I was recently invited to participate in the Microsoft Partner blog where I shared my love of containers.
I’m especially passionate about container technology because of how much it makes the developer’s life easier. Unfortunately, it’s one of those things that must be experienced to truly understand. I tried to boil my thoughts town to just a few paragraphs here. Check it out and let me know what you think!
Azure App Service for Linux is a pretty neat offering from Azure. You get all of the DevOps features you want (A/B Testing, Hosted Application, Tiered Support, Button-click scaling, lots of templates and more!) without the headache of managing VM’s.
9 years ago, I wrote a quacky little website called “Duckiehunt“. Unfortunately, I didn’t pay the tech debt and things kept breaking until it was abandoned. I’m now using Duckiehunt as a learning ground for Azure’s services and alternatives.
Azure App Service for Linux was the perfect fit. However, back in 2008 SSL wasn’t as ubiquitous. Now, it’s a badge of shame to NOT have it. Azure does offer an App Service Certificate, but I’d like to find a cheaper/more open solution.
Enter Let’sEncrypt from Mozilla and the EFF. If you don’t know, EFF are the unsung heroes of the internet. They fight tirelessly to support your freedom and rights on the internet. Mozilla and EFF offer Let’sEncrypt as a free way to encrypt websites via CertBot. Now I’ll dig into the technical details behind encrypting an App Service for Linux with Let’sEncrypt.
Step #1: Get CertBot
Because I’m on OSX, I was able to run: brew install certbot. For the full range of options, CertBot’s webpage has what you need.
Step #2: Create Cert locally
Before CertBot can create the certificate for you, it must first validate you own the domain. It will prompt you for a few questions, and then ask you to create a file on the webhost and add content to that file for validation.
Thankfully, Azure App Service for Linux provides a terminal access to your container so you can make these modifications yourself.
➜ sudo certbot certonly -d duckiehunt.com –manual
Create a file containing just this data:
%RANDOM STRING 1%
And make it available on your web server at this URL:
At this point, the validation is in place and it’s time to continue with Chatbot by pressing “Enter”.
Waiting for verification…
Cleaning up challenges
– Congratulations! Your certificate and chain have been saved at:
Your key file has been saved at:
Your cert will expire on 2017-11-12. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
– If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Huzzah! I’ve now got a certificate. Time to upload.
By following the instructions, I was able to explore space and move strange and dangerous cargo from distant planets. By moving the wings around, I was able to make the Batwing and fly around Gotham. (Well before anyone else realized that potential.)
This was an immensely rewarding experience that I’ve carried with me through my professional career.
Naturally, the toys of the child lead us to adulthood. I knew I wanted to spend my life building. Creating. Spawning new ideas. I wanted to physically manifest my ideas into structures that others would see, admire and even work/play/live in. When I learned that you could get a job doing this, I was elated. I knew this was exactly what I wanted to do. My mission in life was set.
One fateful day, when I was sharing my new life mission with my Godmother she informed me: “To be an architect you have to know how to draw.” Anyone who’s seen me sign a check, write on a whiteboard, or even attempt to draw a square knows artistry genes were not bestowed upon me. I was crushed. My life’s mission was aborted and I was unsure what to do with myself.
To quote my wife: “Those are people? I thought those were windows…”
I drew this. Not sure what my obsession with blue people was. That drawing is nightmare fuel for me.
In High School, when Career Day came I didn’t care about any session other than the local architect. As torturous as it was, I still wanted to know what it was like. All I remember was “hard work…something something…dedication”.
Fast forward to the last 12 months. I made an exciting and brave leap to join Microsoft, and am now a “Cloud Solution Architect”. I’m an Architect. I’m a real, bonafide Architect. (I’m literally crying as I write this as I’m so overwhelmed with a sense of accomplishment.) My bricks aren’t 8x8x9.6 mm, they’re CPU Cores. I no longer have one toychest, I have 36 datacenter regions, spanned across the world.
//build is a developer-centric conference Microsoft hosts every year. Since I never expected to work for Microsoft, I wasn’t even aware of //build. So, when my manager asked me if I was excited to attend and I told him no, I now know why that was the naive answer.
AWS has a head start on cloud services over Azure. But if this conference was any indication, Microsoft is taking this all the more serious.
Here’s some of the announcements that really caught my eye:
CosmosDB: Originally the distributed storage behind DocumentDB, CosmosDB allows not only a document store, but a MongoDB API, a key-value store and a graph database (Gremlin). That alone is pretty impressive; however, the portion that impresses me the most is how CosmosDB handles consistency. Traditionally, a database will offer either strong or eventual consistency.
However, CosmosDB goes far beyond those two models and introduces 3 more that are all available as a turn-key solution. (Bounded Staleness, Session and Consistent Prefix (a new model of their own design))
As a data guy, this is impressive to say the least. Not just because I work here, but because this is a new level of choice that I haven’t seen before and am excited about.
Speaking of being a data guy, offering Postgres and MySQL as a service made me giddier than it probably should. That said, AWS has had it for a while, so I’m more excited that we’re catching up.
AI: There’s no denying that machine intelligence is on the rise. Netflix’s $1,000,000 prize was just the start, and the pot has gotten bigger. The teams demo’ed Object detection and identification in manufacturing rooms, that led to a “sledgehammer selfie”. You had to be there.
Skype: While Skype may not be sexy technology, if it can provide an email transcript of a meeting with a list of action items (assigned by voice commands) as the demo provided, that might change.
Powerpoint + AI: Powerpoint isn’t really sexy either. Even less than Skype. In fact, I’d put it along the same sexiness as Orkut. But the demo of speech-to-text + text translation got a huge round of applause (the demo showed a Spanish presenter translated to Chinese in seconds.)
ServiceFabric: The team announced a GA for 5.6, and while it was already available, Windows + Linux containers. It can also ingest docker-compose files, which is interesting, but sent a mixed message to the OSS community.
Fluent Design: I’m color blind, so visual design is often lost on me. Other people seemed excited about it. So, that’s nice.
Lin on Win: Ubuntu Bash on Windows is nothing new. But now you can download Ubuntu, Fedora and SUSE from the App store instead of enabling “developer mode”. Oh yeah, iTunes is on App Store now too. Dude.
Hololens: Microsoft’s current Hololens is very neat, but costs ~$3000. Microsoft announced is a $399 model from Acer, which will be available in time for the holidays. Microsoft’s Hololens uses a transparent screen in front of your eyes to overlay augmented reality, and the Acer model provides a complete-view screen with cameras on the side to augment. There were 19 mixed reality experiences (vendors/partners) attending //build.
The parties: Microsoft spared no expense in ensuring that the guests enjoyed themselves. My highlight was walking around CenturyLink Field (home of the Seattle Seahawks) and screaming “Who Dat!”. Rock-aoke (Karaoke with a live-band) was a huge hit too.
Want to pretend you were there from experiencing my photos? Now you can!
After Oracle’s surprise announcement of their containerization of Oracle DB, Oracle WebLogic and a few of their other core technologies, I decided to test it out for myself. (Speaking authentically, I’m leery of their commitment; however, I recognize that I work on Open Source at Microsoft, so who am I to judge?)
After some sleuthing, it appears they once included the OracleLinux binaries in the git repo but have not purged them. Poor Github. I have a tremendous amount of appreciation for their architects and support engineers. Below is the SHA1 of the blob, the # of bytes of each file and the path.
Run their buildDockerImage.sh from the Github Repo
The documentation isn’t explicit about where to store the downloaded image. (in my case the ‘OracleDatabase/dockerfiles/184.108.40.206’ directory)
Now the moment of truth. From the “OracleDatabase/dockerfiles” directory, run buildDockerImage.sh
CLICK TO SHOW DETAILS
dockerfiles git:(master) time ./buildDockerImage.sh -v 220.127.116.11 -s
Building image 'oracle/database:18.104.22.168-se2' ...
Sending build context to Docker daemon 3.454 GB^M^M
Step 1/16 : FROM oraclelinux:7-slim
Pages and pages of output. So much text that my iTerm buffer no longer had the initial command.
Oracle Database Docker Image for 'se2' version 22.214.171.124 is ready to be extended:
Build completed in 658 seconds.
./buildDockerImage.sh -v 126.96.36.199 -s 3.68s user 8.15s system 1% cpu 10:57.49 total
Perhaps I’m being overly dramatic; however, the Docker Ecosystem has lots of high expectations and one of those is rapid development and deployment through small, composable artifacts. Granted, building and deploying a new version of database is not a common occurrence; however, the process it not conducive to DevOps. That said, this is their first foray into this, so I’m still excited to see the change.
dockerfiles git:(master) docker images
oracle/database 188.8.131.52-se2 f788cd5b4b9d 4 minutes ago 14.8 GB
oraclelinux 7-slim 442ebf722584 6 days ago 114 MB
fedora latest 15895ef0b3b2 7 days ago 231 MB
microsoft/mssql-server-linux latest 7b1c26822d97 7 days ago 1.35 GB
nginx latest 5766334bdaa0 3 weeks ago 183 MB
ubuntu latest 0ef2e08ed3fa 8 weeks ago 130 MB
14GB? I take that back.
Start the container
Let’s get the party started…
dockerfiles git:(master) docker run --name oracledb -p 1521:1521 -p 5500:5500 oracle/database:184.108.40.206-se2
ORACLE PASSWORD FOR SYS, SYSTEM AND PDBADMIN:
LSNRCTL for Linux: Version 220.127.116.11.0 - Production on 28-APR-2017 03:21:48
Copyright (c) 1991, 2016, Oracle. All rights reserved.
TNSLSNR for Linux: Version 18.104.22.168.0 - Production
System parameter file is /opt/oracle/product/22.214.171.124/dbhome_1/network/admin/listener.ora
Log messages written to /opt/oracle/diag/tnslsnr/91c68ac2b2bf/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=0.0.0.0)(PORT=1521)))
Copying database files
Huzzah! After about 9 minutes, it’s finally started! Let’s test it!
It is at this point that I realize I’ve already gone through 2 drams of Aberlour and I should probably stop for the night. Provided there is enough interest (and whiskey), I’ll write-up Step 2 of getting this running on Kubernetes in ACS. As for now, I should stop while the world is only mildly spinning.
NOTE 1: If the database auto-generates a password with a “/” in it, I’ve found it doesn’t work. You can change that by running: docker exec ./setPassword.sh
NOTE 2: If you run this multiple times, make sure to run “docker system prune” as it fills up your disk fast. On my 3rd try, I hit the following error, even with lots of space on my disk. [FATAL] [DBT-06604] The location specified for 'Fast Recovery Area Location' has insufficient free space.
CAUSE: Only (9,793MB) free space is available on the location (/opt/oracle/oradata/fast_recovery_area/ORCLCDB/).
ACTION: Choose a 'Fast Recovery Area Location' that has enough space (minimum of (12,780MB)) or free up space on the specified location.
After hearing about it for years, I was fortunate enough to attend DockerCon this time around. Since joining Microsoft as a Open Source Technical Evangelist, 80% of my job is either learning or teaching. This was my first OSS conference since joining Microsoft, and I was eager to share with others my experiences.
I was even more excited to find out that a Drew Erny (my Godmother’s grandson) was not only attending, but presenting! It was also a change for me to hobnob with some of the Docker elite and some of the other Microsoft movers and shakers.
Docker Multi-Stage Build – TL;DR – Specify multiple FROM’s separate build env from deploy artifact. For more details
MobyProject – Open Source project to help developers create their own Docker-like container platform. This one was unclear at first, until I read a few more articles on it.
LinuxKit – A toolkit for building secure, portable and lean operating systems for containers was open sourced live on stage!
Topics ranged from enterprise deployments to enterprise scaling to enterprise security and “how to convince your enterprise boss” and “Docker Enterprise. Look at how Enterprisey we are and how Dockery other enterprises are”.
Day 1’s keynote felt more developer centric, and Day 2’s felt more enterprise centric. Afterwards, I also noticed the undertone of “Look how Enterprise Docker is” in not just the keynotes, but many of the presentations. Docker is definitely positioning itself to be more respected in the Enterprise world. I get it and completely understand it, but the message was tilted every so slightly towards that slant.
NOTE: There used to be rumors of Microsoft buying Docker. If Microsoft had, and then Docker made the same Enterprise slant, there would be a HUGE backlash. Docker has worked hard to be beloved and it shows.
Since I registered late, I missed a number of the critical emails including an FYI to RSVP to a party that was waitlisted by the time I discovered it. Thankfully, by then I had found my own crew to dine and drink with.
The DockerCon app was helpful for detailing the tracks and available sessions and adding them to the DockerCon app’s calendar. Would be helpful if it exported to a personal calendar for reminders as I got caught up in the Expo hall many times.
As a coordinator of 1000+ people events, I understand exactly how difficult this is. Your best hope is that no one really notices the blood, sweat and tears that go into setting it up. And it’s now that everything is done that I appreciate how good of a job they did.
The was more than adequate signage and information for what is happening and where.
This is the first convention I’ve been to that included a swing set, which was awesome. Lots of break-out areas, separated by pallets and bean-bag private spaces.
Microsoft and IBM were the platinum sponsors and it showed as they were the first two you saw when walking in. Outside of that, there were plenty of vendors eager to talk and lots of great swag. Drones were the most popular prize, but sadly the luck of the Coonass wasn’t with me.
Lots of great vendors. I got to pick the brains of talented teams at AWS, Rancher, Yippie.io, Redhat, Docker, Aqua, RedisLabs, 1&1, Citrix, Cloud Native Compute Foundation, Oracle (yes, that Oracle. They provide Oracle server on containers now!)
Lots of great presentations and speakers.
“Creating Effective Images” was the top rated and thankfully repeated since I missed it the first time. I highly recommend watching when it becomes available online.
Docker Swarm Deep Dive – Drew Erny did a great job of headlining this talk with demos from some of his compatriots. I saw how Docker bakes security into everything they do which will make all of our lives easier. I have been focused on Kubernetes, but the new announcements for Docker Swarm have gotten me really excited, especially how they handle Secrets and image security, software supply chain lifecycle and desktop deployments.
Here’s some great quotes I overheard:
“I only use microservices to effectively hide the root cause of any problem I create”
“Whatever layer you’re at, the layer below you is just magic”
“To quote WuTang: Cache rules everything around me.”
Prior to DockerCon, I really hoped to attend and meet a few more Microsoft’ers and some Docker’ers(?) but got swept up into the community and the common goal it has for deploying software better, faster, stronger. I can’t wait till next year.
P.S. If you are interested in toying around with Docker, check out: http://training.play-with-docker.com/ It’s a great walkthrough without the need to install anything (browser based development!)
The great Larry Wall claims that these are the three great virtues of a great programmer. And I whole heartedly agree. However, If I were to propose three virtues, they’d be: Inquisitiveness, Acceptance, and Stubbornness.
My name is Tommy Falgout, I’m a new employee at Microsoft and I have no idea what I’m doing.
I don’t know .NET. Or Azure. I don’t own a Windows Phone. Heck, the last Windows OS I “owned” was XP.
What I do have is ~20 years of experience in *nix and Open Source software development. I helped develop the original SMS implementation for GSM, back when phones were only meant for voice. I wrote telecom automation systems in Perl, PHP and MySQL 3.x. I then worked at Yahoo for 9 years where I expanded my brain to build their live events engine to broadcast Obama’s Inauguration, the Royal Wedding and the NFL games (Yahoo used to own NFL streaming rights in the 2000’s) I migrated to Yahoo’s Infrastructure database which was the duct tape keeping everything together and integrated.
As a Technical Evangelist, I’m building upon all that experience as a foundation for this new opportunity. To take Azure to the next level.
The thing is…I don’t know how to Azure yet. But that’s the point of this blog. To detail my findings and explore the union of Open Source and Azure. This will be a dumping ground and lesson’s learned. I’m a big fan of transparency and learning from other people’s mistakes. My hope is that you can learn from mine.
I’ve decided to journal again, not because I need something else to do (Father, Husband, Principal Developer @ Yahoo, Scrum Master, President and Founder of DFW Trebuchet, Team Lead for “Trey Bouchet”), but because I’ve lost focus.
I’ve learned that my ambition is often greater than my common sense. While this helps forward my goals, the overuse of my greatest strength soon becomes my greatest weakness. And as I write, erase and re-write these words, it helps me search deeper into myself for my true intent. And I think that’s what I’m really searching for. Similar to how artists chip away a perfectly good stone to release the sculpture underneath, I think it’s time for me to shed those internal monologues and responsibilities that no longer reflect me.
I’ve taken over many responsibilities because I have a vision for how great the endgame will be (DFW Trebuchet, various work projects); however, over time those same passions become a burden as my role devolves from leader to lynchpin. And this is where I continue to work on turning the breakdown to a breakthrough. I’m not sure what it will take, or even how long. However, I’m sure that it will involve me reaching out to my community and garnering their support. Most likely by helping me pull my head out of my ass.
This is the time of year I electronically dust off the addresses of friends and acquaintances, old and new, and ask myself over a cup of hot chocolate, “Do they still live there? How much is postage these days? Do I even know how to write something that isn’t my signature? This is to overwhelming. Maybe I’ll do it next year.” This is also where we’d have a picture of our family in front of a christmas tree showing how big Kara has grown and with a message about how great this year has been.
Fortunately, our lives have been so blessed that one picture couldn’t possibly summarize everything that we’ve experienced this year. So, I present to you this e-essay/card where you can click on links so we both reminisce on what’s happened to the Falgout Family in 2011.
Early on, I reconnected with my family through my long forgotten Falgout family tradition of a bonfire on NYE, as well as celebrating Kara’s birthday in our new Falgout family tradition: Cupcakes! We also got to meet Kara’s namesake celebrity, Katee Sackhoff. And a few othercelebrities!
Somewhere mixed in all this was a trip to Italy, which I had promised Kathy for many years. And we discovered that even thousands of miles away, international cultures have more in common than you think.
For the first time, since moving into the Plano, we participated in Halloween. Verdict: Cute!
I also picked up bowling, which I found out I can be quite good at if I put my mind to it (read: Don’t drink as much).
This year was also a resurgence in our friend’s fertility! 12 of our friends are on their way to starting their own families this year. (I sometimes think of ourselves as the Baby Making Hipsters of our friend’s circle.)
Looking back, it’s amazing to see all that has happened this year. It’s an extremely blessed and fortunate life. And it’s enriched by all of our friends and family which support and encourage us and our wacky lifestyle.
Thanks and here’s to outliving the Mayan’s expiration in 2012!
-Tommy, Kathy and Kara Falgout
A long, long time ago, LEGO announced their new Collectors Star Destroyer. It was their largest set at the time and I being a long time LEGO maniac, I had to have it. It took many weeks to build, and has been one of my prize possessions which I’ve flaunted even more than my hot tub. Friends, relationships and other toys have come and gone, but ol’Desty has always been around.
Now that I have a wife and kid, space has become constrained, and I’ve had to become creative in my toy storage. After mulling it around, I realized the best for Ol’Desty was to prominently display her, hanging from the ceiling. Unfortunately, after some researching the only useful bit of information I found was “use fishing wire”. I could do better than that.
To all my friends who have gotten this far, you can stop reading as the rest will bore you to tiny little brick pieces. To all of the LEGO enthusiasts, on with the gory details!
One of the most fascinating parts of trying to hang the LEGO Star Destroyer (LSD) was taking it apart and seeing how 9 years of being on display has affected the structure. If you’ve built an LSD before, you know that the fuselage is made of four attached triangles and most of the weight settles on the last two-thirds of the structure. You also probably also know that it’s an extremely fragile set, held together by magnets. Great idea, but for me, the bottom panels kept falling off all too often. In the pictures, you can see how the center beams have warped over time, bowing up to 4 3/4″ from the ground (between the two stands) and sagging to 4″ from the ground (at the tip).
On my first attempt, I tried to cradle the LSD by wrapping fishing wire around the entire structure, but that caused it to pinch the panels some places and bow out in others. After a few other experiments with the LSD over a generous glass of whiskey and coke, I found my solution.
I removed all 4 pieces of panelling and tied one long piece of fishing wire into strategic weight points on the triangle frame, using the peg holes of the middle long bricks to wrap the fishing wire around. I then re-attached the panels and fed the fishing wire between the horizontal center crevice. This approach caused the least amount of structural and functional disruption and allowed it to balance right on it’s widthwise center of gravity.
I played around with different locations along the frame and finally found a proper equilibrium (see pics). When hanging, my intent was to tilt the LSD slightly forward so that as you enter the room, a clear view of all of the beautiful deals LEGO put into the model are visible. Along with some more adjustments to the weight distribution, I was able to get the angle I wanted.
Google Sketchup was a great way to plan out exactly where to drill for the ceiling hooks. It also allows me to make some planned adjustments for upcoming LEGO Goodness
It required two people to hoist the LSD up, adjust the tension on the wires and tie off the ends. Once it was all settled and angled properly, the rear wires were significantly tighter than the front, but I believe that this is unavoidable due to the LSD’s weight distribution.
For the rest of the evening, I just sat there, basking at it’s beauty and glowing as it was inspiring to see it hovering ever so menacingly there, and proud of my accomplishment and DIY prowess.