OpenStack Neutron: Configuring L3 HA

Networking

Overview

In this article we will look at how to setup L3 HA in OpenStack Neutron. OpenStack networking can be rather complex, certainly when coming from a traditional networking world. The basic principles behind networking have not changed but OpenStack introduces lots of abstractions that make end-to-end visibility of network traffic flows very difficult to follow. As such before we get into the material it would be good to provide an overview of L3 as it pertains to OpenStack Neutron.
Continue reading

OpenShift Enterprise 3.1 Lab Setup

Logotype_RH_OpenShiftEnterprise_wLogo_RGB_Gray-300x75

Overview

OpenShift Enterprise is a PaaS platform that enables digital transformation. It lets you build and run traditional (mode 1) as well as cloud-native (mode 2) applications. OpenShift is built on two key technology components: Docker and Kubernetes. Docker provides a standard, consistent application packaging format. It enables OpenShift to easily move applications across the hybrid cloud. Kubernetes provides container orchestration and allows multiple container nodes running Docker to be clustered. Kubernetes provides scheduling for application containers.

OpenShift of course provides a lot on top of Docker and Kubernetes. This includes image registry, routing, SDN, developer experience, data persistence, enterprise-grade container runtime, build / deployment blueprints and much more.
Continue reading

OpenStack Keystone: Integrating LDAP with IPA

Overview

Keystone_logo

Keystone is the identity service in OpenStack responsible for authentication of users and services. Keystone leverages tokens which are transient in nature. In addition to authentication Keystone allows for policy management defining roles and responsibilities that govern users, services and tenants. Fine granular RBAC is also possible, Keystone allows for mapping capabilities directly to users. Finally, Keystone provides a catalog for all service endpoints within OpenStack. Most organizations will have either central AD or LDAP for managing users and services. In this article we will integrate Keystone with LDAP using central IPA server.
Continue reading

Red Hat Enterprise Virtualization (RHEV) – Management Options

oVirt_300x100

Overview

RHEV has two separate distinct layers, the hypervisor itself and management. The hypervisor layer, RHEV-H is of course built on Red Hat Enterprise Linux (RHEL) and utilizes KVM for the hypervisor technology. RHEV-H can be configured using pre-built RHEV-H image or using standard RHEL. The management layer, Red Hat Enterprise Virtualization Management (RHEV-M) provides management for a multi-hypervisor environment and uses concepts such as datacenters, clusters, networks and storage domains to describe virtualization resources. In this article we will focus on options for configuring RHEV-M. The upstream opensource project behind RHEV-M is oVirt. There are two options as of RHEV 3.5 for configuring RHEV-M, standalone or hosted engine.

Below are other articles you may find of interest relating to RHEV:

Continue reading

OpenStack Liberty Lab Installation and Configuration Guide

rdo

Overview

In this article we will focus on installing and configuring OpenStack Liberty using RDO and the packstack installer. RDO is a community platform around Red Hat’s OpenStack Platform. It allows you to test the latest OpenStack capabilities on a stable platform such as Red Hat Enterprise Linux (RHEL) or CentOS. This guide will take you through installing the OpenStack Liberty release, configuring networking, security groups, flavors, images and are other OpenStack related services. The outcome is a working OpenStack environment based on the Liberty release that you can use as a baseline for testing your applications with OpenStack capabilities.
Continue reading

2015 in review

The WordPress.com stats helper monkeys prepared a 2015 annual report for this blog.

Here’s an excerpt:

The concert hall at the Sydney Opera House holds 2,700 people. This blog was viewed about 56,000 times in 2015. If it were a concert at Sydney Opera House, it would take about 21 sold-out performances for that many people to see it.

Click here to see the complete report.

Detecting Security Vulnerabilities in Docker Container Images

container_sec

Overview

Containers, especially Docker container images have been on fire of late and it is simple to understand why? Docker container images give your development and operations organizations a major shot of adrenaline. The results are quite impressive. Applications are developed at never before seen speeds and as such organizations are able to deliver innovation to customers much faster. It’s all so easy, just get on Docker Hub, download a container and run it. So why isn’t everyone already doing this? Unfortunately it is not quite that simple. Enterprises have many other requirements such as security. Once IT operations gets involved they typically start asking a lot of questions. Who built this container? How is the container maintained? Who provides support for the software within the container? Does the software running within the container adhere to our security guidelines? How can we run security compliance checks within containers? How do we update software within containers?
Continue reading