Running Ansible Through an SSH Bastion Host
This post will expand on some previous posts—one showing you how to set up and use an SSH bastion host and a second describing one use case for an SSH bastion host—to show how the popular configuration management tool Ansible can be used through an SSH bastion host.
The configuration/setup required to run Ansible through an SSH bastion host is actually reasonably straightforward, but I saw a lot of incomplete articles out there as I was working through this myself. My hope is to supplement the existing articles, as well as the Ansible documenation, to make this sort of configuration easier for others to embrace and understand.
Prerequisites
There are two key concepts involved here that you’ll want to be sure you understand before you proceed:
- You’ll want to make sure you’re comfortable with using an SSH bastion host. If you don’t understand how this works or how to set it up, I recommend you spend some time on this topic first, as it’s crucial to how Ansible will behave/function. This article by Grant Taylor has some good information.
- Spend some time making sure you know how to use SSH multiplexing. This is useful for Ansible in general, but Continue reading
Docker Online Meetup #30: Docker Trusted Registry 1.4.1
We recently hosted a Docker Online Meetup that was all about Docker Trusted Registry. Software Engineer Tony Holdstock-Brown demoed DTR 1.4.1 and discussed the latest features including: – Image deletion and garbage collection – Set up, and manage user accounts, teams, organizations, and … ContinuedDockerCon 2016: Registration and CFP Now Open!
Both conference passes and the Call for Papers for DockerCon 2016 are now open to the public! Join us for DockerCon 2016 at the Washington State Convention Center in beautiful Seattle, Washington on June 19-21, 2016. We strongly recommend registering … ContinuedDocs Spotlight: Keeping the FM in RTFM
Crafting and maintaining high quality documentation is something we all know is very important. Reputable documentation is much more than the result of fantastic product or project management - especially when we're talking about community-driven documentation. Open source communities in particular like to reference "RTFM" (Read the Fine Manual, for the cleaner acronym explanation), but that's only helpful when the "Fine Manual" contains quality documentation. For projects like Ansible, it is our active users that make all the difference, and with their contributions and efforts we are able to help provide the great documentation that supports Ansible. But, that also comes with some caveats.
Many people contribute to open source projects so that they may "scratch their own itch." Whether this works well or creates clunky and cluttered code is not up for debate in this blog post, but how well it works in relation to open source documentation is debatable. Often contributions boil down to very bare bones coverage of a feature or implementation, other times the only contribution made is a typo fix. And while even the small fixes are helpful, these are not the contributions that make the docs great (better, yes, but not yet reaching Continue reading
Docs Spotlight: Keeping the FM in RTFM
Crafting and maintaining high quality documentation is something we all know is very important. Reputable documentation is much more than the result of fantastic product or project management - especially when we're talking about community-driven documentation. Open source communities in particular like to reference "RTFM" (Read the Fine Manual, for the cleaner acronym explanation), but that's only helpful when the "Fine Manual" contains quality documentation. For projects like Ansible, it is our active users that make all the difference, and with their contributions and efforts we are able to help provide the great documentation that supports Ansible. But, that also comes with some caveats.
Many people contribute to open source projects so that they may "scratch their own itch." Whether this works well or creates clunky and cluttered code is not up for debate in this blog post, but how well it works in relation to open source documentation is debatable. Often contributions boil down to very bare bones coverage of a feature or implementation, other times the only contribution made is a typo fix. And while even the small fixes are helpful, these are not the contributions that make the docs great (better, yes, but not yet reaching Continue reading
Docker Webinar Q&A: Intro To Docker Security
Today, security is one the biggest topics within the enterprise world and tops the list of enterprise IT initiatives. As companies have begun to adopt containers within their environments, they have realized the security benefits that come with them as … ContinuedTechnology Short Take #58
Welcome to Technology Short Take #58. This will be the last Technology Short Take of 2015, as next week is Christmas and the following week is the New Year’s holiday. Before I present this episode’s collection of links, articles, and thoughts on various data center technologies, allow me to first wish all of my readers a very merry and very festive holiday season. Now, on to the content!
Networking
- Looking for a step-by-step install guide for VMware NSX? This one is a bit older (refers to NSX 6.1 and the current release is 6.2), but you might find it helpful nevertheless.
- Ray Budavari—who is an absolutely fantastic NSX resource—has a blog post up on the integration between VMware NSX and vRealize Automation. This first post (judging by the “part 1” in the title this will be a series) is a bit light on details, but I’m hoping future posts will dive deeper into this topic.
- Mustafa Akin has an article on Docker’s new overlay networking functionality. He describes how to set it up (on both VirtualBox and Digital Ocean) and provides some high-level performance information as well.
- If you’d like to play around with Cumulus Linux but don’t Continue reading
Containerd: a daemon to control runC
As we build out Docker’s infrastructure plumbing, we are committed to releasing these plumbing components as open source to help the community. Today we’re releasing a new daemon to control runC called: containerd. It’s built for performance and density, and will eventually be … ContinuedThe Cloud Native Computing Foundation is getting started today
In July Docker became a Founding Member of the Cloud Native Computing Foundation (CNCF). Today the CNCF gets started with a ratified open governance structure including a Technical Oversight Committee (TOC) to direct technical decisions, for which nominations are open. … ContinuedDockerCon EU 2015 Videos: Docker, Docker, Docker
And all of the videos from the Docker, Docker, Docker track at DockerCon EU 2015 are now available! Check out the recorded sessions and slides below. Getting Started with Docker – Sam Alba,Sr. Director of Engineering, Docker and Jeff Morgan, … ContinuedUsing Cloud-Init to Register an Instance into Consul
This post describes a method for using cloud-init to register a cloud instance into Consul on provisioning. I tested this on OpenStack, but it should work on any cloud platform that supports metadata services that can be leveraged by cloud-init.
I worked out the details for this method because I was interested in using Consul as a means to provide a form of “dynamic DNS” for OpenStack instances. (You can think of it as service registration and discovery for OpenStack instances.) As I’ll point out later in this post, there are a number of problems with this approach, but—if for no other reason—it was helpful as a learning exercise.
The idea was to automatically register OpenStack instances into Consul as they were provisioned. Since Consul offers a DNS interface, other instances and/or workloads could use DNS to look up these nodes’ registration. Consul offers an HTTP API (see here for details), so I started there. I used Paw (a tool I described here) to explore Consul’s HTTP API, building the necessary curl commands along the way. Once I had the right curl commands, the next step was to build a shell script that would pull the current Continue reading
Modifying OpenStack Security Groups with Terraform
In this post I’d like to discuss a potential (minor) issue with modifying OpenStack security groups with Terraform. I call this a “potential minor” issue because there is an easy workaround, which I’ll detail in this post. I wanted to bring it to my readers’ attention, though, because as of this blog post this matter had not yet been documented.
As you probably already know if you read my recent introduction to Terraform blog post, Terraform is a way to create configurations that automate the creation or configuration of infrastructure components, possibly across a number of different providers and/or platforms. In the introductory blog post, I showed you how to write a Terraform configuration that would create an OpenStack logical network and subnet, create a logical router and attach it to the logical network, and then create an OpenStack instance and associate a floating IP. In that example, I used a key part of Terraform, known as interpolation.
Broadly speaking, interpolation allows Terraform to reference variables or attributes of other objects created by Terraform. For example, how does one refer to a network that he or she has just created? Here’s an example taken from the introductory blog post:
Docker Webinar Q&A: Persistent Storage & Docker
When it comes to Docker containers, storage has been a popular topic, especially around persistent storage and data volumes. Last week, we hosted a webinar with Mike Coleman, Technical Marketing Engineer at Docker, Inc. In this webinar, Mike completed the … ContinuedEcosystem Technology Partner (ETP) Program: Logging
The Docker “Ecosystem Technology Partner (ETP) Program” is designed to highlight partners in the Docker ecosystem that have demonstrated quality integrations with the Docker platform and offer a compelling user experience. The first set of partners to demonstrate their expertise … ContinuedGALAXY 2.0 – BETA RELEASE
We have been working hard on some exciting changes to Galaxy that we think you’re going to like. The changes are substantial, and we want your feedback, so today we are releasing Galaxy 2.0 in beta.
Check it out and help us shape the future of Galaxy. Comments and bug reports can be filed at Galaxy Issues. Keep in mind that the beta site is purely a playground for trying out the new Galaxy. Any roles you import or remove will not be reflected in a future production Galaxy site.
What follows is a summary of some of the new features you’ll see on the beta site.
Tighter Integration with GitHub
Using your GitHub login, Galaxy now interacts directly with the GitHub API. This allows you to import all the repositories you collaborate on, including those in organizations you belong to.
To make it even better, we decoupled roles from the Galaxy username. Roles imported into Galaxy are now namespaced by GitHub user rather than Galaxy username. This gives you the flexibility of importing roles from your GitHub account or from an organization. The repo namespace in Galaxy will exactly match the GitHub namespace.
This might sound scary, Continue reading
GALAXY 2.0 – BETA RELEASE
We have been working hard on some exciting changes to Galaxy that we think you’re going to like. The changes are substantial, and we want your feedback, so today we are releasing Galaxy 2.0 in beta.
Check it out and help us shape the future of Galaxy. Comments and bug reports can be filed at Galaxy Issues. Keep in mind that the beta site is purely a playground for trying out the new Galaxy. Any roles you import or remove will not be reflected in a future production Galaxy site.
What follows is a summary of some of the new features you’ll see on the beta site.
Tighter Integration with GitHub
Using your GitHub login, Galaxy now interacts directly with the GitHub API. This allows you to import all the repositories you collaborate on, including those in organizations you belong to.
To make it even better, we decoupled roles from the Galaxy username. Roles imported into Galaxy are now namespaced by GitHub user rather than Galaxy username. This gives you the flexibility of importing roles from your GitHub account or from an organization. The repo namespace in Galaxy will exactly match the GitHub namespace.
This might sound Continue reading
AnsibleFest San Francisco 2015 Presentations
If you missed our latest AnsibleFest in San Francisco you missed out connecting with over 450 members of the Ansible community and some amazing presentations from Splunk, NEC, Riot Games, J.Crew, SparkCentral and others.
Tickets are on sale now for AnsibleFest London and we are busy planning our New York event (details coming soon).
AnsibleFest San Francisco 2015 Presentations
DockerCon EU 2015 Videos: Ecosystem
Videos from the Ecosystem track at DockerCon EU 2015 are now available! Watch the recorded sessions and check out the slides below. Up next are the videos from both days of the Docker, Docker, Docker track – stay tuned for an … ContinuedDockerCon EU 2015 Videos: Use Cases
We just posted videos from both days of the Use Case track DockerCon EU 2015! Below are all nine recorded videos and slides from those sessions. More videos from the Ecosystem and Docker, Docker, Docker tracks will be available soon! … ContinuedTechnology Short Take #57
Welcome to Technology Short Take #57. I hope you find something useful here!
Networking
- Tor Anderson has an article on using IPv6 for network boot using UEFI and iPXE.
- Larry Smith Jr. has a great blog series going called “Hey, I can DevOps my Network too!” He started out with an intro post just to set the stage for the series, then had a post on the prep work required to get ready to proceed with the series. In part 2 Larry walks through the node definitions in Vagrant, and in part 3 he reviews the
Vagrantfileand turns up the environment. Parts 4 and 5 walk through auto-configured OSPF and manually-configured OSPF, respectively. I’m looking forward to more posts in this series! - Sometimes I see blog posts that tout themselves as a “deep dive” but aren’t really that deep or detailed. However, this OVN L3 deep dive by Gal Sagie really is a deep dive—he goes into a pretty fair amount of detail on how OVN’s L3 implementation works. Good stuff if you’re interested in getting more details on how OVN is implementing new features like L3.
- Kirk Byers has a helpful article that provides some Continue reading