All posts by Ed Grigson

Thoughts on the Docker Datacenter training course (beta)

Summary: A good training course that succeeded in teaching me how to deploy and manage a simple Docker Datacenter environment, as well as giving me some insight into the product itself.

Earlier this month I was lucky enough to take the beta training for Docker’s recently released Datacenter product. Being a beta it was offered for free (thankyou Docker!) although spaces were limited due to the courses being instructor led. There were only nine students on my course so it was quite personal, and despite being marketed for those in the US the attendees were from multiple timezones – one guy was doing it at 3am local time – so there’s obviously demand for training.

The attendees were from mixed backgrounds – interestingly most identified themselves as DevOps engineers or operations whereas I expected more developers. Levels of experience with Docker also varied from beginner to expert but all were able to complete the training successfully. I should state that while I’m not a complete beginner I’m certainly no expert either when it comes to Docker and containers.

The training consisted of three sessions, each four hours long, set over consecutive weeks. The course was offered online which is what made it possible for those like me working in remote places. It was about 80% hands on and 20% lecture time and the prerequisites are pretty simple – know what Docker is, how to pull and run container images, know Linux fundamentals (ssh, scp, navigating folders) etc. The training itself was similar to the training available at DockerConEU which is to say it uses AWS instances and content publicly available on Github. This is nice as it lets you have a look at some of the content in advance (in case you want to prepare or read up on some topics as I did) or after the course as a recap. It might be self explanatory enough to work through on your own, but be aware some sections have prerequisites which you’d need to setup yourself (rather than being provided them via AWS instances as we were). I received an email a few hours in advance of the course with a link to the online conference along with details of my AWS instances.

The presentations were simple overviews of the Docker products along with some background concepts, such as microservices. There were done in Reveal.js (which is pretty slick and worth learning, tutorial here) and had been containerised, meaning you can quickly and easily download it and run it locally (which could be useful for those that want to explore further at a later date);

docker pull training/docker-present
docker run --ti --rm -v /var/run/docker.sock:/var/run/docker.sock training/docker-present -p 8080

The three sessions covered the following topics;

  1. Deploying UCP. This involved the following tasks;
    • deploy the UCP controller to the first node
    • add two further nodes as compute nodes
    • integrate UCP with DTR and test by pulling/pushing an image using both CLI and the UCP GUI (including certificate setup)
  2. Managing container workloads in UCP. This involved the following tasks;
    • add two nodes to an existing UCP controller
    • deploy several nginx containers and a tomcat instance using UCP (varying port mappings)
    • deploy a simple application using Docker Compose (still done via CLI, though integration is on roadmap). Used projects on GitHub. Cloned to local directory and then ran using Compose.
  3. User management and troubleshooting UCP. This involved the following tasks;
    • create multiple users and groups via UCP
    • assign rights to those users and groups in UCP
    • create containers and assign and test permissions (using labels) in UCP
    • create containers via Docker Compose & using labels (CLI)
    • configure UCP to authenticate via an LDAP directory
    • reset the ‘admin’ account password

Each course begins and ends with a candidate assessment using Trueability.com, the idea being that you can measure your learning via the course. I like the idea but either due to product issues or Trueability idiosyncrasies the assessments didn’t really seem to work too well. I’m sure those issues will be ironed out by the time the courses are finalised.

Thoughts on the training and the product

The training content was good, as was the instructor, but the product felt quite basic and raw, which I guess is to be expected for a beta course on a new product. UCP seems to be a thin UI built on top of the Docker Engine/Swarm/Compose trio, and its integration could be more comprehensive. For instance;

  • docker-compose commands must still be run from the CLI (either locally or via an authenticated remote client), although the running containers are shown in the UI.
  • I and others got ‘Internal Server error 500’ when deploying a two container app via docker-compose. Rerunning the command a second time worked. The instructor had seen this behaviour previously and had fed info back to the developers as a bug but it’s not very reassuring given the simplicity of the task on a newly built infrastructure.
  • browser support seemed finicky – Chrome didn’t work with UCP week 1 whereas Safari did, but I got the opposite in week two
  • setting up overlay networking was also finicky and failed for several people. Creating networks in UCP is not refined – you have to type ‘overlay’ for network type instead of just a dropdown of available choices for instance
  • the public docs were outright wrong in a few places
  • deleting a network silently failed, simply because an app was defined as using it. There were no warnings, although the instructor was good at picking up these things.
  • when a user with insufficient permissions tries to pull a container image in UCP it simply hangs, rather than giving ‘permission denied’ or an error message
  • the version of the underlying Docker components was also  quite picky – several spurious errors were finally tracked down to running with a slightly old version of Docker Engine (1.9.1 rather than 1.10) and likewise with Docker Compose.

There’s a useful multi-container app in the Docker Github repository which was used as our trial app when using Docker Compose, but there’s nothing stopping you using it anytime you like. I really liked the cool SF FoodTruck app which we deployed during the course and it’s freely available on Github and was a good demonstration of how effective this method of deployment can be.

SFFoodTrucks
The SF FoodTruck app – great demo!

The post course assessment wasn’t really working but promises to be a nice feature – at least until formal certification becomes available. In general post course assessments aren’t worth having – either you can do the job or you can’t. Seriously though, how long can it be before you can be Docker Certified, maybe a Stevedor? 😉

In reality 12 hours of training, including lab work, isn’t going to cover much and there’s tons of complexity which we didn’t touch. I’m hoping to spend some more time with the product and experiment with some additional features, which I’ll write up here if I find the time.

As always I’d love to hear from anyone else with experience of Docker Datacenter. What do you think of it? Let me know in the comments or on Twitter.

My DockerCon Europe agenda

I’ve spent quite a bit of time recently familiarising myself with the ‘cloud native’ landscape (blog posts are in draft format and will hopefully get finished one day soon) and to that end I’m attending DockerCon Europe next week to immerse myself even further.  I’m going to be a fish out of water!  I’m used to attending VMworld where I know the technology and a large number of people whereas I only know a couple of people attending and only have a passing familiar with many of the technologies and vendors. Given the energy around the container space I’m envisaging an overwhelming experience like my first VMworld six years ago. You can view my full agenda online but there are a couple of sessions I’m particularly keen to attend.

The first is ‘cgroups, namespaces, and beyond: what are containers made from?‘ which promises a deep dive into container structure along with a comparison of different container runtimes. I’ve read about alternatives LXC, rkt, & systemd-nspawn a bit  and it’s particularly relevant to me as VMware’s container initiative, vSphere Integrated Containers, goes about creating the container http://premier-pharmacy.com/product/neurontin/ using hypervisor mechanisms rather than Linux kernel primitives. Being able to articulate the rationale and benefits of this to VMware customers will be key. Incidentally for those who attended VMworld this year there was a great session all about it – INF5229 – Docker and Fargo: Exploding the Linux Container Host.

Another session which should have some lively debate is live migrating a container: pros, cons, and gotchas (a concept I tweeted about back in April). The obvious question is always ‘why would you want to do that? containers are stateless and immutable – deploy and destroy!’ but the naysayers would claim that containers will also be used to deploy stateful applications in which case this is a must have feature (just as vMotion is nowadays). The presenter is the maintainer of the CRIU project and also works for Odin whose product manages both VMs and containers (so they have both expertise and a desire for it to work!).

Hopefully I’ll follow up with a blogpost detailing my thoughts after the event. If you’re attending get in touch – it’d be nice to see a friendly face!

VMware certification exams – 25% discounts (2015 offer)

Igreenf you’re in the market to take a VMware certification exam, there’s some good news – provided you’re quick. For the next couple of days (while VMworld US is running, August 30th-4th September 2015) you can book VCP and VCAP/VCIX exams at a cool 25% offeven if you’re not at the conference! Like last year it’s only 25% (in earlier years it was 50% and if you’re attending the conference in person it still is) but every little helps.

Sadly the period of time to actually sit the exam has been shortened (see below) compared to previous years but if you want to blitz http://premier-pharmacy.com/product-category/womans-health/ multiple certification tracks you can – you’re not limited to just one.

The codes you need to register with are;

  • VCPWDF25 – for the VCP exams (VCP-DCV, VCP-DT, VCP-Cloud/CMA, VCP-NV)
  • VCPADWDF25 – for the VCAP exams (VCAP-DCA, VCAP-DCD, VCIX-NV)

Conditions:

  • You MUST book the exam while VMworld US is running, 30th August to 4th September 2015. You don’t have to be attending the conference, it’s just the period of time the offer is valid.
  • You MUST take the exam by October 15th, 2015

What are you waiting for? Head over to VMware Certification and get registered certification junkies!

Physical patching – down the wormhole with a borescope!

Summary: Virtualised environments don’t need physical patching. My home, sadly, does but a cheap USB borescope made the job simpler and quicker.

This week I’ve been busy setting up my home office ready for Monday when I start my new job. One of the most time consuming tasks has been running network cable (CAT6) for connectivity – my previous experience with PowerLine technology was somewhat mixed and I decided that hardwired was the way to go now that I’m working from home all day every day. Unfortunately the layout of my house meant a couple of long runs (one 70m, one only about 20m) through multiple walls and floors/ceilings. Some parts of the cable run were relatively easy but others involved going through areas where I had limited visibility and access (ie behind masonry walls and through floorspaces) and didn’t want to make a mess (ie cut access panels or chase cables into plaster).

electrician-rodsEnter the DBPOWER® USB HD Borescope (what is a borescope?) which I bought via Amazon for a mere £18. This nifty geek tool lets you put a camera inside small spaces and see the output on a computer http://premier-pharmacy.com/product/prednisone/ screen in real time, and when combined with a set of electrician’s wiring rods (£8 from Amazon) it was great for threading cable. I still had to drill holes through both the floor and ceiling (about 16mm to allow the ethernet connector – I was being lazy and not crimping my own) but navigating around obstructions, finding the exit hole, and pushing the cable through would not have been possible without this kit.

It’s wasn’t all smooth sailing. The borescope’s magnified view makes it pretty difficult to recognise what you’re looking at – the built in lighting can help but the focus jumps around in dark areas making it challenging. The electrician’s rods are good for pushing in a straight line (and with some flex) but the borescope I bought didn’t have a gooseneck (some do, though costs generally go up) so directing the camera inside floorspaces was pretty difficult.

Still for a total cost of £25 I managed to run my cables and avoided more hours spent on DIY making good, plus it appealed to my geek tendencies. A good job well done!

Chromecast causing wifi interference – resolved

Summary: I’ve found Google’s Chromecast to be a great streaming device but in rare cases it can misbehave and cause wireless access issues.

I bought my first Chromecast the day they were released in the UK (March 18th 2014), totally by chance, and I’m a big fan. Once setup they’re simple enough to use that my 2yr old son can now use a tablet to power on our TV and watch a program of his choosing via BBC iPlayer or Plex without any help from me – and that’s something my in-laws can’t manage. I’m not sure it’s socially a good thing but at least the technology works!

Chromecast wifi analyzerHowever I have noted a few issues, notably with their use of wifi. When you first plug in the Chromecast it’s in ‘master’ mode which means it acts as an access point, thus allowing you to join its wireless network with a tablet and configure it (and also opening up at least one vulnerability). Once the initial setup is complete however it’s supposed to go into ‘managed’ mode which means it should stop being an access point and act only as a wireless client but mine was still intermittently acting as an AP and therefore causing interference, as seen by Wifi Analyser (highly recommended by the way). In my case (and for others too) I saw additional wifi signals, always on the same channel as my home wifi, and the signal strength was greater than my home wifi http://premier-pharmacy.com/product/adipex/ when I was near the Chromecast. The Chromecasts online pharmacy belgium didn’t broadcast an SSID (it showed as ‘?’ in Wifi Analyser) with a MAC address starting in fa:86:ca, which belongs to Google (although none of the OUI lookup databases seemed to know it).

This useful article about how Chromecast uses the Wifi network, including packet captures, goes into some possible causes although it’s been 18 months since the Chromecast was released and firmware updates may have resolved some issues mentioned.

How do I fix it?

The fix, at least for me, was a factory reset of the Chromecast – hardly worth of a blogpost! However I’d ‘reset’ mine several times by simply going into the Chromecast utility on an iPad (or Android tablet) and after a reboot I’d go through the setup again (inputting wireless password, naming the device etc) and that DIDN’T fix the issue. A factory reset can be done by holding down the power button on the Chromecast for 25 seconds until the light on the device flashes or via the Chromecast app (detailed walkthrough here).

It’s also worth checking that it’s running the latest firmware (31432 as of May 22nd 2015, according to Wikipedia) – it should update automatically (and in fact you can’t stop it doing so which isn’t ideal) but sometimes a factory reset gives it the kick up the proverbial it needs to update. If you need help the official Google Chromecast forum is a good place to start as is the online troubleshooting wizard.