Getting Started: Installing a Tower Cluster
In this Getting Started blog post, we cover how to install Ansible Tower by Red Hat as a clustered environment. If you haven’t already, check out our previous post that outlines the steps on how to install Tower on a single node.
What’s Different with Clusters?
With the addition of Clustering with Tower 3.1, Tower users now have the ability to install Tower as a clustered install rather than just doing an all-in-one install. Clustering is sharing load between hosts. Each node should be able to act as an entry point for UI and API access. This should enable Tower administrators to use load balancers in front of as many nodes as they wish and maintain good data visibility.
Installing Tower in a cluster only has two differences from a standard all-in-one Tower install:
- A separate physical or virtual machine to house an external database
- A different method of editing your inventory file
If you are preparing to install Tower, consider what function Tower will serve for you. If you are deploying Tower in a production environment, you should be using a clustered installation able to provide highly available Tower instances and use an external DB, either as a Continue reading
Your Docker Agenda for Cisco Live 2017 – Booth #2900B
The Docker team is headed to Las Vegas next week for Cisco Live – visit our booth #2900B to learn more about Docker Enterprise Edition and our integration with Cisco UCS, Contiv and the Cisco Validated Designs available for modern container deployments at enterprise scale. Docker and Cisco formed a partnership earlier this year to bring validated and supported solutions for the enterprise.
Whether you are containerizing legacy apps to accelerate datacenter refresh or planning your first microservices application, Docker and Cisco deliver integrated solutions that have been tested to perform at scale – up to thousands of containers.
Add these Docker sessions to your schedule:
Tuesday, Jun 27, 1:20 pm – 1:30pm | Cloud Education Zone
Title: Maximize ROI by Modernizing Traditional Apps with Docker and Cisco
Tuesday, Jun 27, 3:30 pm – 4:30 pm | Level 3, South Seas A
Title: Containers and Microservices to Accelerate your Digital Business
Session ID: PSOCLD-1225
Learn how the Cisco Datacenter and Cloud portfolio and Docker Enterprise Edition are modernizing traditional apps and delivering new microservices to enable digital transformation in the enterprise.
Thursday, Jun 29, 12:40 pm – 12:50 pm | Datacenter & Cloud Education Zone
Title: Docker Enterprise Edition Continue reading
Build and deploy hybrid applications in Azure using Docker Enterprise Edition
Don’t miss the Azure OpenDev event on June 21 2017 at 9am PDT.
Is your organization asking you to modernize a traditional app that uses old code to make it simpler to deploy and more scalable based on customer demand – what to do?
Scott Johnston, COO and Michael Friis, Product Manager at Docker will highlight two use cases that demonstrate how Docker and Microsoft are working together to help developers and IT-Pros build and deploy hybrid apps using Docker Enterprise Edition that span on-premises and Azure. Scott and Michael will also show how to use Docker to build microservices-based solutions on Azure and create agile software delivery pipelines in the cloud.
Scott Johnston’s session will cover the first use case: “Modernize Traditional Applications (MTA)” – a program that enables IT organizations to modernize legacy applications, transforming them in hybrid cloud deployments while simultaneously realizing substantial savings in their total cost of ownership (TCO). In partnership with companies such as Avanade and Microsoft, Docker is helping organizations containerize existing .NET Windows or Java Linux applications without modifying source code or re-architecting the applications. The applications can then be easily deployed to Azure in minutes.
This, addresses two major realities that Continue reading
Technology Short Take #84
Welcome to Technology Short Take #84! This episode is a bit late (sorry about that!), but I figured better late than never, right? OK, bring on the links!
Networking
- When I joined the NSX team in early 2013, a big topic at that time was overlay protocols (VXLAN, STT, etc.). Since then, that topic has mostly faded, though it still does come up from time to time. In particular, the move toward Geneve has prompted that discussion again, and Russell Bryant tackles the discussion in this post.
- Sjors Robroek describes his nested NSX-T lab that also includes some virtualized network equipment (virtualized Arista switches). Nice!
- Colin Lynch shares some details on his journey with VMware NSX (so far).
- I wouldn’t take this information as gospel, but here’s a breakdown of some of the IPv6 support available in VMware NSX.
Servers/Hardware
- Here’s an interesting article on the role that virtualization is playing in the network functions virtualization (NFV) space now that ARM hardware is growing increasingly powerful. This is a space that’s going to see some pretty major changes over the next few years, in my humble opinion.
Security
- Anthony Burke gives a little bit of a sneak peek Continue reading
Technology Short Take #84
Welcome to Technology Short Take #84! This episode is a bit late (sorry about that!), but I figured better late than never, right? OK, bring on the links!
Networking
- When I joined the NSX team in early 2013, a big topic at that time was overlay protocols (VXLAN, STT, etc.). Since then, that topic has mostly faded, though it still does come up from time to time. In particular, the move toward Geneve has prompted that discussion again, and Russell Bryant tackles the discussion in this post.
- Sjors Robroek describes his nested NSX-T lab that also includes some virtualized network equipment (virtualized Arista switches). Nice!
- Colin Lynch shares some details on his journey with VMware NSX (so far).
- I wouldn’t take this information as gospel, but here’s a breakdown of some of the IPv6 support available in VMware NSX.
Servers/Hardware
- Here’s an interesting article on the role that virtualization is playing in the network functions virtualization (NFV) space now that ARM hardware is growing increasingly powerful. This is a space that’s going to see some pretty major changes over the next few years, in my humble opinion.
Security
- Anthony Burke gives a little bit of a sneak peek Continue reading
Technology Short Take #84
Welcome to Technology Short Take #84! This episode is a bit late (sorry about that!), but I figured better late than never, right? OK, bring on the links!
Networking
- When I joined the NSX team in early 2013, a big topic at that time was overlay protocols (VXLAN, STT, etc.). Since then, that topic has mostly faded, though it still does come up from time to time. In particular, the move toward Geneve has prompted that discussion again, and Russell Bryant tackles the discussion in this post.
- Sjors Robroek describes his nested NSX-T lab that also includes some virtualized network equipment (virtualized Arista switches). Nice!
- Colin Lynch shares some details on his journey with VMware NSX (so far).
- I wouldn’t take this information as gospel, but here’s a breakdown of some of the IPv6 support available in VMware NSX.
Servers/Hardware
- Here’s an interesting article on the role that virtualization is playing in the network functions virtualization (NFV) space now that ARM hardware is growing increasingly powerful. This is a space that’s going to see some pretty major changes over the next few years, in my humble opinion.
Security
- Anthony Burke gives a little bit of a sneak peek Continue reading
Docker and Booz Allen Hamilton Modernize Traditional Apps in Government IT
Existing applications and infrastructure account for the majority of IT spend in maintenance and support. Docker and Booz Allen Hamilton are partnering together to help Federal agencies modernize traditional apps with Docker Enterprise Edition (EE), deploy onto modern infrastructure to save infrastructure and operational costs, increase security and gain workload portability.
This program helps accelerate the path to modern microservices and infrastructure with containers:
- First by containerizing the app in place and using container architecture to break up the app into smaller services over time
- The full stack portability provided by Docker EE allows for workload consolidation for greater app density per server, accelerate hardware refresh cycles and cloud migration.
- Lastly, Docker EE provides new levels of security for the legacy app. Scanning provides binary level visibility into components and their security profile for proactive remediation and configurable isolation properties can greatly reduce the attack surface area
View the webinar on demand here:
Here are some of the top Q&A from the session:
Q: What does Image2Docker exactly capture in the VM?
A: Image2Docker captures the application in the VM and pulls out what can be provided by the base image or the underlying linux/win kernel.
Q: When it Continue reading
Planning Your DockerCon Europe Week
DockerCon week is a busy week with so much information to absorb, people to meet and talks to attend. Here’s a quick agenda summary to make sure you know how to plan your travel and get the most out of your DockerCon Europe experience in Copenhagen.
Register for DockerCon Europe 2017
Monday 16 October
Monday is when the first attendees start arriving for DockerCon. Attendees who have signed up for Paid-Workshops or want to check in and pick up their badge and backpacks early should plan to be in Copenhagen by Monday morning. Monday is also a great day to get a jump start on meeting other attendees. You’ll be able to book Moby Mingles that help you connect with other attendees on topics you are both interested in learning or mentoring about.
Overview of Monday:
- Paid Workshops (these are not included in your Full Conference Pass)
- Registration Check-in
- Moby Mingle
- Evening Welcome reception in the Ecosystem Expo
Tuesday 17 October – Wednesday 18 October
Tuesday and Wednesday are full conference days. Each morning starts with a General Session presented by the Docker team and guest speakers to present the latest product announcements and use cases. Following the general sessions Continue reading
Q&A: Fast Application Deployment with Ansible and F5 BIG-IP
The following post contains answers to questions asked during our webinar about Fast Application Deployment with Ansible and F5 Big-IP.
Q: How can we define BIG-IP in one sentence? What is its significance in DevOps?
F5 BIG-IP is an API-enabled application delivery platform supporting a full seven layers of traffic and security services. It's not a tool that will make DevOps easier per-se, but the BIG-IP has (historically) been difficult to administer in an automated way. These Ansible modules are intended to make it less difficult so that you can drive your BIG-IP devices via code (Ansible) instead of by having to manually configure it via the Web UI.
Q: Is there documentation that details all the F5 modules being presented in the webinar?
The documentation is in two places:
- The official list of F5 modules can be found in Ansible docs.
- The upstream/community developer docs are on the F5 readthedocs page or you can find many technical resources at F5 devcentral. The latest virtual appliance that you will find are the 13.x branch of BIG-IP module.
There will be documentation on these modules once the modules are released with Ansible version 2.4. For sample Playbooks on Continue reading
Remote unlocking of LUKS-encrypted root in Ubuntu/Debian
This Post is now outdated. Particularly the said bug is finally fixed.
Updated version is available HERE
Unfortunately the bug-fixed version of cryptsetup package, caused incompatibilities with the previous version of the workaround. If you see this message when remotely unlocking your server:
“/bin/cryptroot-unlock: line 192: 2: parameter not set“
Run this command instead to boot your system:
sed 's/print $1, $5/print $1, $3/' /bin/cryptroot-unlock > /tmp/cryptroot-unlock; ash /tmp/cryptroot-unlock
And then remove the workaround and rebuild initramfs:
sudo sh -c 'rm /etc/initramfs-tools/hooks/zz-busybox-initramfs-fix && update-initramfs -u'
Thanks to Gabriel Burkholder for reporting this
Not so long ago, remote unlocking of a LUKS-encrypted root partition was difficult to setup. While essential for headless servers, all required steps needed to be done manually and compatibility was a concern.
Luckily, it is much simpler to do so in recent versions of Ubuntu/Debian. Unlocking an encrypted root remotely should be as simple as installing a single package… We’ll see about that in a moment.
I am not going to cover the required steps for setting up LUKS/LVM here. That information is widely available on the net and is only a search a way. Instead, I’m going to do a quick review of the Continue reading
Five Questions: Network Automation
Welcome to a new series where we interview Ansible experts on IT automation and ask them to share their direct experiences building automation solutions, as well as any insights they have regarding the state of the industry.
In this post, I’ve asked Peter Sprygada and Eric McLeroy five questions about network automation.
Peter Sprygada is a Senior Principal Engineer at Ansible by Red Hat where he brings over 20 years experience building and operating global network infrastructures. He holds two patents in network configuration automation and currently leads the Ansible network engineering team that focuses on building and integrating network automation capabilities into Ansible. Formerly Peter was responsible for building and leading the Arista EOS+ Extensibility Engineering team where he focused on applying DevOps methodologies to enhancing network operations. Prior to that, he held senior network engineering and operations roles at various organizations including Cisco. You can follow him on twitter at @privateip.
Eric McLeroy is a Senior Solutions Architect for Ansible by Red Hat focused on networking use cases. Eric has over 10 years in networking in large scale environments working with a large variety of systems from routers, switches, load balancers, etc. He holds multiple industry certifications and Continue reading
Docker Enterprise Edition enters FIPS certification process
Security is a key pillar of the Docker Enterprise Edition (EE) platform. From built in features automatically configured out of the box to a new secure supply chain and flexible yet secure configurations that are portable with the app from one environment to another – enabling the most secure infrastructure and applications is paramount.
In addition to all the security features, ensuring that the Docker platform is validated against widely-accepted standards and best practices is a critical aspect of our product development as this enables companies and agencies across all industries to adopt Docker containers. The most notable of these standards is that of the Federal Information Processing Standard (FIPS) Publication 140-2, which validates and approves the use of various security encryption modules within a software system.
Today, we’re pleased to announce that the Docker EE cryptography libraries are at the “in-process” phase of the FIPS 140-2 Level 1 Cryptographic Module Validation Program.
This is just one of the many initiatives Docker is driving to support agencies in the adoption of Docker and deployment of container applications in a secure and compliant manner. In addition to starting the FIPS certification process, below are the other compliance initiatives to date:
Docker Enterprise Edition Now on G-Cloud 9 Framework
Docker Enterprise Edition (EE) has been accepted to G-Cloud 9, further exemplifying Docker’s commitment to delivering tools for application modernization and innovation across the UK public sector.
G-Cloud 9 is the UK government’s latest framework that is designed to simplify and accelerate adoption of cloud-based services within the public sector. The inclusion of Docker Enterprise Edition subscriptions, training and Professional Services Organization (PSO) within HM Government Crown Commercial Service’s (CCS) G-Cloud 9 Framework gives UK public sector organizations the opportunity to procure the de facto container solution through the online store known as the “Digital Marketplace” without needing to run a full tender, competition or lengthy procurement process.
Docker’s meteoric rise within enterprise-class business has been built on its ability to be agnostic, agile and secure – whether for hybrid cloud migration, modernizing the application stack or adopting a DevOps methodology.
Bringing application modernization to the public sector
With the UK government’s shift to cloud and DevOps, and move away from locked-down IT contracts in favor of smaller suppliers, Docker perfectly addresses these needs by giving UK public sector organizations the ability to innovate, transform, define, select and control their infrastructure. Additionally, these organization can retain staff who now feel engaged as they can run their programs Continue reading
Webinar Q&A: Docker Enterprise Edition Demo
Docker Enterprise Edition (EE) is designed for enterprise development and IT teams who build, ship and run business critical applications in production at scale. Docker EE provides a fully integrated solution that includes the container engine, built-in orchestration, a private registry, and container lifecycle management to help you build a secure software supply chain. As an enterprise-grade offering with access to SLA-backed technical support and validated integrations to leading 3rd party images, plug-ins, and infrastructure, Docker EE can help organizations deliver Containers as a Service (CaaS) to improve IT efficiency, make applications more portable for the public cloud, and more secure through a smaller attack surface and image signing and scanning.
Watch the following webinar as Moni Sallam and I highlight some key use cases for Docker Enterprise Edition and how it differs from Community Edition. Moni also provides a demo of how end-to-end container lifecycle management can be securely controlled through Docker EE.
Here are some of the top questions from the live session:
Q: Can we Dockerize Windows apps?
A: Yes! Docker has partnered with Microsoft to deliver a native Docker container platform with Windows Server 2016. Docker containers can also be run on Windows Server and Windows Continue reading
Docker for AWS and Azure: Secure By Default Container Platform
Docker for AWS and Docker for Azure are much more than a simple way to setup Docker in the cloud. In fact they provision by default an infrastructure with security in mind to give you a secure platform to build, ship and run Docker apps in the cloud. Available for free in Community Edition and as a subscription with support and integrated management in Enterprise Edition, Docker for AWS and Docker for Azure allow you to leverage pre-configured security features for your apps today – without having to be a cloud infrastructure expert.
You don’t have to take our word for it – in February 2017, we engaged NCC Group, an independent security firm, to conduct a security assessment of Docker for AWS and Docker for Azure. Included in this assessment is Docker for AWS and Docker for Azure Community Edition and Enterprise Edition Basic. This assessment took place from February 6-17. NCC Group was tasked with assessing whether these Docker Editions not only provisioned secure infrastructure with sensible defaults, but also leveraged and integrated the best security features of each cloud. We’d like to openly share their findings with you today.
NCC Group evaluated our security model and defaults, including:
- Cloud-specific Continue reading
Online meetup recap: Introduction to LinuxKit
At DockerCon 2017 we introduced LinuxKit: A toolkit for building secure, lean and portable Linux subsystems. Here are the key principles and motivations behind the project:
- Secure defaults without compromising usability
- Everything is replaceable and customizable
- Immutable infrastructure applied to building Linux distributions
- Completely stateless, but persistent storage can be attached
- Easy tooling, with easy iteration
- Built with containers, for running containers
- Designed for building and running clustered applications, including but not limited to container orchestration such as Docker or Kubernetes
- Designed from the experience of building Docker Editions, but redesigned as a general-purpose toolkit
- Designed to be managed by external tooling, such as Infrakit or similar tools
- Includes a set of longer-term collaborative projects in various stages of development to innovate on kernel and userspace changes, particularly around security
For this Online Meetup, Docker Technical Staff member Rolf Neugebauer gave an introduction to LinuxKit, explained the rationale behind its development and gave a demo on how to get started using it.
Watch the recording and slides
You’ll find below a list of additional questions asked by attendees at the end of the online meetups:
You said the ONBOOT containers are run sequentially, does it wait for one to finish before it Continue reading
CentOS Atomic Host Customization Using cloud-init
Back in early March of this year, I wrote a post on customizing the Docker Engine on CentOS Atomic Host. In that post, I showed how you could use systemd constructs like drop-in units to customize the behavior of the Docker Engine when running on CentOS Atomic Host. In this post, I’m going to build on that information to show how this can be done using cloud-init on a public cloud provider (AWS, in this case).
Although I haven’t really blogged about it, I’d already taken the information in that first post and written some Ansible playbooks to do the same thing (see here for more information). Thus, one could use Ansible to do this when running CentOS Atomic Host on a public cloud provider. However, much like the original post, I wanted to find a very “cloud-native” way of doing this, and cloud-init seemed like a pretty good candidate.
All in all, it was pretty straightforward—with one significant exception. As I was testing this, I ran into an issue where the Docker daemon wouldn’t start after cloud-init had finished. Convinced I’d done something wrong, I kept going over the files, testing and re-testing (I’ve been working on this, off Continue reading
CentOS Atomic Host Customization Using cloud-init
Back in early March of this year, I wrote a post on customizing the Docker Engine on CentOS Atomic Host. In that post, I showed how you could use systemd constructs like drop-in units to customize the behavior of the Docker Engine when running on CentOS Atomic Host. In this post, I’m going to build on that information to show how this can be done using cloud-init on a public cloud provider (AWS, in this case).
Although I haven’t really blogged about it, I’d already taken the information in that first post and written some Ansible playbooks to do the same thing (see here for more information). Thus, one could use Ansible to do this when running CentOS Atomic Host on a public cloud provider. However, much like the original post, I wanted to find a very “cloud-native” way of doing this, and cloud-init seemed like a pretty good candidate.
All in all, it was pretty straightforward—with one significant exception. As I was testing this, I ran into an issue where the Docker daemon wouldn’t start after cloud-init had finished. Convinced I’d done something wrong, I kept going over the files, testing and re-testing (I’ve been working on this, off Continue reading
CentOS Atomic Host Customization Using cloud-init
Back in early March of this year, I wrote a post on customizing the Docker Engine on CentOS Atomic Host. In that post, I showed how you could use systemd constructs like drop-in units to customize the behavior of the Docker Engine when running on CentOS Atomic Host. In this post, I’m going to build on that information to show how this can be done using cloud-init on a public cloud provider (AWS, in this case).
Although I haven’t really blogged about it, I’d already taken the information in that first post and written some Ansible playbooks to do the same thing (see here for more information). Thus, one could use Ansible to do this when running CentOS Atomic Host on a public cloud provider. However, much like the original post, I wanted to find a very “cloud-native” way of doing this, and cloud-init seemed like a pretty good candidate.
All in all, it was pretty straightforward—with one significant exception. As I was testing this, I ran into an issue where the Docker daemon wouldn’t start after cloud-init had finished. Convinced I’d done something wrong, I kept going over the files, testing and re-testing (I’ve been working on this, off Continue reading
Announcing the Docker Student Developer Kit & Campus Ambassador Program!
For quite some time now we have been receiving daily requests from students all over the world, asking for our help learning Docker, using Docker and teaching their peers how to use Docker. We love their enthusiasm, so we decided it was time to reach out to the student community and give them the helping hand they need!
Understanding how to use Docker is now a must have skill for students. Here are 5 reasons why:
- Understanding how to use Docker is one of the most important skills to learn if you want to advance in a career in tech, according to Business Insider.
- You can just start coding instead of spending time setting up your environment.
- You can collaborate easily with your peers and enable seamless group work: Docker eliminates any ‘works on my machine’ issues.
- Docker allows you to easily build applications with a modern microservices architecture.
- Using Docker will greatly enhance the security of your applications.
Getting Started with Docker
Are you a student who is excited about the prospect of using Docker but still don’t know exactly what Docker is or where to start learning? Now that your finals are over and you have all Continue reading