What’s New in Red Hat Ansible Engine 2.8
Red Hat Ansible Engine 2.8 is now available. This release features many improvements and enhancements (please refer to the CHANGELOG for more details). Also, new features worth highlighting here are Ansible content (Collections), BECOME being the default privilege escalation path, no longer depending on paramiko, and BECOME plugins, and other notable improvements and changes.
The future of how Ansible content is handled
The Ansible community is excited to provide new modules and plugins for Ansible users. This keeps Ansible maintainers busy; merging new code into repositories as fast as a team can. Occasionally, things get left behind. Content that could have been released ends up waiting for the next Ansible Engine release. Currently, the official Ansible Engine release process is the only way for users to utilize or consume new content easily.
As such, the Ansible community has begun the journey of providing our users with more flexibility to create and consume content. In Ansible Engine 2.8, modifications are in place for how Ansible Engine handles content not delivered in the official release. These changes allow for the creation of a new delivery method to users. This delivery method should not depend on Ansible maintainers to manage content Continue reading
Tower Workflow Convergence
In Red Hat Ansible Tower 3.1 we released a feature called Workflows. The feature, effectively, allowed users to compose job templates into arbitrary graph trees. A simple workflow we saw users creating was a linear pipeline; similar to the workflow below.
The workflow feature also allowed branching. Each branch can run in parallel.
But something was missing. The ability to wait for previous parallel operations to finish before proceeding. If this existed, you could simplify the above workflow (see below).
In Red Hat Ansible Tower 3.4 the above workflow is now possible with the introduction of the Workflow Convergence feature.
For you computer sciencey folks, workflows are no longer restricted to a tree, you can create a DAG. More simply, we call this convergence; two nodes are allowed to point to the same downstream node. The concept is best shown through an example. Above, we have a workflow with 3 nodes. The first two job templates run in parallel. When they both finish the 3rd downstream, convergence node, will trigger.
In this blog post we will cover the changes to workflow failure scenarios, how workflow node failure and success propagate, how this affects the runtime graph and how Continue reading
Using Infoblox as a dynamic inventory in Red Hat Ansible Tower
Do you still use spreadsheets to keep track of all your device inventory? Do you have Infoblox Appliances deployed in your infrastructure? Do you want to start automating without the burden of maintaining a static register of devices? If you answered yes to any of these questions, this blog is for you.
Operations teams often struggle to keep their Configuration Management Databases (CMDBs) up-to-date, primarily because they were not involved in the specification process to share what pieces of information are relevant to them, or even if they were, once it is put in place: Teams are not allowed to change any of their Configuration Items (CI) because they have only read-only access!
The reality is that a lot of the time when we talk about a CMDB, we are talking about tables in a database without any version control mechanism, therefore only read access is provided to end users.
The impact is that in order to perform lifecycle management (Create/Update/Decommission) of their configuration items, teams must go through a fastidious and manual process until they give up changing CIs (Configuration Items) in the CMDB and just leave everything as it is. What happens next? Different teams start Continue reading
Kubernetes Lifecycle Management with Docker Kubernetes Service (DKS)
There are many tutorials and guides available for getting started with Kubernetes. Typically, these detail the key concepts and outline the steps for deploying your first Kubernetes cluster. However, when organizations want to roll out Kubernetes at scale or in production, the deployment is much more complex and there are a new set of requirements around both the initial setup and configuration and the ongoing management – often referred to as “Day 1 and Day 2 operations.”
Docker Enterprise 3.0, the leading container platform, includes Docker Kubernetes Service (DKS) – a seamless Kubernetes experience from developers’ desktops to production servers. DKS makes it simple for enterprises to secure and manage their Kubernetes environment by abstracting away many of these complexities. With Docker Enterprise, operations teams can easily deploy, scale, backup and restore, and upgrade a certified Kubernetes environment using a set of simple CLI commands. In this blog post, we’ll highlight some of these new features.
A Declarative Kubernetes Cluster Model
A real Kubernetes cluster deployment will typically involve design and planning to ensure that the environment integrates with an organization’s preferred infrastructure, storage and networking stacks. The design process usually requires cross-functional expertise to determine the instance Continue reading
3 Customer Perspectives on Using Docker Enterprise with Kubernetes
We’ve talked a lot about how Docker Enterprise supports and simplifies Kubernetes. But how are organizations actually running Kubernetes on Docker Enterprise? What have they learned from their experiences?
Here are three of their stories:
McKesson Corporation
When you visit the doctor’s office or hospital, there’s a very good chance McKesson’s solutions and systems are helping make quality healthcare possible. The company ranks number 6 in the Fortune 100 with $208 billion in revenue, and provides information systems, medical equipment and supplies to healthcare providers.
The technology team built the McKesson Kubernetes Platform (MKP) on Docker Enterprise to give its developers a consistent ecosystem to build, share and run software in a secure and resilient fashion. The multi-tenant, multi-cloud platform runs across Microsoft Azure, Google Cloud Platform and on-premise systems supporting several use cases:
- Monolithic applications. The team is containerizing an existing SAP e-commerce application that supports over 400,000 customers. The application platform needs to be scalable, support multi-tenancy and meet U.S. and Canadian compliance standards, including HIPAA, PCI and PIPEDA.
- Microservices. Pharmaceutical analytics teams are doing a POC of blockchain applications on the platform.
- CI/CD. Developer teams are containerizing the entire software pipeline based on Atlassian Bamboo.
- Batch Continue reading
Blogging Break
I wanted to let readers know that there will be a break in my blogging over the next few weeks. Crystal and I are celebrating our 20th wedding anniversary and have decided to take a very long trip to someplace very far away from civilization so that we can relax, unplug, and simply enjoy each other’s company.
I’ll be back in civilization on June 7, and you can expect a quick post summarizing our trip (maybe with some photos). I’ll also have some feedback on how the Peak Designs 20L photo backpack worked out for me. Until then, have a great one!
Introducing Docker Kubernetes Service
Kubernetes is a powerful orchestration technology for deploying, scaling and managing distributed applications and it has taken the industry by storm over the past few years. However, due to its inherent complexity, relatively few enterprises have been able to realize the full value of Kubernetes; with 96% of enterprise IT organizations unable to manage Kubernetes on their own. At Docker, we recognize that much of Kubernetes’ perceived complexity stems from a lack of intuitive security and manageability configurations that most enterprises expect and require for production-grade software.
Docker Kubernetes Service (DKS) is a Certified Kubernetes distribution that is included with Docker Enterprise 3.0 and is designed to solve this fundamental challenge. It’s the only offering that integrates Kubernetes from the developer desktop to production servers, with ‘sensible secure defaults’ out-of-the-box. Simply put, DKS makes Kubernetes easy to use and more secure for the entire organization. Here are three things that DKS does to simplify (and accelerate) Kubernetes adoption for the enterprise:
Consistent, seamless Kubernetes experience for developers and operators
DKS is the only Kubernetes offering that provides consistency across the full development lifecycle from local desktops to servers. Through the use of Version Packs, developers’ Kubernetes environments running Continue reading
Your Guide to KubeCon + CloudNativeCon EU
Following on the heels of DockerCon SF, the team is packing their bags and heading to Barcelona for KubeCon + CloudNativeCon EU from May 20- 23. Docker employees, community members and Docker captains will be there speaking about and demonstrating Docker and Kubernetes.
Stop by Booth G14 to learn more about our Docker Kubernetes Services (DKS), which is part of the recently announced Docker Enterprise 3.0. Docker Enterprise 3.0 is the only container platform that provides a simple and integrated desktop-to-cloud experience for both Docker and Kubernetes.
Get Involved with Open Source
Get involved in and learn more about some of the projects Docker has been working on with the Kubernetes community:
- containerd – the core container runtime that was recently graduated from the CNCF and is in use by millions of users
- Notary/TUF – a project designed to address the key security challenge for enterprises working with containers
- Docker Compose on Kubernetes – a recently open-sourced project that enables users to take a Docker Compose file and translates it into Kubernetes resources.
Also, there is an opportunity to join Docker and Microsoft in contributing to the Cloud Native Application Bundle (CNAB) specification – an Continue reading
Technology Short Take 114
Welcome to Technology Short Take #114! There will be a longer gap than usual before the next Tech Short Take (more details to come on Monday), but in the meantime here’s some articles and links to feed your technical appetite. Enjoy!
Networking
- Courtesy of Tigera, Alex Pollitt shares some guidelines on when Linux
conntrackis no longer your friend.
Servers/Hardware
- Apparently Dell’s new docking stations support firmware updates via Linux. Nice!
Security
- Michael Allen published an article on weaponizing the Yubikey. It’s an interesting read, although I’m not sure about the usefulness or practicality of the technique he describes.
- This is a pretty detailed write-up of a remote code execution vulnerability prsent on most Dell computers (courtesy of Dell SupportAssist). I’m thankful that Bill Demirkapi followed a responsible disclosure policy.
- Here’s a summary of attacks against GPG-signed APT repositories. The “TL;DR” on this one is simple: always serve your APT repositories over TLS.
- Since we’re on a bit of a security kick this time around, then the recent announcement by HyTrust of HyTrust CloudControl 6.0 seems appropriate to include. There’s some interesting new functionality found in this release, including support for/integration with Kubernetes.
Cloud Computing/Cloud Management
Build a quick CI system using Red Hat Ansible Tower with GitHub Actions
Red Hat Ansible Tower can be considered the API (Application Programmatic Interface) for your Ansible Playbooks. Even if you don’t take advantage of the Web UI (User Interface) many Ansible users still benefit from using Ansible Tower because they can fit it in their existing ecosystem of tools. Are you new to using the API on Ansible Tower and want to learn how to get started? This blog post will cover my own journey of getting Github Actions to work with Red Hat Ansible Tower. My goal was to be able to have Github PRs (Pull Requests) to trigger a workflow template to perform some automated testing using an Ansible Tower workflow. The popularity of some Ansible Playbooks I wrote is on the rise, so I thought I’d add some automated testing – just to make sure I didn’t accidentally break something the community was using.
I created a workflow in Red Hat Ansible Tower to provision instances into AWS (Amazon Web Services), run some Ansible Playbooks on the provisioned Red Hat Enterprise Linux control nodes, then perform a teardown and remove the instances, VPCs and any other artifacts from AWS. This provisioning, testing and teardown allows me to help Continue reading
The Linux Migration: Preparing for the Migration
As far back as 2012, I was already thinking about migrating away from Mac OS X (now known as macOS). While the migration didn’t start in earnest until late 2016, a fair amount of work happened in advance of the migration. Since I’ve had a number of folks ask me about migrating to Linux, I thought I’d supplement my Linux migration series with a “prequel” about some of the work that happened to prepare for the migration.
In the end—and I imagine some folks may get upset or offended at this—an operating system (OS) is really just a vehicle to deliver applications to the user. While users like myself have strong preferences about their OS and how their OS works, ultimately it is the ability to “get things done” that really matters. This is why I ended up suspending my Linux migration in August 2017; I didn’t have access to the applications I needed in order to do what I needed to do. (Though, to be fair, part of that was a lack of growth on my part, though that’s a different blog post for a different day.)
To that end, most of the work I did in Continue reading
5 Reasons to Containerize Production Windows Apps on Docker Enterprise
We started working with Microsoft five years ago to containerize Windows Server applications. Today, many of our enterprise customers run Windows containers in production. We’ve seen customers containerize everything from 15 year old Windows .NET 1.1 applications to new ASP.NET applications.
If you haven’t started containerizing Windows applications and running them in production, here are five great reasons to get started:
1. It’s time to retire Windows Server 2008
Extended Support ends in January 2020. Rewriting hundreds of legacy applications to run on Windows Server 2016 or 2019 is a ridiculously expensive and time-consuming headache, so you’ll need to find a better way — and that’s Docker Enterprise.
2. It’s much easier than you think to containerize legacy Windows apps
You can containerize legacy Windows applications with Docker Enterprise without needing to rewrite them. Once containerized, these applications are easier to modernize and extend with new services.
3. Both Swarm and Kubernetes will support Windows nodes
The recently announced Kubernetes 1.14 includes support for Windows nodes. With Docker Enterprise, you will soon be able to use either orchestrator to run Windows nodes.
4. Your Windows apps become fully portable to the cloud
Once you Continue reading
What’s in a Container Platform?
Fresh off the heels of DockerCon and the announcement of Docker Enterprise 3.0, an end-to-end and dev-to-cloud container platform, I wanted to share some thoughts on what we mean when we say “complete container platform”.
Choice and Flexibility
A complete solution has to meet the needs of different kinds of applications and users – not just cloud native projects but legacy and brownfield applications on both Linux and Windows, too. At a high level, one of the goals of modernization – the leading reason organizations are adopting container platforms – is to rid ourselves of technical debt. Organizations want the freedom to create their apps based on the “right” stack and running in the “right” place, even though what’s “right” may vary from app to app. So the container platform running those applications should be flexible and open to support those needs, rather than rigidly tying application teams to a single OS or virtualization and cloud model.
High-Velocity Innovation
To deliver high velocity innovation your developers are a key constituent for the container platform. That means the container platform should extend to their environment, so that developers are building and testing on the same APIs that will be used Continue reading
A Sandbox for Learning Pulumi
I recently started using Pulumi, a way of using a general purpose programming language for infrastructure-as-code projects. I’ve been using Pulumi with JavaScript (I know, some folks would say I should question my life decisions), and while installing Pulumi itself is pretty low-impact (a small group of binaries) there are a number of dependencies that need to be installed when using Pulumi with JavaScript. As I’m a stickler for keeping my primary system very “clean” with regard to installed packages and software, I thought I’d create a means whereby I can easily spin up a “sandbox environment” for learning Pulumi.
When creating this sandbox environment, I turned to some tools that are very familiar:
- I used virtualization (a virtual machine) as the isolation mechanism. The next step is to use a Linux container, like a Docker container, as the isolation mechanism, but I thought I’d start with something a bit simpler at first.
- Vagrant provides a way of automating the creation/destruction of said VM. Again, Vagrant is well-understood and widely used.
- Ansible provides the automation to configure the VM with the necessary software (Pulumi and associated dependencies).
- I also thought that some folks might find it interesting or useful Continue reading
It’s a Wrap – Highlights from the DockerCon 2019 Keynote Sessions
If you missed DockerCon in San Francisco this year or were unable to watch the livestream, no need to worry – we have you covered. You can catch all the demos, get the latest announcements and find out what is next for the Docker ecosystem by watching the replay sessions on demand.
Day 1: Docker Enterprise 3.0, Customer Innovation Awards, Robots and More
On Tuesday, we kicked off the first day of DockerCon with product announcements, demos and customer guest speakers. During the session, we presented Docker Enterprise 3.0, the only desktop-to-cloud enterprise container platform enabling organizations to build and share any application and securely run them anywhere – from hybrid cloud to the edge. Additionally, we announced this year’s winners of the Customer Innovation awards, featuring Carnival, Citizens Bank, Liberty Mutual, Lindsay Corporation and Nationwide.
On-stage, the Docker team also demonstrated Docker Applications, Docker Kubernetes Service (DKS) and new features and capabilities in Docker Desktop Enterprise – all designed to accelerate the application development and deployment pipeline. They keynote closed with a demonstration from R.O.S.I.E, the robot built by two Liberty Mutual engineers using Docker.
To learn first hand everything featured Continue reading
Technology Short Take 113
Welcome to Technology Short Take #113! I hope the collection of links and articles I’ve gathered for you contains something useful for you. I think I have a pretty balanced collection this time around; there’s a little bit of something for almost everyone. Who says you can’t please everyone all the time?
Networking
- Via the Kubernetes blog, Box announced it has open sourced a project called
kube-iptables-tailer, which turns packet drops fromiptablesinto Kubernetes events that can be logged for easier troubleshooting. The GitHub repository for the project is here. - Via BlueCat Networks, John Capobianco shares his network automation journey. In part 1, John discusses the frameworks/tooling and the goals for his network automation efforts; in part 2, John digs into getting started with Ansible and the initial impact of his efforts.
- Diógenes Rettori has a comparison of Istio and Linkerd as solutions for service mesh. Personally, I could’ve done without the little product advertisement at the end, but that’s just me.
- Here’s a good article on packets-per-second limits in EC2.
Servers/Hardware
- AnandTech has some coverage of the latest Intel processor announcements, which totally flew by my radar.
Security
- I recently read about the Continue reading
Enterprise Solution Offerings: Ensuring Success Across Your Entire Application Portfolio
This week at DockerCon 2019, we shared our strategy for helping companies realize the benefits of digital transformation through new enterprise solution offerings that address the most common application profile in their portfolio. Our new enterprise solution offerings include the Docker platform, new tooling and services needed to migrate your applications. Building on the success and the experience from the Modernize Traditional Applications (MTA) program and Docker Enterprise 3.0, we are excited to expand our solutions and play an even greater role in our customers’ innovation strategy by offering a complete and comprehensive path to application containerization.
Application Profiles
When you hear about different application profiles, you may think about different languages or frameworks or even different application architectures like microservices and monoliths. But one of the benefits of containerization is that all application dependencies are abstracted away and what you have is a container that can be deployed consistently across different infrastructure.
In our work with many enterprise organizations, we’ve validated that the successful adoption of a container strategy is just as much about the people and processes as it is about the technology. There are 3 behavioral patterns that matter and that is dependent on what Continue reading
Announcing Docker Enterprise 3.0: Delivering High-Velocity Application Innovation
Today at DockerCon, we’re excited to announce Docker Enterprise 3.0 – the only desktop-to-cloud enterprise container platform enabling organizations to build and share any application and securely run them anywhere – from hybrid cloud to the edge.
With Docker Enterprise 3.0, developers can rapidly build multi-service container-based applications right from their desktop and package them in a standardized format that can be shared seamlessly and run anywhere. In addition, Docker Enterprise 3.0 expands its container platform leadership position with the introduction of new capabilities for automated lifecycle management and enhanced security.
Here are some of the highlights that you can look forward to in Docker Enterprise 3.0.
Accelerated application delivery
Enterprises are looking for ways to quickly adapt to new competitive challenges and changing customer requirements through the introduction of new applications. Docker Enterprise 3.0 introduces a number of capabilities that help organizations accelerate application delivery.
Docker Desktop Enterprise
Docker Desktop Enterprise is a new developer tool that extends the Docker Enterprise Platform to developers’ desktops, improving developer productivity while accelerating time-to-market for new applications.
- Application Designer interface: template-based workflows for creating containerized applications – no Docker CLI commands are required to get started
- Configurable version packs: Continue reading
2019 Customer Innovation awards: 6 Stories of Transformation in the Enterprise
We are thrilled to honor six of our enterprise customers with the 2019 Docker Customer Innovation Award today at DockerCon. We launched the awards last year to recognize customers who stand out for how they are using Docker Enterprise to drive transformation within IT and their business.
These are companies ranging from cruise lines to established “brick and mortar” enterprises, some of whom have been in business for well over 100 years. These are their stories.
Creating Exceptional Experiences: Carnival Corporation
Carnival’s first commitment is to creating fun, memorable and safe experiences for its guests. As the largest cruise line in the world, Carnival hosts over 12 million customers annually on 110 ships and at 15 resorts. Technology plays a key role in providing a world-class consistent customer experience.
Carnival leverages Docker Enterprise to build, run and update over 300 services on its new Medallion System, a necklace or wrist band IoT token unique to each passenger used to pay for drinks or as a key to your room. Adding or changes services, or testing new ones, is easy with the Docker Enterprise platform. The system is running on two ships today, with plans to expand Continue reading
Can’t Attend DockerCon 2019? Here are your Top 5 “To Dos”
If you’re not one of the thousands of expected attendees at DockerCon 2019 in San Francisco, don’t worry! There are still many ways you can stay connected to the announcements, awesome demos and all of the amazing content coming out of this year’s event. Although we will miss you this year, we’ve put together a few suggestions to stay current on all things DockerCon.
If you’re not one of the thousands of expected attendees at DockerCon 2019 in San Francisco, don’t worry! There are still many ways you can stay connected to the announcements, cool demos and all of the amazing content coming out of this year’s event. Although we will miss you this year, we’ve put together a few suggestions to stay current on all things DockerCon.
1. Watch the Livestream of the DockerCon keynotes
Register now to see the DockerCon keynote sessions live – on Tuesday, April 30 at 9 AM PT and on Wednesday, May 1 at 9:30 AM PT. Hear the latest Docker announcements from Steve Singh (CEO), Kal De (CTO) and Scott Johnston (GM, Enterprise Solutions), learn how a range of companies are using Docker to power their business and find out what Docker Continue reading