IT organizations are using container technology and DevOps processes to bring new-found agility to delivering applications that create business value. However, enterprise use requires strong security at every stage of the life cycle. Nothing is secure by default—security takes work. You need defense in depth. Red Hat delivers multiple layers of security controls throughout your Read more about Best practices for securing the container life cycle[…]
I started rebuilding my lab and wanted to document some of the architecture as well as commands used for the different networking devices I use at home. Dell vlans: Configure the vlan enable > configure vlan 10 configure interface vlan 10 ip address 10.0.1.1 /24 exit Configure Trunk Port configure interface Te1/1/4 switchport mode trunk Read more about DELL N4032 / HP HP ProCurve Switch 2810 / Juniper SRX 300 cheat sheet[…]
If you are in the situation where you cannot delete a DRO from the UI you can go and delete it from the rails console. I had the following Dynamic Resource Object Definition: As you can see I have 2 instances. How do you delete these instances? With both the API calls as well Read more about Delete Dynamic Resource Object form CloudForms[…]
To round this up here a recording of smartstate in AWS with auto-remediation of a vulnerability (java) via policy and ansible inside.
This will be the last part of the blog series but probably the most interesting one. When you launch a smartstate analysis you will see the following in you evm log files.
[----] I, [2018-03-11T16:12:10.941498 #3004:4f7130] INFO -- : MIQ(ManageIQ::Providers::Amazon::CloudManager::Vm#raw_scan) NAME [Scan from Vm vmtosmartstate] SCAN [nil] [NilClass]
[----] I, [2018-03-11T16:12:11.068516 #3004:4f7130] INFO -- : Job created: guid: [b0c7c318-2844-436c-bc44-21a29dfa3cce], userid: [admin], name: [Scan from Vm vmtosmartstate], target class: [VmOrTemplate], target id: , process type: [VmScan], server id: , zone: [default]
[----] I, [2018-03-11T16:12:15.868847 #3014:4f7130] INFO -- : MIQ(MiqQueue.put) Message id: , id: , Zone: [default], Role: [smartstate], Server: , Ident: [generic], Target id: , Instance id: , Task id: [job_dispatcher], Command: [JobProxyDispatcher.dispatch], Timeout: , Priority: , State: [ready], Deliver On: , Data: , Args: 
[----] I, [2018-03-11T16:12:21.133242 #3004:4f7130] INFO -- : MIQ(MiqPriorityWorker::Runner#get_message_via_drb) Message id: , MiqWorker id: , Zone: [default], Role: [smartstate], Server: , Ident: [generic], Target id: , Instance id: , Task id: [job_dispatcher], Command: [JobProxyDispatcher.dispatch], Timeout: , Priority: , State: [dequeue], Deliver On: , Data: , Args: , Dequeued in: [5.266320951] seconds
[----] I, [2018-03-11T16:13:05.374585 #3424:4f7130] INFO -- : MIQ(ManageIQ::Providers::Amazon::AgentCoordinator#find_or_create_keypair) KeyPair smartstate-2ae1670a-2fcc-4bbb-abcc-3fa962895096 will be created!
[----] I, [2018-03-11T16:13:05.877668 #3424:4f7130] INFO -- : MIQ(ManageIQ::Providers::Amazon::AgentCoordinator#deploy_agent) Smartstate agent will be deployed in vpc: [vpc-076ad862], zone: [us-east-1a] subnet: [subnet-3cc6154b]
[----] I, [2018-03-11T16:13:11.145451 #3424:4f7130] INFO -- : MIQ(ManageIQ::Providers::Amazon::AgentCoordinator#get_agent_image_id) AMI Image: RHEL-Atomic_7.4_HVM_GA-20180104-x86_64-1-Access2-GP2 [ami-d97120a3] is used to launch smartstate agent.
[----] I, [2018-03-11T16:15:55.976224 #2716:4f7130] INFO -- : MiqServer: local=Y, master=Y, status= started, id=99000000000001, pid=02716, guid=c5b77187-7fc9-426e-b3cb-6f0ce7860c8e, name=EVM, zone=default, hostname=ip-172-31-44-62.ec2.internal, ipaddress=172.31.44.62, version=184.108.40.206, build=20180221205805_f93a675, active roles=automate:database_operations:datab
There are a few interesting parts here. What is the AgentCoordinator? The code can be found here: /opt/rh/cfme-gemset/bundler/gems/manageiq-providers-amazon-9620e26f4381/app/models/manageiq/providers/amazon/agent_coordinator.rb . Its out of scope Read more about CloudForms in AWS part 3[…]
This part of the CloudForms in AWS blog series will walk you through how to make sure that CloudForms reaches its full potential in AWS. IMPORTANT: If you want SmartState analysis to work you need to register your AWS account with the cloud access program. Use the link below to enable cloud access: https://engage.redhat.com/forms/cloud-access-registration Once Read more about CloudForms in AWS part 2[…]
Ever wondered how you could run ansible tower in clustered mode across multiple AZ in AWS? This post will describe how you can build the following architecture: First, build 3 ec2 instances each in a different AZ’s. You should be more than ok with t2.large instance sizes. The subnets in the VPC can be private. Read more about AWS Multi – AZ Ansible Tower Cluster backed by RDS and fronted by ALB[…]
Ever wondered what CloudForms can do for you in AWS? The next few blog posts will walk you through step by step how to upload the CloudForms image to AWS, how to assign the correct policies and roles and how to configure it correctly so it can discover your environment. Part 1 is dedicated to Read more about CloudForms in AWS part 1[…]
Red Hat Virtualization and the OpenShift Container Platform go far back. Both products are very well integrated and share security features like svirt and cgroups which are a core security component of Red Hat Enterprise Linux. Svirt allows you to run your virtual instances as well as containers in full tenant isolation mode whereas cgroups Read more about OpenShift on RHV Automated, Secure and Transparent[…]