Event Report – Expert Talks 2017

Expert Talks 2017 was my first participation in the Expert Talks conference held in Pune. The conference started a couple of years before as an elevated form of Expert Talks Meetup series by Equal Experts, this year’s conference had a very good mix of content. It included talks on a variety of topics including BlockChain, Containers, IoT, Security to name a few. This is the first edition of the conference which had a formal CFP which witnessed 50+ submissions from different parts of the country and 9 talks were selected out of it. This year the conference was held at Novotel Hotel Pune.

 

The conference started with registration desk which was well organized for everyone registered to pick up their kit. Even for a conference scheduled on a Saturday, the attendance was quite noticeable. The event started with a welcome speech to all participants and speakers.

 

The first session delivered by Dr. Pandurang Kamat on demystifying blockchain was a very good start to the event with much anticipated and buzzed topic at the moment. He covered the ecosystem around blockchain with precise detail for everyone to understand the example of most popular blockchain application “BitCoin”. He also gave the overview of Open Source Frameworks like Project Hyperledger for blockchain implementations.

 

The following session Doveryai, no proveryai – an introduction to TLA+ delivered by Sandeep Joshi was well received by the audience as the topic was pretty unique in terms of the name as well as content. The session started a bit slowly with the audience getting the details of TLA+ and PlusCal. This was well scoped with some basic details and a hands-on demo. The model checker use case was well received after looking at the real world applications and we had the first coffee break of the day after it.

 

Mr. Lalit Bhatt started well with his session about Data Science – An Engineering Implementation Perspective which discussed the mathematical models used for building the real world data science applications and explained the current use-cases he has in the organization.

 

Swapnil Dubey and Sunil Manikani from Shlumberger gave good insight into their microservice strategy with containers with building blocks like Kubernetes, Docker and GKE. They also presented how they are using GCE capabilities to effectively reduce the operational expenses.

 

Alicja Gilderdale from Equal Experts presented some history about container technologies and how they validated different container technologies for one of their projects. She also provided some of the insights into the challenges and lessons learned throughout their journey. The end of this session gave thunder to the participants with the lunch break.

 

Neha Datt, from Equal Experts, showcased the importance of Product Owner in the overall business cycle in the current changing infrastructure world. She provided some critical thinking points to bridge the gap between business, architecture and development team and also how product manager can be the glue between them.

Piyush Verma, took the Data Science – An Engineering Implementation Perspective discussion forward with his thoughts about Distributed Data Processing. He showcased typical architectures and deployments in distributed data processing by splitting the system into layers; defining the relevance, need, & behavior of each. One of the core attraction points of the session was the drawn diagrams incorporated in his presentation which he did as a part of the homework for the same.

 

After the second official coffee break of the day, Akash Mahajan enlightened everyone with the most crucial requirement in the currently distributed workloads living on the public clouds, the security. He walked everyone with different requirements for managing secrets with a HashiCorp Vault example while explained the advantages & caveats of the approach.

 

The IoT, Smart Cities, and Digital Manufacturing discussion were well placed with providing application of most of the concepts learned throughout the day to the real world problems. Subodh Gajare provided details on the IoT architecture, its foundation with requirements related to Mobility, Analytics, Big data, Cloud and Security. He provided very useful insights into the upcoming protocol advances and the usage of Fog, Edge computing in the Smart City application of IoT.

It was a day well spent with some known faces and an opportunity to connect with many enthusiastic IT professionals in Pune.

 

Introduction to Docker Security Hands-On

Docker has recently made an announcement related to Docker Security which will help enhance container security which abstracts it from the infrastructure. The three key components of the Docker Security are

  • Usable Security
  • Trusted Delivery
  • Infrastructure Independent

which will eventually result in safer apps.

In Docker, a secret is any blob of data, such as a password, SSH private key, TLS Certificate, or any other piece of data that is sensitive in nature. docker secret is the docker command for managing the secrets in Docker. It uses the built-in Certificate Authority that gets automatically created when bootstrapping a new swarm.

docker@manager1:~$ docker secret

Usage: docker secret COMMAND

Manage Docker secrets

Options:
 — help Print usage

Commands:
 create Create a secret from a file or STDIN as content
 inspect Display detailed information on one or more secrets
 ls List secrets
 rm Remove one or more secrets

For evaluating Docker Secrets, I reviewed the article https://blog.docker.com/2017/02/docker-secrets-management. I found we need some more steps to evaluate secrets.

You can create a key with very simple steps

docker@manager1:~$ echo “This is a secret” | docker secret create my_secret_data -
e0krhfllujxsnz6dunhrwpu2o

docker@manager1:~$ docker secret ls
ID NAME CREATED UPDATED
e0krhfllujxsnz6dunhrwpu2o my_secret_data 15 seconds ago 15 seconds ago

The detailed secret information can be obtained as

docker@manager1:~$ docker secret inspect my_secret_data
[
 {
 “ID”: “e0krhfllujxsnz6dunhrwpu2o”,
 “Version”: {
 “Index”: 64
 },
 “CreatedAt”: “2017–02–14T08:37:07.556279987Z”,
 “UpdatedAt”: “2017–02–14T08:37:07.556279987Z”,
 “Spec”: {
 “Name”: “my_secret_data”
 }
 }
]

Now lets use the secret with any service

docker@manager1:~$ docker service create — name=”nginx” — secret=”my_secret_data” nginx
tppk0d5azzxljeqe874m72sbt

docker@manager1:~$ docker service ls
ID NAME MODE REPLICAS IMAGE
tppk0d5azzxl nginx replicated 1/1 nginx:latest

Lets see which secret is actually allocated to the instance

docker@manager1:~$ docker service inspect nginx | grep -i secret
 “Secrets”: [
 “Name”: “my_secret_data”,
 “SecretID”: “e0krhfllujxsnz6dunhrwpu2o”,
 “SecretName”: “my_secret_data”

docker@manager1:~$ docker service ps nginx
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
q1dwnk2bv63t nginx.1 nginx:latest worker1 Running Running 2 minutes ago

Go to Worker1 and execute following

docker@worker1:~$ docker exec $(docker ps — filter name=nginx -q) ls -l /run/secrets
total 4
-r — r — r — 1 root root 17 Feb 14 08:43 my_secret_data

Now I will scale the service to 3

docker@manager1:~$ docker service scale nginx=3
nginx scaled to 3
docker@manager1:~$ docker service ps nginx
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
q1dwnk2bv63t nginx.1 nginx:latest worker1 Running Running 10 minutes ago
qqdawh6ko0dm nginx.2 nginx:latest worker2 Running Running 1 second ago
xbac8ucqju3s nginx.3 nginx:latest manager1 Running Running 1 second ago

Now we can see the service is also running on swarm manager node as well. Lets see if it has the same secret. Execute the same command on manager node

docker@manager1:~$ docker exec $(docker ps — filter name=nginx -q) ls -l /run/secrets
total 4
-r — r — r — 1 root root 17 Feb 14 08:53 my_secret_data

Lets try and remove the secret from the service

docker@manager1:~$ docker service update — secret-rm=”my_secret_data” nginx
nginx

docker@manager1:~$ docker exec $(docker ps — filter name=nginx -q) ls -l /run/secrets
ls: cannot access /run/secrets: No such file or directory

docker@worker1:~$ docker exec $(docker ps — filter name=nginx -q) ls -l /run/secrets
ls: cannot access /run/secrets: No such file or directory

Lets now remove the service and secret we have created for evaluation

docker@manager1:~$ docker service rm nginx
nginx

docker@manager1:~$ docker secret rm my_secret_data
e0krhfllujxsnz6dunhrwpu2o