On the 15th of June, over 60 brave souls gathered together and in defiance of an absolutely gorgeous summer day, talked about containers. Four speakers presented a very different set of talks covering all areas of containers from development to management to deployment.
Jiří Sedláček, an agile QA specialist and developer at Wandera, presented “Development and Deployment Simplification with Containers” (slides). At a previous company, he and the team implemented a docker-driven development environment that helped change the operational philosophy from the bottom up.
After covering some background material on the benefits of containers over virtual machines for some applications, Jiří started the bulk of his talk by making it clear that his team wasn’t doing “rocket science.” (Note to self: I wonder if anyone at the European Space Agency is using containers…)
The development teams initially considered docker, with the goals of unifying the development environment for developers spread across multiple workstation operating systems and making bootstrapping the application environment easier. The environment was a RESTful API-based web service using Apache Tomcat, MongoDB, Apache ActiveMQ, MariaDB, and other data-warehousing technologies. Not rocket science, as he noted, but difficult for a developer to cleanly and easily configure and bring up without becoming “grump cat.”
Initially operations was resistant to the move to containers, as they were concerned about the maturity of the technology and deployment issues. These were resolved two ways: first, the container build pipeline was automated and logical base images were built for each stage reducing management overhead; second, a configuration management tool, Tiller was implemented. The configuration tool was a big win because it solved complexity problems for the developers and eased the transition of the Ops team from traditional management methods to containers and put them on the road to orchestration. His slides include ten big learnings from this project and I encourage you to give them a read.
We took a break and when we resumed, we heard from Jan Bleha from Kiwi.com, one of our sponsors. Kiwi.com provided us with 128 (a significant number!) units of our favorite cold carbonated beverages to help us stay ready to ask questions and network. Jan also talked about several other local meetup groups that Kiwi.com helps to sponsor, including meetings around Python, Golang, JS, Reactive, and more. They are also organizing a Czech Language-intensive Python weekend in July. If you’ve never visited Brno, I strongly encourage you visit. There is a huge open source and technology community here and I guarantee you will find a group of really smart people with whom to interact.
Our next two speakers both presented lightning talks. We are using this format to encourage everyone to speak at future meetings (hint, hint) because now length isn’t a challenge!
Tomáš Tomeček, a senior software engineer at Red Hat presented “sen: Easy Management of Containers in the Terminal” (slides). sen is a classic open-source tool that was developed by Tomáš to “scratch his own itch.”
Specifically, sen (the Czech word for dream) is the result of a dream Tomáš had about a better management interface for working with docker containers. Tomáš loves python and text user interfaces and has combined these with his love containers to build a control/dashboard for a docker daemon that provides instant access to information and commands. His top-like user interface provides easy access to the old docker-tree display for image layers, filtering and searching for images and containers, real time log access, event notifications, and more all with vim key bindings. This has replaced hacky aliases and long docker commands for his use cases.
Pavel Odvody, our second lighting talk speaker and also a senior software engineer at Red Hat presented “Host Integrated Container Applications (HICA)” (slides). Developed originally as part the third Docker Global Hack Day, HICA is designed to make it easy to run non-server containers.
Pavel started his talk by asking how many people had ever tried to run a desktop application in a container. He then asked how many people had tried to run a utility, like a command line tool that processes input and returns output. These use cases while possible typically require an arcane spell book of incantations on the command line. HICA uses a secure, SELinux-compatible interface that turns labels on a docker image into a series of feature injectors to make it easy for a container to self-describe its needs. These injectors can allow a container to easily access the current working directory or the XServer on the host, or 13 other commonly needed features without requiring the user to specify them on the command line. The whole thing is wrapped in an easy-to-use CLI that has multiple levels of security and permissions and verification baked in.
HICA turns this:
docker run -i -u 1000:1000 --security-opt label:disable --volume /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY=:0 --volume=/lib64/libX11.so.6:/external_libs/libX11.so.6 --volume=/lib64/libxcb-dri2.so.0:/external_libs/libxcb-dri2.so.0 --volume=/usr/lib64/dri/i965_dri.so:/external_libs/i965_dri.so --volume=/lib64/libGL.so.1:/external_libs/libGL.so.1 --volume=/lib64/libdrm_intel.so.1:/external_libs/libdrm_intel.so.1 --volume=/lib64/libxcb.so.1:/external_libs/libxcb.so.1 -e LD_LIBRARY_PATH=/external_libs -e LIBGL_DRIVERS_PATH=/external_libs --device /dev/dri/card0:/dev/dri/card0 --device /dev/dri/renderD128:/dev/dri/renderD128 --device /dev/dri/controlD64:/dev/dri/controlD64 opengl
into this:
hica opengl
After the lightning talks, we took our final break and returned to small presentation from our second sponsor, Red Hat. Jiří Folta told about Red Hat’s continuing involvement in technologies encompassing the entire stack all the way through to the hybrid public/private cloud. He also let us know that a milestone has been reach with just over 1,000 people now working for Red Hat in Brno, continuing its position as Red Hat’s largest engineering site in the world.
Adam Skotnický and Marek Čeloud from tcp ◕ cloud presented “SmartCity IoT on Kubernetes.” Adam is the CEO and Marek is a network engineer. Their presentation brought together work they have been doing combining Kubernetes, OpenStack, and the Internet of Things to enable Smart City/Industry-4.0 infrastructures.
Adam began the talk by providing an overview of a collaborative pilot smart-streetlight project being worked on in the southern Boehemian town of Písek. He then transitioned to a demo-architecture based on the same principals they have that links together carbon-dioxide sensors in a conference hall. The sensor network communicates with IQRF to a Raspberry PI running Kubernetes-managed containers. The containers utilize an OpenContrail SDN to connect back to a Kubernetes managed application that relies on virtual machines managed in OpenStack (also containerized). The SDN allows the sensor network and gateway Raspberry Pi to be relocated anywhere in the world and not need any reconfiguration.
While the underlying physical unit IPs may change, the separation of networks renders this invisible to the application while simultaneously introducing security separation. Marek continued the talk with a demonstration of their internal network, the several layers of SDN in use, and how they can use a salt driven configuration to do a rolling version change of OpenStack from Kilo to Liberty. In the final conversation they talked about their need to develop their own CI/CD pipelines to build the upstream source of the fast moving Kubernetes and OpenContrail projects (amongst others). The container architecture has enabled easy distribution of the application and made it scale horizontally to the point that neither IQRF or the use of a Raspberry Pi as a gateway are limiting factors for sensor networks in urban areas.
Our speakers all did an excellent job and I am thankful for all of them. I personally walked away enlightened and with new tools I want to go play with. I also walked away with a reminder of just how wicked smart my co-workers at Red Hat are and how fantastic the skill level of my community is. I need to keep bringing my A-game to my adopted city.
The meetup was made possible through the generosity of our sponsors: Red Hat, who provided funding to rent the venue and Kiwi.com, who provided 128 bits
of refreshment to keep us engaged.
(Photos by Eliska Slobodova. Sen screenshot by Tomáš Tomeček.)