Systems Archives - Page 45 of 125

We’ve Got ❤️ For Our First Batch of DockerCon Speakers

As the world celebrates Valentine’s Day, at Docker, we are celebrating what makes our heart all aflutter – gearing up for an amazing DockerCon with the individuals and organizations that make up the Docker community. With that, we are thrilled to announce our first speakers for DockerCon San Francisco, April 29 – May 2.

DockerCon fan favorites like Liz Rice, Bret Fisher and Don Bauer are returning to the conference to share new insights and experiences to help you better learn how to containerize.

And we are excited to welcome new speakers to the DockerCon family including Ana Medina, Tommy Hamilton and Ian Coldwater to talk chaos engineering, building your production container platform stack and orchestration with Docker Swarm and Kubernetes.

And we’re just getting started! This year DockerCon is going to bring more technical deep dives, practical how-to’s, customer case studies and inspirational stories. Stay tuned as we announce the full speaker line up this month.

Register Now

This #ValentinesDay #Docker announces its first speakers for #DockerCon San Francisco on April 29 to May 2
Click To Tweet

The post We’ve Got ❤️ For Our First Batch of DockerCon Speakers appeared first on Docker Blog.

Docker Security Update: CVE-2018-5736 and Container Security Best Practices

On Monday, February 11, Docker released an update to fix a privilege escalation vulnerability (CVE-2019-5736) in runC, the Open Container Initiative (OCI) runtime specification used in Docker Engine and containerd. This vulnerability makes it possible for a malicious actor that has created a specially-crafted container image to gain administrative privileges on the host. Docker engineering worked with runC maintainers on the OCI to issue a patch for this vulnerability.

Docker recommends immediately applying the update to avoid any potential security threats. For Docker Engine-Community, this means updating to 18.09.2 or 18.06.2. For Docker Engine- Enterprise, this means updating to 18.09.2, 18.03.1-ee-6, or 17.06.2-ee-19. Read the release notes before applying the update due to specific instructions for Ubuntu and RHEL operating systems.

Summary of the Docker Engine versions that address the vulnerability:

Docker Engine Community	Docker Engine Enterprise
18.09.2	18.09.2
18.06.2	18.03.1-ee-6
	17.06.2-ee-19

To better protect the container images run by Docker Engine, here are some additional recommendations and best practices:

Use Docker Official Images

Official Images are a curated set of Docker repositories hosted on Docker Hub that are designed to:

How to run stunnel on your Android device

Overview

In this post we’re going to talk about how to run the amazing stunnel program on your Android device, and do so properly!

Later, this would allow us to setup a lot of cool things like:

Wrapping OpenVPN traffic with it
Using it as a SOCKS VPN
Adding proper IMAPS/SMTPS support to our old email apps
…

For this, we’re not going to use the old and very limited SSLDroid. It’s a bad idea, I don’t know why different sites still keep pushing it. It almost certainly has unpatched vulnerabilities. Please don’t use it.

Instead, we are going to use the official stunnel program, with the help of a proper wrapper.

stunnel Android binary

stunnel already supports Android devices and even the compiled version of it is available in it’s download page.

This file is compiled for ARM architecture. Even though most Android devices run on ARM, this is particularly important to note for those devices that are not (e.g, Android-x86).

Since we’ll be using the compiled binary, you may need to compile stunnel yourself for your specific Android architecture before continuing¹. Chances are though, that your device is running on ARM and you are ready Continue reading

Ansible Operator: What is it? Why it Matters? What can you do with it?

The Red Hat Ansible Automation and Red Hat OpenShift teams have been collaborating to build a new way to package, deploy, and maintain Kubernetes native applications: Ansible Operator. Given the interest in moving workloads to Kubernetes, we are happy to introduce a new tool that can help ease the move toward cloud native infrastructure.

What is Kubernetes? The simplest definition of Kubernetes I’ve ever used is, “Kubernetes is a container orchestrator.” But that is a simplified definition.

What is OpenShift? Red Hat OpenShift Container Platform is an enterprise-grade Kubernetes distribution. It enables management of container applications across hybrid cloud and multicloud infrastructure.

First, let’s identify the problem operators can help us solve. Operators help simplify deployment, management, and operations of stateful applications in Kubernetes. But, writing an operator today can be difficult because of the knowledge of Kubernetes components required to do so. The Operator SDK is a framework that uses the controller-runtime library to help make writing operators more simple. The SDK enables Operator development in Go, Helm, or Ansible.

Why It Matters

What can an Ansible Operator give us that a generic operator doesn’t? The same things Ansible can give its users: a lower barrier to entry, faster iterations, Continue reading

Deep Dive on cli_command for Network Automation

In October Ansible 2.7 was released and brought us two powerful agnostic network modules, cli_command and cli_config. Do you have two or more network vendors within your environment? The goal of agnostic modules is to simplify Ansible Playbooks for network engineers that deal with a variety of network platforms. Rather than having to deal with platform specific modules (e.g. eos_config, ios_config, junos_config), you can now use cli_command or cli_config to reduce the amount of tasks and conditionals within a playbook, and make the playbook easier to use. This post will demonstrate how to use these modules and contrast them to platform specific modules. I’ll show some playbook examples and common use cases to help illustrate how you can use these new platform agnostic modules.

Both the cli_command and cli_config only work with the network_cli connection plugin. For those unfamiliar with the network_cli connection plugin check out this blog post I did last April. The goal of network_cli is to make playbooks look, feel and operate on network devices, the same way Ansible works on Linux hosts.

What can you do with the cli_command?

The cli_command allows you to run arbitrary commands on network devices. Let’s show a simple Continue reading

Scraping Envoy Metrics Using the Prometheus Operator

On a recent customer project, I recommended the use of Heptio Contour for ingress on their Kubernetes cluster. For this particular customer, Contour’s support of the IngressRoute CRD and the ability to delegate paths via IngressRoutes made a lot of sense. Of course, the customer wanted to be able to scrape metrics using Prometheus, which meant I not only needed to scrape metrics from Contour but also from Envoy (which provides the data plane for Contour). In this post, I’ll show you how to scrape metrics from Envoy using the Prometheus Operator.

First, I’ll assume that you’ve already installed and configured Prometheus using the Prometheus Operator, a task which is already fairly well-documented and well-understood. If this is something you think would be helpful for me to write a blog post on, please contact me on Twitter and let me know.

The overall process looks something like this:

Modify the Envoy DaemonSet (or Deployment, depending on your preference) to add a sidecar container and expose additional ports.
Modify the Service for the Envoy DaemonSet/Deployment to expose the ports you added in step 1.
Add a ServiceMonitor object (a CRD added by the Prometheus Operator) to tell Prometheus to scrape Continue reading

Technology Short Take 110

Welcome to Technology Short Take #110! Here’s a look at a few of the articles and posts that have caught my attention over the last few weeks. I hope something I’ve included here is useful for you also!

Networking

Via Kirk Byers (who is himself a fantastic resource), I read a couple of articles on network automation that I think readers may find helpful. First up is a treatise from Mircea Ulinic on whether network automation is needed. Next is an older article from Patrick Ogenstad that provides an introduction to ZTP (Zero Touch Provisioning).
The folks over at Cilium took a look at a recent CNI benchmark comparison and unpacked it a bit. There’s some good information in their article.
I first ran into Forward Networks a few years ago at Fall ONUG in New York. At the time, I was recommending that they explore integration with NSX. Fast-forward to this year, and the company announces support for NSX and (more recently) support for Cisco ACI. The recent announcement of their GraphQL-based Network Query Engine (NQE)—more information is available in this blog post—is also pretty interesting to me.

Servers/Hardware

Patrick Kennedy over at Serve The Home shares the Continue reading

How I lost my data trying to back it up

My data, my precious data… is gone.

Overview

This is a story about how I lost my data when trying to prevent it by backing it up.

Even though there were numerous other factors in play, I take full responsibility for what happened.

I have written this article hoping that it could save someone else from the same situation. No one should ever experience the loss of his/her data.

7 days and 10 hours ago:

Alrighty, It’s time for the offline backup routine again.

When it comes to backing up the full OS, I don’t believe in online backup solutions. This is specially true when I’m dealing with Windows servers. These kinda backups should serve as a disaster recovery solution and I’m not taking any chances.

So I always take them offline, outside of the OS, using a third party program to boot up the servers.

For years I have been using Paragon Software. Their products are great, reliable and I have nothing bad to say about them.

This time however, I thought maybe it’s time to ditch commercial softwares and use the solid ntfs-3g suite instead. Back when I started using Paragon, I didn’t even know what Linux was, Continue reading

Announcing Support for Windows Server 2019 within Docker Enterprise

Docker is pleased to announce support within the Docker Enterprise container platform for the Windows Server 2019 Long Term Servicing Channel (LTSC) release and the Server 1809 Semi-Annual Channel (SAC) release. Windows Server 2019 brings the range of improvements that debuted in the Windows Server 1709 and 1803 SAC releases into a LTSC release preferred by most customers for production use. The addition of Windows Server 1809 brings support for the latest release for customers who prefer to work with the Semi-Annual Channel. As with all supported Windows Server versions, Docker Enterprise enables Windows Server 2019 and Server 1809 to be used in a mixed cluster alongside Linux nodes.

Windows Server 2019 includes the following improvements:

Ingress routing
VIP service discovery
Named pipe mounting
Relaxed image compatibility requirements
Smaller base image sizes

Docker and Microsoft: A Rich History of Advancing Containers

Docker and Microsoft have been working together since 2014 to bring containers to Windows Server applications, along with the benefits of isolation, portability and security. Docker and Microsoft first brought container technology to Windows Server 2016 which ships with a Docker Enterprise Engine, ensuring consistency for the same Docker Compose file and CLI commands across both Linux and Continue reading

5 Reasons to Attend DockerCon SF 2019

If you can only attend one conference this year – make it matter. DockerCon is the one-stop event for practitioners, contributors, maintainers, developers, and the container ecosystem to learn, network and innovate. And this year, we will continue to bring you all the things you love about DockerCon like Docker Pals, the Hallway Track and roundtables, and the sessions and content you wanted more of – including open source, transformational, and practical how-to talks. Take advantage of our lowest ticket price when you register by January 31, 2019. No codes required.

And in case you are still not convinced, here are a few more reasons you shouldn’t miss this year’s DockerCon

Belong. The Docker Community is one of a kind and the best way to feel a part of it is at DockerCon. Take advantage the Docker Pals Program, Hallway Track, roundables and social events to meet new people and make lasting connections.

2. Think big. Docker containers and our container platform are being used everywhere for everything – from sending rockets to space to literally saving the earth from asteroids to keeping e-commerce running smoothly for black friday shoppers. Come to DockerCon and Continue reading

Webinar: “How to Make Your Mark: Ansible Community Contributions”

On Wednesday, January 30, 2019, 9:30 AM EST, we will be hosting a webinar, How to Make Your Mark: Ansible Community Contributions. This webinar is tailored for everyone in the Ansible community. Whether you're a brand new member of the Ansible community or a full-fledged Red Hat Ansible Tower customer, contributing to the Ansible projects is a way to put features and fixes into the tools you use daily.

Join John "gundalow" Barker (Principal Software Engineer, Ansible Community) and Alicia Cozine (Technical Writer, Ansible Documentation) as they discuss and demonstrate contribution how-to’s and best practices. They will also quell some common myths about contributing to Ansible and dive into the Ansible development workflow.

There are no prerequisites for attending this webinar. You don’t need to know git, understand GitHub, nor write Python. There will also be a Q&A session during the webinar. If you have questions about how or where to get started after the webinar, please ask them! One of the best parts about being a community is continually improving the way we work. If you have suggestions for documentation, process, etc. but don’t know the best place to ask, this webinar will help.

Ansible Contributor Experience Working Group Continue reading

Playing The Long Game In Systems

The secret to the longevity of any big corporation is a nearly constant process of reinvention. …

Playing The Long Game In Systems was written by Timothy Prickett Morgan at .

AnsibleFest is heading to Atlanta!

We are excited to announce the dates and location for AnsibleFest 2019. We’ve selected a location that not only provides the ease of use (or access in this case) that users expect from all things Ansible, but also the enjoyment folks expect after automating their way through complex problems.

ATLANTA! Home of the Braves (MLB), Falcons (NFL), Hawks (NBA), the largest aquarium in the world, the busiest airport in the world, and great restaurants like The Varsity and Old Lady Gang. Soon it will also be the home of AnsibleFest 2019!

Join us at the Hilton Atlanta Downtown, September 24-26, 2019. We will follow the same format as last year with a Welcome Party on September 23, two days of content on September 24-25, and some add-on options, like workshops, on September 26. There will also be a Contributor Summit again (details to follow at a later date). We’ll be bringing back the high quality experiences attendees have come to expect, including Ask an Expert and the Getting Started Hub. But, most importantly, we’ll have sessions from folks across the Ansible community.

Here’s what to expect between now and AnsibleFest Atlanta 2019:

The AnsibleFest sponsorship prospectus will be available in Continue reading

obfs4proxy-openvpn: Obfuscating OpenVPN traffic using obfs4proxy

This post provides a more in-depth look at the obfs4proxy-openvpn script. You don’t need to fully read it to make use of the script, but it will help you to get the most out of it.

Overview

After my initial post about obfs4 on how to hide any TCP traffic and an example for hiding SSH traffic, it’s now time to do so for OpenVPN.

For this, I have written a Bash script to do the job. It’s called obfs4proxy-openvpn and is freely available under MIT license.

Supported transports

obfs4

The main goal of the script is to provide obfs4 transport to OpenVPN. This is also the main interest of this article.

This transport requires out-of-band CERT exchange between client and server and because of that, can provide some advanced functionalities which are missing in older transports.

obfs3

obfs3 transport is supported but should generally be avoided in favor of obfs4.

obfs2

obfs2, the oldest transport is supported as well (mainly because its supported by obfs4proxy). You really shouldn’t use it…

Architecture

Before going into detail, its good to have a basic idea on how different parts of the script work together to provide obfs4 functionality to Continue reading

5 Ways to Beat the Clock on Windows Server 2008 End of Support

In just over one year, Microsoft support for Windows Server 2008 will come to an end. Without the proper planning in place, the ripple effects may impact your business. The cost of maintenance will skyrocket, while security and compliance risks will increase without regular patches.

So, how can companies beat the clock? The short answer is enterprise container platforms can provide a fast and simple way to transform expensive and difficult-to-maintain applications into efficient, secure and portable applications ready for modern infrastructure – whether current Windows Server releases (such as WS 2016 or later) and/or into the cloud. Taking this approach saves a significant amount of money and improves security and performance across the application lifecycle.

We are already seeing immediate demand from customers in modernizing their existing Windows Server applications in preparation for the end of support in January 2020 – here are five key takeaways we have learned in the process.

1. Existing applications power businesses today

The fact is that most data in the largest businesses (or companies) in the world run on legacy applications. And these applications can continue to provide value if enterprises containerize and migrate them to modern environments to make them more Continue reading

Technology Short Take 109

Welcome to Technology Short Take #109! This is the first Technology Short Take of 2019. It may be confirmation bias, but I’ve noticed of number of sites adding “Short Take”-type posts to their content lineup. I’ll take that as flattery, even if it wasn’t necessary intended that way. Enjoy!

Networking

Niran Even-Chen says service mesh is a form of virtualization. While I get what Niran is trying to say here, I’m not so sure I agree with the analogy. Sometimes analogies such as this are helpful, but sometimes the analogy brings unnecessary connotations that make understanding new concepts more difficult. One area where I do strongly agree with Niran is in switching your perspective: looking at service mesh from a developer’s perspective gives one quite a different viewpoint than viewing service mesh in an infrastructure light.
Jim Palmer has a detailed write-up on DHCP Option 51 and different behaviors from different DHCP clients.
Niels Hagoort talks about some network troubleshooting tools in a vSphere/ESXi environment.

Servers/Hardware

Nothing this time around, but I’ll stay alert for items to include next time.

Security

Nandor Kracser outlines a method that Banzai Cloud uses to inject secrets from Vault directly into Kubernetes Pods.
Via Continue reading

What’s New in Ansible Tower 3.4

We hope that 2019 will be a great year and the Ansible team is here to start it off right. We're happy to announce that Red Hat Ansible Tower 3.4 is now generally available. In this release, there are several enhancements that can help improve automation practices. Engineering has been working hard to enhance Red Hat Ansible Tower. We're most excited about workflows enhancements, job slices, and some other nifty features. Let’s dive a little deeper into what we’re excited about in this release.

Workflow Enhancements

The enhancements to workflows in Red Hat Ansible Tower 3.4 are a combination of internal and customer requested features. This is designed to bring needed hybrid cloud management capabilities to engineers and administrators around the globe.

Workflow Convergence

Workflow convergence enables a convergence step that tracks the completion of multiple workflow jobs before continuing. For example, when deploying application updates there might be a need to wait until a group of nodes drains from a load balancer pool before having a service stopped on any node in the group. This helps enable a more complete dependency chain for jobs inside workflows.

Nested Workflows

Workflows have been able to have job templates Continue reading

2018 Docker Community Awards

The Docker community has been at the heart of Docker’s success from the start. We are constantly in awe of the dedication and passion of the practitioners – users, customers, partners, contributors and maintainers – who make up our community. Early in December at DockerCon Barcelona we were humbled to honor a Docker Captain and a few very special Community Leaders whose activities over the past year have made a tremendous difference to us all. Together, the Docker Community has achieved so much, we can’t wait to see what 2019 has in store.

Tip of the Captains Hat Award

Bret Fisher

Docker Captain (and Community Leader) Bret Fisher was nominated to receive this inaugural award by his fellow Captains because his contribution and leadership serve as an example of what it means to be a Docker Captain. Bret teaches Docker to thousands of people through his Docker Mastery online course, conference workshops, and ask-me-anythings on YouTube Live. He is accessible and constantly sharing knowledge with the community and the Captains, and he helps drive improvements up and down the software stack of both Docker open source and Docker commercial products. In Bret’s own words:

“I’m so proud Continue reading

How to hide (obfuscate) SSH traffic using obfs4

Overview

In the previous post, I talked about pt-spec-v1 and obfs4 and explained how obfs4proxy can be setup and used outside of Tor. You are advised to read it to get the most out of this post.

In this post I’m going to give you a real example of obfs4proxy being used to obfuscate SSH traffic.

For this, I’ll be using two Ubuntu 18.04 Servers. But with a little to no adjustment, any other decent distro should work.

Assumptions

Both server and client are running Ubuntu 18.04 Server
Server IP address is 10.0.0.1
Client can access the obfs4proxy server port (2222 in our example)

Common configurations

These are configurations that needed on both sides:

Installing obfs4proxy

You can either compile it from source or use your distro’s repository:

sudo sh -c 'apt-get update && apt-get install obfs4proxy'

Setting up the user and pt_state

There should be no reason to run obfs4proxy as root. So we create a dedicated user/group for it:

sudo adduser \
  --system \
  --home "/var/lib/obfs4proxy-ssh/" \
  --shell "/usr/sbin/nologin" \
  --group \
  --gecos "obfs4proxy for ssh" \
  obfs4-ssh

Note that in the process, we also made a home directory with the Continue reading

On Thinking About Infrastructure as Code

I just finished reading Cindy Sridharan’s excellent post titled “Effective Mental Models for Code and Systems,” and some of the points Sridharan makes immediately jumped out to me—not for “traditional” code development, but for the development of infrastructure as code. Take a few minutes to go read the post—seriously, it’s really good. Done reading it? Good, now we can proceed.

Some of these thoughts I was going to share in a planned presentation at Interop ITX in May 2019, but since I’m unable to speak at the conference this year due to schedule conflicts (my son’s graduation from college and a major anniversary trip for me and Crystal), I figured now was as good a time as any, especially given the timing of Sridharan’s post. Also, a lot of these thoughts stem from a discussion with a colleague at work, which in turn led to this Full Stack Journey podcast on practical infrastructure as code.

Anyway, let me get back to Sridharan’s post. One of the things that jumped out to me right away was Sridharan’s proposed hierarchy of needs for code:

Sridharan's hierarcy of needs for code

As you can see in the image (full credit for which belongs to Sridharan, as far Continue reading

« Previous 1 … 43 44 45 46 47 … 125 Next »