Archive

Category Archives for "Systems"

Interop Liveblog: The Post-Cloud

This session is titled “The Post-Cloud,” and the speaker is Nick Weaver, Director of SDI-X at Intel.

Nick starts his presentation with a summary of our society: some people produce goods through an effort, and others consume what is produced. Things have changed over the years that have affected this production-consumption model, but Nick quickly turns his focus to the use of machines in the production portion of this cycle. As production efficiency increased, the level of consumption also increased. This is especially true for computing machines, and how people consume the services/information produced by the computing machines.

This brings Nick around to a discussion of Jevons’ Paradox, which basically states that the increased efficiency of producing something actually leads to an increase in consumption, not a decrease of consumption.

So what does efficiency in technology look like? Technology enables things; by itself, it doesn’t really add value. Therefore, efficiency in technology means enabling more (or more powerful) things. Nick starts his discussion on technology efficiency with a discussion of DevOps, and what DevOps means. Although a number of technologies are involved to deal with the ever-increasing complexity and density that has emerged, DevOps is really about a culture change. Continue reading

Interop Liveblog: Thursday Cloud Connect Keynote

This is a liveblog of the Thursday morning Cloud Connect keynote at Interop 2015 in Las Vegas. The title of the presentation is “Doing it Live,” and the speaker is Jared Wray (@jaredwray on Twitter; he’s Cloud CTO and SVP of Platform at CenturyLink).

As the session kicks off, Wray shares that his presentation was drastically altered, a nod to the drastic changes that he is seeing at CenturyLink. He then shares a bit of background on him, his history in IT, and the events that brought him to CenturyLink. Wray then spends a few minutes talking about CenturyLink and CenturyLink’s services, which he insists “isn’t a product pitch” (it feels like one). The key tenets of CenturyLink’s offerings are that they are fully automated; they are programmable; and they are self service.

Wray points out that CenturyLink’s transformation to next generation platform services and containers requires that they also transform their operations (and people, though that is called out separately).

According to Wray, the blanket “move everything to the cloud” doesn’t work; enterprises must embrace a “cap and grow” strategy. This means not moving applications if there is no benefit (and also moving applications to maintenance mode until Continue reading

Techniques of a Network Detective

This is “Techniques of a Network Detective,” led by Denise “Fish” Fishburne (@DeniseFishburne on Twitter). Denise starts the session with a quick introduction, in which she discloses that she is a “troubleshooting junkie.” She follows up with a short description of what life looks like in her role in the customer proof-of-concept lab at Cisco.

Denise kicks off the main content of the session by drawing an analogy between solving crimes and solving network performance/behavior problems. The key is technique and methodology, which may sound boring but really have a huge payoff in the end.

When a network error occurs, the network is the crime scene. This crime scene is filled with facts, clues, evidence, and potential witnesses—or even potential suspects. How does one get from receiving notification of the problem, to asking the right questions, to solving the problem? Basically it boils down to these major areas:

  • First, identify the suspects (even if the problem seems immediately obvious). This involves gathering facts, collecting clues, following the evidence, and interviewing witnesses.
  • Next, question the suspects. Although you may not be an SME (subject matter expert), you can still work logically through gathering facts from the suspects.
  • After you Continue reading

Interop Liveblog: IPv6 Microsegmentation

This session was titled “IPv6 Microsegmentation,” and the speaker was Ivan Pepelnjak. Ivan is, of course, a well-known figure in the networking space, and publishes content at http://ipspace.net.

The session starts with a discussion of the problems found in Layer 2 IPv6 networks. Some of the problems include spoofing RA (Router Advertisement) messages, NA (Neighbor Advertisement) messages, DHCPv6 spoofing, DAD (Duplicate Address Detection) DoS attacks, and ND (Neighbor Discovery) DoS attacks. All of these messages derive from the assumption that one subnet = one security zone, and therefore intra-subnet communications are not secured.

Note that some of these attacks are also common to IPv4 and are not necessarily unique to IPv6. The difference is that these problems are well understood in IPv4 and therefore many vendors have implemented solutions to mitigate the risks.

According to Ivan, the root cause of all these problems originates with the fact that all LAN infrastructure today emulates 40 year old thick coax cable.

The traditional fix is to add kludges….er, new features—like RA guard (prevents non-routers from sending RA messages), DHCPv6 guard (same sort of functionality), IPv6 ND inspection (same idea), and SAVI (Source Address Verification Inspection; complex idea where all these Continue reading

Ansible 1.9.1 Released

ANSIBLE_1.9.1_Released

Ansible 1.9.1 fixes several bugs, including:

* Fixed a bug related to Kerberos auth when using winrm with a domain account.

* Fixing several bugs in the s3 module.

* Fixed a bug with upstart service detection in the service module.

* Fixed several bugs with the user module when used on OSX.

* Fixed unicode handling in some module situations (assert and shell/command execution).

* Fixed a bug in redhat_subscription when using the activationkey parameter.

* Fixed a traceback in the gce module on EL6 distros when multiple pycrypto installations are available.

* Added support for PostgreSQL 9.4 in rds_param_group

* Several other minor fixes.

As always, this update is available via PyPi and releases.ansible.com now, and packages for distros will be available as soon as possible.

Ansible 1.9.1 Released

ANSIBLE_1.9.1_Released

Ansible 1.9.1 fixes several bugs, including:

* Fixed a bug related to Kerberos auth when using winrm with a domain account.

* Fixing several bugs in the s3 module.

* Fixed a bug with upstart service detection in the service module.

* Fixed several bugs with the user module when used on OSX.

* Fixed unicode handling in some module situations (assert and shell/command execution).

* Fixed a bug in redhat_subscription when using the activationkey parameter.

* Fixed a traceback in the gce module on EL6 distros when multiple pycrypto installations are available.

* Added support for PostgreSQL 9.4 in rds_param_group

* Several other minor fixes.

As always, this update is available via PyPi and releases.ansible.com now, and packages for distros will be available as soon as possible.

WINDOWS IS COMING? WINDOWS IS HERE!

WINDOWS...is_here

Back in June, we told you that Windows was coming. We’ve continued to improve the support, with the help of the outstanding Ansible community, and we’d like to highlight some of the improvements in Ansible 1.9. We now offer additional modules, support for domain authentication, and more.

For more information on Ansible’s Windows support, check out our Windows page, or our Ansible Intro to Windows documentation.

As always, we couldn’t do this without our outstanding Ansible community. Thanks to Chris Church, Jon Hawkesworth, Trond Hindenes, Peter Mounce, Chris Hoffman, Paul Durivage, and more!

Running vSphere on AWS or GCE

By now you’ve probably seen or heard the news about Ravello Systems launching Inception—the ability to run nested VMware ESXi on AWS or GCE, including the ability to run VMs on these nested ESXi instances. (Here’s Ravello’s press release.)

In my opinion, this is pretty cool, and it opens the door to a lot of different possibilities: upgrade testing, automation testing, new feature testing, hosted home labs (aka “Lab as a Service”). Lots of folks are interested in using this new Ravello functionality for “Lab as a Service.” Here’s Andrea Mauro’s take on this topic.

As part of the pre-launch activities, a number of bloggers and community advocates were able to work with Ravello on some very interesting projects:

  • William Lam built both a 32-node VSAN cluster (running vSphere 5.5) as well as a 64-node VSAN cluster (running vSphere 6.0). He posted details here, along with a great walkthrough of setting up vSphere on Ravello.
  • Mike Preston built out an environment that allowed him to perform a vMotion from AWS to GCE.

I was also engaged with Ravello on a project: building a (reasonably) large-scale vSphere environment on Ravello. The original goal was to Continue reading

Technology Short Take #50

Welcome to Technology Short Take #50, the latest in my series of posts sharing various links and articles pertaining to key data center technologies. I hope that you find something useful here!

Networking

  • Tyler Christiansen recently published a post on a network automation workflow that was based on a presentation he gave at the SF Network Automation meetup. The workflow incorporates Ansible, git, Jenkins, and Gerrit. If you’re looking for more examples of how to incorporate these sorts of tools into your own network automation workflow, I’d recommend having a look at this article.
  • This post contains a link to a useful presentation on the essential parts of EVPN. It’s quite useful if you (like me) need an introduction to this technology.
  • Need to reset the CLI privileged mode password on your NSX Manager instance? Here’s a walkthrough. (Warning: as pointed out in the article, this is most likely not supported. Use at your own risk.)
  • This article by Russell Bryant is a great overview and update of the work going on with Open Virtual Network (OVN). I’m really excited about OVN and looking forward to seeing it develop and grow.
  • This is kind of cool, and (in my Continue reading

Ubuntu, cloud-init, and OpenStack Heat

In this post I’d like to share a couple of things I recently learned about the interaction between cloud-init and OpenStack Orchestration (aka “Heat”). This may be stuff that you already know, but in the interest of helping others who may not know I’m posting it here.

One issue that I’d been repeatedly running into was an apparent “failure” on the part of Heat to properly apply cloud-init configurations to deployed Ubuntu instances. So, using a Heat template with an OS::Nova::Server resource defined like this would result in an instance that apparently wasn’t reachable via SSH (I’d get back Permission denied (publickey)):

resources:
  instance0:
    type: OS::Nova::Server
    properties:
      name: cloud-init-test-01
      image: { get_param: image_id }
      flavor: m1.xsmall
      networks:
        - port: { get_resource: instance0_port0 }
      key_name: lab

Deploying an instance manually from the same image worked perfectly. So what was the deal?

The first thing I learned was that, in some circumstances (more on this in a moment) defaults to injecting SSH keys (like the key named lab specified in the template) to a user account named “ec2-user”. Ah! I’d been using the default “ubuntu” account specified in Continue reading

1 112 113 114 115 116 125