Automation Field Guide: Quick AWS NextCloud Instance
This is a practical use story utilizing Ansible to solve a small hurdle in an everyday workflow.
Code for this can be found here.
In this post, I’ll be sharing a practical situation where Ansible makes tasks easier. The Getting Started team works with organizations who may be putting together a proof-of-concept to evaluate Red Hat® Ansible® Tower. If troubleshooting gets into the weeds, it can include sharing documentation, instructions for common setup scenarios, or going through system settings to make sure everything’s in order.
Sometimes there's no other way: we need to get a full environment report from the system to troubleshoot, mostly in the form of a sosreport. We found that getting the report to us can be challenging, so we had to find a reliable way for people to send us their log files. A file drop web app that could be spun up on demand fit the need nicely. A Nextcloud install with a CentOS LAMP stack turned out to be a great tool, using Ansible to automate the provisioning and installation for us. Because this little trick proved so helpful, I wanted to share how I put the short playbook together, Continue reading
MetLife Uses Docker Enterprise Edition to Self Fund Containerization
MetLife is a 150 year old company in the business of securing promises and the information management of over 100M customers and their insurance policies. As a global company, MetLife delivers promises into every corner of the world – some of them built to last a lifetime. With this rich legacy comes a diverse portfolio of IT infrastructure to maintain those promises.
In April, Aaron Aedes from MetLife spoke about their first foray into Docker containerization with a new application, GSSP, delivered through Azure. Six months later, MetLife returns to the DockerCon stage to share their journey since this initial deployment motivated them to find other ways to leverage Docker Enterprise Edition [EE] within MetLife.
Jeff Murr, Director of Engineering for Containers and Open Source at MetLife spoke in the Day 1 DockerCon keynote session about how they are looking to scale containerization with Docker as they scale . He states that new technology typically adds more cost and overhead to an already taxed IT budget. But the Docker Modernize Traditional Apps [MTA] Program presented an opportunity to reduce the costs of their existing applications.
The MTA project at MetLife started with a single Linux Java-based application that handled the “Do Not Continue reading
Technology Short Take 89
Welcome to Technology Short Take 89! I have a collection of newer materials and some older materials this time around, but hopefully all of them are still useful. (I needed to do some housekeeping on my Instapaper account, which is where I bookmark stuff that frequently lands here.) Enjoy!
Networking
- This is a slightly older post providing an overview of container networking, but still quite relevant. Julia has a very conversational style that works well when explaining new topics to readers, I think.
- Russell Bryant has a post on Open Virtual Network (OVN), a project within the Open vSwitch (OVS) community. If you’re not familiar with OVN, this is a good post with which to start.
Servers/Hardware
Hmm…I didn’t find anything again this time around. Perhaps I should remove this section?
Security
- This blog post discusses some of the new network security functionality available in vSphere Integrated Containers (VIC) version 1.2; specifically, the new container network firewall functionality.
- The NIST and DHS have teamed up on some efforts to secure BGP; more information is available in this article.
- When I was using Fedora, I needed some useful information on
firewall-cmd, and found this article to Continue reading
Finnish Railways and Accenture Partner to Modernize Key Transportation Apps
VR Group is the state-owned company that runs Finnish Railways, and provides 82 million passenger train rides and transports 36 million tons of goods per year. The 150+ year old transportation business is broken into separate divisions, each with their own technology departments. Finnish Railways does not have an in-house development team, so each division leverages external vendors and partners for their application development needs.
On Day 2 of DockerCon Europe, Markus Niskanen, Integration Manager at VR Group, and Oscar Renalias, Solutions Architect at Accenture presented their story on how they worked together to modernize critical business applications for Finnish Railways, including the reservation and commuter applications.
Partnership Drives Faster Results
Finnish Railways began working with Accenture, a long-time partner, to design a new common application platform based on Docker Enterprise Edition (EE). Leveraging Accenture’s Container Migration Factory, Finnish Railways had access to hundreds of Docker-trained Accenture architects which meant that this project could be delivered more efficiently. For example, Accenture has customized Terraform scripts that set up a Docker EE environment in AWS in about 25 minutes.
They started with the old reservation system which was running on mainframe and a legacy commuter service application. They rewrote these applications with microservices Continue reading
Posts from the Past, October 2017
After over 12 years of writing here, I’ve accumulated a pretty fair amount of content. To help folks discover older content, I thought it might be fun to revisit what I’ve published in October in years past. Here are some “posts from the past,” all from October of previous years. Enjoy!
October 2005
Protecting Against OpenSSL SSLv2 Flaw
October 2006
I was spending a great deal of time with Active Directory back then:
Finding Recently Created Active Directory Accounts
Refined Solaris 10-AD Integration Instructions
October 2007
Storage was the name of the game a decade back:
Sanrad Configuration Basics
VM File-Level Recovery with NetApp Snapshots
October 2008
Quick Note on ESX and ESXi Storage Multipathing
Is Power the Key to Controlling the Cloud?
October 2009
Fibre Channel, FCoE, and InfiniBand, oh my!
New User’s Guide to Managing Cisco MDS Zones via CLI
I/O Virtualization and the Double-Edged Sword
Setting up FCoE on a Nexus 5000
October 2010
Shortening URLs via bit.ly from the CLI
Shortening URLs via bit.ly the Apple Way
October 2011
Content Creation and Mind Mapping
October 2012
In October 2012 I was neck-deep in learning all I could learn about Open vSwitch, and a Continue reading
DockerCon EU 2017: All the videos are now live!
In case you missed it last week, here are the highlights from DockerCon Europe 2017 including recordings of the keynotes. We’re excited to announce that most of the breakout videos are now available online! A big thanks to all our awesome speakers for working hard on the content of their sessions. All the videos are published on the Docker Website, the slides available from the Docker Slideshare account and photos soon uploaded to a DockerCon EU 2017 album on facebook.
Here are the links to the playlists of each track:
Using Docker
Using Docker sessions are introductory sessions for Docker users, dev and ops alike. Filled with practical advice, learnings and insight, these sessions will help you get started with Docker or better implement Docker into your workflow.
Docker Best Practices
Docker Best Practices sessions provide a deeper dive into Docker tooling, implementation and real world production use recommendations. If you are ready to get to the next level with your Docker usage, join this track for best practices from the Docker team.
Use Case
Use case sessions highlight how companies are using Docker to modernize their infrastructure and build, ship and run distributed applications. These sessions are heavy on Continue reading
The Linux Migration: Wrap-Up
As many readers are probably already aware, I embarked on a journey earlier this year to make Linux my primary laptop OS (see this update from April of this year). That journey ended (for now) when I ordered a new 13” MacBook Pro just before VMworld US. In this post, I’d like to reflect a bit on my journey, and what it means for others who may be interested in similar journeys of their own.
So why the switch back to macOS? Well, it certainly does not have anything to do with changes on the macOS side; all my concerns (first expressed here in late November of 2012, almost five years ago) are still present. By all indications, the trend to “iOS-ify” macOS continues; this may be great for the masses but isn’t so great for “power users” such as myself, in my humble opinion.
In the end, the decision to switch back to macOS really comes down to productivity. I think that my July 2017 update post probably sums it up best: for me, trying to use Linux as my primary laptop OS was like “death from a thousand cuts.” While I strongly prefer to use Linux as Continue reading
What is Notary and why is it important to CNCF?
As you may have heard, the Notary project has been invited to join the Cloud Native Computing Foundation (CNCF). Much like its real world namesake, Notary is a platform for establishing trust over pieces of content.
In life, certain important events such as buying a house are facilitated by a trusted third party called a “notary.” When buying a house, this person is typically employed by the lender to verify your identity and serve as a witness to your signatures on the mortgage agreement. The notary carries a special stamp and will also sign the documents as an affirmation that a notary was present and verified all the required information relating to the borrowers.
In a similar manner, the Notary project, initially sponsored by Docker, is designed to provide high levels of trust over digital content using strong cryptographic signatures. In addition to ensuring the provenance of the software, it also provides guarantees that the content is not modified without approval of the author anywhere in the supply chain. This then allows higher level systems like Docker Enterprise Edition (EE) with Docker Content Trust (which uses Notary) to establish clear policy on the usage of content. For instance, a Continue reading
Denver Network Programmability User Group Meeting
If you live (or will be) in Denver next week—specifically, on Wednesday, November 1—I’ll be joining the Denver Network Programmability User Group (NPUG) to talk about network programmability and my recent book with Jason Edelman and Matt Oswalt around network programmability and automation. We’d love to have you join us!
Here are the meeting details:
When: Wednesday, November 1, at 4:00 Mountain Time
Where: GTRI, 990 S Broadway, Suite 300, Denver CO (free parking in and around GTRI)
What: Me joining the NPUG to share some thoughts on network programmability
Why: Because there will be food and drinks, and because you love talking about network programmability and automation
Who: You!
As I mentioned, there will be food and beverages provided for attendees so please take a few moments to RSVP (so that we can plan on how much food and drink to provide).
I’d love to see you there!
5 Things You Can Do With AWX
As you’ve probably already heard, Red Hat announced the release of the AWX project at AnsibleFest in San Francisco. AWX is the open source project behind Red Hat® Ansible® Tower, offering developers access to the latest features, and the opportunity to directly collaborate with the Ansible Tower engineering team.
AWX is built to run on top of the Ansible project, enhancing the already powerful automation engine. AWX adds a web-based user interface, job scheduling, inventory management, reporting, workflow automation, credential sharing, and tooling to enable delegation.
Even if you’re only managing a small infrastructure, here are 5 things you can do with AWX. And we promise, they’ll make your job as a system administrator a whole lot easier:
Delegate
Central to AWX is the ability to create users, and group them into teams. You can then assign access and rules to inventory, credentials, and playbooks at an individual level or team level. This makes it possible to setup push-button access to complex automation, and control who can use it, and where they can run it.
For example, when developers need to stand up a new environment, they don’t need to add another task to your already overbooked Continue reading
A Sample Makefile for Publishing Blog Articles
As some readers may already know, this site has been running on a static site generator since late 2014/early 2015, when I migrated from WordPress to Jekyll on GitHub Pages. I’ve since migrated again, this time to Hugo on S3/CloudFront. Along the way, I’ve taken an interest in using make and a Makefile to help automate certain tasks at the CLI. In this post, I’ll share how I’m using a Makefile to help with publishing blog articles.
If you’re not familiar with make or its use of a Makefile, have a look at this article I wrote on using a Makefile with Markdown documents, then come back here.
In general, the process for publishing a blog post using Hugo and S3/CloudFront basically looks like this:
- Write the blog post. (I haven’t found a tool to automate this yet!)
- Put the blog post into the right section of the Hugo directory tree. (In my setup, it’s in the
content/postdirectory.) - Build the static site using
hugo. - Upload the resulting HTML files to the appropriate S3 bucket.
- Invalidate the appropriate URLs (paths) in AWS CloudFront so that the CDN picks up the new files/pages.
Some of these steps Continue reading
The IBM Transformation Can Gather Steam Now
For the past five and a half years, which is not quite an eternity in the IT business but is something akin to a half of a generation or so, IBM’s revenues have been declining, quarter in and quarter out. As has happened many, many times in its more than century of existence, Big Blue, which used to be a peddler of meat slicers, time machines, scales, and punch card tabulators early in its history, has had to constantly evolve and reimagine itself.
The transformation that IBM had to undergo in the late 1980s and early 1990s was a near …
The IBM Transformation Can Gather Steam Now was written by Timothy Prickett Morgan at The Next Platform.
DockerCon Europe 2017 Highlights
DockerCon Europe 2017 is coming to an end and we’d like to thank all of the speakers, sponsors and attendees for contributing to the success of these amazing 3 days in Copenhagen. All the slides will soon be published on our slideshare account and all the breakout session videos recordings will soon be available on the docker website.
DockerCon Day 1 Highlights
On Tuesday, we announced that Docker will be delivering seamless integration of Kubernetes into the Docker platform. Adding Kubernetes support as an orchestration option (alongside Swarm) in both Docker Enterprise Edition, and in Docker for Mac and Windows will help simplify and advance the management of Kubernetes for enterprise IT and deliver the advanced capabilities of the Docker platform to a broader set of applications.
To try the latest version of Docker Enterprise Edition, Docker for Mac and Windows with built-in Kubernetes and sign up for the upcoming Beta. Also, Check out the detailed blog posts to learn how we’re bringing Kubernetes to:
- Docker Enterprise Edition
- Docker Community Edition on the desktop with Docker for Mac and Windows
- The Moby Project
You can also watch the video recording and slides of the day 1 keynote here:
DockerCon Continue reading
Looking Under the Hood: containerD
This is a liveblog of the session titled “Looking Under the Hood: containerD”, presented by Scott Coulton with Puppet (and also a Docker Captain). It’s part of the Edge track here at DockerCon EU 2017, where I’m attending and liveblogging as many sessions as I’m able.
Coulton starts out by explaining the session (it will focus a bit more on how to consume containerD in your own software projects), and provides a brief background on himself. Then he reviews the agenda, and dives right into the content.
Up first, Coulton starts by providing a bit of explanation around what containerD is and does. He notes that there is a CLI tool for containerD (the ctr tool), and that containerD uses a gRPC API listening on a local UNIX socket. Coulton also discusses ctr, but points out that ctr is, currently, an unstable tool (changing too quickly). Next, Coulton talks about how containerD provides support for the OCI Image Spec and the OCI Runtime Spec (of which runC is an implementation), image push/pull support, and management of namespaces.
Coulton moves into a demo showing off some of containerD’s functionality, using the ctr tool.
After the demo, Coulton talks about some Continue reading
Building a Secure Supply Chain
This is a liveblog of the session titled “Building a Secure Supply Chain,” part of the Using Docker track at DockerCon EU 2017 in Copenhagen. The speakers are Ashwini Oruganti (@ashfall on Twitter) and Andy Clemenko (@aclemenko on Twitter), both from Docker. This session was recommended in the Docker EE deep dive (see the liveblog for that session) as a way to get more information on Docker Content Trust (image signing). The Docker EE deep dive presenter only briefly discussed Content Trust, so I thought I’d drop into this session to get more information.
Oruganti starts the session by reviewing some of the steps in the software lifecycle: planning, development, testing, packaging/distribution, support/maintenance. From a security perspective, there are some additional concepts as well: code origins, automated builds, application signing, security scanning, and promotion/deployment. Within Docker EE, there are three features that help with the security aspects of the lifecycle: signing, scanning, and promotion. (Note that scanning and promotion were also discussed in the Docker EE deep dive, which I liveblogged; link is in the first paragraph).
Before getting into the Docker EE features, Clemenko reminds attendees how not to do it: manually. This approach doesn’t Continue reading
Docker EE Deep Dive
This is a liveblog of the session titled “Docker EE Deep Dive,” part of the Docker Best Practices track here at DockerCon EU 2017 in Copenhagen, Denmark. The speaker is Patrick Devine, a Product Manager at Docker. I had also toyed with the idea of attending the Cilium presentation in the Black Belt track, but given that I attended a version of that talk in Austin in April (liveblog is here), I figured I’d better stretch my boundaries and dig deeper into Docker EE.
Devine starts with a bit of information on his background, then provides an overview of the two editions (Community and Enterprise) of Docker. (Recall again that Docker is the downstream product resulting from the open source Moby upstream project.) Focusing a bit more on Docker EE, Devine outlines some of the features of Docker EE: integrated orchestration, stable releases for 1 year with support and maintenance, security patches and hotfixes backported to all supported versions, and enterprise-class support.
So what components are found in Docker EE? It starts with the Docker Engine, which has the core container runtime, orchestration, networking, volumes, plugins, etc. On top of that is Univeral Control Plane (UCP), which Continue reading
DockerCon EU 2017 Day 2 Keynote
This is a liveblog of the day 2 keynote/general session here in Copenhagen, Denmark, at DockerCon EU 2017. Yesterday’s keynote (see the liveblog here) featured the hotly-anticipated Kubernetes announcement (I shared some thoughts here), so it will be interesting to see what Docker has in store for today’s general session.
At 9:02am, the lights go down and Scott Johnston, COO of Docker (@scottcjohnnston on Twitter), takes the stage. Johnston provides a brief recap of yesterday’s activities, from the keynote to the breakout sessions to the party last night, then dives into content focusing around modernizing traditional applications through partnerships. (If two themes have emerged from this year’s DockerCon EU, they are “Docker is a platform” and “Modernize traditional applications”.) Johnston shares statistics that show 50% of customers have leveraging hybrid cloud as a priority, and that increasing major release frequency is also a priority for enterprise IT organizations. According to Johnston, 79% of customers are saying that increasing software release velocity is a goal for their organizations. Continuing with the statistics, Johnston shows a very familiar set of numbers stating that 80% of the IT spend is on maintenance (I say familiar because these numbers Continue reading
Some Thoughts on the Docker-Kubernetes Announcement
Today at DockerCon EU, Docker announced that the next version of Docker (and its upstream open source project, the Moby Project) will feature integration with Kubernetes (see my liveblog of the day 1 general session). Customers will be able to choose whether they leverage Swarm or Kubernetes for container orchestration. In this post, I’ll share a few thoughts on this move by Docker.
First off, you may find it useful to review some details of the announcement via Docker’s blog post.
Done reviewing the announcement? Here are some thoughts; some of them are mine, some of them are from others around the Internet.
- It probably goes without saying that this announcement was largely anticipated (see this TechCrunch article, for example). So while the details of how Docker would go about adding Kubernetes support was not clear, many people expected some form of announcement around Kubernetes at the conference. I’m not sure that folks expected this level of integration, or that the integration would take this particular shape/form.
- In looking back on the announcement and the demos from today’s general session and in thinking about the forces that drove Docker to provide Kubernetes integration, it occurs to me that Continue reading
Container-Relevant Kernel Developments
This is a liveblog of a Black Belt track session at DockerCon EU in Copenhagen. The session is named “Container-Relevant Kernel Developments,” and the presenter is Tycho Andersen.
Andersen first presents a disclaimer that the presentation is mostly a brain dump, and the he’s not personally responsible for a lot of the work presented here. In fact, all of the work Andersen will talk about is not yet merged upstream in the Linux kernel, and he doesn’t expect that they will be accepted upstream and see availability for average users.
The first technology Andersen talks about IMA (Integrity Management Association, I think?), which prevents user space from even opening files if they have been tampered with or modified in some fashion that violates policy. IMA is also responsible for allowing the Linux kernel to take advantage of a system’s Trusted Platform Module (TPM).
Pertinent to containers, Andersen talks about work that’s happening within the kernel development community around namespacing IMA. There are a number of challenges here, not all of which have been addressed or resolved yet, and Andersen refers attendees to the Linux Kernel mailing list (LKML) for more information.
Next, Andersen talks about the Linux audit log. Continue reading
LinuxKit Deep Dive
This is a liveblog of the DockerCon EU session titled “LinuxKit Deep Dive”. The speakers are Justin Cormack and Rolf Neugebauer, both with Docker, and this session is part of the “Black Belt” track here at DockerCon.
So what is LinuxKit? It’s a toolkit, part of the Moby Project, that is used for building secure, portable, and lean operating systems for containers. It uses the moby tooling to build system images. LinuxKit uses YAML files to describe the complete system, and these files are consumed by moby to assemble the boot image and verify the signature. On top of that is containerD, which runs on-boot containers, service containers, and shutdown containers. Think of on-boot and shutdown containers as one-time containers that perform some task, either when the system is booting or shutting down (respectively).
LinuxKit was first announced and open sourced in April 2017 at DockerCon in Austin. Major additions since it was announced include:
- arm64 support
- Improved Kubernetes support
- Linux containers on Windows (LCOW) preview support
- Improved platform support (Azure, packet.net, IBM Bluemix, AWS, GCP, VMware, Hyper-V, etc.)
- Multi-arch build system
- Fully immutable system images
- Namespace sharing
- Support for the latest Linux kernels
After reviewing the changes Continue reading