Blog of Guy Crets

CentOS on WSL2

2021-04-04T17:39:00.000+02:00

The CentOS Linux distribution is a stable, predictable, manageable and reproducible platform derived from the sources of Red Hat Enterprise Linux (RHEL). The CenOS distribution is quite popular in my professional life.

Having switched to WLS2 - Windows Subsystem Layer - on my local machine, I was lacking CentOS. According to the docs, WLS2 can import whatever Linux distro one prefers.

But I found WSLDL the more trivial option. With support for many distros. For CentOS, simply download CentOS-WSL and off one goes.

Take Apigee X for a spin

2021-02-15T09:11:00.011+01:00

Apigee X is the latest product version of Google's Apigee API Management platform. Adding a 4 product version next to Apigee Edge (SAAS), Apigee for Private Cloud and Apigee Hybrid. Apigee X is best described as a version of Apigee Hybrid that is (almost) fully managed by Google.

There is a free evaluation version available. One only needs a (free) Google Cloud account. Took it for a spin on a snowy Sunday afternoon.

The suggested way to get started with Apigee X is the Apigee Evaluation Setup. But if you want to experiment with API proxies that are publicly available, better use the apigee-ngsaas-trial-install.sh script.

Create a Google Cloud project and assign the Apigee Organization Admin role to yourself.

Then simply start the script. One attention point when using the Cloud Shell terminal: the script takes a long time to execute, causing your shell to close. I solved this by restarting the script after the organization was provisioned. Then opening the Apigee console.

Configured an API proxy "httpbin" pointing to http://httpbin.org/ for my project (apigee-x-2021 with LB IP 34.117.205.203).. And invoke the API proxy:

curl -k -v https://apigee-x-2021-eval.apigee.net/httpbin/uuid \

--resolve "apigee-x-2021-eval.apigee.net:443:34.117.205.203"

There are limited costs related to the use of this Apigee X eval. A number of objects are created by the script on GCP to expose the API proxies publicly. Estimated cost for these components is €0,07/hour. The Apigee X trial itself is of course free.

2 VM instance (apigee-envoy-xxxxx)
Instance group (apigee-envoy-europe-west1)
Instance template (apigee-envoy-europe-west1)
Forwarding rule (apigee-envoy-https-lb-rule)
Load balancer (apigee-envoy-proxy-map)
With backend (apigee-envoy-backend)
Target proxy (apigee-envoy-https-proxy)
SSL cert (apigee-ssl-cert)
Static IP address (lb-ipv4-vip-1)

From WS-Security to API Message Security?

2021-02-13T19:52:00.002+01:00

API Management - and application integration in general - go hand in hand with good security practices. It is crucial to protect the message exchanges between all the systems we link together. This article focuses on the integrity of API requests and responses. Where we still lack a broadly accepted approach or standard.

From XML Signature to WS-Security

The XML spec (1998) was created with a lot of related specifications such as XPath (1999). On the security side, XML Signature (2002) and XML Encryption were rapidly available. These standards were the foundation for WS-Security, with it's most relevant use case, the X509 Token Profile (2004).

XML Signatures have some great features:

Embedded within the XML document itself (detached also supported)
Normalization of the message before calculating the hash, the "canonicalization" or C14N
Specific parts of the XML message can be signed
Multiple signatures of parts of single XML document

BTW, best book ever on WS-Security and related remains "Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption".

JSON Message Level Security

On the JSON side, we have the JSON Web Signature (JWS) spec (RFC7515, 2015). JWS is the basis for JSON Web Tokens (RFC7519). Although a JSON canonicalization standard exists - albeit not very popular - with JSON Canonicalization Scheme (RFC8785), the JWT spec opted to base64 encode the message, turning JSON into non-JSON.

JWT or jot tokens are well supported and very useful for JWT tokens, e.g. the identity tokens of OpenID Connect.

API Message Level Security?

In the API world, SSL/TLS is the foundation for secure exchange of information. There is no tendency whatsoever to apply protection on the request or response level. A bit weird, where 15+ years ago we went through great lengths to protect XML messages while going over multiple network hops. In the API world, we seem to believe that there is only a single network hop between client app and back-end API? No API Management or other components along the road?

There is no standard (approach) yet to provide message level protection of our API requests and responses. Where "message body" is the resource representation of and API responses or the request body with HTTP POST, PUT or PATCH verbs.

The draft HTTP signatures RFC is an important step for message level API security. Where HTTP headers are being signed. And where the body can be included in that signature by adding the hash of the body as a Digest header cf. RFC3230,

The Signing HTTP RFC has difficulty getting "finished". The "old" Signing HTTP Messages draft RFC is now being succeeded by the new draft Signing HTTP Messages RFC. A lot of topics for discussion remain. With an important one missing: reference to JWKS or X509 client certs (x5c) for signature verification.

Where is the "API Security" spec?

But where is the overarching approach? Where HTTP signing includes the message body, with canonicalization based on the content-type: JSON C14N, XML C14N or other? Where is the successor of WS-Security in the API world?

And as a nice extra: where is the successor of Web Services Security X.509 Certificate Token Profile so we can continue using X509 client certs as alternative for JWKS?

Cloud Ready Containers with WSL2

2021-01-30T15:31:00.000+01:00

RedHat OpenShift is a popular, enhanced and extended version of Kubernetes. Available on numerous platforms, also locally as Cloud Ready Containers (CRC).

Have been fighting a bit to get the combination of CRC with WSL2 working on my Windows machine. Wasn't able to reach the OpenShift cluster form my WSL2 Linux machines.

Big thanks to colleague Stefaan De Geyter of sister company FlowFactor for hinting me the Set-NetIPInterface command. The Set-NetIPInterface -Forwarding Enabled command allows WSL2 to interact with the CRC VM.

Execute the below commands from PowerShell as Administrator:

Get-NetIPInterface | where {$_.InterfaceAlias -eq 'vEthernet (Default Switch)'} | Set-NetIPInterface -Forwarding Enabled

Get-NetIPInterface | where {$_.InterfaceAlias -eq 'vEthernet (WSL)'} | Set-NetIPInterface -Forwarding Enabled

To double check that forwarding is enabled:

Get-NetIPInterface | select ifIndex,InterfaceAlias,AddressFamily,ConnectionState,Forwarding | Sort-Object -Property IfIndex | Format-Table

One drawback: after wake-up or reboot, need to enable forwarding again, a known issue.

As such one can install the OpenShift command line tools on WSL2 Linux instances and happily "oc" against the the local CRC cluster.

Service Mesh - Event Mesh??

2019-01-15T13:55:00.000+01:00

Service Meshes and Istio in particular are the next step in modern software platforms. They further standardize the runtime platform and help abstract the underlying layers.

Now service meshes strongly focus on synchronous request/reply (request driven) interactions. Their data plane is based on advanced usage of proxies, Envoy in case of Istio. Primarily protocols are HTTP 1.1 and 2.0, with some gRPC.

But a micro services architecture also requires event driven communication. Some question/idea that came up: why not use a messaging solution (pub/sub and/or queuing) as the data plane of a service mesh?

Multiple types of messaging systems exist: compliant with the JMS API, compliant with the AMQP protocol or modern incarnations such as Kafka or NATS.

Event Mesh (source: Solace.com)

While searching around, couldn't find much support for such "event mesh". Solace is a lesser known vendor of messaging solutions that talks about its event mesh in its blog and positions it as an offering. But couldn't find information on how to use Solace's product as a data plane for in a service mesh such as Istio or Linkerd.

Strange that no other vendors or initiatives talk about using a Message Oriented Middleware (MOM) as the data plan of a service mesh. It is common practice in the integration world to switch from http to messaging inbound. And leverage light weight integration platform as ingress for a service mesh?

Kubernetes in Action

2018-09-21T11:15:00.000+02:00

Kubernetes is becoming a very popular platform to manage containers. There is a consensus in the i8c team that the book Kubernetes in Action is really a great way to dive into the matter. By reading the book, one also grasps the complexities of Kubernetes.

Interesting to see how all the big names
Google, Amazon, Microsoft, IBM, Pivotal, Redhat support the Kubernetes platform in their respective clouds and on-premise. The list of Kubernetes Certified Service Providers is extensive.

Also integration platforms are being containerized, e.g. TIBCO BusinessWorks Container Edition or IBM AppConenct Enterprise. But other vendors in the integration space are taking this direction as well: multiple lighter-weight integration engines running a limited number of integration flows. Whereby containers can run distributed on-premise and in different clouds.

Marrying API management with Istio

2018-09-18T09:00:00.000+02:00

Istio is a service mesh on top of Kubernetes. Istio assists with the securing, managing and monitoring the communication between microservices.

The two main drivers behind Istio, IBM and Google (Apigee) both have a strong API Management solution. IBM comes with API Connect, Google with Apigee. Now both IBM and Google are definitely going to bring their API Managemet solution together with Istio.

Apigee has already released a "Apigee Adapter for Istio" that we successfully took it for a spin.

IBM is releasing papers describing API + Microservices Management as the perfect marriage.

A topic to closely monitor as it brings enterprise API Management and Micro Services together!

Apigee API Mgt ~ SAP API Mgt

2018-09-15T14:20:00.000+02:00

API Management is booming. The i8c team works with many API Management solutions. Personally I'm more involved with IBM's API Connect and Google's Apigee.

SAP's API Management is an OEM version of Apigee. By subscribing to the free openSAP training "SAP Cloud Platform API Management", I got triggered to actually put my hands on SAP's API Management solution.

Although both products are fundamentally identical, they definitely look different, see screenshots below. But there are other differences as well:

SAP focuses (of course) on exposing SAP back-end systems and the use of OData and SAP Gateway
SAP comes with the concept of Templates, a number of preset policies that can be copied into an API proxy
SAP renamed Edge Management UI to API Portal
Apigee is also available on-premise with their Edge for Private Cloud, SAP API Mgt isn't
SAP integrates with its API Business Hub
Apigee seems much cheaper: SAP charges €150 for 1 million API calls, Apigee charges $500 for 15 million API calls (per month, Sept 2018)

Looking forward to learn more about SAP's API management during the free openSAP training. And also curious to see if SAP will go its own way yes or no. For now, they are still very similar on the inside but looking different on the outside.

MoCA for better connectivity

2017-11-04T17:10:00.002+01:00

At our 20 year old house, there was no UTP cabling and is almost impossible to install it., Quite a pitty. Solution was wireless and broadband over power line, with Netgear Powerline AV500.

But with COAX for TV in almost every room, installed MoCA adapters. And now very good and stable Internet connectivity.

Should have done this way earlier!

SAP + Google: how about Apigee API Management?

2017-03-20T10:21:00.002+01:00

SAP and Google have announced a partnership. First impression is that SAP will leverage the Google Cloud Platform as an underpinning for its

As Google has just acquired the API Management solution Apigee and SAP is an OEM customer of Apigee, what impact will this have on SAP's API Management offering?

And 2nd question: will SAP Cloud Integration also become available on Google's cloud platform?

Interesting times.

Capturing HTTP requests in an cloud world

2017-03-14T21:42:00.003+01:00

While integrating with Salesforce, had an issue getting the authentication right. What is that cloud integration platform actually sending to Salesforce? How to get a look into the message on the wire?

Simple but efficient solution, pick one of the many free HTTP endpoints. Point to the temporary URL, send the message and get all the info on HTTP headers and payload. So trivial and easy.

The legal side of integration

2017-02-20T12:35:00.002+01:00

Very interesting news in the press the last couple of days. The Salesforce system of the beverages company Diageo allows a large group of users to access data in back-end systems, including SAP ERP. Because of the named user license model of SAP, British court has ruled that a fee must be paid for each user of the Salesforce system. A little known aspect of integration: legal! Actually, the integration between Salesforce and the on-premise SAP and Oracle systems was handled by SAP PI.

Interview by AdeptEvents

2017-02-15T17:42:00.000+01:00

Regularly I give public workshops on the topic of Application Integration in Belgium via SAI and in the Netherlands via AdeptEvents. A video interview about my workshop and the topic of application integration has just been released by AdeptEvents. Enjoy!

IBM Watson Customer Engagement

2017-02-11T16:50:00.003+01:00

A few weeks ago, attended a big IBM training event about IBM's e-commerce offering. During the conference, a new brand name was released: "Watson Customer Engagement". My primary interest were the B2B integration solution of IBM, that are part of this suite and fall under the category "Watson Supply Chain".

IBM has an extensive range of products that are part of it's Watson Customer Engagement offering: obviously e-commerce or "Digital Commerce", but also Order Mangement, procurement, digital marketing, customer experience analytics and much more. There is even a specific product to have an overview of all available stock across all warehouses and stores.

My focus was rather on IBM's offerings for B2B integration and Managed File Transfer (MFT). Sterling B2B Integrator is the core product on which the Sterling File Gateway builds further to provide a user-friendly Managed File Transfer solution.

Maybe not well known, but IBM also has a very extensive B2B integration network called the IBM B2B Collaboration Network.

Everyone of the IntegrationDesigners team (IBM integration team of the Cronos group) gets his turn to attend events and conferences. Already had the IBM cloud conference in Madrid in October 2016 and now this conference in Las Vegas, Nevada.

Trip to Las Vegas was quite a hell: snow on the road to Brussels airport, more than an hour wait in the plane before take-off in Brussels, very late arrival in New York because of snow, missed connecting flight, long queue to re-book to another flight, just-in-time to get on the last plane to Las Vegas, long wait in the plane to be de-iced, ... Such 28 hour trip is pretty tiring.

By: Guy

Remote Service API Design

2016-11-13T15:35:00.004+01:00

With the longer weekend (Friday Nov 11 is a public holiday in Belgium, to remember the end of WW I) took some time to watch some sessions from the Devoxx conference that has just finished. The talks are already available on Youtube! Great content: Microservices, Reactive, Netty, Kafka messaging, Docker, ... With this conference almost in my backyard, will have to free up some time next year to attend again myself.

One talk immediately drew my attention: "Effective Service API Design" by Elliott Rusty Harold. I know Elliott an XML guru. Remember being at the speaker's table with him at XML DevCon in London back in 2001 where I presented "Understanding SOAP".

Some thinks I picked up:

"Contract first" >> "Documentation first"
Start small (MVP Minimum Viable Product, YAGNE You Ain't Gonna Need It)
Leverage the URL, not everything
Prefer idempotency
Use standards: UTF-8, standard data/date formats, standard decimals with 2 digits
Avoid required data elements
Deprecation policy, how long to keep the old API, 2 year notice is good
Plan for versioning: easier without schema's but with optional fields
No assumption about use of client code/library, developers will often not use those
If you build client code/library, develop it by hand and do not generate it
Authentication and authorization remain a challenge
Performance!

Although a good talk, would have hoped for some more specific guidelines.

Effective Service API Design by Elliotte Rusty Harold

At the start of the presentation, Elliott clearly makes the difference between the local "library API" (e.g. the JDBC API with the java.sql package) and "Remote API" or "Service API". Great definition by the way: a network service (almost always a server) by which programs communicate with a bundle of funcitonality provided by code owned by somone else, running on their computer (not yours).

Thanks to the Devoxx team and Stephan Janssen to publish this great content for free!

Reactive programming, the old way

2016-11-13T13:22:00.002+01:00

Reactive programming is the new hit: applications work with a non-blocking, asynchronous programming model. Use of multi-threading is none or very limited. The reactive program responds to messages or events that come in via callbacks. These messages must be handled as quickly as possible, never blocking themselves while being processed.

Made me think of a fun project I was involved with in 1999 and 2000: "GSL", the Generic Service Layer" at Rabobank. We developed an integration layer (by Gartner defined as a "Super API") based on the message passing product Netweave. And this product was completely based on callbacks and a reactive programming model.

Pre-dating XML and with maximum message buffer size of 32K on CICS, we defined our own message format. The messages had a tree structure in a proprietary, textual format. The GSL API allowed the creation, sending, receiving and parsing messages.

All the main platforms were supported: IBM CICS, Tandem (Guardian), AIX Windows NT and AIX. Communication was supported in all directions. So yes, a COBOL CICS program could invoke an ActiveX component on Windows. Code was written in C (and bit of C++). Most often the IBM mainframe and Tandem would be the actual servers.

An old code snippet from those days. This piece of C code writes a buffer back to a client application.

void loclSend(client_t * pClient, size_t szBuf, char * pBuf)
{
NWDS_ERRNO retcode ;
NWDS_CALL_BACK complete ;

/* write data to client process */
complete.procedure = loclSendComplete ;
complete.context = (NWDS_CONTEXT) pClient ;
retcode = nwds_ipc_write(pClient->hLocl
,(NWDS_SIZE) szBuf
,(void *) pBuf
,NULL
,&complete) ;
if ((retcode == NWDS_PENDING) ||
(retcode == NWDS_SUCCESSFUL))
lcTraceHdr('I', 'S', pBuf, szBuf) ;

if (retcode != NWDS_PENDING)
loclSleepCallback(&complete,retcode) ;
}

The write of the buffer is executed with ndws_ipc_write. This write could return immediately, whereby NDWS_SUCCESSFUL would be returned. But most often, the return code would be NWDS_PENDING. Then the callback function loclSendComplete would be registered and executed when the write was finished. The complete.procedure element contains a pointer to the loclSendComplete() function.

IT Compass

2016-10-22T14:37:00.002+02:00

During a meeting, the terms "north" and "south" popped up again while discussing network zoning and DMZ. North is the "outside", typically the Internet. South are the internal, trusted systems.

North-South in networking (from PaloAlto networking)

How would IT people in South-Africa think about this, where the north is "hot" and very south Antarctica cold? Maybe also good fit: freezing in the data center, hot and dangerous on the Internet.

Unikernel: microservices without an OS

2016-10-15T13:35:00.003+02:00

As I continue to spend lots of time on the road and in traffic jams, podcasts are an efficient way to keep up-to-date in the fast moving IT world. Just finished listening SE-Radio Episode 271: Idit Levine on Unikernels. Very interesting.

Had never heard of Unikernel. Actually this is hardly a real OS: no multi-tasking, no security, no memory management. Memory directly mapped to the underlying hardware and some device drivers.

Unikernels become most relevant when used on top of a virtualization layer. A single application is combined with the Unikernel to become a super light-weight runtime unit. A fine alternative for microservices running in a container.

Unikernels are also a nice fit with server-less architectures: the Unikernel App is super-fast to start. So Unikernel Apps as a more efficient Function-As-A-Service approach.

When mapping this to my own world of integration, the Unikernel App could be a nice mechanism to handle all the async events going on in an integration environment. An incoming message or API call starts the Unikernel App which handles the message: transformation, routing, logging, forwarding...

Incredible at which pace the IT world keeps moving.

Event-driven Microservices

2016-10-09T14:35:00.000+02:00

A few weekends ago, I decided that it was time to catch up on Microservices. Hadn't been following the topic for a longer while. Starting point is often Safari: but instead of reading, I ended up watching the video tutorial "Event-Driven Microservices". By the way, the first part is freely accessible without a Safari subscription.

The video course is presented by Chris Richardson. I know Chris as a speaker at earlier Devoxx conferences. Very interesting is his approach to address the topic based on patterns, documented at microservices.io.

Microservices patterns (from Microservices.io, by Chris Richardson)

What was new to me and most interesting was the part about Event-Sourcing: instead of storing the state of each object as a database row, the sequence of changes is recorded and maintained. This an approach to tackle the issue of distributed transactions that do not fit with a Microservices architecture. This is also the topic Richardson personally focuses on as his latest startup is all about Event Sourcing.

List of events represents state (Source eventuate.io)

Handling request by rebuilding state from list of events (Source: eventuate.io)

Of course one needs to remain critical about Microservices:

We've been successfully building 3-tier web and mobile apps, why do it all different now?
How heterogeneous will all these microservices be?
Not every organisation is like LinkedIn or Netflix
Transactions that are eventually consistent are not trivial
What will be the next thing after Microservices?

After 4h 47minutes, I understood that Microservices is as well a domain that is in full flux.

Nexus 6 battery life: incredible

2015-10-22T18:08:00.004+02:00

After the upgrade of my Nexus 6 to Android 6, battery life has increased in an unbelievable manner. When getting home from work, battery is now around 50%. With lengthy phone calls, USB in the car, hotspot in the once in a while. Simply amazing.

Incompatible Metering info (CallerInformation) in SAP WS

2015-08-17T13:20:00.000+02:00

The support of SAP systems for SOAP Web Services is pretty good. I have e.g. been successfully using WS-RM and SAP-RM to have reliable, one-way communication.

During a project I needed to make a call from an SAP ECC 6 system towards an external web service. This external web service was secured with WS-Security X509 Token profile. So the payload had to be digitally signed. With no integration platform yet available, I intended to make a direct call from the SAP back)end system. But this really proofed to be impossible. Getting keys and certificates into an SAP system is always a challenge, but configuration of the WS-Security in SAP’s SOAManager is actually quite trivial.

But things did not work out: a real showstopper became the Metering info that was present in each and every outbound call. As of Support Pack 17 of SAP NetWeaver 7.0, the element <CallerInformation> is present in the SOAP header of each outbound SOAP request. Purpose of this element is to gather service metering and transfer it to the service provider.

  <CallerInformation wsu:Id="part-CallerInformation-2" 
     xmlns="http://www.sap.com/webas/712/soap/features/runtime/metering/">
    <m:Type xmlns:m="http://www.sap.com/webas/712/soap/features/runtime/metering/">SA</m:Type>
    <m:App xmlns:m="http://www.sap.com/webas/712/soap/features/runtime/metering/"/>
    <m:Component xmlns:m="http://www.sap.com/webas/712/soap/features/runtime/metering/"/>
  </CallerInformation>
</soap-env:Header>

And the bad news is: you cannot get rid of this Metering information, as clearly documented by SAP Support (SAP note 1239428). The only workaround is to forward the information in the URL of the HTTP call. But in my case, the well secured web service rightfully refused to accept the web service call with all these extra parameters in the URL.

So SAP has implemented an proprietary and incompatible “feature”. Why can’t it be switched off?
Is this a trick of SAP to enforce the use of SAP PI/PO? Obviously any ESB can remove this ugly SOAP header.

Best wishes for 2015

2015-01-02T10:38:00.000+01:00

Devops (3): Chef (and some fun cooking)

2014-12-31T10:11:00.000+01:00

After having looked into Vagrant, it became clear that Puppet and Chef are "the" tools to do the structured and repeatable configuration of machines. I picked the recent book "Learning Chef" to learn and experiment a bit.

Tools

The book uses the recent Chef Development Kit which should gradually replace the tool called Knife.
The tool "Chef" uses the the Recipe DSL to write recipes (Domain Specific Language, based on the Ruby programming language)
VirtualBox is used for running the VM's that are going to be cooked and baked
Complemented with our good friend Vagrant (see previous DevOps blog)(actually kitchen-vagrant)
Finally the tool kitchen is used

The focus op Chef really lies on getting the software on the machine installed, configured, and up and running. On the target machine, a Chef Client is installed that will retrieve (new and updated) recipes from a Chef Server. So the Chef clients each pull the recipes from the Chef Server.
Note: the tool Ansible does the opposite, pushing configuration data to the machines.

Many cookbooks or recipes can be downloaded from the Chef Supermarket and others.

Finally
After spending some time look around in the world of DevOps and its tools, I have a few general Observations:

Devops is strongly focused on Linux
Diverse programming languages such as Ruby and Erlang are used
This is a domain in full flux, new initiatives and companies pop up, things evolve rapidly
First time I see the file format YAML actually being used

Devops (2): Vagrant

2014-12-30T10:03:00.000+01:00

After looking a bit into Docker, I went on to look into Vagrant, another well-known tool to provision and configure virtual machines.

To learn about Vagrant, I read the book "Vagrant: Up and Running". This O'Reilly book is well-written and the examples all work. While doing the exercises on a Windows Server 2012R2 VM, I hardly encountered any problems. Starting the Ubuntu VM with the vagrant up command and removing it with vagrant destory.

The Vagrant command line tool allows to create a Virtual Machine in a reproducible and neutral manner. Vagrant was initially developed around the the free VM product Oracle VirtualBox. But Vagrant now comes with many other providers, e.g. AWS, Rackspace, IBM SoftLayer and Microsoft Azure. Support for VMWare however is not free ($79).

Vagrant focuses on the creation of Virtual Machines in a neutral manner. Contrary to Docker, it uses an actual Virtualization solution to provision the virtual machines. This allows Vagrant to support multiple Operating Systems in parallel. And offers support for automating the creation of Windows based virtual machines.

When Vagrant is used in combination with Oracle VirtualBox, Vagrant will use the VBoxManage.exe of VirtualBox. To create machines with a cloud provider, the respective Vagrant provider will leverage the API and tools of the specific Infrastructure-As-A-Service solution. Vagrant configure all sorts of attributes of the virtual machine, incl. e.g. networking (and port forwarding).

For the actual provisioning of the machines, Vagrant supports many options, including command line. But most often, Vagrant will be used in combination with Chef or Puppet. E.g. the Chef development kit uses Vagrant as its default "driver".

Boxes
Vagrant does not start from an ISO image, but from an already prepared "box". The more such box is pre-configured, the fewer configuration needs to be done afterwards. Vagrant uses its own software format to package the virtual machines that are taken as a starting point (compare to Amazon Machine Images). Vagrantbox.es and many others make pre-packaged Vagrant boxes available,

Windows specific

VagrantManager makes Vagrant accessible from the Windows (or iOS) Taskbar
The company modern.IE makes Windows boxes with all sorts of IE versions available.
Interesting blog on how to create Variant Windows boxes
Vagrant can directly access the command line of Linux boxes over SSH (secure shell). For Windows boxes this cal also be arranged wen cygwin (or other SSH server) is installed. But Vagrant can also use WinRM to access the Windows command line
Where the installation of software on Linux boxes leverages apt-get or yum to install software packages, Chocolatery wants to bring a similar solution to the Microsoft world; many packages are available for quick and easy installation
Boxstarter leverages Chocolatey packages to automate the installation of software and create repeatable, scripted Windows environments.

Vagrant and Integration Tools
In my own domain of Application Integration and SOA, I expect that both vendors and customers will pickup tools such as Vagrant for creating and provisioning (virtual) machines. Combined with Chef or Puppet to actually install and configure the software on these machines.

Devops and Docker

2014-12-29T17:03:00.002+01:00

The holiday period between Christmas and New Year is an ideal period to catch up on some reading and experimenting. Devops and tools such as Docker, Vagrant, Chef, Puppet and Ansible were on my radar for a while. So finally some time to dive into this topics.

Nested VMs
Not to mess up my machine, I use VMWare workstation to spin up some test machines. As these Devops tools are all about creating and provisioning virtual machines, one must enable "Nested VMs" support. This allows one virtual machine to run in another.

Docker

Docker appeared on my radar while learning about Micro Services. Docker focuses on the creation of light-weight containers in which applications are configured in an automated manner.

The Linux Containers are very small by leveraging OS level virtualization of Linux. Is it some "chroot on rocks". The chroot system call on Unix/Linux changes the root directory for a program and all of its children. chroot allows programs - e.g. a web server - to run in a more protected mode. The OS level virtualization can limit all the resources used by child processes: CPU, memory, disk space, ... Because containers are so light-weight, many of them can be run on a single machine. This mechanism allows each application to run in its own container, its own virtualized OS.

To have a quick try of Docker, there is a great Online Tutorial consisting of 10 steps. Recommended!

As there aren't any books available on Docker, I watched the brand new training material of LiveLessons. As I couldn't find the text material, had to type over the instructions from the paused video. After wasting some time trying to get access the Fedora Atomic container on the Fedora 21 host, decided to switch to another topic, Vagrant. If I have some more time, I'll come back and retry with RHEL as used in the video training. Or switch to Windows and take a look boot2docker.