Shortly after I passed AWS CSA exam I went on a hunt for the next certification to claim. Decided to tackle the Openstack COA certification first saving the Docker/Kubernetes certification for a later occasion.

There is a common joke floating around: “Oh, is Openstack still a thing?" - yes, its pretty much still a thing, especially in the Telecom area where VMs are the only viable option for the most of the cases (think VNFs).
Openstack also powers our teams public SDN lab - NuageX - that allows to provision a fully functional Nuage environment in a matter of minutes. So I wanted to get a better operational knowledge of Openstack to be able to support and tune the platform if necessary.

Disclaimer: I took the recently updated COA exam which is based on the Openstack Pike release, although I did not face any Pike-specific questions during the exam. This does not mean that the exam content will stay the same throughout the course evolution, so watch out for the updates.

On May 11th I passed the AWS Certified Solution Architect Associate exam which was harder then I expected. In this memo I will outline how I prepared to this exam, what topics you better pay more attention to and some tips and hints I could give to anyone going for AWS CSA exam.

Disclaimer: I took the original AWS CSA exam, not the one that was launched in Feb 2018; this older version is only available to schedule till August 2018. After that date the newer version of this exam will be the only one available. Watch out, it has a new set of objectives.

Have you ever tried to upload thousands of small/medium files to the AWS S3? If you had, you might also noticed ridiculously slow upload speeds when the upload was triggered through the AWS Management Console. Recently I tried to upload 4k html files and was immediately discouraged by the progress reported by the AWS Console upload manager. It was something close to the 0.5% per 10s. Clearly, the choke point was the network (as usual, brothers!).

Comer here, Google, we need to find a better way to handle this kind of an upload.

Haters gonna hate YAML, thats for sure. I am on the other hand in love with YAML; when one have to manually write/append config files I find YAML easier than JSON (and you have comments too). Ansible, various static-site-generators and quite a lot of opensource tools use YAML syntax for the configuration purposes. But still, YAML syntax highlighting is not a part of the Common languages shipped with highlight.js compiled package.

Back in the days when I mostly did routing stuff I spent the whole day configuring SROS devices via SSH. And once in a while I saw that SSH session or its server part (or even underlying connection) glitched, resulting in a corrupted lines feeded to the device.

What was also quite common is to make a mistake (i.e. syntax one) in a single line and watch like the rest of config got applied to the wrong context.

These sad facts pushed me to create a rootifier CLI script, that was converting tree-like SROS config into flattented (aka rooted) fashion.

rootifier

Now I decided to make a web service of that script, that is publicly available at http://rootifier.netdevops.me/

Flask documentation is very clear on where is the place for its built-in WSGI application server:

While lightweight and easy to use, Flask’s built-in server is not suitable for production as it doesn’t scale well and by default serves only one request at a time.

So how about I share with you a Dockerfile that will enable your Flask application to run properly and ready for production-like deployments? As a bonus, I will share my findings discovered along the way of building this container image.

nginx-uwsgi-flaks-alpine-docker

Today I faced a task which required first to establish an SSH tunnel in a background process and later use this tunnel for SSH connection. What seemed like a child’s play first actually had some fun inside.

A problem were hidden right between the moment you spawned ssh process in the background and the next moment you tried to use this tunnel. In other words, it takes literally no time to spawn a process in the background, but without checking that tunnel is ready, you will quite likely receive an error, since your next instructions will be executed immediately after.

Consequently, I needed a way to ensure that the SSH service is ready before I try to consume it.

At work I always prefer KVM hosts for reasons such as flexible, free and GUI-less. Yet I never bothered to go deeper into the networking features of Libvirt, so I only connect VMs to the host networks via Linux Bridges or OvS. Far far away from fancy virtual libvirt networks.

Even with this simple networking approach I recently faced a tedious task of reconnecting VMs to different bridges on-the-fly.
My use case came from a need to connect a single traffic generator VM to the different access ports of virtual CPEs. Essentially this meant that I need to reconnect my traffic generator interfaces to different bridges back and forth:

Apparently there is no such virsh command that will allow you to change bridge attachments for networking devices, so a bit of bash-ing came just handy.

xrdp is defacto the default RDP server for Linux systems sharing with VNC the remote access solution olympus. I personally found it more resource friendly and feature rich compared to VNC solutions I tried. The only problem I found with xrdp is that current Ubuntu LTS release Xenial 16.04 has a way outdated 0.6.1-2 version of xrdp in the packages repo. This version has no shared clipboard support, which makes remote support/remote access a tedious task.

While Amazon Linux AMI has yum as a package manager, it is not that all compatible with any RHEL or CentOS distributive. A lot of changes that AWS team brought into this image made it a separate distro, so no eyebrows should be given when battle-tested procedure to install python3 will fail on Amazon Linux. (Yeah, python3 does not come included yet in Amazon Linux)