Configuring Linux Policy Routing using Ansible

In this post, I’m going to talk about using Ansible to configure policy routing on Linux. If you’re not familiar with Linux policy routing, have a look at this post, and also review this post for one potential use case (I’m sure there are a number of other quite valuable use cases).

As you may recall from the policy routing introductory post, there are three steps involved in configuring policy routing:

1. You must define the new routing table in /etc/iproute2/rt_tables
2. You must add routes to the new routing tables
3. You must define rules for when the new routing table is consulted

All three of these tasks can be handled via Ansible.

To address step #1, you can use Ansible’s “lineinfile” module to add a reference to the new routing table in /etc/iproute2/rt_tables. For example, consider this Ansible task:

- lineinfile: dest=/etc/iproute2/rt_tables line="200 eth1"

This snippet of Ansible code would add the line “200 eth1” to the end of the etc/iproute2/rt_tables file (if the line does not already exist). This takes care of task #1.

For tasks #2 and #3, you can use a Jinja2 template. Because the creation of the policy routing rule and the routing table entries can Continue reading

Technology Short Take #67

Welcome to Technology Short Take #67. Here’s hoping something I’ve collected for you here proves useful!

Networking

• Anthony Burke has written a script that uses VMware NSX to protect VMware Log Insight instances. More information on the script is in his blog post.
• Russ White tackles the issue of networking engineers needing to learn to code. Is it necessary? Russ thinks so—but probably not for the reasons you might think. I tend to agree with Russ’ line of thinking.
• This article from Marcos Hernandez shows one way to do dynamic routing in OpenStack. It’s a bit of a hack, to be honest, but it gets the job done until dynamic routing makes its way into OpenStack Neutron (which looks like it may have landed in the Mitaka release—can anyone confirm?).
• Jason Messer has an article describing how networking works with Windows containers.
• Tom Hollingsworth discusses how the rise of overlay networks killed large layer 2 networks and tools for building large layer 2 networks, like TRILL.
• Dmitri Kalintsev examines some options for addressing storage-related connectivity in NSX environments.

Servers/Hardware

• Drew Conry-Murray shines a light on Intel’s network ambitions. This is something I’ve been watching for a couple of years, Continue reading

Spousetivities at DockerCon 2016

Long-time readers of my site know that my wife, Crystal, launched what is now known as Spousetivities at VMworld 2008. Since that time, she’s been able to organize activities for hundreds of companions at dozens of events around the world. This year she’s adding another event to the roster: DockerCon 2016 in Seattle!

That’s right, Crystal and Spousetivities will be available at DockerCon in Seattle. Here’s a quick look at some of the things she’s got planned:

• Morning yoga on both Monday and Tuesday (both days of the conference), led by a Docker employee
• Food tour plus a visit to Woodland Park Zoo (great option for attendees traveling with kids)
• Tours of Seattle on both Monday and Tuesday, including stops at the Space Needle, Pioneer Square, Pike Place Market, and the Kerry Park scenic overlook.
• Wine and chocolate tastings plus a visit to Sqonalmie Falls

All in all, it sounds like a great set of activities. Also, I’m very impressed that DockerCon is also offering childcare during the event. Between Spousetivities offering kid-friendly events both days and DockerCon providing childcare, there’s no reason not to bring the family with you to Seattle.

If you’re interested in signing up for any Continue reading

Podcast Update

As many of you probably know, I launched a new podcast, called the Full Stack Journey Podcast, back in January. (Here’s the blog post announcing the new podcast.) In this post, I wanted to provide a quick update on the podcast.

Dedicated Website Now Up

First, the podcast now has its own website! Like this site, the Full Stack Journey site is a Jekyll-powered site hosted on GitHub (here’s the site’s repository). I find the Jekyll+GitHub Pages workflow works really well for me, so leveraging the same workflow for the Full Stack Journey site—as opposed to using WordPress or some other CMS—will (hopefully) help make it easier to continue to produce and publish the podcast.

Late Episodes Available

The effort involved in getting the dedicated site up took up a fair amount of time over the last few weeks. This leads me to the second point, which is that I’ve published episode #4 with Brent Salisbury, and will soon (in the next few days) be publishing episode #5 with Patrick Kelso. These episodes are very late (sorry!). June’s episode shouldn’t be as late, and I’m aiming to be back on track with an early July Continue reading

Thoughts on Luminus Networks

Late last week, Cyrus Durgin from Luminus Networks published an article on SDx Central titled “The (R)evolution of Network Operations.” You may notice that my name is mentioned at the bottom of the article as someone who provided feedback. In this post, I’d like to share some thoughts—high-level and conceptual in nature—on network operations and Luminus Networks.

I was first introduced to Luminus Networks when I met its CEO, Kelly Wanser, at the Open Networking User Group (ONUG) meeting in New York City last November. We met again in the Denver area in late December, and Kelly gave me a preview of what Luminus was building. I must confess that I was immediately intrigued by what Kelly was describing. One key thing really jumped out at me: we need to treat the network as a system, not as a bunch of individual elements.

When it comes to network monitoring/management/operations, so many of the tools are focused on the individual elements that comprise a network: provisioning a switch, pushing configuration changes to a router or group of routers, polling counters from interfaces on switches, etc. While there’s nothing wrong with any of these things, it seems to me that there’s Continue reading

Technology Short Take #66

Welcome to Technology Short Take #66! In this post you’ll find a collection of links to articles about the major data center technologies. Hopefully something I’ve included here will be useful to you. Enjoy!

Networking

• I recently spoke at Interop 2016 in Las Vegas, and while I was there I scribbled down some notes pertaining to how decomposing applications into microservices-based architectures was similar in some respects to decomposing networks into an overlay network and an underlay (physical) network. It’s still something I’m exploring, but I hope to get something written up soon. In the meantime, I’d love to hear your thoughts about it. Feel free to hit me up on Twitter or drop me an e-mail.
• While I’m talking about the overlay/underlay model, I found this article by Tom Nolle discussing how using the overlay/underlay model could enable agile infrastructure. It’s a good post, well worth reading (in my opinion).

Servers/Hardware

Nothing this time around. Maybe next time?

Security

• In the event you’re interested in an idea of how much latency the use of in-kernel hypervisor firewalling (such as that offered by VMware NSX) adds, have a look at this article by Sean Howard.

Cloud Computing/Cloud Management

• Michael Wittig Continue reading

Using Terraform to Build an etcd2 Cluster on OpenStack

In this post I’ll build on my earlier introduction to Terraform to show a practical example of using Terraform to build a CoreOS-based etcd2 cluster on OpenStack. This information is based upon a demo that I created for a session at the Austin OpenStack Summit in late April, so all the files I reference in this post are available in the GitHub repo for that session.

You may recall that Terraform is a platform-independent orchestration tool that allows you to create configurations (in either Terraform format or JSON format) specifying resources to be created/modified/deleted. This allows users to take an “infrastructure as code” approach where infrastructure configuration can be declaratively defined and managed via well-known version control mechanisms. In my previous post, I used JSON for the Terraform configurations; in this post, I’ll use the “standard” Terraform format.

As in the intro to Terraform post, I’ll use three different files:

• The vars.tf file, which contains variables we’ll reference later
• The main.tf file, which has the actual resource definitions
• The output.tf file, which will provide some feedback to the user on the resources being created by Terraform (in this case, IP addresses)

Note that there’s no Continue reading

Building a VMware-Formatted Cumulus VX Vagrant Box

In this post, I’m going to walk you through the process I used to build a Vagrant box for Cumulus VX that will work with VMware desktop hypervisors (like VMware Fusion or VMware Workstation). Although Cumulus Networks offers several different versions of Cumulus VX to download, they do not (strangely enough) offer a Vagrant box that will work with VMware’s desktop hypervisors.

If you’re not familiar with Cumulus VX, it’s a virtual appliance version of Cumulus Linux. This allows you to test Cumulus Linux without needing compatible network hardware. This is really handy for testing configuration management tools against Cumulus Linux, for testing complex topologies before you implement them in production, or just for getting a feel for how Cumulus Linux works.

Naturally, this sounds like a perfect fit to use with Vagrant, so if you’re interested—as I am/was—in running Cumulus VX with Vagrant using a VMware desktop hypervisor, then the process described below should get you all fixed up.

First, you’ll want to get a hold of the VMware version of Cumulus VX. Navigate over to the Cumulus VX download page (a free registration is required), and download the VMware version. This will download an OVA file. Don’t Continue reading

Installing Ansible 2.x in a Python Virtualenv on OS X

In this post, I’m going to walk you through the steps to install Ansible 2.x into a Python virtual environment (virtualenv) on OS X. There’s nothing terribly hard or unusual about this process, but I wanted to document it here for folks who might be new to the process (or who might be interested in why using this approach could be beneficial).

I’m stumbled into this process because I had been using Ansible 1.9.x and wanted to upgrade to Ansible 2.x so that I could use some of the new OpenStack-related modules. (These are modules that allow you to manipulate OpenStack-based resources, like instances or networks, using Ansible playbooks, and they were introduced with the release of Ansible 2.x.) The new modules had some additional Python dependencies, and installing these Python dependencies on OS X can be challenging at times (due to System Integrity Protection [SIP]). For example, installing the shade module on my OS X El Capitan system ran afoul of SIP.

The answer is to use Python virtual environments (aka “virtualenvs”). Virtualenvs provide a mechanism whereby you can isolate Python dependencies between different Python-based projects. You create a Python virtualenv, then Continue reading

Prayer Time at the Austin Summit

A large portion of the OpenStack community is gathered in Austin this week for the Spring 2016 OpenStack Summit. As I’ve done at previous Summits (and other events), I’m offering to gather with other Christian believers for a brief time of prayer in the mornings before the sessions kick off each day.

Normally I get these arranged much earlier, so I apologize for not getting this out there sooner. That being said, if you’re a Christian and interested in gathering for a brief time of prayer, we will be meeting outside the Austin Convention Center at 8:30 am. We’ll meet along East 4th Street, on the convention center side of the Downtown Station.

Anyone is welcome to join us, but please note that this will be a distinctly Christian-focused and Christ-centered event.

You don’t need to RSVP or let me know you’ll be there; just feel free to stop by. I hope to see you there!

Technology Short Take #65

Welcome to Technology Short Take #65! As usual, I gathered an odd collection of links and articles from around the web on key data center technologies and trends. I hope you find something useful!

Networking

• Michael Ryom has a nice (but short) article on using Log Insight along with a NetFlow proxy to help provide more detailed visibility into traffic flows between VMs on NSX logical networks.
• Brent Salisbury has an article on GoBGP, a Go-based BGP implementation. BGP seems to be emerging as an early front-runner for a standards-based control plane for software networking. Couple something like GoBGP with IPVLAN L3 (see Brent’s article) and you’ve got a new model for your data center network.
• Andy Hill has an article on doing rolling F5 upgrades using Ansible.
• Filip Verloy has an article that discusses the integration between Nuage Networks and Fortinet.
• This should probably go in the “Cloud Computing/Cloud Management” section, but the boundaries between areas are getting more and more blurry every day. (Thankfully, due to LASIK my vision is sharper than ever.) In any case, here’s a post by Marcos Hernandex on the use of subnet pools in OpenStack. Although Marcos’ post discusses them Continue reading

Technology Short Take #64

Welcome to Technology Short Take #64. Normally, I try to publish Short Takes on Friday, but this past Friday was April Fools’ Day. Given the propensity for “real” information to get lost among all the pranks, I decided to push this article back to today. Unlike most of what is published around April Fools’ Day, hopefully everything here is helpful, informative, and useful!

Networking

• Phil Gervasi has an article on fate sharing in the network core, where he discusses some of the advantages—and disadvantages—of centralizing the control plane in network designs. The examples Phil uses include StackWise, Virtual Switching System, and Virtual Port Channels.
• Alban Crequy has a post on using Linux queueing disciplines (qdiscs, for short) to help with testing application behavior under degraded network conditions. This is really interesting and something that I want to explore in more detail.
• Cumulus Networks has added another hardware partner to its list of supported hardware partners; this time it’s Mellanox, as outlined in this SDx Central article.
• Carlos Cardenas has a great post that does a great job of explaining SAI (Switch Abstraction Interface) and switchdev, two key abstraction layers involved in building Linux-based network operating systems (NOSes). Carlos Continue reading

Docker Machine, OpenStack, and SSH Keys

I wanted to provide readers a quick “heads up” about some unexpected behavior regarding Docker Machine and OpenStack. It’s not a huge deal, but it could catch someone off-guard if they aren’t aware of what’s happening.

This post builds on the earlier post I published on using Docker Machine with OpenStack; specifically, the section about using Docker Machine’s native OpenStack driver to provision instances on an OpenStack cloud. As a quick recap, recall that you can provision instances on an OpenStack cloud (and have Docker Engine installed and configured on those instances) with a command like this:

docker-machine create -d openstack 
--openstack-flavor-id 3 
--openstack-image-name "Ubuntu 14.04.3 LTS x64" 
--openstack-net-name lab-net-5 
--openstack-floatingip-pool ext-net-5 
--openstack-sec-groups docker,basic-services
instance-name

(Note that I didn’t include all of the optional parameters; refer to either my earlier blog post or the Docker Machine OpenStack driver reference for more details).

One of the optional parameters for Docker Machine’s OpenStack driver is the --openstack-keypair-name parameter, which allows you to specify the name of an existing keypair to use with instances created by Docker Machine. If you omit this parameter, as I have above, then Docker Machine will auto-generate a new SSH Continue reading

Spousetivities at OpenStack Summit in Austin

Long-time readers know that my wife, Crystal, has been running this thing called Spousetivities for a few (OK, eight) years now. While Spousetivities originally started out as a VMworld thing, it rapidly expanded, and this year Spousetivities will be at a number of events. That includes the spring OpenStack Summit in Austin, TX!

If you’re planning to attend the Summit in Austin, why not bring your spouse/fiancé/partner/significant other with you? I can tell you from personal experience that having him or her there with you makes the conference experience more pleasant. In this particular case, Austin is a great place to visit in April and it is very affordable. Besides, Spousetivities has a great set of activities planned to keep your traveling companion(s) entertained while you’re at the conference.

Here’s a quick look at some of what’s planned for that week:

• Explore Austin via a unique scavenger hunt experience, complete with prizes
• Cruise the lake on private, luxury paddle-wheel boat while enjoying a delicious catered lunch
• BBQ galore—after all, this is the BBQ capital and Spousetivities will make sure you get to try the famous BBQ of the Salt Lick
• Quaint and relaxing tour of historic Fredericksburg

On the Spousetivities Continue reading

Adding Git and Docker Machine Awareness to OS X

In this post I’m going to share how to add some Git and Docker Machine “awareness” to your OS X Bash prompt. This isn’t anything new; these tricks are things that Bash users have been employing for years, especially on Linux. For most OS X users, though, I think these are tricks/tools that aren’t particularly well-known so I wanted to share them here.

I’ll divide this post into two sections:

1. Adding Git awareness to your Bash prompt
2. Adding Docker Machine awareness to your Bash prompt

Please note that I’ve only tested these on El Capitan (OS X 10.11), but it should work similarly for most recent versions of OS X.

Before I get started, allow me to explain what I mean by “awareness”:

• For Git, it’s the ability to show the currently checked-out Git branch in your Bash prompt as well as tab completion for Git commands, branches, and remotes.
• For Docker Machine, it’s the ability to show the currently-active machine (made active via eval $(docker-machine env <name>)) in your Bash prompt as well as tab completion for most Docker Machine commands and machines.

Ready? Let’s get started!

Adding Git Awareness to your Bash Prompt

To add some Continue reading

Docker Swarm on AWS using Docker Machine

In this post I’m going to talk about how to use Docker Machine to build a Docker Swarm cluster on Amazon Web Services (AWS). This post is an adaptation of this Docker documentation post that shows how to build a Swarm cluster using VirtualBox.

This post builds on the earlier post I wrote on using Docker Machine with AWS, so feel free to refer back to that post for more information or more details anywhere along the way.

At a high level, the process looks like this:

1. Obtain a Swarm cluster token.
2. Provision the Swarm master.
3. Provision the Swarm nodes.

Let’s take a look at these steps in a bit more detail.

Obtain a Swarm Cluster Token

There’s at least a couple ways to do this, but they pretty much all involve a Linux VM using the Swarm Docker image. It’s up to you exactly how you want to do this—you can use a local VM, or you can use an AWS instance. The Docker documentation tutorial uses a local VM with the VirtualBox driver:

docker-machine create -d virtualbox local
env $(docker-machine env local)
docker run swarm create

The first command above creates a VirtualBox VM (named “local”) and Continue reading

Learning Tools Updates

One of the projects that I started last year was my GitHub “learning-tools” repository, in which I store tools (of various sorts) to help with learning new technologies. Many of these tools are Vagrant environments, but some are sample templates for other tools like Terraform. I recently made some updates to a couple of the tools in this repo, so I wanted to briefly update my readers.

Docker with IPVLAN L2 Interfaces

This area of the repository was already present, but I had a note in the repo’s main README.md noting that it wasn’t fully functional. After having to work through some other issues (issues that resulted in this blog post), I was finally able to create the tools and assets to make this environment easily repeatable. So, if you’d like to work with Docker using IPVLAN interfaces in L2 mode, then have a look in the docker-ipvlan folder of the repository. The folder-specific README.md is pretty self-explanatory, but if you run into any problems or issues feel free to open a GitHub issue.

Docker with IPVLAN L3 Interfaces

This is an entirely new area of the repo. Thanks in part to being able to complete Continue reading

Using Docker Machine with AWS

As part of a broader effort (see the post on my 2016 projects) to leverage public cloud resources more than I have in the past, some Docker Engine-related testing I’ve been conducting recently has been done using AWS EC2 instances instead of VMs in my home lab. Along the way, I’ve found Docker Machine to be quite a handy tool, and in this post I’ll share how to use Docker Machine with AWS.

By and large, using Docker Machine with AWS is pretty straightforward. You can get an idea of what information Docker Machine needs by running docker-machine create -d amazonec2 --help. (You can also view the documentation for the AWS driver specifically.) The key pieces of information you need are:

• --amazonec2-access-key: This is your AWS access key. Docker Machine can read it from the $AWS_ACCESS_KEY_ID environment variable, or—if you have the AWS CLI installed—Docker Machine can read it from there.
• --amazonec2-secret-key: This is your AWS secret key. As with the AWS access key, Docker Machine can read this from an environment variable ($AWS_SECRET_ACCESS_KEY) or from the AWS CLI credentials file (by default, found in ~/.aws/credentials).
• --amazonec2-region: The AWS driver defaults to Continue reading

Vagrant, Ubuntu “Wily Werewolf,” and Networking

In what has been a fairly classic “yak shaving” exercise, I’ve been working on getting Ubuntu 15.10 “Wily Werewolf” running with Vagrant so that I can perform some testing with some other technologies that need a Linux kernel version of at least 4.2 (which comes with Ubuntu 15.10 by default). Along the way, I ran smack into a problem with Ubuntu 15.10’s networking configuration when used with Vagrant, and in this post I’m going to explain what’s happening here and provide a workaround.

The issue (described here on GitHub, among other places) involves a couple of changes in Ubuntu Linux (and upstream Debian GNU/Linux as well, although I haven’t personally tested it). One of the changes is in regards to how network interfaces are named; instead of the “old” eth0 or eth1 naming convention, Ubuntu 15.10 now uses persistent interface names like ens32 or ens33. Additionally, an update to the “ifupdown” package now returns an error where an error apparently wasn’t returned before.

The end result is that when you try to create a Vagrant VM with multiple network interfaces, it fails. Using a single network interface is fine; the issue only rears its Continue reading

Technology Short Take #63

Welcome to Technology Short Take #63. I’ve managed to (mostly) get back to my Friday publishing schedule, though I’m running much later in the day this time around than usual. I’ll try to correct that for the next one. In any case, here’s another collection of links and articles from around the Net on the major data center technology areas. Have fun reading!

Networking

• At DevOps Networking Forum 2016, I had the opportunity to share a presentation on some Linux networking options. If you’d like to see the presentation, it’s available on Slideshare and Speakerdeck. If you’d like to re-create the demo environment, check out the presentation’s GitHub repository. I’m also thinking of creating a video version of the presentation with some expanded content; I’d love to hear from readers if they would find that useful.
• Here’s another topic that came up at the recent DevOps Networking Forum: Spotify’s SDN Internet Router (SIR). Here’s a two-part series (Part 1 and Part 2) that discusses the SIR, the motivations for building it, the challenges they faced in building SIR, and the solutions to those challenges. It’s a pretty interesting read, in my opinion.
• I recently came across a couple Continue reading