Wed, 15 May 2013
Facter 1.7+ and External facts
While Puppet may get all the glory, Facter,
the hard working information gathering library that can, seldom gets much
exciting new functionality. However with the release of Facter 1.7
Puppetlabs have standardised and included a couple of useful facter
enhancements that make it easier than ever to add custom facts to your
puppet runs.
These two improvements come under the banner of 'External Facts'. The first
allows you to surface your own facts from a static file, either
plain text key value pairs or a specific YAML / JSON format. These static
files should be placed under /etc/facter/facts.d
$ sudo mkdir -p /etc/facter/facts.d
# note - the .txt file extension
$ echo 'external_fact=yes' | sudo tee /etc/facter/facts.d/external_test.txt
external_fact=worked
$ facter external_fact
worked
At its simplest this is a way to surface basic, static, details from system provisioning and other similar large events but it's also an easy way to include details from other daemon and cronjobs. One of my first use cases for this was to create 'last_backup_time' and 'last_backup_status' facts that are written at the conclusion of my backup cronjob. Having the values inserted from out of band is a much nicer prospect that writing a custom fact that parses the cron logs.
If that's a little too static for you then the second usage might be what you're looking for. Any executable scripts dropped in the same directory that produce the same output formats as allowed above will be executed by facter when it's invoked.
# scripts must be executable!
$ sudo chmod a+rx /etc/facter/facts.d/process_count
$ cat /etc/facter/facts.d/process_count
#!/bin/bash
count=$(ps -efwww | wc -l | tr -s ' ')
echo "process_count=$count"
$ facter process_count
209
The ability to run scripts that provide facts and values makes customisation easier in situations where ruby isn't the best language for the job. It's also a nice way to reuse existing tools or for including information from further afield - such as the current binary log in use by MySQL or Postgres or the hosts current state in the load balancer.
While there have been third party extensions that provided this functionality for a while it's great to see these enhancements get included in core facter.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2013/05/15 20:46 | /tools/puppet | Permanent link to this entry | This entry and same date
Sat, 27 Apr 2013
Deprecation Warnings From Puppet Resources
Over time parts of your puppet manifests will become unneeded. You might
move a cronjob or a users in to a package or no longer need a service to be
enabled after a given release. I've recently had this use case and had two
options - either rely on comments in the Puppet code and write an out of
band tool to scan the code base and present a report or add them to the
puppet resources themselves. I chose the latter.
Below you'll find a simple metaparameter (a parameter that works with any resource type) that adds this feature to puppet. As this is an early prototype I've hacked it directly in to my local puppet fork. Below you'll see a sample resource that declares a deprecation date and message, the code that implements it and a simple command line test you can run to confirm it works.
# sample puppet resource using :deprecation
file { '/ec/cron.d/remove_foos':
ensure => 'file',
source => 'puppet:///modules/foo/foo.cron',
deprecation => '20130425:Release 6 removes the need for the foo cronjob',
}
$ sudo vi puppet-3.1.1/lib/puppet/type.rb
newmetaparam(:deprecation) do
desc "
Add a deprecation warning to resources.
file { '/etc/foo':
content => 'Bar',
deprecation => '20130425:We no longer need the foo'
}
The deprecation comes in two parts, separated by a :
The date is in format YYYYMMDD and the message is a free form string.
"
munge do |deprecation|
date, message = deprecation.split(':')
# YYY MM DD - one true timestamp
now = Time.now.strftime('%Y%m%d')
if (now >= date)
rsrc = "#{@resource.type.capitalize}[#{@resource.name}]"
Puppet.warning "#{rsrc} expired on #{date}: #{message}"
end
end
end
# command line test
$ puppet apply -e 'file { "/tmp/dep": content => "foo\n", deprecation =>
"20120425:We can remove this file after release 4" }'
Warning: File[/tmp/dep] expired on 20120425: We can remove this file after release 4
Notice: Finished catalog run in 0.06 seconds
Using the metaparameter is easy enough, just specify 'deprecation' as a property on a resource and provide a string that contains the date to start flagging the deprecation on (in YYYYMMDD format) and the message puppet should show. I don't currently fail the run on an expired resource but this is an option.
The are some other aspects of this to consider - Richard Clamp raised the idea of having a native type that could indicate this for an entire class (I'd rather use a function, but only because they are much easier to write) and Trevor Vaughan suggested a Puppet face that could present a report of the expired, and soon to be expired, code.
I don't know how widely useful this is but it made a nice change to write some puppet code. The small size of the example will hopefully show how easy it is to extend nearly every part of puppet - including more 'complicated' aspects like metaparameters. Although not the relationship ones, those are horrible ;) I've submitted the idea to the upstream development list so we'll see what happens.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2013/04/27 11:53 | /tools/puppet | Permanent link to this entry | This entry and same date
Mon, 25 Mar 2013
Cisco Routers for the Desperate (2nd edition) - Short Review
Reviewing the second edition of
Cisco Routers for the Desperate
was quite hard for me as I have very little to add to the
Cisco Routers for the Desperate 1st edition review
I posted a few years ago. After reading through this update pretty much all those
comments still stand. It's an excellent, useful, well written book and
the author still has a -distinct- written tone.
I enjoyed the book; I must have considering I bought the second edition! The material has been updated where needed and it's still lacking a section on ACLs so I'll stick to my score of 8/10 for people purchasing this book for the first time and look forward to another refresh in a couple of years time. If you already own the first edition then your choice is a little harder - this book is still an excellent stepping on point for the cost but don't expect much beyond a refresh on the same content.
Disclaimer: Part of my previous review is quoted in the marketing blurb at the front of the book. I did however pay for this book myself.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2013/03/25 16:25 | /books | Permanent link to this entry | This entry and same date
Sat, 16 Feb 2013
FOSDEM 2013
Well, that's another FOSDEM over
with. In general this year seemed the same as the last couple of years
but slightly bigger than usual (although it seems that way every year).
The (newish) K building was in full swing with dozens of project stalls
and dev rooms. The usual suspects - virtualisation / cloud,
configuration management and MySQL rooms had nearly as many people
trying to get in to the rooms as they did sitting down.
I think some of the main dev rooms have reached the level of popularity that forces you to either arrive early, get a seat and not move for the rest of the day or accept a very high level of probability that you won't get to see the talks you want. I know a few of us had trouble cherry picking sessions across tracks - which obviously means we have excellent taste in topics. I wonder if having the same talks on both days would make it easier to move around as a visitor - you'd attempt to catch it the first time and if that fails, come back tomorrow. I realise however that this puts even more of a burden on speakers that graciously give their own time in both the preparation and performing of their talks. It does seem that scaling the rooms is the problem of the day once again.
I'd like to say a big thank you to all the organisers, speakers and other attendees for making it another enjoyable couple of days. See you next year.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2013/02/16 13:39 | /events | Permanent link to this entry | This entry and same date
Mon, 11 Feb 2013
Puppet Camp - Ghent 2013
It's been a while since I've attended a Puppet Camp but considering the
quality of the last one (organised by Patrick Debois) and the fact it was
being held in the lovely city of Ghent again I thought it'd be a wise
investment to scrape together the time off.
The quality of the talks seemed quite high and considering the number of newer users present the content level was well pitched. A couple of deeper talks for the more experienced members would have been nice but we mostly made our own in the open sessions. Facter, writing MCollective plugins, off-line and bulk catalogue compilation and the murky corners of our production puppets all came under discussion - in some cases quite fruitfully.
The wireless was a point of annoyance and amusement (depending on the person and the time of day). We had 20 users for an audience of ten times that - the attitudes covered the gamut from "I only need to check my mail once a day" to "I have my own tethering" and all the way to "This is my brute force script I run in a loop". You can tell when most of us lost our access based on the twitter hash tag.
I was a little surprised at the number of Puppet Camps there will be this year - 27 was the number mentioned. I think a lot of the more experienced members of the community value the camps and confs as a chance to catch up with each other and the PuppetLabs people and I'd hate to see us sticking to our own local camps and losing the cross pollination of ideas, plans and pains.
You can also view the Puppet Camp slides for a number of the sessions.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2013/02/11 13:11 | /tools/puppet | Permanent link to this entry | This entry and same date
Sun, 10 Feb 2013
Resilience and Reliability on AWS - book review
With a title like Resilience and
Reliability on AWS I
had quite high expectations for this slim book. Unfortunately, they were
not met.
The first four chapters provide brief introductions to AWS and some of its more popular services. While these were fine I'd point people looking for this level of information at the Amazon Webservice Advent 2012 instead. Following this are a handful of more cookbook like chapters that each present a small amount of theory and advice about how to run a given applications on AWS - interspaced with multiple pages of python code. The chapters don't go in to enough details to bring much value to their subjects and the code detracts from the narrative without bringing much technical insight. I was particularly irked at the commented out sections - if you're going to publish a lot of code in a small book then at least be conscious that each line should bring something to the table.
It feels like this book should have been a series of blog posts rather than a printed book. Very disappointing and not recommended. Programming Amazon EC2 Programming Amazon EC2 by the same authors is much better.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2013/02/10 16:23 | /books | Permanent link to this entry | This entry and same date
Sun, 27 Jan 2013
Prettier Puppet with Pocco
Back in October Nan Liu announced
"pocco - a puppet manifest documentation experiment" as a way of
generating much nicer looking documentation for puppet classes (you can see
an example and reducing the amount of boilerplate needed
to document your classes.
After some issues with the ruby libraries it depends on, I ran it over a couple of my smaller manifests and I have to say the output is very readable and quite presentable. If you write manifests for other peoples use then this is well worth a look.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2013/01/27 11:10 | /tools/puppet | Permanent link to this entry | This entry and same date
Upcoming Tech events - Q1 2013
For sysadmins and devopsy type people the next couple of months are full
of chances to meet and learn from your European peers -
We start off with the return of PuppetCamp to its home in Gent. Puppetcamps are a great, informal way to see how other people are using Puppet and put names to faces. A number of the more active European community members will be present and Ghent is a lovely city so it's worth a couple of days out of the office - and then of course you can stay for ...
the 800 pound gorilla of Free and Open conferences - FOSDEM 2013. It's hard to describe how much happens at FOSDEM, both in terms of material presented and project planning. 473 lectures (including the Configuration Systems Management devroom) and over 5000 people make this one a pleasure.
This year also marks the first DevopsDays London. Love or hate the name, the ideas discussed at the previous devopsdays have had a massive impact on our industries patterns and practises (and of course twitter and Hacker News) and the arrival of PuppetCamp London. Details on this one are a little thin at the moment but considering the number of puppet users in the city it'll be interesting to see who submits talks.
If after all this you still have any Euros or Holiday time left then I can recommend Linux Open Administration Days 2013 in April. LOAD is a hidden gem of a sysadmin conference with a great informal feel, excellent talks and a audience of very passionate people.
It's a great time to learn, get involved and meet your peers - I'm aiming to be at most of the above conferences and it'll be nice to see some of you there too.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2013/01/27 10:46 | /events | Permanent link to this entry | This entry and same date
Sat, 12 Jan 2013
AWS Advent Calendar 2012
While most of us spend our December hunting for those last minute gifts,
treats and surprise presents, a small number of techies manage to find
the time to write a themed set of articles on certain technical topics
that are combined in to an advent calendar. While I'm a little ashamed
to say I've not yet read the
2012 SysAdvent posts I did have a chance to look at the
inaugural, and quite excellent
Amazon Webservice Advent 2012
Each post is well written, concise, mostly practical (there are a couple of more high level overview entries but most are immediately applicable) and serves as a perfect jumping on point for someone new to the service being discussed. Even though I normally skim each of the AWS announcements looking for new, useful tools, I still found the explanations and examples to go that little bit further and add to the topic. I even sent a couple of the pages around to co-workers so the could get a head start on certain services.
One of my favourite posts was the primer on Cloudformation. While it's a technology so ugly only a maven user could love it, you can see the potential (and we have a similar itch that needs scratching in our private cloud at $WORK). It also reminded me of a DSL invented by Ken Barber in a Puppet / OpenNebula presenation (warning: PDF) on slides 46 - 51).
Brandon Burton has created a great little resource that I hope returns again next year.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2013/01/12 00:08 | /cloud | Permanent link to this entry | This entry and same date
Thu, 10 Jan 2013
Puppet Types and Providers - Short Review
Over the years I've realised that tools I can extend always return the
effort taken to learn them many times over. While a number of us have
worked through the source code of existing Puppet types and providers and
the handful of official wiki pages and unofficial blog posts the release of
Puppet Types and Providers means
that the rest of you won't have to - this book brings most of the power
with far, far less of the pain and uncertainty.
The book itself is a short one. Its contents are focused, well chosen examples and explanations that you'll actually be able to find and read when you need them rather than multiple pages covering every part of API trivia. This book may not cover every nook and cranny but I'd have no problem recommending it to co-workers who want to know the how and why of writing their own types and feeling safe that they'd be able to hit the ground running.
There are a couple of things that I'd liked to have seen covered, such as writing tests for your new types and providers, types with composite namevars and maybe an appendix on how to interrogate your puppet catalog (considering how well the short appendix on the ruby debugger comes across I think the authors would have nailed it) but these are things that can be covered in the second edition - or a larger book that covers all the puppet extension points (hint hint O'Reilly). I do think that this book will be one that stays within reach whenever you're doing Puppet work and will be useful for much more than the initial few readthroughs.
A useful, clearly written, book that saves a lot of source code diving and manually compiling information from many disparate online sources. Currently the best place to learn about how puppet types and providers work and how to create your own. 7/10
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2013/01/10 21:34 | /books | Permanent link to this entry | This entry and same date
Building and Testing with Gradle - Short Review
When I picked up this very slim tome I knew nearly nothing
about Gradle. Over the hundred odd well written pages of Building and Testing
with Gradle I learned enough to understand the basic how, when and whys
of the tool.
The book itself covered basic Gradle usage, how it compares to existing tools like maven, how to use ant and your existing ant task toolbox from within it and a basic look at how to write a custom task and integrate your own testing. From a beginners perspective the code samples and explanations made sense (although from these snippets I find Groovy an ugly language) and were mostly small and focused enough to read on a busy train.
The ideal readers are people who are very unfamiliar with this tool and who are looking for a working introduction to the how and why that they can absorb in a single quick sitting. I don't think the book would have much value once you move beyond this level of understanding and are able to put the online docs in to context but for my need it was fine.
Clear, well written and covered the essentials but probably a one off read. 7/10.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2013/01/10 21:15 | /books | Permanent link to this entry | This entry and same date
Tue, 05 Jul 2011
Introduction To DSAC
A while ago @ripienaar and I had a chat
in a pub about monitoring, event systems and lots of related subjects. As
we all know he's way more productive than is fair and so while he's been
doing a BUNDLE of work with on subjects like monitoring frameworks and event correlation
I've been doing some thinking (and no actual coding) about event
auditing, continuous compliance and security event management.
Now I've finished the $TIMESINK_PROJECT I'm soon going to actually need some of this stuff so I've started putting together a prototype framework that I'm calling DSAC - Dump Send and Correlate. The code is in a very early stage at the moment but is dealing with a small number of agents on a test network of a couple of hundred nodes. I'm going to start documenting the sections as it becomes ready for more public consumption but I thought I'd show my architectural plans for version 0.1.
The architecture is quite simple at the moment. Every node runs the "consumer and dispatch" stack which generates events, currently all events are made from cron invoked agents. A separate process, also cron invoked (for now) then runs through the spool and invokes all the dispatchers that have registered an interest in the output of that agent. Simple dispatcher examples are an AMQ pusher or a MySQL loader.
At the other end of the process, and quite symmetrically, we have the consumer stack. This reads from the nice big fuzzy cloud of transient data loss and spools files for later processing. We then have another process pick the files up and run them through a number of processors.
I've got working prototypes of a simple bulk archiver and some debugging aids but I can also envision some more useful real time dashboards. The last stage at the moment are the simple reports. I'm currently focusing on the easier reports that will help me show changes to an auditor, package updates, service status changes and user logins but this step will hopefully expand to encompass a lot of our rote compliance needs.
Once I've tidied up the code (and picked up some more ruby!) I'll start putting the bits I work on in my spare time on github.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2011/07/05 17:45 | /tools | Permanent link to this entry | This entry and same date
Mon, 20 Jun 2011
Simple Puppet module grepper (prototype)
<tl;dr> Search for puppet resources values using puppet, not just
plain text</tl;dr>
One of the ideas that has been sitting on my todo list is having a command that lets me grep a puppet manifest for certain properties, values or even just resources in a smarter way than just running a raw grep over files. While a simple grep works in some cases it is annoyingly fragile when you're trying to ignore literal strings in resource types that you're not interested in or narrow your search down to resources that have a property that can also appear in other types.
# Show all file resources with a mode of 644
$ pm-grep -t file -p mode -v 644 files.pp
# Show all host resources with an alias of any value
$ pm-grep -t host -p host_aliases hosts.pp
# Check a number of pp files at once
$ find /etc/puppet/modules/ -name "*.pp" | xargs -n 1 pm-grep -t file -p mode
pm-grep (puppet manifest grep) isn't anywhere near finished but it does work on simple manifests. It yet doesn't handle corner cases, global parameter defaults and a number of other more advanced techniques but it does fulfil some of my needs and has given me some more to mull over for version 2.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2011/06/20 23:36 | /tools/puppet | Permanent link to this entry | This entry and same date
Thu, 16 Jun 2011
Smarter Service Status in Puppet
While most people know you can use puppet to
ensure a service is running
the mechanism it uses to determine if a service is actually running is often unexplored.
By default (at least up to Puppet 2.6) puppet assumes that a service doesn't supply a working status option and so will look up the services name in the process table to check if it's running. If your service does support the status argument you can set 'hasstatus => true' and the platforms service provider will be used to interrogate the services current status.
While most services only report a simple status of running or not running puppet, when you've specified 'hasstatus => true' puppet will consult a second property, if it's present, - status - which is where things get a little more interesting and extendable.
# puppet manifest
service { "httpd":
ensure => "running",
hasstatus => true,
status => "/usr/local/bin/puppet-status-http-check",
}
# puppet-status-http-check - example check
#!/usr/bin/perl
use strict;
use warnings;
my @checks = (
"/usr/lib/nagios/plugins/check_procs -C httpd",
"/usr/lib/nagios/plugins/check_http -I 127.0.0.1",
"/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -u /about",
"/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -u / -s udlab",
);
for my $check ( @checks ) {
$check .= " 2>&1 > /dev/null"; # suppress output
system( $check ) == 0 or exit 1;
}
# when running under debug you'll see a line like:
debug: Service[httpd](provider=redhat): Executing '/usr/local/bin/puppet-status-http-check'
By specifying our own command in the status property we can do more complex, and domain specific, status checks. For example we don't so much care that apache is running as that it's serving our chosen vhosts correctly. You can use any command as the right hand side of status and puppet will treat a return code of 0 as confirmation that the service is running and anything else as a failure; which will trigger an attempt to restart the service in our example.
One possibility is to tie this in to nrpe-runner with a carefully chosen command name pattern to reap all the benefits of your already defined nagios checks.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2011/06/16 16:22 | /tools/puppet | Permanent link to this entry | This entry and same date
Sun, 22 May 2011
VMware vSphere 4.1 HA and DRS deepdive - Short Review
It's been years since I've read a book on VMWare. Between the maturity and
ease of use of their GUI tools and my own continual move towards Free
virtualisation I've not had the professional need or the spare time to
invest but when a book comes as highly recommended as the
VMware
vSphere 4.1 HA and DRS Technical deepdive does you have to make some
room on your (virtual) bookshelf.
Despite its small page count this book covers its subject material in a simple, direct and technically clear way. There is very little fluff and while you could find some of the details buried in VMWare KB articles or white papers its presence here in such a well combined and cohesive form more than justifies the books frankly tiny price tag (at least in the kindle store).
I came away from this book with enough of an understanding of the technologies covered to see where they'd fit, the issues we'd need to monitor for and some of the edge cases that would bite us in deployment. And that's a good return for the small investment of time reading this book takes.
The only downside of the book is that it could really do with another editorial pass or two. While this doesn't alter the quality of the technical content it does make the reading experience a little jarring.
If you want to get in to vSphere HA / DRS then this is a recommended read. Score - 7/10
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2011/05/22 08:49 | /books | Permanent link to this entry | This entry and same date
Sat, 14 May 2011
Wrapping MCollective with Nagios
I've been doing a little tinkering with pre/post release checklists and
compliance reporting using cucumber and some Nagios wrapping (among
other things) in my test lab and recently needed to do some higher level
entire environment checks before moving on to the next step. While it's
possible to wrap something like nmaps ping check and then Nagios each
target it does feel like stepping back a few years in the tool
chain.
Luckily I'm running MCollective, so all this synchronous discovery and polling is in my past. After a little bit of delving in to the existing package and service clients I've come up with a prototype environment wide MCollective backed service check and an MCollective backed package check.
I'm not sure if I'd be willing to replace existing low level checks (for things like cron and ssh processes) with this just yet but it does show how easy it is to wrap MCollective with third party code in order reap its benefits from further down the tool chain. With a little scaffolding hopefully it'll be useful in validating individual policies in security policies and guidelines. But more about that later.
Phase two is probably to pull the scripts together (and just use another parameter to select the resource to check) and to be green or red based on percentage. As an example, requiring 40% of the web servers to be returning 200 before starting the next batch of host upgrades.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2011/05/14 16:55 | /tools | Permanent link to this entry | This entry and same date
ep.io and VMWare at London Devops - May 2011
I never thought I'd use a cliche like "David vs Goliath" but considering
the two speakers at London Devops it does seem a little apt. Andrew
Godwin from ep.io, a Python hosting
platform, was the first speaker, and he did an excellent job of
explaining their internal platform, how they make their decisions and
what makes them special. While it was both an interesting and engaging
talk it did leave me a little worried about the size of the
operation.
While small companies are great to deal with in the right situations they can also be a risk due to their low survival odds, questionable ability to grow alongside you and inability to throw resources at an awkward but urgent problem. On the other hand they can provide better levels of support, knowledge and assistance if you can find a good one and treat them more as partners than vendors, and I suspect that ep.io is going to be one of the good ones.
Then we had the VMWare talk. Until a couple of years ago, when budgets shrank again and Xen and KVM began to rise, I was a big fan and a happy user of VMWare products both on server and desktop. While I've not kept up with all the product details it's hard not to have heard of CloudFoundry.
The two speakers, one from RabbitMQ and one from SpringSource (both now part of the VMWare org chart) had very different speaking styles, the speaker from RabbitMQ had a keen wit and kept the tone light with lots of amusing comments like "VMWare is about 9000 staff, about 8000 of them write device drivers" and while the man from SpringSource spent the whole time complaining about how slow his laptop was. At one point the audience nearly had a whip-round to cover the cost of a couple of GB of RAM for him. As for the content it left me a little adrift. I came out of the talk without knowing much more than I went in with. Although I always have to smile when I hear people from SpringSource describe their product line, Spring Tomcat, Spring AMQ, Spring ls and Spring Bash (I might have made the last two up) so it wasn't a complete waste.
Obviously there will be comparisons made between the talk platforms being discussed and one of the most interesting aspects of the evening for me was how well ep.io came out of the deal. They've got an architecture every bit as well thought out as that of VMWares, they're already looking at the next set of problems that both platforms are going to experience and they came across as remarkable professional for such a small team.
CloudFoundry on the other hand will probably have a bigger effect on my working life. VMWare is often quite an easy sell due to its track record and feature set and I can see more companies talking parts of CloudFoundry on board than I can see them hosting with ep.io. So it's one to spend a little time investigating. The fact that it's open source will just make the whole process easier.
The talks were very well attended with 70-80 people in the audience and once again we should say thank you to the Guardian for providing the venue and Gareth for organising it.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2011/05/14 11:56 | /events | Permanent link to this entry | This entry and same date
Tue, 19 Apr 2011
Linux Open Administration Days 2011
Last year at one of the many Belgium tech events Kris mentioned a conference
called LOAD (2010) to me. I was a little
late in booking the hotel and in the end I couldn't make it over - and
judging by the quality of this years event that was a big mistake.
While it's nice to spend time in the devops world and talk about communication, processes and how to merge development and operational tool-chains sometimes it's nice to focus on solid, production grade sysadmining; and LOAD was the perfect conference for it. Over two days, two tracks of talks and one of tutorials, a selection of top notch speakers covered kerberos, LDAP, packaging (Debs and RPMs), storage systems, single sign on, advanced networking, virtualisation, security, HA and monitoring. Some of the talks presented were perfectly timed (DNSSEC and IPv6 from a working admins perspective), some were very solid updates on technologies we sometimes take for granted (PKI, LDAP, SSO and HA clustering) and some covered more vertical admin niches (inventory systems, Exchange replacements and small business servers).
The conference felt like a large local LUG meeting. The people were friendly, the sessions and speakers encouraged the audiences involvement both in and outside of the talks and even when the event was over everyone seemed happy to stay and chat about what they'd seen or further discuss subjects with the speakers (although I suspect the free food and drink didn't hurt in keeping the conference going after hours!)
The LOAD organisers did a marvellous job of finding so many talented speakers and promoting home grown talent. I'd only seen maybe a dozen of the people speak before and the amount of preparation each and every speaker had obviously invested made being in the audience a pleasure. No one was "quipping" about the fact they'd only just written their slides or started to prepare and a number of the speakers tailored their talks based on the other sessions to help reduce duplication and present their own take on certain subjects - and their talks, and the conference, were enhanced by it.
This post may seem a little gushing but this was the best sysadmin conference I've been to for years. I've come back with information that's going to help me do my job better and it's going to be one of the first conferences I book next year.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2011/04/19 15:29 | /events | Permanent link to this entry | This entry and same date
HBGary Open Letter - Air Gap
Our source code has always been air gapped from the Internet. The forensic
examination confirmed that software development servers and workstations
were not affected by the incident -- from HBGary
Anyone else find it hard to accept that none of the developers, testers, documentation writers or build people ever accessed source code from their Internet connected laptops / workstations? Especially considering the state of their other security measures.
Don't get me wrong, in some cases it's a sensible solution ( off-line key signing for example) but for entire teams working on a shared code base?
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2011/04/19 13:33 | /security | Permanent link to this entry | This entry and same date
Tue, 22 Mar 2011
Listing Puppet Managed Files
Sometimes it's the little niggles that annoy people the most. As my team
progress in to puppet they have an annoying habit of asking very good
questions; which can sometimes be a struggle to answer. Todays best
question was - "How do I tell if this file is under puppets
control?"
While there are a couple of different ways to check (grepping through your git checkout or modifying the file and running puppet were the immediate winners) the best way is probably to look inside the catalog and check against the title of the File resources it contains. While this gets you most of the way the problem is a little harder than it looks because of an edge case. If puppet is managing an entire directory then the files in that directory are not explicitly listed in the catalog.
So we need to look in two places, the catalog and state.yaml. Remembering the greps (and the line transformations needed) requires more mental space than I'm willing to invest so I've written puppet-ls to do all the work for me.
$ puppet-ls /etc/mcollective
/etc/mcollective/facts.yaml
/etc/mcollective/server.cfg
Run the command, specify the directory to check and any shown files are puppet managed. It's not a ground breaking script but it can help people migrating to puppet as they bring more of their systems under its control.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2011/03/22 22:54 | /tools/puppet | Permanent link to this entry | This entry and same date
Copyright © 2000-2010 Dean Wilson
