So this is my first +Fedora Project Flock conference. I arrived in Krakow yesterday from Austin Texas. The folks who put Flock together did a great job with this event. I have never been to Krakow before, and they clearly communicated how you get around, which buses / trains to take, how to buy tickets, everything. Kudos to that team. I had a few reasons to come to Flock, I wanted to put some faces to names that I have been working with over the years. I wanted to meet with the members of the Fedora Cloud group that I have been participating in, and I wanted to attend technical sessions and see what's coming up in the distro.
My schedule is listed here. I'll blog each day that I'm here to share the experience. Hopefully you will find it interesting enough to attend the next one if you ddn't get a chance to come to this Flock event. I'll give an overview of each session that I attend. I know I won't capture all the details from each session that I attend, but it's a taste. The sessions are recoreded and will be posted to the Fedora youtube channel.
Introduction from Joe B. to thank sponsors: Red Hat, Unix Stickers, SuSE, The Linux Foundation, stickermule. Thanks sponsors! Keep in mind though, Flock is a confernece that is run and led by contributors - for contributors. I can tell there was a ton of work done behind the scenes to make this event happen.
Then the keynote by +Matthew Miller. Matt covered some of the numbers that show Fedora is gaining steam in the cloud and developer space, among many others. He also talked about a few of the major goals for 2016. It's cool to see that the +Fedora Project has some big plans to continue moving forward in the cloud space. Think items like Fedora Atomic, OpenShift and Flatpak.
My first session was Fedora with "Amazon EC2 Container Service" presented by +David Duncan. He did a great job showing how you can leverage +Project Atomic Fedora Atomic hosts to run containers on AWS with. Big takeaways are that +Amazon.com has containerized the ecs agent which is the gateway to integration. There are different ways to configure a Fedora Atomic host to use the ecs agent. We need to follow up on this to make sure we optimize the process and make it easier for users to start running containers on a Fedora Atomic host on AWS. David mentioned many things during his presentation - and as an ops guy, some of them were very interesting. Particularly the autoscaling, storage attachment, scheduling and integration with Fedora Atomic hosts capabilities. Great session.
Second session was +Thomas Cameron presenting an "Introduction to Container Security". Thomas set the context by talking about how Red Hat got involved with containers. Then Thomas moved into the meat of the presentation talking about everything from kernel namespaces to SELinux, cgroups, tips and tricks, etc... Takeaways, image provenance matters, don't just download any image from anywhwere and expect good things. Keep SELinux enabled. Production containers matter, run them in a supported fashion on production supported hosts. Don't run with root priviledges. Image and container lifecycle matters - come up with a way to manage your container ecosystem. Great session.
The third session was "Containers in Production" was presented by +Daniel Walsh. Need I say more? Dan discussed COW filesystems and some of the optinos here: DeviceMapper, BTRFS, etc... Also showed a cool demo of a Docker registry that could share the images via NFS or other shared filesystems. So you could access your container content without having to do a "docker pull". That's pretty cool. Next up was "System Containers". Dan talked about lack of container priority, how systemd handles this and how it's a natural fit. Hence: system containers. Keep your eye out for skopeo which is a container management tool. Simple signing came up next. Think signing for rpm. It's all about image provenance. The signature is separated from the image, you can cryptographically prove that an image was signed by X person / company. Dan then discussed OCID (standards based alternative to Docker and RKT runtimes) - Componented needed by OpenShift to run the +Kubernetes workflow. It leverages skopeo which provides image transport, atomic mount for storing images, OCI runtime (think runc), and container managmenet API via OCID which is the "Open Container Initiatiive Daemon". Great session.
"Application Containers and System Services" by +Honza Horak was up next. Honza told a story about getting started with $SUBJECT by discussing and walking through container basics, PostgreSQL containers, system containers, and more. During the container basics section Honza started at the beginning and showed building images from the inception of a Dockerfile which included best practices such as cleaning layers of the image that make "dnf install" calls. He also mentioned squashing images - creating an image with one commit (layer) using the docker-squash (I hadn't seen this) package. Honza then discussed proper ways to build the PostgreSQL image as well as Python based images. Honza also discussed s2i (Source to Image) which allows you to build containers from source code. Next he discussed "System Containers" which is a phrase he is using to describe containers running on a system that are managed by systemd which can be accomplished via the "atomic" command. Honza concluded with a discussion of "Tools Containers" which are used to provide a mechanism to work with other images (think mongodb and mongodb tools), the "atomic" command for working with SPC containers, flatpak and building infrastructure. Great session.
A couple of sessions that I didn't get to attend but wanted to: "Copr: What's New?" and "Getting new things into Fedora". Plenty of great sessions to see at Flock. I'm looking forward to day 2. Oh, and I signed up to do a lightening talk on how to provision OpenShift on Fedora on AWS, if you have 5 minutes, stop by. Lightening Talk. Tonight ends with a organized walking tour of Krakow. Busy day, informative day.