Thursday, December 29, 2016

Using Docker with your own Certificate Authority

You should be able to find several free Certificate Authorities in the wild. The most popular are probably Let's Encrypt or CACert. However, if for any reasons (restrictions, use of localhost, ability to automate...), you prefer to manage your own Certificate Authority, you will probably consider OpenSSL as a nice toolkit to build it. This blog presents a few useful commands. They are not intended, by any mean, to replace the official documentation but it might help to speed-up your initial setup and different scenarios.

If you own a CA, you could use it a lot with Docker... or not. I mean it could help. For instance, you could use it to secure a vault to store and share secrets. You could rely on a PKI to authenticate clients ans servers. You could also use it to encrypt HTTP protocol, including the access to your private registry. This blog will explore the latter scenario to illustrate how you can leverage your newly created Certificate Authority.
Important Note:
The example below relies on Fedora/Enterprise Linux; if you plan to use Debian, another Linux distribution, Windows or OSX, you should have to adapt the procedure to make it work.

Thursday, December 22, 2016

Provisioning Compute in Oracle Public Cloud with Terraform

Terraform is probably the most popular Cloud orchestrator today. At least, this is the one I prefer! It is easy to use, fast, it provides a nice way to simulate the addition/deletion of resources and it can be extended nicely. It is the perfect tool to kick-off Infrastructure with most providers as I've already discussed.

For a few days now, I've started to use Oracle Cloud again. I'm really enjoying the Container Services, by the way. Beyond the Database, Oracle has definitely made some tremendous progress with its IaaS. It is very powerful. When discovered I could use Terraform with the Compute Service, I could not resist... It took me less than 15 minutes to install it and use Terraform Provider for Oracle Compute Cloud. It just works fine with Terraform 0.8... You will find a few notes about it right below

Saturday, December 17, 2016

Service Discovery and Blue/Green Update with Docker

If you are a developer, a product owner or a project manager, love docker! It speeds up and eases everything:
  • It is a perfect match for 12-Factor applications and microservices development. Do you want Agile Management? Do you want to build large applications? Do you want to keep a clear separation of concerns? Do you want to scale your project with "divide and conquer"?
  • Thank to the Docker Hub, Docker Store and Github, it provides a huge amount of images you can easily pull, assemble and enhance to build the best experience to users. 
  • It is quite agnostic from your infrastructure or cloud provider. It allows to easily scale-out to handle load.
If you are an Ops, you can be even more happy! It is very likely you will get more work and challenges than ever. "Learn as you go", if you want...  Not only you should choose and deploy one of the many Docker Infrastructure from Kubernetes, Mesos/Marathon, Nomad, Swarm or AWS ECS but you will soon discover you need more to manage network, service registration/discovery, monitoring, repositories and deployment, blue/green updates, management of monoliths/singletons, secret management, incidents, failures and many more, including integration with other ecosystems.

I've started a small project I've called docker-mate to present to some of the challenges you might face when running Docker as well as tools you can use to address them. To make it simple, I've built it on top of docker-compose. Hopefully, you will like some of the demonstrations it provides, clone the project, open issues and provide new ideas. I wish you will like docker even more once you've seen some of the fantastic tools people are building to use it.

Sunday, November 6, 2016

Deploying Consul on AWS ECS with Terraform

Consul brings a lot to Docker management. Working with AWS EC2 Container Services (ECS), it has literally changed the game when I've been able to get its magic. Unfortunately there is not so much written on the subject and the only full implementation I did find was based on CloudFormation and did not workout well for me since I was already using Terraform a lot on the project...

I've decided to build and make available a project that embed the whole ECS/Consul stack written with Terraform. It has also been the opportunity to demonstrate some of the good practices I was talking about with Terraform in my last post. I've just made it available on and I've called the project ECS unleashed for several reasons I don't want to dig too much into for now. Once deployed, the project embeds a simple demonstration of a blue/green application upgrade.

I wish it will help people to adopt Consul, build more advanced demonstration or even use it in production. I hope you'll enjoy this project and will fork it. Do not hesitate to send your comments, feedback and question. Have fun!

Sunday, September 18, 2016

5 Good Practices to Start a Terraform Project

Bootstrapping a new project with Terraform resources is not that obvious. I mean, that is obviously easy but if you want it to scale, if you don't be trapped at some points or if you want people to collaborate efficiently, there are, for sure, a few things you should consider from the very ground.

I've started with a short list of 5 good practices you might want to adopt from the beginning of your project! Not that I've only hit 5 issues by doing things wrong but because I'm lazy and I want to keep things simple and fast. If you face some issues too that you've addressed by using good practices in your Terraform projects, don't hesitate to share them too: leave a comment and explain how we could avoid some mistakes...

Sunday, July 3, 2016

Accessing External IP Addresses from Lambda in a VPC

AWS Lambda is to compute what S3 is to storage. It is a simplified model where programs become stateless tasks named Lambda functions in Java, Python or Nodejs. Lambda functions can be triggered by HTTP call to the API Gateway, Cloudwatch time-based schedules or other AWS services. This is "just" stateless functions relying on the library you want. In return, don't bother with the infrastructure at all. Get a compute-model that scales out and is reliable. And best of all, pay for what you really use and not what you provision. I love Lambda as much as I love S3!

However, the devil remains in the details and there are a few of them: the security model; how Lambda connects to networks; How it scales; How to manage code; or how to deal with programming/debugging. Obviously, you can guess it takes some work to be able to kick off Lambda in milliseconds on distributed systems and it does not come for free. Even if you develop stateless functions. This article presents Lambda VPC setup or, more specifically, how to allow Lambda to access external networks and external endpoints from within a VPC.

But lets start with some good news:

Sunday, January 10, 2016

Oracle database 12c with Oracle Linux 7.x and LXC

Linux Containers (LXC) are now certified to run Oracle Database 12c, including Oracle RAC and ASM. You can check out for yourself in the Virtualization Support Matrix as well as in the Database 12.1 Release Notes. If you want to give it quick try and figure out what could be done, nothing is very complicated. Below is a quick introduction. It demonstrates how to use Oracle database 12.1 with Oracle Linux 7.x and LXC container.