Red Hat technologies make open hybrid cloud a reality

Red Hat technologies make open hybrid cloud a reality

Lots of organizations worldwide have the goal of an open hybrid cloud. The ability to build applications that work with multiple public cloud providers as well as on-premise virtualization services without vendor lock-in has many advantages:

  • The ability to move workloads from one cloud provider to another.
  • The freedom to move workloads in-house and off-premises as needed.
  • The ability to coordinate tasks running in different clouds.

For a definition of open hybrid cloud, we turn to Red Hat’s Eric Schabell:

Hybrid cloud is a combination of one or more public and private clouds with at least a degree of workload portability, integration, orchestration, and unified management.

Continue reading “Red Hat technologies make open hybrid cloud a reality”

Share
Efficient string copying and concatenation in C

Efficient string copying and concatenation in C

Among the most heavily used string handling functions declared in the standard C <string.h> header are those that copy and concatenate strings. Both sets of functions copy characters from one object to another, and both return their first argument: a pointer to the beginning of the destination object. The choice of the return value is a source of inefficiency that is the subject of this article.

The code examples shown in this article are for illustration only. They should not be viewed as recommended practice and may contain subtle bugs.

Continue reading “Efficient string copying and concatenation in C”

Share
4 command-line tools for Kubernetes: Linux edition

4 command-line tools for Kubernetes: Linux edition

In a previous blog post, I detailed how to install four very useful Kubernetes tools on your macOS or Windows machine. Those tools—kubectl, stern, kubectx, and kubens—are must-haves for the advancing developer, as well as any folks in operations. What I failed to do previously, however, was include instructions for installing these tools on Linux. So… here we are.

Continue reading “4 command-line tools for Kubernetes: Linux edition”

Share
DevNation Live: Revisiting Effective Java in 2019

DevNation Live: Revisiting Effective Java in 2019

DevNation Live tech talks are hosted by the Red Hat technologists who create our products. These sessions include real solutions and code and sample projects to help you get started. In this talk, Edson Yanaga, Director of Developer Experience at Red Hat, reviews some tips from the classic Effective Java book to help you update your Java skills.

Continue reading “DevNation Live: Revisiting Effective Java in 2019”

Share
Customize the compilation process with Clang: Making compromises

Customize the compilation process with Clang: Making compromises

In this two-part series, we’re looking at the Clang compiler and various ways of customizing the compilation process. These articles are an expanded version of the presentation, called Merci le Compilo, which was given at CPPP in June.

In part one, we looked at specific options for customization. And, in this article, we’ll look at some examples of compromises and tradeoffs involved in different approaches.

Continue reading “Customize the compilation process with Clang: Making compromises”

Share
Customize the compilation process with Clang: Optimization options

Customize the compilation process with Clang: Optimization options

When using C++, developers generally aim to keep a high level of abstraction without sacrificing performance. That’s the famous motto “costless abstractions.” Yet the C++ language actually doesn’t give a lot of guarantees to developers in terms of performance. You can have the guarantee of copy-elision or compile-time evaluation, but key optimizations like inlining, unrolling, constant propagation or, dare I say, tail call elimination are subject to the goodwill of the standard’s best friend: the compiler.

This article focuses on the Clang compiler and the various flags it offers to customize the compilation process. I’ve tried to keep this from being a boring list, and it certainly is not an exhaustive one.

Continue reading “Customize the compilation process with Clang: Optimization options”

Share
How to configure LDAP user authentication and RBAC in Red Hat OpenShift 3.11

How to configure LDAP user authentication and RBAC in Red Hat OpenShift 3.11

In this article, I demonstrate a systematic method to configure LDAP user and group synchronization in Red Hat OpenShift, as well as OpenShift role-based access control (RBAC) for these LDAP users and groups. Following these steps makes the management of your LDAP users and groups within OpenShift much easier. I achieve this goal by demonstrating:

  • How to validate your ldap parameters with ldaptool prior to installing OpenShift.
  • How to enable LDAP authentication in OpenShift for specific LDAP groups and organization units.
  • The scripts and commands that let you synchronize members of your LDAP groups to OpenShift, which in turn lets you apply custom OpenShift RBAC rules on specific users or groups.

Continue reading “How to configure LDAP user authentication and RBAC in Red Hat OpenShift 3.11”

Share
Using Let’s Encrypt with Apache httpd on Red Hat Enterprise Linux 7

Using Let’s Encrypt with Apache httpd on Red Hat Enterprise Linux 7

Getting an SSL certificate for your web server has traditionally been a something of an effort.  You need to correctly generate a weird thing called a certificate signing request (CSR), submit it to the web page of your chosen Certificate Authority (CA), wait for them to sign and generate a certificate, work out where to put the certificate to configure it for your web server—making sure you also configure any required intermediate CA certificates—and then restart the web server.  If you got all that right, you then need to enter a calendar entry so you’ll remember to go through the process again in (say) a year’s time. Even some of the biggest names in IT can mess up this process.

With new CAs like Let’s Encrypt, along with some supporting software, the rigmarole around SSL certificates becomes a thing of the past.  The technology behind this revolution is Automatic Certificate Management Environment (ACME), a new IETF standard (RFC 8555) client/server protocol which allows TLS certificates to be automatically obtained, deployed, and renewed. In this protocol, an “agent” running on the server that needs an SSL certificate will talk to to the CA’s ACME server over HTTP.

A popular method for using ACME on your Red Hat Enterprise Linux 7 server is certbot. Certbot is a standalone ACME agent that is configured out-of-the-box to work with Let’s Encrypt and can work with Apache httpd, Nginx, and a wide variety of other web (and non-web!) servers.  The certbot authors have an excellent guide describing how to set up certbot with httpd on RHEL7.

In this tutorial, I’ll show an alternative method—the mod_md module—which is an ACME agent implemented as a module for Apache httpd, tightly integrated with mod_ssl, and is supported today in Red Hat Enterprise Linux 7.  The mod_md module was implemented by Stefan Eissing—a prolific developer who also added HTTP/2 support to httpd—and contributed to the Apache Software Foundation, becoming a standard part of any new installation since httpd version 2.4.30.

Continue reading “Using Let’s Encrypt with Apache httpd on Red Hat Enterprise Linux 7”

Share