Ansible 2.5: Traveling space and time

Welcome to another Ansible release! Version 2.5–“Kashmir”–has a lot of great stuff to play around with, and we're excited to get it in your hands so you can try it out.

Some of the items in this release have been covered in depth in previous Feature Spotlights: AWS EC2 Dynamic inventory plugin, the new Loop keyword, and the all-new ec2_instance module. But those are just appetizers for all of the new things that are included in this release.

Fact Namespacing

In 2.5, we are introducing fact namespacing, which makes Ansible facts available under the ansible_facts namespace (i.e. ansible_facts.os_distribution) without the ansible_ prefix.

Facts will continue to be added into the main namespace directly, but there is now a configuration boolean to enable this. Today, it’s ”On” by default, in a future release, we’ll switch that to “Off”.

Module Blacklisting

We have added a configuration file that enables administrators to filter modules that should be excluded from being used in playbook runs. Operationally, this ensures administrators have more control over which Ansible Modules are approved for use.

New magic vars

Magic vars are variables that Ansible provides to playbook runs without having to be requested. Continue reading

5 years later, Docker has come a long way

The evolution of Docker: From introducing a container runtime to building an enterprise-ready container platform

Back in March 2013, Docker was introduced publicly for the first time during Docker founder, Solomon Hykes’ lightning talk at PyCon. Since that moment in 2013, Docker has evolved in conjunction with the needs of users and customers to drive innovation around security, orchestration, networking and more. From building out advanced security features across the software supply chain and offering the choice of both Swarm and Kubernetes, to developing Docker for Mac/Windows and the Docker Enterprise Edition (EE) container platform, Docker has come a long way. Now at the age of five, Docker has millions of users and over 450 commercial customers – including hundreds of the world’s largest companies – that rely on Docker EE to power their digital and multi-cloud initiatives.

The history of Docker has shaped where we are today and as we celebrate our 5th birthday this week, we take a look back at the journey that lead us here.

Following the enthusiastic reception at PyCon 2013, Docker’s image format and container runtime quickly emerged as the de facto standard and building block for the community, customers and the broader industry. The Continue reading

Interop ITX, Dell Technologies World, and Spousetivities

Spousetivities will be present at two additional events this year—in fact, these events are only about 6 weeks away! Both Dell Technologies World and Interop ITX are in Las Vegas the last week of April (both starting April 30), and Spousetivities is running events for both conferences.

<aside>In case you’re wondering why I blog about Spousetivities, it’s not only because my wife runs it (seriously). It’s primarily because I’m committed to supporting families, marriages, and relationships in the IT industry. IT companies ask a lot of their employees—often asking employees to give up evenings and/or weekends, or setting unfair expectations on employee responsiveness via email/Slack/IM during off-hours—so a program that enables spouses and/or significant others to join IT employees during a conference helps provide a little bit of balance, in my view.</aside>

Here’s a look at what’s planned during these two IT conferences:

• On Monday, April 30, there’s a full-day tour of Death Valley planned. This event is leaving the Mirage at 8:00 am and includes photo opportunities at Dante’s View and Zabriskie Point, a scenic drive through the Artist’s Pallet, and a stop at Bad Water Basin—the lowest point in the Western Hemisphere!

• On Tuesday, May 1, Spousetivities Continue reading

Video Series: Modernizing Java Apps for Developers Part 2

Moving a monolithic application to a modern cloud architecture can be difficult and often results in a greenfield development effort. However, it is possible to move towards a cloud architecture using Docker Enterprise Edition with no code changes and gain portability, security and efficiency in the process.

In the first post in this series, we discussed how you don’t need to do a full re-architecture of your application to microservices when using Docker Enterprise Edition.

In the second installment of the series, I go into the details of containerization of the application. This process builds containers using the application code as-is. I’ll follow three simple rules:

1. Keep the existing architecture
2. Keep the save version of the OS, components and application
3. Keep deployment simple, i.e. static not elastic

I’ll also demonstrate how to use multi-stage build file to compile the code and deploy it to application server container such as Tomcat. It also shows how to deploy the application and database using a Docker Compose file.

Video Series: Modernizing @Java Apps for #Developers with #docker EE
Click To Tweet

To learn more about Docker solutions for Developers:

• Learn more about Docker Enterprise Edition
• Start a hosted trial
• Sign up for upcoming Continue reading

Technology Short Take 96

Welcome to Technology Short Take 96! Ahead, lying in wait, is a unique collection of links, articles, and thoughts about various data center technologies. Browse if you dare…OK, so I’m being a bit melodramatic. It’s still some good stuff here!

Networking

• Via Matt Oswalt and Michael Bushong, I came across this article on Juniper’s use of P4. Interesting stuff…P4 definitely has the potential to dramatically reshape networking in new ways, in my humble opinion.
• Maxime Lagresle of XING outlines how they went about troubleshooting an unexplained connection timeout on Kubernetes/Docker.
• Ajay Chenampara outlines how POAP (Power On Auto Provisioning), a feature of Cisco NX-OS, works to streamline provisioning new network switches.
• Don Schenck has a high-level overview of Istio and service meshes.
• Daniel Álvarez has a good article describing some OVN profiling and optimizing he recently performed. I believe the patches he mentioned in the post have already been accepted into the OVN codebase.

Servers/Hardware

Nothing this time around; sorry! If you have some articles you feel are worthy of inclusion in the next Tech Short Take, send them my way!

Security

• Joe Beda talks about securing the Kubernetes dashboard in the wake of several “cryptojacking” instances.
• CloudFlare discusses recent Continue reading

A Secure Supply Chain for Kubernetes, Part 2

Two weeks ago we shared how the upcoming release of Docker Enterprise Edition (Docker EE) is able to secure the software supply chain for Kubernetes; just as it does for Docker Swarm through a combination of scanning for vulnerabilities and implementing image promotion policies. In this blog, we’ll take a closer look at another part of this solution – Docker Content Trust and image signing.

When combined with granular Role Based Access Controls [RBAC] and the secure clustering features of Docker EE, organizations get a secure container platform solution that is ready for the enterprise.

Restricting Unverified Kubernetes Content

As discussed in Part 1 of this blog post, organizations typically have a “supply chain” for how applications progress from a developer’s laptop to production, whether that is on-premises or in the cloud. For larger organizations, the team that handles QA and testing is not always the same team that develops the applications. There may also be a separate team that handles staging and pre-production before an application is pushed to production. Since an application can pass through several teams before it gets deployed, it’s important for organizations to be able to validate the source of the application.

Docker Content Trust Continue reading

Video Series: Modernizing Java Apps for Developers Part 1

Moving a monolithic application to a modern cloud architecture can be difficult and often result in a greenfield development effort. However, it is possible to move towards a cloud architecture using Docker Enterprise Edition with no code changes and gain portability, security and efficiency in the process.

Containerizing a monolithic application is a great starting point for modernizing application architecture.In many cases this can be done with no code changes at all.  From there, breaking down the application into smaller components makes it easier to deploy updates, introduce new components and manage scale.

This new video series covers modernization for Java applications. It walks through the process of evolving a N-tier Java application to a distributed application running across multiple containers. Docker provides the platform that plugs in and manages all the components into a coherent architecture.

This  series does not cover a full re-architecture to microservices. Shifting to a full microservices approach isn’t right for all applications, and the daunting task of a full rewrite of a monolithic application can be a massive endeavor that takes years to pay-off. Especially if what you have works. This series uses a feature driven approach. I select key features to update, in order to fix Continue reading

GETTING STARTED: UPGRADING ANSIBLE TOWER

Thanks for checking out the Getting Started series! This quick tutorial lists the basic steps needed to perform an upgrade of Red Hat Ansible Tower in a standalone configuration. Specifically, we'll be upgrading Ansible Tower 3.1.0 to the latest (as of this writing) version 3.2.2 in a few simple steps. There are some things you’ll need to keep in mind while upgrading (e.g., editing the inventory file appropriately), and a description will be offered with each example.

Upgrading is Easy

The steps to upgrading are similar to installing Ansible Tower. The original inventory file from the install should already have the hostnames and variables you'll be using, so it's suggested that you work from your current install's inventory file to populate the upgrade file.

Your older inventory file may have some different lines than the newer upgrade version, due to updated configuration options or added features. In this example, the difference between the 3.1.0 and the 3.2.2 inventory files is the added ability to enable isolated key generation for clustered installs. See below for a side-by-side comparison: 

Getting Started with Ansible Tower

If you’re considering evaluating Red Hat Ansible Tower, you might also be curious about what sort of support is included with a trial key. This post will explain what sort of help is available while you conduct a PoC, along with information to assist you with errors and more.

Ansible Experts Are Here to Help

After you download a trial of Ansible Tower and request a license key, there is more than just documentation and reading materials to help guide you through errors. Once you and your team are connected with Ansible and want to start working on an evaluation or proof of concept installation, there are a boatload of resources to help you on your automation journey:

Sales Representatives: Provide support from day one, helping you understand what Ansible Engine and Ansible Tower can do for you and your environment.

Getting Started Team: The product field engineering team (known colloquially as the "Getting Started" team) helps with the installation, configuration and integration of Ansible Engine and Ansible Tower.

Solution Architects: For cases that delve into deeper understanding of all things Ansible Automation, writing playbooks, or consultation/screenshared demos to ensure success of the project, a Solutions Architect can save Continue reading

Enhanced Layer 7 Routing for Swarm in Docker Enterprise Edition Beta

 The beta release of Docker Enterprise Edition has seen incredible activity. The highlight of the upcoming Docker Enterprise Edition (Docker EE) release is the integration of Kubernetes and bringing all of the advanced security, RBAC and management capabilities of Docker EE to Kubernetes. At the same time, we have been working to improve Swarm, delivering the only container platform that allows you to run both orchestrators in the same cluster. In this blog post, we’ll highlight some the key new capabilities around application-layer (Layer 7) routing and load balancing for Swarm-deployed applications. These enhancements come from the new Interlock 2.0 architecture which provides a highly scalable and highly available routing solution for Swarm. The new architecture brings some additional features to the platform, including path-based routing and SSL termination.

Path-Based Routing

Layer 7 load balancing allows traffic going to host domains like acme.com to be distributed across specific containers in your environment. With path-based routing, traffic headed to sub-domains within acme.com (eg. acme.com/app1 or acme.com/app2) can be separately routed to different sets of containers. This can be especially useful for optimizing application performance by driving different requests to different groups of containers.

Read Continue reading

Announcing DockerCon Europe 2018

The Docker Team is excited to announce that the next DockerCon Europe 2018 will take place at the CCIB in Barcelona, Spain from December 3-5, 2018. With 3000 expected attendees, 7 tracks, 80+ speakers and sponsors, this upcoming edition should be the largest enterprise container conference for the IT industry in Europe.

From Docker basics and orchestration best practices to insights into how containers can enable edge computing, serverless and machine learning, DockerCon will include content for everyone. No matter your level of expertise with Docker or job title, attendees will have ample opportunities to learn and collaborate with their peers at other companies using the Docker platform as the cornerstone of their container strategy.

The CFP and official registration will open in the upcoming months but you can already pre-register to to get an additional 50 EUR off early bird price.

We can’t wait to welcome back many returning DockerCon alumni as well as open the DockerCon doors to so many new attendees and companies as we return to Barcelona.

Announcing @dockercon Europe 2018: December 3-5 at CCIB Barcelona, Spain. Early signup is open!…
Click To Tweet

Learn More about DockerCon EU 2018

• Visit the website
• Pre-register
• Inquire Continue reading

5 years later, where are you on your Docker journey?

Docker is turning five the week of March 19-25, 2018 and in celebration of this event, we would like to turn the spotlight to our users – the customers, partners, individuals and organizations that are using the Docker platform every day. From scientific use cases in the field of medical and space research to more traditional use cases in large banks and insurance companies, Docker’s adoption is only accelerating with everyone from individual developers to global corporations. Here are some of the key figures showing the widespread adoption of Docker across the community and within enterprises.

Docker has evolved from a container runtime to Docker Enterprise Edition (EE), a secure enterprise-ready container platform that brings unmatched freedom of choice to enterprises, while providing a foundation for their digital and multi-cloud initiatives. Millions of users rely on Docker, downloading 100M container images a day, and over 450 companies have turned to Docker Enterprise Edition – including hundreds of the largest enterprises in the world. With such vast adoption, the range of stories to tell and the diverse set of use cases continues to grow. So where are some of these users and enterprise customers on their Docker journey?

Docker users have deployed Docker containers for a Continue reading

Recent Changes in my “Learning Tools” Repository

A couple years ago, I created a “learning-tools” repository on GitHub with the goal of creating environments/tools that would help others learn new technologies. At first, the contents of the repository were almost exclusively leveraging Vagrant, but over time I’ve extended the environments to also leverage Ansible and to use tools such as Terraform. Over the past month or so, I’ve made a few additional (albeit relatively minor) updates that I also wanted to share.

As I said, the updates are relatively minor:

• I’ve added environments for running generic versions of Fedora Atomic Host (26 and 27), Ubuntu 16.04, and Debian 9.x. These environments are probably of limited value by themselves, but in the future I may use them as the basis for more complex environments based on these operating systems. Of course, others may leverage them as the basis for projects of their own.
• I’ve added Libvirt support for a number of the Vagrant-based environments, based on my experience with the Vagrant Libvirt provider. This support is limited to areas where I was able to find Libvirt-formatted Vagrant boxes, so you’ll find Libvirt support for the environments using CentOS Atomic Host, Fedora Atomic Host, and Debian. Continue reading

Looking Ahead: My 2018 Projects

For the last six years or so, I’ve been publishing a list of projects/goals for the upcoming year (followed by a year-end review of how I did with those projects/goals). For example, here are my goals for 2017, and here’s my year-end review of my progress in 2017. In this post, I’m going to share with you my list of projects/goals for 2018.

As I’ve done in previous years, I’ll list the projects/goals, along with an optional stretch goal (where it makes sense).

1. Become extremely fluent with Kubernetes. I’m focusing all my technical skills on Kubernetes this year, with the goal of becoming extremely fluent with the project in all its aspects. There are some aspects—like networking, for example—where some specialization/additional focus will be needed (focusing on particular network architectures/plugins). That means “leaving behind” other technologies, like OpenStack, in order to more fully focus on Kubernetes. (Stretch goal: Pass the Certified Kubernetes Administrator [CKA] exam.)

2. Learn to code/develop in Go. Given that Kubernetes is written in Go and that Go seems to be the language of choice for many new projects, tools, and utilities, I’m going to learn to code/develop in Go in 2018. Because I learned Continue reading

Ansible Tower Feature Spotlight: Instance Groups and Isolated Nodes

As we continue to improve Red Hat Ansible Tower, we’ve focused on allowing you to automate in more flexible ways, no matter your deployment scenario. As part of this, we’ve introduced two new features: Instance Groups and Isolated Nodes. These new features allow you to use Ansible Tower automation more flexibly in ways that match both the structure of your organization and your infrastructure.

Instance Groups

What is an instance group?

Ansible introduced Clusters in Ansible Tower 3.1. Tower Clusters allow you to add capacity to your Ansible Tower environment - the more nodes in your Tower Cluster, the more job execution capacity you have. If you have to run many jobs simultaneously, adding more nodes to the cluster lets you run them all without queueing.

However, this just gives you an additional mass of capacity. If you just have one group using a Tower instance, that may be enough. But we know that many Ansible Tower instances are shared among teams, groups, and organizations that may have different uses for their automation.

That’s why, in Ansible Tower 3.2,  we created Instance Groups.

An Ansible Tower Instance group is a set of cluster nodes dedicated for a particular purpose. Continue reading

A Secure Supply Chain for Kubernetes

The beta release of the Docker Enterprise Edition (Docker EE) container platform last month integrates Kubernetes orchestration, running alongside Swarm, to provide a single container platform that supports both legacy and new applications running on-premises or in the cloud. For organizations that are exploring Kubernetes or deploying it in production, Docker EE offers integrated security for the entire lifecycle of a containerized application, providing an additional layer of security before the workload is deployed by Kubernetes and continuing to secure the application while it is running.

Mike Coleman previously discussed access controls for Kubernetes. This week we’ll begin discussing how Docker EE secures the Kubernetes supply chain.

What is a Software Supply Chain?

When you purchase something from a retail store, there is an entire supply chain that gets the product from raw materials to the manufacturer to you. Similarly, there is a software supply chain that takes an application from code on a developer’s laptop to production.

Every company’s software supply chain may be slightly different; some outsource software development, some have adopted Continuous Integration and Continuous Delivery processes, and some deploy production applications across multiple clouds, some on-premises. Regardless of what the software supply chain consists of, Continue reading

First Look at the DockerCon San Francisco 2018 Agenda

From June 12th – 15th, San Francisco will welcome 6,000+ developers, sysadmins, architects, VP of Apps and other IT leaders to get hands-on with the latest innovations in the container ecosystem at DockerCon 2018. Today, we are excited to share a first look at the DockerCon Agenda. We’ve brought back some of your favorite from past DockerCons and are also thrilled to welcome many first time DockerCon speakers to the stage. Here is a first look at some of our favorites sessions:

Customers in Production  

Use case sessions highlight how companies are using Docker to modernize their infrastructure and build, manage and secure  distributed applications. These sessions are heavy on business value, ROI and production implementation advice, and learnings.

• Building your NoSQL ship: How an Enterprise transitioned from a RDBMS to NoSQL DB using Agile and Docker by Jonell Taylor, Metlife
• Black Friday and 100K Deployments Per Year by Srikanth Bulusu & Sanjoy Mukherjee, JCPenney
• Packaging Software for Distribution on the Edge with Docker and Windows Server
  Peter Ngai, GE Digital

Using Docker

Using Docker sessions are introductory sessions for Docker users, dev and ops alike. Filled with practical advice, learnings, and insight, these sessions will Continue reading

Getting Started: Using New Kerberos Feature in Ansible Tower

Welcome to another post in our Getting Started series. In our previous post, we discussed how you can set up and use LDAP in your Red Hat Ansible Tower instance. In this post we are going to discuss a new feature in regard to Windows authentication with Kerberos. Before we get started, please note that these changes will not affect the current configuration you are using if you have previously used Kerberos with Ansible Tower. Your setup should function the same way as before.

Using Kerberos to Connect to Windows

Using Kerberos with Ansible and Ansible Tower to connect to your Windows hosts before the release of Ansible 2.3 required some prior scaffolding tasks be set up before you were able to fully use it. The necessary packages for Kerberos are still required to be on the machine that Ansible Tower is installed on. The documentation on the required materials and configuration changes can be found here if you are just starting out or need a refresher.

The main change that comes to using Kerberos with Ansible and Ansble Tower is how Ansible manages Kerberos “tokens” or “tickets." Ansible Tower defaults to automatically managing Kerberos tickets (as Continue reading

Technology Short Take 95

Welcome to Technology Short Take 95! This Short Take was a bit more challenging than normal to compile, given that I spent the week leading up to its publication visiting customers in Europe. (My travel schedule in Europe is also why it didn’t get published until Saturday instead of the typical Friday.) Nevertheless, I have persevered in order to deliver you this list of links and articles. I hope it proves useful!

Networking

• Larry Smith Jr. has a nice write-up on Cisco XR stemming from a presentation at NFD 17.
• VMware recently released a reference design guide for NSX-T; see here for more details.
• The engineering team at Lyft recently discussed a new overlay-free networking approach they’ve been working on for Kubernetes: IPVLAN-based CNI stack for running within VPCs on AWS. This is pretty cool, but does introduce some potential design considerations for deploying Kubernetes on AWS. (For those that may be unfamiliar: CNI, or Container Network Interface, is the means whereby network mechanisms “plug into” Kubernetes. IPVLAN is a low-latency means of providing IP connectivity to containers. VPCs, or Virtual Private Clouds, are Amazon’s software-defined networking mechanism for workloads running on AWS.)
• Viktor van den Berg writes Continue reading

Video Series: Modernizing .NET Apps for Developers

 Docker Enterprise Edition (EE)  is the container platform for modernizing your existing applications, and running them in the cloud or on-premises. You can take monoliths and run them in containers with no code changes, and that gets you portability, security and efficiency.

Running in Docker is also a great starting point for modernizing the application architecture. You can breaking down the monolith into smaller, independent components which makes it easier to deploy updates, manage scale and introduce new technologies.

This new video series covers app modernization, for .NET developers and architects. It walks through the evolution of a monolithic ASP.NET 3.5 app to a distributed application running across multiple containers, using the Docker platform to plug everything together and adding features with great open-source software from the Docker ecosystem.

This is not a full re-architecture to microservices – for large .NET apps that would be a 12 month project. This series uses a feature-driven approach, taking key features out of the monolith to fix performance issues, add new functionality and support fast application updates.

Part 1 introduces the series, talks about what “modernization” means and then gets started – this is a very demo-heavy video series, where you’ll see lots Continue reading