Scott's Weblog The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking

Technology Short Take #56

Welcome to Technology Short Take #56! In this post, I’ve collected a few links on various data center technologies, news, events, and trends. I hope you find something useful here.




  • The security posture of Docker containers is, rightfully so, starting to see more focus. A couple of articles jumped out at me while compiling this Technology Short Take post. First, this post from Red Hat on Deep Container Inspection (DCI) talks about how DCI’s goal is to allow users to verify where the image came from as well as verify what’s inside the image. Second, CoreOS recently announced Clair, their new container vulnerability analysis service designed to work hand-in-hand with their registry, (More on Clair from TechCrunch here.)
  • Major Hayden has an article on using Ansible to secure OpenStack hosts. This effort is aimed at implementing the RHEL 6 STIG (available here) on Ubuntu 14.04.

Cloud Computing/Cloud Management

  • I recently had to use DevStack for a demonstration of OVN and OpenStack. This was my first “real” use of DevStack, but others who have been using DevStack far more than I have are starting to explore new ways of running OpenStack environments instead of using DevStack. One such method is described by Miguel Grinberg in his article titled “Life Without DevStack: OpenStack Development with OSA,” in which he discusses using Ansible to deploy OpenStack instances. (Miguel also gave a talk at the OpenStack Tokyo Summit on this topic.)
  • I’ve talked about OpenStack Heat and Heat templates a few times (here, here, and here, for example), but I recently came across another introduction to Heat templates that might provide a different approach to the topic.

Operating Systems/Applications

  • In case you missed it, Docker 1.9 was recently released, and along with it came production-ready Docker Swarm and the much-anticipated Docker Networking. See the official Docker blog post for more information (and rest assured I’ll have some blog posts up on some of this stuff as well).
  • Linux network namespaces is a topic I’ve covered here before, but it’s always great to have multiple viewpoints and explanations of technologies and concepts to get a complete and comprehensive view. Jon Langemak has a write-up on network namespaces as well that is worth reading. Matt Oswalt also tackled the topic of network namespaces recently as well.
  • Here’s an article on how to customize Docker’s docker0 network bridge (Bill throws in a rant about said topic for free).
  • This article provides a reasonable overview (well-suited for beginners or folks new to the technologies) of the various container orchestration tools like Swarm, Kubernetes, Fleet, and Mesos.
  • Articles such as this one from Barricade that describe the contents of a modern infrastructure stack can be immensely helpful, if for no other reason than get a look at the technologies that are gaining popularity with newer organizations. I recommend you read articles like this, and use the products and projects listed there to help you navigate where you’re headed.
  • Docker and Solaris Zones? Interesting combination.
  • William Lam shares an article on using Ansible to provision Kubernetes on VMware Photon. I’ve been looking into Kubernetes, but I hadn’t considered the use of Ansible with Photon. (Mistakenly, I considered that Python, which is required for Ansible, had been stripped from Photon.) This is something I’ll have to investigate a bit more.
  • Lew Goettner has a pretty hefty post on CoreOS and Docker on AWS that includes information on CoreOS, user data and cloud-init, AWS and Elastic Load Balancers (ELBs), Fleet, Registrator, Nginx, Confd, and Jenkins. It’s a whirlwind of technologies. Be sure to set aside some time to really focus on this article; there’s a lot of depth here.
  • Nathan LeClaire has a post on using Ansible with Docker Machine to bootstrap host nodes. It’s an interesting approach in that he uses Ansible in a container to provision the host. This is something I’ll need to review again and digest a bit further.
  • With KubeCon last week, there was naturally a fair amount of news surrounding Kubernetes. Engine Yard (and Deis, acquired by Engine Yard) announced a packaging service called Helm (more info on Helm here), and Sysdig Cloud announced the ability to monitor Kubernetes clusters. (If you’re not familiar with Kubernetes, be sure to check out Matt Oswalt’s post on basic concepts for Kubernetes.)


  • Christian Mohn shares an epiphany he had about the possible future of VSAN in this post. Is VMware headed to turning VSAN into a generic storage platform that is no longer tied to vSphere? I don’t know, but it’s certainly an interesting thought.


Career/Soft Skills/Productivity

  • Cody Bunch has a nice article (part of his larger “vSensei” efforts) that bounces around a few common themes on finding/making time for personal development, additional projects, etc.
  • For those of you considering pursuing the VCDX (an admirable goal, by the way), be sure to have a look at Gregg Robertson’s article on his journey to VCDX #205.
  • Speaking of the journey to VCDX…if you’re an existing VCDX and not a panelist, perhaps you might consider being a VCDX mentor.

I’d better wrap this up now, before it gets any longer (it’s already long enough!). I’ll have more links, articles, and posts for you next time around. Until then, thanks for reading!

Metadata and Navigation

Be social and share this post!