Is Red Hat / Fedora / Centos ready for lightweight Docker containers? Is Docker secure enough? How about SELinux? How could we deploy Jboss or Django within Docker / RHEL?
I gave this talk at DevOPS meetup in Krakow at 2014-02-26.
Orchestrating docker containers at scale (#DockerKRK edition)Maciej Lasyk
Slightly different version (original is here http://www.slideshare.net/d0cent/orchestrating-docker-containersatscale). This version was presented during first #Docker meetup in Kraków / Poland.
Orchestrating docker containers at scale (PJUG edition)Maciej Lasyk
Slightly changed version (original is here http://www.slideshare.net/d0cent/orchestrating-docker-containersatscale). This version was presented during Polish Java User Group meetup JavaCamp#13 in Kraków / Poland.
Orchestrating Docker containers at scaleMaciej Lasyk
Many of us already poked around Docker. Let's recap what we know and then think what do we know about scaling apps & whole environments which are Docker - based? Should we PaaS, IaaS or go with bare? Which tools to use on a given scale?
Orchestrating docker containers at scale (#DockerKRK edition)Maciej Lasyk
Slightly different version (original is here http://www.slideshare.net/d0cent/orchestrating-docker-containersatscale). This version was presented during first #Docker meetup in Kraków / Poland.
Orchestrating docker containers at scale (PJUG edition)Maciej Lasyk
Slightly changed version (original is here http://www.slideshare.net/d0cent/orchestrating-docker-containersatscale). This version was presented during Polish Java User Group meetup JavaCamp#13 in Kraków / Poland.
Orchestrating Docker containers at scaleMaciej Lasyk
Many of us already poked around Docker. Let's recap what we know and then think what do we know about scaling apps & whole environments which are Docker - based? Should we PaaS, IaaS or go with bare? Which tools to use on a given scale?
An introduction to Docker and docker-compose. Starting from single docker run commands we discover docker file basics, docker-compose basics and finally we play around with scaling containers in docker-compose.
Overview of Docker 1.11 features(Covers Docker release summary till 1.11, runc/containerd, dns load balancing ipv6 service discovery, labels, macvlan/ipvlan)
Docker Security: Are Your Containers Tightly Secured to the Ship?Michael Boelen
Docker is hot, Docker security is not? In this talk the risks, benefits and defenses of Docker are discussed. They are followed up by some best practices, which can you use in your daily activities. What is clear is that there is still a lot to do to get your containers secured.
Event: Docker Amsterdam Meetup - January 2015
This presentation was given by Michael Boelen, January 23rd at Schuberg Philis. The event was organized by Mark Robert Coleman with help of Harm Boertien. With a full house of people, Docker security was discussed.
About the author:
Michael Boelen is founder of CISOfy and researches Linux security to build tools and documentation, to simplify it for others. Examples are tools like Rootkit Hunter and Lynis, blog posts and presentations.
A Gentle Introduction To Docker And All Things ContainersJérôme Petazzoni
Docker is a runtime for Linux Containers. It enables "separation of concern" between devs and ops, and solves the "matrix from hell" of software deployment. This presentation explains it all! It also explains the role of the storage backend and compares the various backends available. It gives multiple recipes to build Docker images, including integration with configuration management software like Chef, Puppet, Salt, Ansible. If you already watched other Docker presentations, this is an actualized version (as of mid-November 2013) of the thing!
This the talk I gave at Docker Docker Docker Austin Cloud Users meetup in Austin on January 21st, 2014. The talk was about the use of Docker at Flux7 Labs (flux7.com). I chose to deep dive into one of the most interesting Internet of Things use cases: Implement multi-tenancy on Solar Panel Monitoring Solution using Docker.
CONTAINERS WORKSHOP DURING SAUDI HPC 2016 : DOCKER 101, DOCKER, AND ITS ECO SYSTEM FOR DISTRIBUTED SYSTEMS by Walid Shaari
This workshop will cover the Theory and hands-on of Docker containers, and Its eco system. The foundations of the Docker platform, including an overview of the platform system components, images, containers and repositories, installation , using Docker containers from repositories e.g. dockerhub, how to create a container using Dockerfile, containers development life cycle. The strategy is to demonstrate through "live demo, and shared exercise" the reuse and customization of components to build a distributed system case service gradually
http://www.hpcsaudi.com/
Short Introduction to Docker. These slides show the basic idea behind the container technology Docker. The slides present the basic features for the daily use with Docker, Docker Compose, Docker Machine and Docker Swarm.
Docker is specially important for DevOps, because it gives Software Developers more control about their dependencies in different environments.
Docker is popular open-source software containerization platform. It provides an ability to package software into standardised units on Docker for software development. In this hands-on introductory session, I introduce the concept of containers and provide an overview of Docker. Participants can learn important concepts in Docker step-by-step and learn by example by running commands with me. The main session involves using Docker CLI (Command Line Interface) covering all the key concepts such as creating images and managing containers. What is more, this workshop ends with a complete example of getting some amazing work done with ease using Docker. Presented in OSI Days '16: http://opensourceindia.in/osidays/workshops-osi-2016/
Real-World Docker: 10 Things We've Learned RightScale
Docker has taken the world of software by storm, offering the promise of a portable way to build and ship software - including software running in the cloud. The RightScale development team has been diving into Docker for several projects, and we'll share our lessons learned on using Docker for our cloud-based applications.
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewiredotCloud
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
I gave this talk during first Infosec meetup in Kraków/Poland on 13th March 2014. After viewing this presentation you'll know how and why you should use SELinux (or others LSMs).
How to use SELINUX (No I don't mean turn it off)Chuck Reeves
Why do we turn off NSA-grade security features? Well early on, SELINUX was complex and confusing. However, the pains of dealing with SELINUX are long gone. In fact, the tools for working with SELINUX have long improved are now so easy, anyone can configure the security layer. Even one bad chmod on a server can leave you vulnerable. However, when SELINUX is running, rogue processes will be prevented from running havoc. You'll learn how easy it is to use SELINUX and how (with little effort) you can configure and troubleshoot this amazing security feature. Stop leaving gaps in your infrastructure and turn it back on.
An introduction to Docker and docker-compose. Starting from single docker run commands we discover docker file basics, docker-compose basics and finally we play around with scaling containers in docker-compose.
Overview of Docker 1.11 features(Covers Docker release summary till 1.11, runc/containerd, dns load balancing ipv6 service discovery, labels, macvlan/ipvlan)
Docker Security: Are Your Containers Tightly Secured to the Ship?Michael Boelen
Docker is hot, Docker security is not? In this talk the risks, benefits and defenses of Docker are discussed. They are followed up by some best practices, which can you use in your daily activities. What is clear is that there is still a lot to do to get your containers secured.
Event: Docker Amsterdam Meetup - January 2015
This presentation was given by Michael Boelen, January 23rd at Schuberg Philis. The event was organized by Mark Robert Coleman with help of Harm Boertien. With a full house of people, Docker security was discussed.
About the author:
Michael Boelen is founder of CISOfy and researches Linux security to build tools and documentation, to simplify it for others. Examples are tools like Rootkit Hunter and Lynis, blog posts and presentations.
A Gentle Introduction To Docker And All Things ContainersJérôme Petazzoni
Docker is a runtime for Linux Containers. It enables "separation of concern" between devs and ops, and solves the "matrix from hell" of software deployment. This presentation explains it all! It also explains the role of the storage backend and compares the various backends available. It gives multiple recipes to build Docker images, including integration with configuration management software like Chef, Puppet, Salt, Ansible. If you already watched other Docker presentations, this is an actualized version (as of mid-November 2013) of the thing!
This the talk I gave at Docker Docker Docker Austin Cloud Users meetup in Austin on January 21st, 2014. The talk was about the use of Docker at Flux7 Labs (flux7.com). I chose to deep dive into one of the most interesting Internet of Things use cases: Implement multi-tenancy on Solar Panel Monitoring Solution using Docker.
CONTAINERS WORKSHOP DURING SAUDI HPC 2016 : DOCKER 101, DOCKER, AND ITS ECO SYSTEM FOR DISTRIBUTED SYSTEMS by Walid Shaari
This workshop will cover the Theory and hands-on of Docker containers, and Its eco system. The foundations of the Docker platform, including an overview of the platform system components, images, containers and repositories, installation , using Docker containers from repositories e.g. dockerhub, how to create a container using Dockerfile, containers development life cycle. The strategy is to demonstrate through "live demo, and shared exercise" the reuse and customization of components to build a distributed system case service gradually
http://www.hpcsaudi.com/
Short Introduction to Docker. These slides show the basic idea behind the container technology Docker. The slides present the basic features for the daily use with Docker, Docker Compose, Docker Machine and Docker Swarm.
Docker is specially important for DevOps, because it gives Software Developers more control about their dependencies in different environments.
Docker is popular open-source software containerization platform. It provides an ability to package software into standardised units on Docker for software development. In this hands-on introductory session, I introduce the concept of containers and provide an overview of Docker. Participants can learn important concepts in Docker step-by-step and learn by example by running commands with me. The main session involves using Docker CLI (Command Line Interface) covering all the key concepts such as creating images and managing containers. What is more, this workshop ends with a complete example of getting some amazing work done with ease using Docker. Presented in OSI Days '16: http://opensourceindia.in/osidays/workshops-osi-2016/
Real-World Docker: 10 Things We've Learned RightScale
Docker has taken the world of software by storm, offering the promise of a portable way to build and ship software - including software running in the cloud. The RightScale development team has been diving into Docker for several projects, and we'll share our lessons learned on using Docker for our cloud-based applications.
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewiredotCloud
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
I gave this talk during first Infosec meetup in Kraków/Poland on 13th March 2014. After viewing this presentation you'll know how and why you should use SELinux (or others LSMs).
How to use SELINUX (No I don't mean turn it off)Chuck Reeves
Why do we turn off NSA-grade security features? Well early on, SELINUX was complex and confusing. However, the pains of dealing with SELINUX are long gone. In fact, the tools for working with SELINUX have long improved are now so easy, anyone can configure the security layer. Even one bad chmod on a server can leave you vulnerable. However, when SELINUX is running, rogue processes will be prevented from running havoc. You'll learn how easy it is to use SELINUX and how (with little effort) you can configure and troubleshoot this amazing security feature. Stop leaving gaps in your infrastructure and turn it back on.
• Each SELinux access control model is simple, but actually
access control is more complex
• Red Hat puts a lot of effort into SELinux, policy and utils for
SELinux usability
– Enlarging default policy modules
– Encouraging Policy module system
– Analyzing and generating policies from access violation log
Meetup - Red Hat - Techtalks Copenhagen
What are containers, how do they work. and some details about RHEL Atomic
http://www.meetup.com/Red-Hat-Tech-Talks-DK/
The presentation delivered on "Containers in the Enterprise" as a part of the Australia & New Zealand Technical event series.
The presentation agenda:
● What are Linux Containers?
● Enterprise Challenges for Container Adoption and
How Red Hat Solves These
● Kubernetes Architecture in OpenShift 3
● Real World Container Adoption
● Red Hat's Container Roadmap
Containers have the potential to improve the security of typical deployments, but for many the argument has not yet been made convincingly. This talk will describe the existing security technologies around containers, and show how their use can make container-based systems more secure than the alternatives. It will then go further, describing new technologies that allow admins to have even greater confidence in the security of their systems, beyond anything possible with traditional deployment techniques.
In his previous talk, Paul talked about getting your system to work with SELinux. This involved setting the security on your files and directories so that they worked with SELinux. However, many people have customised their Linux installs and want SELinux to do what they say, not the other way around. Sysadmins in particular are not 'run of the mill' users, and they have different requirements to what typically comes out of the box. Situations such as serving web pages from NFS shares or non-standard directories, or installing applications in custom locations, need specialised configuration of SELinux in order to make it work with your needs.
This talk will deal with those situations. Fortunately for Sysadmins, much of the work in developing SELinux policies for Linux has focussed on their requirements. Paul will show you a few of the things behind
the scenes that make your job as a Sysadmin much easier and safer with SELinux.
This was a talk I did in Dublin at an event called Redefining the Enterprise OS Breakfast Briefing - How to meet next-generation IT demands for Linux Containers, Docker, Performance & Systems Management
http://techxperts.eu/events/redefining-the-enterprise-os-breakfast-briefing/
From the Amazon Web Services Singapore & Malaysia Summits 2015 Track 2 Breakout, 'Containerized Cloud Computing' Presented by Sivaram Shunmugam Manager, Infrastructure Practice - Redhat
Preparation study for Docker Event
Mulodo Open Study Group (MOSG) @Ho chi minh, Vietnam
http://www.meetup.com/Open-Study-Group-Saigon/events/229781420/
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Codemotion
In less than two years Docker went from first line of code to major Open Source project with contributions from all the big names in IT. Everyone is excited, but what's in for me - as a Dev or Ops? In short, Docker makes creating Development, Test and even Production environments an order of magnitude simpler, faster and completely portable across both local and cloud infrastructure. We will start from Docker main concepts: how to create a Linux Container from base images, run your application in it, and version your runtimes as you would with source code, and finish with a concrete example.
Il s’agit dans un premier temps de présenter Docker, ses cas d’usage et quelques bonnes pratiques d’utilisation.
Le but est de présenter Docker, son mode de fonctionnement et son écosystème.
Ce qu’il peut apporter et les pièges à éviter
https://github.com/kanedafromparis/prez-fabric8-dmp
Presentato al sesto WebMeetup del Machine Learning / Data Science Meetup Roma: https://www.meetup.com/it-IT/Machine-Learning-Data-Science-Meetup/events/273089965/
The Dockerfile Explosion and the Need for Higher Level Tools by Gareth RushgroveDocker, Inc.
Dockerfiles are great. They provide a zero-barrier-to-entry format for
describing a single Docker image which is immediately clear to anyone
reading them. But with that simplicity comes problems that become
apparent as your adoption of Docker gathers pace.
* Dockerfiles can inherit from other docker images, but images are not
Dockerfiles
* Dockerfile provides no built-in mechanism for creating abstractions,
so as usage grows identical or similar instructions can be duplicated
across many files
* The Docker APi exposes a build endpoint, but the API is very course,
taking Dockerfile as the transport rather than exposing the individual
instructions
* Dockerfiles are just that, files. So they can come from anywhere
The one layer per line in a Dockerfile limitation can lead to an
explosion of layers, which fail to take advantage of the promised
space and performance benefits.
An on-going presentation for the Docker workshop on how to integrate docker into Vagrant as a provider. In order to remove the requirement of having a VM, and speedup development environments. It also features Puppet as the configuration management system.
The code can be found in: https://github.com/npoggi/vagrant-docker
http://2016.foss4g.org/talks.html#146
Docker is a growing open-source platform for building and shipping applications as cloud services in so called containers. But containers can be more than that! Following the idea of DevOps, Dockerfiles are a complete scripted definition of an application with all it's dependencies, which can be build and published as ready to use images. As each container is only running "one thing" (e.g. one application, one database, a worker instance), multiple containers can be configured with the help of docker-compose.
More and more geospatial open source projects or third parties provide Dockerfiles. In this talk, we try to give an overview of the existing Docker images and docker-compose configurations for FOSS4G projects. We report on test runs that we conducted with them, informing about the evaluation results, target purposes, licenses, commonly used base images, and more. We will also give a short introduction into Docker and present the purposes that Docker images can be used for, such as easy evaluation for new users, education, testing, or common development environments.
This talk integrates and summarizes information from previous talks at FOSS4G and FOSSGIS conferences, so I'd like to thank Sophia Parafina, Jonathan Meyer, and Björn Schilberg for their contributions.
Dockerizing Symfony2 application. Why Docker is so cool And what is Docker? And what are Containers? How they works? What are the ecosystem of Docker? And how to dockerize your web application (can be based on Symfony2 framework)?
Streamline your development environment with dockerGiacomo Bagnoli
These days applications are getting more and more complex. It's becoming quite
difficult to keep track of all the different components an application needs in order to
function (a database, a message queueing system, a web server, a document
store, a search engine, you name it.). How many times we heard 'it worked on my
machine'?. In this talk we are going to explore Docker, what it is, how it works
and how much it can benefit in keeping the development environment consistent.
We are going to talk about Dockerfiles, best practices, tools like fig and vagrant,
and finally show an example of how it applies to a ruby on rails
application.
Similar to RHEL/Fedora + Docker (and SELinux) (20)
Slides from the talk I gave during 2014 edition of IT Night. This lecture is about working in terminal: from choosing a term through picking proper shell, applications and finally finishes on GitHub project which covers this talks' topics.
High Availability (HA) Explained - second editionMaciej Lasyk
I gave this talk at one of the biggest Linux conferences in Poland: 11 Liux Session that took place in Wrocław on 5/6-04-2014. It was a lightning talk covering subject of High Availability solutions, architecture, planning and deploying.
How could one create very sophisticated, open - source based monitoring solution that is very scalable and easy to deploy?
I gave this talk during on of the biggest Linux conferences in Poland: 11 Linux Session which took place in Wrocław on 5/6-04-2013
I gave this talk at Krakow/Poland DevOPS meetup. It was a lightning talk covering subject of High Availability solutions, architecture, planning and deploying.
How to run system administrator recruitment process? By creating platform based on open source parts in just 2 nights! I gave this talk in Poland / Kraków OWASP chapter meeting on 17th Octomber 2013 at our local Google for Entrepreneurs site. It's focused on security and also shows how to create recruitment process in CTF / challenge way.
This story covers mostly security details of this whole platform. There's great chance, that I will give another talk about this system but this time focusing on technical details. Stay tuned ;)
How to run system administrator recruitment process? By creating platform based on open source parts in just 2 nights! I gave this talk in Poland / Kraków OWASP chapter meeting on 17th October 2013 at our local Google for Entrepreneurs site. It's focused on security and also shows how to create recruitment process in CTF / challenge way.
This story covers mostly security details of this whole platform. There's great chance, that I will give another talk about this system but this time focusing on technical details. Stay tuned ;)
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
7. So.. why Docker?
Looking for some dev-env..
What about XEN/KVM/Virtualbox?
Maciej Lasyk, RHEL + Docker
3/16
8. So.. why Docker?
Looking for some dev-env..
What about XEN/KVM/Virtualbox?
So if looking for lightweight solution – why not LXC?
Maciej Lasyk, RHEL + Docker
3/16
9. So.. why Docker?
Looking for some dev-env..
What about XEN/KVM/Virtualbox?
So if looking for lightweight solution – why not LXC?
Answer is simple – LXC is sitting on lower level
And also – it need more sysop work
Docker just works – it's simpler so devs are :)
Read this for more:
http://stackoverflow.com/questions/17989306/what-does-docker-add-to-just-plain-lxc
Maciej Lasyk, RHEL + Docker
3/16
13. So.. why RHEL/Fedora?
No it's not about flame ;)
RHEL (CentOS) just does the job like Ubuntu / Debian / Gentoo...
Maciej Lasyk, RHEL + Docker
4/16
14. So.. why RHEL/Fedora?
No it's not about flame ;)
RHEL (CentOS) just does the job like Ubuntu / Debian / Gentoo...
Oh maybe in a more mature & stable & secure way
Maciej Lasyk, RHEL + Docker
4/16
15. So.. why RHEL/Fedora?
No it's not about flame ;)
RHEL (CentOS) just does the job like Ubuntu / Debian / Gentoo...
Oh maybe in a more mature & stable & secure way
CVE-2014-0038 & https://github.com/saelo/cve-2014-0038
“Red Hat has previously been paged by its users to enable x32
support in Fedora 18; however, it refused to include it, citing
security concerns.
It affects every user by potentially exposing them to as-yetunfound security bugs for zero gain," Red Hat kernel developer
Dave Jones said at the time.
"In addition to this, it increases the potential attack surface for all
users, 99.9 percent of which will never even use this feature unless we
enable it for additional packages."
Maciej Lasyk, RHEL + Docker
4/16
17. Unprivileged containers - we should talk about it @Infosec
More important – ready for production!
Maciej Lasyk, RHEL + Docker
5/16
18. A little bit of Fedora/RHEL + Docker history
Fedora/RHEL:
first request: 2013-08-23
rls: 2013-11-28/docker-io-0.7.0-6.fc20 (Fedora + EPEL 6)
https://bugzilla.redhat.com/show_bug.cgi?id=1000662
Maciej Lasyk, RHEL + Docker
6/16
19. A little bit of Fedora/RHEL + Docker history
Fedora/RHEL:
first request: 2013-08-23
rls: 2013-11-28/docker-io-0.7.0-6.fc20 (Fedora + EPEL 6)
https://bugzilla.redhat.com/show_bug.cgi?id=1000662
What had to be done?
AUFS replacement with device-mapper (SELinux)
libvirt-lxc in order to integrate with libvirt
Openshift integration (RHEL PaaS)
http://blog.docker.io/2013/09/red-hat-and-docker-collaborate/
Maciej Lasyk, RHEL + Docker
6/16
20. Current status of Docker / RHEL / Fedora
Maciej Lasyk, RHEL + Docker
7/16
21. Current status of Docker / RHEL / Fedora
Fedora 19/20/RawHide + Epel 6:
lxc-0.9.0-2.fc20.x86_64
docker-io-0.8.0-3.fc20.x86_64
https://github.com/dotcloud/docker
v.0.8.1
https://github.com/lxc/lxc
lxc-1.0.0
Maciej Lasyk, RHEL + Docker
7/16
31. Internal docker registry / shipyard
So we'd like to host our own registry
https://github.com/dotcloud/docker-registry
yum install docker-registry (epel: 0.6.3, github 0.6.5)
Maciej Lasyk, RHEL + Docker
12/16
32. Internal docker registry / shipyard
So we'd like to host our own registry
https://github.com/dotcloud/docker-registry
yum install docker-registry (epel: 0.6.3, github 0.6.5)
or just use this samalba/docker-registry
Maciej Lasyk, RHEL + Docker
12/16
33. Internal docker registry / shipyard
So we'd like to host our own registry
https://github.com/dotcloud/docker-registry
yum install docker-registry (epel: 0.6.3, github 0.6.5)
or just use this samalba/docker-registry
Collaboration?
docker export internal_registry > internal_registry.tar
gzip internal_registry.tar
mv internal_registry.tar.gz /vagrant
Or simply host it ;)
Maciej Lasyk, RHEL + Docker
12/16
34. Docker + SELinux
f20 policy:
https://git.fedorahosted.org/cgit/selinux-policy.git/tree/docker.te?h=f20-contrib
What's there?
seinfo -t -x | grep docker
sesearch -A -s docker_t (and the rest)
or just unpack docker.pp with semodule_unpackage
Maciej Lasyk, RHEL + Docker
13/16
35. Docker + SELinux
f20 policy:
https://git.fedorahosted.org/cgit/selinux-policy.git/tree/docker.te?h=f20-contrib
What's there?
seinfo -t -x | grep docker
sesearch -A -s docker_t (and the rest)
or just unpack docker.pp with semodule_unpackage
How to use it?
man docker_selinux :)
Maciej Lasyk, RHEL + Docker
13/16
36. Docker + SELinux
f20 policy:
https://git.fedorahosted.org/cgit/selinux-policy.git/tree/docker.te?h=f20-contrib
What's there?
seinfo -t -x | grep docker
sesearch -A -s docker_t (and the rest)
or just unpack docker.pp with semodule_unpackage
How to use it?
man docker_selinux :)
Remember about permissive domains!
It's only in targeted policy (not for MCS)
Maciej Lasyk, RHEL + Docker
13/16
38. And seriously...
Do you know this guy?
So he has something to tell you...
http://www.youtube.com/watch?v=o5snlP8Y5GY
Maciej Lasyk, RHEL + Docker
14/16