0

The Agility and Flexibility of Docker including Oracle Database and Development Tools

A company’s important applications often are subjected to random and capricious changes due to forces well beyond the control of IT or management.  Events like a corporate merger or even a top programmer on an extended vacation can have an adverse impact on the performance and reliability of critical company infrastructure.

During the second day keynote at DockerCon 2017 in Austin TX, Lily Guo and Vivek Saraswat showed a simulation of how to use Docker Enterprise Edition and its application transformation tools to respond to random events that threaten to undermine the stability of their company critical service.

The demo begins as two developers are returning to work after an extended vacation.  They discover that, during their absence, their CEO has unexpectedly hired an outside contract programmer to rapidly code and introduce an entire application service that they know nothing about.  As they try to build the new service, however, Docker Security Scan detects that a deprecated library has been incorporated by the contractor.  This library is found to have a security vulnerability which violates the company’s best practice standards.  As part of Docker Enterprise Edition Advanced, Docker Security Scan automatically keeps track of code contributions and acts as a Continue reading

0

Introducing the Modernize Traditional Apps Program

Today at DockerCon, we announced the Modernize Traditional Applications (MTA) Program to help enterprises make their existing legacy apps more secure, more efficient and portable to hybrid cloud infrastructure.  Collaboratively developed and brought to market with partners Avanade, Cisco, HPE, and Microsoft, the MTA Program consists of consulting services, Docker Enterprise Edition, and hybrid cloud infrastructure from partners to modernize existing .NET Windows or Java Linux applications in five days or less.  Designed for IT operations teams, the MTA Program modernizes existing legacy applications without modifying source code or re-architecting the application.

The First Step In The Microservices Journey

In working with hundreds of our enterprise IT customers the last couple years, when we sit down with them one of the first questions they inevitably ask is, “What is the first step we should take toward microservices?”

Through experience we have found that, for the vast majority of them, the best answer is, “Start with what you have today – with your existing applications.”   Why is this the right place for them to start?  Because it recognizes two realities facing enterprise IT organizations today: existing applications consume 80% of IT budgets, and most IT organizations responsible for existing Continue reading

0

Liveblog: DockerCon 2017 Day 2 Keynote

This is a liveblog of the day 2 keynote (general session) of DockerCon 2017 in Austin, TX. For a look at what was announced or discussed in the day 1 keynote yesterday, see this liveblog. You can also see all DockerCon 2017-related posts by browsing the posts tagged with “DockerCon2017” (see the links at the bottom of this page). Before the keynote starts, there’s some nice live music playing; a welcome change (in my opinion) from yesterday’s video game.

At 9:03am, Ben Golub takes the stage to kick off the day 2 general session. He starts off by reviewing some proposed Docker logos, with a hint toward an announcement at the end of the session (presumably around changing Docker’s logo).

Golub then transitions into the meat of the general session presentation, which (understandably) is focused on Docker in the enterprise. He reviews the usual slide with notable logos from Docker customers. He also discusses some results from a company called ETR, which (apparently) shows Docker is “off the charts” in terms of adoption and market penetration within the enterprise. Golub also debunks the bi-modal IT structure model, saying that Docker’s customers only want one thing: speed (as in moving faster, Continue reading

0

Announcing Ansible Container 0.9

The Ansible Container team is proud to announce the 0.9 release of the Ansible Container project. Key new features of the 0.9 release include:

Tighter integration with Ansible roles

Ansible roles are a great way to describe microservices; roles that are "common" between multiple services map well to container image layers and service-specific roles are easy for teams to maintain. We decided to make that concept clearer in the way Ansible Container works. We ditched the main.yml playbook and replaced it with a per-service list of roles in container.yml.

Tighter integration with Kubernetes in OpenShift Origin and Red Hat OpenShift Container Platform

We've built brand new Kubernetes and OpenShift modules for Ansible, and are already using them in Ansible Container. We've also restructured the container.yml syntax to more naturally support Kubernetes and OpenShift concepts out of the box, then fall back to the comparatively simpler Docker ecosystem. Instead of trying to bolt Kubernetes features into the Docker Compose style schema, we have dedicated OpenShift/Kubernetes configuration for resources like Persistent Volume Claims. This will allow end users to transfer existing Ansible roles into Kubernetes/OpenShift and have Ansible Container manage the deployment lifecycle.

Putting more tools into the Continue reading

0

Announcing LinuxKit: A Toolkit for building Secure, Lean and Portable Linux Subsystems

 

Last year, one of the most common requests we heard from our users was to bring a Docker-native experience to their platforms. These platforms were many and varied: from cloud platforms such as AWS, Azure, Google Cloud, to server platforms such as Windows Server, desktop platforms that their developers used such as OSX and Windows 10, to mainframes and IoT platforms –  the list went on.

We started working on support for these platforms, and we initially shipped Docker for Mac and Docker for Windows, followed by Docker for AWS and Docker for Azure. Most recently, we announced the beta of Docker for GCP. The customizations we applied to make Docker native for each platform have furthered the adoption of the Docker editions.

One of the issues we encountered was that for many of these platforms, the users wanted Linuxcontainer support but the platform itself did not ship with Linux included. Mac OS and Windows are two obvious examples, but cloud platforms do not ship with a standard Linux either. So it made sense for us to bundle Linux into the Docker platform to run in these places.

What we needed to bundle was a secure, lean and portable Linux Continue reading

0

Introducing Moby Project: a new open-source project to advance the software containerization movement

Since Docker democratized software containers four years ago, a whole ecosystem grew around containerization and in this compressed time period it has gone through two distinct phases of growth. In each of these two phases, the model for producing container systems evolved to adapt to the size and needs of the user community as well as the project and the growing contributor ecosystem.

The Moby Project is a new open-source project to advance the software containerization movement and help the ecosystem take containers mainstream. It provides a library of components, a framework for assembling them into custom container-based systems and a place for all container enthusiasts to experiment and exchange ideas.

Let’s review how we got where we are today. In 2013-2014 pioneers started to use containers and collaborate in a monolithic open source codebase, Docker and few other projects, to help tools mature.

Then in 2015-2016, containers were massively adopted in production for cloud-native applications. In this phase, the user community grew to support tens of thousands of deployments that were backed by hundreds of ecosystem projects and thousands of contributors. It is during this phase, that Docker evolved its production model to an open component based approach. In Continue reading

0

DockerCon 2017 Day 1 Keynote

This is a liveblog of the day 1 keynote (general session) of DockerCon 2017 in Austin, TX.

At 9:05am, Ben Golub, CEO of Docker, Inc., takes the stage to kick off the general session and the conference. Golub starts the presentation by reviewing Docker’s four-year history and all the things that have changed over the last three years since the very first DockerCon—from the size of Gordon (Docker’s tortoise mascot) to the amount of growth in Docker usage (via statistics in the number of Docker hosts, the number of Docker-ized apps, the number of image pulls from Docker Hub, and so forth).

Golub continues by mentioning some of the various use cases for Docker. One use case mentioned is Intuit’s use of Docker, and Golub points out that the person responsible for running Intuit’s systems is confident enough in their systems that they’re attending DockerCon on Tax Day (when as many as 25 million tax returns are expected to be processed).

Shifting gears a bit, Golub talks a bit more about the changes over the last 3 years in regards to Docker (the open source project) itself. Stakeholders have changed, and the nature of the project (now projects) has Continue reading

0

DockerCon 2017 Black Belt Session: Cilium for Network and Application Security

This is a liveblog of the DockerCon 2017 Black Belt session led by Thomas Graf on Cilium, a new startup that focuses on using eBPF and XDP for network and application security.

Graf starts by talking about how BPF (specifically, extended BPF or eBPF) can be used to rethink how the Linux kernel handles network traffic. Graf points out that there is another session by Brendan Gregg on using BPF to do analysis performance and profiling.

Why is it necessary to rethink how networking and security is handled? A lot of it has not evolved as application deployments have evolved from low complexity/low deployment frequency to high complexity/high deployment frequency. Further, the age of unique protocol ports (like SMTP on port 25 or SSH on port 22) is coming to a close, as now many different applications or services simply run over HTTP. This leads to “overloading” the HTTP port and a loss of visibility into which applications are talking over that port. Opening TCP port 80 in a situation like this means potentially exposing more privileges than desired (the example to use other HTTP verbs, like PUT or POST instead of just GET).

Graf quickly moves into a Continue reading

0

Liveblog: Creating Effective Images

This is a liveblog for the DockerCon 2017 session titled “Creating Effective Images.” The speaker is Abby Fuller, a Senior Technical Evangelist with Amazon Web Services. Abby is a former operations engineer who was an early consumer of Amazon’s Elastic Container Service (ECS), and some of her learnings came about the “hard way.” This session is from the “Using Docker” track.

Fuller starts with reviewing the agenda, and shares that she’s intent on providing some practical tips that attendees can put to work immediately.

The first topic that Fuller tackles is the topic of container layers. A Docker container is made up of the read-only layers from the image itself, and a read/write layer at “the top” of the layers. Why do we care? Fewer layers means a smaller image, and smaller images means faster builds and faster deploys. (You may also see a reduced attack surface.)

The differences in making smaller images is important, Fuller explains, because the frequency of deployments is increasing (more deployments happening more quickly), and more containers are being deployed (sometimes at the behest of a CI/CD pipeline). This can result in significant amounts of disk space being consumed unnecessarily.

Some high-level Continue reading

0

Ansible + Networking Webinar Q&A

The Ansible Ask an Expert webinar series continues to be one of the most popular series we’ve ever hosted. During these Q&A style webinars, our Ansible experts take questions from the audience about specific topics.

In March, we covered Ansible + Networking. We’ve compiled the questions and answers below for your reference.

Interested in more? Our next Ask an Expert: Networking webinar is scheduled for July 19 at 11AM EDT. Register here.

Q: Persistent connection optimization really applies to devices that do not use a REST API with support for long-lived access tokens (as opposed to cookies)?

A: That's correct. The persistent connection framework is designed to work with SSH based connections, which include CLI and NETCONF connection methods.

Q: Do you know if it's in the roadmap to ship Ansible Tower with jobs out-of-the-box for the most common tasks performed with Red Hat products? For example, deploy a jboss EAP, install OS packages, and stuff like that?

A: Assuming you are talking about "canned" Playbooks here. In most cases, each of the individual products would curate and maintain Playbooks for use and are distributed by the individual products (since there are support implications). The Ansible distribution does not include Continue reading

0

WEBINAR Q&A: Modernize Traditional Applications with Docker Enterprise Edition

This week at DockerCon, we announced the Modernize Traditional Applications (MTA) Program to help enterprises make their existing legacy apps more secure, more efficient and portable to hybrid cloud infrastructure. This webinar covers the importance of “WHY NOW and HOW” to start modernizing traditional applications with Docker Enterprise Edition. Legacy applications often serve critical business needs and have to be maintained for a long time. The maintenance of these applications can become expensive and very time consuming. Some applications may have been written decades ago, grown to millions of lines of code  and the team that built and deployed the app may no longer be at your company. That can pose a challenge for app maintenance, security and support. Docker Enterprise Edition and the Image2Docker Tool presents a unique opportunity to modernize these apps into containers to make them portable, more secure and cost efficient to operate.

View the recorded session below and read through some of the most popular questions

.

Q: Do I need to follow all the steps in the exact sequential manner or do all of them to qualify as modernizing traditional applications?

A:  Outside of the first step of taking the existing app and converting it to a Continue reading

0

The Linux Migration: April 2017 Progress Report

In December 2016, I kicked off a migration to Linux (from OS X) as my primary laptop OS. In the nearly 4 months since the initial progress report, I’ve published a series of articles providing updates on things like which Linux distribution I selected, how I’m handling running VMs on my Linux laptop, and integration with corporate collaboration systems (here, here, and here). I thought that these “along the way” posts would be sufficient to keep readers informed, but I’ve had a couple of requests in the last week about how the migration is going. This post will help answer that question by summarizing what’s happened so far.

Let me start by saying that I am actively using a Linux-powered laptop as my primary laptop right now, and I have been doing so since early February. All the posts I’ve published so far have been updates of how things are going “in production,” so to speak. The following sections describe my current, active environment.

Linux Distribution

In my initial progress report, I’d tentatively chosen to use Ubuntu 16.04 LTS (“Xenial Xerus”). However, a short while later I switched to Fedora 25, and have settled Continue reading

0

DockerCon Agenda, Mobile App and DockerCon Slack

From Docker use cases at large corporations, to advanced technical talks and hands-­on lab tutorials, the DockerCon Agenda includes sessions adapted to every attendee profile, expertise level and domain of interest.

If you’re a registered attendee, login on the DockerCon portal using the information you set up during the registration process. You can use the keyword search bar or filter by topics, days, tracks, experience level or target audience.

Once logged in, you can “star” your interests and create your DockerCon schedule. Your saved interests and schedule will be available on the DockerCon mobile app you can download here.

Below are some useful tips and tricks for getting the most out of the DockerCon App.

Add More Sessions in the App

If you have not started already, we encourage you to review DockerCon sessions and build your agenda for next week. The process is very simple and will help you organize sessions and activities by the topics that you are interested in. Just click the “Schedule” widget and explore sessions by day or track. When you add  to “My Agenda”, you’ll be able to it find later in “My Event”.

You can use the DockerCon App to take notes and rate Continue reading

0

Docker Docs Hackathon: April 17-21, 2017

During DockerCon 2017, Docker’s docs team will be running the first-ever Docker Docs hackathon, and you’re invited to participate and win prizes – whether you attend DockerCon or are just watching the proceedings online.

Essentially, it’s a bug-bash! We have a number of bugs filed against our docs up on GitHub for you to grab.

You can participate in one of two ways:

• With the docs team’s help in the fourth floor hack room at DockerCon on Tuesday, April 18th and Wednesday, April 19th, from 1-6pm.
• Online! Right here! During the whole week of DockerCon (April 17th – 21st).

Or, both – if you want to have the best shot. After all, we won’t be in the hack room 24/7 that whole week.

All participants who show up in the 4th floor hack room at DockerCon will get this way-cool magnet just for stopping by.

Quick links

• Official hackathon page on Docs site
• Event page on DockerCon website
• View hackathon bugs on GitHub
• Report your hackathon work
• Browse prizes
• #docs on Slack, if you have questions

How it works

We have a number of bugs that have built up in our docs queue on GitHub, and we have labeled a Continue reading

0

OpenVPN – TCP or UDP tunneling?

Spoiler alert: You most likely would want to use UDP tunneling!

An OpenVPN tunnel runs over IP and can encapsulates VPN traffic into either a UDP or a TCP connection. To understand the pros and cons of each, we first need to have an understanding of them both.

TCP

Transmission Control Protocol is the dominant protocol there is for most daily stuff happening on a network. It has some very interesting features built-in which makes it very resistant to network packet loss, packet reordering, packet duplication, unintentional packet corruption and even link congestion. Despite it being not perfect¹, it’s survived the test of time and it’s not going anywhere in near future.

All those features however come at a price. A typical TCP packet has a header size of 20 bytes. Assuming you’re using IPv4, You also get a 20 bytes IP header added on top of it. So at least 40 bytes in each TCP packet is the header data that comes before the actual payload.

UDP

Unlike TCP, User Datagram Protocol does not come with much features. It comes with a checksum header for packet integrity but connection reliably as a whole is not guaranteed. In Continue reading

0

Introducing Moby Mingle at DockerCon 2017

If you’re pumped about all the things you learn and all the people you meet at Docker events, you’re going to love what we have planned for you at this year’s DockerCon! With more than 5000 attendees, there will be a wealth of knowledge in the room, ready to be shared, explored and cultivated. This year we’re going to draw on the power of the DockerCon crowd to open-source the attendee experience and bring the focus of the conference back to our users. Every attendee has different experiences, backgrounds, and interests to share. The trick becomes finding the right individual, with the specific knowledge you’re looking for.

So we’re excited to give everyone at DockerCon access to a tool called #MobyMingle to connect with people who share the same Docker use cases, topic of interests or hack ideas, or even your favorite TV shows. So no matter where you’re traveling from or how many people you know before the conference, we will make sure you end up feeling at home!

Using a web based platform, you’re able to build a profile, set goals around what you want to get out of Dockercon, and then make Offers and Requests to help Continue reading

0

Technology Short Take #81

Welcome to Technology Short Take #81! I have another collection of links, articles, and thoughts about key data center technologies, and hopefully I’ve managed to include something here that will prove useful or thought-provoking. Enjoy!

Networking

• Matt Oswalt has a great post on the need for networking professionals to learn basic scripting skills—something he (rightfully) distinguishes from programming as a full-time occupation. This is a post well worth spending a few minutes to read, and I wholeheartedly agree with Matt’s position here. Further, he follows that up with a post on how automation is more than just configuration management; it’s about network services. (This is a view shared by Ivan Pepelnjak.) Excellent stuff!
• Speaking of Ivan, he pointed out this post with 45 Wireshark challenges to help you improve your network analysis skills. Thanks to Ivan for the tip, and thanks to Johannes Weber for the challenges.
• Jason Edelman also jumps into this discussion on the need for automation/programming/scripting skills with a post that advocates the position of “automate when you can, program when you must”. Jason’s position aligns well with the viewpoints of both Matt and Ivan. I must say—if three well-known networking professionals who are also Continue reading

0

Enterprise Ready Software from Docker Store

Docker Store is the place to discover and procure trusted, enterprise-ready containerized software – free, open source and commercial.

Docker Store is the evolution of the Docker Hub, which is the world’s largest container registry, catering to millions of users. As of March 1, 2017, we crossed 11 billion pulls from the public registry!  Docker Store leverages the public registry’s massive user base and ensures our customers – developers, operators and enterprise Docker users get what they ask for. The Official Images program was developed to create a set of curated and trusted content that developers could use as a foundation for building containerized software. From the lessons learned and best practices, Docker recently launched a certification program that  enables ISVs, around the world to take advantage of Store in offering great software, packaged to operate optimally on the Docker platform.

The Docker Store is designed to bring Docker users and ecosystem partners together with

• Certified Containers with ISV apps that have been validated against Docker Enterprise Edition, and comes with cooperative support from Docker and the ISV
• Enhanced search and discovery capabilities of containers, including filtering support for platforms, categories and OS.
• Self service publisher workflow and interface to facilitate Continue reading

0

Docker Gives Back at DockerCon

Docker is actively working to improve opportunities for women and underrepresented minorities throughout the global ecosystem and promote diversity and inclusion in the larger tech community.

For instance, at DockerCon 2016, attendees contributed to a scholarship program through the Bump Up Challenge unlocking funds towards full-tuition scholarships for three applicants to attend Hack Reactor. We selected two recipients in 2016 and are excited to announce our third recipient, Tabitha Hsia, who is already in her first week of the program.

In her own words:

“My name is Tabitha Hsia. I grew up in the East Bay. I come from an art-focused family with my sister being a professional cellist, my mother being a professional pianist, and my great grandfather being a famous Taiwanese painter. I chose Hack Reactor because of their impressive student outcomes and their weekly schedule. Already in my first week, I have learned a ton of information from lectures and their wealth of resources. I have enjoyed pair programming the most so far. While the lectures expose me to new topics, applying the topics to actual problems has deepened my understanding the most. After graduation, my long-term goal is to become a virtual reality developer. Seeing Continue reading

0

What’s New in Ansible Tower 3.1

Ansible Tower 3.1 adds a variety of new features that make it easier than ever to share and scale IT automation. Tower now includes multi-Playbook workflows to streamline jobs, clustering to easily scale-out Tower instances, enhanced search and more.

For this post, we asked members of the Tower engineering team to highlight what’s new with the latest release and share what they're most excited about.

Engineered for the enterprise

Tim Cramer, Senior Director of Engineering, shares a quick overview of the Tower 3.1 enhancements designed to help teams harness the power of Ansible automation across servers, applications, environments and networks:

 

Scale-out clustering

Matt Jones, Principal Software Engineer, explains how scale-out clustering enables you to support a larger number of Tower jobs:

 

Multi-Playbook workflows

Chris Meyers, Senior Software Engineer, describes how Tower's new multi-Playbook workflows promote greater re-use of existing job templates and allow you to build a CI/CD testing workflow:

 

And more...