There’s Application Virtualization and There’s Docker
In what appears to be a recurring theme (which I promise I’ll move off of soon), I’m going to spend some time talking about what Docker isn’t – Docker is not application virtualization. I spent a good amount of time … ContinuedThe Modern Software Supply Chain Runs on Docker
At the beginning of March, we ran a survey across to people interested in Docker to shine a light on the state of the current software supply chain, and how Docker plays a role in its evolution. We’re delighted to … ContinuedDocker 1.11: The first OCI-compliant runtime, built on containerd
We are excited to introduce Docker Engine 1.11, our first release built on runC and containerd. This is the first OCI-compliant runtime and demonstrates the progress since donating our industry-standard container format and runtime under the Linux Foundation in June of last … ContinuedDocker containerd integration
In an effort to make Docker Engine smaller, better, faster, stronger, we looked for components of the current engine that we can break out into separate projects and improve along the way. One of those components is the Docker runtime for … ContinuedPatching BADLOCK with Ansible
If you've been following recent security news, you may have heard of the Badlock vulnerability in the protocols used by the Microsoft Windows Active Directory infrastructure. This vulnerability could lead to a man-in-the-middle attacker intercepting traffic between a client and the Active Directory server, and then impersonating the client, gaining unauthorized access to resources.
| |
More information can be found at http://badlock.org/ and the Red Hat Knowledgebase. |
Thanks to Ansible, however, patching your systems doesn't have to be complicated.
- hosts: all
gather_facts: true
become_method: sudo
become_user: root
vars:
service_name:
'Debian': 'smbd'
'RedHat': 'smb'
tasks:
- name: check samba version
shell: dpkg -l | grep -q samba
when: ansible_os_family == 'Debian'
register: samba_installed
ignore_errors: True
- name: update samba from apt if installed
apt:
name: samba
state: latest
update_cache: yes
when: ansible_os_family == 'Debian' and samba_installed.rc == 0
notify: restart_samba
- name: check samba version
shell: rpm -q samba
when: ansible_os_family == 'RedHat'
register: samba_installed
ignore_errors: True
- name: update samba from yum if installed
yum:
name: samba
state: latest
update_cache: yes
when: ansible_os_family == 'RedHat' and samba_installed.rc == 0
notify: restart_samba
handlers:
- name: restart_samba
service:
name: "{{ Continue reading
Announcing the Black Belt Sessions at DockerCon 2016
We are excited to announce the first talks in the curated Black Belt Track at DockerCon 2016! Attendees of this track will learn from technical deep dives that haven’t been presented anywhere else by members of the Docker team and … ContinuedEmpowering Windows Deployment Pipelines with Ansible Tower
We love stories about how Ansible Tower has solved problems and made work easier. When we heard that CareerBuilder was using Tower in a Windows environment, we had to know more. Special thanks to Cody Rucks from CareerBuilder for sharing his story about Ansible Tower.
---
At CareerBuilder we are focused on building out a full stack solution that will allow developers to continuously deploy their applications. Not only do we want them to be able to deploy quickly, but we want consistency and automation throughout the entire process. Ansible Tower has become a huge part of our final end solution. In this post we will discuss how we are using Ansible Tower to connect our various products and steps and truly be able to deploy applications in the cloud utilizing DevOps methodologies.
Why Ansible Tower?
In November 2015, our team set out to find the best solution for our needs. We tested several different products and vendors ranging from the most buzz-worthy to the most obscure and ended up selecting Ansible Tower at the end. Ansible Tower seemed to provide all the things that we needed it to do. They key takeaways we had that made us select Ansible Continue reading
Containers and VMs Together
A couple weeks back I talked about how Docker containers were not virtual machines (VMs). I received a lot of positive feedback on the article (thanks!), but I also heard a common question: Can VMs and Docker containers coexist? The … ContinuedCI/CD with Docker Cloud
So you want to innovate faster, right? Continuous integration and continuous deployment (CI/CD) are some of the most common, but impactful use cases for teams who are looking to Dockerize their environment. The key to CI/CD is being able to … ContinuedDocker Community Passes 100K Meetup Members Milestone
As most of you know by now, at Docker we love to organize meetups for the Docker community. We think meetups are a great way for everyone to learn, share their knowledge and network with others like-minded people while … ContinuedKick the Tires on Docker Datacenter with DDC-In-A-Box!
Docker Datacenter (DDC) is a powerful solution for managing your containerized applications in a production environment. But what if you could kick the tires of DDC on your laptop with just a single script command? Welcome to DDC-In-A-Box! DDC-In-A-Box is … ContinuedTechnology Short Take #64
Welcome to Technology Short Take #64. Normally, I try to publish Short Takes on Friday, but this past Friday was April Fools’ Day. Given the propensity for “real” information to get lost among all the pranks, I decided to push this article back to today. Unlike most of what is published around April Fools’ Day, hopefully everything here is helpful, informative, and useful!
Networking
- Phil Gervasi has an article on fate sharing in the network core, where he discusses some of the advantages—and disadvantages—of centralizing the control plane in network designs. The examples Phil uses include StackWise, Virtual Switching System, and Virtual Port Channels.
- Alban Crequy has a post on using Linux queueing disciplines (qdiscs, for short) to help with testing application behavior under degraded network conditions. This is really interesting and something that I want to explore in more detail.
- Cumulus Networks has added another hardware partner to its list of supported hardware partners; this time it’s Mellanox, as outlined in this SDx Central article.
- Carlos Cardenas has a great post that does a great job of explaining SAI (Switch Abstraction Interface) and switchdev, two key abstraction layers involved in building Linux-based network operating systems (NOSes). Carlos Continue reading
Your Docker Agenda for April
Thank you Docker community for your amazing collaborations last month! In March, the community organized over 125 Docker Birthday #3 local trainings and celebrations. This month, you can still catch a few more birthday events and lots of other awesome … ContinuedDocker Online Meetup #36: Docker for Windows and Mac
Docker for Mac and Docker for Windows are integrated, easy-to-deploy environments for building, assembling, and shipping applications from Mac or Windows. Docker for Mac and Windows contain many improvements over Docker Toolbox. During this week’s Docker Online Meetup, Product Managers … ContinuedAnnouncing Docker Hub Classic
As we passed 2.5B pulls on Docker Hub recently, we were proud but we were also concerned. What if we’re simply using too much of the Internet for Docker? We certainly wouldn’t want to get in the way of … ContinuedWhat’s New at DockerCon 2016
Each year, our goal for DockerCon is to deliver the best and most unique Docker event experience possible for the Docker community. Each year, we face new challenges on how to improve on the previous DockerCon. We spend many hours … ContinuedEnabling Portability of Workloads And Fighting Lock-In, with Docker
Portability. This is perhaps one of the greatest characteristics of our Docker Containers-as-a-Service platform. After all, in some way it’s the reason why Docker has become as popular as it has today. In just 3 years, we have seen over … ContinuedDocker Machine, OpenStack, and SSH Keys
I wanted to provide readers a quick “heads up” about some unexpected behavior regarding Docker Machine and OpenStack. It’s not a huge deal, but it could catch someone off-guard if they aren’t aware of what’s happening.
This post builds on the earlier post I published on using Docker Machine with OpenStack; specifically, the section about using Docker Machine’s native OpenStack driver to provision instances on an OpenStack cloud. As a quick recap, recall that you can provision instances on an OpenStack cloud (and have Docker Engine installed and configured on those instances) with a command like this:
docker-machine create -d openstack
--openstack-flavor-id 3
--openstack-image-name "Ubuntu 14.04.3 LTS x64"
--openstack-net-name lab-net-5
--openstack-floatingip-pool ext-net-5
--openstack-sec-groups docker,basic-services
instance-name
(Note that I didn’t include all of the optional parameters; refer to either my earlier blog post or the Docker Machine OpenStack driver reference for more details).
One of the optional parameters for Docker Machine’s OpenStack driver is the --openstack-keypair-name parameter, which allows you to specify the name of an existing keypair to use with instances created by Docker Machine. If you omit this parameter, as I have above, then Docker Machine will auto-generate a new SSH Continue reading