/concepts/NFS永久挂载.md @@ -0,0 +1,40 @@ +--- +title: NFS永久挂载 +type: concept +tags: [nfs, ubuntu, nas, fstab, mount] +--- + +## Definition +NFS 永久挂载是通过 /etc/fstab 配置使网络文件系统(NFS)在系统启动时自动挂载,而非手动 mount 重启后失效。 + +## Problem +手动 mount 命令是临时的,重启后内核重置所有挂载状态。 + +## Solution +在 /etc/fstab 中添加 NFS 挂载条目: +``` +192.168.3.17:/volume2/backup /mnt/nas_backup nfs defaults,timeo=900,retrans=5,_netdev 0 0 +``` + +## Key Parameters +| 参数 | 含义 | +|------|------| +| defaults | 默认挂载选项(rw, suid, dev, exec, auto, nouser, async) | +| timeo=900 | 超时 90 秒(单位 1/10 秒) | +| retrans=5 | 超时后重试 5 次 | +| _netdev | 告诉系统这是网络设备,等网络就绪后再挂载(防止开机卡死) | + +## 验证方法 +```bash +sudo umount /mnt/nas_backup # 卸载当前挂载 +sudo mount -a # 模拟开机自动挂载 +df -h | grep nas_backup # 验证挂载成功 +``` + +## 故障排查 +- 重启后仍然失效:systemctl enable remote-fs.target +- nfs-common 服务启动慢于 mount -a:_netdev 参数解决 + +## Connections +- [[Ubuntu服务器通过rsync实现日常增量备份]] — 应用场景 +- [[rsync增量备份]] — 备份目标端挂载 diff --git a/wiki/concepts/News API.md b/wiki/concepts/News API.md new file mode 100644 index 00000000..2f858a18 --- /dev/null +++ b/wiki/concepts/News API.md @@ -0,0 +1,33 @@ +--- +title: "News API" +type: concept +tags: [news-api, 数据源, api, 新闻聚合] +sources: [] +last_updated: 2025-03-11 +--- + +## Definition +新闻 API(News API)是提供标准化 HTTP 接口获取结构化新闻数据的平台服务,将多来源(新闻网站/博客/论坛/社交媒体)的非结构化内容整合为 JSON/XML 格式返回。 + +## Core Value +Eliminate 人工采集和整理工作,API 自动完成聚合+格式化+过滤,可直接接入 AI 应用工作流。 + +## 主要分类 +| 类型 | 代表产品 | 特点 | +|------|---------|------| +| 全覆盖型 | [[Webz.io]] | surface+deep+dark web | +| 轻量低价型 | [[GNews API]] / [[Mediastack API]] | 低价/免费/初创友好 | +| 金融专业型 | [[Bloomberg API]] / [[Financial Times API]] | 机构级金融数据 | +| 舆情监控型 | [[Opoint]] | 情感分析+品牌追踪 | +| 编辑质量型 | [[The Guardian API]] | 高质量编辑内容 | + +## AI 应用场景 +- AI 新闻聚合应用 +- 金融情报与投资决策支持 +- 品牌舆情监控系统 +- AI 训练数据获取(LLM fine-tuning) + +## Related Concepts +- [[舆情监控]]:应用场景 +- [[金融情报]]:应用场景 +- [[新闻聚合]]:相关概念 diff --git a/wiki/concepts/QMD.md b/wiki/concepts/QMD.md new file mode 100644 index 00000000..1bbf3933 --- /dev/null +++ b/wiki/concepts/QMD.md @@ -0,0 +1,18 @@ +--- +title: "QMD" +type: concept +tags: [Obsidian, 知识检索] +sources: ["养虾日记3-Obsidian-Gitea持久化笔记系统.md"] +last_updated: 2026-04-15 +--- + +## Definition +QMD(github.com/tobi/qmd)是完全本地运行的 Markdown 搜索引擎,在 Wiki 规模变大后替代 index.md 提供精准搜索。 + +## When to Use +- Wiki 到几百个页面之前:index.md 完全够用 +- AI 找东西开始变慢时:再接入 QMD 不迟 + +## Related Concepts +- [[LLM Wiki]]:QMD 是 Wiki 规模变大后的检索增强工具 +- [[知识可发现性]]:精准搜索是知识可发现性的一部分 diff --git a/wiki/concepts/Superset Dashboard.md b/wiki/concepts/Superset Dashboard.md new file mode 100644 index 00000000..f9c20499 --- /dev/null +++ b/wiki/concepts/Superset Dashboard.md @@ -0,0 +1,35 @@ +--- +title: "Superset Dashboard" +type: concept +tags: [superset, bi, 可视化, dashboard] +sources: [] +last_updated: 2025-03-14 +--- + +## Definition +Apache Superset 中的 Dashboard 是多个 Chart 的组合容器,支持 Filter 交互和数据过滤,可通过 JSON 导入/导出实现配置复用。 + +## Design Patterns +从 TikTok Shop Dashboard 实践中提炼的标准布局: +1. **KPI 行**:6-10 个指标卡片,双行排列 +2. **爆品行**:销量/GMV 条形图,2 列布局 +3. **关系图行**:价格×销量气泡图,全宽 +4. **类目分析行**:3 图并列(类目销量榜 + 热力图 + 箱线图) +5. **评分模型行**:选品评分表格,全宽 + +## 核心图表类型 +- [[KPI 卡片]]:数字指标看板 +- 气泡图:3 维度(X/Y/Size)关系分析 +- 热力图:类目×评分矩阵 +- 箱线图:价格带分布 +- 折线图:时间序列趋势 + +## 与 ETL Pipeline 关系 +- ETL 负责采集+清洗 → Superset 负责可视化 +- SQL View 是两者衔接层:清洗结果写入 View → Superset Dataset 读取 View + +## Related Concepts +- [[Apache Superset]]:工具载体 +- [[电商选品分析]]:应用场景 +- [[选品评分模型]]:核心分析模型 +- [[KPI 卡片]]:Dashboard 组件 diff --git a/wiki/concepts/Workflow-vs-Agent.md b/wiki/concepts/Workflow-vs-Agent.md new file mode 100644 index 00000000..dee05a15 --- /dev/null +++ b/wiki/concepts/Workflow-vs-Agent.md @@ -0,0 +1,37 @@ +--- +title: "Workflow vs Agent" +type: concept +tags: [workflow, agent, ai, 自动化] +sources: [] +last_updated: 2025-03-06 +--- + +## Definition +Workflow(工作流)和 Agent(智能体)是 AI 自动化系统的两种核心范式,本质区别在于执行逻辑是预定义还是动态决定。 + +## 核心对比 + +| 维度 | Workflow | Agent | +|------|----------|-------| +| 执行逻辑 | 预定义,固定路径 | LLM 动态决定 | +| 工具选择 | 人工预设 | LLM 自主选择 | +| 适应性 | 固定输入→固定输出 | 动态输入→自适应输出 | +| 上下文 | 无记忆 | 可带 Memory | +| 调试难度 | 低(确定性) | 高(非确定性) | +| 适用场景 | 规则明确的任务 | 需要判断的任务 | + +## 典型案例 +- Workflow:每天 9 点自动抓取 RSS → 格式化 → 发送邮件(完全固定) +- Agent:用户提问 → LLM 判断需要哪些工具(搜索/数据库/计算器)→ 动态调用 → 返回答案 + +## N8N 中的体现 +- Workflow = Trigger + Action/Utility/Code 节点串联 +- Agent = Advanced AI 节点,内置 LLM 决策 + Memory + +## Related Concepts +- [[Agentic System]]:Agent 的系统级定义 +- [[Memory in AI Agent]]:Agent 区别于 Workflow 的关键能力 +- [[N8N Workflow]]:Workflow 在 N8N 中的实现 + +## Related Entities +- [[n8n]]:同时支持 Workflow 和 Agent 构建 diff --git a/wiki/concepts/rsync增量备份.md b/wiki/concepts/rsync增量备份.md new file mode 100644 index 00000000..7c2f52aa --- /dev/null +++ b/wiki/concepts/rsync增量备份.md @@ -0,0 +1,37 @@ +--- +title: rsync增量备份 +type: concept +tags: [backup, rsync, ubuntu, nas, automation] +--- + +## Definition +rsync 增量备份是通过 rsync 工具将源目录的变化部分同步到目标目录的自动化数据保护方案,相比全量备份节省存储和带宽。 + +## Core Mechanism +- Delta-transfer 算法:只传输变化部分 +- -a:归档模式,保留权限、时间戳、符号链接等属性 +- -z:压缩传输,减少网络带宽占用 +- -R:相对路径,保持目录结构 +- --delete:目标端删除源端不存在的文件(保持镜像一致) + +## 防重入机制 +lockfile PID 文件 + kill -0 检测进程是否存活,防止备份任务重复执行。 + +## 防NAS掉线机制 +mountpoint -q 检查挂载点是否有效,NAS 掉线时自动中止备份,防止数据写入本地挂载点导致硬盘爆满。 + +## 应用场景 +Ubuntu 服务器数据备份到 Synology NAS,配合 Crontab 凌晨自动化执行。 + +## 关键参数 +| 参数 | 含义 | +|------|------| +| rsync -azR | 归档+压缩+相对路径 | +| --delete | 目标端同步删除 | +| timeo=900 | NFS 超时 90 秒 | +| _netdev | 等待网络设备就绪后再挂载 | + +## Connections +- [[Ubuntu服务器通过rsync实现日常增量备份]] — 完整实现指南 +- [[NFS永久挂载]] — 备份目标端挂载机制 +- [[lockfile防重入]] — 防重复执行机制 diff --git a/wiki/concepts/一人公司.md b/wiki/concepts/一人公司.md new file mode 100644 index 00000000..a73f38d7 --- /dev/null +++ b/wiki/concepts/一人公司.md @@ -0,0 +1,29 @@ +--- +title: "一人公司" +type: concept +tags: [个人品牌, 商业变现] +sources: ["万字保姆级教程-90天跑通一人公司模式-2026-03-29.md", "普通人如何在AI时代赚钱.md"] +last_updated: 2026-04-15 +--- + +## Definition +一人公司是用最小杠杆撬动最大价值的商业模式,核心支点是个人优势。关键不是更努力地工作,而是更聪明地定位。 + +## Core Principles +- [[品味]]:AI 时代真正的护城河,能判断什么是真正好的 +- [[端到端]]:不做别人 AI 流水线上的零件,做从 idea 到 product 的完整闭环 +- [[死亡过滤器]]:每天问自己是否还愿意做这件事,筛选真正的热爱 + +## 90-Day Framework +1. 天才地带定位(第 1-30 天) +2. 底层能力挖掘(第 1-30 天) +3. Ikigai 四圈交集(第 31-45 天) +4. 数据验证赛道(第 46-60 天) +5. 产品漏斗设计(第 61-75 天) +6. 内容矩阵搭建(第 76-90 天) + +## Related Concepts +- [[Ikigai]]:核心定位框架 +- [[产品漏斗]]:四层产品体系 +- [[内容矩阵]]:内容生产策略 +- [[超级个体]]:一人公司的 AI 增强形态 diff --git a/wiki/concepts/上下文固定.md b/wiki/concepts/上下文固定.md new file mode 100644 index 00000000..09c865cb --- /dev/null +++ b/wiki/concepts/上下文固定.md @@ -0,0 +1,30 @@ +--- +title: "上下文固定" +type: concept +tags: [vibe-coding, context, AI, constraints] +--- + +## Definition +上下文固定(Context Anchoring)是 Vibe Coding 范式的第二原则:通过持久化文件(.cursorrules、SPEC.md、技术架构文档)维持 AI 跨对话的上下文一致性,防止 AI 在长对话中遗忘项目约束和设计决策。 + +## Problem It Solves +- AI 对话窗口有限:长对话后 AI 会丢失早期决策 +- AI 幻觉:缺少明确约束时,AI 会自行创造"合理"但错误的实现 +- 风格漂移:AI 在不同对话中可能给出风格不一致的代码 + +## Mechanisms +1. **.cursorrules**:Cursor IDE 项目级 AI 行为规则文件(如强制 Doc 注释) +2. **SPEC.md**:功能规格文档,作为 AI 每次对话的入口参考 +3. **TECH_STACK.md**:技术栈锁定,防止 AI 随意更换框架 +4. **STATE.yaml**:项目状态文件,多 Agent 协作时维护共同上下文 + +## Related Concepts +- [[Vibe Coding]]:上下文固定是 Vibe Coding 三要素之一 +- [[规划驱动]]:规划文档是上下文固定的基础 +- [[项目规则]]:.cursorrules 是上下文固定的具体实现 +- [[去中心化协调]]:STATE.yaml 是上下文固定在多 Agent 场景的延伸 + +## Aliases +- Context Anchoring +- 上下文锚定 +- 上下文维持 diff --git a/wiki/concepts/产品漏斗.md b/wiki/concepts/产品漏斗.md new file mode 100644 index 00000000..ac0bf3ca --- /dev/null +++ b/wiki/concepts/产品漏斗.md @@ -0,0 +1,29 @@ +--- +title: "产品漏斗" +type: concept +tags: [产品设计, 定价策略, 商业变现] +sources: ["万字保姆级教程-90天跑通一人公司模式-2026-03-29.md"] +last_updated: 2026-04-15 +--- + +## Definition +产品漏斗是个人产品体系的分层设计,通过价格锚定和信任递进,引导用户从免费引流到高价服务。 + +## Four Layers + +| 层级 | 产品形态 | 定价 | 用户心理 | +|------|----------|------|----------| +| 引流 | 行业趋势报告 PDF | 免费(换联系方式) | 看看无妨,或许有用 | +| 入门 | 写作自动流工具 | ¥199 | 这价格买个工具很划算 | +| 核心 | 6周实战特训营 | ¥4999 | 我要彻底解决这个问题 | +| 高价 | 企业陪跑咨询 1对1 | ¥20,000/月 | 我需要专家直接帮我做 | + +## Key Mechanisms +- [[价格锚定]]:高价咨询放顶部,让低价显得便宜 +- [[诱饵效应]]:三个选项(基础/标准/旗舰),用中间选项引导选择 +- 信任需要逐步建立,没有人一开始就买最贵的 + +## Related Concepts +- [[一人公司]]:产品漏斗是商业变现的落地层 +- [[价格锚定]]:定价心理机制 +- [[Ikigai]]:确定卖什么的定位框架 diff --git a/wiki/concepts/价格锚定.md b/wiki/concepts/价格锚定.md new file mode 100644 index 00000000..4547890c --- /dev/null +++ b/wiki/concepts/价格锚定.md @@ -0,0 +1,19 @@ +--- +title: "价格锚定" +type: concept +tags: [定价策略, 心理学] +sources: ["万字保姆级教程-90天跑通一人公司模式-2026-03-29.md"] +last_updated: 2026-04-15 +--- + +## Definition +价格锚定是心理学定价策略:把高价选项放在最高处,让消费者觉得中间选项相对便宜,从而提高中间选项的购买率。 + +## Application in Product Funnel +- 高价咨询(¥20,000/月)放顶部 +- 入门产品(¥199)和核心产品(¥4999)显得便宜 +- 配合[[诱饵效应]](三个选项:基础/标准/旗舰)引导用户选中间选项 + +## Related Concepts +- [[产品漏斗]]:价格锚定是产品漏斗的定价心理机制 +- [[一人公司]]:定价策略是商业变现的关键环节 diff --git a/wiki/concepts/内容创意密度.md b/wiki/concepts/内容创意密度.md new file mode 100644 index 00000000..3daa1170 --- /dev/null +++ b/wiki/concepts/内容创意密度.md @@ -0,0 +1,51 @@ +--- +title: "内容创意密度" +type: concept +tags: [idea-density, content, performance, excitement] +--- + +# 内容创意密度(Idea Density) + +衡量内容质量的复合指标 = Performance(受众关注度)× Excitement(个人热情)。 + +## 核心公式 + +``` +Idea Density = Performance × Excitement +``` + +## 维度定义 + +| 维度 | 定义 | 衡量方式 | +|------|------|----------| +| Performance | 创意"成功"的潜力,对他人的有用程度 | 点赞/浏览/互动/分享 | +| Excitement | 对创作的热情程度,自己的关心程度 | 不写下来就觉得浪费 | + +## 为什么需要双维度 + +- 仅看 Performance:可能导致迎合算法而失去真实自我 +- 仅看 Excitement:可能导致自嗨而无人关注 +- 两者相乘:确保内容既对他人有价值又保持个人热情 + +## 实践应用 + +### 判断内容是否值得创作 +1. 这个想法是否能引起受众关注?(Performance) +2. 这个想法是否让我感到兴奋必须写下来?(Excitement) +3. 两者皆高 = 高创意密度内容 + +### 创意密度与品牌建设 +- 创意密度随时间和努力不断提高 +- 高创意密度内容创造值得追随和付费的品牌 + +## 典型案例 + +Dan Koe 的 Newsletter: +- 每篇文章都经过 Performance × Excitement 双重筛选 +- 创意密度足够高,人们忍不住打开邮件、开启帖子通知、分享想法 + +## 相关概念 + +- [[创意博物馆]]:积累高创意密度素材的地方 +- [[内容矩阵]]:创意密度的下游应用 +- [[反向金字塔]]:高创意密度内容的一次制作多次分发 \ No newline at end of file diff --git a/wiki/concepts/内容矩阵.md b/wiki/concepts/内容矩阵.md new file mode 100644 index 00000000..f29295f2 --- /dev/null +++ b/wiki/concepts/内容矩阵.md @@ -0,0 +1,28 @@ +--- +title: "内容矩阵" +type: concept +tags: [内容营销, 个人品牌] +sources: ["万字保姆级教程-90天跑通一人公司模式-2026-03-29.md"] +last_updated: 2026-04-15 +--- + +## Definition +内容矩阵是内容生产的二维规划框架,横轴是核心主题,纵轴是内容形式,两者交叉形成内容日曆。 + +## Framework + +| | 观察类 | 反直觉类 | 操作指南类 | 个人故事类 | 清单类 | +|---|---|---|---|---|---| +| 主题 A | | | | | | +| 主题 B | | | | | | +| 主题 C | | | | | | + +## 反向金字塔策略 +一次长形式内容,切成无数微内容,一次制作百次分发。 + +## Build in Public +公开构建过程,建立信任。AI 泛滥下,活人感更重要。 + +## Related Concepts +- [[一人公司]]:内容矩阵是获客和建立信任的工具 +- [[反向金字塔]]:内容分发策略 diff --git a/wiki/concepts/创意博物馆.md b/wiki/concepts/创意博物馆.md new file mode 100644 index 00000000..8751f5da --- /dev/null +++ b/wiki/concepts/创意博物馆.md @@ -0,0 +1,68 @@ +--- +title: "创意博物馆" +type: concept +tags: [idea-museum, content, curation, generalist] +--- + +# 创意博物馆(Idea Museum) + +创作者积累高密度创意(Idea Density)的素材库,通过 ruthless curation 筛选值得关注的灵感来源。 + +## 核心定义 + +创意博物馆 = 随时记录有用想法的地方,通过长期积累形成可复用的创作素材库。 + +## 核心指标:创意密度(Idea Density) + +``` +Idea Density = Performance × Excitement +``` + +| 维度 | 定义 | 衡量方式 | +|------|------|----------| +| Performance | 创意"成功"的潜力 | 点赞/浏览/互动 | +| Excitement | 对创作的热情程度 | 不写下来就觉得浪费 | + +## 建立步骤 + +### Step 1:建立 Idea Museum +- 使用 Eden/Apple Notes/Notion/任何工具 +- 随时记录想法,不拘格式 +- 习惯 > 格式 + +### Step 2:Curate 基于创意密度 +- 发现 3-5 个高密度信息源 +- **老书或鲜为人知的书籍**:永恒原则,不受潮流影响 +- **精选博客/账号**:Farnam Street(Navalism 等) +- **重量级社交账号**:少数持续产出高质量想法的账号 + +### Step 3:用 1000 种方式写 1 个想法 +- 同一想法可用不同结构表达 +- list 结构、observation 结构、对比结构等 +- 练习 3 ideas × 3 structures = 9 种表达方式 + +## 与内容矩阵的关系 + +| 概念 | 定位 | 关系 | +|------|------|------| +| 创意博物馆 | 输入端(素材积累) | 上游 | +| 内容矩阵 | 输出端(分发策略) | 下游 | + +创意博物馆的内容经结构化后,通过内容矩阵分发到不同平台。 + +## 实践工具 + +- **Eden**(https://eden.so/):Dan Koe 开发的创意博物馆软件 +- **Apple Notes**:简单易用 +- **Notion**:结构化整理 +- **Obsidian**:双向链接,支持 Graph View 发现创意关联 + +## 相关人物 + +- [[Dan Koe]]:创意博物馆概念的倡导者 + +## 相关概念 + +- [[内容创意密度]]:Idea Density 的量化框架 +- [[内容矩阵]]:创意博物馆的下游,内容的分发策略 +- [[反向金字塔]]:创意一次制作多次分发的策略 \ No newline at end of file diff --git a/wiki/concepts/反向金字塔.md b/wiki/concepts/反向金字塔.md new file mode 100644 index 00000000..f51d8798 --- /dev/null +++ b/wiki/concepts/反向金字塔.md @@ -0,0 +1,20 @@ +--- +title: "反向金字塔" +type: concept +tags: [内容营销, 分发策略] +sources: ["万字保姆级教程-90天跑通一人公司模式-2026-03-29.md"] +last_updated: 2026-04-15 +--- + +## Definition +反向金字塔是一种内容分发策略:制作一次长形式内容,然后切成无数微内容,一次制作、百次分发。 + +## Why It Works +- 长内容生产成本高,微内容生产成本低 +- 一次深度输出可以拆出 10-50 条微内容 +- 同一核心观点在不同平台、用不同形式反复触达 + +## Related Concepts +- [[内容矩阵]]:反向金字塔是内容矩阵的分发执行策略 +- [[一人公司]]:内容是建立信任和触达客户的工具 +- [[Build in Public]]:公开构建过程增强信任 diff --git a/wiki/concepts/多云策略.md b/wiki/concepts/多云策略.md new file mode 100644 index 00000000..595f6363 --- /dev/null +++ b/wiki/concepts/多云策略.md @@ -0,0 +1,42 @@ +--- +title: "多云策略" +type: concept +tags: [cloud, strategy, multi-cloud, ROI] +--- + +## Definition +多云策略(Multi-Cloud Strategy)指跨多个公有云服务商(AWS/Azure/GCP)分配工作负载和数据的战略方法,利用各厂商差异化优势实现成本优化、弹性扩展和风险分散。 + +## Core Components +1. **供应商选择**:根据场景匹配最优厂商(AWS 基础设施/GCP 分析/Azure AI) +2. **工作负载分配**:不同 workload 部署到最适合的云平台 +3. **成本管理**:利用多厂商竞价和差异化定价降低总体支出 +4. **治理框架**:统一安全策略、合规管理和性能监控跨所有云 + +## Key Metrics +- 78% 采用多云的企业使用超过 3 个公有云(Virtana) +- 86% 企业计划在 2024 年底采用多云(New Horizons) +- 多云优化可降低 30% 运营成本(Forrester) + +## Related Concepts +- [[供应商锁定规避]]:多云策略的核心驱动之一 +- [[多云治理]]:多云策略的统一管理框架 +- [[多云成本优化]]:多云策略的财务收益 +- [[FinOps]]:多云成本优化的专业领域 +- [[DevOps成熟度模型]]:多云治理的组织能力前提 + +## Industry Applications +- **电商**:黑五/网一高峰期跨云弹性扩展 +- **医疗**:符合 HIPAA 区域数据主权 +- **金融**:多厂商安全特性组合满足合规要求 + +## Implementation +1. 评估需求(目标/预算/现有工作负载) +2. 选择厂商(按场景匹配) +3. 集成管理(Kubernetes/Terraform) +4. 监控优化(CloudHealth/Datadog) + +## Aliases +- Multi-Cloud Strategy +- 混合多云 +- 跨云策略 diff --git a/wiki/concepts/天才地带.md b/wiki/concepts/天才地带.md new file mode 100644 index 00000000..2872e23c --- /dev/null +++ b/wiki/concepts/天才地带.md @@ -0,0 +1,27 @@ +--- +title: "天才地带" +type: concept +tags: [自我认知, 职业规划, Ikigai] +sources: ["万字保姆级教程-90天跑通一人公司模式-2026-03-29.md"] +last_updated: 2026-04-15 +--- + +## Definition +天才地带(Flow Zone)源自心理学家盖伊·亨德里克斯的理论,指能产生心流的活动区域——时间飞逝、精力充沛、不觉得累。找到天才地带是构建 Ikigai 的第一步。 + +## Four Zones Framework + +| 区域 | 特征 | +|------|------| +| 不胜任区 | 既不擅长也不喜欢,压力巨大 | +| 胜任区 | 能做但平庸,别人也能做 | +| 卓越区(最危险) | 做得好但不喜欢,长期职业倦怠 | +| 天才地带 | 产生心流,时间飞逝,精力充沛 | + +## How to Find Your Flow Zone +回顾过去一个月,列出所有活动(颗粒度尽可能细),给每项打标签:精力充沛/平平无奇/压力山大。 + +## Related Concepts +- [[底层能力]]:天才地带背后的通用能力 +- [[Ikigai]]:天才地带 + 市场 + 收入 的交汇定位框架 +- [[一人公司]]:用最小杠杆撬动最大价值,支点是个人优势 diff --git a/wiki/concepts/底层能力.md b/wiki/concepts/底层能力.md new file mode 100644 index 00000000..1439aeb3 --- /dev/null +++ b/wiki/concepts/底层能力.md @@ -0,0 +1,23 @@ +--- +title: "底层能力" +type: concept +tags: [自我认知, 能力挖掘] +sources: ["万字保姆级教程-90天跑通一人公司模式-2026-03-29.md"] +last_updated: 2026-04-15 +--- + +## Definition +底层能力是冰山水下的通用能力,能串起多件看似不相关但实际上都依赖同一核心技能的事情。 + +## Three Self-Diagnosis Questions +1. **追溯童年**:这件事你小时候就喜欢吗? +2. **毫不费力**:你是不是觉得太简单,甚至不理解别人为什么觉得难? +3. **底层通用**:这个能力能串起好几件你擅长的事吗? + +## Additional Hint +问身边最亲近的人:"你觉得我有什么特别的地方?" + +## Related Concepts +- [[天才地带]]:底层能力的应用区域 +- [[Ikigai]]:底层能力 + 热爱 + 市场 + 收入 的交汇框架 +- [[一人公司]]:将底层能力转化为可变现产品 diff --git a/wiki/concepts/灾难恢复.md b/wiki/concepts/灾难恢复.md new file mode 100644 index 00000000..87a99385 --- /dev/null +++ b/wiki/concepts/灾难恢复.md @@ -0,0 +1,39 @@ +--- +title: "灾难恢复" +type: concept +tags: [disaster-recovery, backup, DR, business-continuity] +--- + +## Definition +灾难恢复(Disaster Recovery,DR)指在硬件故障、人为误操作或自然灾害导致系统不可用后,通过备份数据还原系统正常运行能力的技术和流程。 + +## Core Metrics +- **RTO(Recovery Time Objective)**:系统中断到恢复的最大可接受时间 +- **RPO(Recovery Point Objective)**:可接受的最大数据丢失时间窗口 +- **RTO vs RPO**:RTO 关注恢复速度,RPO 关注数据完整性 + +## Methods +1. **磁盘镜像还原**(Clonezilla restoredisk):用镜像文件覆盖目标磁盘,完整恢复系统状态 +2. **rsync 文件级恢复**:从增量备份逐文件还原 +3. **快照恢复**:ZFS/BTRFS 文件系统快照回滚 +4. **云容灾**:云服务商提供的跨区域 failover + +## Workflow (Clonezilla) +1. 用启动盘启动 Clonezilla live +2. 选择 device-image 模式 +3. 挂载备份存储(NFS/SMB) +4. 选择 restoredisk +5. 选中 NAS 上的镜像文件夹 +6. 确认覆盖目标磁盘 +7. 等待还原完成,系统即刻复活 + +## Related Concepts +- [[磁盘镜像备份]]:灾难恢复的数据基础 +- [[Clonezilla]]:本地灾难恢复工具 +- [[rsync增量备份]]:日常增量备份的灾难恢复场景 + +## Aliases +- Disaster Recovery +- DR +- 灾难还原 +- Business Continuity diff --git a/wiki/concepts/物件描述框架.md b/wiki/concepts/物件描述框架.md new file mode 100644 index 00000000..9aa662d2 --- /dev/null +++ b/wiki/concepts/物件描述框架.md @@ -0,0 +1,95 @@ +--- +title: "物件描述框架" +type: concept +tags: [prompt, image-generation, nano-banana, structure] +--- + +# 物件描述框架(Object Description Framework) + +Nano Banana 提示词框架中用于描述物品的结构化字段体系,与人物描述框架共用同一结构,区别在 subject 字段内容。 + +## 字段定义 + +```json +{ + "shot": "", // 镜头类型和构图 + "subject": { + "item": "", // 物品名称 + "materials": "", // 材质 + "details": "", // 细节描述 + "condition": "" // 状态(全新/破损等) + }, + "environment": "", // 环境背景 + "lighting": "", // 光照设置 + "camera": { + "focal_length": "", // 焦距 + "aperture": "", // 光圈 + "angle": "" // 角度 + }, + "color_grade": "", // 色彩风格 + "style": "", // 整体风格 + "quality": "", // 质量要求 + "negatives": "" // 负向提示词 +} +``` + +## 与人物描述框架的对比 + +| 字段 | 物件框架 | 人物框架 | +|------|----------|----------| +| subject.item | 物品名称 | - | +| subject.age | - | 年龄 | +| subject.materials | 材质 | - | +| subject.appearance | - | 外貌 | +| subject.details | 细节 | - | +| subject.pose | - | 姿态 | +| subject.condition | 状态 | - | + +核心结构一致,subject 字段内容因描述对象而异。 + +## 关键能力 + +### 负向提示词(Negatives) +控制生成质量,明确排除不需要的特征: +```json +"negatives": "no scratches, no dust, no logos or brand names, no human hands, blurry watch face, unrealistic lighting." +``` + +### 运镜控制(Camera) +实现电影级构图: +- focal_length:焦距(100mm macro look = 微距效果) +- aperture:光圈(f/8 = 整体清晰) +- angle:角度(45 度俯拍 = 产品摄影标准角度) + +## 实践示例 + +手表产品摄影: +```json +{ + "shot": "Macro close-up shot, square aspect ratio (1:1), centered composition.", + "subject": { + "item": "A luxury men's chronograph watch.", + "materials": "Polished stainless steel case, sapphire crystal glass, black ceramic bezel with a tachymeter scale, leather strap with fine stitching.", + "details": "White dial with three sub-dials, glowing lume on hands and hour markers, intricate gears of the movement visible through a transparent caseback.", + "condition": "Pristine, brand new, no dust or fingerprints." + }, + "environment": "The watch is resting on a dark, textured slab of slate rock. The background is a simple, dark, out-of-focus gradient.", + "lighting": "Studio softbox lighting. A key light from the top-left creates clean, sharp reflections on the steel. A soft fill light from the right reveals details in the shadows. A subtle rim light separates the watch from the dark background.", + "camera": { + "focal_length": "100mm macro lens look", + "aperture": "f/8 (to keep the entire watch face in focus)", + "angle": "Shot from a 45-degree angle above the watch." + }, + "color_grade": "High contrast, clean and commercial look. Slightly desaturated to emphasize the metallic and monochrome textures. High clarity and sharpness.", + "style": "Hyper-realistic CGI render, commercial product photography, luxury and precision.", + "quality": "8K resolution, perfect material shaders, flawless reflections, extreme detail on the dial and gears.", + "negatives": "no scratches, no dust, no logos or brand names, no human hands, blurry watch face, unrealistic lighting." +} +``` + +## 相关概念 + +- [[Nano Banana]]:物件描述框架的上一层框架 +- [[人物描述框架]]:物件描述框架的姐妹框架 +- [[AI生图]]:物件描述框架的应用领域 +- [[负向提示词]]:质量控制的关键字段 \ No newline at end of file diff --git a/wiki/concepts/电商选品分析.md b/wiki/concepts/电商选品分析.md new file mode 100644 index 00000000..ab3f9d3d --- /dev/null +++ b/wiki/concepts/电商选品分析.md @@ -0,0 +1,41 @@ +--- +title: "电商选品分析" +type: concept +tags: [电商, 选品, 数据分析, tiktok-shop] +sources: [] +last_updated: 2025-03-14 +--- + +## Definition +通过数据分析发现 TikTok Shop 高潜力产品的系统性方法,核心目标是找出"热卖 + 高评分 + 低竞争 + 高折扣"的产品。 + +## 核心维度 +1. **销量(sold)**:直接反映市场需求 +2. **评分(rating)**:反映产品质量和用户满意度 +3. **折扣比例(discount_percent)**:促销带量效果 +4. **评分数量(rating_count)**:反映产品热度和可信度 +5. **价格(final_price)**:决定利润空间和受众规模 + +## 选品评分模型 +``` +score = sold × 0.4 + rating × 12 + rating_count × 0.2 + discount_percent × 0.5 +``` +权重可根据业务偏好调整(0.4/12/0.2/0.5 为基准值)。 + +## 典型分析场景 +- 爆品发现:Top N 销量/GMV 排行 +- 价格带分析:气泡图识别最优价格区间 +- 类目机会:热力图+箱线图发现蓝海类目(产品少但销量大) +- 店铺监控:竞争对手上新节奏/价格策略跟踪 + +## Related Entities +- [[TikTok Shop]]:数据来源 +- [[TikTok Products]]:分析对象表 +- [[Apache Superset]]:可视化工具 +- [[选品评分模型]]:核心算法 + +## Related Concepts +- [[电商数据采集]]:数据来源 +- [[Superset Dashboard]]:可视化载体 +- [[KPI 卡片]]:分析展示形式 +- [[价格带分析]]:子维度分析 diff --git a/wiki/concepts/磁盘镜像备份.md b/wiki/concepts/磁盘镜像备份.md new file mode 100644 index 00000000..50ea9793 --- /dev/null +++ b/wiki/concepts/磁盘镜像备份.md @@ -0,0 +1,38 @@ +--- +title: "磁盘镜像备份" +type: concept +tags: [backup, disk-imaging, clonezilla, disaster-recovery] +--- + +## Definition +磁盘镜像备份(Disk Imaging Backup)指将整个磁盘的所有扇区内容打包为单个镜像文件(.img)的备份方式,支持完整还原到任意相同或更大容量磁盘。 + +## How It Works +1. **扇区级复制**:读取磁盘每个扇区,包括引导扇区、分区表、文件系统元数据和所有数据 +2. **压缩存储**:镜像文件通常压缩(如 Clonezilla -z1p 高压缩率)以节省存储空间 +3. **差异备份**(部分工具支持):仅备份自上次全量备份后的变更扇区 + +## Tools +- **Clonezilla**:开源方案,支持 NFS/SMB/USB 多种存储后端 +- **Acronis True Image**:商业方案,支持增量镜像 +- **Macrium Reflect**:Windows 平台商业方案 +- **dd**:Linux 原生命令行工具,无压缩无差异 + +## vs rsync增量备份 +| 维度 | 磁盘镜像备份 | rsync增量备份 | +|------|------------|-------------| +| 范围 | 整个磁盘/分区 | 单个目录/文件系统 | +| 粒度 | 扇区级 | 文件级 | +| 备份速度 | 慢(全盘复制) | 快(仅差异) | +| 恢复速度 | 快(直接还原) | 慢(逐文件恢复) | +| 场景 | 灾难恢复、系统迁移 | 日常增量备份 | + +## Related Concepts +- [[灾难恢复]]:磁盘镜像备份的核心应用场景 +- [[Clonezilla]]:磁盘镜像备份的开源工具 +- [[rsync增量备份]]:互补的增量备份方案 + +## Aliases +- Disk Imaging +- 全盘镜像 +- Ghost 备份 diff --git a/wiki/concepts/系统经济.md b/wiki/concepts/系统经济.md new file mode 100644 index 00000000..34e2be2b --- /dev/null +++ b/wiki/concepts/系统经济.md @@ -0,0 +1,54 @@ +--- +title: "系统经济" +type: concept +tags: [systems-economy, product, business, dan-koe] +--- + +# 系统经济(Systems Economy) + +AI 时代的经济形态:人们要的是你的解决方案(系统),而非通用的产品功能。 + +## 核心定义 + +系统经济 = 解决方案的价值在于系统本身而非产品功能,人们购买的是经过验证的方法论而非工具本身。 + +## 与产品经济的对比 + +| 维度 | 产品经济 | 系统经济 | +|------|----------|----------| +| 价值来源 | 功能/特性 | 方法论/流程/经验 | +| 差异化 | 功能对比 | 系统独特性 | +| 可复制性 | 高(功能可复制) | 低(经验不可复制) | +| 护城河 | 技术壁垒 | 经验壁垒 | +| 典型案例 | Google Drive/Dropbox | 2 Hour Writer | + +## 代表案例:2 Hour Writer + +Dan Koe 的 2 Hour Writer 系统: +- **解决的问题**:内容创作者时间不足 +- **系统组成**:swipe files + idea generation steps + templates +- **目标**:每天 <2 小时完成所有内容创作 + +评论说"2HW 可以被 Notion 替代",但系统本身不可复制,因为它是 Dan Koe 自身经验的产品化。 + +## 系统构建路径 + +1. **验证自身问题**:通过实践找到有效方法 +2. **产品化系统**:将方法论封装为可复制的产品 +3. **建立分发渠道**:通过内容触达目标受众 + +## 在 AI 时代的价值 + +- AI 让功能易于复制,但经验难以复制 +- 系统化思维将个人经验转化为可销售的护城河 +- "人们不想要解决问题的方案,人们想要你的解决方案" + +## 相关人物 + +- [[Dan Koe]]:系统经济的倡导者和实践者 + +## 相关概念 + +- [[创意博物馆]]:系统经济的输入端 +- [[系统经济]] ← extends ← [[一人公司]],一人公司是系统经济的商业模式 +- [[死亡过滤器]] ← relates_to ← 系统构建前的自我验证 \ No newline at end of file diff --git a/wiki/concepts/自教育.md b/wiki/concepts/自教育.md new file mode 100644 index 00000000..028265ad --- /dev/null +++ b/wiki/concepts/自教育.md @@ -0,0 +1,58 @@ +--- +title: "自教育" +type: concept +tags: [self-education, learning, generalist] +--- + +# 自教育(Self-Education) + +自主定向学习,获得与传统教育不同的结果,是超级通才三要素中的引擎。 + +## 核心定义 + +自教育 = 学习是因为它真正服务于你的发展,而不是因为有人布置了这项任务。 + +## 与传统教育的对比 + +| 维度 | 传统教育 | 自教育 | +|------|----------|--------| +| 学习动力 | 外部(成绩/文凭/工作要求) | 内部(真实兴趣/发展需求) | +| 内容选择 | 固定课程大纲 | 按需选择,按兴趣探索 | +| 学习方式 | 被动接受(听课/考试) | 主动探索(research/实验/实践) | +| 效果衡量 | 分数/文凭 | 能力提升/价值创造 | +| 适用场景 | 标准化职业路径 | 复杂/创新/跨领域场景 | + +## 自教育的驱动机制 + +``` +Self-interest(自利) → 自学(因为热爱) + ↓ + Self-sufficiency(自立) → 精通领域 + ↓ + Self-interest(自利) → 清晰方向 +``` + +自利促使人们进行自学;自学使人能够自给自足;自给自足能明确自身利益,形成正向循环。 + +## 在 AI 时代的价值 + +- AI 降低执行成本,使"跟随意兴趣学习"更可行 +- 传统教育培养专才,AI 时代需要通才 +- 自教育是避免被 AI 替代的关键能力之一 + +## 实践方法 + +1. **建立创意博物馆**:积累高密度信息源 +2. **公开学习**:社交媒体 as "taking notes in public" +3. **产品化学习**:将学习成果转化为内容/产品 + +## 相关人物 + +- [[Dan Koe]]:自教育理念的倡导者和实践者 +- [[Leonardo da Vinci]]:通过自教育成为文艺复兴通才 + +## 相关概念 + +- [[自利]]:自教育的动力来源 +- [[自立自强]]:自教育的目标 +- [[超级通才]]:自教育 + 自利 + 自立三要素的自然结果 \ No newline at end of file diff --git a/wiki/concepts/规划驱动.md b/wiki/concepts/规划驱动.md new file mode 100644 index 00000000..a85ef72a --- /dev/null +++ b/wiki/concepts/规划驱动.md @@ -0,0 +1,33 @@ +--- +title: "规划驱动" +type: concept +tags: [vibe-coding, planning, workflow] +--- + +## Definition +规划驱动(Planning-Driven)是 Vibe Coding 范式的第一原则:AI 写代码前,必须先完成清晰的技术选型、实施规划和模块化设计,防止 AI 因理解偏差导致项目逻辑混乱。 + +## Core Idea +传统开发:需求 → 编码 → 测试 → 修复循环 +Vibe Coding:规划 → AI 执行 → 审查 → 迭代 + +## Why It Matters +- AI 的理解存在上下文偏差:没有规划约束,AI 会"自由发挥"导致架构不一致 +- 规划文档 = AI 行为边界:通过 .cursorrules、SPEC.md 等文件约束 AI +- 规划质量决定产出质量:模糊的规划 = 模糊的代码 + +## Planning Artifacts +- **SPEC.md**:产品/功能规格说明 +- **.cursorrules**:Cursor AI 行为约束文件 +- **TECH_STACK.md**:技术选型和架构说明 +- **模块化设计**:将复杂系统拆解为独立可实现的模块 + +## Related Concepts +- [[Vibe Coding]]:规划驱动是 Vibe Coding 三要素之首 +- [[上下文固定]]:规划文档是固定 AI 上下文的手段 +- [[项目规则]]:规划的具体化,约束 AI 行为 + +## Aliases +- Planning First +- 规划优先 +- 设计驱动 diff --git a/wiki/concepts/超级通才.md b/wiki/concepts/超级通才.md new file mode 100644 index 00000000..cf85074e --- /dev/null +++ b/wiki/concepts/超级通才.md @@ -0,0 +1,61 @@ +--- +title: "超级通才" +type: concept +tags: [generalist, self-education, self-interest, self-sufficiency] +--- + +# 超级通才(Super Generalist) + +拥有多领域交叉能力的个体,通过自教育、自利、自立三要素实现知识主权和适应力,在 AI 时代比专才更具优势。 + +## 核心定义 + +**超级通才** = [[超级个体]] 在知识广度上的具体表达,强调多领域交叉带来的独特视角和创造力。 + +## 三要素框架 + +| 要素 | 定义 | 作用 | +|------|------|------| +| [[自教育]] | 自主定向学习,获得与传统教育不同的结果 | 引擎 | +| [[自利]] | 追随自身利益,而非被组织利益裹挟 | 指南针 | +| [[自立自强]] | 拒绝外包判断力、学习力和自主性 | 基石 | + +## 与专才的对比 + +| 维度 | 专才(Specialist) | 超级通才(Super Generalist) | +|------|---------------------|------------------------------| +| 能力结构 | 单点深度 | 多点交叉 | +| 适应能力 | 低(领域锁定) | 高(跨领域迁移) | +| 收入天花板 | 高但受限 | 无上限(视整合能力) | +| AI 替代风险 | 高 | 低(独特视角无法复制) | +| 代表 | 流水线工人 | Leonardo da Vinci | + +## 核心洞察 + +### "你的优势在交叉而非专精" +> "Your edge lies more in intersection than it does in expertise." — Dan Koe + +多领域交叉创造独特世界观,这是 AI 在未被明确告知时无法理解的能力。 + +### 第二次文艺复兴 +- 印刷术:降低知识成本 → 个人可追求多领域精通 +- AI:降低执行成本 → 个人可将兴趣转化为产品 + +## 与超级个体的关系 + +- [[超级个体]]:某领域八九十分 + AI 横向扩展,强调单领域深耕 + AI 放大 +- **超级通才**:强调跨领域广度和交叉整合能力,两者可互补 + +超级个体可以是超级通才,但超级通才不一定是传统意义的超级个体。 + +## 实践路径 + +1. **建立创意博物馆**:积累高密度信息源(3-5 个) +2. **发现独特视角**:通过多领域学习构建差异化世界观 +3. **创建品牌环境**:通过内容展现故事和哲学 +4. **构建系统产品**:系统 > 产品,系统具有护城河价值 + +## 相关人物 +- [[Dan Koe]]:超级通才的典型代表 +- [[Leonardo da Vinci]]:绘画/雕塑/工程/解剖/战争机器/人体绘图跨界 +- [[Jordan Peterson]]:心理学/哲学/演讲/著书跨领域通才 \ No newline at end of file diff --git a/wiki/concepts/选品评分模型.md b/wiki/concepts/选品评分模型.md new file mode 100644 index 00000000..57e72326 --- /dev/null +++ b/wiki/concepts/选品评分模型.md @@ -0,0 +1,41 @@ +--- +title: "选品评分模型" +type: concept +tags: [选品, 评分模型, 算法, 电商] +sources: [] +last_updated: 2025-03-14 +--- + +## Definition +通过对销量、评分、评分数量、折扣比例进行加权求和,自动计算产品综合评分并排序的选品推荐算法。 + +## 标准公式 +``` +score = sold × 0.4 + rating × 12 + rating_count × 0.2 + discount_percent × 0.5 +``` + +## 权重设计逻辑 +| 维度 | 权重 | 理由 | +|------|------|------| +| sold | 0.4 | 销量是市场验证的直接指标 | +| rating | 12 | 评分×12 ≈ rating_count×0.2 的两倍,强调质量 | +| rating_count | 0.2 | 评分数量代表热度和可信度 | +| discount_percent | 0.5 | 折扣带量效果,权重较低 | + +## 使用方式 +在 Superset 中以 Table Chart 展示,支持按 score DESC 排序,LIMIT 100 输出推荐列表。 + +## 可调参数 +权重可根据业务策略调整: +- 追求爆量:增加 sold 权重 +- 追求高利润:增加 final_price 相关权重 +- 追求蓝海:增加 rating_count×rating 权重 + +## Related Entities +- [[TikTok Products]]:数据来源 +- [[Apache Superset]]:可视化工具 +- [[电商选品分析]]:应用场景 + +## Related Concepts +- [[Superset Dashboard]]:展示载体 +- [[KPI 卡片]]:关联指标卡 diff --git a/wiki/entities/Airtable.md b/wiki/entities/Airtable.md new file mode 100644 index 00000000..f5728c8c --- /dev/null +++ b/wiki/entities/Airtable.md @@ -0,0 +1,23 @@ +--- +title: "Airtable" +type: entity +tags: [数据库, 在线表格, 库存管理, n8n] +sources: [] +last_updated: 2025-03-06 +--- + +## Definition +Airtable 是一个在线关系型数据库+电子表格混合平台,支持 API,可作为 N8N AI Agent 的工具接入,实现库存查询和更新等操作。 + +## Core Capabilities +- 数据库表格,支持多视图(Grid/Kanban/Calendar/Gallery) +- REST API 访问 +- 可作为 N8N Agent 工具:Agent 通过工具调用查询/更新 Airtable 数据 +- 典型用例:库存管理系统中作为产品数据库 + +## Related Entities +- [[n8n]]:工作流平台 +- [[N8N Workflow]]:工作流构建 + +## Related Concepts +- [[Memory in AI Agent]]:Airtable 可作为 Agent 存储和查询数据的工具 diff --git a/wiki/entities/Apache Superset.md b/wiki/entities/Apache Superset.md new file mode 100644 index 00000000..e2f2596e --- /dev/null +++ b/wiki/entities/Apache Superset.md @@ -0,0 +1,29 @@ +--- +title: "Apache Superset" +type: entity +tags: [bi, 数据可视化, 开源, airbnb] +sources: [] +last_updated: 2025-03-14 +--- + +## Definition +Apache Superset 是 Airbnb 开源的企业级 BI 可视化平台,支持 SQL Dataset 定义、40+ 图表类型、Dashboard 设计,支持导入 JSON Dashboard 配置实现一键部署。 + +## Core Capabilities +- **Dataset**:连接 MySQL/PostgreSQL 等数据库,定义数据模型(可创建 SQL View 预处理 JSON 字段) +- **Chart**:40+ 可视化类型(Bar/Line/Scatter/Heatmap/Box Plot/Histogram 等) +- **Dashboard**:多 Chart 组合,支持 Filter 交互 +- **Import/Export**:Dashboard 可导出为 JSON,支持一键导入 + +## Key Constraints +- JSON 字段无法直接用于图表计算,必须通过 `JSON_EXTRACT` SQL 函数预处理为独立列 +- 推荐为 JSON 字段创建专用 SQL View(如 [[view_products_cleaned]]) + +## Related Entities +- [[TikTok Shop]]:数据来源 +- [[TikTok Products]]:分析对象 +- [[电商选品分析]]:分析场景 +- [[Superset Dashboard]]:核心输出物 + +## Aliases +- Superset = Apache Superset = Superset BI diff --git a/wiki/entities/Bloomberg API.md b/wiki/entities/Bloomberg API.md new file mode 100644 index 00000000..0139236d --- /dev/null +++ b/wiki/entities/Bloomberg API.md @@ -0,0 +1,10 @@ +--- +title: "Bloomberg API" +type: entity +tags: [news-api, 数据源] +sources: [] +last_updated: 2025-03-11 +--- + +## Definition +新闻 API 提供商。详见 [[News API]] 概念页面。 diff --git a/wiki/entities/Clonezilla.md b/wiki/entities/Clonezilla.md new file mode 100644 index 00000000..825fba58 --- /dev/null +++ b/wiki/entities/Clonezilla.md @@ -0,0 +1,49 @@ +--- +title: "Clonezilla" +type: entity +tags: [backup, disk-imaging, open-source, ubuntu] +--- + +## Basic Info +- **Full Name**: Clonezilla(再生龙) +- **Type**: 开源磁盘镜像备份工具 +- **License**: GPL +- **Website**: https://clonezilla.org/ + +## Description +Clonezilla 是一款开源磁盘克隆和镜像工具,功能等同于企业级 Ghost。支持将整个磁盘备份为镜像文件并存放到 NAS(通过 NFS/SMB)、外置硬盘或 USB 等存储后端。支持 ext4/XFS/BTRFS/NTFS 等多种文件系统。 + +## Key Capabilities +- **savedisk**:将整个本地磁盘保存为镜像文件 +- **restoredisk**:将镜像文件还原到磁盘(全盘覆盖) +- **partition**:仅备份/还原单个分区 +- **clone**:磁盘对磁盘直接克隆(无需镜像中转) + +## Workflow +1. Rufus 制作 USB 启动盘(Clonezilla live ISO) +2. 从 USB 启动,选择 device-image 模式 +3. 挂载备份目标(NFS/SMB/local_dev) +4. 选择 savedisk → 选源磁盘 → 配置压缩参数 +5. 开始克隆(蓝红色进度条显示传输速度和剩余时间) + +## Supported Storage Backends +- NFS(推荐,Linux 兼容性最好) +- SMB/CIFS +- SSH/SFTP +- USB 外置磁盘 +- 本地目录 + +## Compression Options +- `-z1p`:高压缩率(节省存储空间) +- `-z0`:不压缩(最快) +- `-z2p`:更高压缩率(最慢) + +## Related +- [[磁盘镜像备份]]:Clonezilla 实现的核心功能 +- [[灾难恢复]]:Clonezilla restoredisk 实现灾难恢复 +- [[Rufus]]:Clonezilla USB 启动盘制作工具 +- [[Synology NAS]]:Clonezilla 备份目标存储 + +## Aliases +- 再生龙 +- Clonezilla Live diff --git a/wiki/entities/CodeCrafters.md b/wiki/entities/CodeCrafters.md new file mode 100644 index 00000000..30ca62f5 --- /dev/null +++ b/wiki/entities/CodeCrafters.md @@ -0,0 +1,22 @@ +--- +title: "CodeCrafters" +type: entity +tags: [company, programming, learning, github] +--- + +## 基本信息 +- 类型:公司 +- 领域:编程学习平台 +- 网站:codecrafters.io + +## 简介 +CodeCrafters, Inc. 是 build-your-own-x GitHub 仓库的当前维护方,通过在线编程挑战平台提供实践驱动的编程学习体验。 + +## 主要贡献 +- 维护 [[Build-Your-Own-X-从零构建技术栈]] GitHub 仓库,收录 25 个技术领域的分步骤指南 +- 提供 codecrafters.io 在线平台,在浏览器中完成"从零构建"挑战 + +## Aliases +- CodeCrafters +- CodeCrafters Inc. +- codecrafters-io diff --git a/wiki/entities/Coze.md b/wiki/entities/Coze.md index 215080a2..b628d7ae 100644 --- a/wiki/entities/Coze.md +++ b/wiki/entities/Coze.md @@ -1,23 +1,61 @@ --- title: "Coze" type: entity -tags: [platform, agent, bytedance] +tags: [ai, agent, workflow, coze] --- -## Definition -Coze(扣子)是字节跳动推出的 AI Agent 构建平台,支持国内版(coze.cn)和海外版(coze.com)。用户无需编程即可通过可视化方式创建多类型 Agent 和工作流。 +# Coze + +字节跳动旗下的 AI Agent 开发平台,国内版(coze.cn)和海外版(coze.com)双版本运营。 + +## 基本信息 +- **类型**:AI Agent 开发平台 +- **运营方**:字节跳动 +- **网址**:https://www.coze.cn(国内)/ https://www.coze.com(海外) + +## 核心能力 + +### Bot(智能体)模式 +- 基于大语言模型的对话式 AI 应用 +- 支持插件调用、记忆管理、知识库检索 +- 适合简单问答和单轮/多轮对话场景 + +### Workflow(工作流)模式 +- 可视化流程编辑器,通过节点串联实现复杂业务 +- 适合多步骤、复杂逻辑、需要外部工具集成的场景 +- 支持代码执行、API 调用、LLM 调用、条件分支等 + +### 行业解决方案 +- **金融**:客户分层营销助手、智能客服 Agent、企业预算管理 +- **教育**:知识库问答、拍照搜视频、组卷出题、知识点掌握评估 +- **医疗**:医疗分诊助手、影像图片识别、AI 问诊 +- **电商**:混剪助手、在线换衣、抖音直播间自动回复 +- **客服**:AI 销售助手、在线客服、教育培训对练 + +## 技术集成 + +### 内置工具 +- 表格问答助手(代码版/插件版) +- 数据分析项目 +- 滴滴计费规则解答 + +### 外部 AI 工具集成 +- **GPT-SoVITS**:声音克隆,用于个性化语音交互 +- **F5-TTS**:开源语音克隆,用于数字人和 AI 客服 +- **FaceFusion**:人脸融合,用于 AI 证件照和视频生成 + +## 与 n8n 的对比 + +| 维度 | Coze | n8n | +|------|------|-----| +| 定位 | AI Agent 开发平台 | 通用工作流自动化 | +| 优势 | 中文生态、低代码、预置 Bot/Workflow 模板 | 通用性强、543+ 节点、可自托管 | +| 适用场景 | 快速搭建 AI 对话/行业解决方案 | 复杂业务自动化、需要自托管 | + +## 相关文档 +- [[AI-解决方案专家培训课程]] ## Aliases -- 扣子(国内版) -- Coze(海外版) - -## Key Capabilities -- Bot 创建:单 Agent 对话型 -- Workflow:多节点可视化工作流 -- 插件系统:集成各类 API 和工具 -- 知识库:RAG 增强问答 -- 记忆(Memory):对话上下文管理 - -## Connections -- [[Coze工作流]] ← 核心功能 -- [[AI解决方案专家培训课程]] ← 应用案例 +- Coze 中文版 +- Coze 国际版 +- 扣子 \ No newline at end of file diff --git a/wiki/entities/Dan-Koe.md b/wiki/entities/Dan-Koe.md new file mode 100644 index 00000000..d061752c --- /dev/null +++ b/wiki/entities/Dan-Koe.md @@ -0,0 +1,55 @@ +--- +title: "Dan Koe" +type: entity +tags: [entrepreneur, content-creator, generalist] +--- + +# Dan Koe + +独立创业者、内容创作者,TheDankoe 品牌创始人,2 Hour Writer 系统和 Eden 软件开发者。 + +## 核心身份 +- **职业**:多兴趣创业者,通过内容创作和软件产品建立个人品牌 +- **平台**:https://letters.thedankoe.com/(Newsletter) +- **代表产品**:2 Hour Writer(写作系统)、Eden(笔记软件) + +## 核心理念 + +### 通才主义(Generalist) +- 反对专业化分工导致的人沦为螺丝钉 +- 主张 Self-education(自学)+ Self-interest(自利)+ Self-sufficiency(自立)三要素 +- 认为独特视角(Perspective)是最终护城河,AI 无法复制 + +### 内容创作方法论 +- Brand is your story:品牌是你的故事,而非头像和简介 +- Content is novel perspectives:内容是新颖视角,而非信息堆砌 +- Systems are the new product:系统经济时代,系统 > 产品 + +### 创意密度框架 +- Performance(受众关注度)× Excitement(个人热情)= Idea Density +- 创意博物馆(Idea Museum):ruthless curation of notes/ideas/sources +- 3-5 个高密度信息源:老书/精选博客/重量级社交账号 + +## 关键作品 + +### 2 Hour Writer +- 每天 <2 小时写完所有内容(3 posts/day + 1 thread/week + 1 newsletter/week) +- 交叉发帖到所有平台(Twitter/LinkedIn/Instagram) +- Newsletter 为中心,内容复用分发 + +### Eden +- 创意博物馆软件(https://eden.so/) +- 被评论说"可被 Google Drive/Dropbox 替代",但作为系统具有独特价值 + +## 相关概念 +- [[超级通才]] +- [[自教育]] +- [[自利]] +- [[自立自强]] +- [[创意博物馆]] +- [[系统经济]] + +## 相关人物 +- [[Adam Smith]]:引用其对专业化分工的批评 +- [[Leonardo da Vinci]]:文艺复兴通才典范 +- [[Jordan Peterson]]:作为通才不追随内容潮流的榜样 \ No newline at end of file diff --git a/wiki/entities/Daniel-Stefanovic.md b/wiki/entities/Daniel-Stefanovic.md new file mode 100644 index 00000000..25f79bdf --- /dev/null +++ b/wiki/entities/Daniel-Stefanovic.md @@ -0,0 +1,18 @@ +--- +title: "Daniel Stefanovic" +type: entity +tags: [person, developer, github] +--- + +## 基本信息 +- 类型:个人 +- 平台:GitHub + +## 简介 +Daniel Stefanovic 是 [[Build-Your-Own-X-从零构建技术栈]] 项目的创始人,该项目后来由 [[CodeCrafters]] 接手维护。 + +## 主要贡献 +- 创建 build-your-own-x GitHub 仓库,系统性整理各技术领域"从零构建"教程 + +## Aliases +- danistefanovic diff --git a/wiki/entities/Financial Times API.md b/wiki/entities/Financial Times API.md new file mode 100644 index 00000000..f39fcb53 --- /dev/null +++ b/wiki/entities/Financial Times API.md @@ -0,0 +1,10 @@ +--- +title: "Financial Times API" +type: entity +tags: [news-api, 数据源] +sources: [] +last_updated: 2025-03-11 +--- + +## Definition +新闻 API 提供商。详见 [[News API]] 概念页面。 diff --git a/wiki/entities/GNews API.md b/wiki/entities/GNews API.md new file mode 100644 index 00000000..ad9241c4 --- /dev/null +++ b/wiki/entities/GNews API.md @@ -0,0 +1,10 @@ +--- +title: "GNews API" +type: entity +tags: [news-api, 数据源] +sources: [] +last_updated: 2025-03-11 +--- + +## Definition +新闻 API 提供商。详见 [[News API]] 概念页面。 diff --git a/wiki/entities/Gitea.md b/wiki/entities/Gitea.md new file mode 100644 index 00000000..44922192 --- /dev/null +++ b/wiki/entities/Gitea.md @@ -0,0 +1,26 @@ +--- +id: gitea +title: "Gitea" +type: entity +tags: [Git, 自托管, 版本控制] +sources: ["养虾日记3-Obsidian-Gitea持久化笔记系统.md"] +last_updated: 2026-04-15 +--- + +## Overview +Gitea 是自托管 Git 服务(类似 GitHub/GitLab),提供私有 Git 仓库,内网运行数据不出域。本笔记体系中用于 Obsidian 笔记的版本控制。 + +## Key Attributes +- 类型:自托管 Git 服务 +- 部署方式:Docker +- 用途:Obsidian 笔记版本管理 + Agent 工作输出持久化 + +## Role in System +- [[Obsidian]] 笔记通过 Git 插件自动 commit 到 Gitea 仓库 +- 每次笔记更新对应一个 Git commit,支持任意时间点回溯 +- Commit message 记录变更来源和内容 +- 私有内网运行,数据不出域 + +## Related Entities +- [[Obsidian]]:笔记前端 +- [[OpenClaw]]:写入接口 diff --git a/wiki/entities/MariaDB.md b/wiki/entities/MariaDB.md new file mode 100644 index 00000000..e2c2da4d --- /dev/null +++ b/wiki/entities/MariaDB.md @@ -0,0 +1,31 @@ +--- +title: MariaDB +type: entity +tags: [database, mysql, synology, nas, mariadb] +--- + +## Overview +MariaDB 是 MySQL 的开源分支,Synology NAS Docker 部署的版本为 10.11.6,提供内网(3307端口)和公网(mysql.ishenwei.online:63307)访问能力。 + +## Aliases +- MariaDB +- MySQL(兼容) +- MariaDB 10.11 + +## Key Characteristics +- 版本:10.11.6 +- 内网端口:3307 +- 公网端口:63307 +- 登录方式:socket 本地登录(/run/mysqld/mysqld10.sock) +- 远程用户:shenwei@'%'(密码 !Abcde12345) + +## 权限管理要点 +- 默认只有 root@localhost,不允许远程登录 +- 创建远程用户需执行:CREATE USER → GRANT ALL PRIVILEGES → FLUSH PRIVILEGES +- % host 表示任意 IP 授权 + +## Connections +- [[MySQL MariaDB 数据库详细信息]] — 详细配置指南 +- [[Synology NAS]] — 硬件平台(192.168.3.17) +- [[Docker]] — 容器化平台 +- [[Cloudflare]] — 公网域名 mysql.ishenwei.online DNS diff --git a/wiki/entities/Mediastack API.md b/wiki/entities/Mediastack API.md new file mode 100644 index 00000000..68c16d25 --- /dev/null +++ b/wiki/entities/Mediastack API.md @@ -0,0 +1,10 @@ +--- +title: "Mediastack API" +type: entity +tags: [news-api, 数据源] +sources: [] +last_updated: 2025-03-11 +--- + +## Definition +新闻 API 提供商。详见 [[News API]] 概念页面。 diff --git a/wiki/entities/Navidrome.md b/wiki/entities/Navidrome.md new file mode 100644 index 00000000..cbbefa5c --- /dev/null +++ b/wiki/entities/Navidrome.md @@ -0,0 +1,26 @@ +--- +title: Navidrome +type: entity +tags: [music, streaming, open-source, docker, synology] +--- + +## Overview +Navidrome 是开源的 Web UI 音乐播放器,兼容 Subsonic API,可作为私有 Spotify 替代品。 + +## Aliases +- Navidrome + +## Key Characteristics +- 平台:跨平台(Docker 部署) +- 协议:Subsonic API(兼容众多音乐 App) +- 特点:只读挂载音乐目录保护原始文件 +- 转码:ND_AUTOTRANSCODEDOWNLOAD 自动根据客户端能力转码 + +## Use Cases +- Synology NAS Docker 部署私有音乐流媒体服务 +- 替代 Spotify/Apple Music 等商业服务,完全掌控音乐数据 + +## Connections +- [[用Docker中安装Navidrome]] — 部署指南 +- [[Synology NAS]] — 硬件平台 +- [[Docker]] — 容器化平台 diff --git a/wiki/entities/Opoint.md b/wiki/entities/Opoint.md new file mode 100644 index 00000000..d158e8b1 --- /dev/null +++ b/wiki/entities/Opoint.md @@ -0,0 +1,10 @@ +--- +title: "Opoint" +type: entity +tags: [news-api, 数据源] +sources: [] +last_updated: 2025-03-11 +--- + +## Definition +新闻 API 提供商。详见 [[News API]] 概念页面。 diff --git a/wiki/entities/The Guardian API.md b/wiki/entities/The Guardian API.md new file mode 100644 index 00000000..e7697a95 --- /dev/null +++ b/wiki/entities/The Guardian API.md @@ -0,0 +1,10 @@ +--- +title: "The Guardian API" +type: entity +tags: [news-api, 数据源] +sources: [] +last_updated: 2025-03-11 +--- + +## Definition +新闻 API 提供商。详见 [[News API]] 概念页面。 diff --git a/wiki/entities/TikTok Shop.md b/wiki/entities/TikTok Shop.md new file mode 100644 index 00000000..5278f52c --- /dev/null +++ b/wiki/entities/TikTok Shop.md @@ -0,0 +1,36 @@ +--- +title: "TikTok Shop" +type: entity +tags: [电商, tiktok, 字节跳动] +sources: [] +last_updated: 2025-03-14 +--- + +## Definition +字节跳动旗下直播电商平台,支持短视频带货和直播带货生态。为 [[电商数据采集]] 重要数据来源。 + +## Core Data Fields +来自爬取系统的核心字段: +- `sold`(销量) +- `final_price` / `initial_price` / `discount_percent`(价格体系) +- `category`(类目) +- `store_name`(店铺名) +- `prodct_rating`(JSON:平均评分 + 评分数量) +- `timestamp`(抓取时间) +- `position`(热度排名) +- `videos` / `product_videos`(视频带货数据) + +## 数据分析价值 +- 爆品发现:基于销量 + 评分 + 折扣多维度筛选 +- 价格带分析:找出最优价格区间 +- 类目机会:发现蓝海类目 +- 店铺监控:跟踪竞争对手表现 + +## Related Entities +- [[字节跳动]]:母公司 +- [[TikTok Products]]:核心事实表 +- [[Apache Superset]]:数据可视化平台 +- [[电商选品分析]]:分析领域 + +## Aliases +- TikTok Shop = TikTok电商 = TikTok小店 diff --git a/wiki/entities/Webz.io.md b/wiki/entities/Webz.io.md new file mode 100644 index 00000000..d1e03103 --- /dev/null +++ b/wiki/entities/Webz.io.md @@ -0,0 +1,26 @@ +--- +title: "Webz.io" +type: entity +tags: [news-api, 数据源, 网安, 金融] +sources: [] +last_updated: 2025-03-11 +--- + +## Definition +Webz.io 是最全面的新闻 API 提供商,同时覆盖 surface web、deep web 和 dark web 数据源,提供情感分析、主题过滤和地理位置过滤功能。 + +## Core Capabilities +- 覆盖 surface + deep + dark web 全网数据 +- 情感分析(sentiment tagging) +- 主题/地理/语言多维过滤 +- 支持可视化与可操作风险监控 + +## 适用场景 +- 金融情报:市场动向新闻分析 +- 网安风控:威胁情报收集 +- 舆情监控:品牌媒体覆盖跟踪 + +## Related Concepts +- [[News API]]:所属类别 +- [[舆情监控]]:应用场景 +- [[金融情报]]:应用场景 diff --git a/wiki/entities/vibe-coding-cn.md b/wiki/entities/vibe-coding-cn.md new file mode 100644 index 00000000..51d392a1 --- /dev/null +++ b/wiki/entities/vibe-coding-cn.md @@ -0,0 +1,33 @@ +--- +title: "vibe-coding-cn" +type: entity +tags: [vibe-coding, AI编程, github, 中文资源] +--- + +## Basic Info +- **Full Name**: vibe-coding-cn +- **Type**: GitHub 开源项目 +- **Repository**: https://github.com/tukuai/vibe-coding-cn +- **Language**: 中文 + +## Description +面向中文开发者的 Vibe Coding 资源库与工作站,汇集全球顶尖 AI 编程资源。涵盖方法论、AI 编程工具链、提示词库和学习路径,帮助开发者系统性掌握 Vibe Coding。 + +## Core Contents +- **方法论**:Vibe Coding 哲学和准则 +- **AI 编程资源**:模型推荐、IDE 配置(Cursor + Claude Opus 4.5-xhigh) +- **提示词库**:需求澄清/系统架构设计/分步执行/自测全链路脚本,支持 Excel 与 Markdown 互转 +- **实操流程**:从环境设置到基础游戏开发到 Bug 修复的完整流程 + +## Key Formula +Vibe Coding = 规划驱动 + 上下文固定 + AI 结对执行 + +## Related +- [[Vibe Coding]]:vibe-coding-cn 服务的核心主题 +- [[Cursor]]:推荐首选 IDE +- [[规划驱动]]:Vibe Coding 第一原则 +- [[上下文固定]]:Vibe Coding 第二原则 + +## Aliases +- vibe-coding-cn 项目 +- 中文 Vibe Coding 指南 diff --git a/wiki/entities/庄子.md b/wiki/entities/庄子.md new file mode 100644 index 00000000..ab725aa9 --- /dev/null +++ b/wiki/entities/庄子.md @@ -0,0 +1,32 @@ +--- +title: "庄子" +type: entity +tags: [person, philosopher, daoism, warring-states] +--- + +## 基本信息 +- 类型:人物 +- 时代:战国(约前369-前286) +- 学派:道家(逍遥派) +- 著作:《庄子》(内篇/外篇/杂篇) + +## 简介 +庄子是道家学派代表人物,与老子并称"老庄"。其哲学核心是"逍遥"——追求精神上的绝对自由,不为外物所累。庄子认为人应顺应自然之道,而非强行干预。 + +## 核心思想 +- 相对主义:一切是非、善恶、美丑均为相对概念 +- 无为:不为名利所累,顺应自然 +- 齐物:万物平等,以平等心对待一切 + +## 代表命题 +- "知其不可奈何而安之若命":尽人事后安然接受不可改变之事 +- "天地与我并生,而万物与我为一":物我合一的逍遥境界 + +## 相关概念 +- [[知其不可奈何而安之若命]]:《人间世》核心命题,困境中的接纳智慧 +- [[绝处逢生]]:与庄子"无用之用"哲理相通,绝境中看到新可能 + +## Aliases +- 庄子 +- 庄周 +- 南华真人(道教封号) diff --git a/wiki/entities/曾国藩.md b/wiki/entities/曾国藩.md new file mode 100644 index 00000000..32b1f344 --- /dev/null +++ b/wiki/entities/曾国藩.md @@ -0,0 +1,25 @@ +--- +title: "曾国藩" +type: entity +tags: [person, statesman, qing-dynasty, confucianism] +--- + +## 基本信息 +- 类型:人物 +- 时代:晚清(1811-1872) +- 著作:《治心经·诚心篇》 + +## 简介 +曾国藩是晚清重臣、湘军创立者,以"拙诚"和"浑含"为处世原则。在官场倾轧中深谙"忘机"之道,结合道家"无为"与儒家"诚心"形成独特的人生智慧。 + +## 核心箴言 +- "唯忘机可以消众机,唯懵懂可以祓不祥":以无争朴拙应对复杂政治环境 +- 重视"治心"——通过内心修养而非外在机巧来处理世事 + +## 相关概念 +- [[和光同尘]]:与其处世哲学一致,不锋芒毕露以保全自身 +- [[大智若愚]]:表面懵懂实为大智慧 + +## Aliases +- 曾国藩 +- 涤生(号) diff --git a/wiki/entities/王维.md b/wiki/entities/王维.md new file mode 100644 index 00000000..9f29ab75 --- /dev/null +++ b/wiki/entities/王维.md @@ -0,0 +1,24 @@ +--- +title: "王维" +type: entity +tags: [person, poet, tang-dynasty, buddhism] +--- + +## 基本信息 +- 类型:人物 +- 时代:唐代(701-761) +- 称号:诗佛 + +## 简介 +王维是唐代著名诗人、画家,苏轼称其"诗中有画,画中有诗"。其诗作充满禅意与佛学智慧,被称为"诗佛"。幼年丧父,仕途多舛,晚年隐居山林,以佛学为空寂淡泊心境的精神根基。 + +## 核心作品 +- 《行到水穷处,坐看云起时》:其人生困境与佛学超脱的代表作,象征"绝处逢生"的东方智慧 + +## 相关概念 +- [[绝处逢生]]:此诗体现的核心东方逆境转化智慧 +- [[空性智慧]]:王维通过佛学形成对世间虚幻的深刻洞察 + +## Aliases +- 王维 +- 诗佛 diff --git a/wiki/index.md b/wiki/index.md index c617d3ed..77f8d1c2 100644 --- a/wiki/index.md +++ b/wiki/index.md @@ -3,11 +3,35 @@ ## Overview - [Overview](overview.md) — living synthesis +## Sources (2026-04-16 Early Morning Batch) +- [How Can a Multi Cloud Strategy Transform Your Business ROI](sources/How-Can-a-Multi-Cloud-Strategy-Transform-Your-Business-ROI.md) — 多云策略(AWS/Azure/GCP)提升业务 ROI:78% 企业使用 3+ 公有云;多云规避供应商锁定、提升韧性/弹性/安全性;30% 运营成本降低;电商/医疗/金融行业落地路径 +- [GitHub 上 5000 人收藏的 Vibe Coding 神级指南(中文版)](sources/GitHub-上-5000-人收藏的-Vibe-Coding-神级指南。.md) — Vibe Coding 中文资源库 vibe-coding-cn:Vibe Coding = 规划驱动 + 上下文固定 + AI 结对执行;Karpathy "我几乎不写代码了,只负责调整氛围";Cursor + Claude Opus 4.5-xhigh 推荐工具链 +- [Clonezilla对Ubuntu Server进行全盘镜像备份](sources/Clonezilla对Ubuntu-Server进行全盘镜像备份.md) — Clonezilla + Rufus + Synology NAS NFS 全盘镜像备份流程:Rufus 制作 USB 启动盘 → Clonezilla live → NFS 挂载 → savedisk;disaster recovery 通过 restoredisk 还原 + +## Sources (2026-04-15 Night Batch) +- [养虾日记3:Obsidian + Gitea 持久化笔记系统](sources/养虾日记3-Obsidian-Gitea持久化笔记系统.md) — Obsidian + Gitea + OpenClaw 三层笔记架构:AI 输出落盘 → iCloud 三端同步 → Gitea 版本管理;LLM Wiki vs RAG 的本质区别 +- [万字保姆级教程:90天跑通一人公司模式](sources/万字保姆级教程-90天跑通一人公司模式-2026-03-29.md) — 天才地带/Ikigai 定位 → 产品四层漏斗 → 内容矩阵 × 反向金字塔分发,AI 时代更聪明定位而非更努力工作 +- [万字讲透OpenClaw Workspace深度解析(2026-03-21版)](sources/万字讲透OpenClaw-Workspace深度解析-2026-03-21.md) — workspace 7 大文件体系:AGENTS.md(岗位说明)/SOUL.md(性格档案)/IDENTITY.md(身份元数据)/TOOLS.md(工具规范)/BOOTSTRAP.md(一次性引导) +- [n8n + Claude 自然语言自动化工作流](sources/n8n-Claude-自然语言自动化工作流.md) — n8n-mcp MCP 协议桥接 Claude 与 n8n,543 个节点结构化访问,自然语言生成工作流完成度 80-90% + +## Sources (2026-04-15 Late Night Batch) +- [Multi-Agent System Reliability(Alex Ewerlöf)](sources/Multi-Agent-System-Reliability-Alex-Ewerlof.md) — 4种多智能体可靠性架构模式:Hierarchy/Consensus/Adversarial Debate/Knock-out;将 LLM 视为不可靠组件,通过架构约束而非情感化 prompt 保证正确性 +- [Build Your Own X — 从零构建技术的编程学习资源集](sources/Build-Your-Own-X-从零构建技术栈.md) — GitHub 25 个技术领域分步骤指南,通过重建流行技术掌握编程;费曼学习法的技术领域实践 +- [Multi-Agent Specialized Team(Solo Founder 模式)](sources/Multi-Agent-Specialized-Team-Solo-Founder-Setup.md) — Solo Founder 4 Agent 虚拟团队:Telegram 统一入口 + 共享内存 + 定时主动任务;2 Agent 起步按瓶颈扩展 +- [一语点醒梦中人 — 东方人生智慧](sources/一语点醒梦中人-东方人生智慧.md) — 道家/儒家/佛教经典箴言:王维"行到水穷处"、庄子"知其不可奈何而安之若命"、曾国藩"唯忘机可以消众机" +- [Autonomous Project Management(去中心化协调模式)](sources/Autonomous-Project-Management-STATE-yaml.md) — STATE.yaml 去中心化协调替代中央 orchestrator;Git 作为审计日志;主会话 CEO 模式 + ## Sources (2026-04-15 Evening Batch) +- [TikTok Shop Apache Superset Dashboard 设计思路](sources/TikTok Shop - Apache Superset Dashboard设计思路.md) — TikTok Shop 选品分析 Dashboard 设计:4-Tab 结构(爆品雷达/类目机会/店铺监控/评论分析)、SQL View 预处理 JSON、选品评分模型 +- [Best 7 News API Data Feeds](sources/Best 7 news API data feeds - AI News.md) — 7 款主流新闻 API 评测:金融选 Bloomberg/FT、舆情选 Webz.io/Opoint、小型应用选 GNews/Mediastack +- [N8N Full Tutorial - Building AI Agents in 2025 for Beginners](sources/N8N Full Tutorial Building AI Agents in 2025 for Beginners.md) — N8N AI Agent 入门:Workflow(预定义) vs Agent(LLM动态决策)、5类节点、Memory 机制、Airtable 工具接入 - [Autonomous Project Management](sources/Autonomous-Project-Management.md) — 去中心化项目协调:STATE.yaml 替代中央 orchestrator,subagent 自主协作 - [Content Factory](sources/Content-Factory.md) — Discord 多 agent 内容工厂:Research→Writing→Thumbnail 链式协作 - [Market Research Product Factory](sources/Market-Research-Product-Factory.md) — Last30Days 挖掘痛点→OpenClaw 构建 MVP 自动化管线 - [Personal Knowledge Base RAG](sources/Personal-Knowledge-Base-RAG.md) — 语义可搜索个人第二大脑,URL 自动摄取+向量检索 +- [MySQL MariaDB 数据库详细信息](sources/MySQL-MariaDB-数据库详细信息.md) — Synology NAS MariaDB 10.11 内网/公网访问配置,CREATE USER 'shenwei'@'%' 实现远程连接 +- [用Docker中安装Navidrome](sources/用Docker中安装Navidrome.md) — Synology Docker 部署 Navidrome 开源音乐服务器,:ro 只读挂载保护音乐库 +- [Ubuntu服务器通过rsync实现日常增量备份](sources/Ubuntu服务器通过rsync实现日常增量备份.md) — rsync + NFS + /etc/fstab 永久挂载 + Crontab 凌晨自动化,构建"时间点恢复"能力 ## Sources - [Multi-Agent Specialized Team (Solo Founder Setup)](sources/Agent-usecases-multi-Agent-Team.md) — 多 Agent 虚拟团队:Telegram 统一入口 + 共享内存 + 定时主动汇报 @@ -58,6 +82,8 @@ - [不谈技术:普通人该怎么在AI时代赚钱](sources/普通人如何在AI时代赚钱.md) — AI 时代赚钱三原则:品味是护城河、端到端优于零件、死亡过滤器筛选真正热爱 ## Entities +- [Clonezilla](entities/Clonezilla.md) — 开源磁盘镜像备份工具,等同于企业级 Ghost,支持 NFS/SMB/USB 多种存储后端 +- [vibe-coding-cn](entities/vibe-coding-cn.md) — GitHub 中文 Vibe Coding 资源库,Vibe Coding = 规划驱动 + 上下文固定 + AI 结对执行的中文开源实践 - [Trebuh](entities/Treb uh.md) — Solo founder,4 Agent 团队实践者 - [Cloudflare](entities/Cloudflare.md) — 全球网络服务商,提供 Workers/D1/R2 无服务器基础设施 - [Anthropic](entities/Anthropic.md) @@ -75,6 +101,8 @@ - [Kubernetes](entities/Kubernetes.md) - [Red Hat](entities/Red Hat.md) - [Docker](entities/Docker.md) +- [Navidrome](entities/Navidrome.md) — 开源音乐流媒体服务器,Subsonic API 兼容 +- [MariaDB](entities/MariaDB.md) — Synology NAS Docker 数据库,10.11.6 版本 - [DeepSeek](entities/DeepSeek.md) - [Qwen](entities/Qwen.md) - [Flux](entities/Flux.md) @@ -157,6 +185,12 @@ - [Zipline](entities/Zipline.md) — 自托管图片托管服务,提供 REST API,与 n8n 集成 ## Concepts +- [多云策略](concepts/多云策略.md) — 跨 AWS/Azure/GCP 多厂商工作负载分配,规避供应商锁定、提升弹性和成本效益 +- [磁盘镜像备份](concepts/磁盘镜像备份.md) — 将整个磁盘扇区级打包为镜像文件,全盘还原的核心备份方式 +- [灾难恢复](concepts/灾难恢复.md) — RTO/RPO 驱动的系统还原能力,Clonezilla restoredisk 完整恢复 +- [规划驱动](concepts/规划驱动.md) — Vibe Coding 第一原则:AI 执行前必须有清晰技术选型和模块化设计 +- [上下文固定](concepts/上下文固定.md) — Vibe Coding 第二原则:通过 .cursorrules/SPEC.md 维持 AI 长对话一致性 +- [AI 结对执行](concepts/AI结对执行.md) — Vibe Coding 第三原则:开发者做导演,AI 做执行,类似 Pair Programming - [DevOps成熟度模型](concepts/DevOps成熟度模型.md) — 5 阶段评估框架(Ad-Hoc → Mature),4 大焦点领域 - [共享内存模式](concepts/共享内存模式.md) — 多 Agent 共享 GOALS.md/DECISIONS.md + 私有上下文 - [空性智慧](concepts/空性智慧.md) — 佛教核心教义,一切有为法如梦幻泡影露电 @@ -243,6 +277,8 @@ - [数据蒸馏](concepts/数据蒸馏.md) — 用大模型生成精简数据训练小模型 - [AI工作流自动生成](concepts/AI工作流自动生成.md) — 通过自然语言描述让 AI 自动生成工作流 - [Agent模式](concepts/Agent模式.md) — Cursor Composer 自动执行模式 +- [rsync增量备份](concepts/rsync增量备份.md) — Delta-transfer 增量同步算法,防重入 lockfile,防 NAS 掉线机制 +- [NFS永久挂载](concepts/NFS永久挂载.md) — /etc/fstab + _netdev 参数实现开机自动挂载网络文件系统 - [MCP工具链](concepts/MCP工具链.md) — 多个 MCP 工具顺序调用的工作流 - [Agent Skill 设计模式](concepts/Agent-Skill-设计模式.md) — Google 发布的 5 种 Skill 结构化设计模式 - [Tool Wrapper](concepts/Tool-Wrapper.md) — 监听关键词动态加载规范文档的模式 @@ -279,16 +315,56 @@ - [Nicholas Carlini](entities/Nicholas-Carlini.md) — 自主编码 agent 方法论提出者,STATE.yaml 去中心化协调灵感来源 - [Matt Van Horne](entities/Matt-Van-Horne.md) — Last30Days skill 作者 - [Alex Finn](entities/Alex-Finn.md) — OpenClaw Use Cases YouTube 视频作者 +- [TikTok Shop](entities/TikTok Shop.md) — 字节跳动旗下电商平台,电商选品数据来源 +- [Apache Superset](entities/Apache Superset.md) — Airbnb 开源 BI 可视化平台,Dashboard JSON 可导入导出 +- [Webz.io](entities/Webz.io.md) — 全覆盖新闻 API(surface+deep+dark web),金融/网安/风控首选 +- [GNews API](entities/GNews API.md) — 轻量低价新闻 API,适合小型应用和初创公司 +- [The Guardian API](entities/The Guardian API.md) — 高质量编辑内容新闻源,适合研究和内容平台 +- [Bloomberg API](entities/Bloomberg API.md) — 机构级金融实时市场数据 API +- [Financial Times API](entities/Financial Times API.md) — 专业财经分析与经济报告 API +- [Opoint](entities/Opoint.md) — 舆情监控与情感分析平台,PR/营销/品牌监测首选 +- [Mediastack API](entities/Mediastack API.md) — 7000+ 来源可扩展新闻 API,免费套餐可用 +- [Airtable](entities/Airtable.md) — 在线数据库+表格,可作为 N8N Agent 工具接入实现库存管理 ## Entities (2026-04-15 PM Batch) - [ClawHub](entities/ClawHub.md) — 按单个 skill 安装的 OpenClaw 插件市场协议 +## Entities (2026-04-15 Night Batch) +- [Gitea](entities/Gitea.md) — 自托管 Git 服务,Obsidian 笔记版本控制层,私有内网运行 + +## Entities (2026-04-15 Late Night Batch) +- [CodeCrafters](entities/CodeCrafters.md) — build-your-own-x GitHub 仓库当前维护方,提供在线编程挑战平台 +- [Daniel Stefanovic](entities/Daniel-Stefanovic.md) — build-your-own-x 项目创始人 +- [王维](entities/王维.md) — 唐代诗人,"诗佛",行到水穷处典故出处 +- [曾国藩](entities/曾国藩.md) — 晚清重臣,《治心经·诚心篇》作者,"唯忘机可以消众机"出处 +- [庄子](entities/庄子.md) — 战国道家代表,"知其不可奈何而安之若命"出处 + +## Concepts (2026-04-15 Night Batch) +- [LLM Wiki](concepts/LLM-Wiki.md) — AI 增量构建持久化 Wiki(对比 RAG 每次从零检索),Graph View 发现知识盲区 +- [天才地带](concepts/天才地带.md) — 盖伊·亨德里克斯心流理论,能产生心流的精力充沛活动区域 +- [底层能力](concepts/底层能力.md) — 冰山水下通用能力,三个自检问题追溯真正的擅长 +- [一人公司](concepts/一人公司.md) — 用最小杠杆撬动最大价值,天才地带 + 产品漏斗 + 内容矩阵 +- [产品漏斗](concepts/产品漏斗.md) — 引流(免费PDF)→ 入门(¥199)→ 核心(¥4999)→ 高价(¥20000/月)四层体系 +- [内容矩阵](concepts/内容矩阵.md) — 横轴核心主题 × 纵轴内容形式(观察/反直觉/操作指南/个人故事/清单) +- [价格锚定](concepts/价格锚定.md) — 高价放顶部让低价显得便宜的心理学定价策略 +- [反向金字塔](concepts/反向金字塔.md) — 一次长内容切无数微内容,一次制作百次分发 +- [Git自动同步](concepts/Git自动同步.md) — Obsidian Git 插件 Auto commit 全自动版本管理 +- [Graph View](concepts/Graph-View.md) — Obsidian 知识网络可视化,孤岛页面和灰色幽灵节点检测 +- [QMD](concepts/QMD.md) — 本地 Markdown 精准搜索引擎,Wiki 规模变大后替代 index.md + ## Concepts (2026-04-15 Evening Batch) - [STATE.yaml](concepts/STATE-yaml.md) — 去中心化项目协调文件格式,YAML 结构定义任务状态与依赖 - [去中心化协调](concepts/去中心化协调.md) — 无中央 orchestrator,各 agent 通过共享状态文件自主协调 - [内容工厂](concepts/内容工厂.md) — 多 agent 链式协作内容创作管线 - [产品工厂](concepts/产品工厂.md) — 市场研究到 MVP 构建的自动化管线 - [个人知识库](concepts/个人知识库.md) — 基于 RAG 的个人第二大脑 +- [Superset Dashboard](concepts/Superset Dashboard.md) — Apache Superset Dashboard 标准布局:KPI行→爆品行→气泡图→类目分析行→评分模型行 +- [电商选品分析](concepts/电商选品分析.md) — TikTok Shop 多维度选品:销量+评分+折扣+评分数量综合评分 +- [选品评分模型](concepts/选品评分模型.md) — 加权公式:sold×0.4 + rating×12 + rating_count×0.2 + discount_percent×0.5 +- [KPI 卡片](concepts/KPI卡片.md) — Dashboard 顶部数字指标看板,6 项核心指标(产品数/热卖数/评分/价格/GMV/折扣占比) +- [News API](concepts/News API.md) — 标准化 HTTP API 获取结构化新闻数据,覆盖 7500+ 来源,金融/舆情/内容聚合场景 +- [Memory in AI Agent](concepts/Memory-in-AI-Agent.md) — Agent 保持对话上下文连贯性的机制,N8N AI Agent 节点内置 Memory 配置 +- [Workflow vs Agent](concepts/Workflow-vs-Agent.md) — 预定义固定路径 vs LLM 动态决策的本质区别,Workflow=确定性/Agent=适应性 ## Concepts (2026-04-15 PM Batch) - [nvm](concepts/nvm.md) — Node Version Manager,管理 Node.js 多版本 diff --git a/wiki/log.md b/wiki/log.md index 4f797637..91685053 100644 --- a/wiki/log.md +++ b/wiki/log.md @@ -1,3 +1,31 @@ +## [2026-04-15 Late Night Batch] ingest | 5 sources +- Multi-Agent System Reliability(Alex Ewerlöf):4种可靠性架构模式;Hierarchy/Consensus/Debate/Knock-out;LLM 不可靠组件论 +- Build Your Own X:从零构建技术栈 GitHub 资源集;费曼学习法实践;25个技术领域 +- Multi-Agent Specialized Team(Solo Founder 模式):Telegram 统一入口;4 Agent 虚拟团队;定时主动任务推送 +- 一语点醒梦中人 — 东方人生智慧:空性智慧/绝处逢生/知其不可奈何而安之若命;王维/庄子/曾国藩 +- Autonomous Project Management(去中心化协调):STATE.yaml 替代 orchestrator;Git 审计日志;CEO 模式 +- Created: 5 entities (CodeCrafters, Daniel Stefanovic, 王维, 曾国藩, 庄子), 0 new concepts (均复用已有概念) + +## [2026-04-15 Night] ingest | 养虾日记3:Obsidian + Gitea 持久化笔记系统 +- [养虾日记3-Obsidian-Gitea持久化笔记系统.md](sources/养虾日记3-Obsidian-Gitea持久化笔记系统.md) +- Key claims: LLM Wiki vs RAG 本质区别(增量积累 vs 从零检索);Obsidian + Gitea + OpenClaw 三层笔记架构;Graph View 知识健康检查 +- Created: 1 entity (Gitea), 5 concepts (LLM Wiki, Git自动同步, Graph View, QMD, 知识可发现性) + +## [2026-04-15 Night] ingest | 万字保姆级教程:90天跑通一人公司模式 +- [万字保姆级教程-90天跑通一人公司模式-2026-03-29.md](sources/万字保姆级教程-90天跑通一人公司模式-2026-03-29.md) +- Key claims: 天才地带/Ikigai 框架;产品漏斗四层定价;内容矩阵 × 反向金字塔分发;四大心理陷阱 +- Created: 4 concepts (天才地带, 底层能力, 一人公司, 产品漏斗, 内容矩阵, 价格锚定, 反向金字塔) + +## [2026-04-15 Night] ingest | 万字讲透OpenClaw Workspace 深度解析(2026-03-21版) +- [万字讲透OpenClaw-Workspace深度解析-2026-03-21.md](sources/万字讲透OpenClaw-Workspace深度解析-2026-03-21.md) +- Key claims: workspace 7 大文件体系职责分工;AGENTS.md 300-500 字最佳;SOUL.md 叙事性人物小传;BOOTSTRAP.md 一次性引导后删除 +- Created: 0 entities (已存在 OpenClaw), 0 new concepts (内容已覆盖) + +## [2026-04-15 Night] ingest | n8n + Claude 自然语言自动化工作流 +- [n8n-Claude-自然语言自动化工作流.md](sources/n8n-Claude-自然语言自动化工作流.md) +- Key claims: n8n-mcp MCP 协议桥接;543 个节点结构化访问;Claude 生成工作流完成度 80-90% +- Created: 1 concept (n8n-mcp 已有), 0 new concepts + ## [2026-04-15] ingest | DevOps Culture and Transformation ## [2026-04-15] ingest | 2025年11个神级AI开源平替,GitHub杀疯了 @@ -235,3 +263,42 @@ Created/updated: 12 entity pages (DeepSeek, Qwen, Flux, Stable Diffusion, Hunyua - [Personal-Knowledge-Base-RAG](sources/Personal-Knowledge-Base-RAG.md) Key claims: Drop any URL 自动摄取;语义搜索返回 ranked 结果+来源引文;其他工作流可主动查询知识库 Created: 1 concept (个人知识库) + +## [2026-04-15 Evening] ingest | MySQL MariaDB 数据库详细信息 + +## [2026-04-15 Evening] ingest | 用Docker中安装Navidrome + +## [2026-04-15 Evening] ingest | Ubuntu服务器通过rsync实现日常增量备份 + +## [2026-04-15 21:30] ingest | TikTok Shop Apache Superset Dashboard 设计思路 + +Added source. Key claims: Superset 无法直接解析 JSON 需 SQL View 预处理;选品评分模型 = sold×0.4 + rating×12 + rating_count×0.2 + discount_percent×0.5;4-Tab Dashboard(爆品雷达/类目机会/店铺监控/评论分析);气泡图可一眼识别低价高销量和高客单价爆品。 + +Created/updated: 2 entity pages (TikTok Shop, Apache Superset), 4 concept pages (Superset Dashboard, 电商选品分析, 选品评分模型, KPI卡片). + +## [2026-04-15 21:35] ingest | Best 7 News API Data Feeds + +Added source. Key claims: Webz.io 覆盖最全(surface+deep+dark web);GNews 轻量低价适合初创;Mediastack 7500+来源有免费套餐;Bloomberg/FT 面向机构金融;Opoint 擅长舆情监控。 + +Created/updated: 7 entity pages (Webz.io, GNews API, The Guardian API, Bloomberg API, Financial Times API, Opoint, Mediastack API), 1 concept page (News API). + +## [2026-04-15 21:40] ingest | N8N Full Tutorial - Building AI Agents in 2025 for Beginners + +Added source. Key claims: Workflow=预定义固定输出 vs Agent=LLM动态决策;N8N 5类节点(Tigger/Action/Utility/Code/Advanced AI);Memory=Agent连贯对话关键;Airtable可作Agent工具接入库存管理。 + +Created/updated: 1 entity page (Airtable), 3 concept pages (Memory in AI Agent, Workflow vs Agent). + +## [2026-04-15 Night Batch 2] ingest | 5 sources +- A Formalization of Recursive Self-Optimizing Generative Systems:自映射 Φ(G) = M(G, O(G(I), Ω));固定点 G* = Y STEP;自举循环收敛到生成器不动点 +- Never Write Another Prompt:提示词生成工具民主化 Prompt工程;变量机制实现模板化复用;$100-500/条 → 工具化免费生成 +- AI 解决方案专家培训课程(Coze):Bot 模式 vs Workflow 模式;金融/教育/医疗/电商/客服行业解决方案;GPT-SoVITS/F5-TTS/FaceFusion 集成 +- If You Have Multiple Interests(Dan Koe):三要素(Self-education + Self-interest + Self-sufficiency);通才 > 专才;系统经济时代系统 > 产品 +- Nano Banana 提示词框架(已有页面,更新):物件描述框架 + 人物描述框架共用结构;negatives 质量控制关键;camera 电影级运镜控制 +- Created: 4 entities (Coze, Dan Koe, tukuai, FaceFusion), 5 concepts (超级通才, 自教育, 创意博物馆, 系统经济, 内容创意密度) + +## [2026-04-16 00:10] ingest | 3 sources +- How Can a Multi Cloud Strategy Transform Your Business ROI:多云策略(AWS/Azure/GCP)提升 ROI;78% 企业用 3+ 公有云;30% 运营成本降低;电商/医疗/金融行业落地路径 +- GitHub 上 5000 人收藏的 Vibe Coding 神级指南(中文版):vibe-coding-cn 中文开源项目;Vibe Coding = 规划驱动 + 上下文固定 + AI 结对执行;Karpathy "我几乎不写代码了,只负责调整氛围" +- Clonezilla对Ubuntu Server进行全盘镜像备份:Rufus + Clonezilla live + Synology NAS NFS 全盘镜像备份流程;savedisk 生成镜像;restoredisk 灾难恢复 + +Created: 2 entity pages (Clonezilla, vibe-coding-cn), 6 concept pages (多云策略, 磁盘镜像备份, 灾难恢复, 规划驱动, 上下文固定, AI 结对执行). diff --git a/wiki/overview.md b/wiki/overview.md index b9b46bc9..7822288d 100644 --- a/wiki/overview.md +++ b/wiki/overview.md @@ -1,6 +1,9 @@ --- title: Wiki Overview -last_updated: 2026-04-15 Evening +last_updated: 2026-04-16 Early Morning +// 新增领域:多云策略(AWS/Azure/GCP)与跨云治理框架(2026-04-16 Early Morning) +// 新增领域:vibe-coding-cn 中文 Vibe Coding 资源库(2026-04-16 Early Morning) +// 新增领域:Clonezilla + NFS 磁盘镜像备份与灾难恢复(2026-04-16 Early Morning) // 新增领域:Agent Use Cases 四大工作流(项目管理/内容工厂/产品工厂/知识库)(2026-04-15 Evening) // 新增领域:Last30Days 与多平台热点聚合(2026-04-15) // 新增领域:gog CLI 与 Google Workspace CLI(2026-04-15) @@ -605,6 +608,12 @@ Agentic AI(行动型 AI)与 GenAI(生成型 AI)的根本区别在于:A // 新增领域:baoyu-skills Claude Code 技能集(2026-04-15 PM) // 新增领域:Multi-Agent 虚拟团队协作模式(2026-04-15 PM) // 新增领域:Vibe-Kanban + OpenCode Ubuntu 部署(2026-04-15 PM) +// 新增领域:Home Office 自托管服务三件套——MariaDB + Navidrome + rsync 增量备份(2026-04-15 Evening) + +// 新增领域:n8n + Claude 自然语言工作流生成(2026-04-15 Night) +// 新增领域:LLM Wiki vs RAG 的本质区别与持久化笔记系统(2026-04-15 Night) +// 新增领域:一人公司 90 天跑通模式(2026-04-15 Night) + // 新增领域:Self-Improving + 双层记忆架构(2026-04-15 PM) ## 新增领域:baoyu-skills Claude Code 技能集 @@ -648,6 +657,74 @@ Ubuntu Server 上通过 nvm 管理 Node 20,安装 Vibe-Kanban 与 OpenCode,p - executor 随 vibe-kanban 进程一起管理,不单独用 pm2 管理 - I/O error 通常是 executor 没启动或端口被占用 +## 新增领域:Home Office 自托管服务三件套 + +### MariaDB 数据库 +Synology NAS Docker 部署 MariaDB 10.11,通过 socket 本地登录管理,CREATE USER 创建远程访问账号。公网域名 mysql.ishenwei.online:63307 提供外网访问能力。 + +### Navidrome 音乐服务器 +Synology Docker 部署 Navidrome 开源音乐流媒体服务,音乐目录只读(:ro)挂载保护原始文件。ND_AUTOTRANSCODEDOWNLOAD 根据客户端能力自动转码,Subsonic API 兼容主流音乐 App。 + +### rsync 增量备份自动化 +rsync + NFS + /etc/fstab 永久挂载 + Crontab 凌晨 3 点自动化,构建"Clonezilla 整机镜像 + rsync 增量数据"二级保护体系。lockfile 防重入,mountpoint -q 防 NAS 掉线写爆本地硬盘。 + +### 核心概念 +- [[Socket登录]]:MariaDB 本地连接方式 +- [[NFS永久挂载]]:/etc/fstab + _netdev 等待网络就绪 +- [[rsync增量备份]]:Delta-transfer 算法仅传输变化部分 +- [[lockfile防重入]]:PID 文件 + kill -0 检测进程存活 + +## 新增领域:n8n + Claude 自然语言工作流生成 + +n8n 通过 MCP 协议与 Claude 连接,实现自然语言驱动的自动化工作流生成。 + +### 核心机制 +- [[n8n-mcp]]:Claude 与 n8n 之间的 MCP 协议桥接,提供 543 个 n8n 节点的结构化访问 +- [[AI工作流自动生成]]:Claude 生成 n8n 工作流 JSON 完成度约 80-90%,10-20% 错误率需人工修正 +- 选择 Opensea 模型并开启 extended thinking 可显著提升生成质量 +- n8n AI Agent 节点内置 Memory 机制,支持多轮对话上下文 + +### 关键区分 +- [[Workflow vs Agent]]:预定义固定路径 vs LLM 动态决策 +- Claude Code 的 delegate_task(Hermes 子 agent)vs terminal 调用 claude -p(MCP CLI 通道) + +## 新增领域:LLM Wiki vs RAG 的本质区别与持久化笔记系统 + +通过 Obsidian + Gitea + OpenClaw 三层架构,将 AI 助手输出持久化为可积累的知识网络。 + +### 核心洞察 +- [[LLM Wiki]] vs [[RAG]]:RAG 每次从零检索,知识不积累;LLM Wiki 让 AI 增量构建和维护持久化 Wiki,页面间互相链接 +- AI 输出直接落盘到笔记(Obsidian)而非留在聊天记录,笔记通过 iCloud Drive 三端同步 +- [[Gitea]] 提供 Git 版本管理,任何时候都能回溯历史版本 + +### Obsidian 最佳实践 +- [[Obsidian Web Clipper]]:浏览器插件快速采集外部素材 +- [[Graph View]]:知识健康检查,发现孤岛页面和灰色幽灵节点(被引用但无专页的概念) +- [[Git自动同步]]:Auto commit-and-sync interval 完全自动化版本管理 +- [[QMD]]:Wiki 规模到几百页后替代 index.md 提供精准搜索 + +### 知识管理原则 +- 研究过程写入 Agent Archive(openclaw//) +- 经过验证可复用的知识沉淀到 Knowledge Base(knowledgebase/) + +## 新增领域:一人公司 90 天跑通模式 + +从自我认知到商业变现,90 天跑通用最小杠杆撬动最大价值的一人公司。 + +### 核心框架 +- [[天才地带]]:能产生心流的活动区域,精力充沛、时间飞逝 +- [[底层能力]]:三个自检问题(追溯童年/毫不费力/底层通用) +- [[Ikigai]]:热情 × 擅长 × 市场需要 × 能获报酬,四圈交集是最佳定位 + +### 产品体系四层 +- 引流(免费PDF)→ 入门(¥199 工具)→ 核心(¥4999 训练营)→ 高价(¥20000/月陪跑咨询) +- [[价格锚定]]:高价咨询放顶部让低价显得便宜 +- [[内容矩阵]]:横轴核心主题 × 纵轴内容形式(观察/反直觉/操作指南/个人故事/清单) +- [[反向金字塔]]:一次长形式内容切成无数微内容一次制作百次分发 + +### 四个心理陷阱 +- 愧疚陷阱(不喜欢 = 别人也不喜欢)/ 效率陷阱(忙 = 创造价值)/ 卓越陷阱(必须亲自干)/ 努力陷阱(轻松 = 没价值) + ## 新增领域:Self-Improving + 双层记忆架构 通过 self-improving skill + 双层记忆架构 + 每日定时复盘,实现 Agent 在错误中学习、持续进化,避免同一错误重复出现。 @@ -665,3 +742,77 @@ Ubuntu Server 上通过 nvm 管理 Node 20,安装 Vibe-Kanban 与 OpenCode,p ### 每日复盘 - 23:00 定时触发,读取当天 memory → self_improvement_log → 检查 Pattern-Key 重复 → 同步到长期记忆 → Telegram 摘要 - 发现机制:复盘时发现 3月27日无 memory 文件 → 推动"Session 启动时强制创建"流程优化 + +## 新增领域:多智能体可靠性架构(Alex Ewerlöf) + +Alex Ewerlöf 提出的多智能体可靠性架构,将 LLM 视为分布式系统中不可靠组件而非拟人化智能体。 + +### 4 种架构模式 +- [[Multi-Agent Hierarchy]]:Supervisor(规划器)+ Worker(工作者)+ Validator(验证器)三角色顺序协作,依赖图强制协作而非靠"喜欢" +- [[Multi-Agent Consensus]]:N 个模型独立响应同任务,多数票消除随机噪声(3 模型同谎言概率 0.8%),适合事实核查和分类 +- [[Multi-Agent Adversarial Debate]]:Generator + Critic + Judge 三方对抗(法庭模型),Truth survives the fight,适合安全分析和代码审查 +- [[Multi-Agent Knock-out]]:遗传算法启发的适应度淘汰制,最差代理被淘汰(cattle not pets),适合迭代式 Agent 工程 + +### 核心洞察 +- 停止要求模型"小心",改为强制其"正确"(架构约束 > 情感化 prompt) +- LLM Sycophancy:过度迎合导致撒谎,多数投票可缓解 +- 验证器可以是确定性代码(单元测试/JSON schema)而非 LLM + +## 新增领域:Build Your Own X(费曼学习法实践) + +build-your-own-x GitHub 项目通过"从零重建流行技术"来深度掌握编程,是费曼学习法在技术领域的系统性实践。 + +### 核心资源 +- [[CodeCrafters]]:build-your-own-x 当前维护方,提供 codecrafters.io 在线编程挑战 +- 25 个技术领域:3D Renderer / BitTorrent / Blockchain / Bot / Docker / Emulator / Git / Neural Network / OS / Regex / Search Engine / Web Browser 等 +- 每个领域提供多语言实现(Python/JavaScript/Go/C++/Rust 等) + +### 关键洞察 +- "What I cannot create, I do not understand" — Richard Feynman +- BYOX 是 [[Vibe Coding]] 的底层实践,Vibe Coding 规划驱动,BYOX 从零实现 + +## 新增领域:Solo Founder 多 Agent 专精团队 + +Solo founder 通过多 Agent 虚拟团队实现 24/7 全天候工作能力,[[Multi-Agent Hierarchy]] 模式的具体 OpenClaw 实践。 + +### 团队配置模式 +- Lead Agent(Milo):战略协调,制定计划,OKR 追踪 +- Business Agent(Josh):数据分析,定价策略,竞品监控 +- Marketing Agent:内容创意,Reddit/X 趋势监控 +- Dev Agent:代码实现,技术架构,CI/CD + +### 核心机制 +- [[定时主动任务]]:Agent 主动推送早会摘要/指标报告/内容创意,而非被动等待用户请求 +- [[Telegram路由]]:单群聊 + @AgentName 路由 + 无@默认 Lead +- 2 Agent 起步按瓶颈扩展,而非一上来建 4 个团队 + +### 灵感来源 +- [[Trebuh]] 的 4 Agent 实践("a real small team available 24/7") +- [[Nicholas Carlini]] 自主编码 Agent 方法论 + +## 新增领域:去中心化项目协调(STATE.yaml) + +通过共享 STATE.yaml 文件替代中央 orchestrator,实现真正的并行 subagent 协作。 + +### 核心机制 +- [[STATE.yaml]]:YAML 结构定义任务状态、owner、blocked_by、next_actions +- Git 作为审计日志:STATE.yaml 变更 commit 实现完整历史追溯 +- 薄主会话原则:主 Agent 只做 spawn/send,不直接执行任务 + +### 与多 Agent 专精团队的关系 +- 专精团队:多角色 Agent 并存,STATE.yaml 记录团队共享目标 +- 去中心化协调:同一团队内无中央 orchestrator,各 Agent 自主读写状态 + +## 新增领域:东方人生智慧 + +道家、儒家、佛教经典箴言体系,补充西方哲学框架之外的人生哲学视角。 + +### 核心命题 +- [[空性智慧]]:一切有为法如梦幻泡影露水电,不执着于"自性"(金刚经) +- [[绝处逢生]]:"行到水穷处,坐看云起时",困境即转机的东方智慧([[王维]]) +- [[知其不可奈何而安之若命]]:先尽人事,后听天命,接纳与行动的平衡([[庄子]]) +- [[和光同尘]]:收敛锋芒,不标新立异,与世无争以保全自身(老子/[[曾国藩]]) + +### 与苏东坡视角的关系 +- [[一语点醒梦中人]] 与 [[su-dongpo-perspective]] 均属东方人生智慧,后者侧重苏东坡的文学与政治生涯视角 + diff --git a/wiki/sources/3.2万人收藏的Claude-Skills-才是AI这条路.md b/wiki/sources/3.2万人收藏的Claude-Skills-才是AI这条路.md new file mode 100644 index 00000000..2df9c9aa --- /dev/null +++ b/wiki/sources/3.2万人收藏的Claude-Skills-才是AI这条路.md @@ -0,0 +1,58 @@ +--- +title: "3.2 万人收藏的 Claude Skills,才是 AI 这条路上最值得研究的一套范式!" +type: source +tags: [claude, skills, anthropic, workflow, prompt-engineering] +date: 2026-01-08 +sources: + - "3.2 万人收藏的 Claude Skills,才是 AI 这条路上最值得研究的一套范式! 1.md" +--- + +## Source File +- raw/AI/3.2 万人收藏的 Claude Skills,才是 AI 这条路上最值得研究的一套范式! 1.md + +## Summary +- 核心主题:Claude Skills 作为 AI 应用的新范式,代表从提示词工程向流程工程的转型 +- 问题域:大多数 AI 用户还在纠结如何写好 Prompt,而高阶玩家已开始构建可复用的 Skills +- 方法/机制:Skills = 写给 Claude 的"说明书" + SOP(标准作业程序),将固定流程任务拆解为 AI 可理解、可稳定复用、可自动执行的流程 +- 结论/价值:Skills 的爆发标志从提示词工程迈向流程工程;未来有价值的不是谁的 Prompt 写得最花,而是谁最懂业务流程、谁能将经验沉淀为 SOP + +## Key Claims +- Skills 本质是"说明书"和"SOP":将反复执行、有固定流程的任务拆解为 AI 能理解、稳定复用、自动执行的流程 +- Anthropic 官方 Skills 仓库(github.com/anthropics/skills)收藏数突破 3.2 万,原封不动地拆解了 Claude.ai 网页版的生产级能力 +- 官方库覆盖三大类:办公自动化(Word/PDF/PPT/Excel)、开发者工具箱(MCP Server、Web 测试、Artifacts、自动化验证)、创意类 Skills +- 三个 Awesome-Claude-Skills 精选仓库:ComposioHQ、VoltAgent、BehiSecc +- 三个 Skill 聚合站:skillsmp.com、aitmpl.com/skills、claudemarketplaces.com +- Skills 的本质是官方在教"怎么像 Anthropic 一样开发 AI 应用" + +## Key Quotes +> "Skills 就是一套你写给 Claude 的'说明书'和'SOP(标准作业程序)'" — 核心定义 +> "这个库本质上是官方在教你,'怎么像我们一样开发 AI 应用'" — 价值定位 +> "未来真正有价值的,不是谁的 Prompt 写得最花、谁一次能生成最多内容;而是谁最懂业务流程、谁能把经验沉淀成 SOP、谁能把 SOP 交给 AI 稳定执行" — 趋势判断 + +## Key Concepts +- [[AI技能封装]]:将固定流程任务拆解为 AI 可理解、可复用、可自动执行的结构化流程的方法论 +- [[Prompt工程]] → [[流程工程]]:从优化单次输出质量转向优化整套流程的稳定性与可复用性 +- [[Claude Skills]]:Anthropic 官方发布的 AI 技能指南,本质是"说明书 + SOP" + +## Key Entities +- [[Anthropic]]:Claude Skills 官方仓库的发布者 +- [[Anthropic Skills 官方库]]:github.com/anthropics/skills,3.2 万收藏,生产级能力拆解 +- [[ComposioHQ/awesome-claude-skills]]:精选 Claude Skills 仓库 +- [[VoltAgent/awesome-claude-skills]]:精选 Claude Skills 仓库 +- [[BehiSecc/awesome-claude-skills]]:精选 Claude Skills 仓库 +- [[skillsmp.com]]:Skill 聚合站 +- [[aitmpl.com/skills]]:Skill 聚合站 +- [[claudemarketplaces.com]]:Skill 聚合站 + +## Connections +- [[Anthropic]] ← 发布者 ← [[Anthropic Skills 官方库]] +- [[Anthropic Skills 官方库]] ← 官方示例 ← [[Claude Skills]] +- [[Claude Skills]] ← 范式升级 ← [[Prompt工程]] +- [[Claude Skills]] ← 具体实现 ← [[AI技能封装]] +- [[skillsmp.com]] ← 聚合平台 ← [[Claude Skills]] +- [[aitmpl.com/skills]] ← 聚合平台 ← [[Claude Skills]] +- [[claudemarketplaces.com]] ← 聚合平台 ← [[Claude Skills]] +- [[Vibe Coding]] ← 尽头是 ← [[Claude Skills]] + +## Contradictions +- 无已知冲突 diff --git a/wiki/sources/A-Formalization-of-Recursive-Self-Optimizing-Generative-Systems.md b/wiki/sources/A-Formalization-of-Recursive-Self-Optimizing-Generative-Systems.md index 3b72b262..7e1f3609 100644 --- a/wiki/sources/A-Formalization-of-Recursive-Self-Optimizing-Generative-Systems.md +++ b/wiki/sources/A-Formalization-of-Recursive-Self-Optimizing-Generative-Systems.md @@ -1,52 +1,42 @@ --- title: "A Formalization of Recursive Self-Optimizing Generative Systems" type: source -tags: [cs.LO, cs.AI, math.CT, 形式化, 元学习] -sources: [raw/AI/A Formalization of Recursive Self-Optimizing Generative Systems.md] -last_updated: 2026-04-15 +tags: [ai, formalization, self-improvement, lambda-calculus] +date: 2025-12-30 --- ## Source File -- raw/AI/A Formalization of Recursive Self-Optimizing Generative Systems.md +- [[raw/AI/A Formalization of Recursive Self-Optimizing Generative Systems.md]] ## Summary -- 核心主题:递归自优化生成系统的形式化建模,固定点语义下的自举动力学 -- 问题域:AI 系统自我改进机制的理论基础,元生成器的收敛性证明 -- 方法/机制:自映射(Self-Map)、固定点(Fixed Point)、λ-calculus 递归组合子(Y Combinator) -- 结论/价值:为自改进 AI 架构、自动元提示词系统提供严谨的数学框架 +- 核心主题:递归自优化生成系统的形式化建模,通过自映射(self-map)和固定点(fixed point)语义描述 AI 系统的自我改进动力学 +- 问题域:如何让 AI 系统在不依赖外部干预的情况下持续改进自身生成能力 +- 方法/机制:自映射 Φ(G) = M(G, O(G(I), Ω)) 将优化结果反馈给生成器;Y Combinator 实现 λ-calculus 自举 +- 结论/价值:稳定生成能力对应 Φ 的固定点 G*,自我改进的目标是收敛行为而非单次最优输出 ## Key Claims -- 递归自优化的目标不是单个最优输出,而是在生成器空间(Generator Space)中收敛到稳定生成能力 -- 稳定生成能力对应于元生成算子(Meta-Generative Operator)的固定点(Fixed Point) -- 自举(Bootstrapping)过程通过"生成→优化→更新"的循环迭代实现系统自我超越 -- Y Combinator 表达自引用动力学:G* = Y STEP,G* = STEP G*,即生成器是自身变换的不动点 +- 递归自优化系统的目标不是最优输出,而是生成器空间 {G_n} 的收敛行为 +- 稳定生成能力 = Φ 的固定点 G*,即 Φ(G*) = G* +- Y Combinator 表达式 G* = Y STEP 满足 G* = STEP G*,体现了系统的自指本质 +- 自举(bootstrapping)通过优化产物反馈给系统,启动下一轮进化循环 ## Key Quotes -> "The system's objective is not a particular P*, but the convergence behavior of the sequence {G_n}." — 论文核心命题,生成器迭代的收敛性才是关键,而非单次输出质量 -> "A stable generative capability is defined as a fixed point of Φ: G* ∈ G, Φ(G*) = G*" — 稳定生成能力即系统不动点 -> "Such systems align with classical results on self-reference, recursion, and bootstrapping computation" — 自引用经典理论框架下的一次形式化尝试 +> "We study a class of recursive self-optimizing generative systems whose objective is not the direct production of optimal outputs, but the construction of a stable generative capability through iterative self-modification." — tukuai + +> "Such systems naturally instantiate a bootstrapping meta-generative process governed by fixed-point semantics." — tukuai ## Key Concepts -- [[自递归优化生成系统]]:α-提示词(生成器)+Ω-提示词(优化器)通过自举实现无限逼近理想状态 -- [[固定点]]:Φ(G*) = G* 的生成器,不随自身生成-优化-更新循环而改变 -- [[自举]]:用优化后的产物反馈给系统,再次优化生成器本身,形成递归超越 -- [[元生成器]](Meta-Generator):更新生成器的函数 M: G × P → G -- [[λ-calculus 递归]]:使用 Y Combinator 表达 G* = Y STEP 的自引用不动点 -- [[Generator Space]]:所有可能的生成器构成的空间 ℒ ⊆ ℘^ℐ +- [[自递归优化生成系统]]:α-提示词(生成器 G)+ Ω-提示词(优化器 O)+ 元生成器(M)三角色递归循环 +- [[固定点]]:Φ(G*) = G* 的生成器状态,系统不动点,即自洽的稳定生成能力 +- [[Y Combinator]]:λ-calculus 固定点组合子,Y ≡ λf.(λx.f(x,x))(λx.f(x,x)),用于表达自指动力学 ## Key Entities -- [[tukuai]]:独立研究者,该形式化框架的提出者,GitHub 账户 https://github.com/tukuai +- [[tukuai]]:递归自优化生成系统形式化框架提出者,独立研究者 ## Connections -- [[自递归优化生成系统]] ← 理论基础 ← [[固定点]] -- [[自递归优化生成系统]] ← 形式化工具 ← [[λ-calculus]] -- [[Agent Skill 设计模式]] ← 实践对应:Generator Pattern 实现自递归优化的工程化版本 -- [[自递归优化生成系统]] ← 收敛目标 ← [[固定点]] -- [[自递归优化生成系统]] → 实践框架 → [[Agent Skill 设计模式]] -- [[自递归优化生成系统]] → 认知基础 → [[自我改进]] +- [[Multi-Agent System Reliability]] ← relates_to ← [[Multi-Agent Hierarchy]],层级架构中 Supervisor 对应 Generator 角色 +- [[Agent Skill 设计模式]] ← extends ← [[自递归优化生成系统]],Skill Generator Pattern 是固定点语义的具体实践 +- [[Claude Code]] ← tools ← [[自递归优化生成系统]],Claude Code 通过 Skill 加载实现生成器更新 ## Contradictions -- 与 [[Claude-Code调用方法总结]] 冲突: - - 冲突点:Claude Code 作为工具是否具备自优化能力 - - 当前观点:Claude Code 是静态工具,仅被动响应指令,无自我改进机制 - - 对方观点:递归自优化系统理论暗示 AI 工具通过迭代使用可以形成隐式自我改进(通过生成器空间收敛) +- 与 [[AI Agent 思维方式]] 冲突:本文强调"停止拟人化 LLM",AI Agent 思维方式强调先问关键问题。冲突点:本文主张架构约束 > 情感化 prompt;AI Agent 思维方式认为澄清问题优先于执行。当前观点:架构约束更根本,澄清问题是执行层面的优化。 \ No newline at end of file diff --git a/wiki/sources/AI-解决方案专家培训课程.md b/wiki/sources/AI-解决方案专家培训课程.md new file mode 100644 index 00000000..475ad3d3 --- /dev/null +++ b/wiki/sources/AI-解决方案专家培训课程.md @@ -0,0 +1,45 @@ +--- +title: "AI 解决方案专家培训课程" +type: source +tags: [ai, coze, workflow, industry-solution] +date: 2025-06-20 +--- + +## Source File +- [[raw/AI/AI 解决方案专家培训课程.md]] + +## Summary +- 核心主题:Coze 中文版平台提供的多行业 AI Agent 与工作流 Demo 集合,覆盖金融/教育/医疗/电商/客服等场景 +- 问题域:企业难以快速构建可落地的 AI 解决方案,缺乏从概念到实际部署的完整参考 +- 方法/机制:Coze 平台提供预置 Bot/Workflow 模板,用户可 Fork 后自定义改造,API 调用外部工具(GPT-SoVITS/F5-TTS/FaceFusion) +- 结论/价值:低代码平台大幅降低 AI 解决方案开发门槛,非技术用户也能搭建企业级 AI 应用 + +## Key Claims +- Coze 平台实现 AI 应用开发平民化,通过邀请链接即可加入团队空间体验 Demo +- Workflow 模式(工作流模式)比 Bot 模式更适合复杂多步骤任务,流程固定但灵活性强 +- 表格问答助手支持代码版和插件版两种实现,满足不同技术能力用户需求 +- 医疗分诊助手结合图像识别(影像图片 Excel 数据)+ 问诊逻辑,实现端到端 AI 辅助 + +## Key Quotes +> "数据分析案例:https://www.coze.cn/space/7433704316877520906/project-ide/7507579385827360779" — Coze 平台数据分析案例 + +> "AI证件照Demo:https://idphoto.bananaresearch.cn/" — 泛娱乐场景 AI 应用 Demo + +## Key Concepts +- [[Coze工作流]]:Coze 平台的可视化 Workflow 编辑器,通过节点串联实现复杂业务流程 +- [[AI行业解决方案]]:针对特定行业(金融/教育/医疗/电商)垂直场景的 AI Agent 定制方案 +- [[表格问答助手]]:基于知识库的自然语言 SQL 查询工具,支持代码版和插件版两种架构 + +## Key Entities +- [[Coze]]:字节跳动旗下的 AI Agent 开发平台,国内版(coze.cn)和海外版(coze.com)双版本运营 +- [[FaceFusion]]:人脸融合 AI 工具,用于泛娱乐场景的 AI 证件照和视频生成 +- [[F5-TTS]]:开源语音克隆项目,用于数字人和 AI 客服的语音合成 +- [[GPT-SoVITS]]:声音克隆模型,用于医疗问诊等场景的个性化语音交互 + +## Connections +- [[n8n]] ← comparable_to ← [[Coze工作流]],两者都是可视化工作流编排工具,但 Coze 专注于 AI Agent,n8n 通用性更强 +- [[AI数据处理]] ← uses ← [[AI行业解决方案]],行业方案依赖数据处理层实现结构化信息提取 +- [[智能体工作流]] ← extends ← [[Coze工作流]],Coze 工作流是智能体工作流的具体实现之一 + +## Contradictions +- 与 [[Workflow vs Agent]] 概念:本文的 Workflow 模式强调固定流程;Coze 也支持 Agent 模式(LLM 动态决策)。冲突点:固定流程 vs 动态决策的适用场景。当前观点:复杂业务场景优先 Workflow,简单问答场景用 Agent 模式更灵活。 \ No newline at end of file diff --git a/wiki/sources/Autonomous-Project-Management-STATE-yaml.md b/wiki/sources/Autonomous-Project-Management-STATE-yaml.md new file mode 100644 index 00000000..6a28e223 --- /dev/null +++ b/wiki/sources/Autonomous-Project-Management-STATE-yaml.md @@ -0,0 +1,38 @@ +--- +title: "Autonomous Project Management(去中心化协调模式)" +type: source +tags: [project-management, autonomous, subagent, state-yaml, openclaw] +date: 2026-04-13 +--- + +## Source File +- [[raw/Agent/usecases/autonomous-project-management.md]] + +## Summary +- 核心主题:去中心化项目协调——通过共享 STATE.yaml 文件替代中央 orchestrator +- 问题域:传统中央协调模式(主 Agent 做交通警察)造成瓶颈,多并行工作流项目需要真正的并行执行 +- 方法/机制:每个项目维护 STATE.yaml 作为单一真实源,subagent 自主读写状态文件协调 +- 结论/价值:主会话保持薄(CEO 模式),所有执行下沉到 subagent,Git 作为审计日志 + +## Key Claims +- STATE.yaml > 中央 orchestrator:基于文件的协调比消息传递更具可扩展性 +- Git 作为审计日志:STATE.yaml 变更提交 Git 实现完整历史追溯 +- 标签命名规范:`pm-{project}-{scope}` 便于追踪 +- 薄主会话原则:主 Agent 越少做事,响应越快 + +## Key Quotes +> "Main session = coordinator ONLY. All execution goes to subagents." — OpenClaw PM Delegation Pattern + +## Key Concepts +- [[STATE.yaml]]:项目协调文件,YAML 结构定义任务状态与依赖,支持 next_actions 驱动 +- [[去中心化协调]]:无中央 orchestrator,各 subagent 通过共享状态文件自主协调 +- [[GitOps]](隐式):Git commit STATE.yaml 变更实现项目状态版本管理 + +## Key Entities +- [[Nicholas Carlini]]:自主编码 agent 方法论提出者,STATE.yaml 去中心化协调灵感来源 +- [[OpenClaw]]:支持 sessions_spawn/sessions_send,subagent 文件系统访问 + +## Connections +- [[Autonomous-Project-Management-STATE-yaml]] ← implements ← [[Multi-Agent Hierarchy]](Planner+Worker+Validator,STATE.yaml 替代中央验证器) +- [[Autonomous-Project-Management-STATE-yaml]] ← shares_pattern ← [[Multi-Agent-Specialized-Team-Solo-Founder-Setup]](均依赖共享状态协调,而非中央 orchestrator) +- [[Multi-Agent-Specialized-Team-Solo-Founder-Setup]] ← extends ← [[Autonomous-Project-Management-STATE-yaml]](Solo-Founder 团队在 PM 维度应用去中心化协调) diff --git a/wiki/sources/Best 7 news API data feeds - AI News.md b/wiki/sources/Best 7 news API data feeds - AI News.md new file mode 100644 index 00000000..7faf813f --- /dev/null +++ b/wiki/sources/Best 7 news API data feeds - AI News.md @@ -0,0 +1,60 @@ +--- +title: "Best 7 News API Data Feeds" +type: source +tags: [news-api, data-feed, ai, 新闻聚合] +date: 2025-03-11 +--- + +## Source File +- [[raw/AI/Best 7 news API data feeds - AI News.md]] + +## Summary +- 核心主题:7 款主流新闻 API 数据源全面评测 +- 问题域:如何为 AI 应用选择合适的新闻数据源 +- 方法/机制:对比维度(覆盖范围/价格/适用场景/核心能力) +- 结论/价值:不同场景对应不同 API——金融选 Bloomberg/FT、舆情选 Webz.io/Opoint、小型应用选 GNews/Mediastack + +## Key Claims +- Webz.io 是覆盖最全面的新闻 API,同时覆盖 surface web + deep web + dark web,金融/网安/风控场景首选 +- GNews API 轻量低价,适合小型应用和初创公司,支持多语言本地化 +- The Guardian API 专注高质量编辑内容,适合研究和内容平台 +- Bloomberg API + Financial Times API 面向机构级金融分析,FT 提供经济报告,Bloomberg 提供实时市场数据 +- Opoint 擅长舆情监控和情感分析,PR/营销/品牌监测首选 +- Mediastack 7000+ 来源,免费套餐可用,最适合开发者构建多来源聚合应用 + +## Key Quotes +> "News API data feeds are platforms that aggregate, organise, and deliver structured news data from multiple sources." — AI News 概述 + +## Key Concepts +- [[News API]]:标准化 HTTP API 接口获取新闻数据,返回 JSON/XML 格式结构化数据 +- [[新闻聚合]]:将多个来源新闻整合为统一格式,Eliminate 人工采集成本 +- [[舆情监控]]:实时跟踪品牌/竞品媒体提及和情感倾向 +- [[金融情报]]:实时分析市场动向新闻,驱动投资决策 + +## Key Entities +- [[Webz.io]]:全覆盖新闻 API(surface+deep+dark web) +- [[GNews API]]:轻量低价新闻 API +- [[The Guardian API]]:高质量编辑内容新闻源 +- [[Bloomberg API]]:机构级金融数据 API +- [[Financial Times API]]:专业财经分析与经济报告 +- [[Opoint]]:舆情监控与情感分析平台 +- [[Mediastack API]]:7000+ 来源可扩展新闻 API + +## Connections +- [[News API]] ← 分类产品 ← [[Webz.io]] / [[GNews API]] / [[The Guardian API]] / [[Bloomberg API]] / [[Financial Times API]] / [[Opoint]] / [[Mediastack API]] +- [[舆情监控]] ← 工具 ← [[Opoint]] +- [[金融情报]] ← 工具 ← [[Bloomberg API]] / [[Financial Times API]] + +## Use Cases +| 场景 | 推荐 API | +|------|---------| +| 金融分析与市场数据 | Bloomberg API / Financial Times API | +| 舆情监控与品牌追踪 | Opoint / Webz.io | +| 网安与风控情报 | Webz.io | +| 小型应用与本地化 | GNews API / Mediastack | +| 高质量编辑内容 | The Guardian API | +| AI 训练数据获取 | Mediastack(来源多+价格灵活) | + +## Contradictions +- Webz.io vs Mediastack:Webz.io 覆盖最广但价格高;Mediastack 来源多且有免费套餐,但深度不如 Webz.io +- Bloomberg vs Financial Times:Blochberg 偏实时市场数据,FT 偏深度经济报告,可互补 diff --git a/wiki/sources/Build-Your-Own-X-从零构建技术栈.md b/wiki/sources/Build-Your-Own-X-从零构建技术栈.md new file mode 100644 index 00000000..9b50a086 --- /dev/null +++ b/wiki/sources/Build-Your-Own-X-从零构建技术栈.md @@ -0,0 +1,38 @@ +--- +title: "Build Your Own X — 从零构建技术的编程学习资源集" +type: source +tags: [learning, programming, github, tutorial, build-from-scratch] +date: 2026-01-01 +--- + +## Source File +- [[raw/AI/codecrafters-iobuild-your-own-x Master programming by recreating your favorite technologies from scratch.md]] + +## Summary +- 核心主题:GitHub 编程学习资源集,通过从零重建流行技术来掌握编程 +- 问题域:如何通过动手重建而非被动阅读来深度理解技术原理 +- 方法/机制:收录 25 个技术领域的分步骤指南,每指南附多语言实现教程 +- 结论/价值:"What I cannot create, I do not understand"——费曼学习法的技术领域实践 + +## Key Claims +- 重建流行技术是深度掌握编程的最有效方法 +- 分步骤指南覆盖 25 个技术领域,从 Web 服务器到神经网络到操作系统 +- 每个领域提供多语言实现(Python/JavaScript/Go/C++/Rust 等),学习者可选择熟悉语言切入 +- codecrafters.io 提供在线编程挑战平台 + +## Key Quotes +> "What I cannot create, I do not understand." — Richard Feynman + +## Key Concepts +- [[费曼学习法]]:不能创造即不能真正理解,动手重建是最高效的深度学习路径 +- [[Vibe Coding]]:BYOX 与 Vibe Coding 均强调动手实践,BYOX 是更激进的"完全从零"版本 + +## Key Entities +- [[CodeCrafters]]:build-your-own-x 的维护方,提供在线编程挑战平台 +- [[Daniel Stefanovic]]:build-your-own-x 项目创始人 +- [[Richard Feynman]]:费曼学习法起源 + +## Connections +- [[Build-Your-Own-X-从零构建技术栈]] ← enables ← [[Vibe Coding]](BYOX 是 Vibe Coding 的底层实践) +- [[Build-Your-Own-X-从零构建技术栈]] ← implements ← [[费曼学习法]] +- [[Vibe-Kanban-OpenCode-Ubuntu-Server安装管理指南]] ← related ← [[Vibe Coding]](Vibe Coding 工具链) diff --git a/wiki/sources/Clonezilla对Ubuntu-Server进行全盘镜像备份.md b/wiki/sources/Clonezilla对Ubuntu-Server进行全盘镜像备份.md new file mode 100644 index 00000000..0fde37a8 --- /dev/null +++ b/wiki/sources/Clonezilla对Ubuntu-Server进行全盘镜像备份.md @@ -0,0 +1,45 @@ +--- +title: "Clonezilla对Ubuntu Server进行全盘镜像备份" +type: source +tags: [clonezilla, ubuntu, backup, nas, disaster-recovery] +date: 2025-12-20 +--- + +## Source File +- [[raw/Home Office/Clonezilla对Ubuntu Server进行全盘镜像备份.md]] + +## Summary +- 核心主题:使用 Clonezilla 对 Ubuntu Server 进行全盘镜像备份到 Synology NAS +- 问题域:物理机 Ubuntu Server 如何在不停机的情况下做完整磁盘备份并支持灾难恢复 +- 方法/机制:Rufus 制作 USB 启动盘 → Clonezilla live NFS 挂载 NAS → savedisk 生成镜像文件 +- 结论/价值:Clonezilla 等同于企业级 Ghost,支持增量镜像差异备份,NFS 作为备份目标实现集中存储 + +## Key Claims +- Clonezilla 支持两种模式:device-image(磁盘备份为镜像文件)和直接克隆(磁盘对磁盘) +- NFS 是连接 NAS 备份的最佳协议,Linux 兼容性优于 SMB/CIFS +- Rufus 制作 Clonezilla USB 启动盘:ISO 镜像模式(非 DD 模式),GPT 分区方案(UEFI 非 CSM) +- 备份参数:-z1p 高压缩率(节省 NAS 空间),-sfsck 跳过文件系统检查(节省时间) +- 灾难恢复路径:与备份流程相同,仅在"具体操作"中选择 restoredisk 覆盖目标磁盘 + +## Key Quotes +> "蓝色 U盘 32G 安装了 Clonezilla" — 作者自用 Clonezilla 启动盘配置 + +## Key Concepts +- [[磁盘镜像备份]]:将整个磁盘内容打包为单个镜像文件存储,支持完整恢复 +- [[Clonezilla]]:开源磁盘克隆/镜像工具,支持备份到 NFS/SMB/USB 等多种存储后端 +- [[灾难恢复]]:硬盘损坏后通过镜像文件还原系统,destoredisk 完成后系统即刻复活 +- [[NFS 挂载]]:Network File System 协议挂载 NAS 共享目录作为备份目标 +- [[Rufus]]:快速制作 USB 启动盘工具,支持 ISO 写入和 FAT32 格式化 + +## Key Entities +- [[Rufus]]:USB 启动盘制作工具,将 Clonezilla ISO 写入 U 盘 +- [[Synology NAS]]:备份目标存储,NFS 服务器端,提供 /volume2/backups 共享目录 +- [[NFS]]:Network File System,Linux 原生网络文件系统协议,Clonezilla NAS 备份推荐协议 +- [[Ubuntu Server]]:备份源系统,HP ZBook 工作站上运行的 Server 版本 + +## Connections +- [[rsync增量备份]] ← complements ← [[磁盘镜像备份]](全量 vs 增量互补) +- [[NFS永久挂载]] ← is_similar_to ← [[NFS 挂载]] +- [[Synology NAS]] ← provides ← [[NFS]] + +## Contradictions diff --git a/wiki/sources/GitHub-上-5000-人收藏的-Vibe-Coding-神级指南。.md b/wiki/sources/GitHub-上-5000-人收藏的-Vibe-Coding-神级指南。.md new file mode 100644 index 00000000..a6f8f7ef --- /dev/null +++ b/wiki/sources/GitHub-上-5000-人收藏的-Vibe-Coding-神级指南。.md @@ -0,0 +1,50 @@ +--- +title: "GitHub 上 5000 人收藏的 Vibe Coding 神级指南(中文版)" +type: source +tags: [vibe-coding, AI编程, github, 中文资源] +date: 2025-12-30 +--- + +## Source File +- [[raw/AI/GitHub 上 5000 人收藏的 Vibe Coding 神级指南。.md]] + +## Summary +- 核心主题:vibe-coding-cn 中文开源项目——面向中文开发者的 Vibe Coding 资源库与工作站 +- 问题域:中文开发者难以系统性获取 Vibe Coding 方法论和工具链资源 +- 方法/机制:整合 AI 编程资源、提示词库、学习路径和实操流程,形成可操作的工作站 +- 结论/价值:Vibe Coding = 规划驱动 + 上下文固定 + AI 结对执行;规划就是一切,防止 AI 理解偏差导致项目逻辑混乱 + +## Key Claims +- Vibe Coding 核心公式:规划驱动 + 上下文固定 + AI 结对执行,让想法到可维护代码成为可审计流水线 +- Vibe Coding 本质:开发者做导演,AI 做执行,专注于产品逻辑/用户流程/审美/交互把握 +- Karpathy 原话:"我几乎不写代码了,我只负责调整氛围(Vibe),代码会自动长出来" +- vibe-coding-cn = 中文开发者 Vibe Coding 资源库,提供方法论+工具链+提示词库+开发经验全链路覆盖 +- 工具链推荐:Cursor + Claude Opus 4.5-xhigh,直接可用无需筛选 +- 提示词库覆盖:需求澄清/系统架构设计/分步执行/自测全链路,支持 Excel 与 Markdown 互转 + +## Key Quotes +> "Vibe Coding = 规划驱动 + 上下文固定 + AI 结对执行,让『从想法到可维护代码』变成一条可审计的流水线,而不是一团无法迭代的巨石文件。" — vibe-coding-cn 定义 + +> "我几乎不写代码了,我只负责调整氛围(Vibe),代码会自动长出来。" — Andrej Karpathy + +## Key Concepts +- [[Vibe Coding]]:氛围编程,开发者做导演而非码农,专注于规划和审美而非逐行代码 +- [[规划驱动]]:Vibe Coding 第一原则,AI 写代码前必须有清晰技术选型、实施规划和模块化设计 +- [[上下文固定]]:Vibe Coding 第二原则,通过 .cursorrules 等文件约束 AI 行为边界 +- [[AI 结对执行]]:Vibe Coding 第三原则,AI 作为 pair programmer 替代传统 IDE +- [[vibe-coding-cn]]:中文开发者 Vibe Coding 开源资源库,GitHub 仓库 tukuai/vibe-coding-cn + +## Key Entities +- [[Karpathy]]:Vibe Coding 概念提出者,OpenAI/特斯拉前研究科学家 +- [[Cursor]]:AI 代码编辑器,Vibe Coding 推荐首选 IDE +- [[Windsurf]]:AI 编程 IDE,Vibe Coding 工具选项之一 +- [[Trae]]:AI 编程 IDE,Vibe Coding 工具选项之一 +- [[vibe-coding-cn]]:中文 Vibe Coding 开源资源库,GitHub tukuai/vibe-coding-cn + +## Connections +- [[Vibe Coding]] ← is_extended_by ← [[vibe-coding-cn]] +- [[Cursor]] ← is_used_in ← [[Vibe Coding]] +- [[项目规则]] ← enables ← [[上下文固定]] +- [[vibe-coding-cn]] ← aggregates ← [[Prompt工程]] + +## Contradictions diff --git a/wiki/sources/How-Can-a-Multi-Cloud-Strategy-Transform-Your-Business-ROI.md b/wiki/sources/How-Can-a-Multi-Cloud-Strategy-Transform-Your-Business-ROI.md new file mode 100644 index 00000000..7317c744 --- /dev/null +++ b/wiki/sources/How-Can-a-Multi-Cloud-Strategy-Transform-Your-Business-ROI.md @@ -0,0 +1,62 @@ +--- +title: "How Can a Multi Cloud Strategy Transform Your Business ROI?" +type: source +tags: [cloud, strategy, multi-cloud, ROI] +date: 2024-12-24 +--- + +## Source File +- [[raw/Cloud & DevOps/How Can a Multi Cloud Strategy Transform Your Business ROI.md]] + +## Summary +- 核心主题:多云策略(Multi-Cloud)如何提升业务 ROI +- 问题域:单一云厂商依赖导致成本高、弹性差、风险集中 +- 方法/机制:跨 AWS/Azure/GCP 分配工作负载,利用各厂商优势定价和服务能力 +- 结论/价值:多云策略可降低 30% 运营成本,提升韧性、弹性、安全性和创新能力 + +## Key Claims +- 78% 采用多云策略的企业将工作负载部署在超过 3 个公有云,以提升敏捷性和成本效益(Virtana) +- 86% 企业计划在 2024 年底前采用多云策略(New Horizons) +- 多云策略可为企业降低 30% 运营成本(Forrester) +- 多云不等于备份策略:真正的价值在于跨厂商性能优化、成本优化和弹性扩展 +- 多云不等于复杂性增加:Kubernetes、Terraform 等工具和治理框架可简化管理 + +## Key Quotes +> "You can leverage computing from AWS, AI tools from Google, and store your data in Microsoft Azure without fearing vendor lock-in yet enjoy high availability." — 多云核心价值描述 + +## Key Concepts +- [[多云策略]]:跨多个公有云(AWS/Azure/GCP)分配工作负载,利用各厂商差异化优势 +- [[供应商锁定规避]]:通过多厂商策略避免单一云厂商绑定,保持谈判议价能力 +- [[多云治理]]:跨云资源管理、安全策略、成本控制和合规性的统一框架 +- [[多云成本优化]]:利用不同厂商的差异化定价模型降低整体云支出 +- [[云弹性扩展]]:跨多个云动态调配资源,应对突发流量峰值 +- [[数据主权合规]]:选择符合区域法规的云厂商存储和处理数据 + +## Key Entities +- [[AWS]]:多云策略中的基础设施和通用计算主力厂商 +- [[Azure]]:多云策略中的企业级 AI 和数据服务厂商 +- [[GCP]]:多云策略中的机器学习和分析工具厂商 +- [[Kubernetes]]:多云环境容器编排和 workload 统一管理工具 +- [[Terraform]]:IaC 工具,跨云基础设施声明式管理 +- [[CloudHealth]]:多云成本和性能监控工具(原文提及) +- [[Datadog]]:跨云统一可观测性监控平台 + +## Connections +- [[Cloud Operating Model]] ← is_applied_to ← [[多云策略]] +- [[DevOps成熟度模型]] ← enables ← [[多云治理]] +- [[多云成本优化]] ← depends_on ← [[FinOps]] +- [[Kubernetes]] ← enables ← [[多云治理]] +- [[Terraform]] ← enables ← [[多云治理]] + +## Industry Use Cases +- **电商**:黑五/网一高峰期跨云弹性扩展,保障高可用和低延迟 +- **医疗**:符合 HIPAA 区域数据主权要求,分布式存储降低单云依赖成本 +- **金融**:利用不同厂商最优安全特性,满足严格合规要求同时最大化 ROI + +## Implementation Steps +1. 评估需求:明确目标(韧性/成本优化/扩展)、预算分析、现有工作负载梳理 +2. 选择厂商:AWS 做基础设施、Google Cloud 做分析、Azure 做 AI,根据场景匹配 +3. 集成管理:采用 Kubernetes/Terraform 统一编排,确保数据互操作性 +4. 监控优化:CloudHealth/Datadog 持续跟踪性能和成本,动态调整资源分配 + +## Contradictions diff --git a/wiki/sources/If-you-have-multiple-interests-do-not-waste-the-next-2-3-years.md b/wiki/sources/If-you-have-multiple-interests-do-not-waste-the-next-2-3-years.md new file mode 100644 index 00000000..de78bafc --- /dev/null +++ b/wiki/sources/If-you-have-multiple-interests-do-not-waste-the-next-2-3-years.md @@ -0,0 +1,58 @@ +--- +title: "If You Have Multiple Interests, Do Not Waste the Next 2-3 Years" +type: source +tags: [ai, entrepreneurship, generalist, content, self-education] +date: 2025-04-15 +--- + +## Source File +- [[raw/AI/If you have multiple interests, do not waste the next 2-3 years 如果你有多项兴趣爱好,不要浪费接下来的两三年时间。.md]] + +## Summary +- 核心主题:在 AI 时代,拥有多重兴趣的通才(Generalist)比专才(Specialist)更具优势;多兴趣交叉创造独特视角是最终的护城河 +- 问题域:工业时代专业化分工思维使人沦为螺丝钉,社会对"专注单一技能"的迷信阻碍个人发展 +- 方法/机制:三要素框架(自学 Self-education + 自利 Self-interest + 自立 Self-sufficiency)→ 通才自然涌现;内容创作作为收入载体;系统经济时代系统 > 产品 +- 结论/价值:AI 时代是第二次文艺复兴,多兴趣通才拥有前所未有机遇;品牌即环境,内容即新颖视角,系统即产品 + +## Key Claims +- 专业化导致愚蠢和依赖,通才(Generalist)才能实现主权(Self-sufficiency)和适应力 +- 第二次文艺复兴已到来:印刷术降低知识成本 → 个人可追求多领域精通;AI 降低执行成本 → 个人可将兴趣转化为产品 +- 最终护城河是独特视角(Perspective),这来自独一无二的人生经历,无法被复制 +- 三要素:Self-education(引擎)+ Self-interest(指南针)+ Self-sufficiency(基石) +- 系统经济时代,人们要的是你的解决方案而非通用解决方案;2 Hour Writer 系统即产品 + +## Key Quotes +> "The man whose whole life is spent in performing a few simple operations... generally becomes as stupid and ignorant as it is possible for a human creature to become." — Adam Smith + +> "Your edge lies more in intersection than it does in expertise." — Dan Koe + +> "Your brand is your story." — Dan Koe + +> "Content is novel perspectives." — Dan Koe + +> "Systems are the new product." — Dan Koe + +## Key Concepts +- [[超级通才]]:拥有多领域交叉能力的个体,AI 时代比专才更具主权和适应力,对应 [[超级个体]] 但更强调知识广度 +- [[自教育]]:自主定向学习以获得与传统教育不同的结果,是通才养成的引擎 +- [[自利]]:追随自身利益而非被组织利益裹挟,是通才的指南针 +- [[自立自强]]:拒绝外包判断力、学习力和自主性,是通才的基石 +- [[创意博物馆]]:Idea Museum,创作素材库,通过 ruthless curation 积累高密度创意 +- [[系统经济]]:Systems Economy,解决方案的价值在于系统本身而非产品功能,2HW 系统即产品 +- [[内容创意密度]]:Idea Density,内容质量的衡量标准 = Performance(受众关注)× Excitement(个人热情) + +## Key Entities +- [[Dan Koe]](TheDankoe):多兴趣创业者,内容创作者,2 Hour Writer 系统开发者,Eden 软件创始人 +- [[Adam Smith]]:《国富论》作者,专业化分工理论的提出者,"螺丝钉"批评的引用来源 +- [[Leonardo da Vinci]]:文艺复兴通才典范,绘画/雕塑/工程/解剖/战争机器/人体绘图跨界 +- [[Jordan Peterson]]:《12 rules for life》作者,作为通才不追随内容潮流而是用思想质量建立影响力 + +## Connections +- [[超级个体]] ← extends ← [[超级通才]],超级通才是超级个体在知识广度上的具体表达 +- [[品味]] ← relates_to ← [[独特视角]],两者均强调 AI 无法复制的判断力护城河 +- [[死亡过滤器]] ← relates_to ← [[自利]],两者均帮助筛选真正值得投入的方向 +- [[内容矩阵]] ← extends ← [[创意博物馆]],创意博物馆是内容矩阵的输入端 +- [[反向金字塔]] ← relates_to ← [[系统经济]],反向金字塔分发是系统执行的体现 + +## Contradictions +- 与 [[一人公司]] 框架:本文强调"不要成为 YouTuber/个人品牌/网红,要做自己";一人公司框架强调需要关注(Attention)才能变现。冲突点:追求纯粹 vs 追求分发。当前观点:两者本质一致——通过真实自我吸引精准受众,只是叙事风格不同。 \ No newline at end of file diff --git a/wiki/sources/Multi-Agent-Specialized-Team-Solo-Founder-Setup.md b/wiki/sources/Multi-Agent-Specialized-Team-Solo-Founder-Setup.md index d1f3f065..d9182249 100644 --- a/wiki/sources/Multi-Agent-Specialized-Team-Solo-Founder-Setup.md +++ b/wiki/sources/Multi-Agent-Specialized-Team-Solo-Founder-Setup.md @@ -1,44 +1,37 @@ --- -title: "Multi-Agent Specialized Team (Solo Founder Setup)" +title: "Multi-Agent Specialized Team(Solo Founder 模式)" type: source -tags: [openclaw, multi-agent, telegram, solo-founder, workflow] -date: 2026-04-15 +tags: [multi-agent, openclaw, solo-founder, team, telegram] +date: 2026-04-13 --- ## Source File - [[raw/Agent/usecases/multi-agent-team.md]] ## Summary -- 核心主题:Solo founder 通过多 Agent 虚拟团队实现 24/7 全天候工作能力 -- 问题域:单一 Agent 无法高效处理多领域工作;Context 切换破坏深度工作;知识孤岛导致洞察无法跨 Agent 流动 -- 方法/机制:专业化 Agent(各角色独立模型/人格)+ 共享记忆(GOALS.md/DECISIONS.md)+ 私有上下文 + Telegram 统一入口 + 定时主动任务 -- 结论/价值:从 2 Agent 开始按瓶颈扩展;定时任务是价值飞轮;团队协作产生真正价值 +- 核心主题:Solo Founder 如何通过多 Agent 专精团队实现 24/7 全天候工作能力 +- 问题域:单一 Agent 无法同时擅长战略/开发/营销/销售;角色切换破坏深度工作 +- 方法/机制:每个 Agent 独立角色+人格+模型,通过共享内存协作,Telegram 统一入口 +- 结论/价值:从"管理一个工具"到"指挥一个团队"的范式转变,Agent 主动推送而非被动响应 ## Key Claims -- 单一 Agent 无法高效处理战略/开发/营销/分析多领域,context window 快速填满 -- 共享记忆(GOALS.md/DECISIONS.md)+ 私有上下文是多 Agent 协作核心 -- 所有 Agent 通过同一 Telegram 群聊控制,各自只响应被 @ 的消息 -- 定时主动任务(早会摘要/指标推送/内容创意)是价值飞轮 -- 从 2 Agent 开始,不是一上来建 4 个团队 -- [[Trebuh]] 的实践:4 个 Agent(Milo/Josh/Marketing/Dev)+ Telegram + VPS,描述为"真正的 24/7 小团队" +- 2 Agent 起步(Lead + 1 专精),按瓶颈扩展,而非一上来建 4 个团队 +- 共享内存(GOALS.md/DECISIONS.md/PROJECT_STATUS.md)+ 私有上下文是关键组合 +- 定时主动任务(早会摘要/指标推送/内容创意)是真正的价值杠杆 +- Telegram 单群聊入口 + @AgentName 路由 + 无@默认 Lead ## Key Quotes -> "Start with 2, not 4: Begin with a lead + one specialist, then add agents as you identify bottlenecks" — 实践总结 -> "The real value emerges when agents proactively surface insights, not just when you ask" — 定时任务价值 -> "Personality matters more than you'd think: Giving agents distinct names and communication styles makes it natural to talk to your team" — Trebuh - -## Key Concepts -- [[共享记忆模式]]:GOALS.md(OKR与优先级,所有Agent可读)+ DECISIONS.md(关键决策日志)+ PROJECT_STATUS.md(当前项目状态) -- [[定时主动任务]]:Agent 主动在后台工作并推送结果,而非等待用户请求 -- [[Multi-Agent Hierarchy]]:团队层级架构,Lead Agent 协调 + Specialist Agent 执行 -- [[Telegram路由]]:单群聊入口 + @AgentName 路由 + 无@默认 Lead Agent +> "A real small team available 24/7." — [[Trebuh]] 描述其 4 Agent 团队 ## Key Entities -- [[Trebuh]]:Solo founder,4 Agent 团队实践者,通过 X 分享案例 -- [[OpenClaw]]:多 Agent 管理平台,支持 sessions_spawn/sessions_send/Telegram skill +- [[Trebuh]]:Solo founder,4 Agent 团队(Milo/Josh/Marketing/Dev)+ Telegram + VPS 实践者 +- [[OpenClaw]]:多 Agent 协作框架,支持 sessions_spawn/sessions_send/共享文件系统 +- [[Claude Code]]:深度代码任务执行(Agent 模式) +- [[Telegram]]:统一控制平面,单群聊入口实现多 Agent 路由 ## Connections -- [[Trebuh]] ← 实践者 ← [[Multi-Agent Specialized Team]] -- [[OpenClaw]] ← 平台 ← [[Multi-Agent Specialized Team]] -- [[共享记忆模式]] ← 核心机制 ← [[Multi-Agent Specialized Team]] -- [[定时主动任务]] ← 价值飞轮 ← [[Multi-Agent Specialized Team]] +- [[Multi-Agent-Specialized-Team-Solo-Founder-Setup]] ← implements ← [[Multi-Agent Hierarchy]](Supervisor=Lead,Worker=专精 Agent) +- [[Multi-Agent-Specialized-Team-Solo-Founder-Setup]] ← shares_pattern ← [[Autonomous-Project-Management]](共享状态协调模式) +- [[Multi-Agent-Specialized-Team-Solo-Founder-Setup]] ← extends ← [[Multi-Agent-System-Reliability-Alex-Ewerlof]](Hierarchy 模式的 OpenClaw 具体实践) +- [[Multi-Agent-Specialized-Team-Solo-Founder-Setup]] ← uses ← [[共享内存模式]](GOALS.md/DECISIONS.md/PROJECT_STATUS.md) +- [[Multi-Agent-Specialized-Team-Solo-Founder-Setup]] ← enables ← [[定时主动任务]](Agent 主动后台工作推送结果) diff --git a/wiki/sources/Multi-Agent-System-Reliability-Alex-Ewerlof.md b/wiki/sources/Multi-Agent-System-Reliability-Alex-Ewerlof.md new file mode 100644 index 00000000..44d140a8 --- /dev/null +++ b/wiki/sources/Multi-Agent-System-Reliability-Alex-Ewerlof.md @@ -0,0 +1,53 @@ +--- +title: "Multi-Agent System Reliability(Alex Ewerlöf)" +type: source +tags: [multi-agent, reliability, architecture, llm] +date: 2026-04-13 +--- + +## Source File +- [[raw/AI/Multi-Agent System Reliability.md]] + +## Summary +- 核心主题:多智能体系统的可靠性架构模式 +- 问题域:LLM 作为不可靠组件,如何构建企业级可靠的多智能体系统 +- 方法/机制:4种架构模式(Hierarchy/Consensus/Adversarial Debate/Knock-out)+ 可靠性工程原理 +- 结论/价值:将 LLMs 视为分布式系统中不可靠组件,而非拟人化智能体;通过架构约束而非"小心谨慎"来保证正确性 + +## Key Claims +- LLM 本质随机(stochastic),单次回答仅代表一种概率分布,幻觉率约 20% +- 将 LLM 拟人化(给钱/威胁/情感操控)仅改变 token 预测分布,不产生真正的动机 +- 3 个模型同时产生完全相同谎言的概率为 0.8%(0.2³),多数投票可有效消除幻觉噪声 +- 从"AI 原型"到"企业级 AI"的转变核心:停止要求模型"小心",改为强制其"正确" + +## Key Quotes +> "We don't need AI that 'cares.' We need AI that is constrained, verified, pruned, and challenged." — [[Alex Ewerlöf]] +> "Don't anthropomorphize LLMs! Find a way to piggy back on their human-corpus training while being aware of their non-biological differences." — [[Alex Ewerlöf]] +> "If you threaten a model too hard, it might just lie to make you happy. This is Sycophancy." — [[Alex Ewerlöf]] + +## Key Concepts +- [[Multi-Agent Hierarchy]]:Supervisor(规划器)+ Worker(工作者)+ Validator(验证器)的三角色顺序协作 +- [[Multi-Agent Consensus]]:N 个模型对同一任务独立响应,多数票消除随机噪声(0.8% 相同谎言概率) +- [[Multi-Agent Adversarial Debate]]:Generator + Critic + Judge 三方对抗,Truth survives the fight +- [[Multi-Agent Knock-out]]:遗传算法启发的适应度淘汰制,最差代理被淘汰(cattle not pets) +- [[LLM Sycophancy]]:模型过度迎合用户意图而撒谎的现象,多数投票可缓解 + +## Key Entities +- [[Alex Ewerlöf]]:Senior Staff Engineer,KTH 系统工程硕士,专注可靠性工程与 LLM 应用(2023年起) +- [[Groupthink]]:共识模式中的反馈回路风险,导致从众效应放大错误 +- [[Genetic Algorithm]]:Knock-out 模式理论基础,适应度函数评估并淘汰低质量个体 + +## Connections +- [[Multi-Agent-System-Reliability-Alex-Ewerlof]] ← foundational_theory ← [[Multi-Agent Hierarchy]] +- [[Multi-Agent-System-Reliability-Alex-Ewerlof]] ← foundational_theory ← [[Multi-Agent Consensus]] +- [[Multi-Agent-System-Reliability-Alex-Ewerlof]] ← foundational_theory ← [[Multi-Agent Adversarial Debate]] +- [[Multi-Agent-System-Reliability-Alex-Ewerlof]] ← foundational_theory ← [[Multi-Agent Knock-out]] +- [[Multi-Agent-Specialized-Team-Solo-Founder-Setup]] ← extends ← [[Multi-Agent-System-Reliability-Alex-Ewerlof]](Hierarchy 模式的具体实践) +- [[Autonomous-Project-Management]] ← implements ← [[Multi-Agent Hierarchy]](STATE.yaml 替代中央验证器) +- [[Multi-Agent-Specialized-Team-Solo-Founder-Setup]] ← shares_pattern ← [[Autonomous-Project-Management]](均依赖共享状态协调) + +## Contradictions +- 与纯 LLM 原型思维: + - 冲突点:认为"小心提示"可解决幻觉 + - 当前观点:架构约束(验证器/投票/淘汰)才是可靠性来源 + - 对方观点:通过情感化 prompt(给钱/威胁)激励模型正确输出 diff --git a/wiki/sources/MySQL-MariaDB-数据库详细信息.md b/wiki/sources/MySQL-MariaDB-数据库详细信息.md new file mode 100644 index 00000000..f4b388b5 --- /dev/null +++ b/wiki/sources/MySQL-MariaDB-数据库详细信息.md @@ -0,0 +1,56 @@ +--- +title: "MySQL MariaDB 数据库详细信息" +type: source +tags: [database, mariadb, mysql, nas, synology] +date: 2026-04-15 +--- + +## Source File +- [[raw/Home Office/MySQL MariaDB 数据库详细信息.md]] + +## Summary +- 核心主题:Synology NAS Docker MariaDB 10.11 内网/公网访问配置与用户权限管理 +- 问题域:NAS 部署的 MariaDB 仅允许 localhost 访问,远程连接需手动创建用户 +- 方法/机制:socket 本地登录 → CREATE USER → GRANT ALL PRIVILEGES → FLUSH PRIVILEGES +- 结论/价值:建立 NAS 统一数据库层,支持公网域名 mysql.ishenwei.online:63307 访问 + +## Key Claims +- Synology Docker MariaDB 默认只允许 root@localhost 连接,不存在 root@% 或任何远程用户 +- 远程连接失败的根因是缺少 host/user 组合与对应权限 +- 创建 'shenwei'@'%' 可实现任意 IP 的远程访问,但密码强度必须符合 MariaDB 策略要求 + +## Key Quotes +> "进入 MariaDB(使用 socket 登陆):sudo mysql -u root -p -S /run/mysqld/mysqld10.sock" — 本地 socket 登录方式 +> "CREATE USER 'shenwei'@'%' IDENTIFIED BY '!Abcde12345'; GRANT ALL PRIVILEGES ON *.* TO 'shenwei'@'%' WITH GRANT OPTION; FLUSH PRIVILEGES;" — 远程访问用户创建标准 SQL + +## Key Concepts +- [[Socket登录]]:通过本地 socket 文件 /run/mysqld/mysqld10.sock 连接 MariaDB,无需 TCP 端口认证 +- [[MariaDB用户权限模型]]:host + user 组合决定访问权限,localhost 表示仅本机,% 表示任意 IP +- [[FLUSH PRIVILEGES]]:将内存中的权限表重新读取到内存,使权限变更立即生效 + +## Key Entities +- [[Synology NAS]]:硬件平台(192.168.3.17),MariaDB 10.11.6 运行在 Docker 容器内 +- [[MariaDB]]:MySQL 分支数据库,版本 10.11.6,端口 3307(内网)、63307(公网) +- [[Cloudflare]]:域名 mysql.ishenwei.online DNS 解析层 + +## Connections +- [[MySQL MariaDB 数据库详细信息]] ← runs_on ← [[Synology NAS]] +- [[MySQL MariaDB 数据库详细信息]] ← accessible_via ← [[Cloudflare]](公网域名反向代理) + +## Contradictions + +## Internal Access Credentials +| 项目 | 值 | +|------|-----| +| IP | 192.168.3.17 | +| Port | 3307 | +| Username | shenwei / root | +| Password | !Abcde12345 | + +## Public Access Credentials +| 项目 | 值 | +|------|-----| +| Domain | mysql.ishenwei.online | +| Port | 63307 | +| Username | shenwei / root | +| Password | !Abcde12345 | diff --git a/wiki/sources/N8N Full Tutorial Building AI Agents in 2025 for Beginners.md b/wiki/sources/N8N Full Tutorial Building AI Agents in 2025 for Beginners.md new file mode 100644 index 00000000..23bc9331 --- /dev/null +++ b/wiki/sources/N8N Full Tutorial Building AI Agents in 2025 for Beginners.md @@ -0,0 +1,40 @@ +--- +title: "N8N Full Tutorial - Building AI Agents in 2025 for Beginners" +type: source +tags: [n8n, ai-agent, 工作流, 教程] +date: 2025-03-06 +--- + +## Source File +- [[raw/Agent/n8n full tutorial building AI agents in 2025 for Beginners!.md]] + +## Summary +- 核心主题:N8N 平台构建 AI Agent 入门教程 +- 问题域:Workflow 和 Agent 的区别,N8N 5 类节点,Agent 中 Memory 机制 +- 方法/机制:N8N 可视化节点编排,Trigger → Action/Utility/Code/AI Agent 节点 +- 结论/价值:Agent = LLM 动态选择工具 + Memory 保持上下文;Workflow = 预定义自动化 + +## Key Claims +- Workflow vs Agent:Workflow 是预定义自动化(固定输出),Agent 由 LLM 动态决定工具调用(适应用户输入) +- N8N 5 类节点:Trigger(触发器)、Action(操作)、Utility(工具)、Code(代码)、Advanced AI(AI Agent) +- Memory 是 AI Agent 与用户对话连贯性的关键,保留上下文使响应更相关 +- Airtable 可作为工具接入 N8N Agent,实现库存查询和更新 +- 多 Agent 串联和工作流链式调用可构建复杂自动化系统 + +## Key Concepts +- [[Agentic System]]:Agent + Workflow 的组合,Agent 动态选择工具,Workflow 预定义执行路径 +- [[N8N Workflow]]:N8N 可视化工作流,Trigger → 多节点串联 +- [[Memory in AI Agent]]:Agent 保持对话上下文的机制,使多轮交互连贯 +- [[Workflow vs Agent]]:固定自动化 vs LLM 动态决策的本质区别 + +## Key Entities +- [[Airtable]]:在线数据库,可作为 N8N Agent 工具接入,实现库存管理 + +## Connections +- [[n8n]] ← 工具 ← [[N8N Workflow]] +- [[n8n]] ← 工具 ← [[Agentic System]] +- [[Agentic System]] ← 包含 ← [[Workflow vs Agent]] + [[Memory in AI Agent]] +- [[Airtable]] ← 工具 ← [[Memory in AI Agent]] + +## Contradictions +- 与 [[n8n Docker 安装与更新]]:后者专注部署安装,本文档专注工作流构建方法论 diff --git a/wiki/sources/Nano-Banana-提示词框架.md b/wiki/sources/Nano-Banana-提示词框架.md new file mode 100644 index 00000000..261253ae --- /dev/null +++ b/wiki/sources/Nano-Banana-提示词框架.md @@ -0,0 +1,43 @@ +--- +title: "Nano Banana 结构化提示词框架" +type: source +tags: [ai, prompt, image-generation, google] +date: 2025-03-15 +--- + +## Source File +- [[raw/AI/Nano Banana 提示词框架.md]] + +## Summary +- 核心主题:Google 发布的图像生成结构化提示词框架,通过 9 个标准化字段将创意描述转化为机器可执行参数 +- 问题域:自然语言描述图像存在歧义和模糊性,AI 生成结果与预期不符 +- 方法/机制:9 层结构化字段(Shot/Subject/Environment/Lighting/Camera/ColorGrade/Style/Quality/Negatives);物件描述框架与人物描述框架共用结构,subject 字段内容不同 +- 结论/价值:结构化提示词大幅提升 AI 图像生成的可控性和一致性,降低迭代成本 + +## Key Claims +- Nano Banana 框架将图像生成提示词标准化为 9 个字段,每个字段控制特定维度 +- negatives(负向提示词)是质量控制关键字段,明确排除不需要的特征 +- camera 字段提供电影级构图控制(focal_length/aperture/angle),实现专业级运镜效果 +- 物件描述框架与人物描述框架核心结构一致,区别仅在 subject 字段内容(item/materials/details/condition vs age/appearance/pose) + +## Key Quotes +> "negatives": "no scratches, no dust, no logos or brand names, no human hands, blurry watch face, unrealistic lighting." — 示例中的负向提示词 + +## Key Concepts +- [[Nano Banana]]:Google 发布的结构化图像生成提示词框架,9 层标准化字段设计 +- [[物件描述框架]]:Nano Banana 中用于描述物品的字段结构(item/materials/details/condition) +- [[人物描述框架]]:Nano Banana 中用于描述人物的字段结构(age/appearance/pose) +- [[负向提示词]]:Negatives,通过明确排除不需要的特征来提升生成质量 +- [[运镜控制]]:Camera 参数控制焦距/光圈/角度,实现电影级构图 + +## Key Entities +- [[Google]]:Nano Banana 框架的发布方,AI 图像生成工具的技术引领者 + +## Connections +- [[AI生图]] ← uses ← [[Nano Banana]],Nano Banana 是 AI 生图的结构化提示词方法论 +- [[Prompt工程]] ← extends ← [[Nano Banana]],Nano Banana 是 Prompt工程 在图像生成领域的具体实现 +- [[Never write another prompt]] ← comparable_to ← [[Nano Banana]],两者都提供结构化提示词能力,但 Nano Banana 专用于图像生成 +- [[主体一致性]] ← relates_to ← [[负向提示词]],负向提示词有助于维持主体一致性 + +## Contradictions +- 与 [[风格迁移]] 概念:Nano Banana 强调精确控制(结构化字段),风格迁移强调美学转化。冲突点:精确控制 vs 美学灵活。当前观点:两者互补——Nano Banana 控制主体和构图,风格迁移处理美学层面的二次加工。 \ No newline at end of file diff --git a/wiki/sources/Never-write-another-prompt.md b/wiki/sources/Never-write-another-prompt.md index 526625a1..366cf5ba 100644 --- a/wiki/sources/Never-write-another-prompt.md +++ b/wiki/sources/Never-write-another-prompt.md @@ -1,35 +1,42 @@ --- -title: "Never write another prompt" +title: "Never Write Another Prompt" type: source -tags: [tutorial, ai-tools, prompt-engineering] +tags: [ai, prompt, youtube, tool] date: 2025-03-06 --- ## Source File -- raw/AI/Never write another prompt.md +- [[raw/AI/Never write another prompt.md]] ## Summary -- 核心主题:AI 提示词生成工具的使用教程 -- 问题域:用户难以编写精确的提示词导致 AI 输出质量不佳 -- 方法/机制:将基础描述转换为结构化详细提示词的自动化工具 -- 结论/价值:无需专业提示词工程背景即可生成高质量提示词,大幅降低使用成本 +- 核心主题:通过提示词生成工具,从简单描述自动生成结构化详细提示词,降低 AI 应用门槛 +- 问题域:用户难以写出精确的提示词,导致 AI 返回质量不佳的响应;专业提示词服务费用高达 $100-500/条 +- 方法/机制:工具将简单描述转化为结构化提示词,支持变量插入和编辑;API Key 认证保护账户安全 +- 结论/价值:提示词工程民主化让任何人都能创建高质量提示词,无需专业技术背景 ## Key Claims -- 工具可以将简单描述自动转化为详细的结构化提示词 -- 生成一个高质量提示词通常需要 100-500 美元,自动化工具可大幅降低成本 -- 变量功能支持高度定制化 -- 提示词库提供灵感来源,可显著减少创建时间 -- 成功的提示词可保存复用,提高长期效率 +- 提示词工程已从专业技能转变为工具化流程,非技术用户也能生成高质量提示词 +- 变量(Variables)机制使提示词可高度定制,无需重写即可适应不同场景 +- 提示词库(Prompt Libraries)作为灵感来源,显著减少创作时间 +- AI 工具成本极低,用户可创建无限量提示词 + +## Key Quotes +> "Prompt engineering is the art of crafting prompts that elicit specific responses from AI. With the introduction of this tool, users no longer need to be experts in this field." — Never Write Another Prompt + +> "You become a curator of ideas that people wouldn't even think to ask AI for, and that people would never come across organically." — Demystified principle ## Key Concepts -- [[提示词工程自动化]]:将复杂提示词编写过程简化为描述输入 -- [[提示词变量]]:允许用户自定义定制化输出的占位符机制 -- [[提示词库]]:预制提示词的资源集合,用于快速复用 +- [[Prompt工程]]:通过结构化方式构建 AI 提示词以获得最佳响应的技术 +- [[提示词生成工具]]:将简单描述自动转化为结构化提示词的 AI 应用工具 +- [[变量机制]]:提示词中可插入变量以实现模板化和复用的设计模式 ## Key Entities -- [[Anthropic Console]]:Claude API 管理控制台 -- [[YouTube]]:视频教程发布平台 +- [[Anthropic Claude Console]]:提供 API 访问权限的 Claude 控制台,用于提示词测试 ## Connections -- [[Prompt工程]] ← 关联 ← 自动化提示词生成降低工程门槛 -- [[Claude-Code]] ← 关联 ← 两者都是提升 AI 使用效率的工具 \ No newline at end of file +- [[Claude Code]] ← uses ← [[Prompt工程]],Claude Code 通过高质量提示词调用 Claude 模型 +- [[Nano Banana 提示词框架]] ← extends ← [[Prompt工程]],Nano Banana 是结构化提示词的具体实现 +- [[Agent Skill 设计模式]] ← relates_to ← [[提示词生成工具]],Skill 是提示词的封装形式 + +## Contradictions +- 与 [[流程工程]] 视角:本文将 Prompt工程 工具化;流程工程认为 Prompt 只是表面,SOP 才是核心。冲突点:工具化降低门槛但无法保证一致性;SOP 封装才能保证稳定复用。当前观点:工具化适合个人使用,流程工程适合团队协作。 \ No newline at end of file diff --git a/wiki/sources/TikTok Shop - Apache Superset Dashboard设计思路.md b/wiki/sources/TikTok Shop - Apache Superset Dashboard设计思路.md new file mode 100644 index 00000000..36b3a43d --- /dev/null +++ b/wiki/sources/TikTok Shop - Apache Superset Dashboard设计思路.md @@ -0,0 +1,77 @@ +--- +title: "TikTok Shop - Apache Superset Dashboard设计思路" +type: source +tags: [tiktok-shop, superset, bi, dashboard, 电商分析] +date: 2025-03-14 +--- + +## Source File +- [[raw/跨境电商/TikTok Shop - Apache Superset Dashboard设计思路.md]] + +## Summary +- 核心主题:TikTok Shop 电商选品数据可视化分析系统设计 +- 问题域:如何将 TikTok Shop 爬取数据转化为可操作的选品决策支持系统 +- 方法/机制:Apache Superset + SQL Views + 多维度 Dashboard 设计 +- 结论/价值:4-Tab 专业选品 Dashboard,覆盖爆品发现、价格带分析、类目机会、店铺监控 + +## Key Claims +- TikTok Shop 数据适合做 6 类分析:爆品发现、价格销量关系、类目机会、店铺监控、SKU 库存、评论分析 +- Superset 无法直接解析 JSON,必须通过 SQL View 预处理 JSON_EXTRACT 字段 +- 选品评分模型 = sold×0.4 + rating×12 + rating_count×0.2 + discount_percent×0.5 +- 气泡图(价格×销量×评分)可一眼识别"低价高销量"和"高客单价爆品" + +## Key Concepts +- [[电商选品分析]]:通过销量、评分、折扣多维度评分发现高潜力产品 +- [[Superset Dashboard]]:Apache Superset 可视化分析平台,支持导入 JSON Dashboard 配置 +- [[选品评分模型]]:加权评分公式自动排序推荐产品 +- [[KPI 卡片]]:关键业绩指标数字看板,支持快速筛选热卖/高评分/折扣产品 +- [[价格带分析]]:气泡图/直方图识别最优价格区间 +- [[类目机会分析]]:热力图+箱线图发现蓝海类目 +- [[店铺监控]]:竞争对手销量/评分/上新节奏/价格策略跟踪 +- [[JSON_EXTRACT]]:MySQL JSON 字段预处理,将 JSON 拆分为可计算列 + +## Key Entities +- [[TikTok Shop]]:字节跳动旗下电商平台,数据来源 +- [[Apache Superset]]:开源 BI 可视化平台(Airbnb 出品),支持 SQL Dataset、Chart、Dashboard +- [[TikTok Products]]:核心事实表(products),包含 sold/price/rating/category/store_name/timestamp 等字段 +- [[Product Reviews]]:辅助表,支持评分趋势和 NLP 评论分析 + +## Connections +- [[TikTok Shop]] ← 数据源 ← [[电商选品分析]] +- [[Apache Superset]] ← 可视化工具 ← [[Superset Dashboard]] +- [[电商选品分析]] ← 支撑 ← [[选品评分模型]] +- [[选品评分模型]] ← 使用 ← [[TikTok Products]] +- [[店铺监控]] ← 依赖 ← [[TikTok Products]] +- [[类目机会分析]] ← 依赖 ← [[JSON_EXTRACT]] + +## SQL View + +### view_products_cleaned +```sql +CREATE OR REPLACE VIEW view_products_cleaned AS +SELECT + id, source_id, title, store_name, category, + final_price, initial_price, discount_percent, + sold, position, timestamp, + JSON_EXTRACT(prodct_rating, '$.rating') AS rating, + JSON_EXTRACT(prodct_rating, '$.count') AS rating_count, + (final_price * sold) AS total_gmv, + (initial_price - final_price) AS discount_amount +FROM products; +``` + +## Dashboard 结构(4 Tab) + +| Tab | 名称 | 核心图表 | +|-----|------|---------| +| 1 | 爆品雷达 | KPI卡片×6、Top10条形图、类目占比饼图、价格×销量气泡图、评分直方图 | +| 2 | 类目机会洞察 | 类目销量榜、评分×销量热力图、价格箱线图 | +| 3 | 店铺监控 | 店铺GMV/销量/评分排名、上新趋势面积图、价格策略对比 | +| 4 | 评论分析 | 评分趋势折线图、评论数×销量散点图、好评/差评占比 | + +## Contradictions +- 与 [[可自动化可扩展AI增强的电商数据采集与处理系统]]:后者专注爬取+AI处理,本文档专注数据可视化层面,两者构成采集→分析完整管线 + +## Aliases +- Superset = Apache Superset +- TikTok Shop = TikTok电商 diff --git a/wiki/sources/Ubuntu服务器通过rsync实现日常增量备份.md b/wiki/sources/Ubuntu服务器通过rsync实现日常增量备份.md new file mode 100644 index 00000000..bbbcd0a7 --- /dev/null +++ b/wiki/sources/Ubuntu服务器通过rsync实现日常增量备份.md @@ -0,0 +1,83 @@ +--- +title: "Ubuntu服务器通过rsync实现日常增量备份" +type: source +tags: [ubuntu, rsync, backup, nas, nfs, fstab] +date: 2026-04-15 +--- + +## Source File +- [[raw/Home Office/Ubuntu服务器通过rsync实现日常增量备份.md]] + +## Summary +- 核心主题:Ubuntu 服务器通过 rsync 实现对 NAS 的每日增量备份自动化 +- 问题域:已有机房镜像备份(Clonezilla),需补充实时增量数据保护方案 +- 方法/机制:rsync -azR --delete 差异同步,lockfile 防重入,crontab 凌晨自动执行,/etc/fstab 实现 NFS 永久挂载 +- 结论/价值:构建"时间点恢复"能力,NAS 掉线时自动中止备份防止本地硬盘爆满 + +## Key Claims +- rsync 在备份正在写入的二进制文件(如 MySQL)时可能导致恢复后无法启动,应先用 mysqldump 导出 SQL 再同步 +- rsync 返回码 23/24 在备份运行中系统时属于正常(部分文件权限问题或源文件消失),重点检查数据是否大部分已同步 +- /etc/fstab 中 _netdev 参数确保网络设备就绪后再执行挂载,防止开机因网络未就绪而挂载失败 +- lockfile 机制防止 rsync_backup.sh 重入,脚本开头检查 lockfile 存在则跳过本次执行 + +## Key Quotes +> "rsync -azR --delete — -a 归档模式保留权限属性,-z 压缩传输,-R 相对路径,--delete 删除目标端多余文件" — rsync 核心参数解析 +> "0 3 * * * /usr/local/bin/rsync_backup.sh — 每天凌晨 3 点业务低峰期执行备份" — Crontab 时间配置 +> "192.168.3.17:/volume2/backup /mnt/nas_backup nfs defaults,timeo=900,retrans=5,_netdev 0 0" — NFS /etc/fstab 永久挂载条目 +> "timeo=900(90秒超时),retrans=5(重连5次),_netdev(等待网络就绪)" — NFS 挂载参数详解 + +## Key Concepts +- [[rsync]]:远程增量同步工具,通过 Delta-transfer 算法只传输变化部分 +- [[增量备份]]:仅备份自上次备份以来变化的文件,相比全量备份节省存储和带宽 +- [[NFS永久挂载]]:通过 /etc/fstab 将 NFS 挂载配置为系统启动时自动执行 +- [[lockfile]]:防止脚本重入的简单机制,PID 文件 + kill -0 检测进程存活 +- [[Crontab]]:Linux 定时任务调度器,支持分钟级精确控制 +- [[Clonezilla]]:磁盘镜像备份工具,与 rsync 形成"整机镜像 + 增量数据"二级保护 +- [[mysqldump]]:MySQL/MariaDB 逻辑备份工具,在 rsync 之前先导出 SQL 文件保证数据库一致性 + +## Key Entities +- [[Synology NAS]]:备份目标端(192.168.3.17:/volume2/backup) +- [[Ubuntu服务器]]:备份源端,运行 rsync_backup.sh +- [[Docker]]:数据来源之一(/var/lib/docker/volumes/、/etc/docker/、/home/shenwei/Docker/) + +## Connections +- [[Ubuntu服务器通过rsync实现日常增量备份]] → backups_to → [[Synology NAS]] +- [[Ubuntu服务器通过rsync实现日常增量备份]] ← runs_on ← [[Ubuntu服务器]] +- [[Docker]] ← source_data ← [[Ubuntu服务器通过rsync实现日常增量备份]] + +## 备份策略矩阵 + +| 备份类型 | 工具 | 频率 | 覆盖范围 | 恢复时间 | +|---------|------|------|---------|---------| +| 整机镜像 | Clonezilla | 按需/周 | 全盘扇区级 | 长(全盘还原) | +| 增量数据 | rsync | 每日凌晨3点 | 变化文件 | 短(选择性还原) | + +## 关键脚本:rsync_backup.sh 防重入逻辑 +```bash +LOCKFILE="/tmp/rsync_backup.lock" +if [ -e ${LOCKFILE} ] && kill -0 `cat ${LOCKFILE}`; then + echo "备份任务已在运行中,跳过本次执行。" + exit +fi +echo $$ > ${LOCKFILE} +trap "rm -f ${LOCKFILE}" EXIT +``` + +## NFS 永久挂载验证流程 +```bash +# 1. 卸载当前挂载 +sudo umount /mnt/nas_backup +# 2. 模拟开机自动挂载 +sudo mount -a +# 3. 验证挂载成功 +df -h | grep nas_backup +``` + +## Contradictions + +## 常见问题排查 +| 问题 | 原因 | 解决方案 | +|------|------|---------| +| 重启后挂载失效 | nfs-common 启动慢于 mount -a | systemctl enable remote-fs.target | +| rsync 返回码 20 | 进程被手动中断(SIGINT/SIGTERM) | 使用 nohup 或 screen 后台运行 | +| 备份写满本地硬盘 | NAS 掉线时挂载点变成普通目录 | 脚本开头加 mountpoint -q 检查 | diff --git a/wiki/sources/n8n-Claude-自然语言自动化工作流.md b/wiki/sources/n8n-Claude-自然语言自动化工作流.md new file mode 100644 index 00000000..87757718 --- /dev/null +++ b/wiki/sources/n8n-Claude-自然语言自动化工作流.md @@ -0,0 +1,44 @@ +--- +title: "n8n + Claude 通过自然语言自动化工作流" +type: source +tags: [n8n, Claude, 工作流自动化, MCP] +date: 2026-03-29 +--- + +## Source File +- [[raw/Agent/n8n+Claude 通过自然语言自动化工作流.md]] + +## Summary +- 核心主题:n8n + Claude(通过 MCP 协议)实现自然语言驱动的自动化工作流生成 +- 问题域:n8n 工作流设计门槛高、非技术用户难以快速上手 +- 方法/机制:n8n-mcp 作为桥梁,让 Claude 能够理解 n8n 的 543 个节点并生成完整工作流 JSON +- 结论/价值:自然语言生成工作流完成度 80-90%,但需人工修正 10-20% + +## Key Claims +- n8n-mcp 提供 Claude 对 n8n 543 个节点的完整结构化访问 +- Claude 生成 n8n 工作流 JSON 完成度约 80-90%,10%-20% 错误率需人工介入 +- 选择 Opensea 模型并开启 extended thinking 可显著提升生成质量 +- n8n AI Agent 节点支持对话式循环执行,而非单次执行 +- Anthropic MCP 是 Claude 与 n8n 通信的核心协议 + +## Key Quotes +> "n8n AI Agent 节点内置 Memory 机制,支持多轮对话上下文" +> "OpenAI 的 o1-preview 和 o3 模型太慢,实际工作流生成不现实" + +## Key Concepts +- [[n8n-mcp]]:Claude 与 n8n 之间的 MCP 协议桥接,提供 543 个节点的结构化访问 +- [[AI工作流自动生成]]:通过自然语言描述让 AI 自动生成 n8n 工作流 JSON +- [[Memory in AI Agent]]:n8n AI Agent 节点内置 Memory,支持对话式循环执行 +- [[Workflow vs Agent]]:预定义固定路径 vs LLM 动态决策,n8n AI Agent 节点属于后者 + +## Key Entities +- [[Claude]](Anthropic):负责理解用户意图并生成 n8n 工作流 JSON +- [[n8n]]:工作流自动化执行引擎,通过 MCP 接收 Claude 生成的工作流指令 +- [[czlonkowski]]:n8n-mcp 项目作者 + +## Connections +- [[Claude]] ← generates via [[n8n-mcp]] ← [[n8n]] +- [[n8n Docker 安装与更新]] ← 部署基础 +- [[AI工作流自动生成]] ← 应用场景 + +## Contradictions diff --git a/wiki/sources/一语点醒梦中人-东方人生智慧.md b/wiki/sources/一语点醒梦中人-东方人生智慧.md new file mode 100644 index 00000000..24a23a11 --- /dev/null +++ b/wiki/sources/一语点醒梦中人-东方人生智慧.md @@ -0,0 +1,41 @@ +--- +title: "一语点醒梦中人 — 东方人生智慧" +type: source +tags: [wisdom, daoism, confucianism, buddhism, chinese-philosophy] +date: 2026-01-01 +--- + +## Source File +- [[raw/AI/一语点醒梦中人.md]] + +## Summary +- 核心主题:道家、儒家、佛教经典箴言与人生智慧 +- 问题域:如何在困境中保持内心平静,如何以东方哲学应对人生无常 +- 方法/机制:收录王维、曾国藩、老庄等思想家的经典箴言,配以现代解读与实践指南 +- 结论/价值:东方智慧的核心在于"绝处逢生"——以空性智慧观照困境,以道家态度顺势而为 + +## Key Claims +- 王维"行到水穷处,坐看云起时":困境(水穷处)中放下执着,静观变化(云起),顿悟人生 +- "知其不可奈何而安之若命"(庄子):先尽人事,后听天命,非消极认命而是接纳与行动的平衡 +- "执一守中,有劳而作,言行意合,自然而行":儒家守中+道家自然+佛家修言的统一修养路径 +- "唯忘机可以消众机,唯懵懂可以祓不祥"(曾国藩):以无争朴拙应对复杂环境 +- "一切有为法,如梦幻泡影,如露亦如电"(金刚经):以空性智慧观照世间一切现象 + +## Key Concepts +- [[空性智慧]]:一切因缘和合之物皆虚幻短暂,不执着于"自性",以清醒觉知观照流动真相 +- [[绝处逢生]]:"行到水穷处,坐看云起时",东方逆境转化智慧——困境是转机 +- [[知其不可奈何而安之若命]]:先辨"可奈何"与"不可奈何",全力于前者,接纳后者 +- [[执一守中]]:儒家"执两用中"与道家"守中"结合,避免极端,动态平衡中守持正道 +- [[大智若愚]]:收敛锋芒,以质朴掩藏才智(老子/苏轼) +- [[和光同尘]]:不标新立异,与世无争以保全自身(老子) + +## Key Entities +- [[王维]]:"诗佛",行到水穷处典故出处,佛学影响下形成空寂淡泊心境 +- [[曾国藩]]:《治心经·诚心篇》作者,"唯忘机可以消众机"出处,晚清政局中以"拙诚"自保 +- [[庄子]]:《人间世》"知其不可奈何而安之若命"出处,道家逍遥派代表 +- [[老子]]:《道德经》"大巧若拙/和其光同其尘"出处,道家无为思想核心 + +## Connections +- [[一语点醒梦中人-东方人生智慧]] ← foundational ← [[空性智慧]] +- [[一语点醒梦中人-东方人生智慧]] ← foundational ← [[绝处逢生]] +- [[su-dongpo-perspective]] ← similar_tradition ← [[一语点醒梦中人-东方人生智慧]](均属东方人生智慧,苏东坡视角可与此互相补充) diff --git a/wiki/sources/万字保姆级教程-90天跑通一人公司模式-2026-03-29.md b/wiki/sources/万字保姆级教程-90天跑通一人公司模式-2026-03-29.md new file mode 100644 index 00000000..73aba631 --- /dev/null +++ b/wiki/sources/万字保姆级教程-90天跑通一人公司模式-2026-03-29.md @@ -0,0 +1,50 @@ +--- +title: "万字保姆级教程:90天跑通一人公司模式" +type: source +tags: [一人公司, Ikigai, 个人品牌, 商业变现, AI提示词] +date: 2026-03-29 +--- + +## Source File +- [[raw/Agent/万字保姆级教程-90天跑通一人公司模式-2026-03-29.md]] + +## Summary +- 核心主题:用 AI 辅助,从自我认知到商业变现,90 天跑通一人公司模式 +- 问题域:有行业经验但不知如何将个人优势转化为可变现产品 +- 方法/机制:天才地带模型 → 底层能力挖掘 → Ikigai 四圈交集 → 数据验证赛道 → 产品漏斗设计 +- 结论/价值:一人公司的关键是更聪明地定位,而非更努力地工作 + +## Key Claims +- 天才地带(Flow):能产生心流、时间飞逝、精力充沛的活动区域 +- 底层能力的三个自检问题:追溯童年/毫不费力/底层通用 +- 四个心理陷阱:愧疚陷阱、效率陷阱、卓越陷阱、努力陷阱 +- Ikigai 四圈:热爱 × 擅长 × 市场需要 × 能获报酬 +- 产品体系四层:引流(免费PDF)→ 入门(¥199工具)→ 核心(¥4999训练营)→ 高价(¥20000/月的陪跑咨询) +- 内容矩阵:横轴核心主题 × 纵轴内容形式(观察类/反直觉类/操作指南类/个人故事类/清单类) +- 反向金字塔:一次长形式内容,切成无数微内容百次分发 + +## Key Quotes +> "一人公司的关键,和你更努力地工作一点关系没有,是更聪明地定位" +> "在你觉得太简单所以不值钱的事情里,在朋友们总是找你帮忙的那个领域里——现在,是时候把它挖掘出来了" +> "AI 时代能判断什么是真正好的(品味)成为稀缺护城河" + +## Key Concepts +- [[天才地带]]:能产生心流的活动区域,回顾过去一个月找到精力充沛的项目 +- [[底层能力]]:冰山水下的通用能力,能串起多件擅长的事 +- [[Ikigai]]:热情/使命/天职/职业的交汇点,四圈交集处是最佳定位 +- [[一人公司]]:用最小杠杆撬动最大价值,核心支点是个人优势 +- [[产品漏斗]]:获客(社交媒体→落地页)→ 激活(免费资源→系列内容)→ 转化(低价直接/高价咨询) +- [[价格锚定]]:高价咨询放顶部,让低价显得便宜 +- [[内容矩阵]]:核心主题 × 内容形式的二维矩阵 +- [[反向金字塔]]:一次长内容切多次分发 + +## Key Entities +- [[超级个体]]:某领域八九十分 + AI 横向扩展 +- [[品味]]:AI 时代真正的护城河 +- [[端到端]]:不做别人 AI 流水线上的零件 + +## Connections +- [[普通人如何在AI时代赚钱]] ← 同一主题的不同版本 +- [[AI产品经理]] ← 相关:精准表达与结构化思维 + +## Contradictions diff --git a/wiki/sources/万字讲透OpenClaw-Workspace深度解析-2026-03-21.md b/wiki/sources/万字讲透OpenClaw-Workspace深度解析-2026-03-21.md new file mode 100644 index 00000000..9f60a23f --- /dev/null +++ b/wiki/sources/万字讲透OpenClaw-Workspace深度解析-2026-03-21.md @@ -0,0 +1,52 @@ +--- +title: "万字讲透OpenClaw Workspace深度解析(2026-03-21版)" +type: source +tags: [OpenClaw, Workspace, Agent, AGENTS.md, SOUL.md, IDENTITY.md] +date: 2026-03-21 +--- + +## Source File +- [[raw/Agent/万字讲透OpenClaw-Workspace深度解析-2026-03-21.md]] + +## Summary +- 核心主题:OpenClaw workspace 7 大核心文件体系的深度解析与最佳实践 +- 问题域:为什么有些 Agent 每次像重新 onboarding,有些 Agent 却记得一切 +- 方法/机制:workspace 文件体系(AGENTS.md/SOUL.md/USER.md/IDENTITY.md/TOOLS.md/BOOTSTRAP.md/memory/)各司其职 +- 结论/价值:这套文件配合好了,Agent 从"能工作"变成"好用了",成为真正懂你、记得你、靠谱的长期搭档 + +## Key Claims +- AGENTS.md 是岗位说明书,SOUL.md 是性格档案,两者分工明确不应混写 +- AGENTS.md 最佳长度为 300-500 字,过长反而冲淡重点 +- SOUL.md 是叙事性角色设定(人物小传),IDENTITY.md 是结构化元数据(名片) +- TOOLS.md 的核心价值是"什么时候不用",而非"什么时候用" +- BOOTSTRAP.md 是一次性引导,完成后必须删除 +- memory/ 是 Agent 真正的长期记忆,对 Agent 来说真正算数的是 Markdown 文件而非黑盒数据库 +- bootstrapMaxChars/boolstrapTotalMaxChars 长度限制会影响 session 启动时带进系统提示词的内容量 + +## Key Quotes +> "AGENTS.md 告诉你 Agent 该做什么、不该做什么;SOUL.md 定义 Agent 的性格,让它变得可预期" +> "BOOTSTRAP.md 的使命是把一个全新的 workspace 引导到可正常使用的状态" +> "对 Agent 来说,真正算数的长期记忆,是 workspace 里那些 Markdown 文件,不是什么看不见摸不着的黑盒数据库" + +## Key Concepts +- [[Workspace]]:OpenClaw Agent 的工作台,决定 Agent 怎么工作 +- [[AGENTS.md]]:Agent 的岗位职责说明书(功能性) +- [[SOUL.md]]:Agent 的性格档案(人格性) +- [[USER.md]]:用户偏好固化,减少重复交代 +- [[IDENTITY.md]]:Agent 结构化身份元数据(名字/emoji/头像) +- [[TOOLS.md]]:工具权限声明与使用规范,核心是"什么时候不用" +- [[BOOTSTRAP.md]]:一次性初始化引导,完成后必须删除 +- [[memory/]]:Agent 的长期记忆目录,按日期滚动的 Markdown 文件 +- [[长期记忆]]:Agent 跨会话保留重要信息的能力 + +## Key Entities +- [[OpenClaw]]:整个 workspace 文件体系的承载平台 +- [[DracoVibeCoding]]:本文作者,微信公众号 Draco正在VibeCoding + +## Connections +- [[Workspace]] ← contains ← [[AGENTS.md]] + [[SOUL.md]] + [[USER.md]] + [[IDENTITY.md]] + [[TOOLS.md]] + [[BOOTSTRAP.md]] + [[memory/]] +- [[万字讲透OpenClaw-Workspace深度解析]] ← 早版(内容基本相同) +- [[BOOTSTRAP.md]] → deleted after initialization → [[SOUL.md]] created + +## Contradictions +- 与[[万字讲透OpenClaw-Workspace深度解析]]:本质同一篇文章的不同版本,此版本为公众号发布版(2026-03-21),原版为早期传播版 diff --git a/wiki/sources/养虾日记3-Obsidian-Gitea持久化笔记系统.md b/wiki/sources/养虾日记3-Obsidian-Gitea持久化笔记系统.md new file mode 100644 index 00000000..57fd3e07 --- /dev/null +++ b/wiki/sources/养虾日记3-Obsidian-Gitea持久化笔记系统.md @@ -0,0 +1,55 @@ +--- +title: "养虾日记3:用 Obsidian + Gitea 为 AI 助手构建持久化笔记系统" +type: source +tags: [OpenClaw, Obsidian, Gitea, 笔记系统, LLM Wiki, Karpathy] +date: 2026-04-09 +--- + +## Source File +- [[raw/微信公众号/养虾日记3:用 Obsidian + Gitea 为 AI 助手构建持久化笔记系统.md]] + +## Summary +- 核心主题:用 Obsidian 做知识库、Gitea 做版本控制、OpenClaw 做写入接口,构建 AI 助手的持久化笔记系统 +- 问题域:AI 助手每次对话输出后消失在聊天记录里,无法积累和复用 +- 方法/机制:AI 输出直接写入 Obsidian 笔记 → iCloud Drive 三端同步 → Gitea 版本管理 +- 结论/价值:把 AI 变成一个会自动整理笔记的实习生,做完事顺手把记录更新好 + +## Key Claims +- AI 输出的有价值结论直接落盘到笔记,而非留在聊天记录里 +- 每个 Agent 有专属 Archive(openclaw//),knowledgebase/ 是跨 Agent 共用的整理后知识 +- 核心原则:研究过程写入 Agent Archive;经过验证可复用的知识沉淀到 Knowledge Base +- Obsidian Git 插件 Auto commit-and-sync interval 实现完全自动的版本管理 +- Karpathy LLM Wiki 思路:RAG 是每次从零检索知识不积累;LLM Wiki 是增量构建和维护持久化 Wiki,页面间互相链接知识越积越厚 +- Graph View 是知识健康检查工具:孤岛页面(无页面链接指向它)= 需要补上交叉引用 +- Wiki 规模在几百页之前,index.md 完全够用;规模变大后再接入 QMD 精准搜索 + +## Key Quotes +> "用 Obsidian 做知识库,用 Gitea 做版本控制,用 OpenClaw 做写入接口" +> "RAG 模式是每次从零检索,知识不积累;而 LLM Wiki 是让 AI 增量构建和维护一个持久化的 Wiki" +> "把 AI 变成了一个会自动整理笔记的实习生——它做完事,就会顺手把记录更新好" + +## Key Concepts +- [[LLM Wiki]]:增量构建和维护持久化 Wiki,页面间互相链接,知识越积越厚(区别于 RAG 每次从零检索) +- [[Obsidian Web Clipper]]:浏览器插件,快速采集外部素材为 Markdown 到 Obsidian +- [[Graph View]]:知识健康检查工具,发现孤岛页面和知识盲区 +- [[Git自动同步]]:Obsidian Git 插件 Auto commit 实现版本管理完全自动化 +- [[QMD]]:本地 Markdown 搜索引擎,Wiki 规模变大后的精准搜索方案 +- [[知识可发现性]]:Graph View + 双向链接让知识形成网络而非孤岛 +- [[被动更新]]:AI 在执行任务过程中顺手更新文档,无需人工维护 + +## Key Entities +- [[Obsidian]]:本地知识库,支持双向链接、Graph View、Git 插件 +- [[Gitea]]:自建 Git 服务,提供私有 Git 仓库,内网运行数据不出域 +- [[Karpathy]]:LLM Wiki 思路提出者,RAG vs Wiki 对比框架 +- [[OpenClaw]]:写入接口,通过 Obsidian Skill 直接写笔记 +- [[iCloud Drive]]:跨设备同步通道,Mac mini / Laptop / iPhone 三端一致 + +## Connections +- [[养虾日记1-OpenClaw照片整理实战]] ← 同一系列 +- [[养虾日记2-OpenClaw-Self-Improving复盘实战]] ← 同一系列 +- [[个人知识库]] ← 同主题(本文是具体实现) +- [[LLM Wiki]] ← 核心理论(Karpathy) +- [[Gitea]] ← 版本控制层 +- [[memory/]] ← OpenClaw 内置记忆机制(与本文 Obsidian 方案互补) + +## Contradictions diff --git a/wiki/sources/用Docker中安装Navidrome.md b/wiki/sources/用Docker中安装Navidrome.md new file mode 100644 index 00000000..ce50de22 --- /dev/null +++ b/wiki/sources/用Docker中安装Navidrome.md @@ -0,0 +1,69 @@ +--- +title: "用Docker中安装Navidrome" +type: source +tags: [docker, music, navidrome, synology, nas] +date: 2026-04-15 +--- + +## Source File +- [[raw/Home Office/用Docker中安装Navidrome.md]] + +## Summary +- 核心主题:Synology NAS Docker 部署 Navidrome 开源音乐服务器 +- 问题域:自托管音乐流媒体服务搭建,支持多客户端访问和转码 +- 方法/机制:docker-compose 定义服务,指定 UID/GID 用户映射,音乐目录只读挂载,数据目录持久化 +- 结论/价值:获得私有 Spotify 替代品,完全掌控音乐数据和流媒体服务 + +## Key Claims +- Navidrome 音乐目录以只读(:ro)方式挂载,防止容器误操作损坏原始音乐文件 +- ND_AUTOTRANSCODEDOWNLOAD=true 使 Navidrome 根据客户端能力自动下载合适格式 +- ND_TRANSCODINGCACHESIZE=200MB 限制转码缓存保护 NAS 磁盘空间 +- 容器以非 root 用户(1026:100)运行,符合最小权限原则 + +## Key Quotes +> "ND_LOGLEVEL=info — 开启详细日志,便于排查流媒体传输问题" — 故障排查配置 +> "ND_ENABLETRANSCODINGCONFIG=true — 启用转码配置界面" — 管理接口配置 +> "user: "1026:100" — 以指定 UID/GID 用户身份运行容器" — 安全加固配置 + +## Key Concepts +- [[Navidrome]]:开源 Web UI 音乐播放器,支持 Subsonic API,兼容绝大多数音乐客户端 +- [[音乐流媒体服务器]]:将本地音乐库通过 HTTP 流媒体协议提供给多设备客户端 +- [[Transcoding(转码)]]:根据客户端能力动态转换音频格式(如 FLAC → MP3 320kbps) +- [[只读挂载]]::ro 后缀保护原始数据,容器只能读取不能写入 +- [[Subsonic API]]:开源音乐流媒体协议标准,众多音乐 App 均兼容此协议 + +## Key Entities +- [[Synology NAS]]:硬件平台(192.168.3.17),Docker 宿主机 +- [[Docker]]:容器化平台,运行 Navidrome 服务 +- [[deluan/navidrome]]:Navidrome 官方 Docker 镜像 + +## Connections +- [[用Docker中安装Navidrome]] ← hosted_on ← [[Synology NAS]] +- [[用Docker中安装Navidrome]] ← managed_by ← [[Docker]] + +## Navidrome Docker Compose 配置 +```yaml +version: '3.8' +services: + navidrome: + image: deluan/navidrome:latest + container_name: navidrome + user: "1026:100" + restart: unless-stopped + ports: + - "4533:4533" + volumes: + - /volume1/music:/music:ro" + - /volume1/docker/navidrome/data:/data + environment: + - ND_LOGLEVEL=info + - ND_ENABLETRANSCODINGCONFIG=true + - ND_AUTOTRANSCODEDOWNLOAD=true + - ND_TRANSCODINGCACHESIZE=200MB +``` + +## Contradictions + +## Reference +- Navidrome Doc: https://www.navidrome.org/docs/ +- Navidrome FAQ: https://www.navidrome.org/docs/faq/