slowe

Author Archives: slowe

Using Terraform to Build an etcd2 Cluster on OpenStack

In this post I’ll build on my earlier introduction to Terraform to show a practical example of using Terraform to build a CoreOS-based etcd2 cluster on OpenStack. This information is based upon a demo that I created for a session at the Austin OpenStack Summit in late April, so all the files I reference in this post are available in the GitHub repo for that session.

You may recall that Terraform is a platform-independent orchestration tool that allows you to create configurations (in either Terraform format or JSON format) specifying resources to be created/modified/deleted. This allows users to take an “infrastructure as code” approach where infrastructure configuration can be declaratively defined and managed via well-known version control mechanisms. In my previous post, I used JSON for the Terraform configurations; in this post, I’ll use the “standard” Terraform format.

As in the intro to Terraform post, I’ll use three different files:

  • The vars.tf file, which contains variables we’ll reference later
  • The main.tf file, which has the actual resource definitions
  • The output.tf file, which will provide some feedback to the user on the resources being created by Terraform (in this case, IP addresses)

Note that there’s no Continue reading

Building a VMware-Formatted Cumulus VX Vagrant Box

In this post, I’m going to walk you through the process I used to build a Vagrant box for Cumulus VX that will work with VMware desktop hypervisors (like VMware Fusion or VMware Workstation). Although Cumulus Networks offers several different versions of Cumulus VX to download, they do not (strangely enough) offer a Vagrant box that will work with VMware’s desktop hypervisors.

If you’re not familiar with Cumulus VX, it’s a virtual appliance version of Cumulus Linux. This allows you to test Cumulus Linux without needing compatible network hardware. This is really handy for testing configuration management tools against Cumulus Linux, for testing complex topologies before you implement them in production, or just for getting a feel for how Cumulus Linux works.

Naturally, this sounds like a perfect fit to use with Vagrant, so if you’re interested—as I am/was—in running Cumulus VX with Vagrant using a VMware desktop hypervisor, then the process described below should get you all fixed up.

First, you’ll want to get a hold of the VMware version of Cumulus VX. Navigate over to the Cumulus VX download page (a free registration is required), and download the VMware version. This will download an OVA file. Don’t Continue reading

Installing Ansible 2.x in a Python Virtualenv on OS X

In this post, I’m going to walk you through the steps to install Ansible 2.x into a Python virtual environment (virtualenv) on OS X. There’s nothing terribly hard or unusual about this process, but I wanted to document it here for folks who might be new to the process (or who might be interested in why using this approach could be beneficial).

I’m stumbled into this process because I had been using Ansible 1.9.x and wanted to upgrade to Ansible 2.x so that I could use some of the new OpenStack-related modules. (These are modules that allow you to manipulate OpenStack-based resources, like instances or networks, using Ansible playbooks, and they were introduced with the release of Ansible 2.x.) The new modules had some additional Python dependencies, and installing these Python dependencies on OS X can be challenging at times (due to System Integrity Protection [SIP]). For example, installing the shade module on my OS X El Capitan system ran afoul of SIP.

The answer is to use Python virtual environments (aka “virtualenvs”). Virtualenvs provide a mechanism whereby you can isolate Python dependencies between different Python-based projects. You create a Python virtualenv, then Continue reading

Prayer Time at the Austin Summit

A large portion of the OpenStack community is gathered in Austin this week for the Spring 2016 OpenStack Summit. As I’ve done at previous Summits (and other events), I’m offering to gather with other Christian believers for a brief time of prayer in the mornings before the sessions kick off each day.

Normally I get these arranged much earlier, so I apologize for not getting this out there sooner. That being said, if you’re a Christian and interested in gathering for a brief time of prayer, we will be meeting outside the Austin Convention Center at 8:30 am. We’ll meet along East 4th Street, on the convention center side of the Downtown Station.

Anyone is welcome to join us, but please note that this will be a distinctly Christian-focused and Christ-centered event.

You don’t need to RSVP or let me know you’ll be there; just feel free to stop by. I hope to see you there!

Technology Short Take #65

Welcome to Technology Short Take #65! As usual, I gathered an odd collection of links and articles from around the web on key data center technologies and trends. I hope you find something useful!

Networking

  • Michael Ryom has a nice (but short) article on using Log Insight along with a NetFlow proxy to help provide more detailed visibility into traffic flows between VMs on NSX logical networks.
  • Brent Salisbury has an article on GoBGP, a Go-based BGP implementation. BGP seems to be emerging as an early front-runner for a standards-based control plane for software networking. Couple something like GoBGP with IPVLAN L3 (see Brent’s article) and you’ve got a new model for your data center network.
  • Andy Hill has an article on doing rolling F5 upgrades using Ansible.
  • Filip Verloy has an article that discusses the integration between Nuage Networks and Fortinet.
  • This should probably go in the “Cloud Computing/Cloud Management” section, but the boundaries between areas are getting more and more blurry every day. (Thankfully, due to LASIK my vision is sharper than ever.) In any case, here’s a post by Marcos Hernandex on the use of subnet pools in OpenStack. Although Marcos’ post discusses them Continue reading

Technology Short Take #64

Welcome to Technology Short Take #64. Normally, I try to publish Short Takes on Friday, but this past Friday was April Fools’ Day. Given the propensity for “real” information to get lost among all the pranks, I decided to push this article back to today. Unlike most of what is published around April Fools’ Day, hopefully everything here is helpful, informative, and useful!

Networking

Docker Machine, OpenStack, and SSH Keys

I wanted to provide readers a quick “heads up” about some unexpected behavior regarding Docker Machine and OpenStack. It’s not a huge deal, but it could catch someone off-guard if they aren’t aware of what’s happening.

This post builds on the earlier post I published on using Docker Machine with OpenStack; specifically, the section about using Docker Machine’s native OpenStack driver to provision instances on an OpenStack cloud. As a quick recap, recall that you can provision instances on an OpenStack cloud (and have Docker Engine installed and configured on those instances) with a command like this:

docker-machine create -d openstack 
--openstack-flavor-id 3 
--openstack-image-name "Ubuntu 14.04.3 LTS x64" 
--openstack-net-name lab-net-5 
--openstack-floatingip-pool ext-net-5 
--openstack-sec-groups docker,basic-services
instance-name

(Note that I didn’t include all of the optional parameters; refer to either my earlier blog post or the Docker Machine OpenStack driver reference for more details).

One of the optional parameters for Docker Machine’s OpenStack driver is the --openstack-keypair-name parameter, which allows you to specify the name of an existing keypair to use with instances created by Docker Machine. If you omit this parameter, as I have above, then Docker Machine will auto-generate a new SSH Continue reading

Spousetivities at OpenStack Summit in Austin

Long-time readers know that my wife, Crystal, has been running this thing called Spousetivities for a few (OK, eight) years now. While Spousetivities originally started out as a VMworld thing, it rapidly expanded, and this year Spousetivities will be at a number of events. That includes the spring OpenStack Summit in Austin, TX!

If you’re planning to attend the Summit in Austin, why not bring your spouse/fiancé/partner/significant other with you? I can tell you from personal experience that having him or her there with you makes the conference experience more pleasant. In this particular case, Austin is a great place to visit in April and it is very affordable. Besides, Spousetivities has a great set of activities planned to keep your traveling companion(s) entertained while you’re at the conference.

Here’s a quick look at some of what’s planned for that week:

  • Explore Austin via a unique scavenger hunt experience, complete with prizes
  • Cruise the lake on private, luxury paddle-wheel boat while enjoying a delicious catered lunch
  • BBQ galore—after all, this is the BBQ capital and Spousetivities will make sure you get to try the famous BBQ of the Salt Lick
  • Quaint and relaxing tour of historic Fredericksburg

On the Spousetivities Continue reading

Adding Git and Docker Machine Awareness to OS X

In this post I’m going to share how to add some Git and Docker Machine “awareness” to your OS X Bash prompt. This isn’t anything new; these tricks are things that Bash users have been employing for years, especially on Linux. For most OS X users, though, I think these are tricks/tools that aren’t particularly well-known so I wanted to share them here.

I’ll divide this post into two sections:

  1. Adding Git awareness to your Bash prompt
  2. Adding Docker Machine awareness to your Bash prompt

Please note that I’ve only tested these on El Capitan (OS X 10.11), but it should work similarly for most recent versions of OS X.

Before I get started, allow me to explain what I mean by “awareness”:

  • For Git, it’s the ability to show the currently checked-out Git branch in your Bash prompt as well as tab completion for Git commands, branches, and remotes.
  • For Docker Machine, it’s the ability to show the currently-active machine (made active via eval $(docker-machine env <name>)) in your Bash prompt as well as tab completion for most Docker Machine commands and machines.

Ready? Let’s get started!

Adding Git Awareness to your Bash Prompt

To add some Continue reading

Docker Swarm on AWS using Docker Machine

In this post I’m going to talk about how to use Docker Machine to build a Docker Swarm cluster on Amazon Web Services (AWS). This post is an adaptation of this Docker documentation post that shows how to build a Swarm cluster using VirtualBox.

This post builds on the earlier post I wrote on using Docker Machine with AWS, so feel free to refer back to that post for more information or more details anywhere along the way.

At a high level, the process looks like this:

  1. Obtain a Swarm cluster token.
  2. Provision the Swarm master.
  3. Provision the Swarm nodes.

Let’s take a look at these steps in a bit more detail.

Obtain a Swarm Cluster Token

There’s at least a couple ways to do this, but they pretty much all involve a Linux VM using the Swarm Docker image. It’s up to you exactly how you want to do this—you can use a local VM, or you can use an AWS instance. The Docker documentation tutorial uses a local VM with the VirtualBox driver:

docker-machine create -d virtualbox local
env $(docker-machine env local)
docker run swarm create

The first command above creates a VirtualBox VM (named “local”) and Continue reading

Learning Tools Updates

One of the projects that I started last year was my GitHub “learning-tools” repository, in which I store tools (of various sorts) to help with learning new technologies. Many of these tools are Vagrant environments, but some are sample templates for other tools like Terraform. I recently made some updates to a couple of the tools in this repo, so I wanted to briefly update my readers.

Docker with IPVLAN L2 Interfaces

This area of the repository was already present, but I had a note in the repo’s main README.md noting that it wasn’t fully functional. After having to work through some other issues (issues that resulted in this blog post), I was finally able to create the tools and assets to make this environment easily repeatable. So, if you’d like to work with Docker using IPVLAN interfaces in L2 mode, then have a look in the docker-ipvlan folder of the repository. The folder-specific README.md is pretty self-explanatory, but if you run into any problems or issues feel free to open a GitHub issue.

Docker with IPVLAN L3 Interfaces

This is an entirely new area of the repo. Thanks in part to being able to complete Continue reading

Using Docker Machine with AWS

As part of a broader effort (see the post on my 2016 projects) to leverage public cloud resources more than I have in the past, some Docker Engine-related testing I’ve been conducting recently has been done using AWS EC2 instances instead of VMs in my home lab. Along the way, I’ve found Docker Machine to be quite a handy tool, and in this post I’ll share how to use Docker Machine with AWS.

By and large, using Docker Machine with AWS is pretty straightforward. You can get an idea of what information Docker Machine needs by running docker-machine create -d amazonec2 --help. (You can also view the documentation for the AWS driver specifically.) The key pieces of information you need are:

  • --amazonec2-access-key: This is your AWS access key. Docker Machine can read it from the $AWS_ACCESS_KEY_ID environment variable, or—if you have the AWS CLI installed—Docker Machine can read it from there.
  • --amazonec2-secret-key: This is your AWS secret key. As with the AWS access key, Docker Machine can read this from an environment variable ($AWS_SECRET_ACCESS_KEY) or from the AWS CLI credentials file (by default, found in ~/.aws/credentials).
  • --amazonec2-region: The AWS driver defaults to Continue reading

Vagrant, Ubuntu “Wily Werewolf,” and Networking

In what has been a fairly classic “yak shaving” exercise, I’ve been working on getting Ubuntu 15.10 “Wily Werewolf” running with Vagrant so that I can perform some testing with some other technologies that need a Linux kernel version of at least 4.2 (which comes with Ubuntu 15.10 by default). Along the way, I ran smack into a problem with Ubuntu 15.10’s networking configuration when used with Vagrant, and in this post I’m going to explain what’s happening here and provide a workaround.

The issue (described here on GitHub, among other places) involves a couple of changes in Ubuntu Linux (and upstream Debian GNU/Linux as well, although I haven’t personally tested it). One of the changes is in regards to how network interfaces are named; instead of the “old” eth0 or eth1 naming convention, Ubuntu 15.10 now uses persistent interface names like ens32 or ens33. Additionally, an update to the “ifupdown” package now returns an error where an error apparently wasn’t returned before.

The end result is that when you try to create a Vagrant VM with multiple network interfaces, it fails. Using a single network interface is fine; the issue only rears its Continue reading

Technology Short Take #63

Welcome to Technology Short Take #63. I’ve managed to (mostly) get back to my Friday publishing schedule, though I’m running much later in the day this time around than usual. I’ll try to correct that for the next one. In any case, here’s another collection of links and articles from around the Net on the major data center technology areas. Have fun reading!

Networking

  • At DevOps Networking Forum 2016, I had the opportunity to share a presentation on some Linux networking options. If you’d like to see the presentation, it’s available on Slideshare and Speakerdeck. If you’d like to re-create the demo environment, check out the presentation’s GitHub repository. I’m also thinking of creating a video version of the presentation with some expanded content; I’d love to hear from readers if they would find that useful.
  • Here’s another topic that came up at the recent DevOps Networking Forum: Spotify’s SDN Internet Router (SIR). Here’s a two-part series (Part 1 and Part 2) that discusses the SIR, the motivations for building it, the challenges they faced in building SIR, and the solutions to those challenges. It’s a pretty interesting read, in my opinion.
  • I recently came across a couple Continue reading

On the Topic of Lock-In

While talking with customers over the past couple of weeks during a multi-country/multi-continent trip, one phrase that kept coming up is “lock-in”, as in “we’re trying to avoid lock-in” or “this approach doesn’t have any lock-in”. While I’m not a huge fan of memes, this phrase always brings to mind The Princess Bride, Vizzini’s use of the word “inconceivable,” and Inigo Montoya’s famous response. C’mon, you know you want to say it: “You keep using that word. I do not think it means what you think it means.” I feel the same way about lock-in, and here’s why.

Lock-in, as I understand how it’s viewed, is an inability to migrate from your current solution to some other solution. For example, you might feel “locked in” to Microsoft (via Office or Windows) or “locked in” to Oracle (via their database platform or applications), or even “locked in” to VMware through vCenter and vSphere. Although these solutions/platforms/products might be the right fit for your particular problem/need, the fact that you can’t migrate is a problem. Here you are, running a product or solution or platform that is the right fit for your needs, but because you may not be able Continue reading

Scaling Congress

(This post was written by Tim Hinrichs, Shawn Hargan, and Alex Yip.)

Policy is a topic that we’ve touched on before here at Network Heresy. In fact, policy was the focus of a series of blog posts: first describing the policy problem and why policy is so important, then describing the range of potential solutions, followed by a comparison of policy efforts within OpenStack, and finally culminating in a detailed description of Congress: a project aimed at providing “policy as a service” to OpenStack clouds. (Check out the OpenStack wiki page on Congress for more details on the Congress project itself.)

Like other OpenStack projects, Congress is moving very quickly. Recently, one of the lead developers of Congress summarized some of the performance improvements that have been realized in recent builds of Congress. These performance improvements include things like much faster query performance, massive reductions in data import speeds, and significant reductions in memory overhead.

If you’re interested in the full details on the performance improvements that the Congress team is seeing, go read the full post on scaling the performance of Congress over at ruleyourcloud.com. (You can also subscribe to the RSS feed Continue reading

Blog Migration in the Works

You might have noticed that blog content has been a bit sparse over the last few weeks. The reason I haven’t generated any new content is because all my spare time is taken up with preparing to migrate this site to a new hosting platform.

Sometime over the holiday season, I’ll be migrating this site from a hosted WordPress installation to Jekyll running on GitHub Pages. Given that I have 9 years of content (over 1,600 blog posts), this is a pretty fair amount of work.

Most of the “structural” work on the new site is already complete; you can get a preview of the site by visiting http://lowescott.github.io. There’s no content there yet (other than some boilerplate content), but you’ll be able to get a feel for how the new layout will look and work. As you can see, I’ll be using the Lanyon theme, which provides a nice clean layout and a good mobile as well as desktop experience.

There’s still some additional “structural” work to be done, such as adding support for comments (which will be handled via Disqus), but I hope to have that done in the next few days.

Once the Continue reading

On Policy in the Data Center: Congress

By Tim Hinrichs and Scott Lowe with contributions from Alex Yip, Dmitri Kalintsev, and Peter Balland

(Note: this post is also cross-published at RuleYourCloud.com, a new site focused on policy.)

In the first few parts of this series, we discussed the policy problem, we outlined dimensions of the solution space, and we gave a brief overview of the existing OpenStack policy efforts. In this post we do a deep dive into one of the (not yet incubated) OpenStack policy efforts: Congress.

Overview

Remember that to solve the policy problem, people take ideas in their head about how the data center ought to behave (“policy”) and codify them in a language the computer system can understand. That is, the policy problem is really a programming languages problem. Not surprisingly Congress is, at its core, a policy language plus an implementation of that language.

Congress is a standard cloud service; you install it on a server, give it some inputs, and interact with it via a RESTful API. Congress has two kinds of inputs:

  • The other cloud services you’d like it to manage (for example, a compute manager like OpenStack Nova and a network manager like OpenStack Continue reading

Removing OVS Configuration Settings

I’ve written quite a bit about Open vSwitch (OVS), but I realized recently that despite all the articles I’ve written I still haven’t talked about how to remove a configuration setting to OVS. I’m fixing that now with this article.

As part of my ongoing mission to give back to the open source community, I recently started making contributions and improvements to the OVS web site; specifically, I’ve been reformatting the configuration cookbooks to make them more readable (and to clean up the HTML source). Along the way, I’ve been adding small bits of content here and there. Most recently, I just updated the QoS rate-limiting entry, and I wanted to add information on how to remove the QoS settings.

Normally, you can remove an OVS configuration setting using the ovs-vsctl remove command. For example, if you set a VLAN tag on an port with this command:

ovs-vsctl set port vnet0 tag=100

Then you could remove that VLAN tag with this command:

ovs-vsctl remove port vnet0 tag 100

Note the slight syntactical difference in the two commands; the remove command expects four parameters.

It turns out, however, that this command won’t work for all configuration parameters. In some Continue reading

Technology Short Take #46

Welcome to Technology Short Take #46. That’s right, it’s time for yet another collection of links and articles from around the Internet on various data center-related technologies, products, projects, and efforts. As always, there is no rhyme or reason to my collection; this is just a glimpse into what I’ve seen over the past few weeks. I hope you are able to glean something useful.

Networking

  • This post by Matt Oswalt—the first in a series, apparently—provides a great introduction to 5 development tools for network engineers. I’ve already increased my usage of Git in an effort to become more fluent with this very popular version control tool, and I was already planning on exploring Jinja2 as well (these are both mentioned in Matt’s article). This is a really useful post and I’m looking forward to future posts in this series.
  • Matt also recently posted part 4 (of 5) in his series on SDN protocols; this post covers OpFlex and declarative networking.
  • It was good to read this post on Cumulus Linux first impressions by Jeremy Stretch. I’m a fan of Cumulus, but I’m admittedly a Linux guy (see here) so you might say I’m a bit biased. Jeremy is Continue reading