slowe

Author Archives: slowe

Liveblog: Scaling to Your First 10 Million Users

This is a liveblog of the AWS re:Invent session titled “Scaling to Your First 10 Million Users.” It’s my first session of the week here at re:Invent; yesterday’s sessions were full and I couldn’t get into anything. (The crowds here at the event are pretty significant; I think I heard 32K attendees total.) The speaker for the session is Joel Williams, an AWS Solutions Architect.

Williams starts out with a brief blurb about how this session is a perennial favorite at re:Invent, and how the principles are fundamental to working in building solutions in/on AWS. Even if attendees don’t have the sort of immediate scaling needs that Williams may be describing in this session, he believes that the lessons/fundamentals he discusses are applicable to lots of customers, lots of applications, and lots of use cases.

Williams starts out by saying that while Auto-Scaling is a destination on customers’ scaling journey, it’s not where you want to start. It’s not a “magic button” that fixes all problems. Williams puts up a map that shows AWS’ 14 global regions, encompassing 38 different availability zones, and points out that availability zones are a fundamental building block for highly-available applications. The next Continue reading

Liveblog: Hybrid Architectures, Bridging the Gap to the Cloud

This is a liveblog of the AWS re:Invent session titled “Hybrid Architectures: Bridging the Gap to the Cloud” (ARC208). The line to get into this session, as with the previous session, was quite long—and that was for attendees who’d already registered for the session. Feedback I’ve heard from folks who weren’t registered for sessions was that they weren’t getting in, period. The speaker for the session is Jamie Butler, Manager of Solutions Architecture at AWS (focused on state/local government).

Butler starts out by establishing some expectations—attendees should be familiar with regions, AZs (this is a 200-level talk), and will focus on hybrid use cases. Butler says there will be some demos along the way. This session will not focus on the VMware announcement regarding VMware Cloud on AWS.

Butler then quotes Werner Vogels in saying that adopting cloud is not an all-or-nothing proposition. With that in mind, Butler transitions into a discussion of a particular customer example. In this case, the customer had Active Directory, a file server, and a bunch of Windows-based desktops connecting back to the file server for data access.

The first thing to tackle in a scenario like this is identity. Butler says you don’t want Continue reading

Installing Ansible 2.2 on Fedora 25

As part of my ongoing investigation of the usability of various Linux distributions and desktop environments, I’ve been working with Fedora 25. As part of the investigation I need to see how to perform certain tasks, one of which is working with Ansible. As a result, I needed to install Ansible 2.2 on Fedora 25, and it turns out it wasn’t as simple as pip install ansible.

I generally prefer to run Ansible in a Python virtualenv, but I don’t believe that it will make any difference to this procedure. However, I’m happy to be corrected if someone knows otherwise.

To create a Python virtualenv, you’ll first need virtualenv installed. I prefer to install virtualenv globally for all users using this command:

sudo -H pip install virtualenv

Once virtualenv is installed, then create a virtualenv for Ansible:

virtualenv ~/Envs ansible

Then activate the virtualenv:

source ~/Envs/ansible/bin/activate

At this point, you can try a pip install ansible, but it will fail. First, you need to install some additional development libraries that are required in order to install Ansible:

sudo dnf install libffi-devel redhat-rpm-config python-devel openssl-devel

Once those packages are installed, then you’re finally ready to install Ansible into Continue reading

Using GNOME Keyring for Git Credentials on Fedora 25

In this post, I’m going to show you how to use the GNOME Keyring on Fedora 25 as a credential helper for Git. This post is very closely related to my earlier post on using GNOME Keyring as a Git credential helper on Ubuntu 16.04. As with the earlier Ubuntu-related post, what I’m including here isn’t new or ground-breaking information; I’m posting it primarily to make the information easier to find for others.

Like Ubuntu 16.04, Fedora 25 already has the basis for integrating GNOME Keyring into Git as a credential helper already installed into the /usr/share/doc/git-core-doc/contrib/credential/gnome-keyring directory.

Unlike Ubuntu 16.04, though, Fedora already has a compiled credential helper installed. This Git credential helper is found at /usr/libexec/git-core/git-credential-gnome-keyring. This credential helper is ready to use.

To get GNOME Keyring support for storing Git credentials, then, all one has to do is simply configure Git appropriately (no need to install additional packages or compile anything). You can configure Git via a couple of different ways:

  1. You can use the git config command, like this:

     git config --global credential.helper /usr/libexec/git-core/git-credential-gnome-keyring
    
  2. You can edit ~/.gitconfig directly, using the text editor of your choice. Add this text:

     [credential]
     helper  Continue reading

Using GNOME Keyring as Git Credential Helper

In this post, I’m going to show you how to use the GNOME Keyring on Ubuntu 16.04 as a credential helper for Git. This post stems from my work in transitioning to Linux as my primary OS, an effort I’ve ratcheted up significantly in the last few weeks. What I’m including here isn’t new or ground-breaking information; I’m posting it primarily to make the information easier to find for others.

On Ubuntu 16.04, the basis for integrating GNOME Keyring into Git as a credential helper is already installed into the /usr/share/doc/git/contrib/credential/gnome-keyring directory. However, if you try to simply run sudo make in that directory, it will fail. In order to make it work, you must first install some additional development libraries:

sudo apt install libgnome-keyring-dev

Once you’ve installed this additional package, running sudo make in that directory will quickly compile a binary named git-credential-gnome-keyring. Once you have that binary, then you can configure Git to use GNOME Keyring as a credential helper. You can do this a couple of different ways:

  1. You can use the git config command, like this:

     git config --global credential.helper /usr/share/doc/git/contrib/credential/gnome-keyring/git-credential-gnome-keyring
    
  2. You can edit ~/.gitconfig directly, using the text editor of your Continue reading

Spousetivities at AWS re:Invent

For the first time ever, Spousetivities will be at AWS re:Invent in Las Vegas! This means that IT pros traveling to Vegas can plan on bringing along their spouse, partner, significant other, or family member(s) and know that there are fun, safe, organized activities for them.

So what’s planned? Here’s a quick look:

  • More cooking fun with Chef Phillip Dell, a previous season winner on Food Network’s “Chopped” show
  • Hoover Dam and Grand Canyon tour (a must-see if you haven’t been before)
  • Vegas food tour (hosted by Chef Dell, of course!)

As is a tradition with Spousetivities, participants in the activities have the chance to win prizes like iPads, Bose headphones, VR headsets, and lots of other goodies.

Crystal’s blog post on the Spousetivities site has a few more details, and registration is open right now.

Technology Short Take #73

Welcome to Technology Short Take #73. Sorry for the long delay since the last Technology Short Take; personal matters have been taking quite the toll (if you follow me on Twitter, you’ll know to what personal matters I’m referring). In any case, enough of that—here’s some data center-related content that I hope you find useful!

Networking

  • Ansible has made some good progress in supporting network automation in the latest release (2.2), according to this blog post. This is an area where I hope to spend more time in the coming weeks before years’ end.
  • Tomas Fojta shows how to use a PowerShell script to monitor the health of NSX Edge gateways.
  • Jeremy Stretch mulls over the (perceived) problem of getting traffic into and out of overlay networks. I recommend reading this article, as well as reading the comments. Many commenters suggest just using L3 and having the hosts participate in a routing protocol like BGP, but as Jeremy points out many switches don’t have the capacity to handle that many routes. (Or, if they do, they’re quite expensive.) Seems like there’s this company in Palo Alto making a product that handles this issue pretty decently…(hint).
  • Cumulus Continue reading

An Introduction to the VirtualBox CLI

This post provides a basic introduction to the VirtualBox CLI (command-line interface) tool, vboxmanage. This post does not attempt to replace the comprehensive documentation; rather, its purpose is to help users who are new to vboxmanage (such as myself, having recently adopted VirtualBox for my Vagrant environments) get somewhat up to speed as quickly and as painlessly as possible.

Basic Commands

Let’s start with some basic operations. Here are a few to get you started:

  • To list all the registered VMs, simply run vboxmanage list vms. Note that if you are using Vagrant with VirtualBox, this command will also show VirtualBox VMs that have been instantiated by Vagrant. Similarly, if you are using Docker Machine with VirtualBox, this command will show you VMs created by Docker Machine.

  • To list all the running VMs, use vboxmanage list runningvms.

  • To start a VM, run vboxmanage startvm <name or UUID>. You can optionally specify a --type parameter to control how the VM is started. Using --type gui will show it via the host GUI; using --type headless means you’ll need to interact over the network (typically via SSH). To emulate Vagrant/Docker Machine-like behavior, you’d use --type headless.

  • Once a VM is Continue reading

Thinking Out Loud: The Future of Kubernetes

I’ve just wrapped up KubeCon/CloudNativeCon 2016 in Seattle, WA. There’s no doubt the Kubernetes community is active and engaged, and the project itself is charging forward. As both the community and the project grow, though, what does that mean for the future of Kubernetes?

Here are my thoughts, hopefully presented in a somewhat logical fashion.

It seems to me that Kubernetes has been successful thus far because of a strong focus on the problem it’s trying to solve. You can see this in the Kubernetes web site, where phrases like “Production-Grade Container Orchestration” and “Automated container deployment, scaling, and management” are found. You can see this in the API abstractions Kubernetes uses (a pod as a group of co-located containers, a service as a stable access point for sets of pods, etc.). You can see it in the real-world customer deployments and use cases. Kubernetes seems focused on addressing the needs of container-based microservices-centric application architectures.

However, there now seem to be some efforts to push Kubernetes to support other types of applications as well. One could look at DaemonSets (which are used to ensure that a particular pod is always running on every node; useful for “infrastructure” services Continue reading

Managing AWS Infrastructure with Ansible

In this post, I’m going to discuss some concepts behind managing your Amazon Web Services (AWS) infrastructure using Ansible. Ansible is a very popular tool for configuring operating system instances and software; using the concepts and examples provided in this post would allow you to expand your use of Ansible to include—when using AWS—the creation and deletion of the operating system instances themselves, as well as related infrastructure components (like security groups or other services).

Preface

Before I continue, I’d like to first discuss the “fit” of using Ansible for this particular purpose. Ansible doesn’t store the state of managed systems. Perhaps this is due to the agentless architecture; I don’t know. What that means in this particular use case is that you must take other steps to store information you’ll absolutely need like instance IDs, security group IDs, and the like because Ansible itself doesn’t. In my mind, this makes Ansible a less-than-ideal tool for this particular use case. That doesn’t mean Ansible isn’t a good tool; it just means that Ansible may not be the best tool for this particular purpose. (Think of it like this: Yes, you can sometimes unscrew something using a knife, but a screwdriver Continue reading

Vagrant-Photon OS Bug and Workaround

I recently came across a bug in using VMware Photon OS with Vagrant, and so in this post I’m going to point out this bug and provide a workaround. The bug is, fortunately, pretty innocuous, and only affects Vagrant environments that configure additional network interfaces to Photon OS VMs. The workaround is equally easy, thankfully.

First, I’ll point out that the fix for this bug has already been pushed to Vagrant, but it hasn’t yet (as of this writing) made it into a release. Vagrant 1.8.6 was the latest release of this writing, and it still exhibits the bug.

There are a number of somewhat-interrelated issues:

  1. First, the “vagrant-guests-photon” Vagrant plugin (latest version is 1.0.4) is no longer needed. This code has been replaced by code that is distributed as part of Vagrant itself. This wouldn’t normally be an issue, except that…

  2. The plugin relies on awk, which is no longer included in recent releases of the Photon OS Vagrant box. I can’t tell you exactly when this started, but I can confirm the last couple of releases (1.2.0 and 1.2.1) are definitely affected.

  3. Finally, the code which replaces the Continue reading

VMworld EMEA 2016 Day 2 Keynote

This is a liveblog of the day 2 general session at VMworld EMEA 2016 in Barcelona, Spain. I wasn’t able to write a liveblog of the day 1 session due to some scheduling/logistical conflicts, but managed to get things arranged for day 2 (well, most of it—I’ll have to cut this short so I can get to a customer meeting).

At 9am, Sanjay Poonen takes the stage to kick off the general session. Poonen walks through a number of examples how “digital transformation” is affecting businesses and organizations across a variety of industry verticals. Poonen positions Workplace One as the “Switzerland” solution that bridges different kinds of applications (Windows client-server apps, web apps, and mobile apps) with different kinds of devices (Apple, Google, Samsung, Microsoft). The key ingredients of Workspace One are VDI, EMM, and identity.

Poonen quickly transitions into a demo of Workspace One on an iPhone, showing off how VMware employees use Workspace One to run apps like Workday, Concur, ADP, Boxer (VMware’s mobile e-mail client), AirWatch Content Locker, and others. The demo then moves into a demonstration of VDI, including 3-D accelerated graphics, on a Samsung Android tablet. Following the demo, Poonen kicks off a customer testimonial Continue reading

Technology Short Take #72

Welcome to Technology Short Take #72. Normally, I try to publish these on Fridays, but some personal travel prevented that this time around so I’m publishing on a Monday instead. Enough of that, though…bring on the content! As usual, here’s my random collection of links, articles, and thoughts about various data center technologies.

Networking

A Triple-Provider Vagrant Environment

In this post, I’d like to share with you some techniques I used to build a triple-provider Vagrant environment—that is, a Vagrant environment that will work unmodified with multiple backend providers. In this case, it will work (mostly) unmodified with AWS, VirtualBox, and the VMware provider (tested with Fusion, but should work with Workstation as well). I know this may not seem like a big deal, but it marks something of a milestone for me.

Since I first started using Vagrant a couple of years ago, I’ve—as expected—gotten better and better at leveraging this tool in a flexible way. You can see this in the evolution of the Vagrant environments found in my GitHub “learning-tools” repository, where I went from hard-coded data values to pulling data from external YAML files.

One thing I’d been shooting for was a Vagrantfile that would work with multiple backend providers without any modifications, and tonight I managed to build an environment that works with AWS, VirtualBox, and VMware Fusion. There are still a couple of hard-coded values, but the vast majority of information is pulled from an external YAML file.

Let’s take a look at the Vagrantfile that I created. Here’s Continue reading

Why I’m Now Using VirtualBox with Vagrant

One of the things I often tell people is, “Use the right tool for the job.” As technologists, we shouldn’t get so locked onto any one technology or product that we can’t see when other technologies or products might solve a particular problem more effectively. It’s for this reason that I recently made VirtualBox—not VMware Fusion—my primary virtualization provider for Vagrant environments.

I know it seems odd for a VMware employee to use/prefer a non-VMware product over a competing VMware product. I’ve been a long-time Fusion user (since 2006 when I was part of the original “friends and family” early release). Since I started working with Vagrant about two years ago, I really tried to stick it out with VMware Fusion as my primary virtualization provider. I had a ton of experience with Fusion, and—honestly—it seemed like the right thing to do. After a couple of years, though, I’ve decided to switch to using VirtualBox as my primary provider for Vagrant.

Why? There’s a few different reasons:

  1. Greater manageability: VirtualBox comes with a really powerful CLI tool, vboxmanage, that lets me do just about anything from the command line. In fact, the VirtualBox documentation refers to Continue reading

Installing a Specific Version of Docker Engine

In this post, I’m going to show you how to install a specific version of the Docker Engine package on Ubuntu. While working on a side project (one that will hopefully bear fruit soon), I found myself in need of installing a slightly older version of Docker Engine (1.11 instead of 1.12, to be specific). While this task isn’t hard, it also wasn’t clearly spelled out anywhere, and this post aims to help address that shortcoming.

If you’ve followed the instructions to add the Docker Apt repos to your system as outlined here, then installing the Docker Engine (latest version) would be done something like this:

apt-get install docker-engine

If you do an apt-cache search docker-engine, though, you’ll find that the “docker-engine” package is a metapackage that refers to a variety of different versions of the Docker Engine. To install a specific version of the Docker Engine, then, simply append the version (as described by the results of the apt-cache search docker-engine command) to the end, like this:

apt-get install docker-engine=1.11.2-0~trusty

This will install version 1.11.2 of the Docker Engine.

You’ll use the same syntax when you need to install a specific Continue reading

Spousetivities in Barcelona

If you’re going to be in Barcelona for either VMworld EMEA (running the week of October 17) or the fall 2016 OpenStack Summit (running the week of October 24), then I recommend you plan for your spouse/partner/girlfriend/boyfriend/whatever to join you for what I believe are some pretty spectacular Spousetivities.

VMworld EMEA

First, let’s have a quick look at the activities planned around VMworld EMEA. What’s in store? Here’s a quick sneak peek (check out the registration page for full details):

  • Sailing the Mediterranean off the coast of Barcelona
  • A casual 3-hour bike tour of Barcelona with tapas
  • Walking tour of Barcelona with wine and food tastings
  • A visit to Montserrat, with an opportunity to hear the famed Boys’ Choir and see one of the black Madonnas of Europe
  • A full-day trip to the French Pyrenees for a mix of Catalan, Spanish, and French culture
  • A full-day tour of Roman Tarragona and a visit to the Cistercian monastery of El Poblet

Tickets for all these events are available now. These events were sponsored by VMware NSX, Veeam, VMUG, and TVP Strategy.

OpenStack Summit Barcelona

If you’re coming to Barcelona for the OpenStack Summit instead (or perhaps staying over Continue reading

Using Vagrant with AWS

In this post, I’d like to describe how to use Vagrant with AWS, as well as provide a brief description of why this combination of technologies may make sense for some use cases. In some respects, this post is similar to my posts on using Docker Machine with OpenStack and using Vagrant with OpenStack in that combining Vagrant with AWS creates another clean “provider/consumer” model that makes it easy for users to consume infrastructure.

If you aren’t already familiar with Vagrant, I’d highly recommend first taking a look at my introduction to Vagrant, which provides an overview of the tool and how it’s used.

Prerequisites

Naturally, you’ll need to first ensure that you have Vagrant installed. This is really well-documented already, so I won’t go over it here. Next, you’ll need to install the AWS provider for Vagrant, which you can handle using this command:

vagrant plugin install vagrant-aws

Once you’ve installed the vagrant-aws plugin, you’ll next need to install a box that Vagrant can use. Here, the use of Vagrant with AWS is a bit different than the use of Vagrant with a provider like VirtualBox or VMware Fusion/VMware Workstation. In those cases, the box Continue reading

A Follow Up on SSH Bastion Hosts

This post is a follow-up on my earlier post on using an SSH bastion host. Since that article was published, I’ve gotten some additional information that I wanted to be sure to share with my readers. It’s possible that this additional information may not affect you, but I’ll allow you to make that determination based on your use case and your specific environment.

Agent Forwarding

You may recall that my original article said that you needed to enable agent forwarding, either via the -A command-line switch or via a ForwardAgent line in your SSH configuration file. This is unnecessary. (Thank you to several readers who contacted me about this issue.) I tested this several times using AWS instances, and was able to transparently connect to private instances (instances without a public IP address) via a bastion host without enabling agent forwarding. This is odd because almost every other tutorial I’ve seen or read instructs readers to enable agent forwarding. I’ve not yet determined why this is the case, but I’m going to do some additional testing and I’ll keep readers posted as I learn more.

Note that I’ve updated the original article accordingly.

The “-W” Parameter vs. Netcat

The Continue reading

Technology Short Take #71

Welcome to Technology Short Take #71! As always, I have a list of links related to various data center technologies found below; hopefully something here proves useful.

Networking

Servers/Hardware

Security