Summary of Authentication Methods in Red Hat Ansible Tower
Red Hat Ansible Tower 3.4.0 has added token authentication as a new method for authentication so I wanted to use this post to summarize the numerous enterprise authentication methods and the best use case for each. Ansible Tower is designed for organizations to centralize and control their automation with a visual dashboard for out-of-the box control while providing a REST API to integrate with your other tooling on a deeper level. We support a number of authentication methods to make it easy to embed Ansible Tower into existing tools and processes to help ensure the right people can access Ansible Tower resources. For this blog post I will go over four of Ansible Tower’s authentication methods: Session, Basic, OAuth2 Token, and Single Sign-on (SSO). For each method I will provide some quick examples and links to the relevant supporting documentation, so you can easily integrate Ansible Tower into your environment.
1. Session Authentication
Session authentication is what’s used when logging in directly to Ansible Tower’s API or UI. It is used when a user wants to remain logged in for a prolonged period of time, not just for that HTTP request, i.e. when browsing the UI or Continue reading
Technology Short Take 112
Welcome to Technology Short Take #112! It’s been quite a while since the last one, as life and work have been keeping me busy. I have, however, finally managed to pull together this list of links and articles from around the Internet, and I hope that something I’ve included here proves useful to readers.
Networking
- Part 2 of Stark and Wayne’s container-to-container networking for Cloud Foundry and Kubernetes dig deep into CNI workings.
- Via Ivan Pepelnjak’s site, Albert Siersema shares some information on using Ansible to automate 802.1x configurations.
- Milind Gunjan shares some tips for troubleshooting Linux bridged networking on a KVM host.
Servers/Hardware
Nothing this time around! I’ll stay alert for content I can include next time.
Security
- Tim Hinrichs discusses securing the Kubernetes API with Open Policy Agent.
- Pod Security Policies (PSPs) are an important security feature in Kubernetes. Sysdig explains PSPs, and talks about
kube-psp-advisor, a tool to help simplify deploying PSPs. - ClusterScope is a handy tool for finding outdated images in your Kubernetes cluster.
- This article discusses four open source secrets management tools.
- Many organizations prefer to use two-factor authentication (2FA) to help protect their systems. While this article on how to configure 2FA Continue reading
Using Kubeadm to Add New Control Plane Nodes with AWS Integration
In my recent post on using kubeadm to set up a Kubernetes 1.13 cluster with AWS integration, I mentioned that I was still working out the details on enabling AWS integration (via the AWS cloud provider) while also using new functionality in kubeadm (specifically, the --experimental-control-plane flag) to make it easier to join new control plane nodes to the cluster. In this post, I’ll share with you what I’ve found to make this work.
The challenge here, by the way, is that you can’t use the --config <filename>.yaml flag and the --experimental-control-plane flag at the same time. I did try this, and the results of my testing led me to believe that although kubeadm doesn’t report an error, it does ignore the --experimental-control-plane flag. (Kubernetes experts/contributors, feel free to let me know if I’ve missed something here.)
After some trial-and-error—mostly my own fault because I didn’t take the time to review the v1beta1 kubeadm API docs ahead of time—I finally arrived at a working configuration that allows you to use kubeadm join --config <filename>.yaml to join a control plane node to an existing AWS-integrated Kubernetes cluster.
Credit for finding the solution goes to Rafael Fernández López, Continue reading
The Hallway Track Is Open For Scheduling
The Hallway Track at DockerCon is an innovative space designed to help facilitate those valuable conversations that come from chance hallway encounters. Instead of leaving it to chance, we’ve partnered with e180 to provide a platform that helps you find like-minded people to meet and learn from, discussing topics you are both interested in.
The Hallway Track is open Monday through Thursday, and it’s best to schedule your meetings in advance. Register for DockerCon and then follow these steps to log in and start scheduling your Hallway Tracks today:
- Explore the Market – where all participants post knowledge offers of topics they are willing to share, or questions they want to brainstorm.
- Pick a topic from the list and/or create your own offers or questions. You don’t have to be an expert to post!
- Schedule your Hallway Tracks and meet in person at the Hallway Track Lounge at DockerCon (Lobby, Level 2).
The Hallway Track is your opportunity to meet and share knowledge with other attendees, Docker Staff, Speakers, and Docker Captains. Register for DockerCon today and look out for email instructions to log into the Hallway Track platform.
Arriving for early registration before the Welcome Reception on Monday? Continue reading
From Manufacturing to Climate Analytics: DockerCon speakers on real-world use cases
DockerCon brings industry leaders and experts of the container world to one event where they share their knowledge, experience and guidance. This year is no different. For the next few weeks, we’re going to highlight a few of our amazing speakers and the talks they will be leading.
In this third highlight, we have several speakers who will be sharing their real world Docker use cases and learnings. These are the folks who have already put things in place and are here to share and inspire. Interested in transforming legacy applications? Or maybe large scale data analytics is your focus. Maybe you’re a software vendor – or have plans to be – and want to learn about containerizing your application. To learn more, register now to attend the session featuring real Docker users like you.
In case you missed them, check out our previous speaker highlights:
Transforming a 15+ Year Old Semiconductor Manufacturing Environment
More on Jeanie’s session here.
|
Jeanie Schwenk Engineer, Scrum Master and Agile Project Manager at Jireh Semiconductor |
|
|
What is your breakout about? I was just starting to look at Docker at this time last year. Our company’s Continue reading |
Not Your First DockerCon? Join Docker Pals As A Guide
The Docker Pals program matches groups of attendees who are newer to DockerCon (the “Pals”) with an attendee who has been to one or more DockerCons (the “Guide”). Our goal is to help everyone at DockerCon feel comfortable and see what this amazing community has to offer. Both Pals and Guides find the experience rewarding! The first step in being a Guide is registering for DockerCon so if you haven’t yet, register here now!
Here’s what some of our Guides have said about the program:
“Conferences can be lonely if you don’t know anyone, or are the only person from your company. Docker Pals provides stress free opportunity to connect with people and get to know them.”
“A fantastic experience to meet new people and help them to enjoy DockerCon as much as I do.”
“It was great meeting the Pals assigned to me. For me it was interesting to learn about the different people and use cases. I also enjoyed walking everyone through the vendor area explaining all the technologies.”
“Last DockerCon was my third in a row and the third time I’ve been involved with Docker Pals as a Guide. Continue reading
My Team’s Blogs
I’m thankful to have the opportunity to work with an amazing team. Many of my teammates also produce some very useful content via their own sites, and so I thought it might be useful to my readers to share a list of links to my teammates’ blogs.
Without further ado, here is a list of my teammates who have a blog; each entry is a link to the respective site (these are presented in no particular order):
- John Harris
- Jim Weber
- Josh Rosso
- Alexander Brand
- Nicholas Lane
- Dan Finneran
- Hart Hoover
- Duffie Cooley
- Stephen Augustus (as of this post Stephen hadn’t yet updated his affiliation—c’mon Stephen, get with the program!)
- Timmy Carr
- Carl Danley (not fully live yet)
- Olive Power (not fully live yet)
- Koushik Radhakrishnan (not fully live yet)
I know I’ve gained valuable insight from some of their content, and I hope you do as well.
Feature Friday: A Chat With Security Experts
DockerCon brings industry leaders and experts of the container world to one event where they share their knowledge, experience and guidance. This year is no different. For the next few weeks, we’re going to highlight a few of our amazing speakers and the talks they will be leading.
In this second highlight, we have several industry experts on container and application security that we’re excited to have sharing their knowledge at DockerCon. We’re going to have sessions covering network security, a dissection of a real world Kubernetes vulnerability (and what to do about it), encrypted containers, and the new AWS Firecracker “micro-VM” for containers, just to name a few.
In case you missed it, you can also see our first speaker highlight here, featuring storage, service mesh and networking experts.
Zero Trust Networks Come to Docker Enterprise Kubernetes
More on their session here.
|
Tigera Software Developer |
Docker Technical Alliances |
|
What is your breakout about? Brent: Docker Enterprise with Calico for networking being used in conjunction with Istio is an exciting intersection of securing various layers of networking – all from a single policy interface. Spike: The Docker-Calico-Istio combination Continue reading | |
How to setup an encrypted SOCKS proxy using stunnel
Why using SOCKS
There are times in which setting up a complete VPN tunnel might be an overkill (or not be an option at all).
For example, assume the followings:
- You don’t want to tunnel all the traffic, just want to do so for your browsers.
- Your OS is running under a limited account and doesn’t allow creation of tun interfaces.
- Your provider does not allow setting up a tun device.
- You want to securely surf the web on your old android device that doesn’t support tunneling.
stunnel can be used on your Android phone. SOCKS functionality could then be directly used in your phone for apps that support it: Firefox, Telegram, etc.
To see how to install and setup stunnel on android, take a look at:
These are just couple of examples. In such cases, setting up a SOCKS proxy might just do the trick.
Another interesting aspect of SOCKS proxy, is that after the initial per each connection handshake, it doesn’t add much overhead to the underlying traffic.
Overhead might not look like a big deal at first, but it adds up. This is specially true when you have a Continue reading
Your Kubernetes Agenda at DockerCon
Kubernetes has seen a rapid rise over the last few years and is becoming one of the most sought after skills. DockerCon is a great opportunity to get hands-on training from industry experts and hear from real customers who have deployed Kubernetes in production.
You’ll also have a chance to learn how Docker is the easiest way to get started with Kubernetes and attend sessions that describe how the Docker platform manages and secures applications on Kubernetes in multi-Linux, multi-OS and multi-cloud customer environments.
.
Download your Kubernetes agenda and register now for DockerCon!
Expert-Led Workshops
Register soon as space is running out in these hands-on workshops!
- Kubernetes 101: Getting up and running with Kubernetes – Led by Nigel Poulton, Docker Captain and Pluralsight author and writer of several popular Docker and Kubernetes books
- Security Best Practices for Kubernetes – Led by Scott Coulton, Docker Captain and Principal Software Engineer at Microsoft
Customer Case Studies
Hear from Docker customers who are running Kubernetes in production.
- McKesson: Serving Cloud Native Developer Teams in a Highly Regulated Environment
- Visa: Kubernetes On-Premises Best Practices & Deploying Machine Learning Workloads Inside Visa
Technical Sessions
Learn about the inner workings of Kubernetes and the Continue reading
Open Source Summit is Back at DockerCon 2019
Docker’s roots lie in open source and we are excited to spend time at DockerCon 2019 San Francisco sharing the latest innovations around the projects driving our industry. In addition to open source breakout sessions during the conference agenda, there will be an Open Source Summit on Thursday dedicated to collaboration and innovation with contributors, maintainers and users of popular Docker and container projects. Register to attend the DockerCon breakout sessions and the Summit.
Docker’s roots lie in open source and we are excited to spend time at DockerCon 2019 San Francisco sharing the latest innovations around the projects driving our industry. In addition to open source breakout sessions during the conference agenda, there will be an Open Source Summit on Thursday dedicated to collaboration and innovation with contributors, maintainers and users of popular Docker and container projects. Register to attend DockerCon to attend the breakout session. If planning to attend the Summit, please register here as well.
Open Source Agenda
Breakout Sessions
If you’ve never contributed to open source, join Phil Estes from IBM, a containerd maintainer and OCI Technical Oversight Board member, to learn how to enter the open source world and start contributing in his session: Continue reading
Take Your Windows Container Skills to the Next Level at DockerCon
On the heels of the Kubernetes 1.14 release that supports Windows nodes, organizations are going to need to understand how to build, share and run containerized Windows Server applications. Docker and Microsoft have been collaborating since 2014 to bring containers to Windows and have several years of experience helping enterprise organizations bring these applications to production. At this year’s DockerCon, we’re bringing that knowledge to you with a full lineup of Windows Containers sessions designed to take your skill-set to the next level.
Download your Windows Container agenda and register now to learn from industry experts. Content will include modernizing existing applications as well as building the next generation of applications in .NET and .NET Core with the latest Docker Tools.
- Modernize .NET Apps: Give new life to your existing application portfolio with this hands-on workshop (pre-registration required)
- Docker for Windows Container Development: Learn how to develop your first .NET/.NET Core application
- Networking and storage deep dives for Windows architects and sys admins include:
- See how companies like yours are using Docker Enterprise and Windows Containers for their production services
Feature Friday: DockerCon speakers sound off on Kubernetes, Service Mesh and More
DockerCon brings industry leaders and experts of the container world to one event where they share their knowledge, experience and guidance. This year is no different. For the next few weeks, we’re going to highlight a few of our amazing speakers and the talks they will be leading.
In this first highlight, we have a few of our own Docker speakers that are covering storage and networking topics, including everything from container-level networking on up to full cross-infrastructure and cross-orchestrator networking.
Persisting State for Windows Workloads in Kubernetes
More on their session here.
|
Docker Software Engineer |
Docker Software Engineer |
|
What is your breakout about? We’ll be talking about persistent storage options for Windows workloads on Kubernetes. While a lot of options exist for Linux workloads we will look at dynamic provisioning scenarios for Windows workloads. Why should people go to your session? Persistence in Windows containers is very limited. Our talk aims to tackle this hard problem and provide practical solutions. The audience will learn about ways to achieve persistent storage in their Windows container workloads and they will also hear about future direction. What is your favorite DockerCon moment? | |
Top 5 Ways to Enhance Your DockerCon Experience
DockerCon 2019 is coming soon to San Francisco and and we’ve significantly improved your DockerCon experience based on your feedback. If you haven’t reserved your spot, head over to register today.
DockerCon 2019 is coming soon to San Francisco and and we’ve significantly improved your DockerCon experience based on your feedback. If you haven’t reserved your spot, head over to register today.
After each conference, our team goes through all of your feedback and brainstorms adjustments big and small to make sure DockerCon remains a special experience for you. To everyone that filled out the event survey – thank you! We know it can seem tedious but we appreciate the feedback.
With that in mind, we wanted to share some of the new changes you’ll see in San Francisco:
- Role-based Content: This year you can find dedicated tracks on how to use Docker for Developers and for IT Infrastructure & Operations teams. These tracks are led by Docker Captains, customers and Docker Solution Architects sharing their experiences and best practices in building and running apps in containers. And, to make the experience even better – we heard you – and have a new mobile app for attendees.
- One Global DockerCon Continue reading
How to install and configure stunnel on Ubuntu
Overview
We all know how awesome stunnel is, but setting it up properly on Ubuntu (and on most other distros, really), can be a little tricky.
This post is dedicated to show you how to properly install and configure this magnificent piece of software on Ubuntu.
For this, I’ll be using Ubuntu 18.04 Server. There is a good chance however that the same procedure (maybe with slight adjustments), could work on other Ubuntu versions (or even other distros) as well. Please share your results with me so I can update this post.
Installing stunnel
This part should be simple enough. We’ll be using Ubuntu’s own repository:
sudo sh -c 'apt-get update && apt-get install stunnel4'
The installation process also comes with its own stunnel4 user, init script, and logrotate config (which we’ll take advantage of soon).
Moreover, couple of scripts are included in the package to deal with the ppp connections (to handle ppp status changes gracefully by restarting the stunnel process).
stunnel – manual mode
stunnel can be manually called with the config file as its argument and it will work.
For example, assuming the file is located at /etc/stunnel/stunnel.conf, the following command would run it: Continue reading
Find the right AMI everytime: Make your AWS application work in any region
With over 170 Amazon Web Services (AWS) modules, including 60 specifically for Elastic Compute Cloud (EC2), Ansible makes it easy to provision and manage AWS resources. Are you using resources on AWS and looking to diversify across regions to facilitate high availability and disaster recovery? Are you concerned about how Ansible handles differences among EC2 regions? This post will help you build Ansible Playbooks that operate smoothly across regions using the ec2_ami_facts module. In our example, we’ll spin up Red Hat Enterprise Linux instances in AWS.
To spin up an Amazon Machine Image (AMI), you must know the image’s ImageID, a unique identifier for that specific image. AMI ImageIDs use a human-unfriendly hex string to catalog the AMI. For example, ami-c998b6b2. Unfortunately AMI ImageIDs are unique per region, which means the ImageID for Red Hat Enterprise Linux in us-east-1 (Virginia) is not the same as the ImageID for the identical image in us-east-2 (Ohio). Some cloud operators use AWS CloudFormation templates, which include a catalog of AMI ImageIDs for every region, to make their deployment model work across regions. While this can work, it is a bit inflexible, needs constant maintenance of the CloudFormation template, and may work in one Continue reading
Advancing Windows Containers with Docker and Kubernetes
Today, the Cloud Native Computing Foundation (CNCF) announced Kubernetes 1.14, which includes support for Windows nodes. Kubernetes supporting Windows is a monumental step for the industry and it further confirms the work Docker has been doing with Microsoft to develop Windows containers over the past five years. It is evidence that containers are not just for Linux; Windows and .NET applications represent an important and sizeable footprint of applications that can benefit from both the Docker platform and Kubernetes.
Docker’s collaboration with Microsoft started five years ago. Today, every version of Windows Server 2016 and later ships with the Docker Engine – Enterprise. In addition, to facilitate a great user experience with Windows containers, Microsoft publishes more than 129 Windows container images of its popular software on Docker Hub. Many Docker Enterprise customers are already running mixed Windows and Linux containers with Swarm, and an upcoming release of Docker Enterprise will allow our customers to expand their Windows options to Kubernetes as well. Today both Docker Enterprise and Docker Desktop users have found that the easiest way to use and manage Kubernetes is with Docker and now these users will have the same benefits with Windows containers as well.
gMSA Continue reading
Three quick ways to move your Ansible inventory into Red Hat Ansible Tower
If you’ve been using Ansible at the command line for a while, you probably have a lot of servers, network devices, and other target nodes listed in your inventory. You know that Red Hat Ansible Tower makes it easier for everyone on your team to run your Ansible Playbooks. So you’ve thought about using Ansible Tower to take your automation to the next level, but you want to retain all the data and variables in your existing inventory file or directory. Are you worried about transferring your inventory from command-line use to Ansible Tower? Let me show you how easy it is to import your existing Ansible inventory into Ansible Tower!
This blog covers three quick and effective ways to connect your existing Ansible inventory into Ansible Tower:
- Migrating an inventory file from the Ansible Tower control node (awx-manage)
- Migrating an inventory file from anywhere with a playbook
- Setting Tower to access a git source-controlled inventory file
If you don’t have Ansible Tower yet and want to download and try it out, please visit: https://www.ansible.com/products/tower
If you’re using dynamic inventory, you don't need to import your inventory into Ansible Tower. Dynamic inventory retrieves your inventory from an Continue reading
Build your Agenda for DockerCon 2019
The DockerCon Agenda builder is live! So grab a seat and a cup of coffee and take a look at the session lineup coming to San Francisco April 29th – May 2nd. This year’s DockerCon delivers the latest updates from the Docker product team, lots of how to sessions for developers and IT Infrastructure and Ops, and customer use cases. Search talks by tracks to build your agenda today.
Build Your Agenda
Use the agenda builder to select the sessions that work for you:
- Using Docker for Developers: How to talks for Developers, from beginner to intermediate. You’ll get practical advice on how implement Docker into your current deployment.
- Using Docker for IT Infrastructure and Ops: Practical sessions for IT teams and enterprise architects looking for how best to design and architect your Docker container platform environment.
- Docker Tech Talks: Delivered by the Docker team, these talks share the latest tech on the Docker Platform. You’ll learn about new features, product roadmap and more.
- Customer Case Studies: Looking to learn from companies who have been there and learned a few things along the way? In this track, industry leaders share how Docker transformed their organization – from business use cases,technical Continue reading
Spousetivities at Oktane 2019
It should come as no surprise to anyone that I’m a huge supporter of Spousetivities, and not just because it was my wife, Crystal Lowe, who launched this movement. What started as the gathering of a few folks at VMworld 2008 has grown over the last 11 years, and this year marks the appearance of Spousetivities at an entirely new conference: Oktane 2019!
Oktane is the conference for Okta, a well-known provider of identity services, and the event is happening in San Francisco from April 1 through April 4 (at Moscone West). This year, Okta is bringing Spousetivities in to add activities for those traveling to San Francisco with conference attendees.
What sort of activities are planned? The Oktane19 Spousetivities landing page has full details, but here’s a quick peek:
- A wine tour in Sonoma/Napa with private transportation (lunch is included, of course!)
- A walking food tour of San Francisco combined with a bus tour of the city and tickets to Beach Blanket Babylon
- A whale watching tour
…and more!
If you’re attending Oktane19 and are bringing along a spouse, domestic partner, family member, or even just a friend—I’d definitely recommend signing them up for Spousetivities. Continue reading