This quick post will illustrate how to:
Growing up in Canada, there aren’t many people who aren't exposed to the CBC as part of their daily lives. From Hockey Night in Canada, to The National, to CBC Radio...there likely isn’t a Canadian who hasn’t been exposed to the CBC. Watch Arcitq, Red Hat, and CBC's success story on containerization of CBC's website using OpenShift.
Arctiq recently presented to the the Toronto Azure Meetup Group. The topic was Linux Container Platform (Kubernetes, OpenShift and Ansible Automation) including Pipeline Automation - From Code to Containers and Continuous Delivery on Azure. You can read the presentation description here on our events page. Yes, It was a lot of content to present in an hour but the demo God's were nice and everything worked as designed.
With the rapid adoption of containers throughout the industry, the landscape of technology and tools in the enterprise is forever changing. Once the excitement of getting the technology up and running wears off, we are often left with the same questions we find enterprises regularly asking.
"How do I get access control inside my container?"
"How can I get my central user base visible inside my container?"
"How do I get sudo controls inside my container?"
"How can I use Kerberos inside my container?"
"What level of interaction should we be having with our containers?"
Arctiq, Inc. is proud to announce they have been named Canadian Partner of the Year by Red Hat, Inc., the world's leading provider of open source solutions. This award is part of the annual Red Hat North American Partner Awards, which were announced on March 28 at the 2017 Red Hat North American Partner Conference in Las Vegas.
One of the things that we’ve seen gain a lot of traction is native support for Windows inside the Ansible platform. It is hard to find a homogenous IT stack nowadays. For example, you may have a Linux server farm but with Active Directory proving its identity. Your management tools needs to be able to handle Linux, Unix, cloud services and.. Windows
Recently I was building a multi-node OpenShift 3.4 environment in Softlayer - AKA - Bluemix Infrastructure. I ran into an issue with the installer (running via Ansible) that was not very easy to troubleshoot and get to the the root cause. This is a quick blog to ideally save someone else in a similar position a lot of time, google searching and chasing their tail.
This issue could easily come up in on-prem installations depending on the vm or server configuration. A multi-master setup utilizes etcd and this is where the core issue came up, basically during the install etcd tries to communicate with the other etcd nodes via the API and it times out and fails the install (connection refused). Jumping to the root cause was the fact that my vm's were configured with 2 interfaces as follows:
Arctiq, Inc. is pleased to announce the achievement of Red Hat Premier partnership status, joining only a handful of Premier partners across Canada. Arctiq has achieved the top status of Red Hat partnership in less than one year of operation. In addition, Arctiq holds Advanced accreditations in Ansible, OpenShift, CloudForms, Satellite, and other key foundational Red Hat open source software.
Recording of Arctiq's event held on Feb.22nd.2017
When the world's two foremost data centre operating system companies start collaborating, we should all sit up and pay attention! Arctiq specializes in the integration of open source solutions to support modern IT transformation, and both Red Hat and Microsoft play a big role in our engagements. From virtualization to containers, across public, private, and hybrid cloud platforms, and the glue that is automation and orchestration, the Arctiq team helps our clients navigate the murky waters. To this end, the marriage between Microsoft and Red Hat is beginning to drive some real world solutions - such as the OpenShift Container Platform running in Azure, or the ability to easily port your RHEL subscriptions into Azure with Red Hat Cloud Access.
Jinja templates in Ansible can be very powerful. They can also be a leading contributor to hair loss. Why? In some ways it comes down to documentation, a mixing of languages (YAML, Python, Jinja2), and variables.
During a recent consulting project with a customer, focused on network automation, we embarked on a journey to re-evaluate how routers were provisioned. A significant part of this initiative was to dynamically create configuration templates for routers, based on variable input. In developing the j2 (the Jinja2 templating language) logic to do things like calculate bandwidth figures, we ran into some limitations. Mainly the ability to have a variable's value accessible outside of the loop that is currently being run.
When the world's two foremost data centre operating system companies start collaborating, we should all sit up and pay attention! The marriage between Microsoft and Red Hat is more than simply intriguing. Approximately one year into their “partnership” we are starting to see some real collaborative outcomes.
I feel like we have been talking for years about when Canadian based businesses will be able to utilize a Canadian based public cloud. There have been a few options over the past year or so but those offerings looked much more like a traditional managed service offering than a real "Cloud" IMHO. Personally I always felt that Amazon EC2 would be the first to open their doors to Canadians but Microsoft beat them across the boarder.
Today Azure is available in both Toronto and Quebec City. You can see based on the image below there are 30 regions available across the globe. Like any real cloud it's a common user experience. Here are a few links if you want to read a little deeper. Microsoft's announcement on the Canadian Launch, Microsoft Azure Canada FAQ, and an interesting article on Data Sovereignty.
This article is a follow-on from our recent Practice Safe DevOps event (slides here) where we demonstrated development tooling capabilities focused on the Enterprise, with enough extensibility to bring the corporate security requirements INTO the development process rather than AFTER the deployment process.
So let’s jump right in… what can happen when you’re environment is not security compliant and your organization is not patching your systems on a regular basis? The importance of patching regularly is a challenge many organizations face. There are times when development cycles, unportable code, lack of time and lack of discipline can prevent systems from being patched. Let’s also not forget about the whole change management challenge and testing requirements.
In this blog I am going to provide a demo of a really cool new feature that comes in OpenShift 3.3 as a technology preview “Build Pipelines”. Everyone wants to achieve better code promotion automation, this is generally referred to as "being agile' and moving to “Continuous Deployment, Delivery, and Integration". I know from experience this was really, really hard in the world of virtual machines and bare metal servers. Well thanks to container technologies I think you will see in the video below that times have changed and it’s not so hard anymore.
The OpenShift platform make extensive use of SSL certificates. The most common deployments leverage the automatically generated SSL certificates for back-end (inter-cluster) communication, but will almost always use a public CA signed certificate for the console access, as well as the wildcard certificate applied to application routes that require TLS.
Many people ask us, "What do you mean by Integrated Security". For us, it means thinking about security from Day 1, rather than as an after thought. As a part of a foundational element to an agile infrastructure, patch management is a crucial function. Rolling out infrastructure (whether on-prem, cloud, etc) with a solid patch management strategy is part of integrated security.
In today's short video, I'm going to demonstrate how to perform emergency patch management in Satellite 6. In specific, I will walk through patching an errata that was released by Red Hat to address a kernel vulnerability recently found called "Dirty Cow"