Secrets with Ansible: Ansible Vault and GPG

I was blown away last night at our Ansible PDX meetup by a great presentation by Andrew Lorente about how to track secrets with your applications.  Andrew gave a method of how to do this that I wanted to write down so I know how to do it.  Andrew has his own blog here where he wrote about the solution.  I wanted to go over it a little more in details cause I want to make sure it sticks in my head!  (bonus: I also learned about the pbcopy command on Mac last night!)  The other thing is since I didn’t have any of this on my machine it helps someone get started who hasn’t done anything with GPG yet.

His technique involves some pretty simple tools:

1. Generate an Ansible Vault Password

On my mac I run:

This gets me my tools!  Ok, so now I need to generate my pgp key.

Doing this I just accepted all the defaults.

Now I generate a password for the vault.

Now that I have that I follow Andrew’s instructions and create a file called open_the_vault.sh with the contents being:

Then make sure I can run this file as an executable

Add this to my ansible.cfg file

 2.  Setup the GPG Agent

If you now run the command ./open_the_vault.sh you’ll find that it says: “Hey, there’s no agent running!”.  There are a few ways we can start the agent.  You can create a LaunchAgent as shown here, or you can just configure something in your own shell.  I went with my own shell method and basically followed this post.

Create ~/.bash_gpg

Append to ~/.bashrc

Create ~/.gnupg/gpg-agent.conf

Opening up a new shell, I should now be able to run  the ./open_the_vault.sh command.  It will ask me for my password the first time, but if I run it again, it won’t ask me again.  Right now the default-cache-ttl is set to 600 or 10 minutes.  This can be increased if I want it open longer.

3. Encrypt the file

The file I will be encrypting is a main.yml file that contains all my variables.  Since it already exists I run the command

Now, if I look at this file roles/openstack-controller/vars/main.yml you’ll see its just a bunch of random encypted numbers!  Awesome!  Now my environment variables and my password file can all be committed with git.

Now obviously, if you look at the history of this project I’m working on, you’ll see the old unencrypted file, but that’s ok, I’ve changed the passwords now so its super secure!  From now on though, no more simple passwords and I’ll be using these methods to encrypt.

4.  Sharing Keys

Obviously this solution works great for one developer, but what if we have more developers?  They will also need to be able to run the key.  To do this, we just need to encrypt the file with all of our users.  We now decrypt the vault_passphrase.gpg with our open_the_vault.sh command.  We then get the output of our passphrase.

Now, we encrypt it again with all of our users.  The new user will need to share his key with you so that you can encrypt it.

Test that it works by trying to edit the file

 

VMware is the AOL of the private cloud

This week at VMware Partner Exchange there was a nice announcement of VMware Integrated OpenStack or VIO.  VIO attempts to do what most of the developers of OpenStack have failed to do:  Make OpenStack easy to deploy and manage.  (It’s not, anybody who tells you different is trying to sell you something).  The sound bite is this:  You can leverage your investment in both skill and knowledge in existing VMware products and transition to OpenStack.  Or this:  VMware is the easy button for OpenStack.

The first statement (paraphrased by me) is worthless and the second statement (also paraphrased by me) is just a lie.  Putting OpenStack on top of ESX is actually more difficult to manage and troubleshoot than if you were to run it on native KVM.  When you use VIO you are dealing with an appliance that has its own layers of complexity as well as more dependencies that don’t really need to be there.   I’m convinced that if you want to learn open stack, you can’t use these magical tools to install them, but that you first have to go through and manually install it.  It took me a week the first time and every time I’ve done it since I run into other issues.  Each time, however, I come away with a better understanding of the core components and have even made my own automated installer for learning purposes only.  So in that sense, you are not at all leveraging  your investment in VMware and it is instead just holding you back.

I caveat that above paragraph by also saying I’m not new to Linux administration nor managing large scale systems. So I shudder to think how the person with all their Microsoft and VMware certs with little Linux experience will do with this.

The analogy is AOL.  Remember in their sunsetting days when they started offering AOL broadband?  By that time we were all too advanced and realized we didn’t need all that bloatware, nor portal in our environment.  So we cast off the shackles of AOL and started making art with their DVDs.

This is how I view VIO.  However, for those of you who have not worked with OpenStack and want to just try it out, I say go for it!  Just like I would to those who had never been on the Internet before.  But there will come a time, where if you want to move forward with it, you’ll have to learn some new skills.  This is IT after all, and if you’re not learning something new every year, you quickly become irrelevant.

There are still workloads that don’t go well with an OpenStack nor AWS model.  Exchange and SharePoint in my opinion still do great on VMware or Hyper-V.  Any time you are treating applications like pets instead of cattle, then VMware vSphere, is a great solution for you and there really isn’t a need for a self service portal.  Certainly VMware software will continue to evolve, but there are few products from them (or even other traditional enterprises and even my own company Cisco that will help you)

The State of Things

Everybody is failing at making a successful private cloud.  I used to think it was 80% and that the other 19% were just in denial, but it turns out its 95% if you believe Gartner (which I usually don’t).  Why all the failures? Is it management that doesn’t get behind it and has no vision?  Is it that the teams are too siloed? Do the engineers just lack the skill set, or are too stuck with their own pet technologies?  Probably all of these.

And it seems to be getting worse for central IT.  We had one customer (Central IT in famous University) where we asked them what projects they were working on this year.  “What’s in your budget?  What do you guys want to do this year?”  He responded by telling us that his budget was cut to basically 0 and they are in maintenance mode.  Instead the lines of business have all gone to public clouds.  Our customer in Central IT is now just supporting file shares and legacy systems.  This is the future for most of central IT unless they evolve.

You’ll notice that there isn’t “The Private Cloud solution” for those that wish to serve their constituents like AWS can serve their customers.  Every legacy IT shop offers one, but its not selling off the shelves.  Cisco has UCS Director that tries to do it, HP has their tool, VMware has vCAC or whatever its called now… But OpenStack is the only one that is universally both hailed and derided.  OpenStack is the solution central IT would love to love, but can’t because its too X, where X = (immature, difficult, geeky, esoteric, complicated,…)

OpenStack is the solution central IT would love to love, but can’t because its too X, where X = (immature, difficult, geeky, esoteric, complicated,…)

 

The economics still show (too lazy to find link, exercise left to the user) that hosting your own private cloud is cheaper if you can do it.  There was one person I met a the last Ansible meetup who told us his start up company that had no shipping product, nor users was running a $20,000 AWS bill every month!  The case for moving to a public cloud isn’t to save cost, as my good friend tells me, its to become more competitive.  Its to move faster and get products out and make more money.  Plus, nobody trusts that their central IT can even deliver it and keep it running.

Well I hate to be all negative and doom and gloom.  So I’d like to propose a possible solution.  Its called MetaCloud, but was recently rebranded Cisco OpenStack Private Cloud.  I think we’ll be hearing a lot more about this offering this year as more enterprises embrace it.  Check it out and see the advantages.  Its the product at Cisco I am most excited about.  MetaCloud allows central IT to focus on services to their customers:  Database as a service, Load Balancing as a service, common app as a service, etc.  That is the new role of Central IT.  Providing higher level services instead of just infrastructure.

To conclude, I’d like to encourage central IT people to try out VIO as a way to test OpenStack, much like I would have encouraged people who wanted to get on the Internet for the first time to do a 60 day trial with their AOL disk they got in the mail.  But keep in mind that just having OpenStack deployed is not going to keep your customers from fleeing your firewall and going into public cloud services.  If you want to keep users, the real value IT needs to do is deliver higher level services.  Which services?  Take a look at the things you can get from AWS for examples, because that’s who you’re competing against.

iOS: ManagedObject doesn’t trigger NSFetchResultsController Reload

One of the problems I have been working on is to update a UITableViewCell with updates after the parent view controller reappears.  In this case the user clicks on a ‘comments’ button which segues to a new view controller where the user enters comments for the post.  Once the user enters these comments, they click the back button to return to the previous view controller.  That view controller should have one of its table cells updated with the new comment.

But it doesn’t work!

I tried several solutions and spent a few hours on this.  There were some helpful posts explaining what happened such as this one and this one.   None of those seemed to work for me.

I started out creating an unwind segue on the main view controller:

And as you can see from all the commented out garbage above, I tried just about everything to get that table cell to reload.  The curious thing was that the size did change, but the contents did not.

For completeness, on the exit for the comment view controller I had the code call this segue:

(Note: In storyboard you have to control drag from this view controller to the exit and select the “unwindComment” segue for this to be hooked up)

Well, none of that worked.  What I found was that the new comment wasn’t being saved in time for when the segue unwind was called.  I think if I put that segue in viewDidDisappear it might work as that is called later but I’m happy with my solution so won’t change it.

Instead the way I solved it was by putting in a notification in my Data Model when the comment was saved.

Here when its saved, we post a notification saying we saved something.

Now, back on the main view controller (where there is no editing) we listen for this notification:

Then we update the tableview when this is fired:

What a relief it was to see this work!

Now when the user clicks the back button after posting a comment, the main tableview is updated with that comment.

Git proxy

To install Ansible on my RH machine I had to get out from a proxy.

First, I modify .gitconfig

Mine looks like this behind the corporate firewall:

Or:

It does the same thing.

I also had to add to my .bashrc file:

Strange that I had to add it to two places.

I also found I couldn’t do it like the Ansible documentation said.  I had to do:

That got me a good environment.  Next I created /etc/profile.d/ansible:

That seemed to work for me!

New Job

For the past 3 years I’ve been working at Cisco in what we call the SLED vertical.  SLED = State Government, Local Government, K-12, and Higher Education.  I have nothing but positive things to say about the entire experience.  Its been very different than what I’ve been doing for the previous 10 years.  The people were awesome and I am so happy I was able to meet and have such good experiences with them.

Previous to taking this job at Cisco my day to day activities for the last 10 years was more on the bleeding edge: Scientific applications running on Linux, Open Source, KVM & large scale out distributed systems.  These last 3 years gave me exposure to VMware & Microsoft in the Enterprise.  While they are not necessarily my favorite platforms to work on, it has really helped me understand them a lot better.  I’ve also been able to learn a ton about Cisco enterprise products:  Specifically UCS and Nexus.  This has been great to be known as an expert in these fields. And those products I do like working on simply because: “They work”.  What you don’t know I’m an expert?  Ok, well, I can at least open a TAC case for you.

Like Nancy, I am “Overjoyed”

Starting in the next few weeks I’ll be transitioning to be working with the Cisco Cloud & Managed Services Organization.  I am beyond thrilled to be working in this space.  Or in the words of Fancy Nancy:  Overjoyed.  (Yeah, I have a kindergartner that we’re reading these now).  My goal is to help transform Cisco into the type of company that people look to when they are trying accelerate application delivery.  Specifically:  How to do better Hybrid IT.

I’m looking forward to doing a lot more DevOps and get back to my programming roots.  So you’ll see a lot more of that on this blog.

Currently, I’m reading a book called Lean Enterprise.  I think it should be required reading for those that work in a large organization.

Buy this book now and read it. Then start questioning everything your boss tells you to do.

 

One of the things that struck home was this quote:

“Whenever you hear of a new IT project starting up with a large budget, teams of tens or hundreds of people, and a timeline of many months before something actually gets shipped, you can expect the project will go over time and budget and not deliver the expected value”

This quote struck me especially because when I read it I started thinking about this announcement.  So that’s the warning.  Its not as if Cisco is alone in trying to to transition to the next big IT movement.  HP, Dell, and IBM are all trying to do it.  I think Cisco can be successful in this if they can do one simple thing: Deliver outcomes that customers want.

I’ve taken my mission to do this with two easy mantras:

1.  Develop solutions that customers want.

Lean Enterprise talks about how decisions are largely made by the HiPPO (Highest Paid Persons Opinion).  I’m a fan a analytics and trying things out.  See how they work and moving on quickly.  I am hopeful Cisco can continue to develop this practice.  I’ve seen it already with the Project Squared initiative that was received rather well.  I’m a fan!  I hope to see more like this from our cloud organization.

I have been very vocal about certain products and asking for use cases to make sure they are the kind of things I would want if I were trying to run a business.  I hope to continue that.

2.  Develop solutions in the open.

Instead of keeping all this back behind the Cisco curtain I want to push our company to develop everything they do in the open where people can see.  Docker networking sucks?  Security is immature?  Perhaps we should create a framework that maturates it.  Get a Mean Viable Product out there with as least amount of work as possible.  If it works, expand it: See if we can support Rocket too.  Make this open source, let our customers use it.  If it provides value, move forward, if not scrap it.  Facebook’s ‘break things’ and move fast mentality applies here.  But unlike Facebook, I’m hoping our outcomes actually do better things than waste people’s time with clickbait with captions like “You won’t believe what happens next”.

I’ve been influenced a lot by the talks and discussions I heard at Dockercon.  One that resonated is that middleware should be open and free.  We server a greater purpose, get bigger buy-in, and move faster if people can try it for free.  That’s not something a ‘software only’ company would like to hear.  But if your company is focused on outcomes then it makes perfect sense.  An outcomes company not only makes its money with support and services but with a platform people can build upon.

Looking forward to some fun times ahead!

Oh, PS, I had to share the best UCS Presentation I’ve ever seen.  You won’t believe what happens next.

 

iOS: bounds vs. frames

I got totally hosed this week trying to add a subview to a UITableViewCell.  The cool thing is that I learned a lot.

I created a custom UITableViewCell that called FeedCommentTableViewCell class.  Below is the working code:

A few lessons learned:

1.  initWithStyle is called only when the cell is created and thus will be used multiple times.  So I set the frame to zero realizing that this cell will dynamically change in size based on a function I wrote in the UITableViewController subclass.

2.  Based on experiments suggested by this post, I learned that tableview:CellForRowAtIndexPath will get called first and at the very last layoutSubviews will be called as the cell is displayed.  This is the place to set the size of the subviews based on the size of the cell.

3.  I was setting my (commentLabel in the example above) subview’s frame based on the cell’s frame (self.frame).  This was a no-no.

Expanding on number 3.

Let’s say my layoutSubviews method wanted the commentLabel to be the same size as the cell itself.  I originally did something like the following:

This would render the first cell perfect, but as I scrolled and scrolled back up I saw problems.  You see, self.contentView.frame is the coordinates of the cell in the parent view’s coordinate system.  We want to assign the frame of the commentLabel to be set to the coordinates based cell’s subview itself.  Simply moving this to something like:

Adds this subview into the coordinate system of the contentView, which is what we want!

Now I’m sure Autolayout and using Storyboards make this easier, but I’ve found that for more complex UITableViewCells, laying it out in code seems to be a lot easier to debug.

Moving on to the rest of the project now that that bug is under my belt!

Docker, Micro Services, and Sound Bites

At DockerCon EU there was a panel discussion on the future of micro services.  There were some very good insights there that I wanted to capture as well as some things I took away from it:

Most of this is from Adrian Cockcroft.  He has really emerged as a visionary in the open source DevOps world largely based on his work at Netflix. (Fun fact or name dropping moment: When Adrian worked at eBay and I was at IBM we worked together on a GPFS project, and he was the one who introduced me to LinkedIn)

Adrian and the panel basically said that all middleware or infrastructure management should be open source and only the SaaS based applications are things people will pay for.  I wholeheartedly agree with this.   There are two arguments that really stood out to make this point:

1.  The days where a company can work in NDA mode for 12 months on a project and then come out with a product for infrastructure management is too slow.  By that time an Open Source project has gone through 5 iterations and has more functionality.

2.  People become suspicious of projects like middleware that require a huge investment of time to become knowledgeable on.  Why would I want to gain skills on your proprietary middleware suite that may be inferior to something that is open source?  Open Source skills are more transferrable than a proprietary system.

I think the next hotness to emerge (that is already emerging) is a way to manage micro services running in your data center, whether that be a private or public cloud.  This will do more than just manage your docker containers.  There will be networking functionality and application queuing schedulers.  At present there seems to be two good solutions:

1.  AWS, as they have already started with their Docker Schedule.  This is still pretty remedial, but don’t count AWS out.

2.  An open source project.

There will undoubtedly be proprietary solutions.  I could see VMware deciding they need to manage docker containers in vSphere or something, and that could be nice for them.  But I think these solutions will fail.  The one that will emerge will be an open source tool championed by a community of very smart people.

Projects I see arising this year are things like Kubernetes, Panamax, Swarm, etc.  These are all ways to manage containers and have a huge head start on any enterprise projects.  I would love nothing better for a large company, like my employer, to spend time and develop tools like this for networking in an open source model.  Something that is completely open, but backed by a big company that can support it.

One big epiphany I had while watching the panel is that micro services brings the infrastructure management closer to the application side of the house, furthering blur the lines between infrastructure and developers. We’ve talked about how the lines are blurring between storage, compute, and networking, but we should also understand that these lines are being blurred between development and infrastructure:  This is what DevOps is.

A few more notes from Adrian’s “State of the Art in Microservices” talk.  I’ve quoted them below, but I’m actually paraphrasing it then I have a few comments by it:

“Cloud is API driven infrastructure.  Whether public or private, it needs to have APIs.  Its not just about self service interfaces.  It needs to have APIs.”

Too often in my own company we show the self-service interface of things like UCS Director or OpenStack but fail to show how it will help our infrastructure friends sell it internally to the application teams.  APIs are one way we can do a better job of presenting it.  The problem is that APIs just aren’t sexy unless you are a developer trying to get an environment.  Then you want nothing other than that API so you don’t have to deal with the people that want to keep the environment up and static.

“DevOps is a Re-Org. Not just create a new team and buy a copy of Chef.”

From the book “The Phoenix Project” and in real life we see that a DevOps team is successful when it takes the brightest of each organization and charters them to work with each other.

“With micro services, we treat each internal team like they are an external team.  We don’t need to know the details of the other micro services details, we only need to know the APIs and how we can communicate with them.”

“As we’ve moved towards Continuous integration: Cost and size of change has been reduced while the rate of change has increased.  This can amount towards massive disruption.”

I have one colleague I know who is doing this at his company.  This company he is in is largely static and does things the old way:  1 week to code, 2 days to build and so forth.  Doing several builds a day has caused his team to really stand out and disrupt their current status quo.  There are far reaching benefits to this and people have taken notice in a big way.

“IT transition: static machine, virtual machine, containers, AWS lambda.  AWS lambda is firing up a container and running it to do one request.”

“Architectural diagrams with simple 3-tier architectures are dead.  Architectural diagrams are now the ‘Death Star’ diagram.  This means that there are a ton of micro services talking to each other.”

Adrian talked about Netflix, Guilt, and Hailo’s architecture.  These were very good to see how enterprises are moving to this quick model.

This year in 2015 I expect most enterprises should have at least their development team use Docker intensely.  I’m using it in my applications and I already see the benefits. I can’t wait to see what happens the rest of the year!

UCS Performance Manager

Today I deployed UCS Performance Manager.  At first glance It appears to be a customized version of Zenoss with all the UCS goodies built into it so you can graph and trend over time the different metrics made available by the UCS API.  Therefore there is no agents that need to be installed.  I’m a big fan of agentless management tools.

There are two editions.  The first is the full edition (UCS-PM-IE) that allows you to monitor Cisco switches, Storage, and Hypervisors.  There is also an entry level license (UCS-PM-EE) that is just UCS.  The licensing model is “per-server”.  The UCS only license is about 1/3 the cost the price of the full edition.

The servers must be managed by UCS Manager.  Stand alone servers are not supported at this time.  (So use the UCS Integrated Management Controller Supervisor instead).  The reason for this I’m guessing is because UCS Performance Manager talks to UCS Manager and hasn’t been expanded to talk directly to the CIMC, though I could see that changing.

Installation

UCS Performance Manager comes packaged as an OVA file.  You can download it directly from Cisco’s website.  You’ll need a free eval license to run it to try it out, so talk to your Cisco account manager to get one of these licenses.

Deployment is easy, as its just an ova.  Once the system boots up you can login to the console to configure the IP address that you want to use.

The default login is root / zenoss.  You’ll have to change the password immediately upon logging in, so even if you use DHCP, please don’t forget to do this step!

Screen Shot 2015-01-06 at 11.00.38 AM

Once you set up the network, the time, and all that good stuff, you can go into the system and start configuring it.  I rebooted mine first, then started the configuration process.

Screen Shot 2015-01-06 at 11.08.23 AM

Open a web browser to the URL you see on the console.  you get in you’ll see a screen that guides you through the setup.  Pretty easy just entering in all the fields.

Screen Shot 2015-01-06 at 8.29.31 AMIn my case I made it to step 2 and realized I didn’t have the product key.  When I went back and actually had the key, my session logged me out!  I tried a few passwords and realized that the admin password was just zenoss.

After adding a few devices and changing some passwords I get a nice view of the environment

Screen Shot 2015-01-06 at 11.20.04 AM

The rest of the time is just clicking and viewing performance metrics of different devices.  I find this to be a good place to look for network traffic.  If you are familiar with rrdtool then you’ll recognize where these graphs come from.  Still, its very functional.

Another cool spot is the topology view

Screen Shot 2015-01-06 at 11.44.21 AM

I can see that I have a problem with my SAN connection pretty quickly.

All in all, UCS Performance manager is a pretty good piece of equipment that I wouldn’t hesitate to add to any UCS purchase I was making.  Its pretty inexpensive and can help you understand your applications a bit better.  It’s also worth mentioning this can run on Hyper-V.

 

UCS Invicta iSCSI to VMware ESX

I have a 12TB UCS Invicta appliance in my lab I thought I’d try out.  The interface wasn’t as intuitive as I would have preferred, but the nice thing about it is that its simple and pretty easy to use once you get the feel of it.

Invicta Configuration

Create a LUN

Navigate to the LUN configuration and click Create LUN on the top.  I’m just going to do a 100GB LUN for fun.  I called my lun3

Screen Shot 2015-01-05 at 3.56.35 PM

 

Initiator Group Configuration

I already have an Initiator group I call esx.  This is all my ESX servers that share the LUNs.  When I first saw this interface I didn’t know what to do.  It turns out that some of the links you can right click on to get details.

Screen Shot 2015-01-05 at 4.00.53 PM

Here I say Add Initiator and will plug in my ESX initiator.  The problem is, I haven’t defined on on my ESX server yet.  So let’s do that then come back.

ESX iSCSI configuration

Clicking on the host inside the Configuration tab, we first click on Storage Adapters.  Under Add in the top right we can add a new Software iSCSI initiator.

Screen Shot 2015-01-05 at 4.05.32 PMNow that we have an iSCSI Adapter, we need to connect it to a physical interface.  Usually with iSCSI we have a separate vmkernel interface that we can use.

Screen Shot 2015-01-05 at 4.06.54 PM

Screen Shot 2015-01-05 at 4.07.10 PM

Screen Shot 2015-01-05 at 4.07.26 PMScreen Shot 2015-01-05 at 4.07.44 PMScreen Shot 2015-01-05 at 4.07.54 PM After you do this you typically create another one for iSCSI-B to give it network redundancy.  We’ll omit this here as we’re just showing the basic idea.

Now, go back to the Storage Adapters menu and we’ll attach this interface to our software initiator.

Click on the iSCSI initiator and select properties on the detail screen on the bottom.  On the network configuration tab, select the iSCSI adapter.

Screen Shot 2015-01-05 at 4.15.07 PM

In the dynamic discovery tab, we add the UCS Invicta:

Screen Shot 2015-01-06 at 8.24.27 AM

Closing this window, it will rescan the devices and you’ll be disappointed to see that the Invicta LUN we created will not be shown.  This is because we didn’t add the iSCSI LUN to our initiator group.

At this point as a quick sanity check, I usually ssh into the box at this point and make sure I can ping the UCS Invicta appliance.  If that doesn’t work then you’re not going to get much farther.

Finishing off the Connection

Now we go back to the Invicta Appliance and add our LUN into the initiator group.  Right click on the initiator group you have (or create a new one) and then select ‘Add Initiator’

Screen Shot 2015-01-05 at 4.19.38 PM

 

The next screen you fill in the Initiator that you see on the vCenter screen under Storage Adapters.  Mine was iqn.1998-01.com.vmware:esx04-1e63ab9d

Screen Shot 2015-01-05 at 4.20.10 PMAfter adding you should see it in the list of initiators.

Screen Shot 2015-01-05 at 4.20.36 PM

Right clicking on the Initiator group again will allow us to add the LUN to this group.

Screen Shot 2015-01-05 at 4.24.37 PM

On this screen we drag and drop the LUN from the bottom to the top.  This to me is why the interface isn’t that intuitive.  Sometimes you right click, sometimes you drag and drop.  Once you drop it in place you can pick the LUN ID.

Screen Shot 2015-01-05 at 4.26.47 PMGoing back to the vCenter console we can now rescan the interfaces.

Right click the iSCSI software adapter and do a rescan.  Your LUNs should be up now!

 

 

 

2014 year in review

2014 was huge for me.  I hope it was a great year for you too.  A few highlights:

  • In July, I achieved the CCIE Datacenter certification.  This came after 4 failed attempts on the written exam and one previous failure on the lab exam.  More information on that is here.
  • In November, I finally got a working OpenStack implementation based on Ubuntu 14.04 with the Juno release working in my lab.  I previously had tried to install OpenStack by hand several times and failed.  I’d been successful with RDO and packstack, but that doesn’t really count because that’s just scripting magic.  I had presented at a Utah summit on OpenStack and I am convinced of its viability in the datacenter.  I hope to have a lot more to do with OpenStack in 2015.
  • I finally got around to figuring out AWS.  I had played a little with it before, but I totally immersed myself in it.  I scripted, designed and even took a full week class on it.  I’m amazed by its simplicity and how far ahead it is in front of every near competitor.  Wow.  I also took a look at Digital Ocean and became pretty fluent in creating droplets, scripting, and automating all the things.
  • Docker was a huge wake up call to me to get back into this business.  I saw the benefits of Docker immediately and was hooked.  I started deploying on my MacBook and have since worked on migrating my apps to build on Docker.
  • Application Development was a huge goal of mine this year.  Several apps were updated, including UCS TechSpecs after a big redesign and improving application performance and disk space usage.  The one I’m most excited about is an app I’ve really been working on called Transparent Diet (for now).  This is like an Instagram of Food app that helps people make good decisions with what they eat.  The things I’ve learned by developing this app have been incredible:  Full functioning API, setting up a scalable backend on AWS with ELB, containers, database migration strategies, beta testers, business cases, etc.  Seriously my favorite pastime of 2014.

Predictions for 2015.  (Please note, these are my own opinions)

  • I did nothing to increase my knowledge on VMware.  I actually tried to stay away from it.  Its not that I don’t think it has a future, I think its actually a great company and is still easier to use than anything else.  Here’s the thing: Long term Apps will be SaaS based.  That’s the end game maybe 50 years from now.  We’re already seeing most of it how people can just buy apps as a service (Netflix, Salesforce, etc).  As those migrations are made, apps migrate towards distributed cattle models instead of the pets that VMware is so good at supporting.  As those Apps migrate there won’t be as much use case for the features VMware ESXi provides.  So 2015 will see Hyper-V catch up to ESXi in terms of adoption.  But its not all bad for VMware.  NSX will probably get more traction but so will ACI and so will the basic SDN provided by Neutron in the OpenStack project.  Back to the bad news: VCAC or vRealize will be renamed into another service that people don’t want. vCloud Air will also fail to gain any traction.  More good:  Horizon will gain more traction because 2015 is the year of the virtual desktop.
  • Dinosaur companies that sell hardware will finally wake up and understand how much AWS has disrupted their business.  They’re talking about it and in many meetings I’m in, people (not just my company but others) have no clue as to what AWS can do for a startup.  They know its cheap (in some cases), but they don’t know what’s compelling about it. (Think: application services like RDS, DynamoDB).  AWS is pushing hard to get into the Enterprise.  That’s where they want to get the real money.  But it will be more difficult for them.
  • Backup as a service goes more mainstream and more people start to use DRaaS.  Many already are, but this is the low hanging fruit and a cheap and easy one to offload.
  • Container wars get serious.  Docker and Rocket from CoreOS is the tip of the iceberg.  We’ll see more orchestration tools (Challengers to Kubernetes) and perhaps more packaging APIs.  Container networking solutions will become more mature and there will be a battle in that space as well.
  • Bitcoin doubles in value.  Today its sitting at $316.  In 2015 it will get back to $600

My Goals for 2015

  • I’ll release my application Transparent Diet to the world in March.  It will be free and I hope to get that out to at least 500 people.
  • I will be blogging more about the Transparent Diet architecture as I blog more on cloud services and how to architect applications on AWS.  I also will show how to do parts on another platform.  This other platform will be something like Digital Ocean, OpenStack, or some other public cloud provider.
  • I’ll be working with my kids to develop game applications.  I’d like to teach them how to write real code.  They’ve done code.org and some others, but its time to get serious.  We’re going to build several games with the swift programming language.
  • I hope to contribute more to open source projects.  I helped this past week on an Xcode library I’ve been using.  I’ll be filling my github account with more good things.
  • I look forward to architecting more private cloud solutions

What are your goals?  Predictions?  The nice thing about tech predictions is that none remembers if you were wrong or if you made any predictions at all.  Its a pretty safe thing to say I will most likely be wildly wrong.

Here’s to a great 2015!