This is a liveblog of the session titled “Docker EE Deep Dive,” part of the Docker Best Practices track here at DockerCon EU 2017 in Copenhagen, Denmark. The speaker is Patrick Devine, a Product Manager at Docker. I had also toyed with the idea of attending the Cilium presentation in the Black Belt track, but given that I attended a version of that talk in Austin in April (liveblog is here), I figured I’d better stretch my boundaries and dig deeper into Docker EE.
Devine starts with a bit of information on his background, then provides an overview of the two editions (Community and Enterprise) of Docker. (Recall again that Docker is the downstream product resulting from the open source Moby upstream project.) Focusing a bit more on Docker EE, Devine outlines some of the features of Docker EE: integrated orchestration, stable releases for 1 year with support and maintenance, security patches and hotfixes backported to all supported versions, and enterprise-class support.
So what components are found in Docker EE? It starts with the Docker Engine, which has the core container runtime, orchestration, networking, volumes, plugins, etc. On top of that is Univeral Control Plane (UCP), which Continue reading
This is a liveblog of the day 2 keynote/general session here in Copenhagen, Denmark, at DockerCon EU 2017. Yesterday’s keynote (see the liveblog here) featured the hotly-anticipated Kubernetes announcement (I shared some thoughts here), so it will be interesting to see what Docker has in store for today’s general session.
At 9:02am, the lights go down and Scott Johnston, COO of Docker (@scottcjohnnston on Twitter), takes the stage. Johnston provides a brief recap of yesterday’s activities, from the keynote to the breakout sessions to the party last night, then dives into content focusing around modernizing traditional applications through partnerships. (If two themes have emerged from this year’s DockerCon EU, they are “Docker is a platform” and “Modernize traditional applications”.) Johnston shares statistics that show 50% of customers have leveraging hybrid cloud as a priority, and that increasing major release frequency is also a priority for enterprise IT organizations. According to Johnston, 79% of customers are saying that increasing software release velocity is a goal for their organizations. Continuing with the statistics, Johnston shows a very familiar set of numbers stating that 80% of the IT spend is on maintenance (I say familiar because these numbers Continue reading
Today at DockerCon EU, Docker announced that the next version of Docker (and its upstream open source project, the Moby Project) will feature integration with Kubernetes (see my liveblog of the day 1 general session). Customers will be able to choose whether they leverage Swarm or Kubernetes for container orchestration. In this post, I’ll share a few thoughts on this move by Docker.
First off, you may find it useful to review some details of the announcement via Docker’s blog post.
Done reviewing the announcement? Here are some thoughts; some of them are mine, some of them are from others around the Internet.
This is a liveblog of a Black Belt track session at DockerCon EU in Copenhagen. The session is named “Container-Relevant Kernel Developments,” and the presenter is Tycho Andersen.
Andersen first presents a disclaimer that the presentation is mostly a brain dump, and the he’s not personally responsible for a lot of the work presented here. In fact, all of the work Andersen will talk about is not yet merged upstream in the Linux kernel, and he doesn’t expect that they will be accepted upstream and see availability for average users.
The first technology Andersen talks about IMA (Integrity Management Association, I think?), which prevents user space from even opening files if they have been tampered with or modified in some fashion that violates policy. IMA is also responsible for allowing the Linux kernel to take advantage of a system’s Trusted Platform Module (TPM).
Pertinent to containers, Andersen talks about work that’s happening within the kernel development community around namespacing IMA. There are a number of challenges here, not all of which have been addressed or resolved yet, and Andersen refers attendees to the Linux Kernel mailing list (LKML) for more information.
Next, Andersen talks about the Linux audit log. Continue reading
This is a liveblog of the DockerCon EU session titled “LinuxKit Deep Dive”. The speakers are Justin Cormack and Rolf Neugebauer, both with Docker, and this session is part of the “Black Belt” track here at DockerCon.
So what is LinuxKit? It’s a toolkit, part of the Moby Project, that is used for building secure, portable, and lean operating systems for containers. It uses the moby tooling to build system images. LinuxKit uses YAML files to describe the complete system, and these files are consumed by moby to assemble the boot image and verify the signature. On top of that is containerD, which runs on-boot containers, service containers, and shutdown containers. Think of on-boot and shutdown containers as one-time containers that perform some task, either when the system is booting or shutting down (respectively).
LinuxKit was first announced and open sourced in April 2017 at DockerCon in Austin. Major additions since it was announced include:
After reviewing the changes Continue reading
This is a liveblog of the session titled “Rock Stars, Builders, and Janitors: You’re Doing it Wrong”. The speaker is Alice Goldfuss (@alicegoldfuss) from GitHub. This session is part of the “Transform” track at DockerCon; I’m attending it because I think that cultural and operational transformation is key for companies to successfully embrace new technologies like containers and fully maximize the benefits of these technologies. (There’s probably a blog post in that sentence.)
Goldfuss starts out by asking the audience some questions about what they’ve been doing for the last 3 months, and then informs the attendees that they are, in fact, part of the problem.
Goldfuss now digs into the meat of the presentation by covering some terminology. First, what is a rock star? They’re the idea person, the innovator. They’re curious, open-minded, iterating faster, and always looking for the new things and the new ideas. They’re important to our companies, but they do have some weaknesses. They get bored easily, they have no patience for maintenance, and they’re not used to thinking about end user experience. Thus, according to Goldfuss, you can’t have a team of only rock stars.
Next, Goldfuss talks aboutbuilders. Builders Continue reading
This is a liveblog of the day 1 keynote/general session at DockerCon EU 2017 in Copenhagen, Denmark. Prior to the start of the keynote, attendees are “entertained” by occasional clips of some Monty Python-esque production.
At 9:02, the lights go down and another clip appears, the first of several cliups that depict life “without Docker” and then again “with Docker” (where everything is better, of course). It’s humorous and a good introduction to the general session.
Steve Singh, CEO of Docker, now takes the stage to kick off the general session. Singh thanks the attendees for their time, discusses the growth of the Docker community and the Docker ecosystem, welcomes new members of the community (including himself), and positions Docker less as a container company and more as a platform company. (Singh comes to Docker from SAP, following SAP’s acquisition of Concur.) Singh pontificates for a few moments about his background, the changes occurring in the industry, and the “center stage front-row” seat that Docker has to witness—and affect/shape—these changes.
Singh pivots after a few minutes to talk about Docker growth in terms of specific metrics (21 million Docker hosts, for example). This allows him to return to the Continue reading
Welcome to Technology Short Take #88! Travel is keeping me pretty busy this fall (so much for things slowing down after VMworld EMEA), and this has made it a bit more difficult to stick to my self-imposed biweekly schedule for the Technology Short Takes (heck, I couldn’t even get this one published on Friday!). Sorry about that! Hopefully the irregular schedule is outweighed by the value found in the content I’ve collected for you.
Long-time readers/followers know that my wife, Crystal, runs a program called Spousetivities. This program organizes events for spouses/partners/significant others at IT industry conferences. This fall is a particularly busy season for Crystal and Spousetivities, as she’ll be organizing events at DockerCon EU, the fall OpenStack Summit, and AWS re:Invent! Here are some details on these upcoming events.
For the first time, Spousetivities will be present at DockerCon EU, taking place this year in Copenhagen, Denmark. There’s a great set of activities planned:
More information is available on the Spousetivities web site; if you’d like to register for any of the events, tickets are available right now.
Spousetivities returns to the fall OpenStack Summit, held this year in beautiful Sydney, Australia. Spousetivities is no stranger to the OpenStack Summits, having supported the OpenStack community for several years now.
Once again, Crystal has arranged a great set of activities in and around Sydney:
This blog post on the Spousetivities Continue reading
Welcome to Technology Short Take #87! I have a mix of newer and older items for you this time around. While I’m a bit short on links in some areas, hopefully this is outweighed by some good content in other areas. Here’s hoping you find something useful!
Over the last few days—prompted perhaps by my article with some additional information on my site migration—a few folks in the community have reached out to me to share some resources they thought I might find useful. In turn, I’d like to share them with you, my readers, in the event you might find them useful as well.
This is (clearly and obviously) not a comprehensive list, but here’s what folks have shared with me over the last few days:
s3_website. The main problem I have with this write-up is that it hides too many of the details, preventing (in my opinion) some of the valuable learning that can come from such an effort.I’ll update this Continue reading
HashiConf 2017 is a wrap for me, and as I’m sitting here at the airport lounge in Austin I’d thought I’d post links back to the liveblogs I published as well as a few thoughts on the conference overall.
First, here are links to the liveblogs published during the event:
I think it was a pretty good event. The venue (JW Marriott in Austin) seemed roughly appropriate for the number of attendees (around 800, I believe), although some additional seating during meal times would have been a good idea. The conference Wi-Fi was mostly OK, though it had its moments.
The quality of sessions varied; some sessions were very good; others, not so much (unfortunately). It would have been good to see a clearer breakdown of the sessions according to area/theme. They had 3 content tracks, but it wasn’t really clear to me if the tracks had any central theme. I, personally, bounced around all three tracks.
I did like the inclusion of high-top tables at the Continue reading
This is a liveblog of the HashiConf 2017 session titled “Cloud Native Infrastructure.” The speaker is Kris Nova, a Senior Developer Advocate at Microsoft. Kris, along with Justin Garrison, authored the O’Reilly Cloud Native Infrastructure book (more information here). As one of the last sessions (if not the last session) I’ll be able to attend, I’m looking forward to this session.
Kris is a self-confessed Linux lover, loves writing in Golang, is a Kubernetes maintainer, and works on Azure at Microsoft.
So, what is “cloud-native infrastructure”? To answer that, Nova first tries to answer “what is a cloud?” Nova breezes by that definition without going into any real detail (or any real definition), and proceeds to talk about what infrastructure is. Again, Nova breezes by that without providing any real definition or depth, and proceeds to ask “Why is infrastructure better in the cloud?” According to Nova, infrastructure is better in the cloud because management can be as simple as an HTTP request. The next few slides in Nova’s presentation compare the “traditional” ways of managing infrastructure (provisioning switches, patching cables, troubleshooting problems) are now, when infrastructure is in the cloud, as simple as a series Continue reading
This is a liveblog of the day 2 keynote (general session) at HashiConf 2017 in Austin, TX. Speakers today will (apparently, based on the schedule) include someone from Amazon Web Services and Kelsey Hightower from Google.
The keynote starts off with a photo montage of attendees, sessions, and speakers from the previous day, focusing mostly on the evening party (a pretty traditional thing for most conferences). The photo montage is followed by a gentleman (he doesn’t identify himself) who kicks off the keynote by bringing out Seth Vargo, Director of Technical Advocacy at HashiCorp.
Vargo’s presentation is titled “The Ecological Impact of Compute,” and discusses the environmental impact of cloud computing and the pervasive use of computing/compute power around the world. Vargo presents statistics that show on-premises data centers actually consume more electricity than the mega-scale cloud providers, and that getting these people onto a cloud provider would actually reduce overall power consumption (and, by extension, environmental impacts related to power consumption). Toward the end of Vargo’s presentation, it starts to feel more like a sales pitch for Nomad couched in environmental awareness.
At this point, Vargo introduces Kelsey Hightower, Senior Developer Advocate from Google. Hightower’s talk is about “Hashinetes,” Continue reading
This is a liveblog for the HashiConf 2017 session titled “Terraform Abstractions for Safety and Power.” The speaker is Calvin French-Owen, Founder and co-CTO at Segment.
French-Owen starts by describing Segment, and providing a quick overview of Segment’s use of Terraform. Segment is all on AWS, and is leveraging ECS (Elastic Container Service) to schedule containers. Segment’s journey with Terraform started about 2.5 years ago. They now have 30-50 developers interacting with Terraform weekly, and Terraform is managing tens of thousands of AWS resources.
Digging into the meat of the presentation, French-Owens starts by answering the question, “Why is safety such a big deal?” There’s more to the puzzle than just preventing downtime. To illustrate that point, French-Owens shares some conclusions from an academic paper that explores why developers choose software programs. It turns out that to scale adoption, you must reduce the risk of adoption (developers avoid programs based on risk).
Naturally, French-Owens talks about how Terraform can “feel scary” since it’s so easy to destroy a bunch of infrastructure with only terraform destroy.
Before moving into a discussion on how to make Terraform feel less scary, French-Owens first covers some “Terraform nouns” (HCL, HashiCorp Configuration Continue reading
This is a liveblog of the HashiConf 2017 breakout session titled “Journey to the Cloud with Packer and Terraform,” presented by Nadeem Ahmad, a senior software developer at Box.
Ahmad starts with a quick review of Box, but (thankfully) transitions quickly to his particular team at Box (the Productivity Engineering team). His team’s customers are the software developers at Box, and it’s his team’s job to help make them more productive and efficient. One of the tools that Ahmad’s team built was a tool called Cluster Runner, which is intended to streamline running unit and integration tests on the code the developers were writing.
This brings Ahmad to the crux of this presentation, which is telling the story of how Box went from a bare-metal environment to a cloud-based architecture. The purpose of this migration was to address some of the limitations of their bare-metal environment (inelastic, divergent host configurations over time, etc.). Box leveraged Platform9 to build an OpenStack-based private cloud, with the intent of switching to AWS, GCP, or Azure in the future as private cloud resources aged out.
Ahmad next goes into why Box selected the process they did; they wanted to move away from configuration Continue reading
This is a liveblog from the day 1 keynote (general session) at HashiConf 2017 in Austin, TX. I’m attending HashiConf this year as an “ordinary attendee” (not working or speaking), and so I’m looking forward to being able to actually sit in on sessions for a change.
At 9:43am, the keynote kicks off with someone (I don’t know who, he doesn’t identify himself) who provides some logistics about the event, the Wi-Fi, asking attendees to tweet, etc. After a couple minutes, he brings out Mitchell Hashimoto, Founder and co-CTO of HashiCorp, onto the stage.
Hashimoto starts out his talk by reviewing a bit of the history and growth of both HashiConf (and, indirectly, HashiCorp). Last year, HashiCorp has grown from about 50 employees to now over 130 employees. HashiCorp has also seen significant community growth, Hashimoto says, and he reviews the growth in in the use of HashiCorp’s products (Vagrant, Packer, Terraform, Vault, Consul, and Nomad). Hashimoto also reviews the growth in their commercial products (Consul Enterprise, Vault Enterprise, and Terraform Enterprise). Hashimoto also discusses HashiCorp’s commitment to open source software and the desire to properly balance commercial (paid) products versus free (open source) projects.
Hashimoto now transitions his discussion Continue reading
One of the reasons I migrated this site to Hugo a little over a month ago was that Hugo offered the ability to do things with the site that I couldn’t (easily) do with Jekyll (via GitHub Pages). Over the last few days, I’ve taken advantage of Hugo’s flexibility to add a couple new features to the site.
New functionality that I’ve added includes:
Category- and tag-specific RSS feeds: Hugo can easily generate category- and tag-specific RSS feeds, enabling readers to subscribe to the RSS feed for a particular category or tag. On the taxonomy list pages—these are the pages that list all the posts found in a particular category or tag—there’s now a small link to the RSS feed for that specific category or tag. (As an example, checkout the list of posts in the “General” category.)
(Truly) Related posts: The “Related Posts” section at the bottom of posts has returned, thanks to new functionality found in Hugo 0.27 (functionality that was, apparently, inspired in part by my experiences—see the docs page). This section lists 3 posts that are considered by Hugo to be related, based on the category and tags assigned to the posts.
It’s Continue reading
As you may already know, I recently completed the migration of this site from GitHub Pages (generated using Jekyll) to S3/CloudFront and Hugo for static site generation. Since then, I’ve talked with a few readers who had additional questions about the site migration. I thought others might have the same questions, so I decided to gather the most common questions here and share the answers with everyone.
(For those who need a quick primer on how the site is set up/served, refer to this post.)
I’ll structure the rest of this post in a “question-and-answer” format.
Q: Why migrate away from Jekyll?
A: Some of this is tied up with GitHub Pages (see the next question), but the key things that drove me away were very slow build times (in excess of five minutes), limited troubleshooting, dealing with Ruby dependencies in order to run local Jekyll builds (needed to help with troubleshooting), and limited functionality (due in part to GitHub Pages’ restrictive support for plugins).
Q: Why migrate away from GitHub Pages?
A: If you’re happy with Jekyll (and it’s a fine static site generator for lots of folks), having it integrated on the backend with GitHub Pages Continue reading
During my too-brief stint using Fedora Linux as my primary laptop OS (see here for some details), I became attached to using GPG (GNU Privacy Guard)—in conjunction with Keybase—for signing Git commits and signing e-mail messages. Upon moving back to macOS, I found that I needed to set this configuration back up again, and so I thought I’d document it here in case others find it useful.
I’m making a couple assumptions here:
First, I’m assuming you’ve already signed up for Keybase, generated your proofs, installed the app (this provides the keybase CLI tool), and created a PGP key using Keybase. (Hard-core PGP/GPG users will probably prefer to create their key outside of Keybase and import it, but then again they aren’t necessarily the target audience for this article either.)
Second, I’m assuming you’ve already installed GPG on your Mac, typically via something like GPG Tools.
With those assumptions in mind, let’s assume that you’d like to be able to use the PGP key generated by/stored in Keybase with something like GPGMail. Here are the steps you’d need to follow to do that:
First, you’ll need to export the PGP public key out of Keybase and into Continue reading