The world of OpenStack moves quickly. Each day brings new features, new bug fixes, and new ways of thinking. The OpenStack-Ansible community strives to understand these changes and make them easier for operators to implement. The OpenStack-Ansible project is a collection of playbooks and roles written by operators for operators. These playbooks make it easier to deploy, maintain, and upgrade an OpenStack cloud. Keeping up with the changes in the OpenStack-Ansible project is challenging.
It seems like there’s a new way to run containers every week. The advantages and drawbacks of each approach are argued about on mailing lists, in IRC channels, and in person, around the world. However, the largest amount of confusion seems to be around security. Launching secure containers I’ve written about launching secure containers on this blog many times before: Launch secure LXC containers on Fedora 20 using SELinux and sVirt Improving LXC template security Try out LXC with an Ansible playbook CoreOS vs.
I’ve been getting involved with the Fedora Security Team lately and we’re working as a group to crush security bugs that affect Fedora, CentOS (via EPEL) and Red Hat Enterprise Linux (via EPEL). During some of this work, I stumbled upon a group of Red Hat Bugzilla tickets talking about LXC template security. The gist of the problem is that there’s a wide variance in how users and user credentials are handled by the different LXC templates.
The world of containers is constantly evolving lately. The latest turn of events involves the CoreOS developers when they announced Rocket as an alternative to Docker. However, LXC still lingers as a very simple path to begin using containers. When I talk to people about LXC, I often hear people talk about how difficult it is to get started with LXC. After all, Docker provides an easy-to-use image downloading function that allows you to spin up multiple different operating systems in Docker containers within a few minutes.
This post hasn’t been updated in quite some time. Many of these comparisons still hold true but some don’t. Updating this post is on my list of to-do’s. - MH 2015-04-25 You’ve probably been living under a rock if you haven’t heard about Docker. It simplifies the deployment and management of Linux containers better than anything else I’ve seen so far. Many ecosystems are growing with Docker at the core and two of the most popular hosting platforms for Docker are CoreOS and Project Atomic.