Tag Archives: cloud

Using the released version of Docker-Machine (v0.1) with VMware vSphere

I began uplifting some of my content today which included upgrading to the newest docker (v1.5) and docker-machine (v0.1), and came across a number of changes.

  • The command is now officially “docker-machine” instead of just “machine” which is what it was when I first played with it.
  • All the VMware driver commands are now prefixed with “vmware”   so instead of “–vsphere-vcenter” it is now “–vmwarevsphere-vcenter”   a full example is:

    And they have an easier way to set the environment variables now:
  • I couldn’t get “–vmwarevsphere-boot2docker-url” to work with a custom URL which is probably a bug.  If you leave it out entirely it will use a default location.
  • ..Which is a good thing because boot2docker now includes VMware tools, which negates the need for a custom .ISO
  • The only other change I need to make to the boot2docker image is the use of a insecure registry, so I just include in my syntax the running of a shell script which runs: docker-machine ssh $1 sudo sed -i -e ‘s/–tlsverify/–tlsverify –insecure-registry docker-hub:5000/g’ /var/lib/boot2docker/profile  You can find this full shell script on github here.   “docker-hub” is my registry hostname on port 5000
  • I noticed the name of the VM now matches what docker-machine calls it instead of a random string.

That’s about it so far.  I have not used it too extensively yet but so far so good.  I did not see a single hang of the docker commands like I saw previously with the older versions.  Thumbs up so far.

Tagged , , , ,

Alpha release of Docker Machine Driver for DigitalOcean

I make absolutely zero money on this blog.  Notice there are no ads anywhere on the page.  DigitalOcean has a referral program, so if you are interested in signing up please do a guy a favor and use this link.   Thanks!!!

I wrote about the VMware Fusion and VMware vSphere drivers for Docker Machine previously.  Since I’m playing with this new stuff and trying out DigitalOcean also, I thought I’d show how Machine & DigitalOcean work together.

Comparison
In short, it’s way easier to spin up than vSphere is at the current time, but I’m sure after some bug fixes that’ll get easier over time.  (I’ll try out VMware vCloud Air soon to be fair).  DigitalOcean uses their own image on the backend by default, so there is no downloading and uploading of a boot2docker image so net time to a container is really fast compared.  Also, there are only a handful of config settings (region, size, and image) and all of them are optional if you want to use the defaults.

Cost Savings?
As I am playing more and more with docker machine, I keep thinking about possible money savings this could bring to developers, and could push for a new cost model in public clouds.  Most providers that I have used (AWS, DigitalOcean..) you pay a flat rate by time (minutes, hours…) for compute and for the resources.  But it’s a flat charge, no change in cost for utilization.  Of course nominal charges for bandwidth but generally it’s so small, at least for dev/test it’s irrelevant.    So think about that.   If you spin up LESS overall machines now by plugging in docker machine into your CI or CD workflows by configuring Jenkins or whatever to deploy directly to a docker image inside a machine instead of directly to a cloud provider….. that could eventually save real money long term because you have much less individual workloads running and being billed for, though you may need a slightly larger shell machine.   This is like the cost savings that virtualization originally brought all over again in a way….

Video
Anyway, enough aimless ponderings.   Here is using machine with DigitalOcean:

I make absolutely zero money on this blog.  Notice there are no ads anywhere on the page.  DigitalOcean has a referral program, so if you are interested in signing up please do a guy a favor and use this link.   Thanks!!!

 

Tagged , , ,

Small(er) Clouds: A drop(let) in the cloud ocean

digitaloceanI make absolutely zero money on this blog.  Notice there are no ads anywhere on the page.  DigitalOcean has a referral program, so if you are interested in signing up please do a guy a favor and use this link.   Thanks!!!

I do a lot of research in my day job.  Well any IT job I’ve ever had really.  Constant learning, constant troubleshooting.  My Google fu is strong.   In all the work I do, lately I’ve been coming across references to DigitalOcean again and again.   Usually it is in the context of how to deploy the topic I’m looking into on their systems (their tech writers are way prolific!).  (EDIT: I take that back – they open their tutorial site up to the public.  That’s freaking brilliant.  And useful.  And bonus for SEO), but other times it’s in conversations or examples on sites other than their own.    I can feel when a trend is growing, and this is one.  Pay attention to this company if you are into this sort of thing.

What is it all about

It looks like their niche is catering to developer workloads, and doing it well.  They make it extremely easy, and fast to spin up, use and tear down machines.  They appear to charge set prices per size of instance, no matter where in the world, which probably helps billing be very predictable.

User Experience

I absolutely love when the user experience is elevated over all else.  To me, Digital Ocean just seems to gush this point in their UI and workflow when you sign up, deploy and use systems.

“..the company refuses to deprioritize user experience — unlike the cloud giants that he sees as competitors…”  Why growing cloud DigitalOcean isn’t scared of Amazon, Google, and Microsoft

The only hiccup I had signing up was for some reason my account was flagged and needed a human to look it over before they allowed me to deploy a machine.   I guess this is a good thing in the end really.

 

I’m a suspicious individual, obviously

 

Deploying Workloads

I’m finding videos to be much easer to understand quick topics, so here’s a quick view into deploying a machine, or as they call them ‘droplet’.

 

I make absolutely zero money on this blog.  Notice there are no ads anywhere on the page.  DigitalOcean has a referral program, so if you are interested in signing up please do a guy a favor and use this link.   Thanks!!!

Tagged ,

Directory as A Service: Part 1 – Intro & Setup

Directory as A Service: Part 1 – Intro & Setup
Directory as A Service: Part 2 – vCAC Integration

jc_100_wI have been playing with an interesting new service from a startup based just down the road in Boulder, CO called JumpCloud.  In their own words:

“JumpCloud’s Directory-as-a-Service (DaaS) securely connects employees and IT resources through a single, unified cloud-based user directory. It is the single point of authority and authentication for a business’s many employees and access rules.”   link

I take this to mean it is a hosted directory service.  Interesting concept, which I bet is met with a ton of resistance from those that fight off-prem services but I’ll leave that topic for later discussion and focus on the technology right now.   I wanted to see how I could integrate this into VMware’s vCAC so that is what I built.   I’ll split this into two posts.  This first one will just cover setup, the second will be the integration.

First Impression
I have to admit, I really enjoy companies that make it super easy to try out their offerings.  JumpCloud offers 10 managed nodes for free then gives a one line exact syntax for how to deploy the service at the command line with your account credential already in place.  They also have a full example for Puppet and Chef similarly configured with your credential.   Literally cut, paste, go.  But more on this later.

Walkthrough of first time use

When you first login to the console you are met with a simple interface and nothing configured.  Let’s walk through initial configuration.

The first step seems to be to add users:

Snip20141016_28

Once we add our user, Mountain, we see his account is in a pending state.

Snip20141016_30

When the Mountain checks his email, he’ll see the activation message.

Snip20141016_31

And when he clicks on it he can set his own password

Snip20141016_32

And lastly, The Mountain is automatically presented with a multifactor authentication code that you can scan directly into Google Authenticator.  This is a killer feature in my opinion!

[ don’t worry about trying to steal these credentials, it won’t get you anywhere! ]

OK, now that the account is setup we see we have one more notification for this user:

Snip20141016_34

Tags seemed a little confusing to me when I got started.  They appear to be the only grouping mechanism, so it is how you associate users to systems.  My guess would be you would assign your developers to the development machine tag, and your system administrators to some sort of all machines tag.   I went ahead and created tags that JumpCloud used in a few of their demo scripts.

We setup a tag for all servers, and give the mountain access

Snip20141016_36

We continue on and create a few more

Snip20141016_37

Now the cool part.  Before when I mentioned I love when companies give simple ways to try a service?

Snip20141016_26

 

So we cut/paste this syntax in a newly provisioned CentOS VM and it does everything for you

Snip20141016_39

 They have some sort of dynamic HTML on many of the console web pages, so when this command is run the empty previous screen is replaced with a system listing.

Snip20141016_40

Notice we do get an alert regarding no tags automatically are assigned to the system.  I’ll explore this in my next post on integrations, but for now we do it by hand:

Snip20141016_41

I’m not clear what’s going on behind the scenes (if it’s a push to the agent, or a reoccurring check in or what) but shortly after we see that the mountain is added to the passwd file on this centos machine:

Snip20141016_42

Now if The Mountain tries to login at this point he will be denied?  Why?  Because if we look at the system details we see the default configuration is locked down pretty tight allowing ONLY public key authentication.

Snip20141016_43

If I go ahead and click each of those buttons to allow root, allow password auth, AND allow multifactor   (because I like to be safe and dangerous all at the same time….it’s a lab after all).  The Mountain is now happy he can login.  Notice the prompt for the multifactor token WITHOUT ANY OTHER MANUAL CONFIG ON THE SYSTEM.  That. is. awesome.

Snip20141016_44

 

Other stuff?
That’s it for the basics.  They have additional functional to configure sudoers via the JumpCloud console but I’ll leave that alone for now.

Overall thoughts
Given how young this startup is, I will give a pass on some of the few negatives I encountered (like UI problems in safari, maybe other features I would want to see like simple user grouping, on premies AD integration, windows host support).  What they have now works pretty well and they make it super easy to use.  It took me a little while to find the API information but when I did I was able to do the automation I will show next.    In short, this technology has promise for either the small environment that has absolutely no on prem environment, or for any sized organization to help with strictly access control on systems.


Full disclosure: I didn’t just happen to stumble upon JumpCloud as I know their Cheif Product Officer from the local cycling community here in Colorado, though I am not being influenced with free bike parts or beer to give their service a whirl.  Yet.

Tagged , ,