Announcing Support for Windows Server 2019 within Docker Enterprise

Docker is pleased to announce support within the Docker Enterprise container platform for the Windows Server 2019 Long Term Servicing Channel (LTSC) release and the Server 1809 Semi-Annual Channel (SAC) release. Windows Server 2019 brings the range of improvements that debuted in the Windows Server 1709 and 1803 SAC releases into a LTSC release preferred by most customers for production use. The addition of Windows Server 1809 brings support for the latest release for customers who prefer to work with the Semi-Annual Channel. As with all supported Windows Server versions, Docker Enterprise enables Windows Server 2019 and Server 1809 to be used in a mixed cluster alongside Linux nodes.

Windows Server 2019 includes the following improvements:

• Ingress routing
• VIP service discovery
• Named pipe mounting
• Relaxed image compatibility requirements
• Smaller base image sizes

Docker and Microsoft: A Rich History of Advancing Containers

Docker and Microsoft have been working together since 2014 to bring containers to Windows Server applications, along with the benefits of isolation, portability and security. Docker and Microsoft first brought container technology to Windows Server 2016 which ships with a Docker Enterprise Engine, ensuring consistency for the same Docker Compose file and CLI commands across both Linux and Continue reading

5 Reasons to Attend DockerCon SF 2019

If you can only attend one conference this year – make it matter. DockerCon is the one-stop event for practitioners, contributors, maintainers, developers, and the container ecosystem to learn, network and innovate. And this year, we will continue to bring you all the things you love about DockerCon like Docker Pals, the Hallway Track and roundtables, and the sessions and content you wanted more of – including open source, transformational, and practical how-to talks. Take advantage of our lowest ticket price when you register by January 31, 2019. No codes required.

<Register Now>

And in case you are still not convinced, here are a few more reasons you shouldn’t miss this year’s DockerCon

1. Belong. The Docker Community is one of a kind and the best way to feel a part of it is at DockerCon. Take advantage the Docker Pals Program, Hallway Track, roundables and social events to meet new people and make lasting connections.

2.  Think big. Docker containers and our container platform are being used everywhere for everything – from sending rockets to space to literally saving the earth from asteroids to keeping e-commerce running smoothly for black friday shoppers. Come to DockerCon and Continue reading

Webinar: “How to Make Your Mark: Ansible Community Contributions”

On Wednesday, January 30, 2019, 9:30 AM EST, we will be hosting a webinar, How to Make Your Mark: Ansible Community Contributions. This webinar is tailored for everyone in the Ansible community. Whether you're a brand new member of the Ansible community or a full-fledged Red Hat Ansible Tower customer, contributing to the Ansible projects is a way to put features and fixes into the tools you use daily.

Join John "gundalow" Barker (Principal Software Engineer, Ansible Community) and Alicia Cozine (Technical Writer, Ansible Documentation) as they discuss and demonstrate contribution how-to’s and best practices. They will also quell some common myths about contributing to Ansible and dive into the Ansible development workflow.

There are no prerequisites for attending this webinar. You don’t need to know git, understand GitHub, nor write Python. There will also be a Q&A session during the webinar. If you have questions about how or where to get started after the webinar, please ask them! One of the best parts about being a community is continually improving the way we work. If you have suggestions for documentation, process, etc. but don’t know the best place to ask, this webinar will help.

Ansible Contributor Experience Working Group Continue reading

Playing The Long Game In Systems

The secret to the longevity of any big corporation is a nearly constant process of reinvention. …

Playing The Long Game In Systems was written by Timothy Prickett Morgan at .

AnsibleFest is heading to Atlanta!

We are excited to announce the dates and location for AnsibleFest 2019. We’ve selected a location that not only provides the ease of use (or access in this case) that users expect from all things Ansible, but also the enjoyment folks expect after automating their way through complex problems.

ATLANTA! Home of the Braves (MLB), Falcons (NFL), Hawks (NBA), the largest aquarium in the world, the busiest airport in the world, and great restaurants like The Varsity and Old Lady Gang. Soon it will also be the home of AnsibleFest 2019!

Join us at the Hilton Atlanta Downtown, September 24-26, 2019. We will follow the same format as last year with a Welcome Party on September 23, two days of content on September 24-25, and some add-on options, like workshops, on September 26. There will also be a Contributor Summit again (details to follow at a later date). We’ll be bringing back the high quality experiences attendees have come to expect, including Ask an Expert and the Getting Started Hub. But, most importantly, we’ll have sessions from folks across the Ansible community.

Here’s what to expect between now and AnsibleFest Atlanta 2019:

• The AnsibleFest sponsorship prospectus will be available in Continue reading

obfs4proxy-openvpn: Obfuscating OpenVPN traffic using obfs4proxy

Overview

After my initial post about obfs4 on how to hide any TCP traffic and an example for hiding SSH traffic, it’s now time to do so for OpenVPN.

For this, I have written a Bash script to do the job. It’s called obfs4proxy-openvpn and is freely available under MIT license.

Supported transports

obfs4

The main goal of the script is to provide obfs4 transport to OpenVPN. This is also the main interest of this article.

This transport requires out-of-band CERT exchange between client and server and because of that, can provide some advanced functionalities which are missing in older transports.

obfs3

obfs3 transport is supported but should generally be avoided in favor of obfs4.

obfs2

obfs2, the oldest transport is supported as well (mainly because its supported by obfs4proxy). You really shouldn’t use it…

Architecture

Before going into detail, its good to have a basic idea on how different parts of the script work together to provide obfs4 functionality to Continue reading

5 Ways to Beat the Clock on Windows Server 2008 End of Support

In just over one year, Microsoft support for Windows Server 2008 will come to an end. Without the proper planning in place, the ripple effects may impact your business. The cost of maintenance will skyrocket, while security and compliance risks will increase without regular patches.

So, how can companies beat the clock? The short answer is enterprise container platforms can provide a fast and simple way to transform expensive and difficult-to-maintain applications into efficient, secure and portable applications ready for modern infrastructure – whether current Windows Server releases (such as WS 2016 or later) and/or into the cloud. Taking this approach saves a significant amount of money and improves security and performance across the application lifecycle.

We are already seeing immediate demand from customers in modernizing their existing Windows Server applications in preparation for the end of support in January 2020 – here are five key takeaways we have learned in the process.

1. Existing applications power businesses today

The fact is that most data in the largest businesses (or companies) in the world run on legacy applications. And these applications   can continue to provide value if enterprises containerize and migrate them to modern environments to make them more Continue reading

Technology Short Take 109

Welcome to Technology Short Take #109! This is the first Technology Short Take of 2019. It may be confirmation bias, but I’ve noticed of number of sites adding “Short Take”-type posts to their content lineup. I’ll take that as flattery, even if it wasn’t necessary intended that way. Enjoy!

Networking

• Niran Even-Chen says service mesh is a form of virtualization. While I get what Niran is trying to say here, I’m not so sure I agree with the analogy. Sometimes analogies such as this are helpful, but sometimes the analogy brings unnecessary connotations that make understanding new concepts more difficult. One area where I do strongly agree with Niran is in switching your perspective: looking at service mesh from a developer’s perspective gives one quite a different viewpoint than viewing service mesh in an infrastructure light.
• Jim Palmer has a detailed write-up on DHCP Option 51 and different behaviors from different DHCP clients.
• Niels Hagoort talks about some network troubleshooting tools in a vSphere/ESXi environment.

Servers/Hardware

Nothing this time around, but I’ll stay alert for items to include next time.

Security

• Nandor Kracser outlines a method that Banzai Cloud uses to inject secrets from Vault directly into Kubernetes Pods.
• Via Continue reading

What’s New in Ansible Tower 3.4

We hope that 2019 will be a great year and the Ansible team is here to start it off right. We're happy to announce that Red Hat Ansible Tower 3.4 is now generally available. In this release, there are several enhancements that can help improve automation practices. Engineering has been working hard to enhance Red Hat Ansible Tower. We're most excited about workflows enhancements, job slices, and some other nifty features. Let’s dive a little deeper into what we’re excited about in this release.

Workflow Enhancements

The enhancements to workflows in Red Hat Ansible Tower 3.4 are a combination of internal and customer requested features. This is designed to bring needed hybrid cloud management capabilities to engineers and administrators around the globe.

Workflow Convergence

Workflow convergence enables a convergence step that tracks the completion of multiple workflow jobs before continuing. For example, when deploying application updates there might be a need to wait until a group of nodes drains from a load balancer pool before having a service stopped on any node in the group. This helps enable a more complete dependency chain for jobs inside workflows.

Nested Workflows

Workflows have been able to have job templates Continue reading

2018 Docker Community Awards

The Docker community has been at the heart of Docker’s success from the start. We are constantly in awe of the dedication and passion of the practitioners – users, customers, partners, contributors and maintainers – who make up our community. Early in December at DockerCon Barcelona we were humbled to honor a Docker Captain and a few very special Community Leaders whose activities over the past year have made a tremendous difference to us all. Together, the Docker Community has achieved so much, we can’t wait to see what 2019 has in store.

Tip of the Captains Hat Award

Bret Fisher

Docker Captain (and Community Leader) Bret Fisher was nominated to receive this inaugural award by his fellow Captains because his contribution and leadership serve as an example of what it means to be a Docker Captain. Bret teaches Docker to thousands of people through his Docker Mastery online course, conference workshops, and ask-me-anythings on YouTube Live. He is accessible and constantly sharing knowledge with the community and the Captains, and he helps drive improvements up and down the software stack of both Docker open source and Docker commercial products. In Bret’s own words:

“I’m so proud Continue reading

How to hide (obfuscate) SSH traffic using obfs4

Overview

In the previous post, I talked about pt-spec-v1 and obfs4 and explained how obfs4proxy can be setup and used outside of Tor. You are advised to read it to get the most out of this post.

In this post I’m going to give you a real example of obfs4proxy being used to obfuscate SSH traffic.

For this, I’ll be using two Ubuntu 18.04 Servers. But with a little to no adjustment, any other decent distro should work.

Assumptions

• Both server and client are running Ubuntu 18.04 Server
• Server IP address is 10.0.0.1
• Client can access the obfs4proxy server port (2222 in our example)

Common configurations

These are configurations that needed on both sides:

Installing obfs4proxy

You can either compile it from source or use your distro’s repository:

sudo sh -c 'apt-get update && apt-get install obfs4proxy'

Setting up the user and pt_state

There should be no reason to run obfs4proxy as root. So we create a dedicated user/group for it:

sudo adduser \
  --system \
  --home "/var/lib/obfs4proxy-ssh/" \
  --shell "/usr/sbin/nologin" \
  --group \
  --gecos "obfs4proxy for ssh" \
  obfs4-ssh

Note that in the process, we also made a home directory with the Continue reading

On Thinking About Infrastructure as Code

I just finished reading Cindy Sridharan’s excellent post titled “Effective Mental Models for Code and Systems,” and some of the points Sridharan makes immediately jumped out to me—not for “traditional” code development, but for the development of infrastructure as code. Take a few minutes to go read the post—seriously, it’s really good. Done reading it? Good, now we can proceed.

Some of these thoughts I was going to share in a planned presentation at Interop ITX in May 2019, but since I’m unable to speak at the conference this year due to schedule conflicts (my son’s graduation from college and a major anniversary trip for me and Crystal), I figured now was as good a time as any, especially given the timing of Sridharan’s post. Also, a lot of these thoughts stem from a discussion with a colleague at work, which in turn led to this Full Stack Journey podcast on practical infrastructure as code.

Anyway, let me get back to Sridharan’s post. One of the things that jumped out to me right away was Sridharan’s proposed hierarchy of needs for code:

As you can see in the image (full credit for which belongs to Sridharan, as far Continue reading

The Linux Migration: December 2018 Progress Report

In December 2016, I kicked off a migration from macOS to Linux as my primary laptop OS. Throughout 2017, I chronicled my progress and challenges along the way; links to all those posts are found here. Although I stopped the migration in August 2017, I restarted it in April 2018 when I left VMware to join Heptio. In this post, I’d like to recap where things stand as of December 2018, after 8 months of full-time use of Linux as my primary laptop OS.

I’ll structure this post roughly as a blend of the formats I used in my April 2017 and July 2017 progress reports.

Hardware

Readers may recall that I was using a Dell Latitude E7370 (see my E7370 hardware review) up until August 2017, when I put the Linux migration on hold indefinitely due to productivity concerns. Upon moving to Heptio, I switched to a Lenovo ThinkPad X1 Carbon (see here for my review of the X1 Carbon—the “TL;DR” is that I love it). In my home office, the X1 Carbon connects to a USB-C expansion hub that provides connectivity to a 34” 21:9 ultrawide curved monitor, external HD webcam, and a USB headset for Zoom Continue reading

How to hide (obfuscate) any traffic using obfs4

Overview

In this post, I’m going to give you the information necessary to be able to use obfs4 protocol not just for wrapping Tor traffic, but for virtually any other TCP traffic as well.

Doing so for the previous Pluggable Transports of this kind (namely obfs2,obfs3 and ScrambleSuit) was rather simple. obfsproxy program written python, already supports being run in standalone (or so called unmanaged) mode and there are dozens of guides available on how to do so.

However, obfs4proxy which implements obfs4 protocol in Go, is primarily designed to work in conjunction with Tor (managed mode). This is not a protocol limitation but rather an implementation one.

If you ever try running obfs4proxy by itself, you’d get an error like this:

[ERROR]: obfs4proxy – must be run as a managed transport

But Hey! It is not the end of the world. There are still couple of ways to make use of obfs4 outside of Tor:

• Adding unmanaged mode of operation to obfs4proxy
  This is probably the best way, but I’m not a Go programmer so I’ll leave that to those who are.

• Using external wrappers
  PTProxy and ptadapter in Python, along with Shapeshifter in Continue reading

Top 5 Blog Post 2018: Simplifying Kubernetes with Docker Compose and Friends

All this week we’ve been bringing you the top 5 blog posts for 2018 –coming in at #1 is our post on open sourcing our Docker Compose on Kubernetes capability. This new capability enables you to simplify the Kubernetes experience. To learn more, continue reading…     

Today we’re happy to announce we’re open sourcing our support for using Docker Compose on Kubernetes. We’ve had this capability in Docker Enterprise for a little while but as of today you will be able to use this on any Kubernetes cluster you choose.

Why do I need Compose if I already have Kubernetes?

The Kubernetes API is really quite large. There are more than 50 first-class objects in the latest release, from Pods and Deployments to ValidatingWebhookConfiguration and ResourceQuota. This can lead to a verbosity in configuration, which then needs to be managed by you, the developer. Let’s look at a concrete example of that.

The Sock Shop is the canonical example of a microservices application. It consists of multiple services using different technologies and backends, all packaged up as Docker images. It also provides example configurations using different tools, including both Compose and raw Kubernetes configuration. Let’s have a look Continue reading

Looking Back: 2018 Project Report Card

Over the last five years or so, I’ve shared with my readers an annual list of projects along with—at the year’s end—a “project report card” on how I fared against the projects I’d set for myself. (For example, here’s my project report card for 2017.) Following that same pattern, then, here is my project report card for 2018.

Here’s the list of projects I established for myself in 2018 (you can also read the associated blog post for more context):

1. Become extremely fluent in Kubernetes. (Stretch goal: Pass the CKA exam.)
2. Learn to code/develop in Go.
3. Make three contributions to open source projects. (Stretch goal: Make five contributions.)
4. Read and review three technical books. (Stretch goal: Read and review five technical books.)
5. Complete a “wildcard” project.

So, how did I do? Let’s take a look.

1. Become extremely fluent in Kubernetes: This is, in my opinion, a hard one to accurately gauge. Why? Well, Kubernetes is a pretty massive project. I saw a tweet recently saying the project was now at a point where no one person can understand all of it. The other factor making it difficult for me to accurately gauge this is the caliber Continue reading

Top 5 Blog Posts of 2018: Introducing the New Docker Hub

In case you missed our announcement a couple of weeks ago, Docker Hub now has an improved user experience for finding, storing and sharing Docker container images. Our second most popular blog of 2018 gives users a preview of the new Docker Hub. Read on to learn more about what’s new on Docker Hub!

Today, we’re excited to announce that Docker Store and Docker Cloud are now part of Docker Hub, providing a single experience for finding, storing and sharing container images. This means that:

• Docker Certified and Verified Publisher Images are now available for discovery and download on Docker Hub
• Docker Hub has a new user experience

Millions of individual users and more than a hundred thousand organizations use Docker Hub, Store and Cloud for their container content needs. We’ve designed this Docker Hub update to bring together the features that users of each product know and love the most, while addressing known Docker Hub requests around ease of use, repository and team management.

Here’s what’s new:

Repositories

• View recently pushed tags and automated builds on your repository page
• Pagination added to repository tags
• Improved repository filtering when logged in on the Docker Hub home page

Top 5 Blog Post of 2018: Play with Kubernetes

All this week, we have been bringing you the top 5 blog posts of 2018. Now for #3 on top 5 list – our blog post on Play with Kubernetes. Following the success of Play with Docker, earlier this year, we gave you the ability to learn Kubernetes from the convenience of our training site. Continue reading to learn more…

Every month for the last year, thousands of people have used Play with Docker and the accompanying hands-on Play with Docker Classroom training site. These sites allow you to use and learn Docker entirely within your own browser, without installing anything. Last summer, we quietly launched the companion site Play with Kubernetes, to give people a full command line while learning Kubernetes on the command line. And today we’re launching a new Kubernetes training site, the Play with Kubernetes Classroom.

The Play with Kubernetes Classroom is a workshop environment just like the Play with Docker Classroom. We currently have an extensive Kubernetes workshop originally based on Jérôme Petazzoni’s Container Training Kubernetes workshop. But instead of doing it all locally or setting up VMs in the cloud, you can now run through the workshop entirely in the browser.

Continue reading

Top 5 Blog Post of 2018: Docker Enterprise 2.0 with Kubernetes

Day 2 of our top blog posts of 2018 and coming in at Number 4 is the launch of Docker Enterprise 2.0 (formerly Docker Enterprise Edition). Docker’s industry-leading container platform is the only platform that simplifies Kubernetes and manages and secures applications on Kubernetes in multi-Linux, multi-OS and multi-cloud customer environments. To learn more about our Docker Enterprise, read on…

We are excited to announce Docker Enterprise Edition 2.0 – a significant leap forward in our enterprise-ready container platform. Docker Enterprise Edition (EE) 2.0 is the only platform that manages and secures applications on Kubernetes in multi-Linux, multi-OS and multi-cloud customer environments. As a complete platform that integrates and scales with your organization, Docker EE 2.0 gives you the most flexibility and choice over the types of applications supported, orchestrators used, and where it’s deployed. It also enables organizations to operationalize Kubernetes more rapidly with streamlined workflows and helps you deliver safer applications through integrated security solutions. In this blog post, we’ll walk through some of the key new capabilities of Docker EE 2.0.

Eliminate Your Fear of Lock-in

As containerization becomes core to your IT strategy, the importance of having a platform Continue reading

Top 5 Post: Improved Docker Container Integration with Java 10

As 2018 comes to a close, we looked back at the top five blogs that were most popular with our readers. For those of you that had difficulties with memory and CPU sizing/usage when running Java Virtual Machine (JVM) in a container, we are kicking off the week with a blog that explains how to get improved Docker container integration with Java 10 in Docker Desktop ( Mac or Windows) and Docker Enterprise environments.

Many applications that run in a Java Virtual Machine (JVM), including data services such as Apache Spark and Kafka and traditional enterprise applications, are run in containers. Until recently, running the JVM in a container presented problems with memory and cpu sizing and usage that led to performance loss. This was because Java didn’t recognize that it was running in a container. With the release of Java 10, the JVM now recognizes constraints set by container control groups (cgroups). Both memory and cpu constraints can be used manage Java applications directly in containers, these include:

• adhering to memory limits set in the container
• setting available cpus in the container
• setting cpu constraints in the container

Java 10 improvements are realized in both Docker Desktop ( Mac Continue reading