CfgMgmtCamp 2025 - Talks

DISCLAIMER: CONTENT PARTIALLY GENERATED BY AI

CfgMgmtCamp is the annual gathering for system administrators, DevOps engineers, and SREs, offering three days of conversations and deep dives into infrastructure management, orchestration, monitoring, automation, containerization, operations, and networking — both technical and personal.

Held each year immediately after FOSDEM in Ghent, Belgium, CfgMgmtCamp provides a unique, community-driven environment where like-minded professionals come together to explore the evolving landscape of infrastructure management. Many attendees value not only the convenience of the timing but also the opportunity to engage meaningfully with peers, exchange ideas, and build lasting connections.

The 2025 event marked the 10th edition of CfgMgmtCamp. This year’s camp took place from 3rd to 5th February 2025.

The first two days were dedicated to the main conference, featuring over 20 Ansible-focused talks among a wide range of topics. The third day was reserved for the workshops on a variety of topics, including Ansible Contributor Summit, bringing contributors and enthusiasts together to collaborate, share insights, and shape the future of Ansible.

Ansible talks on Day 1

Ansible - State of the Community

Presenter: Gundalow

Slides: Link

Video: Link

CfgMgmtCamp is one of the standout events on the Ansible Community calendar—a perfect moment to pause, connect, and reflect on how we’re doing as a community.

In the State of the Community session, Gundalow walked us through where we are now and where we might be heading. This talk welcomed everyone—newcomers and long-time contributors alike—because building the future of Ansible is something we all do together.

Topics we covered:

  • The (newly expanded!) Ansible Community team at Red Hat
  • Big wins from the past year
  • Updates from the Ansible Forum
  • Highlights from the latest Community Survey
  • And the big question: Where do we go from here?

Check out the slides which have detailed speaker notes and links, and join the discussion by replying to this forum post.

Using SOPS to manage secrets in Ansible

Presenter: Felix Fontein

Slides: Link

Video: Link

SOPS (Secrets OPerationS) is a tool for managing encrypted secrets for DevOps. This talk compares it to other solutions and shows how it can be used to manage secrets in Ansible.

Making OS compliance bearable

Presenter: Mark Bolwell

Slides: Link

Video: Link

Achieving operating system compliance with industry-recognised security standards—such as the Centre for Internet Security (CIS) Benchmarks and DoD STIG—can be complex. This session demonstrated how the open-source Ansible-Lockdown project, in combination with GOSS, can help simplify that process through automation and validation.

Key points covered:

  • Why compliance matters: Industry, government, and regulatory environments demand secure and auditable infrastructure.
  • How we achieve it: Systems must be brought into compliance and regularly validated to ensure they remain aligned.
  • What we use: The Ansible-Lockdown project, powered by Ansible and validated with GOSS, provides a practical framework to meet these requirements.

This talk, led by one of the project’s core maintainers, offered both strategic insights and technical depth.

Simplifying container orchestration with Ansible and Podman

Presenter: Fabio Alessandro “Fale” Locati

Slides: Link

Video: Link

While Kubernetes remains the industry standard for container orchestration, its complexity can present a steep learning curve—especially for smaller teams or simpler use cases.

In this session, we explored a more accessible alternative that combines the automation power of Ansible with Podman, a lightweight and secure container engine.

What we covered:

  • How to define and manage containerized applications using Ansible playbooks
  • Why Podman is a compelling alternative to Kubernetes for certain environments
  • Real-world examples of using Ansible + Podman to deploy and manage containers efficiently

This approach offers a streamlined, lower-overhead way to manage containers—ideal for teams looking to avoid the operational complexity of full Kubernetes clusters.

Automating AWS Cloud Services with Ansible

Presenter: Alina Buzachis

Slides: Link

Video: Link

This session focused on how Ansible can simplify and strengthen AWS automation by leveraging the amazon.aws and community.aws collections.

Highlights from the session:

  • Demonstrated how to automate core AWS services such as EC2, S3, RDS, and IAM using Ansible
  • Shared recommended practices for efficient resource management, security, and compliance
  • Highlighted recent updates and new features in the amazon.aws and community.aws collections
  • Discussed upcoming improvements aimed at further enhancing AWS automation
  • Showed how community members can get involved by contributing feedback, code, and ideas

Throughout the talk, it was clear that Ansible makes AWS automation easier, more reliable, and highly extensible—whether you’re managing a few instances or large-scale cloud operations.

Streamlining the Ansible creator experience with the new and improved Ansible Development tools

Presenter: Ganesh B Nalawade

Slides: Link

Video: Link

This session introduced the Ansible Development Tools (ADT) and explored how they streamline and improve the Ansible development experience.

Key topics covered:

  • An overview of the Ansible Development Tools and why they are valuable for contributors and users
  • A breakdown of what is included in ADT
  • A look at the enhanced capabilities of the Ansible VS Code extension
  • Demonstrated how to work with the Ansible development container for a consistent and efficient setup
  • Showcased scaffolding Ansible plugins through integration with Red Hat Developer Hub (RHDH)

The session offered practical insights into how these tools make Ansible development faster, easier, and more accessible for everyone.

Beyond copy-paste: Using Ansible Development Tools for Robust Automation Content

Presenter: Sorin Sbarnea

Slides: Link

Video: Link

During this session, we explored how Ansible Development Tools (ADT) can help organisations move beyond copy-paste automation practices and build more reliable, maintainable, and secure playbooks.

While infrastructure automation has evolved, many teams still rely on copying tasks from various sources into Ansible playbooks. Although this may seem efficient in the short term, it introduces technical debt, creates maintenance challenges, and increases security risks. This session demonstrated how Ansible Development Tools offer a better path: an integrated, intuitive approach to creating automation content that scales effectively across environments.

What we covered:

  • Streamlining the Ansible Creator Experience:
    We introduced the Ansible Development Tools and discussed why they are needed. The talk demonstrated how tools like the Ansible VS Code extension, ansible-creator, ansible-lint, and ansible-navigator can significantly enhance the experience of writing, testing, and validating Ansible content.
  • Authoring Reliable Ansible Content:
    The session explored how automation developers can seamlessly author playbooks that are idempotent, tested, validated, and well-documented. We also discussed working with Ansible development containers to create consistent environments for content creation.
  • Going Beyond Copy-Paste:
    We showcased how to use these tools and best practices not just for individual playbooks, but also for generating, testing, and building complete Ansible Collections. By doing so, developers can share, distribute, and scale automation content confidently across teams.

Why this matters:

By adopting a modern Ansible development workflow, organisations can avoid the pitfalls of ad-hoc automation, reduce the risk of deployment failures, and build automation that delivers predictable, secure, and scalable results. This approach enables teams to iterate faster and improve production environments with greater confidence.

Running Ansible, Icinga, and Request Tracker to have event driven automated infrastructure management

Presenter: Toshaan Bharvani

Video: Link

This session explored how Ansible and Icinga could be combined to create event-driven and request-driven infrastructure management, reducing manual effort and improving operational efficiency.

What we covered:

  • Event-Driven and Request-Driven Infrastructure:
    We discussed how Ansible and Icinga were used together to automate infrastructure management based on real-time events and internal resource requests.
  • Automating New Hardware Adoption:
    The talk demonstrated how Ansible and Request Tracker enabled teams to automate the process of provisioning new hardware and fulfilling infrastructure requests, speeding up internal operations.
  • Incident Auto-Remediation:
    We showcased how Ansible and Icinga were integrated to automatically detect and resolve known issues, reducing human intervention and lowering the workload for on-call support teams.

Why it matters:

By integrating Ansible with Icinga and Request Tracker, organisations could shift from reactive to proactive operations—leading to faster incident resolution, improved reliability, and a better experience for support teams.

Ansible talks on Day 2

Automating AI-Powered Graph Databases with Ansible: A Neo4j GenAI Case Study

Presenter: Luca Berton

As AI technologies continue to advance, integrating automation into the setup and management of AI-powered data systems has become increasingly important. In this session, we explored how Ansible can be leveraged to automate the deployment of a Neo4j GenAI environment on Fedora — combining the strengths of graph databases with AI-driven capabilities like retrieval-augmented generation (RAG).

This talk provided a deep technical walkthrough, aimed at system administrators, DevOps engineers, and data scientists who are looking to build scalable, reliable, AI-augmented database environments using modern Infrastructure as Code practices.

What we covered:

  • Automating Neo4j GenAI deployment:
    We demonstrated how Ansible playbooks can be used to automate the full lifecycle of a Neo4j environment — from installation and configuration to service orchestration. This included setting up Neo4j’s core database services, ensuring optimal configuration for AI integration, and securing the environment for production use.
  • Integrating OpenAI APIs for RAG workflows:
    The session detailed how to configure Neo4j to interact with external AI models via OpenAI’s API, enabling retrieval-augmented generation (RAG) tasks. We discussed how Ansible can manage the necessary API keys, environment variables, and connection settings securely during the deployment process.
  • Creating a robust Fedora-based environment:
    Fedora was chosen as the host operating system for its up-to-date package support and strong containerization ecosystem. We covered specific Fedora configurations needed for optimal Neo4j performance, including system tuning, dependency management, and network security considerations — all automated via Ansible.
  • Building reusable and scalable playbooks:
    Attendees were shown how to structure their Ansible automation to enable modularity and reuse, making it easier to scale deployments across different environments (local, on-premises, or cloud). Best practices for writing idempotent, well-documented, and maintainable playbooks were highlighted.
  • Handling large-scale data queries efficiently:
    The session also discussed the challenges of handling AI-augmented queries at scale and how automated resource management and monitoring, orchestrated through Ansible, can help maintain system health and performance under heavy workloads.
  • Future extensions:
    We outlined possibilities for extending this automation further, such as containerising Neo4j deployments with Podman or Kubernetes, adding observability with tools like Prometheus, and integrating role-based access control (RBAC) and secrets management into the playbooks.

Why it matters:

Successfully combining graph databases with AI-driven workflows demands reliable, repeatable automation. Manual setup introduces inconsistencies and risks, especially as environments become more complex.
By using Ansible to orchestrate the deployment of a Neo4j GenAI environment, organisations can accelerate development cycles, reduce human error, and confidently scale AI initiatives across their infrastructure.

This talk demonstrated that with Ansible, building and maintaining sophisticated AI-enabled environments is not just possible — it’s efficient, secure, and future-proof.

Modernizing AWX: From monolith to pluggable services

Presenter: Helen Bailey

Video: Link

AWX is undergoing a significant architectural transformation, evolving from a traditional monolithic application into a modern, pluggable service-oriented system. In this session, Helen Bailey from the Ansible engineering team at Red Hat walked us through the motivations behind this change, the engineering challenges encountered, and what this shift means for the AWX project and its community of contributors.

The talk examined the technical debt and scaling limitations present in the original AWX architecture, and how a modular, service-based approach will address these pain points. We discussed how pluggable services improve scalability, maintainability, and allow more flexible development practices — crucial for both internal engineering teams and community contributors.

Beyond architecture, Helen addressed the human side: current contributor pain points, barriers to entry for new developers, and how Red Hat’s rearchitecture efforts aim to lower these obstacles by making AWX more accessible, understandable, and easier to extend.

What we covered:

  • Challenges with the original AWX monolithic design
  • Goals and progress of the service-oriented rearchitecture
  • Impact on scalability, flexibility, and maintainability
  • Changes designed to improve the contributor experience
  • A forward-looking view on future AWX development

This session provided a deep technical and strategic look at the future of AWX, inviting the community to engage in shaping its next evolution.

You’re Doing Ansible Roles All Wrong

Presenter: Tim Appnel

Slides: Link

Ansible roles are a fundamental building block for clean, modular automation, yet many users miss out on their full power. In this session, Tim Appnel revisited the core principles of Ansible roles, highlighting common mistakes and modern practices that can drastically improve your role development workflows.

We explored how Ansible roles have evolved over time, with newer features like argument specifications, standardized defaults, and more structured testing frameworks enhancing their portability and maintainability.

The talk provided actionable guidance on how to design modular, scalable roles; how to handle variable management cleanly; and how to validate roles using modern tooling like Molecule. It also gave a sneak peek at upcoming improvements that will make roles even more portable and easier to share across diverse environments.

What we covered:

  • Revisiting the original purpose and design philosophy of Ansible roles
  • Key enhancements in recent Ansible releases related to role development
  • Best practices for role modularity, argument specs, defaults, and validation
  • Testing strategies with Molecule and continuous integration setups
  • Preview of future changes to further streamline role usage

By adopting these techniques, attendees were encouraged to elevate the quality, reliability, and reusability of their Ansible content.

Creating Ansible modules is a lot easier than you think

Presenters: Don Naro, Andrei Klychkov

Slides: Link

Developing new Ansible modules may sound intimidating, but Don Naro and Andrei Klychkov showed that the barrier to entry is lower than many expect. This talk was aimed at anyone interested in extending Ansible’s functionality — whether for personal projects, enterprise needs, or community contributions.

The presenters walked through the basic anatomy of an Ansible module: what it is, how it interacts with Ansible execution frameworks, and how modules operate internally during a playbook run. They provided practical advice on tools to use, coding standards to follow, and testing strategies to ensure high-quality, merge-ready modules.

The session also covered foundational network concepts relevant to module execution, such as communication over SSH, WinRM, and local transports — important considerations for anyone writing cross-platform modules.

What we covered:

  • What Ansible modules are and why they’re important
  • Step-by-step walkthrough for writing your first module
  • Tools, scaffolding, and testing frameworks available to developers
  • How modules handle execution transport (SSH, WinRM, etc.)
  • Contribution pathways for sharing your modules with the Ansible community

By demystifying the process, this talk empowered a new wave of Ansible module developers to expand the ecosystem.

Functional programming design patterns in Ansible code

Presenter: Kirill Satarin

Slides: Link

Ansible’s YAML syntax makes writing automation straightforward — but as projects grow, maintaining large playbooks and roles becomes a real challenge. In this session, Kirill Satarin proposed a powerful solution: borrowing functional programming (FP) principles to improve Ansible code quality.

Attendees learned how adopting functional patterns like pure functions, clear separation of effects, immutability, composition, and lazy evaluation can make Ansible automation far easier to test, debug, understand, and extend. These ideas were made accessible even to those without prior FP experience, with real-world Ansible examples illustrating each principle.

What we covered:

  • Why complex Ansible codebases become difficult to manage
  • Introduction to functional programming concepts relevant to Ansible
  • Practical techniques to apply FP principles in roles, playbooks, and modules
  • Strategies for improving testability, modularity, and maintenance
  • How beginners and experienced developers alike can benefit from FP patterns

By adopting a functional mindset, attendees were shown a clear path to more reliable and resilient automation content.

From Manual Testing to Continuous Validation: Taking the Quality of Ansible Content to the Next Level

Presenter: Sorin Sbarnea

Slides:Link

While writing clear and structured Ansible content is important, ensuring its quality through continuous testing is what truly scales automation efforts. In this session, Sorin Sbarnea demonstrated how to move beyond manual testing towards continuous validation pipelines that catch issues early and reliably.

The talk covered practical workflows using Ansible Navigator, Molecule, pytest plugins, and the tox-ansible plugin, showing how these tools can be integrated into modern CI/CD pipelines. We also explored how GitHub Actions can be used to automate content validation across multiple Python and Ansible versions.

What we covered:

  • Why manual testing isn’t enough for production-grade automation
  • Setting up automated testing with Ansible Navigator, Molecule, and pytest
  • Using tox-ansible for multi-version testing
  • Building CI pipelines with GitHub Actions to validate every change
  • Shifting mindset from reactive bug-fixing to proactive quality assurance

This session equipped attendees with the knowledge and tools to guarantee that their Ansible content is reliable, consistent, and production-ready.

Securing Secrets at Scale: Integrating Ansible Automation with Conjur

Presenter: James Freeman

While managing automation at scale is essential, securing and centralizing secrets is a key part of scaling automation efforts effectively. In this session, James Freeman demonstrated how to integrate Ansible with Conjur Open Source, providing a robust solution for secure secrets management.

The talk covered how this integration allows for secure, centralized management of secrets while maintaining control over them. We also explored how Conjur Open Source can be expanded to serve other platforms and how it can manage the rotation of credentials on Linux servers.

What we covered:

  • The importance of centralized secrets management for secure automation
  • Integrating Ansible with Conjur Open Source for secrets management
  • Using Conjur Open Source to provide secrets to other platforms
  • Managing credential rotation on Linux servers with Conjur Open Source

This session provided attendees with the knowledge and tools to enhance their automation workflows by integrating secure secrets management with Ansible and Conjur Open Source.

Resilient Network Automation: Deploy, Validate, Backup and Restore with Ansible

Presenter: Rohit Thakur

Slides: Link

​​Managing complex network infrastructure can be a challenging task, particularly when dealing with multiple protocols and devices. In this session, Rohit Thakur demonstrated how Ansible’s validated network content simplifies the entire process, making it easier to automate deployment, validation, and backup workflows.

The talk covered the use of the network.base, network.bgp, network.ospf, network.interfaces, and network.backup collections to enhance network automation. We explored how to deploy and validate network configurations, generate real-time HTML reports, and implement automated backups to reduce downtime.

What we covered:

  • Deploying and validating network configurations across BGP and OSPF
  • Generating real-time HTML reports for network configuration resources
  • Implementing automated backups and performing quick restores to minimize downtime
  • Building resilient, self-healing networks using Ansible playbooks

This session equipped attendees with the tools to streamline network automation workflows, ensuring resilience and minimal downtime for critical infrastructure.

Leverage Event-Driven Ansible to reduce your automation reaction time

Presenter: Fabio Alessandro “Fale” Locati

Slides: Link

In today’s complex IT environments, the need to automate tasks and processes has never been more critical. In this session, Fabio Alessandro “Fale” Locati introduced Event-Driven Ansible, a new feature that enables automation of IT tasks based on real-time events occurring within your environment.

The talk covered the fundamentals of Event-Driven Ansible, explaining what it is, how it functions, and the benefits it brings to automation. We also explored real-world examples of how Event-Driven Ansible can be applied to enhance reaction times and automate responses to various events.

What we covered:

  • An introduction to Event-Driven Ansible and how it works
  • The benefits of using Event-Driven Ansible in your automation workflows
  • Real-world examples of Event-Driven Ansible in action

This session provided attendees with the knowledge to implement Event-Driven Ansible in their environments, reducing automation reaction times and improving overall efficiency.

Most useful development tool for Ansible content that is rarely used is even better for the teams

Presenter: Kirill Satarin

Slides: Link

Video: Link

ARA (ARA Records Ansible) is a powerful Ansible development tool that simplifies the process of understanding, troubleshooting, and debugging Ansible content during development. This tool also facilitates collaboration among team members working on Ansible content.

In this session, Kirill Satarin demonstrated how ARA can improve development workflows and enhance teamwork by providing better visibility into Ansible runs and simplifying debugging tasks.

What we covered:

  • An introduction to ARA and how it works
  • Setting up ARA in your environment
  • Using ARA to understand, troubleshoot, and debug Ansible content
  • Collaborating with team members on Ansible content development using ARA
  • Integrating ARA into your CI/CD pipeline
  • Tracking changes in Ansible content with ARA

This session was designed for Ansible content developers at all levels, offering valuable insights for both seasoned experts and newcomers looking to improve their development workflows.

Positive Psychology with Ansible

Presenter: James Freeman

Video: Link

Already successfully presented at both the London Ansible MeetUp and AnsibleFest 2021, this newly revised session, adapted to the exciting Ignite format, aimed to promote interest and excitement in the field of positive psychology. James Freeman demonstrated how you don’t need to work directly in this field to benefit from it. In fact, the design of Ansible itself supports positive psychology, and this session explored how.

What we covered:

  • An introduction to positive psychology and its core concepts
  • How Ansible’s design aligns with the principles of positive psychology
  • Demonstrating the benefits of incorporating positive psychology into automation workflows

This session highlighted how anyone can apply positive psychology principles to their work, even in technical fields like Ansible automation.

Ansible and Foreman pulling together

Presenter: Adam Ruzicka

Slides: Link

Video: Link

Foreman has long supported using Ansible as a remote execution provider, but until now, this has only been possible in push mode. In this session, we explored one of the ways to run Ansible on managed hosts without ever opening an SSH connection to them.

What we covered:

  • Overview of Foreman’s support for Ansible as a remote execution provider
  • Exploring alternative methods to run Ansible without SSH connections
  • Demonstrating use cases for executing Ansible on managed hosts securely and efficiently

This session provided insights into how Foreman and Ansible can work together to enhance automation while removing the need for direct SSH connections.

Increase efficiency in EDA workloads - first boot automation on AWS with Python and Boto3

Presenter: James Freeman

Video: Link

Born from a real-world requirement by an EDA customer, this session detailed how to use Python and Boto3 to modify the kernel command line parameters on the first boot of an EC2 instance. Contrary to conventional wisdom, which holds that this can only be done on the second boot, we explored how this task can be accomplished right from the first boot.

In large compute environments, every second of billable runtime matters — both to keep costs down and improve overall runtimes. With a bit of creativity and open-source tools, this challenge can be overcome. In this session, we demonstrated how to achieve this efficiency.

What we covered:

  • Understanding the constraints around kernel command line parameters in EC2 instances
  • Using Python and Boto3 to modify kernel parameters on the first boot
  • The importance of optimizing billable runtime in large compute environments
  • Practical tips for implementing this solution in real-world scenarios

This session provided attendees with innovative solutions to improve efficiency and reduce costs in EC2-based compute environments.

3 Likes