Event Report – Expert Talks 2017

Expert Talks 2017 was my first participation in the Expert Talks conference held in Pune. The conference started a couple of years before as an elevated form of Expert Talks Meetup series by Equal Experts, this year’s conference had a very good mix of content. It included talks on a variety of topics including BlockChain, Containers, IoT, Security to name a few. This is the first edition of the conference which had a formal CFP which witnessed 50+ submissions from different parts of the country and 9 talks were selected out of it. This year the conference was held at Novotel Hotel Pune.

 

The conference started with registration desk which was well organized for everyone registered to pick up their kit. Even for a conference scheduled on a Saturday, the attendance was quite noticeable. The event started with a welcome speech to all participants and speakers.

 

The first session delivered by Dr. Pandurang Kamat on demystifying blockchain was a very good start to the event with much anticipated and buzzed topic at the moment. He covered the ecosystem around blockchain with precise detail for everyone to understand the example of most popular blockchain application “BitCoin”. He also gave the overview of Open Source Frameworks like Project Hyperledger for blockchain implementations.

 

The following session Doveryai, no proveryai – an introduction to TLA+ delivered by Sandeep Joshi was well received by the audience as the topic was pretty unique in terms of the name as well as content. The session started a bit slowly with the audience getting the details of TLA+ and PlusCal. This was well scoped with some basic details and a hands-on demo. The model checker use case was well received after looking at the real world applications and we had the first coffee break of the day after it.

 

Mr. Lalit Bhatt started well with his session about Data Science – An Engineering Implementation Perspective which discussed the mathematical models used for building the real world data science applications and explained the current use-cases he has in the organization.

 

Swapnil Dubey and Sunil Manikani from Shlumberger gave good insight into their microservice strategy with containers with building blocks like Kubernetes, Docker and GKE. They also presented how they are using GCE capabilities to effectively reduce the operational expenses.

 

Alicja Gilderdale from Equal Experts presented some history about container technologies and how they validated different container technologies for one of their projects. She also provided some of the insights into the challenges and lessons learned throughout their journey. The end of this session gave thunder to the participants with the lunch break.

 

Neha Datt, from Equal Experts, showcased the importance of Product Owner in the overall business cycle in the current changing infrastructure world. She provided some critical thinking points to bridge the gap between business, architecture and development team and also how product manager can be the glue between them.

Piyush Verma, took the Data Science – An Engineering Implementation Perspective discussion forward with his thoughts about Distributed Data Processing. He showcased typical architectures and deployments in distributed data processing by splitting the system into layers; defining the relevance, need, & behavior of each. One of the core attraction points of the session was the drawn diagrams incorporated in his presentation which he did as a part of the homework for the same.

 

After the second official coffee break of the day, Akash Mahajan enlightened everyone with the most crucial requirement in the currently distributed workloads living on the public clouds, the security. He walked everyone with different requirements for managing secrets with a HashiCorp Vault example while explained the advantages & caveats of the approach.

 

The IoT, Smart Cities, and Digital Manufacturing discussion were well placed with providing application of most of the concepts learned throughout the day to the real world problems. Subodh Gajare provided details on the IoT architecture, its foundation with requirements related to Mobility, Analytics, Big data, Cloud and Security. He provided very useful insights into the upcoming protocol advances and the usage of Fog, Edge computing in the Smart City application of IoT.

It was a day well spent with some known faces and an opportunity to connect with many enthusiastic IT professionals in Pune.

 

OpenStack PTG Denver – Day 5

Day 5 of PTG started as day for hackathons, general project/cross-project discussion for most project teams with many people left from PTG and few preparing for their travel plans or site-seeing in Colarado. The kolla team started the day with alternate Dockerfile build tool review. Later in the day was something everything in OpenStack and containers community was looking forward to the OpenStack – Kubernets SIG with Chris Hodge leading the effort to get everyone interested in same room. Some key targets for the release were identified including contributors interested. We then had most pressing issue for all deployment projects based on containers, the build and publishing pipeline for kolla images with openstack-infra team. Most of the current requirements, needs and blocking points were identified for rolling this feature. The kolla team and openstack infra team will work together to get this rolling in the starting phase of this cycle once zuul v3 rollout stabelizes. The kolla team ended day early for some much needed buzz for the whole week’s work at Station 26.

 

This is all from this edition of PTG see you next at Dublin.

OpenStack Queens PTG – Day 3

Day 3 of Queens PTG started with project specific design discussions, I joined the Kolla team where we started with the topic first for all the design summits we have had and very much important for the community, the “Documentation“. We broke down the discussion in documentation for quick-start with kolla, contributor, operators and reference documentation. The documentation available currently is scattered across projects after project split and its essential that it has a common landing page on OpenStack Deployment guides where everyone can refer to. We had representatives from the Documentation team Alex, Doug and Petr who are working on improving the doc experience by migrating the docs to a common format across the community. They understood the problem kolla is facing and we had a working discussion where we created the table of contents for all available and required documentation required for kolla.

Kolla team then joined the TripleO team which is consuming the kolla images for OpenStack deployment for discussion about collaboration of effort. The teams will work together to improve the build and publish pipeline for kolla images, improving & adding more CI jobs for the kolla/kolla-ansible/kolla-kubernetes, Configuration management post deployment of containers. The tripleo team has come up with basic healthchecks for containerized deployment, the kolla team will help get those checks in current kolla images and improve on those to better monitor the contaierized OpenStack deployment. The teams will also collaborate on improving the orchestration steps, container testing, upgrades and creating metrics for OpenStack deployment.

During lunch we had extended the discussion with Lars and kfox for discussion around Monitoring for OpenStack, Prometheus and other monitoring tools.

Post lunch, kolla team started with key discussion to the heart of operators, the OpenStack plugins deployment with kolla. There are multiple issues currently related to plugin as when would be ideal time to make them available, during build/deployment? Plugins might have non-matching depedencies to OpenStack components and so further. The team came up with multiple permutation of options available which would need to be PoCed during the release.

Since the inception of project loci there has been discussion around kolla-images size and the team had an interesting discussion on how to reduce that. The important part is to remove the things like apt/yum cache, removing the fat base image and so further. The team also discussed about utilizing althernate container build tooling to writing own image build tool. The team will hack on Friday removing the fat base images and see if that improves the image size.

External tools like Ceph are common pain points when we are doing OpenStack deployment. When kolla community evaluated the options for Ceph as storage backed for containerized openstack deployment there was no thing like containerized ceph. The team build it from scratch and got it working. The ceph team has currently come up with ceph-docker and ceph-ansible. It would be useful for operators that kolla uses the tools directly available from vendors for. We had a discussion with representative from ceph to initiate the collaboration to deprecate current ceph deployment in kolla and use the combination of ceph-docker & ceph-ansible. It will help both the communities will benefit exchange things done better at each end.

I got a surprise gift of vintage OpenStack swag from the PTG team

and I had another photo with the marketing team for with the TSP members.

The day ended with hanging out with kolla team mates at Famous Dave‘s

Introduction to Docker Security Hands-On

Docker has recently made an announcement related to Docker Security which will help enhance container security which abstracts it from the infrastructure. The three key components of the Docker Security are

  • Usable Security
  • Trusted Delivery
  • Infrastructure Independent

which will eventually result in safer apps.

In Docker, a secret is any blob of data, such as a password, SSH private key, TLS Certificate, or any other piece of data that is sensitive in nature. docker secret is the docker command for managing the secrets in Docker. It uses the built-in Certificate Authority that gets automatically created when bootstrapping a new swarm.

docker@manager1:~$ docker secret

Usage: docker secret COMMAND

Manage Docker secrets

Options:
 — help Print usage

Commands:
 create Create a secret from a file or STDIN as content
 inspect Display detailed information on one or more secrets
 ls List secrets
 rm Remove one or more secrets

For evaluating Docker Secrets, I reviewed the article https://blog.docker.com/2017/02/docker-secrets-management. I found we need some more steps to evaluate secrets.

You can create a key with very simple steps

docker@manager1:~$ echo “This is a secret” | docker secret create my_secret_data -
e0krhfllujxsnz6dunhrwpu2o

docker@manager1:~$ docker secret ls
ID NAME CREATED UPDATED
e0krhfllujxsnz6dunhrwpu2o my_secret_data 15 seconds ago 15 seconds ago

The detailed secret information can be obtained as

docker@manager1:~$ docker secret inspect my_secret_data
[
 {
 “ID”: “e0krhfllujxsnz6dunhrwpu2o”,
 “Version”: {
 “Index”: 64
 },
 “CreatedAt”: “2017–02–14T08:37:07.556279987Z”,
 “UpdatedAt”: “2017–02–14T08:37:07.556279987Z”,
 “Spec”: {
 “Name”: “my_secret_data”
 }
 }
]

Now lets use the secret with any service

docker@manager1:~$ docker service create — name=”nginx” — secret=”my_secret_data” nginx
tppk0d5azzxljeqe874m72sbt

docker@manager1:~$ docker service ls
ID NAME MODE REPLICAS IMAGE
tppk0d5azzxl nginx replicated 1/1 nginx:latest

Lets see which secret is actually allocated to the instance

docker@manager1:~$ docker service inspect nginx | grep -i secret
 “Secrets”: [
 “Name”: “my_secret_data”,
 “SecretID”: “e0krhfllujxsnz6dunhrwpu2o”,
 “SecretName”: “my_secret_data”

docker@manager1:~$ docker service ps nginx
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
q1dwnk2bv63t nginx.1 nginx:latest worker1 Running Running 2 minutes ago

Go to Worker1 and execute following

docker@worker1:~$ docker exec $(docker ps — filter name=nginx -q) ls -l /run/secrets
total 4
-r — r — r — 1 root root 17 Feb 14 08:43 my_secret_data

Now I will scale the service to 3

docker@manager1:~$ docker service scale nginx=3
nginx scaled to 3
docker@manager1:~$ docker service ps nginx
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
q1dwnk2bv63t nginx.1 nginx:latest worker1 Running Running 10 minutes ago
qqdawh6ko0dm nginx.2 nginx:latest worker2 Running Running 1 second ago
xbac8ucqju3s nginx.3 nginx:latest manager1 Running Running 1 second ago

Now we can see the service is also running on swarm manager node as well. Lets see if it has the same secret. Execute the same command on manager node

docker@manager1:~$ docker exec $(docker ps — filter name=nginx -q) ls -l /run/secrets
total 4
-r — r — r — 1 root root 17 Feb 14 08:53 my_secret_data

Lets try and remove the secret from the service

docker@manager1:~$ docker service update — secret-rm=”my_secret_data” nginx
nginx

docker@manager1:~$ docker exec $(docker ps — filter name=nginx -q) ls -l /run/secrets
ls: cannot access /run/secrets: No such file or directory

docker@worker1:~$ docker exec $(docker ps — filter name=nginx -q) ls -l /run/secrets
ls: cannot access /run/secrets: No such file or directory

Lets now remove the service and secret we have created for evaluation

docker@manager1:~$ docker service rm nginx
nginx

docker@manager1:~$ docker secret rm my_secret_data
e0krhfllujxsnz6dunhrwpu2o