Understanding OpenShift Security Context Constraints

OpenShift gives its administrators the ability to manage a set of security context constraints (SCCs) for limiting and securing their cluster. Security context constraints allow administrators to control permissions for pods using the CLI.

SCCs allow an administrator to control the following:

  1. Running of privileged containers.
  2. Capabilities a container can request to be added.
  3. Use of host directories as volumes.
  4. The SELinux context of the container.
  5. The user ID.
  6. The use of host namespaces and networking.
  7. Allocating an ‘FSGroup’ that owns the pod’s volumes
  8. Configuring allowable supplemental groups
  9. Requiring the use of a read only root file system
  10. Controlling the usage of volume types
  11. Configuring allowable seccomp profiles

Continue reading “Understanding OpenShift Security Context Constraints”

shadowman solo from external web 265x200

Red Hat Software Collections 2.3 now beta

Today, Red Hat announced the beta availability of Red Hat Software Collections 2.3, Red Hat’s newest installment of open source web development tools, dynamic languages, and databases. Delivered on a separate lifecycle from Red Hat Enterprise Linux with a more frequent release cadence, Red Hat Software Collections bridges developer agility and production stability by helping to accelerate the creation of modern applications that can then be more confidently deployed into production.

New additions to Red Hat Software Collections 2.3 Beta include:

Continue reading “Red Hat Software Collections 2.3 now beta”

gnu logo

New Red Hat Developer Toolset 6 now in beta

Today, Red Hat announced the beta availability of Red Hat Developer Toolset 6.0 Beta. Accessible through the Red Hat Developer Program and related Red Hat Enterprise Linux subscriptions, including the no-cost Red Hat Enterprise Linux Developer subscription, Red Hat Developer Toolset enables developers to compile applications once and deploy across multiple versions of Red Hat Enterprise Linux.

Updated components within Red Hat Developer Toolset 6.0 Beta include versions of:

Continue reading “New Red Hat Developer Toolset 6 now in beta”

Red Hat JBoss Developer Studio on MacOS X- an alternative setup

The  recommended steps for setting up the Red Hat JBoss Developer Studio (JBDS), on all supported platforms, are found here. The instructions are pretty straight-forward and it is enough to get started right away – as long as you have a suitable java SDK installed on your machine.

However, if I go along that path, I would later have to deal with the Java SDK updates to go along with the compatibility of the existing tools. Eventually, I may end up having to install multiple versions of the Java SDK.

This led me to look for other alternatives. I thought to myself, the Linux’y way to go would be to run the JBDS as a container and have it display on my Desktop. I figured that I already have the tools for such task: XQuartz as an X11 server, socat to relay the display ports, and my Red Hat Enterprise Linux (RHEL) virtual machine. Yey!

The following are the steps on how I got all these to work together.

Continue reading “Red Hat JBoss Developer Studio on MacOS X- an alternative setup”


That app you love, part 8: A blueprint for “that app you love”

Welcome to the eighth installment of That App You Love, a blog series in which I show you how to you can make almost any app into a first-class cloud citizen. If you want to start from the beginning, jump back and check out Part 1: Making a Connection. You’ll need the docker service and the oc utility to follow along in this post; for instructions check out Part 5: Upping Our (Cloud) Game.

In Part 7 we learned how to expose container-level environment variables up at the cloud level, and we also got our first taste of Templates and Deployments. Crafting a Template for our ZNC container image that defines those environment variables – and the rules for setting them – is a major step in improving the app’s reusability and basic security. But forget about ZNC because we’re really talking about That App You Love, and what it takes to make it rock the cloud!

Continue reading “That app you love, part 8: A blueprint for “that app you love””

Integrating Red Hat OpenStack 9 Cinder Service With Multiple External Red Hat Ceph Storage Clusters

This post describes how to manually integrate Red Hat OpenStack 9 (RHOSP9) Cinder service with multiple pre-existing external Red Hat Ceph Storage 2 (RHCS2) clusters. The final configuration goals are to have Cinder configuration with multiple storage backends and support for creating volumes in either backend.

This post will not cover the initial deployment of OpenStack Cinder or the Ceph clusters.

Continue reading “Integrating Red Hat OpenStack 9 Cinder Service With Multiple External Red Hat Ceph Storage Clusters”