PyCon India 2016

Heya! First of all I’m really sorry for such a delay with PyCon India 2016 blog post.

It was my first PyCon India. I have always wanted to attend such nice conference. But somehow I was probably going to miss it because of fund. It was only DGPLUG for which I could attend PyCon India 2016. They made sure about my travelling from Pune to Delhi and my accommodation. Have a look at 🙂 https://kushaldas.in/posts/dgplug-contributor-grant-recipient-trishna-guha.html.

DAY 1 started with Workshop and Openspace. I stayed in the Openspace since I didn’t buy ticket for workshop. I came to know about an useful project Ansible-Container from Shubham Miglani. We started hacking on the project. I also created an issue for the project but couldn’t work on the patch since the patch was already fixed and out with next release.

I met many of the faces whom I used to know on IRC/Twitter only. It was really exciting and my first day of the conference was over.

The main conference started from Day 2. It started with Keynote by Baishampayan Ghose. He gave a nice keynote on building bridges, distributed architecture and functional testing. Then the other talks carried on.  I was at the Red Hat and PyLadies booth most of the time.

We had a keynote by VanL as well about software design and failure which was great.

Many people came down with the interest about internship at Red Hat and joining PyLadies Community. We had DGPLUG + PyCon India Dinner at BBQ- Delhi later at night.

Day 3 started with Keynote by Andreas Muller on Machine Learning. Then multiple tracks talks carried on. I really enjoyed microservices talk by Ratnadeep Debnath. We had DGPLUG staircase meeting. There after we had open discussion on PyLadies – Diversity and FOSS community with Paul Everitt, Dmitry Filippov, VanL.

There was Red Hat sponsored talk by Kushal Das.

Oh yes I gave a short lightning talk on Project Atomic and Fedora Infrastructure Application Bodhi as well. The day ended with DGPLUG photo shoot.

We had dinner outside and headed back to Pune that night.

Below are the few photos I have :-).

ctqgad2vmaag13g

29313770323_05feccdc10_z

For more photos visit: https://www.flickr.com/photos/sayanchowdhury/albums/72157674406421245

We are going to have another conference on Python really soon Pycon Pune 2017 :-).

Talking to Docker daemon of Fedora Atomic Host

This post is now deprecated, Please follow the more enhanced one: http://www.projectatomic.io/blog/2017/01/remote-access-docker-daemon

This post will describe how to use Docker daemon of Fedora Atomic host remotely.  Note that we are also going to secure the Docker daemon since we are connecting via Network which we will be doing with TLS.

TLS (Transport Layer Security) provides communication security over computer network. We will create client cert and server cert to secure our Docker daemon. OpenSSL will be used to to create the cert keys for establishing TLS connection.

I am using Fedora Atomic host as remote and workstation as my present host.

Thanks to Chris Houseknecht for writing an Ansible role which creates all the certs required automatically, so that there is no need to issue openssl commands manually. Here is the Ansible role repository: https://github.com/ansible/role-secure-docker-daemon. Clone it to your present working host.

$ mkdir secure-docker-daemon
$ cd secure-docker-daemon
$ git clone https://github.com/ansible/role-secure-docker-daemon.git
$ touch ansible.cfg inventory secure-docker-daemon.yml
$ ls 
ansible.cfg  inventory  role-secure-docker-daemon  secure-docker-daemon.yml

$ vim ansible.cfg
[defaults]
inventory=inventory
remote_user='USER_OF_ATOMIC_HOST'

$ vim inventory 
[serveratomic]
'IP_OF_ATOMIC_HOST' ansible_ssh_private_key_file='PRIVATE_KEY_FILE'

$ vim secure-docker-daemon.yml
---
- name: Secure Docker daemon for Atomic host
  hosts: serveratomic
  gather_facts: no
  become: yes
  roles:
    - role: role-secure-docker-daemon
      dds_host: 'IP_OF_ATOMIC_HOST'
      dds_server_cert_path: /etc/docker
      dds_restart_docker: no

Replace ‘USER_OF_ATOMIC_HOST’ with the user of your Atomic host, ‘IP_OF_ATOMIC_HOST’ with the IP of your Atomic host, ‘PRIVATE_KEY_FILE’ with the ssh private key file of your workstation.

Now we will run the ansible playbook. This will create client and server certs on the Atomic host.

$ ansible-playbook secure-docker-daemon.yml

Now ssh to your Atomic host.

We will copy the client certs created on the Atomic host to the workstation. You will find the client certs file in ~/.docker directory as root user. Now create ~/.docker directory on your workstation for regular user and copy the client certs there. You can use scp to copy the cert files from Atomic host to Workstation or do it manually ;-).

We are going to append some Environment variables in the ~/.bashrc file of the workstation for regular user.

$ vim ~/.bashrc
export DOCKER_TLS_VERIFY=1
export DOCKER_CERT_PATH=~/.docker/
export DOCKER_HOST=tcp://IP_OF_ATOMIC_HOST:2376

Docker’s port is 2376 for TLS (secured port).

Now go your Atomic host. We will add tls options to docker command on atomic host.

Add –tlsverify –tlscacert=/etc/docker/ca.pem –tlscert=/etc/docker/server-cert.pem –tlskey=/etc/docker/server-key.pem -H=0.0.0.0:2376 -H=unix:///var/run/docker.sock in the /etc/sysconfig/docker file.

$ vi /etc/sysconfig/docker
OPTIONS='--selinux-enabled --log-driver=journald --tlsverify --tlscacert=/etc/docker/ca.pem --tlscert=/etc/docker/server-cert.pem --tlskey=/etc/docker/server-key.pem -H=0.0.0.0:2376 -H=unix:///var/run/docker.sock'

We will need to reload and restart the docker daemon.

$ sudo systemctl docker-reload
$ sudo systemctl restart docker.service

Reboot both of your Atomic host and Workstation.

So now if you try running any docker command as regular user on your workstation it will talk to the docker daemon of the Atomic host and execute the command there. You do not need to manually ssh and issue docker command on your Atomic host :-).

Here are some screenshots for demonstration:

Atomic Host:

screenshot-from-2016-12-09-10-27-47

screenshot-from-2016-12-09-10-29-46

screenshot-from-2016-12-09-10-26-31

Workstation:

fotoflexer_photo

screenshot-from-2016-12-09-10-26-35

 

Containerization and Deployment of Application on Atomic Host using Ansible Playbook

This article describes how to build Docker image and deploy containerized application on Atomic host (any Remote host) using Ansible Playbook.

Building Docker image for an application and run container/cluster of containers is nothing new. But the idea is to automate the whole process and this is where Ansible playbooks come in to play.

Note that you can use Cloud/Workstation based Image to execute the following task. Here I am issuing the commands on Fedora Workstation.

Let’s see How to automate the containerization and deployment process for a simple Flask application:

We are going to deploy container on Fedora Atomic host.

First, Let’s Create a simple Flask Hello-World Application.

This is the Directory structure of the entire Application:

flask-helloworld/
├── ansible
│   ├── ansible.cfg
│   ├── inventory
│   └── main.yml
├── Dockerfile
└── flask-helloworld
    ├── hello_world.py
    ├── static
    │   └── style.css
    └── templates
        ├── index.html
        └── master.html

hello_world.py

from flask import Flask, render_template

APP = Flask(__name__)

@APP.route('/')
def index():
    return render_template('index.html')

if __name__ == '__main__':
    APP.run(debug=True, host='0.0.0.0')

static/style.css

body {
  background: #F8A434;
  font-family: 'Lato', sans-serif;
  color: #FDFCFB;
  text-align: center;
  position: relative;
  bottom: 35px;
  top: 65px;
}
.description {
  position: relative;
  top: 55px;
  font-size: 50px;
  letter-spacing: 1.5px;
  line-height: 1.3em;
  margin: -2px 0 45px;
}

templates/master.html

<!doctype html>
<html>
<head>
    {% block head %}
    <title>{% block title %}{% endblock %}</title>
    {% endblock %}
    												<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
    												<link href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css" rel="stylesheet" integrity="sha384-T8Gy5hrqNKT+hzMclPo118YTQO6cYprQmhrYwIiQ/3axmI1hQomh7Ud2hPOy8SP1" crossorigin="anonymous">
    												<link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
    												<link href='http://fonts.googleapis.com/css?family=Lato:400,700' rel='stylesheet' type='text/css'>

</head>
<body>
<div id="container">
    {% block content %}
    {% endblock %}</div>
</body>
</html>

templates/index.html

{% extends "master.html" %}

{% block title %}Welcome to Flask App{% endblock %}

{% block content %}
<div class="description">

Hello World</div>
{% endblock %}

Let’s write the Dockerfile.

FROM fedora
MAINTAINER Trishna Guha<tguha@redhat.com>

RUN dnf -y update && dnf -y install python-flask python-jinja2 && dnf clean all
RUN mkdir -p /app

COPY files/ /app/
WORKDIR /app

ENTRYPOINT ["python"]
CMD ["hello_world.py"]

Now we will work on Ansible playbook for our application that deals with the automation part:

Create inventory file:

[atomic]
IP_ADDRESS_OF_HOST ansible_ssh_private_key_file=<'PRIVATE_KEY_FILE'>

Replace IP_ADDRESS_OF_HOST with the IP address of the atomic/remote host and ‘PRIVATE_KEY_FILE’ with your private key file.

Create ansible.cfg file:

[defaults]
inventory=inventory
remote_user=USER

[privilege_escalation]
become_method=sudo
become_user=root

Replace USER with the user of your remote host.

Create main.yml file:

---
- name: Deploy Flask App
  hosts: atomic
  become: yes

  vars:
    src_dir: [Source Directory]
    dest_dir: [Destination Directory]

  tasks:
    - name: Create Destination Directory
      file:
       path: "{{ dest_dir }}/files"
       state: directory
       recurse: yes

    - name: Copy Dockerfile to host
      copy:
       src: "{{ src_dir }}/Dockerfile"
       dest: "{{ dest_dir }}"

    - name: Copy Application to host
      copy:
       src: "{{ src_dir }}/flask-helloworld/"
       dest: "{{ dest_dir }}/files/"

    - name: Make sure that the current directory is {{ dest_dir }}
      command: cd {{ dest_dir }}

    - name: Build Docker Image
      command: docker build --rm -t fedora/flask-app:test -f "{{ dest_dir }}/Dockerfile" "{{ dest_dir }}"

    - name: Run Docker Container
      command: docker run -d --name helloworld -p 5000:5000 fedora/flask-app:test
...

Replace [Source Directory] in src_dir field in main.yml with your /path/to/src_dir of your current host.

Replace [Destination Directory] in dest_dir field in main.yml with your /path/to/dest_dir of your remote atomic host.

Now simply run $ ansible-playbook main.yml :).  To verify if the application is running issue this command $ curl http://localhost:5000 on your atomic/remote host.

You can also manage your containers running on remote host using Cockpit. Check this article to know how to use Cockpit to manage your containers: https://fedoramagazine.org/deploy-containers-atomic-host-ansible-cockpit

fotoflexer_photo

screenshot-from-2016-10-21-18-52-45

Here is the repository of the above example:  https://github.com/trishnaguha/fedora-cloud-ansible/tree/master/examples/flask-helloworld

My future post will be related to ansible-container where I will describe how we can build Docker image and orchestrate container without writing any Dockerfile :).

What is if __name__ == ‘__main__’ ?

 

Module is simply Python file that has .py extension. Module can contain variables, functions, classes that can be reused.

In order to use module we need to import the module using import command. Check the full list of built-in modules in Python here https://docs.python.org/3.6/library.

The first time a module is loaded in to running Python script, it is initialized by executing the code in the module once. To know various ways of importing modules visit here: https://docs.python.org/3.6/tutorial/modules.html

if __name__ == ‘__main__’:

We see if __name__ == ‘__main__’: quite often. Let’s see what this actually is.

__name__ is global variable in Python that exists in all namespaces. It is attribute of module. It is basically the name of the module as str (string) type.

Show Me Code:

Create a file named ‘mymath.py’ and type the following code and save it. We have defined a simple mathematical square method here.

screenshot-from-2016-09-30-12-51-33

Now create another file named ‘result.py’ in the same directory and type the following code and save it.

screenshot-from-2016-09-30-12-57-10

Now on terminal run the program with ‘python3 result.py’
fotoflexer_photo

Here we have defined a method in a module and using it in another file.

Now let’s look into if __name__ == ‘__main__’:

Open the ‘mymath.py’ file and edit it as given in following:

screenshot-from-2016-09-30-13-56-50

Leave ‘result.py’ unchanged.

Now on your terminal run ‘result.py’. 

fotoflexer_photo1

Here we have imported the module mymath. The variable __name__ is set to the name of the module that is imported.

Now on terminal run ‘mymath.py’

fotoflexer_photo3

We have run the file mymath.py as program itself. And you can see here the variable __name__ is set to the string “__main__”.
And we have checked if __name__ == “__main__” is True execute the following instructions which means if the file is run as standalone program itself execute the following instructions.

If you do  print(type(__name__)) in the program, you will see it returns ‘str’ (string) type.

Happy Coding!

Run commands on Fedora Atomic host from Remote host using Ansible

This post will show how to run commands on your atomic host from remote.

I am using Fedora Atomic host. Boot up your atomic instance. Make your you have Ansible installed on your control host.

The user of fedora instance is “fedora” by default and there is no password authentication. So first we will need to create password on the atomic for user “fedora”.

For that type the following command. It will ask for new password.

$ passwd

Now we will need to change PasswordAuthentication to YES . Open /etc/ssh/sshd_config on atomic host and change PasswordAuthentication to YES. Now The atomic host is all set :).

Go to your Remote host/Control host. I am using Fedora Workstation.

Now we need to generate ssh key on our control host.

Type the following command. This will create ssh key(private and public) on your host. The default location is of public key is ~/.ssh/id_rsa.pub.

$ ssh-keygen

It is time to add the ssh key to the Atomic host.
Type the following command. This will add your ssh public key to .ssh/authorized_keys on atomic host.

$ ssh-copy-id username@IPofAtomicHost

Now we will create inventory and config file for Ansible.

$ mkdir test && cd test
$ touch inventory
$ touch ansible.cfg

Inside the inventory file add the following:

[atomic]
IP-of-Atomic-Host

Inside the ansible.cfg file add the following:

[default]
inventory=inventory

Now let’s ping the atomic host :).

$ ansible atomic -i inventory -m ping

If the above returns Success we will try to run command on atomic host from our remote host :).
Type the following to run command on your atomic host.

$ ansible atomic -i inventory -m command -a "sudo atomic host upgrade"

 

NOTE: If you have you atomic instance running on Openstack make sure to add icmp to the security groups of the instance.

fotoflexer_photo1

fotoflexer_photo

Run Apache on Fedora Atomic Host

This post describes how to run Apache on Atomic host. I am using Fedora atomic host.

Boot up an atomic instance (Fedora preferred).

To test the Apache container, just run

atomic run docker.io/fedora/apache

Make sure you are using

sudo

After the container has started successfully, Now do

curl http://localhost:80

This will display

Apache

Now If you want to build your own image copy the source https://github.com/fedora-cloud/Fedora-Dockerfiles/tree/master/apache down to your host. 

Then Edit the Dockerfile and make your changes.

Now Build the image:

# docker build --rm -t /httpd .

After the build is successful, Run the container:

# docker run -d -p 80:80 /httpd #To assign port 80 of your host that maps to port 80 on the container
# docker run -d -p 80 /httpd #To assign random port that maps to port 80 on the container

If you do curl http://localhost you will see the required output.

Screenshot from 2016-09-06 10-55-07

Screenshot from 2016-09-06 10-58-21

IRC Client: Irssi On Atomic Host

If you are a terminal geek you will always want to do things using terminal ;). And when it comes to Atomic host, YES you will have to do stuffs using terminal.

If you don’t know about Atomic, you must visit http://www.projectatomic.io 🙂

This post will describe how to setup and use IRC client on Atomic host. This will be applicable for any Cloud host also.

Irssi is a terminal based IRC client for Unix/Linux systems. And the best part is we will not need to setup things manually because we have containers :).

Let’s Get Stared:

I am using Fedora Atomic host here. Get Fedora atomic host from herehttps://getfedora.org/en/cloud/download/atomic.html

Make Sure you have Docker installed.

Copy the Dockerfile from here: https://github.com/trishnaguha/Fedora-Dockerfiles/blob/irssi/irssi/Dockerfile

Now run docker build -t username/irssi .This will build image.

There after you just need to run the container 🙂  docker run -it username/irssi.

Later on sometime you will be able to do the whole set up only docker run -it fedora/irssi once Fedora adds Irssi to its Docker hub :).

After you start the container you will see something like this:

Screenshot from 2016-08-19 14-12-05

Let’s join a channel

Screenshot from 2016-08-19 14-14-16

You will find the Irssi Commands here: Irssi Commands.

Getting Started with Atomic Commands

Project Atomic is a framework to create OS from RHEL, CentOS, Fedora and the aim of Project Atomic is to create better OS for containers.

Why Atomic?

  • For running containers we don’t need full fledged distribution.
  • Less number of packages to maintain

rpm-ostree is a software management tool that combines the features of both traditional RPMs and OSTree. we can be way more confident on updating system if we know that we can have reliable rollback even after updating system. It provides clear transaction for updates. Since the whole process is atomic there is almost no chance o half way update of the system hence less chance of breaking system.

The atomic command defines the entrypoint for Project Atomic hosts.

On Atomic hosts there are two software delivery vehicles:

  • rpm-ostree for managing deployment and updates of host system.
  • Docker to provide containers running services and applications.

RPM-OSTree makes the file-system immutable i.e, read only except var and etc. Docker uses /var/lib/docker where all the docker related files, images are stored. /etc has all the configuration files.

Atomic Command: Let’s get Started!

We will first need to have an atomic host running.

  • atomic host upgrade will upgrade to a newer version.
  • atomic host rollback will rollback to the previous version.
  • atomic host status displays the status of the atomic host installed.
  • atomic run <name> allows an image provider how a container image expects to be run.
  • atomic install <name> installs a container on atomic host with systemd unit file to run it as service.
  • atomic uninstall <name> uninstalls the container from atomic host.
  • atomic info <name> displays LABEL information of the image.
  • atomic images lists the container images on your Atomic host.

When we ship an application you need to run an install script. Using Atomic tool management system we can embed install and uninstall script within our application itself. In the Dockerfile of our application we need to have LABEL INSTALL that points to the docker command for the application with executable install script. When we execute atomic install it will specifically run LABEL INSTALL command from the Dockerfile to install the application on atomic host.
Same way to uninstall an application we need to run atomic uninstall that will specifically run LABEL UNINSTALL from Dockerfile which specifically points to the uninstall script for the application.

For further reading regarding Install and Uninstall: http://www.projectatomic.io/docs/usr-bin-atomic

Atomic Command Cheat Sheet is now available.

BeFunky Collage

Further Reading:

 

Fedora Women Day 2016

CnZe3pLUAAAwGrm (1)

Fedora Women Day is celebrated to raise awareness and bring Fedora women contributors together. This is a great time to network with other women in Fedora and talk about their contributions and work in Fedora Project.

The event was held at Netaji Subhash Engineering College (NSEC) in Kolkata, India on 15th July, 2016.

Fedora Women Day was also celebrated in Pune, India and Tirana, Albania. https://fedoraproject.org/wiki/Fedora_Women_Day_2016#Local_Events

The event started at 10:30 AM. Women started coming in and it was pretty nice crowd.

The event started with my talk. It was my first talk so I was really excited.

I talked about Fedora Women Day and the purpose. Then I started talking about the work I do in Fedora Project. Most of the part of my talk was regarding Fedora Infrastructure and Fedora Cloud.

Since my most of the contributions lie in Bodhi(Fedora Infrastructure) and Tunirtests(Fedora Cloud) so I specifically gave some insight on these projects. I explained the architecture of Bodhi and Tunirtests and how one can start contributing those specific projects.

I also shared my story on how I started contributing to Fedora Project.

Here is the slide of my talk: trishnaguha.github.io/trishnagslides-what-i-do-in-fedora-how-can-you-get-involved.html

After few hours of my talk I had to leave early for some urgent work. You will find the full event report here: Event Report.

I received Fedora stickers, F24 workstation DVD and Fedora T-shirt, but not sure I can put the T-shirt on, it seems so large :(.

Jpeg

A Moment to Cherish

It was June when I was interviewed by opensource.com for my Opensource (FOSS) journey and Summer training in Dgplug.

https://opensource.com/life/16/6/how-community-taught-me-code

Heartfelt Thanks to my family, mentors and friends I have come across so far!

Definitely a moment that I would love to cherish for lifelong :).

Contributions:  https://github.com/trishnaguha  https://pagure.io/user/trishnag