The Linux Migration: July 2017 Progress Report
I’m now roughly six months into using Linux as my primary laptop OS, and it’s been a few months since my last progress report. If you’re just now picking up this thread, I encourage you to go back and read my initial progress report, see which Linux distribution I selected, or check how I chose to handle corporate collaboration (see here, here, and here). In this post, I’ll share where things currently stand.
My configuration is unchanged from the last progress report. I’m still running Fedora 25, and may consider upgrading to Fedora 26 when it releases (due to be released tomorrow, I believe). I’m still using the Dell Latitude E7370, which continues—from a hardware perspective—to perform admirably. CPU power is a bit limited, but that’s to be expected from a mobile-focused chip. My line-up of applications also remains largely unchanged as well.
Some things are working really well:
- Sublime Text runs really well and is quite fast, making it easy to continue using Markdown as my primary content format. Sublime Text’s performance and stability have been unparalleled.
- I’ve had no performance or stability issues with Firefox (for browsing) or Enpass (for password management).
- ODrive, Continue reading
What’s new in Docker 17.06 Community Edition (CE)
Docker 17.06 CE (Community Edition) is the first version of Docker built entirely on the Moby Project. New features include Multi-Stage Build, new Networking features, a new metrics endpoint and more! In this Online Meetup, Sophia Parafina, Docker Developer Relations Engineer, demo’d and reviewed these new features. Check out the recording below and slides.
Learn More about Docker 17.06 CE
Check out the announcement blog post or watch the video summary below.
To find out more about these features and more:
- Download the latest version of Docker CE
- Check out the Docker Documentation
- Play with these features on Play with Docker
- Ask questions in our forums and in the Docker Community Slack
Learn more about what’s new in #Docker 17.06 CE w/ @spara’s online #meetup video
Click To Tweet
The post What’s new in Docker 17.06 Community Edition (CE) appeared first on Docker Blog.
British Army Talks DevOps at AnsibleFest London 2017
AnsibleFest London on June 22 turned out to be our largest AnsibleFest to date with over 800 people from 25 countries. Thank you to everyone who attended.
One of the highlights from the conference was "Efficiency and Effectiveness through DevOps" by the British Army. Lt Col Dorian Seabrook, Head of Software Delivery, and Aidan Beeson, Linux Technical Architect, spoke about their experiences using Red Hat Enterprise Linux and Ansible Tower by Red Hat to implement modern DevOps and CI methodologies within their organization.Watch their talk below and stay tuned for the rest of the AnsibleFest London 2017 presentations. We will have all of them available for you soon!
Want to learn more about how the British Army is migrating its cloud infrastructure to Red Hat solutions? Read the latest press release.
Multi-Stage Builds
This is part of a series of articles describing how the AtSea Shop application was built using enterprise development tools and Docker. In the previous post, I introduced the AtSea application and how I developed a REST application with the Eclipse IDE and Docker. Multi-stage builds, a Docker feature introduced in Docker 17.06 CE, let you orchestrate a complex build in a single Dockerfile. Before multi-stage build, Docker users would use a script to compile the applications on the host machine, then use Dockerfiles to build the images. The AtSea application is the perfect use case for a multi-stage build because:
- it uses node.js to compile the ReactJs app into storefront
- it uses Spring Boot and Maven to make a standalone jar file
- it is deployed to a standalone JDK container
- the storefront is then included in the jar
Let’s look at the Dockerfile.
The react-app is an extension of create-react-app. From within the react-app directory we run AtSea’s frontend in local development mode.
The first stage of the build uses a Node base image to create a production-ready frontend build directory consisting of static javascript and css files. A Docker best practice is named stages, e.g. “FROM Continue reading
Five Questions: Windows Automation
For #AskAnsible posts, we interview Ansible experts on IT automation topics and ask them to share their direct experiences building automation solutions.
In this post, I’ve asked Matt Davis five questions about Ansible for Windows automation.
Matt Davis is a Senior Principal Software Engineer for Ansible, focused on Ansible's Windows support. He has over 20 years experience in software engineering, architecture and operations at companies large and small. An avid musician, maker and home hacker, Matt lives with his wife and daughter in Beaverton, Oregon. You can follow him on Twitter at @mattdavispdx.
1. How is Ansible for Windows different than System Center Configuration Manager (SCCM) or Powershell Desired State Configuration (DSC)?
Matt: SCCM is generally considered a legacy workstation-flavored management technology, dating from the mid 1990s (though many places use it for server management, too). It requires agents on the managed hosts, which must be installed, configured and kept up-to-date. SCCM executes many operations locally and asynchronously from the server, so it's often difficult to orchestrate interdependent changes across hosts, and to reason about the overall system state at any point in time as part of larger deployments.
DSC is a much more modern management technology, supporting both an Continue reading
Announcing Docker 17.06 Community Edition (CE)
Today we released Docker CE 17.06 with new features, improvements, and bug fixes. Docker CE 17.06 is the first Docker version built entirely on the Moby Project, which we announced in April at DockerCon. You can see the complete list of changes in the changelog, but let’s take a look at some of the new features.
We also created a video version of this post here:
Multi-stage builds
The biggest feature in 17.06 CE is that multi-stage builds, announced in April at DockerCon, have come to the stable release. Multi-stage builds allow you to build cleaner, smaller Docker images using a single Dockerfile.
Multi-stage builds work by building intermediate images that produce an output. That way you can compile code in an intermediate image and use only the output in the final image. So for instance, Java developers commonly use Apache Maven to compile their apps, but Maven isn’t required to run their app. Multi-stage builds can result in a substantial image size savings:
REPOSITORY TAG IMAGE ID CREATED SIZE maven Continue reading
Docker at Nutanix .NEXT Conference – Visit us at Booth #S11
Today marks the start of Nutanix .NEXT Conference in Washington, D.C., the annual conference for Nutanix customers and partners. One of the major themes of the conference is hybrid cloud, and Docker will be there to demonstrate how Docker Enterprise Edition delivers application portability across different infrastructure platforms through a complete enterprise-ready Container as a Service (CaaS) solution for IT.
Docker and Nutanix will also be highlighting the Nutanix Docker Volume Plug-in (DVP), a Docker Certified Plugin available in the Docker Store. This plugin connects Docker containers to enterprise-grade persistent storage from Nutanix even as the container is powered on, powered off, or moved to a new host. As part of the certification process, Docker and Nutanix validate that the plugin is built with Docker recommended best practices and passes an additional suite of API compliance testing and vulnerability scanning. Docker EE customers also have access to support from both Docker and Nutanix.
Watch a Demo of Docker EE at Nutanix .NEXT
For those heading to Nutanix .NEXT, be sure to swing by booth #S11 to learn more about this plugin as well as other IT use cases for EE. Watch a demo and Continue reading
Moby Summit June 2017 Recap
On June 19 2017, 90 members of the Moby community gathered at Docker headquarter in San Francisco for the second Moby Summit. This was an opportunity for the community to discuss the progress and future of the Moby project, two months after it was announced.
We started the day with an introduction by Solomon Hykes, and a look at the website redesign: the Moby project website now has a blog, an event calendar, a list of projects, and a community page with links to various community resources. The website code is open source, issues and PRs to make it better are welcome.
Then each team gave an update on their progress: Linuxkit, containerd, InfraKit, SwarmKit and LibNetwork, as well as the three new Moby Special Interest Groups, Linuxkit Security, Security Scanning & Notary and Orchestration Security. All these talks have been recorded and you can find the videos and slides below.
In the afternoon, we split into 5 Birds Of Feathers (BOF) sessions: runc/containerd, LinuxKit, InfraKit, Security, and Security Scanning. You can find links to the BOF Notes at the end of this post.
We ended the day with a recap of the BOF sessions, and Continue reading
Getting Started: Installing a Tower Cluster
In this Getting Started blog post, we cover how to install Ansible Tower by Red Hat as a clustered environment. If you haven’t already, check out our previous post that outlines the steps on how to install Tower on a single node.
What’s Different with Clusters?
With the addition of Clustering with Tower 3.1, Tower users now have the ability to install Tower as a clustered install rather than just doing an all-in-one install. Clustering is sharing load between hosts. Each node should be able to act as an entry point for UI and API access. This should enable Tower administrators to use load balancers in front of as many nodes as they wish and maintain good data visibility.
Installing Tower in a cluster only has two differences from a standard all-in-one Tower install:
- A separate physical or virtual machine to house an external database
- A different method of editing your inventory file
If you are preparing to install Tower, consider what function Tower will serve for you. If you are deploying Tower in a production environment, you should be using a clustered installation able to provide highly available Tower instances and use an external DB, either as a Continue reading
Your Docker Agenda for Cisco Live 2017 – Booth #2900B
The Docker team is headed to Las Vegas next week for Cisco Live – visit our booth #2900B to learn more about Docker Enterprise Edition and our integration with Cisco UCS, Contiv and the Cisco Validated Designs available for modern container deployments at enterprise scale. Docker and Cisco formed a partnership earlier this year to bring validated and supported solutions for the enterprise.
Whether you are containerizing legacy apps to accelerate datacenter refresh or planning your first microservices application, Docker and Cisco deliver integrated solutions that have been tested to perform at scale – up to thousands of containers.
Add these Docker sessions to your schedule:
Tuesday, Jun 27, 1:20 pm – 1:30pm | Cloud Education Zone
Title: Maximize ROI by Modernizing Traditional Apps with Docker and Cisco
Tuesday, Jun 27, 3:30 pm – 4:30 pm | Level 3, South Seas A
Title: Containers and Microservices to Accelerate your Digital Business
Session ID: PSOCLD-1225
Learn how the Cisco Datacenter and Cloud portfolio and Docker Enterprise Edition are modernizing traditional apps and delivering new microservices to enable digital transformation in the enterprise.
Thursday, Jun 29, 12:40 pm – 12:50 pm | Datacenter & Cloud Education Zone
Title: Docker Enterprise Edition Continue reading
Build and deploy hybrid applications in Azure using Docker Enterprise Edition
Don’t miss the Azure OpenDev event on June 21 2017 at 9am PDT.
Is your organization asking you to modernize a traditional app that uses old code to make it simpler to deploy and more scalable based on customer demand – what to do?
Scott Johnston, COO and Michael Friis, Product Manager at Docker will highlight two use cases that demonstrate how Docker and Microsoft are working together to help developers and IT-Pros build and deploy hybrid apps using Docker Enterprise Edition that span on-premises and Azure. Scott and Michael will also show how to use Docker to build microservices-based solutions on Azure and create agile software delivery pipelines in the cloud.
Scott Johnston’s session will cover the first use case: “Modernize Traditional Applications (MTA)” – a program that enables IT organizations to modernize legacy applications, transforming them in hybrid cloud deployments while simultaneously realizing substantial savings in their total cost of ownership (TCO). In partnership with companies such as Avanade and Microsoft, Docker is helping organizations containerize existing .NET Windows or Java Linux applications without modifying source code or re-architecting the applications. The applications can then be easily deployed to Azure in minutes.
This, addresses two major realities that Continue reading
Technology Short Take #84
Welcome to Technology Short Take #84! This episode is a bit late (sorry about that!), but I figured better late than never, right? OK, bring on the links!
Networking
- When I joined the NSX team in early 2013, a big topic at that time was overlay protocols (VXLAN, STT, etc.). Since then, that topic has mostly faded, though it still does come up from time to time. In particular, the move toward Geneve has prompted that discussion again, and Russell Bryant tackles the discussion in this post.
- Sjors Robroek describes his nested NSX-T lab that also includes some virtualized network equipment (virtualized Arista switches). Nice!
- Colin Lynch shares some details on his journey with VMware NSX (so far).
- I wouldn’t take this information as gospel, but here’s a breakdown of some of the IPv6 support available in VMware NSX.
Servers/Hardware
- Here’s an interesting article on the role that virtualization is playing in the network functions virtualization (NFV) space now that ARM hardware is growing increasingly powerful. This is a space that’s going to see some pretty major changes over the next few years, in my humble opinion.
Security
- Anthony Burke gives a little bit of a sneak peek Continue reading
Technology Short Take #84
Welcome to Technology Short Take #84! This episode is a bit late (sorry about that!), but I figured better late than never, right? OK, bring on the links!
Networking
- When I joined the NSX team in early 2013, a big topic at that time was overlay protocols (VXLAN, STT, etc.). Since then, that topic has mostly faded, though it still does come up from time to time. In particular, the move toward Geneve has prompted that discussion again, and Russell Bryant tackles the discussion in this post.
- Sjors Robroek describes his nested NSX-T lab that also includes some virtualized network equipment (virtualized Arista switches). Nice!
- Colin Lynch shares some details on his journey with VMware NSX (so far).
- I wouldn’t take this information as gospel, but here’s a breakdown of some of the IPv6 support available in VMware NSX.
Servers/Hardware
- Here’s an interesting article on the role that virtualization is playing in the network functions virtualization (NFV) space now that ARM hardware is growing increasingly powerful. This is a space that’s going to see some pretty major changes over the next few years, in my humble opinion.
Security
- Anthony Burke gives a little bit of a sneak peek Continue reading
Technology Short Take #84
Welcome to Technology Short Take #84! This episode is a bit late (sorry about that!), but I figured better late than never, right? OK, bring on the links!
Networking
- When I joined the NSX team in early 2013, a big topic at that time was overlay protocols (VXLAN, STT, etc.). Since then, that topic has mostly faded, though it still does come up from time to time. In particular, the move toward Geneve has prompted that discussion again, and Russell Bryant tackles the discussion in this post.
- Sjors Robroek describes his nested NSX-T lab that also includes some virtualized network equipment (virtualized Arista switches). Nice!
- Colin Lynch shares some details on his journey with VMware NSX (so far).
- I wouldn’t take this information as gospel, but here’s a breakdown of some of the IPv6 support available in VMware NSX.
Servers/Hardware
- Here’s an interesting article on the role that virtualization is playing in the network functions virtualization (NFV) space now that ARM hardware is growing increasingly powerful. This is a space that’s going to see some pretty major changes over the next few years, in my humble opinion.
Security
- Anthony Burke gives a little bit of a sneak peek Continue reading
Docker and Booz Allen Hamilton Modernize Traditional Apps in Government IT
Existing applications and infrastructure account for the majority of IT spend in maintenance and support. Docker and Booz Allen Hamilton are partnering together to help Federal agencies modernize traditional apps with Docker Enterprise Edition (EE), deploy onto modern infrastructure to save infrastructure and operational costs, increase security and gain workload portability.
This program helps accelerate the path to modern microservices and infrastructure with containers:
- First by containerizing the app in place and using container architecture to break up the app into smaller services over time
- The full stack portability provided by Docker EE allows for workload consolidation for greater app density per server, accelerate hardware refresh cycles and cloud migration.
- Lastly, Docker EE provides new levels of security for the legacy app. Scanning provides binary level visibility into components and their security profile for proactive remediation and configurable isolation properties can greatly reduce the attack surface area
View the webinar on demand here:
Here are some of the top Q&A from the session:
Q: What does Image2Docker exactly capture in the VM?
A: Image2Docker captures the application in the VM and pulls out what can be provided by the base image or the underlying linux/win kernel.
Q: When it Continue reading
Planning Your DockerCon Europe Week
DockerCon week is a busy week with so much information to absorb, people to meet and talks to attend. Here’s a quick agenda summary to make sure you know how to plan your travel and get the most out of your DockerCon Europe experience in Copenhagen.
Register for DockerCon Europe 2017
Monday 16 October
Monday is when the first attendees start arriving for DockerCon. Attendees who have signed up for Paid-Workshops or want to check in and pick up their badge and backpacks early should plan to be in Copenhagen by Monday morning. Monday is also a great day to get a jump start on meeting other attendees. You’ll be able to book Moby Mingles that help you connect with other attendees on topics you are both interested in learning or mentoring about.
Overview of Monday:
- Paid Workshops (these are not included in your Full Conference Pass)
- Registration Check-in
- Moby Mingle
- Evening Welcome reception in the Ecosystem Expo
Tuesday 17 October – Wednesday 18 October
Tuesday and Wednesday are full conference days. Each morning starts with a General Session presented by the Docker team and guest speakers to present the latest product announcements and use cases. Following the general sessions Continue reading
Q&A: Fast Application Deployment with Ansible and F5 BIG-IP
The following post contains answers to questions asked during our webinar about Fast Application Deployment with Ansible and F5 Big-IP.
Q: How can we define BIG-IP in one sentence? What is its significance in DevOps?
F5 BIG-IP is an API-enabled application delivery platform supporting a full seven layers of traffic and security services. It's not a tool that will make DevOps easier per-se, but the BIG-IP has (historically) been difficult to administer in an automated way. These Ansible modules are intended to make it less difficult so that you can drive your BIG-IP devices via code (Ansible) instead of by having to manually configure it via the Web UI.
Q: Is there documentation that details all the F5 modules being presented in the webinar?
The documentation is in two places:
- The official list of F5 modules can be found in Ansible docs.
- The upstream/community developer docs are on the F5 readthedocs page or you can find many technical resources at F5 devcentral. The latest virtual appliance that you will find are the 13.x branch of BIG-IP module.
There will be documentation on these modules once the modules are released with Ansible version 2.4. For sample Playbooks on Continue reading
Remote unlocking of LUKS-encrypted root in Ubuntu/Debian
This Post is now outdated. Particularly the said bug is finally fixed.
Updated version is available HERE
Unfortunately the bug-fixed version of cryptsetup package, caused incompatibilities with the previous version of the workaround. If you see this message when remotely unlocking your server:
“/bin/cryptroot-unlock: line 192: 2: parameter not set“
Run this command instead to boot your system:
sed 's/print $1, $5/print $1, $3/' /bin/cryptroot-unlock > /tmp/cryptroot-unlock; ash /tmp/cryptroot-unlock
And then remove the workaround and rebuild initramfs:
sudo sh -c 'rm /etc/initramfs-tools/hooks/zz-busybox-initramfs-fix && update-initramfs -u'
Thanks to Gabriel Burkholder for reporting this
Not so long ago, remote unlocking of a LUKS-encrypted root partition was difficult to setup. While essential for headless servers, all required steps needed to be done manually and compatibility was a concern.
Luckily, it is much simpler to do so in recent versions of Ubuntu/Debian. Unlocking an encrypted root remotely should be as simple as installing a single package… We’ll see about that in a moment.
I am not going to cover the required steps for setting up LUKS/LVM here. That information is widely available on the net and is only a search a way. Instead, I’m going to do a quick review of the Continue reading
Five Questions: Network Automation
Welcome to a new series where we interview Ansible experts on IT automation and ask them to share their direct experiences building automation solutions, as well as any insights they have regarding the state of the industry.
In this post, I’ve asked Peter Sprygada and Eric McLeroy five questions about network automation.
Peter Sprygada is a Senior Principal Engineer at Ansible by Red Hat where he brings over 20 years experience building and operating global network infrastructures. He holds two patents in network configuration automation and currently leads the Ansible network engineering team that focuses on building and integrating network automation capabilities into Ansible. Formerly Peter was responsible for building and leading the Arista EOS+ Extensibility Engineering team where he focused on applying DevOps methodologies to enhancing network operations. Prior to that, he held senior network engineering and operations roles at various organizations including Cisco. You can follow him on twitter at @privateip.
Eric McLeroy is a Senior Solutions Architect for Ansible by Red Hat focused on networking use cases. Eric has over 10 years in networking in large scale environments working with a large variety of systems from routers, switches, load balancers, etc. He holds multiple industry certifications and Continue reading
Docker Enterprise Edition enters FIPS certification process
Security is a key pillar of the Docker Enterprise Edition (EE) platform. From built in features automatically configured out of the box to a new secure supply chain and flexible yet secure configurations that are portable with the app from one environment to another – enabling the most secure infrastructure and applications is paramount.
In addition to all the security features, ensuring that the Docker platform is validated against widely-accepted standards and best practices is a critical aspect of our product development as this enables companies and agencies across all industries to adopt Docker containers. The most notable of these standards is that of the Federal Information Processing Standard (FIPS) Publication 140-2, which validates and approves the use of various security encryption modules within a software system.
Today, we’re pleased to announce that the Docker EE cryptography libraries are at the “in-process” phase of the FIPS 140-2 Level 1 Cryptographic Module Validation Program.
This is just one of the many initiatives Docker is driving to support agencies in the adoption of Docker and deployment of container applications in a secure and compliant manner. In addition to starting the FIPS certification process, below are the other compliance initiatives to date: