Scott's Weblog The weblog of an IT pro specializing in virtualization, networking, open source, and cloud computing

Technology Short Take #51

Welcome to Technology Short Take #51, another collection of posts and links about key data center technologies like networking, virtualization, cloud management, and applications/operating systems. Here’s hoping you find something useful in this collection!

Networking

  • I’m not sure if this falls here or into the “Cloud Computing/Cloud Computing” category, but Shannon McFarland—fellow co-conspirator with the Denver OpenStack Meetup group—has a nice article describing some design and deployment considerations for IPv6 in the OpenStack Kilo release.
  • I’m pretty sure I’ve mentioned Open Virtual Network (OVN) here before, as I’m pretty jazzed about the work going on with this project. If you’re unfamiliar with OVN, Gal Sagie has a couple of articles that might help. I’d start with the later of the two articles, which provides an introduction to OVN, before moving on to Gal’s discussion of OVN and the distributed controller and his article on OVN and containers.
  • Speaking of OVN, Russell Bryant has a detailed description of using OVN with OpenStack Neutron (via DevStack).
  • Using Jinja2 templates for automating network device configuration is a topic that’s getting a fair amount of attention (there were at least two sessions discussing this technique while I was at Interop). Rick Sherman has an article on using Jinja2 templates for network automation, including a practical example.
  • If you’d like to manually wire up a quick GRE tunnel-based network across multiple Docker hosts, here’s a walk-through on a multi-host Docker network.
  • VXLAN overlay networks between AWS and GCE? Sure! Here’s one way, using Ravello Systems.
  • Flavio Leitner has a nice article comparing OVS internal ports with Linux veth devices. This topic is the subject of some debate given that some claim OVS internal ports perform much better than Linux veth devices. Flavio’s research shows the performance differential appears to be negligible overall.
  • MAC learning on OVS under OpenStack? Here you go, thanks to Anthony Burke.
  • Dave Tucker—formerly of Socketplane, now of Docker—has a post outlining the direction of Docker networking. This is a good read for those of you who are interested in understanding where networking with Docker containers is headed.

Servers/Hardware

Security

  • There’s a lot of talk about container security, but now there’s something you can actually do about it. Along with Docker, VMware worked with the Center for Internet Security (CIS) to prepare a security benchmark for Docker 1.6 (available here), and has updated VMware vRealize Configuration Manager to support assessing containerized environments against this benchmark. More details, along with screenshots and explanations of some of the CIS benchmark settings, are found in this VMware blog post.
  • Cody Bunch (re-)posted a hardening script for Ubuntu that is intended to be supplied as userdata (of some sort) when deploying to a cloud platform. Also from Cody is this post talking about using the CIS Ansible role to apply the CIS benchmark against CentOS/RHEL systems.

Cloud Computing/Cloud Management

Operating Systems/Applications

  • In late March there was a “Docker in Production” meetup, and a summary post from that meetup—with links to videos of the presentations—is available via the Heavybit blog. Companies sharing their Docker production stories included Iron.io, ClusterHQ, RelateIQ, and Docker Inc.
  • A new release of Docker Compose—version 1.2—happened in mid-April, with some new features. The new extends feature is perhaps the most notable one, which allows for sharing configurations between services and environments. Have a look at this blog post for all the details.
  • Frank Hinek has a basic—but very thorough and very useful—post on maintaining DNS records in BIND. It’s a great resource for both BIND newbies as well as those who don’t muck around enough in BIND to have this stuff memorized (like me).
  • Here’s a guide to deploying a DNS server using Docker.
  • I keep waffling between Ansible and SaltStack as my “next-generation” configuration management solution. In the event you’re in the same boat, here’s something to tip the scales in the SaltStack direction: a Vagrant environment to build a SaltStack multi-minion setup.
  • Eric Gray has a nice write-up on using Lightwave for authentication with Photon.
  • Google shook up the container world recently when it announced integration between Kubernetes and AppC. Some took that as a knock against Docker; Google was quick to respond, via this blog post, to say that Docker is still important to Google and to containers in general.
  • This is pretty cool: a cross-platform (ARM and x86_64) hybrid cloud built on top of Docker. Get all the details here.
  • Cool—a Docker plugin for vRealize Orchestrator.

Storage

Nothing this time around, but I’ll keep my eyes peeled for content to include in future posts.

Virtualization

  • Based on this report, it looks like the next revision of Microsoft Hyper-V will support nested virtualization. VMware fans have been able to take advantage of nested virtualization for a while, and with the addition of this functionality now Microsoft fans will be able to do the same (hat tip to William Lam).
  • This list of VMware and Vagrant performance hacks is quite handy. Thanks Cody!

I still have so much more to share with you, but I’d better wrap this up now before it gets any longer. Otherwise, I’ll have to start calling these posts “Technology Long Takes”!

Be social and share this post!