Obese Provisioning – Antipattern

One antipattern I'm seeing with increasing frequency is that of obese (or fat, or bloated) system provisioning. It seems as common in people that are just getting used to having an automated provisioning system and are enthusiastic about its power as it is in longer term users who have added layer on layer of cruft to their host builder.

The basic problem is that of adding too much work and intelligence to the actual provisioning stage. Large postrun sections or after_install command blocks should be a warning sign and point to tasks that may well be better off inside a system like Puppet or Chef. It's a seductive problem because it's an easy way to add additional functionality to a host, especially when it allows you to avoid thinking about applying or modifying a general role; even more so if it's one that's already in use on other hosts. Adding a single line in a kickstart or preseed file is quicker, requires no long term thinking and is immediately available.

Unfortunately by going down this path you end up with a lot of one-off host modifications, nearly common additional behaviour and a difficult to refactor build process. A tight coupling between these two stages can make trivial tasks unwieldy and in some cases force work to be made to remove or modify the change for day to day operation after the build has completed.

A good provisioning system should do the bare minimum required to get a machine built. It should be lean, do as little as possible and prepare the host to run its configuration management system. Everything else should be managed from inside that.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!

PuppetCamp Europe 2010

To me puppet has always been a major evolutionary step up on the sysadmin tool chain. I consider it important enough to be ranked alongside version control systems and virtualisation as one of those mental leaps that leads to better management and enables more flexible solutions than you could offer before understanding it.

While I'm quite a long term member of the puppet community I'm no where near as active as I should be, but even I couldn't miss the chance to attend PuppetCamp Europe, and I'm glad I didn't! I finally got to meet some of Europes most prolific puppet module releasers in person, discovered that Brice is every bit as nice and as scarily smart in person as he is on-list and that the new PuppetLabs people are a very impressive bunch. Even I've still not had the chance to buy James some of those beers he's racked up over the years on the list.

Puppet may be an open source project but a very high proportion of its development and community support has always come from Puppet Labs, so it's critical to both the product and the users that their staff be as good with the community as they are with the code base, and having met half-a-dozen of them I can honestly say it feels like the project is in safe hands. Jeff gave an excellent talk on using Puppet in environments with strict compliance rules, Markus had a razor sharp grasp of what people were really asking (and gave the answer to what they wanted, not just what they asked) and Luke made the event for many of us, he very patiently gave a lot of advice and information not just about the now but also about the historical whys and theoretical hows.

I had an excellent time (Ghent itself is a lovely place to visit for a couple of days) so I'd like to thank Patrick for organising the event, Luke and Puppet labs for Puppet itself and the participants for making PuppetCamp Europe 2010 such an educational and enjoyable experience.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!

Hardening Apache – Short Review

I've had Hardening Apache sitting on my shelves for over five years (Sep 2004 or so Amazon tells me). While I can remember dipping in to it for the Apache chroot chapter it never seemed to progress to the top of the pile, and now I'm cleaning out a lot of my old books I decided to finally give it a chance.

The book is very well written, covers a good range of subjects from building apache from source to adding extra security modules and checking its running state. Those are all good points and if I'd read the book when it came out I'd give it a very decent score, unfortunately I waited to read it.

This is a book that hasn't aged well. The version numbers of apache mentioned, the last update times of the modules (and how many of them have fallen in to the pit of being unmaintained) and the general style of the shell scripts all just come across as very dated and prevent me from recommending this book

Well written but ravaged by time - where's the second edition?

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!

Hardening Apache – Short Review

I've had Hardening Apache sitting on my shelves for over five years (Sep 2004 or so Amazon tells me). While I can remember dipping in to it for the Apache chroot chapter it never seemed to progress to the top of the pile, and now I'm cleaning out a lot of my old books I decided to finally give it a chance.

The book is very well written, covers a good range of subjects from building apache from source to adding extra security modules and checking its running state. Those are all good points and if I'd read the book when it came out I'd give it a very decent score, unfortunately I waited to read it.

This is a book that hasn't aged well. The version numbers of apache mentioned, the last update times of the modules (and how many of them have fallen in to the pit of being unmaintained) and the general style of the shell scripts all just come across as very dated and prevent me from recommending this book

Well written but ravaged by time - where's the second edition?

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!

Pigz – Shortening backup times with parallel gzip

While searching for a completely different piece of software I stumbled on to the pigz application, a parallel implementation of gzip for modern multi-processor, multi-core machines. As some of our backups have a gzip step to conserve some space I decided to see if pigz could be useful in speeding them up.

Using remarkably unscientific means (I just wanted to know if it's worth further investigation) I ran a couple of sample compression runs. The machine is a quad core Dell server, the files are three copies of the same 899M SQL dump and the machine is lightly loaded (and mostly in disk IO).


#######################################
# Timings for two normal gzip runs
dwilson@pigztester:~/pgzip/pigz-2.1.6$ time gzip 1 2 3

real    2m43.429s
user    2m39.446s
sys     0m3.988s

real    2m43.403s
user    2m39.582s
sys     0m3.808s

#######################################
# Timings for three pigz runs

dwilson@pigztester:~/pgzip/pigz-2.1.6$ time ./pigz 1 2 3

real    0m46.504s
user    2m56.015s
sys     0m4.116s

real    0m46.976s
user    2m55.983s
sys     0m4.292s

real    0m47.402s
user    2m55.695s
sys     0m4.256s

Quite an impressive speed up considering all I did was run a slightly different command. The post compression sizes are pretty much the same (258M when compressed by gzip and 257M with pigz) and you can gunzip a pigz'd file, and get back a file with the same md5sum.

# before compression
-rw-r--r-- 1 dwilson dwilson 899M 2010-04-06 22:12 1

# post gzip compress
-rw-r--r-- 1 dwilson dwilson 258M 2010-04-06 22:12 1.gz

# post pigz compress
-rw-r--r-- 1 dwilson dwilson 257M 2010-04-06 22:12 1.gzs

I'll need to do some more testing, and compare the systems performance to a normal run while the compression is happening, before I trust it in production but the speed ups look appealing and, as it's Mark Adler code, it looks like it might be an easy win in some of our scripts.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!

HTTP Server Headers via Cucumber

One of my little side projects is moving an old, configured in little steps over a long period of time, website from apache 1.3 to a much more sensible apache 2.2 server. I've been thinking about how to get the most out of the testing I need to do for the move and so today I decided to do some yak shaving and write some simple regression tests, play with Cucumber Nagios, rspec matchers and write a little ruby.

It's not exactly polished but after half an hour (mostly spent wrangling with has_key / have_key) I ended up with the following simplified example for testing HTTP headers:


Feature: http://www.unixdaemon.net/ response headers
 
  Scenario: Server header should be production quality
    When I fetch http://www.unixdaemon.net/
    Then the "Server" header should be "Apache"
 
  Scenario: Response header should contain an Etag
    When I fetch http://www.unixdaemon.net/
    Then the response should contain the "Etag" header
 
  Scenario: The Content-Type header should contain text/html
    When I fetch http://www.unixdaemon.net/
    Then the "Content-Type" header should contain "text/html"
 
  Scenario: The Content-Type header should not contain text/xml
    When I fetch http://www.unixdaemon.net/
    Then the "Content-Type" header should not contain "text/xml"

You can also find the cucumber-nagios steps for testing HTTP headers online. It's only a first step towards the full web server move safety net but it's useful one that'll stay in my toolkit.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!

HTML & CSS – The Good Parts – Short Review

I'm guessing that if you're reading this then you've seen my very basic website at some point. I learned some HTML and CSS back when Netscape 4 and HTML 3.2 roamed the earth and while some of my very front end gifted co-workers have bought bits of my knowledge up to date I still don't understand how to properly lay out a CSS only multicolumn page without cheating.

I'm not sure if it's because i had vague expectations on what this book would cover or just if I'm not the target market for HTML & CSS The Good Parts but I've read the thing from cover to cover and nothing really stands out to me. All the right words are spoken, content vs style separation is good etc. but none of it feels new to me, the material is not explained in any new way that really gets the message across where other methods have failed and I very nearly gave up on the book half a dozen times. It's not a bad or horribly written book but it's also not one I could pick three best bits out of.

Make sure you have a skim through before you buy. Score 3/10

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!

Ada Lovelace Day – 2010

So today is Ada Lovelace day and we're supposed to "celebrate the achievements of women in technology and science." I don't know many women in science but I do know a few in technology and one in particular seems to go from back breaking task to another with politeness and grace I wish I could muster.

So for my 2010 Lovelace day (and because she'll need all the happy thoughts she can get now she's president of the Perl Foundation) I'm naming Karen Pauley. A long standing member of the perl community who's been involved in getting things done for more years than many people realise. Listing all her achievements would take a LOT of screen space (and annoy the hell out of her) but, to name three, her TPF work, YAPC::EU organisation and involvement in more related FOSS communities than you can shake a stick at are no small matter.

Speaking as someone who's seen her speak over half-a-dozen times, it's easy to see that Karen has a gift when it comes to presenting. Whether it's about technology, business or community its rare to hear her speak and not come out feeling both smarter and entertained, a combination we'd all love to be able to perform.

I've been lucky enough to chat with Karen outside of conferences and I've always come away from our email conversations with a smile and often with an idea of two, it's hard not to when you're speaking with someone who's both intelligent and a remarkable communicator. Karen is an exceptional person who we're lucky to have in the perl world, and I'm very fortunate to be able to call a friend.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!

Giving Cloud Computing An Edge – LOSUG March 2010

The LOSUG seems to be the user group with the least cross over of attendees that I go to. It seems to be a three part mix - Sun engineers going along to meet co-workers and get the external eye on to what's happening in different parts of the project, Unix people with dozens of years of experience who want something technical and interesting that matters on the server and people that don't listen to the speaker and then ask questions that, quite frankly, they should be embarrassed over. It's hard to stress how much I've always enjoyed the talks at LOSUG but some of the questions are just... insane.

Right, now I've got that of my chest - and I'll probably get lynched for it in the future - back to the March presentation by Alasdair Lumsden. I'm not going in to details about it as you can read the Giving Cloud Computing An Edge slides yourself now. It was an interesting talk and provided a nice counterbalance to similar talks I've heard in the past about Xen and UML hosting.

What made this LOSUG different to all the others though is that things are changing. Sun's always been very supportive of LOSUG (and always willing to put their hand in their pockets for food, drink and speakers) and now that Sun is owned by Oracle the group will be less driven by the core organisers. You can find more details (and less of me putting words in peoples mouths) at The Future of LOSUG but I wanted to take this chance to both encourage people to come along and show Oracle that the group's important and to say thank you to Joy Marshall, James MacFarlane and Stuart Smith - who have month in and month out organised an excellent event with speakers you couldn't see anywhere else.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!

Network Ninja – Short Review

I'd never even heard of this book until Bob used its name in the same sentence as the excellent "Cisco Routers for the Desperate". However while that book is about hands on practical Cisco advice Network Ninja is all about the theory - from IP addressing to routing protocols.

While no one's ever going to confuse 200 easy to read pages with the Stevens books this slender volume is an excellent refresher for the experienced admin who doesn't do too much to the network on a day-to-day basis or for the less experienced admin who wants to know some of the why instead of just the command lines.

An enjoyable and opinionated book that covers a lot of ground in a low page count. Only let down by some bad editing - 7/10

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!