Scott Lowe

Author Archives: Scott Lowe

Issues with OpenStack That Are Not OpenStack Issues

This is a liveblog of OpenStack Summit session on Monday afternoon titled “Issues with OpenStack that are not OpenStack Issues”. The speaker for the session is Sven Michels. The premise of the session, as I understand it, is to discuss issues that arise during OpenStack deployments that aren’t actually issues with OpenStack (but instead may be issues with process or culture).

Michels starts with a brief overview of his background, then proceeds to position today’s talk as a follow-up (of sorts) to a presentation he did in Boston. At the Boston Summit, Michels discussed choosing an OpenStack distribution for your particular needs; in this talk, Michels will talk about some of the challenges around “DIY” (Do It Yourself) OpenStack—that is, OpenStack that is not based on some commercial distribution/bundle.

Michels discusses that there are typically two approaches to DIY OpenStack:

  • The “Donald” approach leverages whatever around, including older hardware.
  • The “Scrooge” approach is one in which money is available, which typically means newer hardware.

Each of these approaches has its own challenges. With older hardware, it’s possible you’ll run into older firmware that may not be supported by Linux, or hardware that no longer works as expected. With new hardware, Continue reading

To K8s or Not to K8s Your OpenStack Control Plane

This is a liveblog of the Monday afternoon OpenStack Summit session titled “To K8s or Not to K8s Your OpenStack Control Plane”. The speaker is Robert Starmer of Kumulus Technologies. This session is listed as a Beginner-level session, so I’m hoping it’s not too basic for me (and that readers will still get some value from the liveblog).

Starmer begins with a quick review of his background and expertise, and then proceeds to provide—as a baseline—an overview of containers and Kubernetes for container orchestration. Starmer covers terminology and concepts like Pods, Deployments (and Replica Sets), Services, StatefulSets, and Persistent Volumes. Starmer points out that StatefulSets and Persistent Volumes are particularly applicable to the discussion about using Kubernetes to handle the OpenStack control plane. Following the discussion of Kubernetes components, Starmer points out that the Kubernetes architecture is designed to be resilient, talking about the use of etcd as a distributed state storage system, multiple API servers, separate controller managers, etc.

Next, Starmer spends a few minutes talking about Kubernetes networking and some of the components involved, followed by a high-level discussion around persistent volumes and storage requirements, particularly for StatefulSets.

Having covered Kubernetes, Starmer now starts talking about the requirements Continue reading

OpenStack Summit Sydney Day 1 Keynote

This is a liveblog of the day 1 keynote here at the OpenStack Summit in Sydney, Australia. I think this is my third or fourth trip to Sydney, and this is the first time I’ve run into inclement weather; it’s cloudy, rainy, and wet here, and forecasted to remain that way for most of the Summit.

At 9:02am, the keynotes (there are actually a set of separate keynote presentations this morning) kicks off with a video with Technical Committee memebers, community members, and others talking about the OpenStack community, the OpenStack projects, and the Summit itself. At 9:05am, the founders of the Australian OpenStack User Group—Tristan Goode and Tom Fifield—take the stage to kick off the general session. Goode and Fifield take a few minutes to talk about the history of the Australian OpenStack User Group and the evolution of the OpenStack community in Australia. Goode also takes a few moments to talk about his company, Aptira.

After a few minutes, Goode and Fifield turn the stage over to Mark Collier and Lauren Sell from the OpenStack Foundation. Collier and Sell set the stage for the upcoming presentations, do some housekeeping announcements, and talk about sponsors and support partners. Sell Continue reading

A Sublime Text Keymap for Bracketeer

I’ve made no secret of the fact that I’m a fan of Sublime Text (ST). I’ve evaluated other editors, like Atom, but still find that ST offers the right blend of performance, functionality, customizability, and cross-platform support. One nice thing about ST (other editors have this too) is the ability to extend it via packages. Bracketeer is one of many packages that can be used to customize ST’s behavior; in this post, I’d like to share a keymap I’m using with Bracketeer that I’ve found very helpful.

Bracketeer is a package that modifies ST’s default bracketing behavior. I first started using Bracketeer to help with writing Markdown documents, as it makes adding brackets (or parentheses) around existing text easier (it automatically advances the insertion point after the closing bracket). After using Bracketeer for a little while, I realized I could extend the keymap for Bracketeer to have it also help me with “wrapping” text in backticks and a few other characters. I did this by adding this line to the default keymap:

{
  "keys": [ "`" ],
  "command": "bracketeer",
  "args": {
    "braces": "``",
    "pressed": "`"
  }
}

With this line in the keymap, I could select some text, press Continue reading

Strange Error with the Azure CLI

Over the last week or so, I’ve been trying to spend more time with Microsoft Azure; specifically, around some of the interesting things that Azure is doing with containers and Kubernetes. Inspired by articles such as this one, I thought it would be a pretty straightforward process to use the Azure CLI to spin up a Kubernetes cluster and mess around a bit. Simple, right?

Alas, it turned out not to be so simple (if it had been simple, this blog post wouldn’t exist). The first problem I ran into was the upgrading the Azure CLI from version 2.0.13 to version 2.0.20 (which is, to my understanding, the minimum version needed to do what I was trying to do). I’d installed the Azure CLI using this process, so pip install azure-cli --upgrade should take care of it. Unfortunately, on two out of three systems on which I attempted this, the Azure CLI failed to work after the upgrade. I was only able to fix the problem by completely removing the Azure CLI (which I’d installed into a virtualenv), and then re-installing it. First hurdle cleared!

With the Azure CLI upgraded, I proceeded to Continue reading

Technology Short Take 89

Welcome to Technology Short Take 89! I have a collection of newer materials and some older materials this time around, but hopefully all of them are still useful. (I needed to do some housekeeping on my Instapaper account, which is where I bookmark stuff that frequently lands here.) Enjoy!

Networking

  • This is a slightly older post providing an overview of container networking, but still quite relevant. Julia has a very conversational style that works well when explaining new topics to readers, I think.
  • Russell Bryant has a post on Open Virtual Network (OVN), a project within the Open vSwitch (OVS) community. If you’re not familiar with OVN, this is a good post with which to start.

Servers/Hardware

Hmm…I didn’t find anything again this time around. Perhaps I should remove this section?

Security

  • This blog post discusses some of the new network security functionality available in vSphere Integrated Containers (VIC) version 1.2; specifically, the new container network firewall functionality.
  • The NIST and DHS have teamed up on some efforts to secure BGP; more information is available in this article.
  • When I was using Fedora, I needed some useful information on firewall-cmd, and found this article to Continue reading

Posts from the Past, October 2017

After over 12 years of writing here, I’ve accumulated a pretty fair amount of content. To help folks discover older content, I thought it might be fun to revisit what I’ve published in October in years past. Here are some “posts from the past,” all from October of previous years. Enjoy!

October 2005

Protecting Against OpenSSL SSLv2 Flaw

October 2006

I was spending a great deal of time with Active Directory back then:

Finding Recently Created Active Directory Accounts
Refined Solaris 10-AD Integration Instructions

October 2007

Storage was the name of the game a decade back:

Sanrad Configuration Basics
VM File-Level Recovery with NetApp Snapshots

October 2008

Quick Note on ESX and ESXi Storage Multipathing
Is Power the Key to Controlling the Cloud?

October 2009

Fibre Channel, FCoE, and InfiniBand, oh my!

New User’s Guide to Managing Cisco MDS Zones via CLI
I/O Virtualization and the Double-Edged Sword
Setting up FCoE on a Nexus 5000

October 2010

Shortening URLs via bit.ly from the CLI
Shortening URLs via bit.ly the Apple Way

October 2011

Content Creation and Mind Mapping

October 2012

In October 2012 I was neck-deep in learning all I could learn about Open vSwitch, and a Continue reading

The Linux Migration: Wrap-Up

As many readers are probably already aware, I embarked on a journey earlier this year to make Linux my primary laptop OS (see this update from April of this year). That journey ended (for now) when I ordered a new 13” MacBook Pro just before VMworld US. In this post, I’d like to reflect a bit on my journey, and what it means for others who may be interested in similar journeys of their own.

So why the switch back to macOS? Well, it certainly does not have anything to do with changes on the macOS side; all my concerns (first expressed here in late November of 2012, almost five years ago) are still present. By all indications, the trend to “iOS-ify” macOS continues; this may be great for the masses but isn’t so great for “power users” such as myself, in my humble opinion.

In the end, the decision to switch back to macOS really comes down to productivity. I think that my July 2017 update post probably sums it up best: for me, trying to use Linux as my primary laptop OS was like “death from a thousand cuts.” While I strongly prefer to use Linux as Continue reading

Denver Network Programmability User Group Meeting

If you live (or will be) in Denver next week—specifically, on Wednesday, November 1—I’ll be joining the Denver Network Programmability User Group (NPUG) to talk about network programmability and my recent book with Jason Edelman and Matt Oswalt around network programmability and automation. We’d love to have you join us!

Here are the meeting details:

When: Wednesday, November 1, at 4:00 Mountain Time
Where: GTRI, 990 S Broadway, Suite 300, Denver CO (free parking in and around GTRI)
What: Me joining the NPUG to share some thoughts on network programmability
Why: Because there will be food and drinks, and because you love talking about network programmability and automation
Who: You!

As I mentioned, there will be food and beverages provided for attendees so please take a few moments to RSVP (so that we can plan on how much food and drink to provide).

I’d love to see you there!

A Sample Makefile for Publishing Blog Articles

As some readers may already know, this site has been running on a static site generator since late 2014/early 2015, when I migrated from WordPress to Jekyll on GitHub Pages. I’ve since migrated again, this time to Hugo on S3/CloudFront. Along the way, I’ve taken an interest in using make and a Makefile to help automate certain tasks at the CLI. In this post, I’ll share how I’m using a Makefile to help with publishing blog articles.

If you’re not familiar with make or its use of a Makefile, have a look at this article I wrote on using a Makefile with Markdown documents, then come back here.

In general, the process for publishing a blog post using Hugo and S3/CloudFront basically looks like this:

  1. Write the blog post. (I haven’t found a tool to automate this yet!)
  2. Put the blog post into the right section of the Hugo directory tree. (In my setup, it’s in the content/post directory.)
  3. Build the static site using hugo.
  4. Upload the resulting HTML files to the appropriate S3 bucket.
  5. Invalidate the appropriate URLs (paths) in AWS CloudFront so that the CDN picks up the new files/pages.

Some of these steps Continue reading

Looking Under the Hood: containerD

This is a liveblog of the session titled “Looking Under the Hood: containerD”, presented by Scott Coulton with Puppet (and also a Docker Captain). It’s part of the Edge track here at DockerCon EU 2017, where I’m attending and liveblogging as many sessions as I’m able.

Coulton starts out by explaining the session (it will focus a bit more on how to consume containerD in your own software projects), and provides a brief background on himself. Then he reviews the agenda, and dives right into the content.

Up first, Coulton starts by providing a bit of explanation around what containerD is and does. He notes that there is a CLI tool for containerD (the ctr tool), and that containerD uses a gRPC API listening on a local UNIX socket. Coulton also discusses ctr, but points out that ctr is, currently, an unstable tool (changing too quickly). Next, Coulton talks about how containerD provides support for the OCI Image Spec and the OCI Runtime Spec (of which runC is an implementation), image push/pull support, and management of namespaces.

Coulton moves into a demo showing off some of containerD’s functionality, using the ctr tool.

After the demo, Coulton talks about some Continue reading

Building a Secure Supply Chain

This is a liveblog of the session titled “Building a Secure Supply Chain,” part of the Using Docker track at DockerCon EU 2017 in Copenhagen. The speakers are Ashwini Oruganti (@ashfall on Twitter) and Andy Clemenko (@aclemenko on Twitter), both from Docker. This session was recommended in the Docker EE deep dive (see the liveblog for that session) as a way to get more information on Docker Content Trust (image signing). The Docker EE deep dive presenter only briefly discussed Content Trust, so I thought I’d drop into this session to get more information.

Oruganti starts the session by reviewing some of the steps in the software lifecycle: planning, development, testing, packaging/distribution, support/maintenance. From a security perspective, there are some additional concepts as well: code origins, automated builds, application signing, security scanning, and promotion/deployment. Within Docker EE, there are three features that help with the security aspects of the lifecycle: signing, scanning, and promotion. (Note that scanning and promotion were also discussed in the Docker EE deep dive, which I liveblogged; link is in the first paragraph).

Before getting into the Docker EE features, Clemenko reminds attendees how not to do it: manually. This approach doesn’t Continue reading

Docker EE Deep Dive

This is a liveblog of the session titled “Docker EE Deep Dive,” part of the Docker Best Practices track here at DockerCon EU 2017 in Copenhagen, Denmark. The speaker is Patrick Devine, a Product Manager at Docker. I had also toyed with the idea of attending the Cilium presentation in the Black Belt track, but given that I attended a version of that talk in Austin in April (liveblog is here), I figured I’d better stretch my boundaries and dig deeper into Docker EE.

Devine starts with a bit of information on his background, then provides an overview of the two editions (Community and Enterprise) of Docker. (Recall again that Docker is the downstream product resulting from the open source Moby upstream project.) Focusing a bit more on Docker EE, Devine outlines some of the features of Docker EE: integrated orchestration, stable releases for 1 year with support and maintenance, security patches and hotfixes backported to all supported versions, and enterprise-class support.

So what components are found in Docker EE? It starts with the Docker Engine, which has the core container runtime, orchestration, networking, volumes, plugins, etc. On top of that is Univeral Control Plane (UCP), which Continue reading

DockerCon EU 2017 Day 2 Keynote

This is a liveblog of the day 2 keynote/general session here in Copenhagen, Denmark, at DockerCon EU 2017. Yesterday’s keynote (see the liveblog here) featured the hotly-anticipated Kubernetes announcement (I shared some thoughts here), so it will be interesting to see what Docker has in store for today’s general session.

At 9:02am, the lights go down and Scott Johnston, COO of Docker (@scottcjohnnston on Twitter), takes the stage. Johnston provides a brief recap of yesterday’s activities, from the keynote to the breakout sessions to the party last night, then dives into content focusing around modernizing traditional applications through partnerships. (If two themes have emerged from this year’s DockerCon EU, they are “Docker is a platform” and “Modernize traditional applications”.) Johnston shares statistics that show 50% of customers have leveraging hybrid cloud as a priority, and that increasing major release frequency is also a priority for enterprise IT organizations. According to Johnston, 79% of customers are saying that increasing software release velocity is a goal for their organizations. Continuing with the statistics, Johnston shows a very familiar set of numbers stating that 80% of the IT spend is on maintenance (I say familiar because these numbers Continue reading

Some Thoughts on the Docker-Kubernetes Announcement

Today at DockerCon EU, Docker announced that the next version of Docker (and its upstream open source project, the Moby Project) will feature integration with Kubernetes (see my liveblog of the day 1 general session). Customers will be able to choose whether they leverage Swarm or Kubernetes for container orchestration. In this post, I’ll share a few thoughts on this move by Docker.

First off, you may find it useful to review some details of the announcement via Docker’s blog post.

Done reviewing the announcement? Here are some thoughts; some of them are mine, some of them are from others around the Internet.

  • It probably goes without saying that this announcement was largely anticipated (see this TechCrunch article, for example). So while the details of how Docker would go about adding Kubernetes support was not clear, many people expected some form of announcement around Kubernetes at the conference. I’m not sure that folks expected this level of integration, or that the integration would take this particular shape/form.
  • In looking back on the announcement and the demos from today’s general session and in thinking about the forces that drove Docker to provide Kubernetes integration, it occurs to me that Continue reading

Container-Relevant Kernel Developments

This is a liveblog of a Black Belt track session at DockerCon EU in Copenhagen. The session is named “Container-Relevant Kernel Developments,” and the presenter is Tycho Andersen.

Andersen first presents a disclaimer that the presentation is mostly a brain dump, and the he’s not personally responsible for a lot of the work presented here. In fact, all of the work Andersen will talk about is not yet merged upstream in the Linux kernel, and he doesn’t expect that they will be accepted upstream and see availability for average users.

The first technology Andersen talks about IMA (Integrity Management Association, I think?), which prevents user space from even opening files if they have been tampered with or modified in some fashion that violates policy. IMA is also responsible for allowing the Linux kernel to take advantage of a system’s Trusted Platform Module (TPM).

Pertinent to containers, Andersen talks about work that’s happening within the kernel development community around namespacing IMA. There are a number of challenges here, not all of which have been addressed or resolved yet, and Andersen refers attendees to the Linux Kernel mailing list (LKML) for more information.

Next, Andersen talks about the Linux audit log. Continue reading

LinuxKit Deep Dive

This is a liveblog of the DockerCon EU session titled “LinuxKit Deep Dive”. The speakers are Justin Cormack and Rolf Neugebauer, both with Docker, and this session is part of the “Black Belt” track here at DockerCon.

So what is LinuxKit? It’s a toolkit, part of the Moby Project, that is used for building secure, portable, and lean operating systems for containers. It uses the moby tooling to build system images. LinuxKit uses YAML files to describe the complete system, and these files are consumed by moby to assemble the boot image and verify the signature. On top of that is containerD, which runs on-boot containers, service containers, and shutdown containers. Think of on-boot and shutdown containers as one-time containers that perform some task, either when the system is booting or shutting down (respectively).

LinuxKit was first announced and open sourced in April 2017 at DockerCon in Austin. Major additions since it was announced include:

  • arm64 support
  • Improved Kubernetes support
  • Linux containers on Windows (LCOW) preview support
  • Improved platform support (Azure, packet.net, IBM Bluemix, AWS, GCP, VMware, Hyper-V, etc.)
  • Multi-arch build system
  • Fully immutable system images
  • Namespace sharing
  • Support for the latest Linux kernels

After reviewing the changes Continue reading

Rock Stars, Builders, and Janitors: You’re Doing it Wrong

This is a liveblog of the session titled “Rock Stars, Builders, and Janitors: You’re Doing it Wrong”. The speaker is Alice Goldfuss (@alicegoldfuss) from GitHub. This session is part of the “Transform” track at DockerCon; I’m attending it because I think that cultural and operational transformation is key for companies to successfully embrace new technologies like containers and fully maximize the benefits of these technologies. (There’s probably a blog post in that sentence.)

Goldfuss starts out by asking the audience some questions about what they’ve been doing for the last 3 months, and then informs the attendees that they are, in fact, part of the problem.

Goldfuss now digs into the meat of the presentation by covering some terminology. First, what is a rock star? They’re the idea person, the innovator. They’re curious, open-minded, iterating faster, and always looking for the new things and the new ideas. They’re important to our companies, but they do have some weaknesses. They get bored easily, they have no patience for maintenance, and they’re not used to thinking about end user experience. Thus, according to Goldfuss, you can’t have a team of only rock stars.

Next, Goldfuss talks aboutbuilders. Builders Continue reading

DockerCon EU 2017 Day 1 Keynote

This is a liveblog of the day 1 keynote/general session at DockerCon EU 2017 in Copenhagen, Denmark. Prior to the start of the keynote, attendees are “entertained” by occasional clips of some Monty Python-esque production.

At 9:02, the lights go down and another clip appears, the first of several cliups that depict life “without Docker” and then again “with Docker” (where everything is better, of course). It’s humorous and a good introduction to the general session.

Steve Singh, CEO of Docker, now takes the stage to kick off the general session. Singh thanks the attendees for their time, discusses the growth of the Docker community and the Docker ecosystem, welcomes new members of the community (including himself), and positions Docker less as a container company and more as a platform company. (Singh comes to Docker from SAP, following SAP’s acquisition of Concur.) Singh pontificates for a few moments about his background, the changes occurring in the industry, and the “center stage front-row” seat that Docker has to witness—and affect/shape—these changes.

Singh pivots after a few minutes to talk about Docker growth in terms of specific metrics (21 million Docker hosts, for example). This allows him to return to the Continue reading

Technology Short Take 88

Welcome to Technology Short Take #88! Travel is keeping me pretty busy this fall (so much for things slowing down after VMworld EMEA), and this has made it a bit more difficult to stick to my self-imposed biweekly schedule for the Technology Short Takes (heck, I couldn’t even get this one published on Friday!). Sorry about that! Hopefully the irregular schedule is outweighed by the value found in the content I’ve collected for you.

Networking

1 15 16 17 18 19