Dynamic IP Address Management in Open Virtual Network (OVN): Part One

Some background

For those unfamiliar, Open Virtual Network (OVN) is a subproject of OpenVswitch (OVS), a performant programmable multi-platform virtual switch. OVN provides the ability to express an overlay network as a series of virtual routers and switches. OVN also provides native methods for setting up Access Control Lists (ACLs), and it functions as an OpenFlow switch, providing services such as DHCP. The components of OVN program OVS on each of the hypervisors in the network. Many of Red Hat’s products, such as Red Hat OpenStack Platform and Red Hat Virtualization, are now using OVN. Red Hat OpenShift Container Platform will be using OVN soon.

Looking around the internet, it’s pretty easy to find high-quality tutorials on the basics of OVN. However, when it comes to more-advanced topics, it sometimes feels like the amount of information is lacking. In this tutorial, we’ll examine dynamic addressing in OVN. You will learn about IP address management (IPAM) options in OVN and how to apply them.

Continue reading “Dynamic IP Address Management in Open Virtual Network (OVN): Part One”

Share

Securing apps and services with Keycloak (Watch DevNation Live video)

The video from the last DevNation Live: Securing apps and services with Keycloak is now available to watch online.  In this session, you will learn how to secure web/HTML5 applications, single-page and mobile applications, and services with Keycloak. Keycloak can be used to secure traditional monolithic applications as well as microservices and service mesh-based applications that need secure end-to-end authentication for all front- and back-end services. The examples in the video cover PHP, Node.js, and HTML/JavaScript.

Securing applications and services is no longer just about assigning a username and password. You need to manage identities. You need to integrate with legacy and external authentication systems to provide features that are in demand like social logins and single sign-on (SSO). Your list of other requirements may be long. But you don’t want to develop all of this yourself, nor should you.

Continue reading “Securing apps and services with Keycloak (Watch DevNation Live video)”

Share

How to integrate A-MQ 6.3 on Red Hat JBoss EAP 7

This article describes in detail how to integrate Red Hat A-MQ 6.3 on Red Hat JBoss Enterprise Application Platform (EAP) 7 and covers in detail the admin-object configuration, especially the pool-name configuration. The attribute pool-name for the admin-object explanation can lead to confusion. In this post, I will try to clarify many of the steps, give an overview of the components, and how they fit together.

The JBoss EAP requires the configuration of a resource adapter as a central component for integration with the A-MQ 6.3. In addition, the MDBs configuration on the EAP is required to enable the JMS consumers. On the A-MQ 6.3, the configuration of the Transport Connectors is required to open the communication channel with the EAP.

All the steps required to configure EAP 7 to use A-MQ 6.3 as an external JMS broker are described here:

Continue reading “How to integrate A-MQ 6.3 on Red Hat JBoss EAP 7”

Share

How to enable sudo on RHEL

You’ve probably seen tutorials that use sudo for running administrative commands as root. However when you try it, you get told your user ID is “not in the sudoers file, this incident will be reported.”  For developers, sudo can be very useful for running steps that require root access in build scripts.

This article covers:

  • How to configure sudo access on Red Hat Enterprise Linux (RHEL) so you won’t need to use su and keep entering the root password
  • Configuring sudo to not ask for your password
  • How to enable sudo during system installation
  • Why sudo seems to work out of the box for some users and not others

Continue reading “How to enable sudo on RHEL”

Share

How to install Python 3 on Red Hat Enterprise Linux

This article shows how to install Python 3, pip, venv, virtualenv, and pipenv on Red Hat Enterprise Linux 7. After following the steps in this article, you should be in a good position to follow many Python guides and tutorials using RHEL.

Using Python virtual environments is a best practice to isolate project-specific dependencies and create reproducible environments. Other tips and FAQs for working with Python and software collections on RHEL 7 are also covered.

There are a number of different ways to get Python 3 installed on RHEL. This article uses Red Hat Software Collections because these give you a current Python installation that is built and supported by Red Hat. During development, support might not seem that important to you. However, support is important to those who have to deploy and operate the applications you write. To understand why this is important, consider what happens when your application is in production and a critical security vulnerability in a core library (for example SSL/TLS) is discovered. This type of scenario is why many enterprises use Red Hat.

Python 3.6 is used in this article. It was the most recent, stable release when this was written. However, you should be able to use these instructions for any of the versions of Python in Red Hat Software Collections including 2.7, 3.4, 3.5, and future collections such as 3.7.

Continue reading “How to install Python 3 on Red Hat Enterprise Linux”

Share

Firewalld: The Future is nftables

Firewalld, the default firewall management tool in Red Hat Enterprise Linux and Fedora, has gained long sought support for nftables. This was announced in detail on firewalld’s project blog. The feature landed in the firewalld 0.6.0 release as the new default firewall backend.

The benefits of nftables have been outlined on the Red Hat Developer Blog:

There are many longstanding issues with firewalld that we can address with nftables that were not possible with the old iptables backend. The nftables backend allows the following improvements:

Continue reading “Firewalld: The Future is nftables”

Share

Setting up RBAC on Red Hat AMQ Broker

One thing that is common in the enterprise world, especially in highly regulated industries, is to have separation of duties. Role-based access controls (RBAC) have built-in support for separation of duties. Roles determine what operations a user can and cannot perform. This post provides an example of how to configure proper RBAC on top of Red Hat AMQ, a flexible, high-performance messaging platform based on the open source Apache ActiveMQ Artemis project.

In most of the cases, separation of duties on Red Hat AMQ can be divided into three primary roles:

  1. Administrator role, which will have all permissions
  2. Application role, which will have permission to publish, consume, or produce messages to a specific address, subscribe to topics or queues, or create and delete addresses.
  3. Operation role, which will have read-only permission via the web console or supported protocols

To implement those roles, Red Hat AMQ has several security features that need be configured, as described in the following sections.

Continue reading “Setting up RBAC on Red Hat AMQ Broker”

Share

Sabre chooses Red Hat OpenShift for cloud-native DevOps platform

As part of its strategy to re-imagine the business of travel, Sabre Corporation today announced that it will leverage Red Hat OpenShift Container Platform as the foundation for its Next Generation Platform initiative. OpenShift will be the basis of a modern architecture that includes microservices, development and operations (DevOps), and a multi-faceted cloud strategy to lead an industry evolution in the future of retailing, distribution, and fulfillment through innovative technology. OpenShift, built on containers and Kubernetes, is the the industry’s leading enterprise Kubernetes platform for running existing and cloud-native applications in any cloud.

“The Next Generation Platform is the cornerstone of Sabre’s long-term technology strategy,” said Vish Saoji, Sabre CTO. “Red Hat has delivered the enterprise-hardened software environment we need to help drive our technology transformation, and this collaboration allows us to build upon that architecture and execute our plan.”

Continue reading “Sabre chooses Red Hat OpenShift for cloud-native DevOps platform”

Share

Announcing Red Hat Application Migration Toolkit 4.1.0: Now with technical reports

[In case you aren’t following the Red Hat JBoss Middleware blog, we are reposting this article on developers.redhat.com.]

Red Hat Application Migration Toolkit (RHAMT) 4.1.0 has been released, and with it a new feature that I’d like to highlight in this article—Technology Reports.

If you’re not familiar with RHAMT, check out my previous article that introduces RHAMT and describes how you can use it to help with migration existing applications to a modern application platform by analyzing your code base.

Technology reports

This new feature in RHAMT provides an aggregate listing of the technologies used, grouped by function, for the analyzed applications. It shows how the technologies are distributed. After analysis has been performed, using this report hundreds of applications can be quickly compared. In addition, the size, number of libraries, and story point totals of each application are displayed, allowing you to quickly determine each application’s type from a single report, for example:

Continue reading “Announcing Red Hat Application Migration Toolkit 4.1.0: Now with technical reports”

Share

Improving .NET Core Kestrel performance using a Linux-specific transport

ASP.NET Core is the web framework for .NET Core. Performance is a key feature. The stack is heavily optimized and continuously benchmarked. Kestrel is the name of the HTTP server. In this blog post, we’ll replace Kestrel’s networking layer with a Linux-specific implementation and benchmark it against the default out-of-the-box implementations. The TechEmpower web framework benchmarks are used to compare the network layer performance.

Continue reading “Improving .NET Core Kestrel performance using a Linux-specific transport”

Share