CloudNativeCon KubeCon Europe

 April 25, 2017  |  Ricardo Aravena

This same blog entry is here. Thanks to the cncf folks who helped me put this together.

I’ve attended many conferences before, but I was happy to get the diversity scholarship to attend CloudNativeCon + KubeCon Europe 2017 in Berlin as there is always so much more to learn. It was my first time attending an event organized by the Linux Foundation, and I hope to attend more in the future. I loved all the insights and advances that I obtained through all of the highlighted Cloud Native projects including Kubernetes, gRPC, OpenTracing, Prometheus, Linkerd, Fluentd and OpenDNS from the variety of industry leaders. The keynotes were quite memorable as well, including the Kubernetes 1.6 updates by Aparna Sinha (Google), Federation from Kelsey Hightower (Google), Kubernetes Security Updates from Clayton Coleman (Red Hat), Helm from Michelle Noorali (Deis), Scaling Kubernetes from Joe Beda (Heptio) and Quay from Brandon Phillips (CoreOS).

[Read More]
cloudnative  kubecon  kubernetes  cncf 

LXC Playing

 October 29, 2016  |  Ricardo Aravena

Over the last couple of years Docker has seen incredible growth across the tech industry. Its use ties together with deployment of Microservices in most Cloud based companies. Docker is easy to use and its in constant development. In the last month I decided to venture and try something different that has been around even before Docker but in a more primitive form. You see containers have been around before Docker for a long time and even before that with the introduction of chroot in 1979. Containers were first introduced in Solaris in 2005 with the introduction of Solaris Containers, described as ‘chroot’ on steroids. Then later in 2008 with adoption of the Containers name by LXC. (what Docker was based on initially) and also the inclusion of user namespaces in the Linux Kernel 3.8.

[Read More]
cloudnative  lxc 

Docker First Impressions

 March 7, 2014  |  Ricardo Aravena

For the last few days I’ve been taking at crack at using the recent Docker container deployment tool that I’ve been hearing a lot buzz about. In essence, it’s a wrapper on top of Linux LXC containers, writen in the new friendly and not so popular yet Go language developed at Google.

Just a little bit of background, for those of you not familiar with LXC containers, they are pretty much defined as chroot on steroids. Basically, you can run isolated virtual environments in a single Linux machine and make it look like that they are different machines. These environments give you the advantage of being isalated and at the same they are able to use the same Linux exectutables and memory space to improve speed and footprint size.

[Read More]
docker 

Ansible Playbook for PaperTrail on Ubuntu

 October 29, 2013  |  Ricardo Aravena

This posts describes how to create a simple Ansible task on how to setup PaperTrail on Ubuntu.

It’s a follow up to a previous blog describing an Ansible Playbook to setup an HAProxy system. This Ansible task can be included in the HAProxy playbook as well as any other playbooks with something like this:

---
PLAYBOOK: Install papertrail on Ubuntu
---
- name: scout
  hosts: all
  user: <user-with-sudo>
  sudo: True

  tasks:
    - include: tasks/papertrail.yml

Next, we define the task that includes installing the dependencies rsyslog and libssl-dev. Also we copy a specific rsyslog configuration for papertrail.

[Read More]
ansible  papertrailapp  logging  ubuntu 

Simple Clouformation With Multiple AWS Accounts

 October 24, 2013  |  Ricardo Aravena

In this post I’ll describe how to create a simple AWS CloudFormation template so that we can deploy stack using multiple AWS accounts. In other words a common JSON CloudFormation template that can be use to bring up a stack in multiple accounts. The way we are able to do this is by having exact copies of the EC2 AMIs on all the accounts and regions where we are deploying our stack.

[Read More]

Ansible Playbook for Scout on Ubuntu

 October 22, 2013  |  Ricardo Aravena

This is a sample Ansible task (http://www.ansibleworks.com) on how to setup Scout (https://www.scoutapp.com) on Ubuntu. It needs to be included in an ansible playbook.

It’s a follow up to a previous [blog]({% post_url 2013-10-21-how-to-create-an-ansible-playbook-to-configure-haproxy %}) describing an Ansible Playbook to setup an HAProxy system. This Ansible task can be included in the HAProxy playbook as well as any other playbooks with something like this:

---
PLAYBOOK: Install scout on Ubuntu
---
- name: scout
  hosts: all
  user: user-with-sudo
  sudo: True

  vars:
    scout_key: YourScoutAPIKeyFromTheirWebsite

  tasks:
    - include: tasks/scout.yml

We start by defining a “task” file:

[Read More]
ansible  scout 

Upgrade Linux Kernel on Chromebook

 October 21, 2013  |  Ricardo Aravena

So after installing ChrUbuntu on my Acer C7 Chromebook, I’m very pleased that with the help of this blog I was able to upgrade the Linux Kernel to 3.8.11

raravena@chromebook:~/git/blog-src$ uname -a
Linux chromebook 3.8.11 #3 SMP Thu Oct 17 07:41:20 PDT 2013 x86_64 x86_64 x86_64 GNU/Linux

These are the modified steps:

#!/bin/bash

set -x

#
# Grab verified boot utilities from ChromeOS.
#
mkdir -p /usr/share/vboot
mount -o ro /dev/sda3 /mnt
cp /mnt/usr/bin/vbutil_* /usr/bin
mkdir -p /usr/bin/old_bins
cp /mnt/usr/bin/old_bins/vbutil_* /usr/bin/old_bins/.
cp /mnt/usr/bin/dump_kernel_config /usr/bin
rsync -avz /mnt/usr/share/vboot/ /usr/share/vboot/
umount /mnt

#
# On the Acer C7, ChromeOS is 32-bit, so the verified boot binaries need a
# few 32-bit shared libraries to run under ChrUbuntu, which is 64-bit.
#
apt-get install libc6:i386 libssl1.0.0:i386

#
# Fetch ChromeOS kernel sources from the Git repo.
#
apt-get install git-core
cd /usr/src
git clone  https://git.chromium.org/git/chromiumos/third_party/kernel-next.git
cd kernel-next
git checkout origin/chromeos-3.8

#
# Configure the kernel
#
# First we patch ``base.config`` to set ``CONFIG_SECURITY_CHROMIUMOS``
# to ``n`` ...
cp ./chromeos/config/base.config ./chromeos/config/base.config.orig
sed -e \
  's/CONFIG_SECURITY_CHROMIUMOS=y/CONFIG_SECURITY_CHROMIUMOS=n/' \
  ./chromeos/config/base.config.orig > ./chromeos/config/base.config
./chromeos/scripts/prepareconfig chromeos-intel-pineview
#
# ... and then we proceed as per Olaf's instructions
#
yes "" | make oldconfig

#
# Build the Ubuntu kernel packages
#
apt-get install kernel-package
make-kpkg kernel_image kernel_headers

#
# Backup current kernel and kernel modules
#
tstamp=$(date +%Y-%m-%d-%H%M)
dd if=/dev/sda6 of=/kernel-backup-$tstamp
cp -Rp /lib/modules/3.4.0 /lib/modules/3.4.0-backup-$tstamp

#
# Install kernel image and modules from the Ubuntu kernel packages we
# just created.
#
dpkg -i /usr/src/linux-*.deb

#
# Extract old kernel config
#
vbutil_kernel --verify /dev/sda6 --verbose | tail -1 > /config-$tstamp-orig.txt
#
# Add ``disablevmx=off`` to the command line, so that VMX is enabled (for VirtualBox & Co)
#
sed -e 's/$/ disablevmx=off/' \
  /config-$tstamp-orig.txt > /config-$tstamp.txt

#
# Wrap the new kernel with the verified block and with the new config.
#
vbutil_kernel --pack /newkernel \
  --keyblock /usr/share/vboot/devkeys/kernel.keyblock \
  --version 1 \
  --signprivate /usr/share/vboot/devkeys/kernel_data_key.vbprivk \
  --config=/config-$tstamp.txt \
  --vmlinuz /boot/vmlinuz-3.8.11 \
  --arch x86_64

#
# Make sure the new kernel verifies OK.
#
vbutil_kernel --verify /newkernel

#
# Copy the new kernel to the KERN-C partition.
#
dd if=/newkernel of=/dev/sda6

I ran into an error while compiling the kernel, but gladly was able to fix it

[Read More]
linux  kernel  chromebook 

How To Create an Ansible Playbook to Configure HAProxy

 October 21, 2013  |  Ricardo Aravena

This is the continuation for Setup a simple HAproxy config

It explains how to create an Ansible playbook to automate the haproxy configuration.

If you’d like to find out more about Ansible you can read up on it on their website: http://www.ansible.com

---
# Set up and configure an HaProxy server (Ubuntu flavor)
- name: haproxy
  hosts: all
  user: userwithsudoaccess
  sudo: True
  tags: haproxy

  vars_files:
    - "vars/main.yml"

  tasks:

    # haproxy package for Ubuntu
    - include: tasks/haproxy-apt.yml

    # Specific haproxy tasks follow here
    - name: Copy haproxy logrotate file
      action: >
        copy src=files/haproxy.logrotate dest=/etc/logrotate.d/haproxy
        mode=0644 owner=root group=root

    - name: Create haproxy rsyslog configuration
      action: >
        copy src=files/haproxy-rsyslog.conf
        dest=/etc/rsyslog.d/49-haproxy.conf
        mode=0644 owner=root group=root
      notify: restart rsyslog

    - name: Configure system rsyslog
      action: >
        copy src=files/rsyslog.conf
        dest=/etc/rsyslog.conf
        mode=0644 owner=root group=root
      notify: restart rsyslog

    - name: Create haproxy configuration file
      action: >
        template src=templates/haproxy.cfg.j2 dest=/etc/haproxy/haproxy.cfg
        mode=0644 owner=root group=root
      notify: restart haproxy

The following file that contains the variables needed for the haproxy playbook it should located under vars (vars/main.yml)

[Read More]
haproxy 

Setup a Simple HAProxy Config

 October 21, 2013  |  Ricardo Aravena

Here’s simple haproxy configuration to get you started, you probably want to stick this under /etc/haproxy/haproxy.cfg

global
	log 127.0.0.1	local0
	log 127.0.0.1	local1 notice
	maxconn 4096
	user haproxy
	group haproxy
	daemon

defaults
	log	global
	mode	http
	option	httplog
	option	dontlognull
	retries	3
	option redispatch
	maxconn	4096
	contimeout	5000
	clitimeout	50000
	srvtimeout	50000

	stats enable
	stats auth		admin:password
	stats uri		/monitor
	stats refresh	5s
	option httpchk	GET /status
	retries		5
	option redispatch
	errorfile	503	/etc/haproxy/errors/503.http
	errorfile	400	/etc/haproxy/errors/400.http
	errorfile	403	/etc/haproxy/errors/403.http
	errorfile	408	/etc/haproxy/errors/408.http
	errorfile	500	/etc/haproxy/errors/500.http
	errorfile	502	/etc/haproxy/errors/502.http
	errorfile	503	/etc/haproxy/errors/503.http
	errorfile	504	/etc/haproxy/errors/504.http
	balance roundrobin	# each server is used in turns, according to assigned weight

listen http-in
    bind :80
    monitor-uri   /haproxy  # end point to monitor HAProxy status (returns 200)

    # option httpclose
    server server1 server1.mydomain.com:8080 weight 1 maxconn 2000 check inter 4000
    server server2 server2.mydomain.com:8080 weight 1 maxconn 2000 check inter 4000
    server server3 server3.mydomain.com:8080 weight 1 maxconn 2000 check inter 4000
    rspidel ^Set-cookie:\ IP=	# do not let this cookie tell our internal IP address

You also want to setup logging using rsyslog, you can syslog-ng or other loggers too as well, but the configuration is different.

[Read More]
haproxy