Introducing the Red Hat Enterprise Linux Atomic Base Image

We’re excited to announce our latest step in the further optimizing of Red Hat Enterprise Linux (RHEL) for containers with the release of the RHEL Atomic base image. This image is much smaller than the current RHEL base image, giving just enough to get started on building your application or service.

We carved out python, systemd, and yes, even Yum is gone – leaving you with only the bare bone essentials like glibc, rpm, bash, and their remaining dependencies. This leaves us with an image that’s just under 30MB compressed, 75MB on disk; composed of 81 packages.

Continue reading “Introducing the Red Hat Enterprise Linux Atomic Base Image”

Now Available: QuickStart Cloud Installer (QCI) 1.1

We’re pleased to announce the availability of QuickStart Cloud Installer (QCI) 1.1! This is the second release of QCI since its introduction on September 14, 2016.

Included with both Red Hat Cloud Suite and Red Hat Cloud Infrastructure entitlements, QCI is designed to simplify provisioning your private cloud infrastructure by orchestrating installation workflow across different products. Instead of installing each product in the suite separately, QCI provides an intuitive web-based graphical user interface for provisioning a fully functional cloud using any combination of components in

Continue reading “Now Available: QuickStart Cloud Installer (QCI) 1.1”

Ops Happiness – Harness Data for Operations Intelligence

As covered in the previous article, The Quest for Operations Intelligence, we have very high expectations from any modern Cloud architecture applications deployed on Red Hat hybrid cloud solutions.

No matter how much support is put into place, the customer needs to be able to operate their hybrid clouds.

After taking a look a correlating all of the available data we reached a conclusion in the previous article that we needed to do something more

Continue reading “Ops Happiness – Harness Data for Operations Intelligence”

Red Hat IT Single Sign On(SSO) Runs on Red Hat Virtualization

Red Hat is best known for Red Hat Enterprise Linux (RHEL) and for being a leader in driving open source development projects. In many cases, the upstream projects then become Red Hat products that provide enterprise functionality elsewhere in the stack.

In a previous blog post, I detailed how we use Red Hat Single Sign On (SSO) to provide a robust and scalable authentication system for public web properties. Applications, such a Red Hat SSO, can obviously be deployed in a variety of platforms. Red Hat IT selected to adopt a hybrid-cloud deployment model for Red Hat SSO, as the majority of normal traffic for https://sso.redhat.com is serviced out of one of our corporate data centers. SSO and virtually every other application runs on top of Red Hat Virtualization.

Continue reading “Red Hat IT Single Sign On(SSO) Runs on Red Hat Virtualization”

Red Hat Enterprise Linux Across Architectures: Everything Works Out of the Box

Since the Red Hat Enterprise Linux Server for ARM Development Preview 7.3 became available I’ve been wanting to try it out to see how the existing code for x86_64 systems works on the 64-bit ARM architecture (a.k.a. aarch64).

Going in, I was a bit apprehensive that some kind of heavy lifting would be needed to get things working on the ARM platform. My experience with cross-architecture ports with other distros (before I joined Red Hat) indicated

Continue reading “Red Hat Enterprise Linux Across Architectures: Everything Works Out of the Box”

Identity Management Improvements in Red Hat Enterprise Linux 7.3: Part 1

Red Hat Enterprise Linux (RHEL) 7.3 has been out for a bit, but have you looked at what we’ve added in the Identity Management area for this release? I’m excited to say, we’ve added quite a bit!

In the past I have been talking about individual features in Identity Management (IdM) and System Security Services Daemon (SSSD) but this is really not how we prioritize our efforts nowadays. We look at customer requests, community efforts, and market trends and then define themes for the release. So what were these themes for RHEL 7.3?

Continue reading “Identity Management Improvements in Red Hat Enterprise Linux 7.3: Part 1”

PCI Series: Requirement 10 – Track and Monitor All Access to Network Resources and Cardholder Data

This is my last post dedicated to the use of Identity Management (IdM) and related technologies to address the Payment Card Industry Data Security Standard (PCI DSS). This specific post is related to requirement ten (i.e. the requirement to track and monitor all access to network resources and cardholder data). The outline and mapping of individual articles to the requirements can be found in the overarching post that started the series.

Requirement ten focuses on audit and monitoring. Many components of an IdM-based solution, including client components like

Continue reading “PCI Series: Requirement 10 – Track and Monitor All Access to Network Resources and Cardholder Data”

SELinux Mitigates container Vulnerability

A new CVE, (CVE-2016-9962), for the docker container runtime and runc were recently released. Fixed packages are being prepared and shipped for RHEL as well as Fedora and CentOS. This CVE reports that if you execd into a running container, the processes inside of the container could attack the process that just entered the container.

If this process had open file descriptors, the processes inside of the container could ptrace the new process and gain access to those file descriptors and read/write them, even potentially get access to the host network, or execute commands on the host.

Continue reading “SELinux Mitigates container Vulnerability”

Container Live Migration Using runC and CRIU

In my previous article I wrote about how it was possible to move from checkpoint/restore to container migration with CRIU. This time I want to write about how to actually migrate a running container from one system to another. In this article I will migrate a runC based container using runC’s built-in CRIU support to checkpoint and restore a container on different hosts.

I have two virtual machines (rhel01 and rhel02) which are hosting my container. My container is running Red Hat Enterprise Linux 7 and is located on a shared NFS, which both of my virtual machines have mounted. In addition, I am telling runC to mount the container

Continue reading “Container Live Migration Using runC and CRIU”