Monthly Archives: December 2014

Alpha release of Docker Machine Driver for DigitalOcean

I make absolutely zero money on this blog.  Notice there are no ads anywhere on the page.  DigitalOcean has a referral program, so if you are interested in signing up please do a guy a favor and use this link.   Thanks!!!

I wrote about the VMware Fusion and VMware vSphere drivers for Docker Machine previously.  Since I’m playing with this new stuff and trying out DigitalOcean also, I thought I’d show how Machine & DigitalOcean work together.

Comparison
In short, it’s way easier to spin up than vSphere is at the current time, but I’m sure after some bug fixes that’ll get easier over time.  (I’ll try out VMware vCloud Air soon to be fair).  DigitalOcean uses their own image on the backend by default, so there is no downloading and uploading of a boot2docker image so net time to a container is really fast compared.  Also, there are only a handful of config settings (region, size, and image) and all of them are optional if you want to use the defaults.

Cost Savings?
As I am playing more and more with docker machine, I keep thinking about possible money savings this could bring to developers, and could push for a new cost model in public clouds.  Most providers that I have used (AWS, DigitalOcean..) you pay a flat rate by time (minutes, hours…) for compute and for the resources.  But it’s a flat charge, no change in cost for utilization.  Of course nominal charges for bandwidth but generally it’s so small, at least for dev/test it’s irrelevant.    So think about that.   If you spin up LESS overall machines now by plugging in docker machine into your CI or CD workflows by configuring Jenkins or whatever to deploy directly to a docker image inside a machine instead of directly to a cloud provider….. that could eventually save real money long term because you have much less individual workloads running and being billed for, though you may need a slightly larger shell machine.   This is like the cost savings that virtualization originally brought all over again in a way….

Video
Anyway, enough aimless ponderings.   Here is using machine with DigitalOcean:

I make absolutely zero money on this blog.  Notice there are no ads anywhere on the page.  DigitalOcean has a referral program, so if you are interested in signing up please do a guy a favor and use this link.   Thanks!!!

 

Tagged , , ,

Small(er) Clouds: A drop(let) in the cloud ocean

digitaloceanI make absolutely zero money on this blog.  Notice there are no ads anywhere on the page.  DigitalOcean has a referral program, so if you are interested in signing up please do a guy a favor and use this link.   Thanks!!!

I do a lot of research in my day job.  Well any IT job I’ve ever had really.  Constant learning, constant troubleshooting.  My Google fu is strong.   In all the work I do, lately I’ve been coming across references to DigitalOcean again and again.   Usually it is in the context of how to deploy the topic I’m looking into on their systems (their tech writers are way prolific!).  (EDIT: I take that back – they open their tutorial site up to the public.  That’s freaking brilliant.  And useful.  And bonus for SEO), but other times it’s in conversations or examples on sites other than their own.    I can feel when a trend is growing, and this is one.  Pay attention to this company if you are into this sort of thing.

What is it all about

It looks like their niche is catering to developer workloads, and doing it well.  They make it extremely easy, and fast to spin up, use and tear down machines.  They appear to charge set prices per size of instance, no matter where in the world, which probably helps billing be very predictable.

User Experience

I absolutely love when the user experience is elevated over all else.  To me, Digital Ocean just seems to gush this point in their UI and workflow when you sign up, deploy and use systems.

“..the company refuses to deprioritize user experience — unlike the cloud giants that he sees as competitors…”  Why growing cloud DigitalOcean isn’t scared of Amazon, Google, and Microsoft

The only hiccup I had signing up was for some reason my account was flagged and needed a human to look it over before they allowed me to deploy a machine.   I guess this is a good thing in the end really.

 

I’m a suspicious individual, obviously

 

Deploying Workloads

I’m finding videos to be much easer to understand quick topics, so here’s a quick view into deploying a machine, or as they call them ‘droplet’.

 

I make absolutely zero money on this blog.  Notice there are no ads anywhere on the page.  DigitalOcean has a referral program, so if you are interested in signing up please do a guy a favor and use this link.   Thanks!!!

Tagged ,

Tech Preview of Docker Machine Driver for Fusion

(Also, checkout the vSphere driver here.)

I kind of beat up on the vSphere driver quite a bit in the last post.  (sorry guys!).   So I wanted to give a super easy example of what else you can do with it.   I just (finally) watched the DockerCon keynote where they introduced the machine functionality and their messaging on this helping “zero to docker” in just a few commands resonated.  This example shows what the vision is.

So here we go – using docker machine with VMware Fusion as the endpoint on OSX.

You may need to click on the video and watch it in theatre mode to see the text.

 

Tagged , , , , ,

Tech Preview of Docker Machine Driver for vSphere

UPDATE:  Machine is now out of beta, and I have a newer post on some of the changes here: http://www.jaas.co/2015/03/20/using-the-released-version-of-docker-machine-v0-1/

(Also, checkout the Fusion driver here.)

fbbb494a7eef5f9278c6967b6072ca3e_400x400

On Dec 4 2014 Docker announced the “machine” command/functionality as one of the announcements at DockerCon 2014.

In short it provides a way to deploy to many different locations from the same docker cli interface (yes I know that is like ATM machine, just deal with it.).  In their initial alpha release they are including drivers for Virtualbox, and Digital Ocean (though now as of Dec 18 looking at their GitHub page they list syntax already additional for AWS & Azure though I’m not sure if this is functional yet).

The next day on Dec 5 2014 VMware announced a preview of their extension to this Docker Machine command for deploying to VMware Workstation, vSphere and vCloud Air.

I have been using the vSphere part of it a bit this week and found the existing instructions a bit lacking so I wanted to provide some tips and examples to get up and running.

Things to know – but maybe come back to this list later….
First off, a few take aways I learned the hard way.  Which included bugging a very smart dude for help.    A few of these may not make sense until you dive into the functionality yet, so you may want to revisit this section later if you have trouble.

To be clear, I am not posting this list as all the blemishes I found, but as a guide to help anyone else that is struggling to see this vision that this functionality has the potential to bring.  Remember – this is a preview release of the VMware driver, and an alpha release of the Docker code.  Totally unsupported in every meaning of the phrase.

dc8MRKMpi

1) Understand that for this release you need to use the bundled docker binary as it has some functionality that the newest release you’ll get from package managers don’t have.   To get it to co-exist on a system that already had docker-io installed on it, make sure to either specify the full path to either one, or make sure the $PATH env variable is set so it picks up the one you want first.   I also copied my released docker binary to docker_local, so I could easily run that command if I wanted to switch to a local docker container instance.

2) This release of the machine command requires the use of environment variables to specify the active host.  When you run machine ls it will list all the existing docker machines available.  It also specifies the “active” one.  I’m not in the loop on the dev details of this but I assume this will be cleared up in the future.   Even though it says active, you still have to set the ennvironment variable.  Either pull the URL from the machine url machinename command or you can used this nested command

Do note that this is required.  One stumbling point I found was I couldn’t find a way to make this work when I don’t have a real tty session like when vCO makes a SSH call in a workflow.  TBD there……

3) As a follow up to both of the two above, if you DO want or need to switch between using docker machine and a local docker binary, you need to clear out the environment variable with

Yes kind of annoying for now, but I’m sure this will be fixed soon enough.  They are probably discussing this issue here on github.

4) I’m not sure how many others use local docker registries out there, but I do quite a bit for lab environments.  As with this other post I made about the change to forcing SSL communication, it took a moment to figure out how to force the configuration setting on each docker machine.  The really smart guy I alluded to previously built me a boot2docker iso with it embedded in it, so that’s an option, or you could could just manually apply it like this:

 

5) I had quite a bit of problems with a space in the datacenter name, and special characters in passwords.  There may be a workaround, but simple escaping it out didnt work so I just renamed the datacenter and used an account with all simple characters.  Remember….alpha code….

6) Yes, it downloads the ISO every time you run the machine command.  I don’t know why. Go ask docker.  Because, alpha.

7) I even hesitate putting this one here… but in my personal lab it kept failing when transferring the ISO to the datastore.  But it works fine in another lab environment I use.
Probably my own issue with some ghetto routing issue I have….  I worked around it by uploading the ISO by hand to the datastore.  Even though as I said in #6 it downloads it every time, if it already exists in the datastore it doesn’t try to push it again.Lets-Do-This


Step by Step

This syntax is accurate as of Dec 18 with CentOS 6.6 64bit.

Grab the tarball:

GRUMBLE GRUMBLE… whoever compressed this didn’t include the directory…. so it extracts to the present working directory……

Append the directory you extracted to your path environment variable.  Lately I’ve been using ~./bash_profile to set individual settings per user on each host, your results may vary.

And now to fire it off for the first time:

And with any luck you should see a VM pop up named docker-host-ABCDEFG  (that last part is random).  If you get errors, read over the ‘PRO-Tips’ at the end, and ‘Things to know’ at the top.

Now to list the current machines, run:

Set the required environment variables with:

magic

 

 

Now! The magic is happening!  Run a normal docker command like:

And see the magic happen for reals.   This image is being deployed on this new docker “host” which is actually a barebones vSphere VM.

PRO-Tips….

1) If you are doing a bunch of trial and error and you see the message that the docker host already exists, even though it may or may not have been deployed.  This is because even if the command fails it still gets added to the local machine list.  Clean it up with machine rm -f machinename   the -f forces the remove, if the actual VM doesn’t exist.

2) If you get an error message similar to “FATA[0086] open /root/.docker/public-key.json: no such file or directory”  just run the docker binary included here and it will create this file for you.

3) I crafted a pretty sweet bash script to nuke all machines at once.  Add the -f flag to force if you have to.  It works as such:

 

Conclusion

So what does this give us.   In my mind this gives us a simple interface that you may already be familar with and already using on your local machine, the ability to deploy to any number of other endpoints like public or private clouds.   That’s powerful.   Especially with any automation you have already created – slipping this into the mix, makes it even more robust.

This post was heavy on text and light on screenshots on purpose as it’s a complicated subject in this state of development.  I hope to put together a quick video to demonstrate this functionality soon.  Stay tuned.

 

 

Tagged , , , ,

Local Docker Registry Update

It appears since I last wrote about creating a local and persistent Docker registry on CentOS they changed the default behavior to force secure communication.   In basic environments like I use and build in a lab, SSL is just a headache best left alone.

Doing docker push now with docker version 1.3.2 I get the error:

The best solution I found was to add this option to /etc/sysconfig/docker like the following [1] [2]

Restart Docker, and then all is well in Docker push land once again.

 

 

Tagged , , ,

vCAC Remote Console remote privilege escalation

LINK TO VMware Advisory VMSA-2014-0013

LINK to CVE-2014-8373

If you have a vCAC (or the new name vRealize Automation, vRA) system on an untrusted network you should read up on this. (Or in truth, one could argue if you have it all in a production environment….).

VMware vCloud Automation Center has a remote privilege escalation vulnerability. This issue may allow an authenticated vCAC user to obtain administrative access to vCenter Server.

To be clear, this is not a broad virtual machine remove console (VMRC) issue, but how it is implemented in vCAC/vRA.  vSphere is not affected, vCD is not affected.   vRA 6.2 is not affected as “connect using VMRC” is disabled.  The workaround for the older versions is to disable this method.

Tagged , , , ,