0

Least Privilege Container Orchestration

The Docker platform and the container has become the standard for packaging, deploying, and managing applications. In order to coordinate running containers across multiple nodes in a cluster, a key capability is required: a container orchestrator.

Orchestrators are responsible for critical clustering and scheduling tasks, such as:

• Managing container scheduling and resource allocation.
• Support service discovery and hitless application deploys.
• Distribute the necessary resources that applications need to run.

Unfortunately, the distributed nature of orchestrators and the ephemeral nature of resources in this environment makes securing orchestrators a challenging task. In this post, we will describe in detail the less-considered—yet vital—aspect of the security model of container orchestrators, and how Docker Enterprise Edition with its built-in orchestration capability, Swarm mode, overcomes these difficulties.

Motivation and threat model

One of the primary objectives of Docker EE with swarm mode is to provide an orchestrator with security built-in. To achieve this goal, we developed the first container orchestrator designed with the principle of least privilege in mind.

In computer science,the principle of least privilege in a distributed system requires that each participant of the system must only have access to  the information and resources that are necessary for its legitimate purpose. No Continue reading

0

Register for DockerCon Europe 2017 Livestream

For those of you who can’t make it to DockerCon Europe 2017 in Copenhagen, we are thrilled to announce that the General Sessions on both Day 1 and Day 2 of DockerCon will be livestreamed!

Find out about the latest Docker announcements live from Steve Singh (CEO) and Solomon Hykes (Founder and CTO) and enjoy the highly technical demos the Docker team has prepared for you!

Livestream schedule:

• General Session Day 1 on 10/17 from 9am UTC +2
• General Session Day 2 on 10/18 from 9am UTC+2

The livestream player will be embedded on the DockerCon site a few hours prior to the event. Be sure to sign up here to receive an email with the link to the livestream before the general session starts!

Sign up for the DockerCon EU Livestream

 

We invite you to follow the official Twitter account: @DockerCon and hashtag #DockerCon in order to get the latest updates.

Learn More about DockerCon

• Visit the DockerCon Europe 2017 Website
• Save the date for DockerCon 2018

---

Watch the live stream of keynotes at #DockerCon Europe | Oct 17 – 18, 9-11am UTC +2
Click To Tweet

---

The post Register for DockerCon Europe 2017 Livestream appeared first on Docker Blog.

0

8 Use Cases for Modernizing and Automating Workflows

Managing an organization’s many tools and business processes is becoming increasingly complicated as technology expands. Whether your teams are performing their weekly system reboot, or looking to configure instances to a desired state, it’s no secret that automation is critical to increase speed, efficiency, productivity, and accuracy. Listed below are several instances¹ where automation can help across your enterprise.

• Weekly system reboot: There’s nothing worse than doing the same thing for 8 hours a day! Eliminate repetitive, manual processes with automation.

• Enforce security guidelines: Rules are rules. It’s best to automate in an effort to achieve strict security standards.

• Monitor configuration drift: Use check mode with Ansible tasks to enforce desired settings and see if your configuration has drifted.

• Disaster recovery: Disaster recovery can involve a wide range of components. Act across different variables of the technology stack to identify problems and eliminate cross team dependencies.

• Command blaster: Remarkably easy to write, you can run commands across your environment for any number of servers.

• Database binary patching: Several databases use outdated binary sets. Patch the binaries in accordance with the release of the latest patch.

• Instance provisioning: Use modules for several cloud providers to create new instances and tailor Continue reading

0

Fumbling Through Networking

This blog post is written by a systems person who has always dodged networking ... until now. I gave Ansible networking modules a try with a vyos Vagrant image. This blog describes how I fumbled through the process of writing my first Ansible playbook to successfully gather facts from a running vyos virtual machine.

First things first, I need a network thingy to run commands on. I don’t have a physical networking thingy so let’s go searching for a virtual one. After some googling for a Cisco IOS virtual machine I found and started to download an ISO. While that was going on I pinged my co-worker Ben on Slack. Ben’s a networking guy within Ansible. I asked him what virtual device he uses. He pointed me at a vyos Vagrant image. So I canceled the Cisco IOS ISO download and ran the needed vagrant commands.

vagrant init higebu/vyos
vagrant up

Ok, that did something but what did it do? Let me try the old vagrant ssh. Nope, that didn’t work. Oh, I got another message from Ben on slack. He mentions I’m going to need a plugin to make this work smoothly with Vagrant and to run:

vagrant plugin install  Continue reading

0

Brace yourselves, DockerCon Europe 2017 is coming!

DockerCon Europe 2017 is just around the corner and the whole European Docker community is getting ready for four days of incredible learning, networking and collaboration!

If you’re a registered attendee, login on to the DockerCon Europe Agenda Builder using the information you set up during the registration process. You can use the keyword search bar or filter by topics, days, tracks, experience level or target audience to get recommended sessions and build you schedule.

Every DockerCon Europe Attendee should have received an invitation to join the Docker Community Slack (dockercommunity.slack.com). If that’s not the case, please reach out to [email protected] and we’ll make sure to resend the invitation.

Monday 16 October

Attendees who have signed up for Paid-Workshops or want to check in and pick up their badge and backpacks early should plan to be in Copenhagen by Monday morning.

Registration

Registration will be open from 12:00 – 19:30.

Workshops

Interested in attending a DockerCon EU Workshops on Monday? Here is the list of the workshops that are still available:

• Introduction to Docker for Enterprise Developers
• Docker on Windows: From 101 to Production
• Docker for Java Developers
• Learn Docker

If you’ve already registered for a workshop, Continue reading

0

Introducing Hallway Track: Learn from People Around You at DockerCon

Photo by: Youssef Shoufan at DockerCon Austin 2017

The DockerCon Hallway Track is coming to DockerCon Europe in Copenhagen. We’ve partnered with e180.co once again to deliver the next level of conference attendee networking. Together, we believe that education is a relationship, not an institution, and that a conversation can change someone’s life. After the success of our collaboration in Austin with Moby Mingle, we’re happy to be growing this idea further for Copenhagen.

DockerCon is all about learning new things and connecting with the right people. The Hallway Track will help you meet and share knowledge with community members and practitioners at the conference.  

So, what’s a Hallway Track?

DockerCon Hallway Track is a one-on-one or group conversations based on topics of interest that you schedule with other attendees during DockerCon. Hallway Track’s recommendation algorithm curates an individualized selection of Hallway Track topics for each participant, based on their behavior and interests.

It’s simple:

1. Explore the knowledge Offer and Requests –where all participants post the knowledge they are willing to share.
2. Pick something you want to learn or create your own Offer or Request.
3. Book your Hallway Tracks and meet in person at Continue reading

0

Ansible Tower 3.2: Available Now

We're happy to announce that Red Hat Ansible Tower 3.2 is now generally available.

With Red Hat^® Ansible^® Tower 3.2, we're working to make sure you can automate more flexibly, and manage more globally across your enterprise. For more information:

• Check out the Ansible Tower 3.2 documentation
• See our Deep Dive into Ansible Tower 3.2
• Join us for our What’s New in Ansible Tower 3.2 Webinar on Tuesday, Oct 10^th at 2PM EDT

Go get it now via local install, Vagrant, or Amazon AMI. Ansible Tower 3.2 is available for Red Hat Enterprise Linux 7, CentOS 7, Ubuntu 14.04, and Ubuntu 16.04. If you have any questions, or run into any issues, don't hesitate to contact us via the Red Hat Customer Portal.

0

Your Docker Agenda for JavaOne

If you are one of the thousands that will be in San Francisco for JavaOne Oct 1-5th, don’t miss the opportunity to level-up your knowledge around container technology and Docker Community and Enterprise Edition. We’ve listed our must-attend sessions below:

Monday, October 2nd

Monday, Oct 02, 11:00 a.m. – 11:45 a.m. | Java in a World of Containers [CON4429]

Speakers: Paul Sandoz and Mikael Vidstedt, Oracle

This session explains how OpenJDK 9 fits into the world of containers, specifically how it fits with Docker images and containers. The first part of the session focuses on the production of Docker images containing a JDK. It introduces technologies, such as J-Link, that can be used to reduce the size of the JDK and discusses the inclusion of class-data-sharing (CDS) archives and ahead-of-time (AOT) shared object libraries. The second part describes how the Java process can be a good citizen when running within a Java container and obeying resource limits. The presentation also covers the role of CDS archives and AOT shared object libraries that can be shared across running containers to reduce startup time or memory usage.

 

Tuesday, October 3rd

8:30 a.m. – 10:30 a.m. |   Continue reading

0

Kubernetes 1.8 release integrates with containerd 1.0 Beta

Intent of containerd effort

When containerd was first developed it had two goals. The first was to solve the upgrade problem with running containers and provide a codebase where OCI runtimes, like runc, could be integrated into Docker.  However, as needs change in the container space and after speaking  with various members of the community at the beginning of this year, we decided to expand the scope of containerd and make it a fully functional container daemon with storage, image distribution and runtime.

containerd fully supports the OCI Runtime and Image specifications that are part of the recently released 1.0 specifications. Additionally, it was important to build a stable runtime for users and platform builders. We wanted containerd to be fully functional; but also, it needed to retain a small core codebase so that it is easy to maintain and support in the long run with an LTS release receiving backported patches on a stable API.

To demonstrate the progress made on the project,  Stephen Day presented the current status of containerd 1.0 alpha at the Moby Summit in LA two weeks ago,:

Check out the getting started with containerd guide to get your feet wet with containerd if you want to integrate Continue reading

0

Introducing the Docker Global Professional Certification Program

Docker is excited to announce the first and only official professional certification program for the Docker Enterprise Edition (EE) platform.

The new Docker Certified Associate (DCA) certification, launching at DockerCon Europe on October 16, 2017, serves as a foundational benchmark for real-world container technology expertise with Docker Enterprise Edition. In today’s job market, container technology skills are highly sought after and this certification sets the bar for well-qualified professionals. The professionals that earn the certification will set themselves apart as uniquely qualified to run enterprise workloads at scale with Docker Enterprise Edition and be able to display the certification logo on resumes and social media profiles.

The DCA is the first in a comprehensive multi-tiered certification program and the exam was created by top practitioners using a rigorous development process. It consists of 55 questions to be completed over 80 minutes covering essential skills on Docker Enterprise Edition.  The exam can be taken anywhere in the world at any time and is delivered using remote proctoring technology to ensure exam security while creating a simple and streamlined test taking experience for candidates.

Be among the first to earn the DCA designation and gain recognition for your enterprise container skills.

 

Get Started now

 

Be Continue reading

0

Upcoming Spousetivities Events

Long-time readers/followers know that my wife, Crystal, runs a program called Spousetivities. This program organizes events for spouses/partners/significant others at IT industry conferences. This fall is a particularly busy season for Crystal and Spousetivities, as she’ll be organizing events at DockerCon EU, the fall OpenStack Summit, and AWS re:Invent! Here are some details on these upcoming events.

DockerCon EU 2017

For the first time, Spousetivities will be present at DockerCon EU, taking place this year in Copenhagen, Denmark. There’s a great set of activities planned:

• City tour of Copenhagen
• Castle tour, including Kronborg and Frederiksborg
• Food tour and Tivoli Gardens

More information is available on the Spousetivities web site; if you’d like to register for any of the events, tickets are available right now.

OpenStack Summit Sydney

Spousetivities returns to the fall OpenStack Summit, held this year in beautiful Sydney, Australia. Spousetivities is no stranger to the OpenStack Summits, having supported the OpenStack community for several years now.

Once again, Crystal has arranged a great set of activities in and around Sydney:

• Picturesque tour up to the Blue Mountains
• City tour of Sydney, including some beautiful hidden beaches
• Hunter Valley wine tour

This blog post on the Spousetivities Continue reading

0

Faster Builds with Ansible Container 0.9.2

The focus for the latest release of Ansible Container is on making builds faster through the availability of pre-baked Conductor images. The release landed this week thanks to the dedication of Joshua ‘jag’ Ginsberg, Ansible’s Chief Architect, who managed to put the finishing touches on the release while at AnsibleFest San Francisco.

The Ansible Container project is dedicated to helping Ansible users re-use existing Ansible roles and playbooks to build containers, and deploy applications to OpenShift. The Conductor container is at the center of building, orchestrating, and deploying containers. It’s the engine that makes it all work, and it brings with it a copy of Ansible, a Python runtime, docker packages, and other dependencies.

The first step, before any serious work gets done by the command line tool, is standing up a Conductor container. And up until now, that meant building the image from scratch, and waiting through all the package downloading and installing. This happens at the start of a project, and repeats anytime you find yourself needing to rebuild from scratch.

With this release, the team has made available a set of pre-baked images based on several distributions that are popular within the community. These images are currently Continue reading

0

The Docker Modernize Traditional Apps (MTA) Program Adds Microsoft Azure Stack

In April of this year, Docker announced the Modernize Traditional Apps (MTA) POC program with partners Avanade, Booz Allen, Cisco, HPE and Microsoft. The MTA program is designed to help IT teams flip the 80% maintenance to 20% innovation ratio on it’s head. The combination of Docker Enterprise Edition (EE), services and infrastructure into a turnkey program delivers portability, security and efficiency for the existing app portfolio to drive down total costs and make room for innovation like cloud strategies and new app development. The program starts by packaging of existing apps into isolated containers, providing the opportunity to migrate them to new on-prem or cloud environments, without any recoding.

 

Docker customers have already been taking advantage of the program to jumpstart their migration to Azure and are experiencing dramatically reduced deployment and scaling times — from weeks to minutes —  and cutting their total costs by 50% or more.

 

The general availability of Microsoft Azure Stack provides IT with the ability to manage their datacenters in the same way they manage Azure. The consistency in hybrid cloud infrastructure deployment combined with consistency in application packaging, deployment and management only further enhance operational efficiency. Docker is pleased Continue reading

0

ANSIBLE + MICROSOFT AZURE NEWS

The Azure and Ansible teams are collaborating on several interesting projects that we want to share. And if you joined us for AnsibleFest San Francisco earlier this month, you met both teams and heard some of the news. More on that below.

MS Ignite 2017

If you use Ansible to manage Azure and Windows environments, then hopefully you can join us at Microsoft Ignite this week in Orlando.

Ansible’s Matt Davis will co-present with Microsoft’s Hari Jayaraman, to discuss popular DevOps tools customers use to implement infrastructure as code processes in Azure. And the Ansible team will be in the Red Hat booth (#527) to demo automating Azure environments or any other questions you may have. 

Session Info:

Infrastructure as Code

Friday, September 29

10:15 AM - 11:00 AM

Hyatt Regency Windermere W

New Azure Modules in 2.4

One of the many announcements at AnsibleFest included the 16 new Azure modules contributed by the Azure team. The focus of the team was to cover the base use cases for Ansible users running workloads at scale in Azure.

New modules were added to manage Azure services:

• Availability sets
• Scale sets
• Authentication (ACS)
• Functions
• DNS
• Load Balancer
• Managed Disks

Continue reading

0

Exciting new things for Docker with Windows Server 1709

What a difference a year makes… last September, Microsoft and Docker launched Docker Enterprise Edition (EE), a Containers-as-a-Service platform for IT that manages and secures diverse applications across disparate infrastructures, for Windows Server 2016. Since then we’ve continued to work together and Windows Server 1709 contains several enhancements for Docker customers.

Docker Enterprise Edition Preview

To experiment with the new Docker and Windows features, a preview build of Docker is required. Here’s how to install it on Windows Server 1709 (this will also work on Insider builds):

Install-Module DockerProvider
Install-Package Docker -ProviderName DockerProvider -RequiredVersion preview

To run Docker Windows containers in production on any Windows Server version, please stick to Docker EE 17.06.

Docker Linux Containers on Windows

A key focus of Windows Server version 1709 is support for Linux containers on Windows. We’ve already blogged about how we’re supporting Linux containers on Windows with the LinuxKit project.

To try Linux Containers on Windows Server 1709, install the preview Docker package and enable the feature. The preview Docker EE package includes a full LinuxKit system (all 13MB of it) for use when running Docker Linux containers.

[Environment]::SetEnvironmentVariable("LCOW_SUPPORTED", "1", "Machine")
Restart-Service Docker

To disable, just remove the environment variable:

[Environment]::SetEnvironmentVariable("LCOW_SUPPORTED",  Continue reading

0

Yes to databases in containers – Microsoft SQL Server available on Docker Store

Microsoft SQL Server 2017 is now available for the first time on multiple platforms: Windows, Linux and Docker. Your databases can be in containers with no lengthy setup and no prerequisites, and using Docker Enterprise Edition (EE) to modernize your database delivery. The speed and efficiency benefits of Docker and containerizing apps that IT Pros and developers have been enjoying for years are now available to DBAs.

 

Try the Docker SQL Server lab now and see how database containers start in seconds, and how you can package your own schemas as Docker images.

 

If you’ve ever sat through a SQL Server install, you know why this is a big deal: SQL Server takes a while to set up, and running multiple independent SQL Server instances on the same host is not simple. This complicates maintaining dev, test and CI/CD systems where tests and experiments might break the SQL Server instance.

With SQL Server in Docker containers, all that changes. Getting SQL Server is as simple as running `docker image pull`, and you can start as many instances on a host as you want, each of them fresh and clean, and tear them back down when you’re done.

Database engines Continue reading

0

A Day in the Life of a Docker Admin

About two months ago, we celebrated SysAdmin Day and kicked off our learning series for IT professionals. So far we’ve gone through the basics of containers and how containers are delivering value back to the company through cost savings. Now we begin the next stage of the journey by introducing how to deploy and operate containerized applications.

For the next few weeks, we are going to relate typical IT administrative tasks that many of you are familiar with to the tasks of a Docker admin. In the end, containerized applications are still applications and it is still primarily the responsibility of IT to secure and manage them. That is the same regardless of if the application runs in a container or not.

In this “A Day in the LIfe of a Docker Admin” series, we will discuss how common IT tasks translate to the world of Docker, such as:

• Managing .NET apps and migrating them off Windows Server 2008
• How networking with containers work and how to build an agile and secure network for containers
• How to achieve a secure and compliant application environment for any industry
• Integrating Docker with monitoring and logging tools

As a first step, let’s make Continue reading

0

Technology Short Take #87

Welcome to Technology Short Take #87! I have a mix of newer and older items for you this time around. While I’m a bit short on links in some areas, hopefully this is outweighed by some good content in other areas. Here’s hoping you find something useful!

Networking

• Vincent Bernat has a really in-depth article on IPv4 route lookup on Linux (and one on IPv6 route lookup as well).
• Ivan Pepelnjak has a great article that tries to get to the kernel of truth in the middle of the intent-based networking hype.
• Jason Edelman of Network2Code also has a post on intent-based network automation with Ansible, in which he breaks down the idea of intent-based networking (IBN) and how tools such as Ansible or NAPALM can make it possible.
• From the Department of “Sitting in my Inbox for Way Too Long”, I wanted to point out a company that I ran into back in May of this year at the OpenStack Summit in Boston. The company is VirTool Networks (catchy, eh?), and their product (VirTool Network Analyzer) is aimed at providing some operational visibility into OpenStack virtual networks. I saw a demo of the product—it looks quite handy, Continue reading

0

Some Static Site Resources

Over the last few days—prompted perhaps by my article with some additional information on my site migration—a few folks in the community have reached out to me to share some resources they thought I might find useful. In turn, I’d like to share them with you, my readers, in the event you might find them useful as well.

This is (clearly and obviously) not a comprehensive list, but here’s what folks have shared with me over the last few days:

• Josh Habdas shared this link with me; it’s a write-up he did that involves the use of a Ruby-based tool called s3_website. The main problem I have with this write-up is that it hides too many of the details, preventing (in my opinion) some of the valuable learning that can come from such an effort.
• This article by Ricardo Feliciano of CircleCI does expose some of the gory details, and might be useful for those considering the inclusion of a CI/CD pipeline in their blogging workflow (like I am).
• Finally, I found this post describing how to build a multi-region S3+CloudFront setup that would protect your site in the event of a single S3 region being unavailable.

I’ll update this Continue reading

0

HashiConf 2017 Wrap Up

HashiConf 2017 is a wrap for me, and as I’m sitting here at the airport lounge in Austin I’d thought I’d post links back to the liveblogs I published as well as a few thoughts on the conference overall.

Liveblogs

First, here are links to the liveblogs published during the event:

• HashiConf 2017 Day 1 Keynote
• Liveblog: Journey to the Cloud wth Packer and Terraform
• Liveblog: Terraform Abstractions for Safety and Power
• HashiConf 2017 Day 2 Keynote
• Liveblog: Cloud Native Infrastructure

Closing Thoughts

I think it was a pretty good event. The venue (JW Marriott in Austin) seemed roughly appropriate for the number of attendees (around 800, I believe), although some additional seating during meal times would have been a good idea. The conference Wi-Fi was mostly OK, though it had its moments.

The quality of sessions varied; some sessions were very good; others, not so much (unfortunately). It would have been good to see a clearer breakdown of the sessions according to area/theme. They had 3 content tracks, but it wasn’t really clear to me if the tracks had any central theme. I, personally, bounced around all three tracks.

I did like the inclusion of high-top tables at the Continue reading