Docker at Connect(); // 2015
Connect(); //2015, Microsoft’s virtual event devoted to developers, happened one day after DockerCon EU 2015, and started with an epic demo where Scott Hanselman deployed an ASP.NET 5 app from Visual Studio to a Docker container on Azure on Linux. … ContinuedYour Docker Agenda For December
As you gear up for the holidays, make sure to check out all the great events that are scheduled this month in Docker communities all over the world! From webinars to workshops, meetups to conference talks, check out our list … ContinuedDockerCon EU 2015: Presentation Slides and Photos Now Available!
During DockerCon EU 2015, the awesome Docker community shared best practices using the Docker Platform, made cool Docker hacks and had a great time with sponsors and other attendees! We compiled all of the slide decks from the DockerCon EU 2015 presentations on our Slideshare page and … ContinuedAn Introduction to Terraform
In this post, I’m going to provide a quick introduction to Terraform, a tool that is used to provision and configure infrastructure. Terraform allows you to define infrastructure configurations and then have those configurations implemented/created by Terraform automatically. In this respect, you could compare Terraform to similar solutions like OpenStack Heat, AWS CloudFormation, and others.
Before I continue, though, allow me to first address this question: why Terraform?
Why Terraform?
This is a fair question, and one that you should be asking. After all, if Terraform is considered similar to OpenStack Heat or AWS CloudFormation, then why use Terraform instead of one of the comparable solutions? I believe there are a couple (related) reasons why you might consider Terraform over a similar solution:
-
Within a single Terraform definition, you can orchestrate across multiple cloud services. For example, you could create instances with a cloud provider (AWS, DigitalOcean, etc.), create DNS records with a DNS provider, and register key/value entries in Consul. Heat and CloudFormation are, quite naturally, designed to work almost exclusively with OpenStack and AWS, respectively. (Astute readers will know that Heat supports CloudFormation templates, but you get the idea.) Therefore, one reason to use Terraform Continue reading
DockerCon EU 2015: Watch the Day 2 General Session
Day 2 of DockerCon EU 2015 started off with a lot of exciting announcements! The general session included live demos of several new Docker products and features including Docker Universal Control Plane and Project Nautilus. Watch the video of the … ContinuedBootstrapping Cloud Instances into Ansible
A while ago, I wrote an article about bootstrapping servers into Ansible—in other words, how to prepare servers to be managed via Ansible. In order for a server to be managed via Ansible, you usually must first create a user account for Ansible, populate the appropriate SSH keys, and grant the new Ansible user sudo permissions. The process I described in my earlier blog post works great for manually-built servers (physical or virtual), but I recently needed to revisit this process for cloud instances. Was it possible to use the process I’d found to bootstrap cloud instances into Ansible?
Cloud instances are a slightly different beast than manually-built servers primarily because password authentication isn’t an option—generally speaking, you’re required to use SSH keys when working with cloud instances. Ansible is SSH-based, as you probably already know, so this shouldn’t be an issue, but it was still something I hadn’t tested or verified. After a bit of testing, I found the bootstrap process I described in my earlier post can be easily adapted for cloud instances.
For reference, here’s the command I use when bootstrapping manually-built servers into Ansible:
ansible-playbook bootstrap.yml -k -K --extra-vars
"hosts=newhost.domain.com user=admin"
Using an SSH Bastion Host
Secure Shell, or SSH, is something of a “Swiss Army knife” when it comes to administering and managing Linux (and other UNIX-like) workloads. In this post, I’m going to explore a very specific use of SSH: the SSH bastion host. In this sort of arrangement, SSH traffic to servers that are not directly accessible via SSH is instead directed through a bastion host, which proxies the connection between the SSH client and the remote servers.
At first, it may sound like the use of an SSH bastion host is a pretty specialized use case. In reality, though, I believe this is a design pattern that can actually be useful in a variety of situations. I plan to explore the use cases for an SSH bastion host in a future blog post.
This diagram illustrates the concept of using an SSH bastion host to provide access to Linux instances running inside some sort of cloud network (like an OpenStack Neutron tenant network or an AWS VPC):
Let’s take a closer look at the nuts and bolts of actually setting up an SSH bastion host.
First, you’ll want to ensure you have public key authentication properly configured, both on the bastion host Continue reading
DockerCon EU 2015: Catch Up on All of the Day 2 News!
We cannot contain our excitement about DockerCon EU 2015! With over 1500 attendees, 80 speakers and 60 sponsors, these past few days were packed with great Docker content from the global Docker community – don’t worry, we’ll post all of the slides and videos … ContinuedMoby’s Cool Hacks from DockerCon EU 2015: Container Migration Tool
Back in September, one of the winning teams from Docker Global Hack Day stood out for us. The Container Migration team, drawing inspiration from a DockerCon team that migrated a Quake 3 container around the world, showed migrating a container … ContinuedTOWER 2.4 NOW AVAILABLE
We’re happy to announce the release of Ansible Tower 2.4. In this release, we’ve focused on some core improvements for our customers operating in spaces like government and security who have specific needs around authentication and tracking, but we expect these features will be useful to much of our general user base as well.
OAUTH, VIA GITHUB AND GOOGLE
No one wants to manage their users in multiple places, and many groups today use external providers for handling their identity and authentication. We’ve added support for pulling users and teams from either GitHub or Google Apps, using OAuth2. With this, you don’t need to add users directly to Tower - they can use the accounts they already have and are using in your organization.
ADDITIONAL ENTERPRISE AUTHENTICATION
Previously, for Enterprise users who have a standard corporate infrastructure Tower has included support for connecting to an LDAP or Active Directory server for user and team information. But not everyone exposes their LDAP for use with all internal services. With Tower 2.4, we’ve extended that enterprise authentication support to also include support for authenticating to a SAML 2.0 identity provider, and to authenticate against a RADIUS server. With this, Continue reading
A New UI for Docker? Visualizing Container Management with Minecraft
written by Adrien Duermael, Software Engineer at Docker, Inc. and Gaëtan de Villèle, Software Engineer at Docker, Inc. Since at least 1999, system administrators have been looking for ways to make Ops a more visual, exciting environment. As recently as … ContinuedDockerCon EU 2015: Watch the Day 1 General Session
Day 1 of DockerCon EU 2015 was awesome! The day started with an action-packed general session including exciting Docker announcements with live demos (the demo gods were pleased!) and attendees hacking hardware using Docker and littleBits. Watch the video of the … ContinuedDockerCon EU 2015: Docker Trusted Registry 1.4 with Integrated Content Trust and Universal Control Plane
What an exciting Second Day! Just when you thought you couldn’t get enough of Docker, Docker, Docker…we’ve added more! In today’s keynote, we talked about some amazing products – from Project Nautilus, the new image scanning and vulnerability detection service … ContinuedDocker Subscription on AWS Now Available in Europe
Docker Trusted Registry and Docker Engine with Business Day Support are now available in Amazon Web Services (AWS) European regions allowing customers to build, ship and run distributed applications. Announced today at DockerCon Europe, Docker Subscription for AWS has expanded … ContinuedTechnology Short Take #56
Welcome to Technology Short Take #56! In this post, I’ve collected a few links on various data center technologies, news, events, and trends. I hope you find something useful here.
Networking
- Open Virtual Network (OVN) is really ramping up and getting lots of attention, which I personally think is absolutely well-deserved. Russell Bryant has a couple great articles on OVN—how to test OVN’s “EZ Bake” release with DevStack as well as an article on implementing OpenStack security groups using OVN ACLs (which in turn leverage the integration between Open vSwitch and the Linux kernel’s conntrack module). Gal Sagie has a write-up on integration between Kuryr and OVN (Kuryr is another topic that is really interesting).
- Here’s an article on using PHP to query NSX API via REST (specifically, working with syslog settings on NSX Manager).
- Speaking of Gal Sagie and OVN, Gal has a post describing a concept for something called “Topology Service Injection” and some proposals for implementing this in OVN. (Gal and Liran Schour from IBM are slated to do a talk on this at the OVS conference this week.)
- One new networking feature added to OpenStack in the Kilo release was Neutron subnet pools. Carl Continue reading