 Okay. Yeah. All right. Hopefully everyone can hear me. Okay. Oh, thanks for coming along I know I'm between you and lunch. So thanks for making the time So my name is Stephen. I work for Red Hat over in New Zealand One thing I'm gonna do first is give you an idea of the agenda that way if you want to leave you can leave early If this isn't what you're expecting. So just an idea of the things we're going to cover off and then explain why Yeah, why are we doing this? Why am I interested in this area? What are we trying to achieve? There's a little bit of demo a little bit of walk through hope you get some value out of it Please feel free to make this interactive. They have asked that you use the microphones so they can record this I'm happy to take questions at any point during the talk not just at the end So key things we're going to cover nested virtualization. How to do use thin LVM some stuff around snapshotting how to utilize technologies like Red Hat open stack or RDO and what the difference of that versus things like dev stack And other methods for deploying open stack if we've got time I'll also cover some stuff around using atomic for rapidly standing up Docker and Kubernetes environments So along the way we're going to talk about how to choose the right kind of base image for building and deploying these environments Making things as reusable as possible A lot of this is war stories gotchas things I hope that you don't get wrong because I've got them wrong and it's it's not been a pleasant experience and hopefully a few power tips Also, I want to get your tips and your feedback during this session and Then at the end where I want to go next areas I'm interested in where I want to play with next where I'm seeing in the data center so Let's start who me. I Steven Ellis. I work for Red Hat in New Zealand So where's that? So all the way down there? This is effectively my patch and part of an a pack wise solution architecture team My focus is predominantly on New Zealand based customers and business partners But I occasionally advise on other projects all within the region One reason to put this up is you look at some of the customers some of the use cases that have already come up this week You look at the growth of Technologies like open stack in the a pack region It is phenomenal at the moment the things going on in China the things going on in India This region has the potential to be generating far more Open-stack and cloud revenue than the entire the United States, which is currently one of the world's largest markets for this kind of technology So why do I do this? Why am I Trying these technologies out? Why am I here occasionally? I wonder about that, but and I Demo and walk-through solutions for customers and for business partners on a regular basis I need a rapid way to stand up an environment Occasionally with limited or no internet connection around a range of emerging and cloud-centric technologies So often I have to use whatever I've got to hand Also, you know that this comes up a lot people say that they've got an itch You know, why do we get involved with open source? Why do we fix open source? Why do we do these things and we go we've got an itch we need to scratch Scratching that might be a patch. It might be a fix. It might be some documentation a guide a how-to But one thing I've realized because I've Realized recently. I've been doing this for a long time. I've been in IT for over 20 years is Sometimes you have a scratch that you've forgotten about It's there, but you have a workaround You don't Fix it it no longer itches You have these problems that you live with I've got a way of doing this and it's okay You are going to IT organizations and they've got desk procedures rather than using automation because they can live with it I throw people at the problem So one thing I want you to take away from this is think about a problem That you live with that scratch that no longer bothers you enough right and Along the way, I hope I don't end up teaching you all how to suck eggs Okay, I want to learn from you as well. So that's the other big reason why I give these sessions I want to learn from the audience if you've got tips and tricks in fact I gave a version of this back in Australia earlier this year and One of the audience had actually fixed something I've been fighting with so at the end of the session We went away and resolved the problem. That was awesome. I had a great outcome. That was a really good session Also, you may guess from my accent. I'm not originally from New Zealand. I'm actually from Liverpool Which means I have a slightly odd sense of humor so To make allowances for that I think we'll just have a quick joke and then some of you will get it some of you won't many of you won't but It will hopefully set the tone for the rest of the presentation so Person of non-specific gender walks into a bar ouch Right, so now we've got that out of the way My mate Gollum What does he say he says what have you got in your pocket? You know part the topic of this is cloud in your pocket. How can we use what we have to hand to demo? Emerging technologies to demo cloud-centric technologies. If any of you actually bothered to read The some of the text I put in and associated with this tour one of the things is you don't always have access to the cloud I don't always have access to equipment in a data center. I might be working in a secure environment So how do we deal with this? So what's the first thing you all have in your pocket? A Phone we all have phones most of us do or tablets you think about the power in your mobile phone today quad core octa core 3 gig of RAM Wouldn't it be great if you could get phones now that get little mini projector add-ons Wouldn't it be great if you could walk in and demo or show off a range of technology Just using your mobile phone What else I love these raspberry pies I was going to bring one with me. Yes, it fits in my pocket I can't because it's too busy being used by my daughter at home. So she wouldn't be too impressed. I Want a couple of these plenty of my colleagues have nox b-boxers gigabit bricks all these little lightweight Units of hardware they make great little test hypervisors building test beds I can go in and run say my laptop as an open-stack controller and these is the the compute resource and Have a reasonable lab environment up and running really really rapidly Just a prototype just to do a proof of technology or try something out And here's something else. It's cool. Hopefully I won't knock my voice pack off. This is the 32 gig USB 3 key Fits in my laptop Almost no profile. I actually put a little dongle on it. Otherwise. I'm on verge of losing it I've got a full implementation of red-hander prize Linux 7 on this and The way I've done it means I can walk into almost any data center to almost any piece of equipment and boot it and have a fully running working environment and then using This which is just an external hard drive caddy that happens to have a 128 gig SSD in it Run a cloud environment on a piece of customers hardware in their data center Really low profile. I'm not changing their kit, but I can show stuff off for them That's really powerful. That's effectively the cloud in my pocket. So I've got that plugged into my laptop here Running open stack so Hardware so for the purposes of showing this off and my typical work environment questions. What do you use? If your primary environment of choice happens to be Apple centric Please try and run a real operating system on it Okay, these babies will run Linux trust me I've been doing it for a long time. In fact, the very first piece of hardware I ran Linux on was a pre-production power Macintosh around MK Linux Which was an interesting journey then our own yellow dog So Linux will work on the this hardware now My environments I work for Red Hat. We use red enterprise Linux my laptop. I tend to use fedora on I want to play with what's coming next from the community For those of you who need a community centric choice go ahead and use centos It's a great environment to do some quick prototyping from within the community Most of what I'm talking about though You can easily reuse with other distributions centos Ubuntu arch Whatever your distribution of choices, please go and use it so for the purposes of this today, I'm running for door 23 on my Laptop it's got about 12 gig of RAM Internally, it's got a 256 gig SSD from usually well out of space So for a lot of my demos I use this external drive and as I just said the benefit the external drive means I can use that memory key and I can go and boot the customers hardware as well One we're going to show off today is actually showing the same kind of implementation both using red enterprise Linux and our recent release of RELL OSP 8 As well as using RDO our community build of open stack on top of centos Now along the way, there will be a few dragons. Yeah, we all know the term. There may be dragons You know a warning my mates morgue. This is actually in Wellington Airport You have to walk past this to get on your plane. Ain't that cool? He's huge honest. They'll take up the entire wall in here So there will be a few pointers things you really shouldn't do. Please don't have the same pain points. I've been through So the first topic is about nesting. How many in the room have played with nested virtualization? Cool It's really really useful nesting nesting is important. I love nesting We get lots of birds in our garden in New Zealand. It's really really neat So one things about nesting is gives you this huge benefit over straight QEMU software based virtualization So if you're going to enable nesting now all these slides will be available So if there's technical nitty gritty in here, you want all this is copy and pasteable slides will be available So if you're on Intel hardware There's quite a few options you can enable now Many of these give you interesting optimizations if you're running on Xeon class hardware If you have a laptop that you actually enable able to turn on all of these, please give me the model number I'd really like one My little AMD test bed at home. I just simply set that option You can unload the module Reload it things should be good. Ideally, I recommend just doing a reboot just to be certain and then you should have nested virtualization hardware accelerated virtualization nesting enabled Now when you're playing around with this use your SSDs Don't do this on spin and rust. You're going to have a world of pain particularly start playing with thin snapshots thin LVM really simple test is HD palm HD palm will check that your hard drive is just working correctly a given SSD should be getting something in this range or above If you're talking about spinning rush, you'll be down around a hundred megabytes a second I've had strange cases where external hard drives get cranky and drop back down to USB to mode and Then all bets are off and your demo is just going to really suck So that's a real simple test the moment you plug the drive and just run that You know, you're actually going to get the performance you expect I've got a colleague who's really funny about these things. He's he's like, oh, why didn't you use the SATA? Why don't you use fire wire these days for purposes of demo trying things out USB 3 is usually more than sufficient So nested virtualization, I'll create an initial VM you could do on the command line I usually just use that manager and then I'll go and use Versa to edit the configuration and just turn on VMX Right, usually you need to just make sure you're giving it the right CPU type as well Depending on your environment But VMX is enough to mean that when that VM starts up it thinks it's hardware and you'll get much better virtualization performance Yeah So yeah, if you're on an AMD hypervisor So one thing's undervert manager if you're using that as you can say copy the specification of your native processor If you're moving things around a lot like I want to be able to dump the XML configuration from this and use it somewhere else That's going to be kind of awkward. So sometimes you might go for a low common denominator One reason I've gotten a hail in this was another gotcha at one point with Kilo There's something really weird with Certain classes of Intel processors. So I actually have to downgrade the machine class So so yeah, you just watch that. It's it's something you may need to tweak is the CPU class particularly if you're working in a mixed Environment you may need to downgrade everything to a common baseline First big gotcha is watch your default networks One way around this is spin up Your guest environment that you're doing the nesting in in some it other than the standard default liver network because one on two one six eight one two two will also be the network range in your guest and The moment you try and do any virtualization your guests will fail to start up and If you don't check this you'll go through the whole process you'll install open staff You're going everything looks good. You're going to pull your first virtual machine and it won't start and Debugging it is a complete pain. It's not obvious that it's simply that you've got a clash of networks So either create yourself a new default Network on your laptop your hardware or create a second network zone that you want to demo in or just change it in your base image Now I use thin LVM a lot Because it basically it means that that external hard drive kind of looks like many many terabytes of space I can spin up many instances as long as I manage it carefully. So again a few pointers if you're using thin So thin LVM first thing create a thin pool Now one aspect of LVM now is you can set it to auto extend a thin pool if it gets full So you might say I'm only going to use so much grass per space on the hard drive And I'll let it expand and consume that over time, but you create a thin pool within an existing volume group So it's fairly simple now create an 80 gig thin pool actually on my local laptop Whereas in the case the external drive. I've consumed the entire drive all it is is one big thin pool and then I can create a image Within that thin pool that has a virtual disk size of 40 gig So there's one for rel or santos depending on your environment of choice. I Can then plug that disk in as the disk within Livevert and then start installing my environment a Couple of gotchas to watch for When you're using LVM and SSDs it's critical that you can pass down this card Otherwise, you're not actually Using your SSD properly right You're not doing trim right so you need to pass this cards down for trim to work Otherwise you can have interesting side effects, you know again the lifetime you expect out your SSD. That's the first thing at Red Hat We run Lux encryption on our laptops. So doing sin on LVM on a Encryption and you want to pass trim all the way down Was interesting and this is the thing I actually managed to get fixed when I was at linux.com for you earlier this year Turns out Christopher smart who works in the ozlabs team at IBM I actually blogged about this as references his blog on stay sane I haven't got it working and his hand goes up at the back. He's actually in my talk So we went to the back and it turned out didn't work in fedora 21, but it works in 23 So what you do is you configure in your creptab Look stop comma discard and then you rebuild the unit using dracot next time you reboot Trims pass through things behave nicely Okay All about that base. I'm gonna end giving you a kinds of weird songs stuck in the back of your mind Right. So what does your base image look like thing about your workloads? If I'm divine helping a customer to find the SOE the standard operating environment. I want small I want really small starting point for them to do Run their business on and then the layer up through configuration management tools like puppet or Ansible or satellite The various business applications they want to do but this is for my purposes as demo So it doesn't have to be uber uber small. It just has to be enough For me to run a range of workloads. Now the workloads. I'm predominantly targeting now are running open stack running open shift running things like Docker and Kubernetes and Trying out things like our open SCAP security framework. So I want an environment that kind of suits all of those things So I'll have one for rail one for Santosh You might have one for other flavors of Linux occasionally have one for Fedora as well from playing with something quite Bleeding edge and I need to update that base regularly because everything's forked off it if it's not patched And every time you create a snapshot you're patching them and your use of your disk just grows exponentially and one big thing think about how you're gonna build that base image again, there will be dragons when I was setting up Last week and running some tests because we happen to drop new builds of Mataka into RDO and OSP8 came up. I wouldn't delete it one of my base images by accident Bronco man line gone About 20 minutes later was back kickstart all good. So I highly recommend use kickstart if you have tools like satellite your Business use things like that, but have a way of recreating your baseline And the other useful thing is I can give that kickstart to my customers. There's nothing special about it There's nothing proprietary about it. It's a useful way to start an environment So think about your use cases don't skimp give it a decent size I'm using thin so it doesn't matter if the base image is 40 gig because really on this come using two and And then I have a few reusable snippets I'm going to share some of these with you and a couple of tips about the kickstart so if you're using an environment for something like well OSP or RDO and using tools like pack stack, which is a great way to prototype or try something out quickly then It's good to reserve some space for Cinder So I need a volume group for Cinder to consume so actually define two volume groups one for my base OS My root file system and one for Cinder volumes now Any of you who do Linux in the enterprise probably have standards around Separating slash home slapper it separating bar making certain things reading me. This is a crash and burn environment Never last more than a day or two and I'm destroying it and recreating it. So I don't want to over complicate it Small ish minimal ish So this is my standard set of packages here for what I'm doing. I don't need network manager It gets in the way when you're trying to do open stack I turn on virtualization because most of the time that's one predominantly using so that's my kind of baseline of packages Then have a couple of simple snippets. One is I always inject my SSH key Into every image that I build So straight away, I can SSH in as root which is great for using tools like Ansible or just going in and configuring an environment I Turn on the yum cache Because I live in New Zealand our internet pipes aren't that great particularly if I'm building demos at home I want to hammer my internet connection So what I do is turn on the yum cache then I can ask sync the packages off and reuse them I'll go through that in a minute. The last thing is a gotcha For some reason kickstart doesn't like volume group names that have a dash in it Packstack expects in the dash volumes to be the volume group. It's looking for so I just fixed that up at the end And so I baked that into my kickstart. So this is now completely repeatable Anytime I want I can blow that image away the base image and recreate it Now for those of you who are Red Hat customers you need to entitle the base You need to put a subscription on it. So if you're doing this with rel Subscription manager registered the system now at Red Hat. I get access to ridiculous number of content repositories The first thing you do is disable everything because I really don't want to try and install stuff out of an SAP repository And I have a high availability repository and I have X, you know, just gets crazy So pretty much you need very few channels as standard on Red Hat system and then patch it Right patch the base and Then consider it done for now for this week for this month until some point you go back and repatch it Power tip mentioned earlier. I've turned on yum caching. So I'll ask sync everything off when I'm done And usually when I'm doing something you might ask sync everything back in again I've got a little content cache on my laptop For those of you who want to go a bit further what I'm doing is actually I'm using create repo to create a local yum Repository that I'm just injecting yum configuration So I'm able to build the environment again really rapidly 90% of what I need 95% in fact Yeah, I had to pull a few things down this morning. Just come straight off my laptop and If you're in a commercial enterprise environment, you can use tools like satellite or the upstream scatella informant Need a lot more storage. I don't have it Hopefully my one terabyte SSD arrives in the post today before I have to go home. They'll have enough room All right, so patch the rel environment. I'll do my little r-sync yum upgrade. I'll move everything back Good to go case of centos One thing I've got here is that all I'm thinking are the specific Content repositories that I want because I actually have a lot of other demos I do so I don't want to pull everything in Whereas in the case of centos Excuse me all I'm ever demoing is RDO Predominantly so it has everything I need under that tree thin base But we were trying to be on a thin environment. We want the base to be nice and thin and trim You know, I like pizza. I lived in Italy for a year. I like thin pizza. None of this Chicago, Detroit You know pizzas should look then crispy. I've already tried pizza oven at home I do good pizza. If you're in New Zealand, look me up. We'll do pizza. It's all good right So first of all clean up your VM young clean all or just young clean packages clean all get rid of all the extra young metadata We just freeing up some disk for our starting point and then you want to transition this. How many of you have used FS trim? Anyone know FS trim and if you use k-part X K-part X is cool, right k-part X will take an environment that's like a virtual disk allow you to mount it through loop back intelligently So that you can do things and play with the environment So k-part X mount my centos environment to as a additional dev mapper devices are Then mount the first partition which is slash boot into month volume. I'll run FS trim on it free up a little bit of space All right unmount it then mount So this LVM inside that Environment so that LVM has now been picked up that VG's been picked up So I'll mount the from the VG centos seven the root partition. I'll run FS trim Unmount it make sure you Disable the VG and then run k-part X minus D Otherwise, you're leaving lingering dev mapper devices And you go and start your VM up and you may end up get corruption because of your local environment doesn't end well Now vert manager and thin it can't Manage existing thin volumes if you look using the vert manager gooey to set this up You won't see your thin volumes. It doesn't understand them But if you go in to add the path in you go I'll add disk you can type the path in great Remember my mate. He'll burn your ass. He really will doesn't him well Don't manually into the path the moment you do that it says oh, I don't know about this It deletes the one that exists that you just now spend the last half hour Whatever curating and creates a brand new empty one that isn't thin So use Versa go and edit the config insert your disk then you're good to go better yet Do discard? Inside your VM Turtles all the way down Right get this right you can discard inside the VM on to thin and then discard all the way down to your desk All right, so there's a few little tips here One is make sure your machine type in your virtual machine definitions greater than 2.1. It doesn't quite work I moved a couple of VM images over to this as a test before this session and they were originally 2.1 when I bumped up the machine type to 2.4 everything started behaving on the for each of your hard drives you need to set discard equal a map and You need to set the drive type to scuzzy for rather than normal vertio block Now one nice thing about this is that when you do an install of rel or sentos is that when dracot creates the knit rd actually inserts both Drivers So you don't have to go and rebuild a disk image because you know like in the old days you're missing a scuzzy driver or something No, you can get away with this. So you need to change the disk type to scuzzy But what you will then get a scuzzy controller up here You need to set the scuzzy controller type to the IO scuzzy once you've done that behaves nicely thin all the way down Don't need to do stuff externally. I can just run FS trim inside my guests Right the really easy way boot your VM LS block with these options will show Dismax greater than zero that means FS trims behaving so I can now trim inside my VM Okay, but want to make sure you know about k-part X as well really useful tool Snapshots, so now I've got thin volume. I've got my baseline. I need to do something with it So You're doing this. It's great on SSDs. I'm not seeing a major performance loss Not overall one you compare where I'm actually getting out of an SSD and it means I can create off the same base multiple images multiple environments Try things out Also, it means I can layer things up. So I've got my baseline I've done some an install of Red Hat OpenStack 8 or I might have installed RDO and now I want to go and play with Networking or want to try something out. So I'll snapshot where I am If any of you have got a quiesce support working with QEM you guessed What might have in a chat with you about that? Otherwise, yeah, you've got a power the VM off take a snapshot bring it back up again. Hell the VM start up in a few seconds And I keep lots of notes which means it's easier to write these decks One thing about thin if you're using it on a fedora environment or a modern distro thin doesn't auto activate This is actually a really good thing All right, I might be doing this in the office I've got my external laptop plugged into my dock and I've got to go to a meeting I've suddenly got 20 thin environments active and I go and unplug my laptop and walk away leaving the hard drive on my desk Yeah, that's one of the dragons right you may need to go and rebuild a few things So really easy Lv change man minus a y activate minus k forces it to activate Where it's been disabled, but it only be active for that use case. It won't stay on next time you reboot You'll need to reactivate it. It is a lifesaver So don't consider it a bad thing. It's a good thing So good. Let's build a cloud. Hmm. So Start my VM Now this is out of some of the standard pack stack install notes If you happen to have left network manager there get rid of it straight away switch back transitional networking If this is open-stack 8 You now need to enable the extras repository as well as the standard open-stack 8 repositories If you're doing this on sentos again, make sure you disable network manager Then I'll go and pull in my content cache. I'll sync everything in from my local hard drive or As I mentioned earlier, I'll use my local YUM repository that I've created with create repo All right, this speeds things up dramatically So right out open-stack platform our latest release. So Love doing these things. It's really great when on the Thursday before I fly on Friday. We do an entirely new product release Turns out wasn't that difficult. I'll explain why in a minute So pack stack is a real simple way to play With open-stack. It's great for users and it's great for operators to just stand up a micro all-in-one environment Or something with just a few pieces of tin. There's no HA at the controller layer There's no use for complicated architectures. You want to do this in anger look at red hat director Look at the tooling that we've got now using things like triple O Using things like ironic to do this properly to find a proper architecture But to dip your toe in the water pack stack great so Minus-sinder dash volumes create equal and means it will actually look for the LVM backing store Then when I'm done, I pull all the changes back so that next time I've got everything that's come down I've got a modern repo reboot or good to go RDO Very very similar we go point at the latest RDO repository release Effectively the same command line and again I'll sync everything back so that I'm not going online next time and pulling down a ton of content. I Like to keep lots of notes use something To refer back to I prefer trying to keep digital notes where possible my tool of choice is a tool called track I have one for stuff. I do for a home for private stuff. I've won for notes for all of the Testbeds and demos and things I do is part of my role at red hat So I can reference all the different versions of open stack of try to deploy if I am playing with a beta Release I can go and easily keep notes about my bug zealots. Everything else. I've got to open Also, make sure you learn on modern distribution particularly fedora centos and rel firewall command All the support for firewall D. It's much cleaner and simpler way of interacting with IP tables I've had cases playing with some of the beaters where not all of the firewall rules have been automatically set up by pack stack So I couldn't actually get into the environment once it had started up So I'm just Go So what I've got here. This is what my hard drives look like The fedora underscore volume group is all my local hard drive the VRHT volume group is on the external You can see just how many different images and things I've got on this You look at the bottom my thin pool on the external I'm running at 58% use and the thin pool on my internal. I'm currently running at 32% use All right Get maximum use at my environment lots of different demos trying things out all but off the same baselines Now originally I was going to show you something else but The internet connection here hasn't been as reliable for me. So I had to build some stuff back at the hotel, but my Environments of course are in New Zealand date, but I actually rebuilt the centos environment a few hours ago when I was in the hotel So that's a sent off 7 rdo environment and that's a rel 7 rel osp 8 so red hat open stack 8 environment. There was just built a few hours ago So they're active and running right now. In fact if I do just remember the the other one So there's red hat open stack 8 latest release and This one's just coming up with the rdo build, which is a more vanilla Open stack environment So they're fully enabled up and running I can go and start some workloads upon them So they were just built just before I came in here. I did will consider having them build while I'm on stage But building rdo and osp 8 simultaneously while presenting Not really good thing to do to my laptop So what's the big difference? So? Open stack Red hat open stack platform our commercial enterprise ready hardened tested This is what we do with all the vendors that are here this week RDO is a great way for the community to interact with that process. It's effectively our fedora to our rel That's the best way to think about it. So the process is Upstream rdo builds almost straight away. In fact, the rdo release was out within a few hours this time Almost of upstream GA and then we take time to get open stack platform ready And this is really critical because we've got things like ETS eat Etsy defining things like open open NFE We've got open daylight. We've got a lot of innovation going on and this is a great way to feed things down into the process so Where am I I? Can document things I've can blow things away. I patch my environments regularly. I can re-image easily I don't use a lot of internet traffic. My life is easy. My life is good But what I should be doing is automating this Seems ridiculous, you know what basically walk you through is a desk procedure to achieve an endpoint We bought this thing recently anyone head of Ansible. It's really nice at automation so If you remember anything just go there That's my playbook for doing this or for doing the core part of this So Ansible playbooks are really quite nice and human readable So a few things in this Repo host defines where my local yum repository is so that's easy to change Now this isn't great ansible, but it's a starting point. It's just way to look at this I've got it configured so I can do this either on centos or rel and either way it will then choose RDO or rel OS open-stack platform The second bit here is I actually define local repo and local open stack repo and again, they'll inject Two yum config files so that I make sure I pick up my local content cache and then at the end I Do the pack stack command? It's all good to go Now I was going to show you the output of this from running in a terminal but I Lost power coming in here, so I've got to show you an archive. I've got of running it a Few weeks ago, so for a giggle I Created the playbook. I created a host file that specifies both my Rel 7 environment and my sent us environment around the same ansible playbook on both environments Simultaneously on my laptop Yeah, I ran out of IOPS at some point, but it went through check the environments Install the repositories ran pack stack got to the end and confirmed that both environments were up and running at that point I could point a web browser like I've just done at both environments, and they were usable Right, so if you do anything go and pull my Ansible playbook if you've got feedback tips and tricks really happy Now we're running along on time, so I'm going to skip a couple of things So some people said well why you why use LVM when you just use QCOW QCOW support thin does snapshots There's all these really neat things. I know I really like LVM for this kind of use case I understand what it's doing on the disk I tend to use QCOW for using things like Rel Atomic, which is our nice little micro environment for playing with Kubernetes and Docker It's it's kind of got everything already in there. Do any of you use cloud in it on a regular basis? So there's a number of you haven't right there's a really nice simple guide upon the Red Hat portal on how to do this That's you know noddy beginners 101, but it's enough to get yourself started You need two metafiles one to inject your host name one to inject things like your SSH keys and other details Say these this is all going to be available Then you create an ISO off that metadata and then you can use You then attach that to a VM So what I'm doing here is I'm taking the standard atomic instance from Red Hat You can get a centos atomic can get a fedora atomic the great ways to play with with Docker and Kubernetes So I'm going to create a snapshot off that baseline image Using QEMU and then using Vert install I'm going to spin up a new VM with some round VCPUs point it at the ISO image And that will now start it up and inject my credentials at that point. I can SSH into that instance. It's all good to go all right One neat thing about this is I can re-initialize that base image I don't need to re-initialize that CD ROM my virtual environments still exists and live So I can blow that image away recreate it and go back to a baseline any point in time I can also snapshot that snap So if I'm part way through a Lab or trying something out I can stop everything Do a snapshot and then carry on But please don't snapshot it while it's running It will burn you a boat ends. It will destroy your base image and the image you're creating All right, so don't snapshot a running snap unless you've got the ability to queers the image So if you want to get involved and look at containers, this is a great entry point a lot of things are taking care of for you And these are some really good examples really good walk-throughs. These are on our public website They're publicly published articles so quick way of standing up a couple of docker images and then pulling them together With kubernetes to create an environment right you can do this on top of rel try out with atomic So where are we you know I said earlier about you know Things that bug me that really should be bugging me enough to make a difference One thing that's bugging me in the data center is this Yeah, how many of you have to deal with UEFI on a regular basis now If you're not and if you're dealing with still hardware in the data center You're gonna have to learn this you're gonna have to understand this all your new hardware is UEFI Now one of the things around this is I'm trying to pretend I'm hardware so to do that I Need to basically make my virtual environment do EFI what I'm doing right now is effectively old-style, but biospace boot you can do it But it's not very well integrated right now There's some licensing issues around shipping all the UEFI components are standard as part of your distro So there's a couple of guides out there But when I do it what I want to effectively do is redo everything which is easy because it's just kickstart based I can recreate everything, but I want to do it so that everything secure boot that it feels like a data center I'm getting closer and closer to what my customers are really doing So to help me along with that that USB key is UEFI ready now there's a few ways of doing this But a you need to create an ISO or USB key you can install from that's UEFI ready So you can use live ISO to disk and specify EFI most of the modern install ISOs are EFI ready You can just dump them on a USB key and boost a piece of hardware Make sure you force and I mean force I mean brute force the hardware to boot in EFI only I've seen hardware in the data center We'll do everything it can to go back to MBR bio style Installation methods and suddenly you find your environment isn't EFI friendly you get no secure boot Which comes back to my world of crazy things I love doing because it's just Anyway, so what I wanted was a full rel 7 install on here like a lot not a live environment with an overlay This is a real running environment things. It's a hard drive, but I want it to boot both on a BIOS based old-style piece of hardware and on a UEFI system So a couple of pointers the rel 7 install you need to leave a little bit of space Make sure you install it in UEFI mode. Otherwise, you won't get the EFI partitions You won't get the other things you need to support UEFI environments Then you need to create an additional partition with part head that Tagged as BIOS grub because that's where grub will actually install all the bits It needs to boot on a traditional BIOS environment Then install grub 2, but you haven't actually configured it properly Then I need to basically mess around use a live environment to boot into legacy and rescue mode Chimod in and then Configure grub 2 once that's done It will boot either way and it will survive kernel updates and everything So it's smart enough to update grub both ways the one inside the EFI environment and the grub 2 environment So I can update this no matter which way I boot So next what am I going to do next? What's my next pain point? So I want to rework my kick starts to mention earlier I want to make better use of ansible in this the ansible. I've got up there some of it's quite simplistic There's a few things some of the ansible modules are missing right now I have a feeling when I have to do a patch for upstream to just give it a few extra features I'm thinking maybe because I use this for a lot of different use cases. Maybe I should turn encryption on That might be a good thing I almost have a fully Ansible driven kubernetes atomic docker demo to go just needs a few tweaks on The road not had a chance the one thing I really want to play with though is this because Arms coming to the data center. So I want to be able to do everything. I've just talked you through But I want to do it on arm I've been using arms since the mid 90s and you're gonna see a lot more about this and I've been told to the IBM team I like power as well as I mentioned earlier. I first round Linux on on power PC So powers of another important architecture. There's more to life than x86 So that's my story. I hope you've all learned something I hope someone in the room has a tip or trip trick for me that something I haven't done before quit any questions Stun silence the slides will be available. I hope it was useful and thank you all for coming