Technology Short Take #5818 December 2015
Welcome to Technology Short Take #58. This will be the last Technology Short Take of 2015, as next week is Christmas and the following week is the New Year’s holiday. Before I present this episode’s collection of links, articles, and thoughts on various data center technologies, allow me to first wish all of my readers a very merry and very festive holiday season. Now, on to the content!
- Looking for a step-by-step install guide for VMware NSX? This one is a bit older (refers to NSX 6.1 and the current release is 6.2), but you might find it helpful nevertheless.
- Ray Budavari—who is an absolutely fantastic NSX resource—has a blog post up on the integration between VMware NSX and vRealize Automation. This first post (judging by the “part 1” in the title this will be a series) is a bit light on details, but I’m hoping future posts will dive deeper into this topic.
- Mustafa Akin has an article on Docker’s new overlay networking functionality. He describes how to set it up (on both VirtualBox and Digital Ocean) and provides some high-level performance information as well.
- If you’d like to play around with Cumulus Linux but don’t have a compatible hardware switch, Cumulus VX is the answer. Here’s a post on converting VX from VirtualBox to Libvirt, in case you’d like to run it that way.
- I saw this announcement regarding a recent Juniper MX router refresh on SDx Central, but it is really light on details. It says the the JET (Juniper Extension Toolkit) uses “open application programming interfaces”, but fails to provide any specifics. Is this “open-washing”, or is there actually some meat to this? A general web search for “Juniper Extension Toolkit” yielded similarly low-value hits that were vague. If you have some details on this, hit me up on Twitter.
- Here’s a post that claims to translate OVS and OpenStack Neutron to the network engineer’s language. One small point of discussion: the post claims OpenStack Neutron “isn’t capable of controlling a physical network infrastructure” (the author’s words). I would respond to that by saying OpenStack Neutron wasn’t built to manage a physical network.
- Normally the hardware space is pretty boring (in fact, I’ve been considering removing it from the Technology Short Take series), but HPE decided to shake things up recently with its Synergy servers and “composable architecture”. Most of the articles I found on the Synergy servers and “composable architecture” were more “market-techture” than anything substantive (see the list of links at the end of this Mirantis blog post), but as far as I’m able to glean this sounds a lot like Intel’s Rack-Scale Architecture. (See here for some of my thoughts on Intel’s RSA following IDF 2014.) If HPE’s Synergy takes the approach of enabling higher-level software to be more insightful and more effective, then great; if, on the other hand, HPE takes the approach of trying to replicate higher-level software functionality in hardware (as it seems they’re trying to do), I’m not a fan of the added complexity.
- This article listing 20 Linux server hardening tips contains some basic tips but is nevertheless a very good resource for someone looking for Linux security recommendations.
Cloud Computing/Cloud Management
- Microsoft recently announced a preview of Azure Container Service (ACS). ACS offers multiple “endpoints,” each of which enables you to use a particular open source container/orchestration tool. For example, there is a Docker Swarm endpoint, against which you could use standard Docker tools (like Docker Compose, for example).
- Rackspace and VMware have a pair of articles discussing their interoperable OpenStack cloud architecture (here’s the post from Rackspace, and here’s the post from VMware). In my opinion, this is the sort of interoperability across providers and implementations that OpenStack really needs, so it’s good to see two well-known names stepping up to make this happen. It would be great to see this expand to even more OpenStack providers, but it has to start somewhere, right?
- Trevor Roberts Jr. has a three-part series on using Vagrant with OpenStack, something I’ve tackled on my site as well. Check out Trevor’s posts (part 1, part 2, and part 3).
- I’ve been reviewing AWS VPC design recommendations recently, and one of the suggestions that comes up is using a VPC with a private subnet so that the instances on that VPC are not reachable from the Internet. Makes sense; if an instance isn’t serving traffic from the Internet, then it shouldn’t be reachable from the Internet. This, however, presents an issue; how do you provide outbound Internet access to these instances? You can use a pair of NAT instances (this has scale limitations and adds complexity), you can use the new Managed NAT Gateway, or you can leverage a Squid proxy (or even an AutoScaling Group of Squid proxies, if you’re ambitious enough).
- This is an older post on OpenStack availability zones and host aggregates, but useful nevertheless (for me, at least).
- Want to run Docker Swarm on Azure? Look here.
- There’s been a fair amount of noise regarding the Open Container Initiative recently, including a pair of blog posts from (somewhat) opposing viewpoints (a post from Docker and a post from CoreOS). Depending on your viewpoint, OCI is either the greatest thing since sliced bread, or it’s a work in progress with a lot of potential. Time will tell which viewpoint was the most accurate.
- Splunk recently announced their Splunk Logging Driver for Docker, which allows Docker containers to send log data directly to Splunk. This comes on the heels of the Docker announcement around their Ecosystem Technology Partner (ETP) program, which initially includes a whole list of logging-related partners (but didn’t include Splunk, oddly enough). If you’re interested in trying the Splunk driver, you’ll need to use the Docker experimental build.
- This looks handy. (CLI tricks are so much fun.)
- I really appreciated Kelsey Hightower’s recent “12 Fractured Apps” article, in which he tackles some less-than-ideal application patterns with Docker containers. I’m not an application developer, but some of the suggestions Kelsey makes—like creating any directories the application needs if they don’t exist—seem like ordinary common sense, and so part of me is surprised (although I shouldn’t be) that this apparently isn’t common practice.
- The recent release of CentOS 7.2 has caused some issues building Docker containers; see this article for a fix. (Thanks to Shannon McFarland for posting this on Twitter.)
- Kubernetes cheat sheet? Why, yes, thanks.
- Joseph Griffiths has an article talking about an error condition he experienced where his VMware hosts lost access to a volume when connected via Brocade SAN switches. The fix, as Joseph describes it, is to be sure to use the correct fillword setting. It’s been ages (OK, a few years) since I worked with Fibre Channel SAN switches, so this doesn’t mean a whole lot to me—but hopefully it’s helpful to someone out there.
- William Lam breaks down the real value of load balancing your PSC in this in-depth article. Good write-up.
- I saw this announcement from Eric Sloof regarding VMware vSphere PowerCLI Reference: Automating vSphere Administration, 2nd Edition. I’m really glad to see that Wiley/Sybex worked with the authors to do a second edition of this massively helpful book. Congrats to the authors for all their hard work!
- Speaking of PowerCLI and good reference information: check out this article by Alan Renouf for a reference guide to vSphere IDs.
- And while we are on a bit of a PowerCLI theme, have I mentioned the PowerCLI-Example-Scripts GitHub repository?
- Tom Hollingsworth recently weighed in on the topic of full-stack engineers in his post titled “A Stack Full of It”. I was in part of the discussion at ONUG that (apparently) triggered Tom’s post. Tom makes some valid points, but I do respectfully disagree. I think full-stack engineers—folks that can work within and across multiple silos and layers of the data center—are a step in the right direction. I’ll have more to say on this topic very soon, so stay tuned.
I had more stuff to share with you, but I constrained myself to publish this last Short Take of 2015 no later than today, so I’ll stop here. I hope that you found something useful!Tags: CoreOS · Docker · Hardware · Linux · Microsoft · NSX · Networking · OVS · OpenStack · SAN · Security · Storage · VMware · Vagrant · Virtualization · vSphere Previous Post: Using Cloud-Init to Register an Instance into Consul Next Post: Running Ansible Through an SSH Bastion Host