Technology Short Take #5617 November 2015 · Filed in Information
Welcome to Technology Short Take #56! In this post, I’ve collected a few links on various data center technologies, news, events, and trends. I hope you find something useful here.
- Open Virtual Network (OVN) is really ramping up and getting lots of attention, which I personally think is absolutely well-deserved. Russell Bryant has a couple great articles on OVN—how to test OVN’s “EZ Bake” release with DevStack as well as an article on implementing OpenStack security groups using OVN ACLs (which in turn leverage the integration between Open vSwitch and the Linux kernel’s conntrack module). Gal Sagie has a write-up on integration between Kuryr and OVN (Kuryr is another topic that is really interesting).
- Here’s an article on using PHP to query NSX API via REST (specifically, working with syslog settings on NSX Manager).
- Speaking of Gal Sagie and OVN, Gal has a post describing a concept for something called “Topology Service Injection” and some proposals for implementing this in OVN. (Gal and Liran Schour from IBM are slated to do a talk on this at the OVS conference this week.)
- One new networking feature added to OpenStack in the Kilo release was Neutron subnet pools. Carl Baldwin has a post describing how subnet pools work and why they are of benefit in OpenStack environments.
- Sean Collins has an article on building a cheap, compact, and multinode DevStack environment for a home lab that lays out some server hardware decisions and the tools he uses to manage them.
- The security posture of Docker containers is, rightfully so, starting to see more focus. A couple of articles jumped out at me while compiling this Technology Short Take post. First, this post from Red Hat on Deep Container Inspection (DCI) talks about how DCI’s goal is to allow users to verify where the image came from as well as verify what’s inside the image. Second, CoreOS recently announced Clair, their new container vulnerability analysis service designed to work hand-in-hand with their registry, Quay.io. (More on Clair from TechCrunch here.)
- Major Hayden has an article on using Ansible to secure OpenStack hosts. This effort is aimed at implementing the RHEL 6 STIG (available here) on Ubuntu 14.04.
Cloud Computing/Cloud Management
- I recently had to use DevStack for a demonstration of OVN and OpenStack. This was my first “real” use of DevStack, but others who have been using DevStack far more than I have are starting to explore new ways of running OpenStack environments instead of using DevStack. One such method is described by Miguel Grinberg in his article titled “Life Without DevStack: OpenStack Development with OSA,” in which he discusses using Ansible to deploy OpenStack instances. (Miguel also gave a talk at the OpenStack Tokyo Summit on this topic.)
- I’ve talked about OpenStack Heat and Heat templates a few times (here, here, and here, for example), but I recently came across another introduction to Heat templates that might provide a different approach to the topic.
- In case you missed it, Docker 1.9 was recently released, and along with it came production-ready Docker Swarm and the much-anticipated Docker Networking. See the official Docker blog post for more information (and rest assured I’ll have some blog posts up on some of this stuff as well).
- Linux network namespaces is a topic I’ve covered here before, but it’s always great to have multiple viewpoints and explanations of technologies and concepts to get a complete and comprehensive view. Jon Langemak has a write-up on network namespaces as well that is worth reading. Matt Oswalt also tackled the topic of network namespaces recently as well.
- Here’s an article on how to customize Docker’s
docker0network bridge (Bill throws in a rant about said topic for free).
- This article provides a reasonable overview (well-suited for beginners or folks new to the technologies) of the various container orchestration tools like Swarm, Kubernetes, Fleet, and Mesos.
- Articles such as this one from Barricade that describe the contents of a modern infrastructure stack can be immensely helpful, if for no other reason than get a look at the technologies that are gaining popularity with newer organizations. I recommend you read articles like this, and use the products and projects listed there to help you navigate where you’re headed.
- Docker and Solaris Zones? Interesting combination.
- William Lam shares an article on using Ansible to provision Kubernetes on VMware Photon. I’ve been looking into Kubernetes, but I hadn’t considered the use of Ansible with Photon. (Mistakenly, I considered that Python, which is required for Ansible, had been stripped from Photon.) This is something I’ll have to investigate a bit more.
- Lew Goettner has a pretty hefty post on CoreOS and Docker on AWS that includes information on CoreOS, user data and cloud-init, AWS and Elastic Load Balancers (ELBs), Fleet, Registrator, Nginx, Confd, and Jenkins. It’s a whirlwind of technologies. Be sure to set aside some time to really focus on this article; there’s a lot of depth here.
- Nathan LeClaire has a post on using Ansible with Docker Machine to bootstrap host nodes. It’s an interesting approach in that he uses Ansible in a container to provision the host. This is something I’ll need to review again and digest a bit further.
- With KubeCon last week, there was naturally a fair amount of news surrounding Kubernetes. Engine Yard (and Deis, acquired by Engine Yard) announced a packaging service called Helm (more info on Helm here), and Sysdig Cloud announced the ability to monitor Kubernetes clusters. (If you’re not familiar with Kubernetes, be sure to check out Matt Oswalt’s post on basic concepts for Kubernetes.)
- Christian Mohn shares an epiphany he had about the possible future of VSAN in this post. Is VMware headed to turning VSAN into a generic storage platform that is no longer tied to vSphere? I don’t know, but it’s certainly an interesting thought.
- Brian Graf provides an update on using VMware Tools 10 with this “must-read” article on updating to VMware Tools 10.
- Here’s a handy trick of the new ESXi Embedded Host Client: it turns out you can install or update any VIB. See this post from William Lam.
- Here’s an interesting use of Docker to package the Ruby vSphere Console (RVC) to make it easier for vSphere admins to use the tools in the RVC.
- Cody Bunch has a nice article (part of his larger “vSensei” efforts) that bounces around a few common themes on finding/making time for personal development, additional projects, etc.
- For those of you considering pursuing the VCDX (an admirable goal, by the way), be sure to have a look at Gregg Robertson’s article on his journey to VCDX #205.
- Speaking of the journey to VCDX…if you’re an existing VCDX and not a panelist, perhaps you might consider being a VCDX mentor.
I’d better wrap this up now, before it gets any longer (it’s already long enough!). I’ll have more links, articles, and posts for you next time around. Until then, thanks for reading!Tags: Ansible · CoreOS · Docker · Hardware · NSX · Networking · OVN · OVS · OpenStack · Security · Storage · VMware · VSAN · Virtualization · vSphere Previous Post: A Handy GUI Tool for Working with APIs Next Post: Using an SSH Bastion Host