Technology Short Take #79
Welcome to Technology Short Take #79! There’s lots of interesting links for you this time around.
Networking
- I was sure I had mentioned Skydive before, but apparently not (a
grepof all my blog posts found nothing), so let me rectify that first. Skydive is (in the project’s own words) an “open source real-time network topology and protocols analyzer.” The project’s GitHub repository is here, and documentation for Skydive is here. - OK, now that I’ve mentioned Skydive, I can talk about this article that provides an example of functional SDN testing with Terraform and Skydive. Terraform is used to turn up OpenStack infrastructure, and Skydive (via connections into Neutron and OpenContrail, in this example) is used to validate SDN functionality.
- Tony Sangha took PowerNSX (a set of PowerShell cmdlets for interacting with NSX) and created a tool to help document the NSX Distributed Firewall configuration. This tool exports the DFW configuration and then converts it into Excel format, and is available on GitHub. (What’s that? You haven’t heard of PowerNSX before? See here.)
Servers/Hardware
Nothing this time around. Should I keep this section, or ditch it? Feel free to give me your feedback on Twitter.
Security
oVirt Gamification–The oVirt Game You Didn’t Know you Were Playing
Gamification is the concept of applying game mechanics and game design techniques to engage and motivate people to achieve their goals.
It taps into the basic desires and needs of the users impulses which revolve around the idea of Status and Achievement.
To put it in other words, it is turning day-to-day tasks, the kind you might do at home or work, into a game which you can earn points, badges and compete with other people that are doing the same things.
oVirt & Gamification
You probably didn't know, but this isn't the first time oVirt gamification is being used. A few years ago there was an initiative to use oVirt UI plugins system to add Gamification to the project, there was even a "space invaders" game written and available to play inside oVirt!
So What is New?
The oVirt infra team recently reached out to 'GetBadges', a company which provides 'Gamification as a Service'. Luckily for us, open source projects get to have a free game! So oVirt was rewarded with its own oVirt Open Source Game.
The game works automagically every time you contribute to the project. Current integrations are only active on specific projects like 'ovirt-engine' and Continue reading
Adding Metadata to the Arista vEOS Vagrant Box
This post addresses a (mostly) cosmetic issue with the current way that Arista distributes its Vagrant box for vEOS. I say “mostly cosmetic” because while the Vagrant box for vEOS is perfectly functional if you use it via Arista’s instructions, adding metadata as I explain here provides a small bit of additional flexibility should you need multiple versions of the vEOS box on your system.
If you follow Arista’s instructions, then you’ll end up with something like this when you run vagrant box list:
arista-veos-4.18.0 (virtualbox, 0)
bento/ubuntu-16.04 (virtualbox, 2.3.1)
centos/6 (virtualbox, 1611.01)
centos/7 (virtualbox, 1611.01)
centos/atomic-host (virtualbox, 7.20170131)
coreos-stable (virtualbox, 1235.9.0)
debian/jessie64 (virtualbox, 8.7.0)
Note that the version of the vEOS box is embedded in the name. Now, you could not put the version in the name, but because there’s no metadata—which is why it shows (virtualbox, 0) on that line—you wouldn’t have any way of knowing which version you had. Further, what happens when you want to have multiple versions of the vEOS box?
Fortunately, there’s an easy fix (inspired by the way CoreOS distributes their Vagrant box). Just create a file with the Continue reading
Newer Docker Networking Options
In the last part of the free Docker Networking Fundamentals webinar Dinesh Dutt described the newer high-performance networking options (Macvlan and Ipvlan) introduced in Docker version 1.12.
Test driving App Firewall with IPTables
With more and more application moving to the cloud, web based applications have become ubiquitous. They are ideal for providing access to applications sitting on the cloud (over HTTP through a standard web browser). This has removed the need to install specialized application on the client system, the client just needs to install is a … Continue reading Test driving App Firewall with IPTables
Technology Short Take #78
Welcome to Technology Short Take #78! Here’s another collection of links and articles from around the Internet discussing various data center-focused technologies.
Networking
- The rise of the disaggregated network operating system (NOS) marches on: this time, it’s Big Switch Networks announcing expanded hardware support in Open Network Linux (ONL), upon which its own NOS is based.
- The Pivotal Engineering blog has an article that shows how to use BOSH with the vSphere CPI to automate adding servers to an NSX load balancing pool.
- Mircea Ulinic has a nice article describing the combination of NAPALM and Salt for network automation.
- Here’s a post by Ron Fuller on changing the IP address of NSX Manager.
Servers/Hardware
Nothing this time around, sorry!
Security
- As part of some research around my Linux migration, I came across this write-up on how to do encrypted instant messaging on OS X with Adium and Off the Record (OTR). I’ve been using OTR with Adium for a while so this wasn’t new to me, but I wanted to share it here for others who may not be familiar with the solution. (I use OTR with Adium on OS X, and OTR with Pidgin on my Fedora Linux Continue reading
Using oVirt and Vagrant
Introducing oVirt virtual machine management via Vagrant.
In this short tutorial I'm going to give a brief introduction on how to use vagrant to manage oVirt with the new community developed oVirt v4 Vagrant provider.
Background
Vagrant is a way to tool to create portable and reproducible environments. We can use it to provision and manage virtual machines in oVirt by managing a base box (small enough to fit in github as an artifact) and a Vagrantfile. The Vagrantfile is the piece of configuration that defines everything about the virtual machines: memory, cpu, base image, and any other configuration that is specific to the hosting environment.
Prerequisites
- A fully working and configured oVirt cluster of any size
- A system capable of compiling and running the oVirt ruby SDK gem
- Vagrant 1.8 or later
- The oVirt vagrant plugin installed via
$ vagrant plugin install vagrant-ovirt4
The Vagrantfile
To start off, I'm going to use this Vagrantfile:
Vagrant.configure("2") do |config|
config.vm.box = 'ovirt4'
config.vm.hostname = "test-vm"
config.vm.box_url = 'https://github.com/myoung34/vagrant-ovirt4/blob/master/example_box/dummy.box?raw=true'
config.vm.network :private_network,
:ip => '192.168.56.100', :nictype => 'virtio', :netmask Continue readingSpeaking at Red Hat Summit 2017
Hi Folks, I know it’s been a few weeks but I assure you I’ve been heads down on good stuff. You’ll get to see much of it on the blog, but also at Red Hat Summit 2017 in Boston, MA if you’re so inclined.
So what will I (and my colleagues) be talking about at “Summit” this year?Well, there are several RHV & KVM specific activities at Summit that I’ll have something to do with, 2 directly and multiple indirectly:
Breakout Session – High Availability for Red Hat Virtualization Manager
This will be my primary presentation on RHV, where I talk about and provide demo’s on RHV Hosted Engine, mostly in the context of HA (why and how), but also in the context of how it’s used in a new Red Hat product… (cue dramatic music..)
Breakout Session – Red Hat Virtualization and KVM Roadmaps
This is my colleagues’ session, and typically standing room only. I may help organize, but the Product Managers (Moran & Yaniv) will knock this out. It lays out the future of both Red Hat Virtualization and the core technology, KVM.
Lightning Talk – Reporting and Metrics Update
Again, my colleague’s session (Yaniv), but Continue reading
The Linux Migration: Virtualization Provider
As part of my migration to Linux as my primary laptop OS, I needed to revisit my choice of virtualization provider. Long-time readers probably know that I was an early adopter of VMware Fusion, starting way back in 2006 with the very first “friends and family” release (before it was even publicly available). Obviously I can’t use Fusion on Linux, but do I use VMware Workstation for Linux? VirtualBox? Or something else? That’s what I set out to determine, and in this post I’ll share what I selected and the reasoning behind my selection.
So what were the options to consider? While there may be some other solutions, these are the three I primarily assessed:
- VMware Workstation for Linux 12.5.2
- VirtualBox 5.1.14
- “Native” Linux KVM, supplemented by Libvirt and a GUI like GNOME Boxes (installed by default in Fedora 25)
Since I have been using Vagrant quite a bit over the last few years, whatever solution I selected needed to work reasonably well with Vagrant.
I’m pretty familiar with KVM and Libvirt, so I started there. Given that KVM and Libvirt are “native” to Linux, it felt like it would be a clean solution. While Continue reading
IPTables: Matching A GRE packet based on tunnel key
I was trying to figure out a way to match packets with a certain GRE key and take some action. IPTables does not provide a direct solution to this problem but has the u32 extension modules that can be used to extract 4 bytes of the IP header and match against a pattern. So, I … Continue reading IPTables: Matching A GRE packet based on tunnel key
Installing VirtualBox 5.1 on Fedora 25
Last fall, I wrote a piece about why I had switched to VirtualBox (from VMware Fusion) for my Vagrant needs. As part of my switch to Fedora Linux as my primary laptop OS, I revisited my choice of virtualization provider. I’ll describe that re-assessment in a separate post; the “TL;DR” for this post is that I settled on VirtualBox. As it turns out, though, installing VirtualBox 5.1 on Fedora 25 isn’t as straightforward as one might expect.
After a number of attempts (using a test VM to iron out the “best” procedure), here’s the process I found to be the most straightforward:
-
Run
dnf check-updateanddnf upgradeto pick up the latest packages. If a new kernel version is installed, reboot. (I know this sounds contrived, but I’ve run into issues where some kernel-related packages aren’t available for the kernel version you’re actually running.) -
Install the RPMFusion repos. You only really need the “free” repository, but you can install the “nonfree” as well if you like (it won’t affect this process). I won’t go through the process for how to do this; it’s really well-documented on the RPMFusion web site and is pretty straightforward.
-
Next, use
Continue reading
How To: Setting up a GRE or VXLAN tunnel on Linux
In this post both methods - OpenvSwitch & only linux networking will be discussed. When we speak about VXLAN we normally discuss multicast groups and how endpoints (VTEP) learn and populate both the fdb (forwarding database entry) and the mdb (multicast group database entry). This article describes "not using" a multicast group and dynamic learning when setting the tunnel up natively, i.e. without OVS. Both methods require a fairly newer kernel (3.7 and greater) and needs the "vxlan" kernel module to be loaded. lsmod can be used to check if this Continue reading
Technology Short Take #77
Welcome to Technology Short Take #77. I’ve got a new collection of links and articles from around the Web on various data center-focused technologies.
Networking
- Mark Brookfield takes a moment to remind everyone that you shouldn’t use the (deprecated) C# vSphere Client to manage NSX environments. Good advice.
- Michael Kashin has a great article on how Open Virtual Network (OVN, part of the Open vSwitch project) implements virtual networks in OpenStack. Yes, the article is slightly OpenStack-centric, but it still remains a very informative look at the different components of OVN and how OVN works. (You might also be interested in an earlier article that outlines how to build and install OVN with OpenStack.)
- In a bit of an older post from late summer 2016, Matt Oswalt outlines why network engineers should care about the network software supply chain. I won’t steal Matt’s thunder; go have a look at the post yourself to see if you agree with his assessment.
- Simon Leinen (from SWITCHengines) explains their use of IPv6 with OpenStack.
- John Kozej has a write-up on an NSX logical switch packet walk.
- Sam McGeown discusses deploying ECMP with NSX for a provider logical router.
- Thanks to Ivan Pepelnjak, Continue reading
Increasing SDDC Visibility
In Episode 69 of Software Gone Wild we discussed ways of increasing visibility into VXLAN transport fabric. Another thing we badly need is visibility into the virtual edge behavior, and to help you get there Iwan Rahabok created a set of vRealize dashboards that include the virtual edge networking components. Hope you’ll find them useful.
Multi-Host Container Networking
Running Linux containers on a single host is relatively easy. Building private multi-tenant networks across multiple hosts immediately creates the usual networking mess.
Fortunately the Socketplane team did a pretty good job; for more details watch the video from Docker Networking Fundamentals webinar or listen to the podcast I did with them a year ago.
oVirt Community Newsletter December 2016
It's a new year with new opportunities for oVirt to show up its virtualization features! We're getting ready for DevConf.CZ in Brno next week, and FOSDEM in Brussels the week after that! We look forward to meeting European developers and sysadmins to share your experiences!
Here's what happened in December of 2016.
Software Releases
oVirt 4.0.6 Release is now available
In the Community
oVirt System Tests to the Rescue!—How to Run End-to-End oVirt Tests on Your Patch
CI Please Build—How to build your oVirt project on-demand
The Need for Speed—Coming Changes in oVirt's CI Standards
Еxtension of iptables Rules on oVirt 4.0 Hosts
Deep Dives and Technical Discussions
KVM/Linux Nested Virtualization Support For ARM
Virtual Machines in Kubernetes? How and what makes sense?
ANNOUNCE: New libvirt project Go XML parser model
Using OVN with KVM and Libvirt
New libvirt project Go language bindings
CI tools testing lab: Making it do useful work
CI tools testing lab: Integrating Jenkins and adding Zuul UI
CI tools testing lab: Adding Zuul Merger
CI tools testing lab: Setting up Zuul Server
Technology Short Take #76
Welcome to Technology Short Take #76, the first Technology Short Take of 2017. Normally, I’d publish this on a Friday, but due to extenuating circumstances (my mother-in-law’s funeral is tomorrow) I’m posting it today. Here’s hoping you find something useful!
Networking
- As of Vagrant 1.9.1, the Cumulus plugin for Vagrant is no longer needed. See this post for more details.
- Ivan Pepelnjak (one of my absolutely favorite folks in the IT industry) has a great post on using regex filters in Ansible to parse text printouts from network devices. This is a super-practical post that anyone working with network automation can put to use right away.
- Craig Matsumoto has an informative article on why machine learning is hard to apply to networking. I’ve heard David Meyer—who is quoted extensively in the article—speak several times, and most of the time his stuff is way beyond my understanding. At least now, though, I get the general direction he’s heading.
- Interested in using OVS with VXLAN on Hyper-V, but without OpenStack? This article by Alin Serdean from Cloudbase Solutions describes how it’s done.
- Here’s an article describing how to establish a site-to-site VPN between a Cisco ASA and Microsoft Azure. Anecdotally, Continue reading
Happy New Documentation!
The oVirt Project is pleased to announce the availability of all-new principal documentation for the oVirt 4.0 branch.
There are many people out there who are content to use software without documentation, preferring to muddle through the software based on past experience with similar software or just the desire to put the software through its paces.
We all do this; I could not tell you the last time I looked at documentation for Firefox or Chrome, because I've been using browsers for over 20 years and seriously, what else is there to learn? Until I learn about a cool new feature from a friend or a web site.
In a software community project, one of the biggest things a community must do is to provide proper onboarding to the project's result. This means:
-
Explaining what the software is
-
Providing a clear path to getting the software
-
Demonstrating how to use the software
All three of these onboarding requirements must be done right in order for onboarding to work successfully. Documenation, then, fulfills the third requirement: showing how software can be used. Not every one will need it, but for those users who do need it, it is very nice Continue reading
Upcoming Interview with “The Cube”
Hi folks, as I mentioned earlier in the week, I’ll be in the Northeast next week for the VTUG Winter Warmer event. If you can be there, great.. if not, Stu Miniman of “The Cube” has been gracious enough to invite me to an interview and will be broadcasting it on Thursday, Jan 19th.
Here are the details:
Thursday, January 19th, 2017 @ 1:30 p.m. EST
http://siliconangle.tv/vtug-winter-warmer-2017/
Many thanks to Stu!
Captain KVM
The post Upcoming Interview with “The Cube” appeared first on Captain KVM.
Boston VTUG Winter Warmer
Hi Folks – if any of you are going to be at the VTUG Winter Warmer at Gillette Stadium, come find me, I’ve got a keynote at 10am at “West Side South”. If you’re going to be in the area, it’s an event that’s been going on for several years now and should be fun..
I’ll be talking about Red Hat’s strategy in the Hybrid Cloud and especially how RHV fits into that.
I believe (don’t quote me on this) that the event is free for VTUG members, and that all you need to do is register to become a VTUG member (I believe that is also free) before the event.
Date: January 19, 2017
Location: Gillette Stadium, Patriot Place, Foxboro MA
Hope to see you there,
Captain KVM
The post Boston VTUG Winter Warmer appeared first on Captain KVM.