You are here

Planet Ubuntu

Subscribe to Feed Planet Ubuntu
Planet Ubuntu - http://planet.ubuntu.com/
Përditësimi: 1 ditë 17 orë më parë

Ubucon Europe 2019: Ubucon talks schedule is live!

Mër, 18/09/2019 - 5:48md

It is now 3 weeks before Ubucon starts, and what better way to remind everyone that we are ready to go by showing our full schedule!

Don’t forget to register to our pre-ubucon cultural events if you want to know a little bit more of Sintra, and don’t forget as well to register for the event if you would like to receive some swag!

All of this would not be possible without the support of our sponsors and the participation of volunteers and speakers for which we are very grateful.

You can view the full schedule here!

Some small schedule changes might occur during the next few days as we are trying to add a few more speakers to our line-up.

More news will come up during the next few days as we align the events and more surprises, stay tuned!

Ubuntu Blog: Announcing the new IBM LinuxONE III with Ubuntu

Mër, 18/09/2019 - 5:21md

This is a guest blog by Kara Todd, Director, Linux, IBM Z and LinuxONE

Enterprises today need the most secure, and flexible system to support their initiatives, and for that system to grow and evolve for tomorrow. The latest LinuxONE system was designed to support mission-critical initiatives and allow enterprises to be innovative as they design and scale their environment. LinuxONE III provides features for advanced data protection and privacy, enterprise resiliency and scalability, and cloud enablement and integration. 

Reliability and continuity are critical to the success of any business. With this release, they’ll benefit from up to 10:1 consolidation for key workloads, and up to 190 cores and 40TB of memory. And with 99.999%* availability and up to 7.4x better resilience, enterprises can confidently run and scale their business-critical workloads. The new LinuxONE III provides the highest levels of availability and scalability, so business-critical workloads run flawlessly, recover quickly, and grow seamlessly.

With LinuxONE III enterprises can seamlessly integrate across the stack with hybrid multi-cloud platforms and workloads. And they can now use up to four 19” racks to scale environments using a smaller footprint, providing for ease and economy of growth. This enterprise platform also supports containers with Kubernetes to allow you to build, deploy, manage and scale containerised applications with ease. 

We continue to provide client choice when it comes to Linux distributions with the LinuxONE III. This generation of hardware supports all Ubuntu LTS releases for IBM Z and LinuxONE that are currently in service, including Ubuntu 18.04 LTS. For those wanting to make use of the latest features, Ubuntu 19.04 is also available. 

By selecting the most popular Linux OS, enterprises benefit from a regular release cadence, upstream releases and a portfolio of tools to manage their multi-cloud deployments including Juju, MAAS and Charmed Kubernetes. Ubuntu Advantage for Infrastructure will provide the assurance needed for ongoing enterprise-level support.

LinuxONE III provides advanced security on-prem and in the hybrid cloud using Data Privacy Passports, Secure Boot for Linux, Fiber Channel Endpoint Security, Hyper Protect Crypto Services, and Secure Service Container. Not only does this release provide a high level of security, the features operate at greater efficiency than ever before. For example, an OpenSSL benchmark used 50% fewer cores and up to 5.6x more throughput on a LinuxONE III LPAR when compared to the x86 platform. LinuxONE also supports Blockchain, which continues to mature as new and innovative use cases, such as digital asset custody, emerge in the market. These future-proof features provide peace of mind that your business and your customers’ data is protected. 

The LinuxONE platform was already the most secure platform for data serving and with the new LinuxONE system, we add the ability to protect data as it moves across your hybrid multi-cloud through a technology we are calling Data Privacy Passports

Enterprises can forge ahead with their mission-critical initiatives and create an innovative environment knowing that your system of choice, LinuxONE III, is one step ahead with the tools and capabilities to protect your business and help you achieve your business goals.

To find out more, visit partners.ubuntu.com or the IBM website.

*ITIC (Information Technology Intelligence Consulting), March 28th, 2019 blog

Ubuntu Blog: Kubernetes 1.16 available from Canonical

Mër, 18/09/2019 - 4:49md

Canonical announces full enterprise support for Kubernetes 1.16, with support covering Charmed Kubernetes, MicroK8s and kubeadm.

MicroK8s will be updated with Kubernetes 1.16 enabling users access to the latest upstream release with a single-line command in under 60 seconds. In addition, MicroK8s gets new add-ons with one line installs of Helm and Cilium as well as enhancements, upgrades and bug fixes. Cilium adds enhanced networking features including Kubernetes Network Policy support. With MicroK8s 1.16, users can develop and deploy enterprise grade Kubernetes on any Linux desktop, server or VM across 42 Linux distros.

Canonical’s Charmed Kubernetes 1.16 will come with exciting changes like support for Kata Containers, AWS IAM, SSL passthrough and more. Using Kata Containers, insecure or untrusted pods can be run safely in isolation without disrupting trusted pods in deployments. Identity Access Management on AWS can be used to login to your Charmed Kubernetes cluster. Users get more control over their deployments while benefitting from reduced complexity due to improved LXD support and enhanced Prometheus and OpenStack integration. 

“At Canonical, we enable enterprises by reducing the complexity of their Kubernetes deployments. We are actively involved in the Kubernetes community to ensure we listen to, and support our users’ and partners’ needs. Staying on top of security flaws, community issues and features to improve Kubernetes is critical to us. We keep the Ubuntu ecosystem updated with the latest Kubernetes, as soon as it becomes available upstream,” commented Ammar Naqvi, Product Manager at Canonical.

What’s new: Charmed Kubernetes 1.16

Kata Containers support

Beginning with Charmed Kubernetes 1.16, the Kata Containers runtime can be used with containerd to safely run insecure or untrusted pods. When enabled, Kata provides hypervisor isolation for pods that request it, while trusted pods can continue to run on a shared kernel via runc.

AWS IAM support

Amazon AWS IAM authentication and authorization is now supported via a subordinate charm.

SSL passthrough support

A new configuration parameter was added to the kubernetes-worker charm to enable SSL passthrough. This allows TLS termination to happen on the workload. Refer to the upstream documentation for more information.

Improved LXD support

LXD containers used for hosting Kubernetes components require some specific profile settings. These profiles are now embedded in the charms themselves and applied when deployed, dramatically simplifying the process of installing Charmed Kubernetes on a single machine. See the Local install documentation for the updated instructions.

Improved Prometheus/Grafana integration

The setup and configuration of Prometheus and Grafana has been significantly streamlined with new relations to allow the charms to manage the scraper job and dashboards. This means that monitoring can now be added by specifying a single overlay when deploying Charmed Kubernetes. Refer to the updated documentation for more information.

Improved OpenStack integration

The OpenStack Integrator charm can now replace the Kube API Load Balancer by providing a native OpenStack load balancer (Octavia or Neutron) to provide HA load balancing for the Kubernetes control plane. Refer to the updated documentation for more information.

Docker Registry with Containerd

The Docker registry charm can now be related directly to the Containerd runtime charm. Refer to the documentation for instructions on how to deploy the charm.

Bug fixes and improvements

List of all fixes can be found here.


MicroK8s 1.16

Istio v1.2.2 and kiali

The Istio add-on packaged with MicroK8s is now upgraded to version 1.2.2 and now includes Kiali for observability and configuration of the service mesh within MicroK8s.

Cilium add-on

Cilium allows powerful pod-to-pod connectivity management and service load balancing between pods. You will be able to reach specific pods in your K8s cluster as well as define network security policies for connectivity

Helm add-on

The Helm package manager within MicroK8s allows you to manage, update, share and rollback Kubernetes applications.

Improvements in the inspection script

The MicroK8s inspection script now includes information on memory, disk, distribution, uptime, vm information. It checks for SELinux and docker installation and prints warnings. The script also stores kubernetes info about pv and pvc.

Knative upgraded to v0.7.1

RBAC rules for CoreDNS and storage add-ons

Enabling of aggregation layer and fix on metrics server RBAC rules


Other Notable Changes for 1.16

Support for IPv4/IPv6 dual-stack

IPv4/IPv6 dual-stack support and awareness for Kubernetes pods, nodes, and services. This adds IPv4/IPv6 dual stack functionality to Kubernetes clusters, which includes the following concepts: (1) Awareness of multiple IPv4/IPv6 address assignments per pod; and (2) Native IPv4-to-IPv4 in parallel with IPv6-to-IPv6 communications to, from, and within a cluster.

Improved Pod Overhead Accounting

Pod sandbox runtimes introduce a non-negligible overhead at the pod level which should be accounted for to improve scheduling, resource quota management, and constraining.

Node Topology Manager

This new component helps allocate resources for a pod based on requested resources. For instance, consider scenarios where aligning the available physical resources on a computer can improve performance dramatically. Fast virtualised network functions, where a user asks for a “fast network” and automatically gets all the various pieces coordinated (hugepages, cpusets, network device) co-located on a socket. Another example is accelerated neural network training, where a user asks for an accelerator device and some number of exclusive CPUs in order to get the best training performance, due to socket-alignment of the assigned CPUs and devices.

New Endpoint API

The goal of this new API is to support tens of thousands of backend endpoints in a single service on a cluster with thousands of nodes. In the current Endpoints API, any change to the number of pods results in a series of events that, at scale, puts undue strain on multiple parts of the system.

Pod Spreading across Failure Domains

This feature enables the Kubernetes scheduler to spread a group of pods across failure domains. The existing hard inter-pod anti-affinity does not allow more than one pod to exist in a failure domain. The new feature supports more than one pod in a failure domain.

Multiple Features for Windows

Kubeadm for Windows, Support CSI plugins in Windows, and RunAsUserName for Windows.

Kubernetes Metrics Overhaul

In order to have consistently named and high quality metrics, this effort aims to make working with metrics exposed by Kubernetes consistent with the rest of the ecosystem. Provide consistently named and high quality metrics in line with the rest of the Prometheus ecosystem. Consistent labeling in order to allow straightforward joins of metrics.

Kubernetes 1.16 Changes, by the numbers:

Security enhancements: Over 9 pull requests, closing 4 CVE’s and improving the Kubernetes security poster across escalating privileges, TLS between services, Cgroup and user improvements, and more.

Monitoring enhancements: Over 11 pull requests, with upgrades to monitoring components and including the addition of the Overhead field to the PodSpec and RuntimeClass types as part of the Pod Overhead accounting mentioned above.

Public cloud enhancements: Over 17 pull requests, primarily focusing on better networking and storage integration, with a majority of the PRs targeting Azure.

Kubeadm enhancements: Over 24 pull requests, ranging from bug fixes to new features, including support for IPv6 dual stack mode.

Scheduler enhancements: Over 25 scheduling related pull requests, including PRs for the new Pod Overhead features. Enhancements to pod priority and failure zone scheduling are also included

Robustness enhancements: Over 11 pull requests that increase general robustness, with several targeting resource leak scenarios.

Storage enhancements: Over 23 storage related pull requests, the majority are bug fixes, with some upgrades and enhancements.

Networking enhancements: A handful of changes, with the biggest changes for IPv4, IPv6 dual stack support.

API Server enhancements:  9 pull requests, with several targeting improvements in webhook constructs and startup and shutdown experience.

For more information, please see the upstream Kubernetes 1.16 release notes.

Get In Touch

If you’re interested in Kubernetes support, consulting, or training, please get in touch!

The Fridge: Ubuntu Weekly Newsletter Issue 596

Hën, 16/09/2019 - 10:46md

Welcome to the Ubuntu Weekly Newsletter, Issue 596 for the week of September 8 – 14, 2019. The full version of this issue is available here.

In this issue we cover:

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Chris Guiver
  • Wild Man
  • EoflaOE
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

Jono Bacon: Talking About Communities and ‘People Powered’ with Leo Laporte

Dje, 15/09/2019 - 5:00md

I have always had a bit of a soft spot for the TWiT team and more specifically Leo Laporte. Years ago I used to co-host FLOSS Weekly on their network and occasionally I pop over to the studio for a natter with Leo.

With ‘People Powered: How communities can supercharge your business, brand, and teams‘ coming out, I thought it would be fun to hop over there. Leo graciously agreed and we recorded an episode of their show, Triangulation.

As usual, it was a fun discussion and we got into a number of topics, including:

  • What are communities? Are social media networks communities?
  • Why do people form into communities?
  • What kind of technology should people use to set up a community?
  • How do prevent toxic communities?
  • Who the hell turned on that fire down there behind us?
  • How should companies handle criticism from a community? Should they censor it?
  • What kind of community should TWiT set up?

Click below to watch the show:

The post Talking About Communities and ‘People Powered’ with Leo Laporte appeared first on Jono Bacon.

Ubuntu Podcast from the UK LoCo: S12E23 – Wing Commander

Pre, 13/09/2019 - 4:00md

This week we’ve been playing Pillars of Eternity. We discuss boot speed improvements for Ubuntu 19.10, using LXD to map ports, NVIDIA Prime Renderer switching, changes in the Yaru theme and the Librem 5 shipping (perhaps). We also round up some events and some news from the tech world.

It’s Season 12 Episode 23 of the Ubuntu Podcast! Alan Pope and Mark Johnson are connected and speaking to your brain.

In this week’s show:

That’s all for this week! You can listen to the Ubuntu Podcast back catalogue on YouTube. If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Toot us or Comment on our Facebook page or comment on our sub-Reddit.

Ubuntu Blog: Hardware discovery and kernel auto-configuration in MAAS

Enj, 12/09/2019 - 6:07md

In this blog, we are going to explore how to leverage MAAS for hardware discovery and kernel auto-configuration using tags.

In many cases, certain pieces of hardware require extra kernel parameters to be set in order to make use of them. For example, when configuring GPU passthrough we will typically need to configure the GPU card with specific kernel parameters. To achieve this, we will rely on MAAS’ hardware discovery, Xpath expressions and machine tags.

Tags, XPath expressions and kernel parameters

Machine tags is a mechanism used in MAAS to easily identify machines. While tags can be manually assigned to machines, they can also be automatically assigned if those machines match a specific pattern – the XPath expression – which describes the location of an element or an attribute in an XML document.

When commissioning a machine, MAAS gathers the lshw output (in XML) which lists all the information about the attached hardware. When creating a tag, MAAS allows to provide the XPath definition. This definition is then matched to the gathered lshw information. If this matches, the tag will be applied to all of the commissioned machines.

Similarly, when creating a tag one can specify which kernel parameters to apply to the machine by assigning the tag. Combining the definition and the kernel options in the single tag creation will allow MAAS to automatically discover all machines that match the XPath expression and automatically apply the kernel parameters once this machine is deployed. The following demonstrates the base command to use.

$ maas <username> tags create \ definition=’<XPath expression>’ \ kernel_opts=’<Kernel parameters>’ A practical example

As a practical example, we want to configure GPU passthrough. For this, we want to create a tag that automatically matches all machines with Intel VT-d enabled and have a Tesla v100 PCIe 16GB GPU. We do so by using a definition similar to:

definition='//node[@id="cpu:0"]/capabilities/capability/@id = "vmx" and //node[@id="display"]/vendor[contains(.,"NVIDIA")] and //node[@id="display"]/description[contains(.,"3D")] and //node[@id="display"]/product[contains(.,"Tesla V100 PCIe 16GB")]'

But since we want this to be configured at deployment time, we want to set the kernel parameters to apply on a deployed machine:

kernel_opts="nomodeset modprobe.blacklist=nouveau,nvidiafb,snd_hda_intel nouveau.blacklist=1 nouveau.blacklist=1 nouveau.blacklist=1 video=vesafb:off,efifb:off intel_iommu=on rd.driver.pre=pci-stub rd.driver.pre=vfio-pci pci-stub.ids=10de:1db4 vfio-pci.ids=10de:1db4 vfio_iommu_type1.allow_unsafe_interrupts=1 vfio-pci.disable_vga=1"

These kernel parameters will:

  • Blacklist drivers and disable displays
  • Enable IOMMU 
  • Pre-load kernel modules
  • And reserve PCI ID (10de:1db4) for GPU Passthrough

As such, creating a tag that will auto-apply to all machines that match the hardware definition and apply kernel parameters at deployment time will look like this:

$ maas <username> tags create name=gpgpu-tesla-vi \ comment="Enable passthrough for Nvidia Tesla V series GPUs on Intel" \ definition=' //node[@id="cpu:0"]/capabilities/capability/@id = "vmx" and //node[@id="display"]/vendor[contains(.,"NVIDIA")] and //node[@id="display"]/description[contains(.,"3D")] and //node[@id="display"]/product[contains(.,"Tesla V100 PCIe 16GB")]' \ kernel_opts="console=tty0 console=ttyS0,115200n8r nomodeset modprobe.blacklist=nouveau,nvidiafb,snd_hda_intel nouveau.blacklist=1 nouveau.blacklist=1 nouveau.blacklist=1 video=vesafb:off,efifb:off intel_iommu=on rd.driver.pre=pci-stub rd.driver.pre=vfio-pci pci-stub.ids=10de:1db4 vfio-pci.ids=10de:1db4 vfio_iommu_type1.allow_unsafe_interrupts=1 vfio-pci.disable_vga=1"

Once this tag is created, every time a new machine is commissioned MAAS will automatically apply this tag if machines match the definition, allowing administrators to configure their homogeneous hardware at scale by simply defining a few set of tags.

For more information, please contact us or visit https://maas.io/docs/tags .

Kubuntu General News: Kubuntu Meets at Milan Akademy 2019

Enj, 12/09/2019 - 5:42md

A few Kubuntu Members (and Councillors!) met Thursday before KDE Akademy’s end. We discussed the coming release (will be 19.10) and the upcoming LTS (20.10) – which will be Plasma LTS *and* Qt LTS. This combination will make this LTS super-supported and stable.

We also discussed snaps and when Ubuntu possibly moves to “all snaps all the time” for applications at least. This may be in our future, so it is worth thinking and discussing.

Tobias Fischbach came by the BOF and told us about Limux which is based on Kubuntu. This has been the official computer distribution of Munich for the past few years. Now however, unless the Mayor changes (or changes his mind) the city is moving to Windows again, which will be unfortunate for the City.

Slightly off-topic but relevent is that KDE neon will be moving to 20.04 base soon after release, but they will not stay on the Plasma LTS or Qt LTS. So users who want the very latest in KDE Plasma and applications will continue to have the option of using Neon, while our users, who expect more testing and stability can choose between the LTS for the ultimate in stability and our interim releases for newer Plasma and applications.

Of course we continue to ask for those of our users who want to help the Kubuntu project to volunteer, especially to test. We’ll soon need testers for the upcoming Eoan, which will become 19.10. Drop into the development IRC channel: #kubuntu-devel on freenode, or subscribe to the Kubuntu Development list: https://lists.ubuntu.com/mailman/listinfo/kubuntu-devel

Jono Bacon: Jeff Atwood on Discourse, Stack Overflow, and Building Online Community Platforms

Enj, 12/09/2019 - 6:31pd

Building collaborative online platforms is hard. To make a platform that is truly compelling, and rewards the right kind of behavior and teamwork, requires a careful balance of effective design, workflow, and understanding the psychology of how people work together.

Jeff Atwood has an enormous amount of experience doing precisely this. Not only was he the co-founder of Stack Overflow (and later Stack Exchange), but he is also the founder of Discourse, an enormously popular Open Source platform for online discussions.

In this episode of Conversations With Bacon we get into the evolution of online communities, how they have grown, and Jeff’s approach to the design and structure of the systems he has worked on. We delve into Slack vs. forums (and where they are most appropriately used), how Discourse has designed a platform where capabilities are earned, different cultural approaches to communication, and much more.

There is so much insight in this discussion from Jeff, and it is well worth a listen.

Oh, and by the way, Jeff endorsed my new book ‘People Powered: How communities can supercharge your business, brand, and teams’. Be sure to check it out!

Listen
       

Watch

Click here subscribe to the show on YouTube

The post Jeff Atwood on Discourse, Stack Overflow, and Building Online Community Platforms appeared first on Jono Bacon.