VMworld 2017 Prayer Time

At VMworld 2017 in Las Vegas, I’m organizing—as I have in previous years—a gathering of Christians for a brief time of prayer while at the conference. If you’re interested in joining us, here are the details.

What: A brief time of prayer

Where: Mandalay Bay Convention Center, level 1 (same level as the food court), at the bottom of the escalators heading upstairs (over near the business center)

When: Monday 8/28 through Thursday 8/31 at 7:45am (this should give everyone enough time to grab breakfast before the keynotes start at 9am)

Who: All courteous attendees are welcome, but please note that this will be a distinctly Christian-focused and Christ-centric activity (I encourage believers of other faiths/religions to organize equivalent activities)

Why: To spend a few minutes in prayer over the day, the conference, the attendees, and each other

You don’t need to RSVP or anything like that, although you’re welcome to if you’d like (just hit me up on Twitter). There’s also no need to bring anything other than an open heart, your faith, and your willingness to display that faith in front of others. This is quite casual—we’ll gather together, share a few prayer requests and needs, and Continue reading

Ten Years of Spousetivities

A long time ago in a galaxy far, far away (OK, so it was 2008 and it was here in this galaxy—on this very planet, in fact), I posted an article about bringing your spouse to VMworld. That one post sparked a fire that, kindled by my wife’s passion and creativity, culminates this year in ten years of Spousetivities! Yes, Spousetivities is back at VMworld (both US and Europe) this year, and Crystal has some pretty nice events planned for this year’s participants.

Registration is here, and here’s a quick look at some of the activities planned for VMworld US in Las Vegas:

• On Monday, August 28, Spousetivities will kick the week off with a “Welcome Breakfast”, including—as usual!—the opportunity to win some great prizes. iPads, Apple Watches, VR headsets, GoPro cameras, and more have all been prizes in previous years. (What? You expected me to spill the beans on what’s being given away this year?)
• The breakfast is followed by a scavenger hunt, including a visit to an ice bar and the chance for more prizes. Veeam is sponsoring the scavenger hunt.
• On Tuesday, August 29, there is an option for a very cool helicopter tour Continue reading

Ten Years of Spousetivities

A long time ago in a galaxy far, far away (OK, so it was 2008 and it was here in this galaxy—on this very planet, in fact), I posted an article about bringing your spouse to VMworld. That one post sparked a fire that, kindled by my wife’s passion and creativity, culminates this year in ten years of Spousetivities! Yes, Spousetivities is back at VMworld (both US and Europe) this year, and Crystal has some pretty nice events planned for this year’s participants.

Registration is here, and here’s a quick look at some of the activities planned for VMworld US in Las Vegas:

• On Monday, August 28, Spousetivities will kick the week off with a “Welcome Breakfast”, including—as usual!—the opportunity to win some great prizes. iPads, Apple Watches, VR headsets, GoPro cameras, and more have all been prizes in previous years. (What? You expected me to spill the beans on what’s being given away this year?)
• The breakfast is followed by a scavenger hunt, including a visit to an ice bar and the chance for more prizes. Veeam is sponsoring the scavenger hunt.
• On Tuesday, August 29, there is an option for a very cool helicopter tour Continue reading

The Linux Migration: July 2017 Progress Report

I’m now roughly six months into using Linux as my primary laptop OS, and it’s been a few months since my last progress report. If you’re just now picking up this thread, I encourage you to go back and read my initial progress report, see which Linux distribution I selected, or check how I chose to handle corporate collaboration (see here, here, and here). In this post, I’ll share where things currently stand.

My configuration is unchanged from the last progress report. I’m still running Fedora 25, and may consider upgrading to Fedora 26 when it releases (due to be released tomorrow, I believe). I’m still using the Dell Latitude E7370, which continues—from a hardware perspective—to perform admirably. CPU power is a bit limited, but that’s to be expected from a mobile-focused chip. My line-up of applications also remains largely unchanged as well.

Some things are working really well:

• Sublime Text runs really well and is quite fast, making it easy to continue using Markdown as my primary content format. Sublime Text’s performance and stability have been unparalleled.
• I’ve had no performance or stability issues with Firefox (for browsing) or Enpass (for password management).
• ODrive, Continue reading

The Linux Migration: July 2017 Progress Report

I’m now roughly six months into using Linux as my primary laptop OS, and it’s been a few months since my last progress report. If you’re just now picking up this thread, I encourage you to go back and read my initial progress report, see which Linux distribution I selected, or check how I chose to handle corporate collaboration (see here, here, and here). In this post, I’ll share where things currently stand.

My configuration is unchanged from the last progress report. I’m still running Fedora 25, and may consider upgrading to Fedora 26 when it releases (due to be released tomorrow, I believe). I’m still using the Dell Latitude E7370, which continues—from a hardware perspective—to perform admirably. CPU power is a bit limited, but that’s to be expected from a mobile-focused chip. My line-up of applications also remains largely unchanged as well.

Some things are working really well:

• Sublime Text runs really well and is quite fast, making it easy to continue using Markdown as my primary content format. Sublime Text’s performance and stability have been unparalleled.
• I’ve had no performance or stability issues with Firefox (for browsing) or Enpass (for password management).
• ODrive, Continue reading

Technology Short Take #84

Welcome to Technology Short Take #84! This episode is a bit late (sorry about that!), but I figured better late than never, right? OK, bring on the links!

Networking

• When I joined the NSX team in early 2013, a big topic at that time was overlay protocols (VXLAN, STT, etc.). Since then, that topic has mostly faded, though it still does come up from time to time. In particular, the move toward Geneve has prompted that discussion again, and Russell Bryant tackles the discussion in this post.
• Sjors Robroek describes his nested NSX-T lab that also includes some virtualized network equipment (virtualized Arista switches). Nice!
• Colin Lynch shares some details on his journey with VMware NSX (so far).
• I wouldn’t take this information as gospel, but here’s a breakdown of some of the IPv6 support available in VMware NSX.

Servers/Hardware

• Here’s an interesting article on the role that virtualization is playing in the network functions virtualization (NFV) space now that ARM hardware is growing increasingly powerful. This is a space that’s going to see some pretty major changes over the next few years, in my humble opinion.

Security

• Anthony Burke gives a little bit of a sneak peek Continue reading

Technology Short Take #84

Welcome to Technology Short Take #84! This episode is a bit late (sorry about that!), but I figured better late than never, right? OK, bring on the links!

Networking

• When I joined the NSX team in early 2013, a big topic at that time was overlay protocols (VXLAN, STT, etc.). Since then, that topic has mostly faded, though it still does come up from time to time. In particular, the move toward Geneve has prompted that discussion again, and Russell Bryant tackles the discussion in this post.
• Sjors Robroek describes his nested NSX-T lab that also includes some virtualized network equipment (virtualized Arista switches). Nice!
• Colin Lynch shares some details on his journey with VMware NSX (so far).
• I wouldn’t take this information as gospel, but here’s a breakdown of some of the IPv6 support available in VMware NSX.

Servers/Hardware

• Here’s an interesting article on the role that virtualization is playing in the network functions virtualization (NFV) space now that ARM hardware is growing increasingly powerful. This is a space that’s going to see some pretty major changes over the next few years, in my humble opinion.

Security

• Anthony Burke gives a little bit of a sneak peek Continue reading

CentOS Atomic Host Customization Using cloud-init

Back in early March of this year, I wrote a post on customizing the Docker Engine on CentOS Atomic Host. In that post, I showed how you could use systemd constructs like drop-in units to customize the behavior of the Docker Engine when running on CentOS Atomic Host. In this post, I’m going to build on that information to show how this can be done using cloud-init on a public cloud provider (AWS, in this case).

Although I haven’t really blogged about it, I’d already taken the information in that first post and written some Ansible playbooks to do the same thing (see here for more information). Thus, one could use Ansible to do this when running CentOS Atomic Host on a public cloud provider. However, much like the original post, I wanted to find a very “cloud-native” way of doing this, and cloud-init seemed like a pretty good candidate.

All in all, it was pretty straightforward—with one significant exception. As I was testing this, I ran into an issue where the Docker daemon wouldn’t start after cloud-init had finished. Convinced I’d done something wrong, I kept going over the files, testing and re-testing (I’ve been working on this, off Continue reading

CentOS Atomic Host Customization Using cloud-init

Back in early March of this year, I wrote a post on customizing the Docker Engine on CentOS Atomic Host. In that post, I showed how you could use systemd constructs like drop-in units to customize the behavior of the Docker Engine when running on CentOS Atomic Host. In this post, I’m going to build on that information to show how this can be done using cloud-init on a public cloud provider (AWS, in this case).

Although I haven’t really blogged about it, I’d already taken the information in that first post and written some Ansible playbooks to do the same thing (see here for more information). Thus, one could use Ansible to do this when running CentOS Atomic Host on a public cloud provider. However, much like the original post, I wanted to find a very “cloud-native” way of doing this, and cloud-init seemed like a pretty good candidate.

All in all, it was pretty straightforward—with one significant exception. As I was testing this, I ran into an issue where the Docker daemon wouldn’t start after cloud-init had finished. Convinced I’d done something wrong, I kept going over the files, testing and re-testing (I’ve been working on this, off Continue reading

Technology Short Take #83

Welcome to Technology Short Take #83! This is a slightly shorter TST than usual, which might be a nice break from the typical information overload. In any case, enjoy!

Networking

• I enjoyed Dave McCrory’s series on the future of the network (see part 1, part 2, part 3, and part 4—part 5 hadn’t gone live yet when I published this). In my humble opinion, he’s spot on in his viewpoint that network equipment is increasingly becoming more like servers, so why not embed services and functions in the network equipment? However, this isn’t enough; you also need a strong control plane to help manage and coordinate these services. Perhaps Istio will help provide that control plane, though I suspect something more will be needed.
• Michael Kashin has a handy little tool that functions like ssh-copy-id on servers, but for network devices (leveraging Netmiko). Check out the GitHub repository.
• Anthony Shaw has a good comparison of Ansible, StackStorm, and Salt (with a particular view at applicability in a networking context). This one is definitely worth a read, in my opinion.
• Miguel Gómez of Telefónica Engineering discusses maximizing performance in VXLAN overlay networks.
• Nicolas Michel has a good Continue reading

Bastion Hosts and Custom SSH Configurations

The idea of an SSH bastion host is something I discussed here about 18 months ago. For the most part, it’s a pretty simple concept (yes, things can get quite complex in some situations, but I think these are largely corner cases). For the last few months, though, I’ve been trying to use an SSH bastion host and failing, and I could not figure out why it wouldn’t work. The answer, it turns out, lies in custom SSH configurations.

In my introduction on using SSH bastion hosts (linked above)—or in just about any tutorial out there on using SSH bastion hosts—brief mention is made of adding configuration information to SSH to use the bastion host. Borrowing from my original post, if you had an instance named “private1” that you wanted to access via a bastion named “bastion”, the SSH configuration information might look like this:

Host private1
  IdentityFile ~/.ssh/rsa_private_key
  ProxyCommand ssh user@bastion -W %h:%p

Host bastion
  IdentityFile ~/.ssh/rsa_private_key

Normally, that information would go into ~/.ssh/config, which is the default SSH configuration file.

In my case, I only allow public key authentication to “trusted” systems (I vaguely recall an article I read a while ago about a Continue reading

Technology Short Take #83

Welcome to Technology Short Take #83! This is a slightly shorter TST than usual, which might be a nice break from the typical information overload. In any case, enjoy!

Networking

• I enjoyed Dave McCrory’s series on the future of the network (see part 1, part 2, part 3, and part 4—part 5 hadn’t gone live yet when I published this). In my humble opinion, he’s spot on in his viewpoint that network equipment is increasingly becoming more like servers, so why not embed services and functions in the network equipment? However, this isn’t enough; you also need a strong control plane to help manage and coordinate these services. Perhaps Istio will help provide that control plane, though I suspect something more will be needed.
• Michael Kashin has a handy little tool that functions like ssh-copy-id on servers, but for network devices (leveraging Netmiko). Check out the GitHub repository.
• Anthony Shaw has a good comparison of Ansible, StackStorm, and Salt (with a particular view at applicability in a networking context). This one is definitely worth a read, in my opinion.
• Miguel Gómez of Telefónica Engineering discusses maximizing performance in VXLAN overlay networks.
• Nicolas Michel has a good Continue reading

Bastion Hosts and Custom SSH Configurations

The idea of an SSH bastion host is something I discussed here about 18 months ago. For the most part, it’s a pretty simple concept (yes, things can get quite complex in some situations, but I think these are largely corner cases). For the last few months, though, I’ve been trying to use an SSH bastion host and failing, and I could not figure out why it wouldn’t work. The answer, it turns out, lies in custom SSH configurations.

In my introduction on using SSH bastion hosts (linked above)—or in just about any tutorial out there on using SSH bastion hosts—brief mention is made of adding configuration information to SSH to use the bastion host. Borrowing from my original post, if you had an instance named “private1” that you wanted to access via a bastion named “bastion”, the SSH configuration information might look like this:

Host private1
  IdentityFile ~/.ssh/rsa_private_key
  ProxyCommand ssh user@bastion -W %h:%p

Host bastion
  IdentityFile ~/.ssh/rsa_private_key

Normally, that information would go into ~/.ssh/config, which is the default SSH configuration file.

In my case, I only allow public key authentication to “trusted” systems (I vaguely recall an article I read a while ago about a Continue reading

Container Deployment Demos from Interop ITX

At Interop ITX 2017 in Las Vegas, I had the privilege to lead a half-day workshop on options for deploying containers to cloud providers. As part of that workshop, I gave four live demos of using different deployment options. Those demos—along with the slides I used for my presentation along the way—are now available to anyone who might like to try them on their own.

The slides and all the resources for the demos are available in this GitHub repository. The four demos are:

1. Docker Swarm on EC2: This demo leverages Terraform and Ansible to stand up and configure a Docker Swarm cluster on AWS.

2. Amazon EC2 Container Service (ECS): This demo uses AWS CloudFormation to create an EC2 Container Service cluster with 3 instances and an Amazon RDS instance for backend database storage.

3. Kubernetes on AWS using kops: Using the kops CLI tool, this demo turns up a Kubernetes cluster on AWS to show how to deploy containerized applications on Kubernetes.

4. Google Container Engine: The final demo shows using Google Container Engine—which is Kubernetes—to deploy an application.

In the coming weeks, I plan to recreate the demos, record them, and publish them via YouTube, so that Continue reading

Container Deployment Demos from Interop ITX

At Interop ITX 2017 in Las Vegas, I had the privilege to lead a half-day workshop on options for deploying containers to cloud providers. As part of that workshop, I gave four live demos of using different deployment options. Those demos—along with the slides I used for my presentation along the way—are now available to anyone who might like to try them on their own.

The slides and all the resources for the demos are available in this GitHub repository. The four demos are:

1. Docker Swarm on EC2: This demo leverages Terraform and Ansible to stand up and configure a Docker Swarm cluster on AWS.

2. Amazon EC2 Container Service (ECS): This demo uses AWS CloudFormation to create an EC2 Container Service cluster with 3 instances and an Amazon RDS instance for backend database storage.

3. Kubernetes on AWS using kops: Using the kops CLI tool, this demo turns up a Kubernetes cluster on AWS to show how to deploy containerized applications on Kubernetes.

4. Google Container Engine: The final demo shows using Google Container Engine—which is Kubernetes—to deploy an application.

In the coming weeks, I plan to recreate the demos, record them, and publish them via YouTube, so that Continue reading

Open vSwitch Day at OpenStack Summit 2017

This is a “liveblog” (not quite live, but you get the idea) of the Open vSwitch Open Source Day happening at the OpenStack Summit in Boston. Summaries of each of the presentations are included below.

Kubernetes and OVN on Windows

The first session was led by Cloudbase Solutions, a company out of Italy that has been heavily involved in porting OVS to Windows with Hyper-V. The first part of the session focused on bringing attendees up to speed on the current state of OVS and OVN on Hyper-V. Feature parity and user interface parity between OVS/OVN on Hyper-V is really close to OVS/OVN on Linux, which should make it easier for Linux sysadmins to use OVS/OVN on Hyper-V as well.

The second part of the session showed using OVN under Kubernetes to provide networking between Windows containers on Windows hosts and Linux containers on Linux hosts, including networking across multiple cloud providers.

Lightning Talks

The lightning talks were all under 5 minutes, so a brief summary of these are provided below:

• Joe Stringer showed how to set up OVS with an OpenFlow controller (Faucet) to do networking between multiple hosts in 5 minutes or less.
• A gentleman (I didn’t catch Continue reading

Open vSwitch Day at OpenStack Summit 2017

This is a “liveblog” (not quite live, but you get the idea) of the Open vSwitch Open Source Day happening at the OpenStack Summit in Boston. Summaries of each of the presentations are included below.

Kubernetes and OVN on Windows

The first session was led by Cloudbase Solutions, a company out of Italy that has been heavily involved in porting OVS to Windows with Hyper-V. The first part of the session focused on bringing attendees up to speed on the current state of OVS and OVN on Hyper-V. Feature parity and user interface parity between OVS/OVN on Hyper-V is really close to OVS/OVN on Linux, which should make it easier for Linux sysadmins to use OVS/OVN on Hyper-V as well.

The second part of the session showed using OVN under Kubernetes to provide networking between Windows containers on Windows hosts and Linux containers on Linux hosts, including networking across multiple cloud providers.

Lightning Talks

The lightning talks were all under 5 minutes, so a brief summary of these are provided below:

• Joe Stringer showed how to set up OVS with an OpenFlow controller (Faucet) to do networking between multiple hosts in 5 minutes or less.
• A gentleman (I didn’t catch Continue reading

Liveblog: Deploying Containerized OpenStack: Challenges & Tools Comparison

This is a liveblog for an OpenStack Summit session on containerized OpenStack and a comparison of the tools used for containerized OpenStack. The speaker is Jaivish Kothari, from NEC Technologies. Two other speakers were listed on the title slide, but were apparently unable to make it to the Summit to present.

Kothari provides a brief overview of the session, then jumps into a discussion of deployment tools. As illustrated by one of his slides, there’s a huge collection of tools that are used to deploy OpenStack; some are “pure” deployment tools, others are configuration management tools. In this presentation, Kothari says he will focus specifically on OpenStack deployment tools, like Juju (Canonical), Fuel (Mirantis), Crowbar (Dell), and PackStack/TripleO (Red Hat), but I’m not sure how this relates to containerized OpenStack (per the session title).

According to Kothari, some of the challenges in “traditional” (non-containerized) deployment tools are best understood by looking at the challenges in deploying OpenStack:

• Difficulty related to deployment (conflicts due to services configuration, deployment still prone to failures)
• Ongoing lifecycle management of OpenStack components

This whole first section of the presentation was setting up the argument that containerizing your OpenStack control plane will help address these challenges. Continue reading

Liveblog: OpenStack Summit Keynote, Day 2

This is a liveblog of the day 2 keynote of the OpenStack Summit in Boston, MA. (I wasn’t able to liveblog yesterday’s keynote due to a schedule conflict.) It looks as if today’s keynote will have an impressive collection of speakers from a variety of companies, and—judging from the number of laptops on the stage—should feature a number of demos (hopefully all live).

The keynote starts with the typical high-energy video that’s intended to “pump up” the audience, and Mark Collier (COO, OpenStack Foundation) takes the stage promptly at 9am. Collier re-iterates a few statistics from yesterday’s keynote (attendees from 63 countries, for example). Collier shares that he believes that all major challenges humanity is trying to solve counts on computing. “All science is computer science,” according to Collier, which is both great but also represents a huge responsibility. He leads this discussion by pointing out what he believes to be the fundamental role of open source in machine learning and artificial intelligence (ML/AI). Collier also mentions a collection of “composable” open source projects that are leading the way toward a “cloud-native” future. All of these projects are designed in a way to be combined together in a “mix-and-match” Continue reading

Liveblog: Kuryr Project Update

This is a liveblog of an OpenStack Summit session providing an update on the Kuryr project. The speakers are Antoni Segura Puimedon and Irena Berezovsky. Kuryr, if you recall, was a project aimed at making OpenStack Neutron functionality available to Docker containers; it has since expanded to also offer Cinder and Manila storage to Docker containers, and has added support for both Docker Swarm and Kubernetes as well.

According to Puimedon, the latest release of Kuryr has a diverse base of contributors, with over 45 active contributors.

So, what will be in the Pike release? For the Kubernetes-specific support:

• This will be the first release
• Support for Kubernetes Services (this leverages LBaaS v2)
• Client- and server-side SSL support
• RDO packaging

What’s planned for Pike, but may not actually make it? (Again, this is for Kubernetes support.)

• Token support
• Resource pools
• Improved support for Services defined as LoadBalancer type

On the Docker side, the following new features and enhancements will arrive in Pike:

• Support for Swarm mode
• IPv4 and IPv6 networking
• TLS support between Docker and the libnetwork plugin

On the Fuxi side, Kuryr is adding support for Manila shares.

At this point, Berezovsky takes over to discuss the release Continue reading