• Monitoring and Observability - Theo Schlossnagle
• Bits on the Wire - Mark Nottingham
• Using Amazon Web Services for MySQL at Scale - Laine Campbell
• Managing PostgreSQL with Ansible in EC2 - Jay Edwards

I attended Mark and Theos talks based on upon previous experience of them as presenters. They are both very practised speakers that leave you questioning how much of a topic you really know. For example I came out of Marks session with a list of draft TCP and DNS standards to read.

I spent the afternoon in more directly work focused talks. We're doing a lot of AWS projects at the moment and these two were immediately useful in terms of expanding my knowledge of AWS itself and how experienced DBAs work with it. Laine Campbells talk was the highlight of the day for me. She's an excellent and engaging speaker who a very useful slide deck and the experience to expand on the subject and answer the barrage of questions from the audience. Thanks to her presentation we're currently looking at using raw EC2 databases rather than RDS based on resilience and schema migration needs.

The day ended with the ignite sessions. Andrew Clay Shafer was an excellent and infectiously jubilant host and shepherded the short talks perfectly. As for content - Seth Vargo on OCD had the audience roaring with appreciation.

I enjoyed the day, learned quite a lot of directly work applicable details and was fortunate enough to spend some time with friends from pretty much all over the planet. Velocity is still enough of an 'event' that it attracts a very impressive audience and the hallway tracks were every bit as informative as the sessions.

Looking forward to the first full day of presentations.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!]]> Dean Wilson <dean.wilson@gmail.com> /events Wed, 19 Jun 2013 06:24:00 GMT velocity-santa-clara-2013-tutorials http://blog.unixdaemon.net/cgi-bin/blosxom.pl/tools/puppet/external-facter-facts.html Facter, the hard working information gathering library that can, seldom gets much exciting new functionality. However with the release of Facter 1.7 Puppetlabs have standardised and included a couple of useful facter enhancements that make it easier than ever to add custom facts to your puppet runs.

These two improvements come under the banner of 'External Facts'. The first allows you to surface your own facts from a static file, either plain text key value pairs or a specific YAML / JSON format. These static files should be placed under /etc/facter/facts.d

$ sudo mkdir -p /etc/facter/facts.d

# note - the .txt file extension
$ echo 'external_fact=yes' | sudo tee /etc/facter/facts.d/external_test.txt
external_fact=worked

$ facter external_fact
worked

At its simplest this is a way to surface basic, static, details from system provisioning and other similar large events but it's also an easy way to include details from other daemon and cronjobs. One of my first use cases for this was to create 'last_backup_time' and 'last_backup_status' facts that are written at the conclusion of my backup cronjob. Having the values inserted from out of band is a much nicer prospect that writing a custom fact that parses the cron logs.

If that's a little too static for you then the second usage might be what you're looking for. Any executable scripts dropped in the same directory that produce the same output formats as allowed above will be executed by facter when it's invoked.

# scripts must be executable!
$ sudo chmod a+rx /etc/facter/facts.d/process_count

$ cat /etc/facter/facts.d/process_count
#!/bin/bash

count=$(ps -efwww | wc -l | tr -s ' ')
echo "process_count=$count"

$ facter process_count
209

The ability to run scripts that provide facts and values makes customisation easier in situations where ruby isn't the best language for the job. It's also a nice way to reuse existing tools or for including information from further afield - such as the current binary log in use by MySQL or Postgres or the hosts current state in the load balancer.

While there have been third party extensions that provided this functionality for a while it's great to see these enhancements get included in core facter.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!]]> Dean Wilson <dean.wilson@gmail.com> /tools/puppet Wed, 15 May 2013 20:46:00 GMT external-facter-facts http://blog.unixdaemon.net/cgi-bin/blosxom.pl/tools/puppet/deprecation-warnings-from-puppet-resources.html

Below you'll find a simple metaparameter (a parameter that works with any resource type) that adds this feature to puppet. As this is an early prototype I've hacked it directly in to my local puppet fork. Below you'll see a sample resource that declares a deprecation date and message, the code that implements it and a simple command line test you can run to confirm it works.

# sample puppet resource using :deprecation

  file { '/ec/cron.d/remove_foos':
    ensure      => 'file',
    source      => 'puppet:///modules/foo/foo.cron',
    deprecation => '20130425:Release 6 removes the need for the foo cronjob',
  }


  $ sudo vi puppet-3.1.1/lib/puppet/type.rb

  newmetaparam(:deprecation) do
    desc "
      Add a deprecation warning to resources.

      file { '/etc/foo':
        content     => 'Bar',
        deprecation => '20130425:We no longer need the foo'
      }

      The deprecation comes in two parts, separated by a :
      The date is in format YYYYMMDD and the message is a free form string.
    "

      munge do |deprecation|
        date, message = deprecation.split(':')

        # YYY MM DD - one true timestamp
        now = Time.now.strftime('%Y%m%d')

        if (now >= date)
          rsrc = "#{@resource.type.capitalize}[#{@resource.name}]"

          Puppet.warning "#{rsrc} expired on #{date}: #{message}"
        end
      end
    end

# command line test


$ puppet apply -e 'file { "/tmp/dep": content => "foo\n", deprecation =>
"20120425:We can remove this file after release 4" }' 
Warning: File[/tmp/dep] expired on 20120425: We can remove this file after release 4
Notice: Finished catalog run in 0.06 seconds

Using the metaparameter is easy enough, just specify 'deprecation' as a property on a resource and provide a string that contains the date to start flagging the deprecation on (in YYYYMMDD format) and the message puppet should show. I don't currently fail the run on an expired resource but this is an option.

The are some other aspects of this to consider - Richard Clamp raised the idea of having a native type that could indicate this for an entire class (I'd rather use a function, but only because they are much easier to write) and Trevor Vaughan suggested a Puppet face that could present a report of the expired, and soon to be expired, code.

I don't know how widely useful this is but it made a nice change to write some puppet code. The small size of the example will hopefully show how easy it is to extend nearly every part of puppet - including more 'complicated' aspects like metaparameters. Although not the relationship ones, those are horrible ;) I've submitted the idea to the upstream development list so we'll see what happens.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!]]> Dean Wilson <dean.wilson@gmail.com> /tools/puppet Sat, 27 Apr 2013 11:53:00 GMT deprecation-warnings-from-puppet-resources http://blog.unixdaemon.net/cgi-bin/blosxom.pl/books/cisco-routers-for-the-desperate-2nd-edition-review.html Cisco Routers for the Desperate was quite hard for me as I have very little to add to the Cisco Routers for the Desperate 1st edition review I posted a few years ago. After reading through this update pretty much all those comments still stand. It's an excellent, useful, well written book and the author still has a -distinct- written tone.

I enjoyed the book; I must have considering I bought the second edition! The material has been updated where needed and it's still lacking a section on ACLs so I'll stick to my score of 8/10 for people purchasing this book for the first time and look forward to another refresh in a couple of years time. If you already own the first edition then your choice is a little harder - this book is still an excellent stepping on point for the cost but don't expect much beyond a refresh on the same content.

Disclaimer: Part of my previous review is quoted in the marketing blurb at the front of the book. I did however pay for this book myself.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!]]> Dean Wilson <dean.wilson@gmail.com> /books Mon, 25 Mar 2013 16:25:00 GMT cisco-routers-for-the-desperate-2nd-edition-review http://blog.unixdaemon.net/cgi-bin/blosxom.pl/events/fosdem-2013.html FOSDEM over with. In general this year seemed the same as the last couple of years but slightly bigger than usual (although it seems that way every year). The (newish) K building was in full swing with dozens of project stalls and dev rooms. The usual suspects - virtualisation / cloud, configuration management and MySQL rooms had nearly as many people trying to get in to the rooms as they did sitting down.

I think some of the main dev rooms have reached the level of popularity that forces you to either arrive early, get a seat and not move for the rest of the day or accept a very high level of probability that you won't get to see the talks you want. I know a few of us had trouble cherry picking sessions across tracks - which obviously means we have excellent taste in topics. I wonder if having the same talks on both days would make it easier to move around as a visitor - you'd attempt to catch it the first time and if that fails, come back tomorrow. I realise however that this puts even more of a burden on speakers that graciously give their own time in both the preparation and performing of their talks. It does seem that scaling the rooms is the problem of the day once again.

I'd like to say a big thank you to all the organisers, speakers and other attendees for making it another enjoyable couple of days. See you next year.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!]]> Dean Wilson <dean.wilson@gmail.com> /events Sat, 16 Feb 2013 13:39:00 GMT fosdem-2013 http://blog.unixdaemon.net/cgi-bin/blosxom.pl/tools/puppet/puppet-camp-ghent-2013.html Patrick Debois) and the fact it was being held in the lovely city of Ghent again I thought it'd be a wise investment to scrape together the time off.

The quality of the talks seemed quite high and considering the number of newer users present the content level was well pitched. A couple of deeper talks for the more experienced members would have been nice but we mostly made our own in the open sessions. Facter, writing MCollective plugins, off-line and bulk catalogue compilation and the murky corners of our production puppets all came under discussion - in some cases quite fruitfully.

The wireless was a point of annoyance and amusement (depending on the person and the time of day). We had 20 users for an audience of ten times that - the attitudes covered the gamut from "I only need to check my mail once a day" to "I have my own tethering" and all the way to "This is my brute force script I run in a loop". You can tell when most of us lost our access based on the twitter hash tag.

I was a little surprised at the number of Puppet Camps there will be this year - 27 was the number mentioned. I think a lot of the more experienced members of the community value the camps and confs as a chance to catch up with each other and the PuppetLabs people and I'd hate to see us sticking to our own local camps and losing the cross pollination of ideas, plans and pains.

You can also view the Puppet Camp slides for a number of the sessions.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!]]> Dean Wilson <dean.wilson@gmail.com> /tools/puppet Mon, 11 Feb 2013 13:11:00 GMT puppet-camp-ghent-2013 http://blog.unixdaemon.net/cgi-bin/blosxom.pl/books/resilience-and-reliability-on-aws-book-review.html Resilience and Reliability on AWS I had quite high expectations for this slim book. Unfortunately, they were not met.

The first four chapters provide brief introductions to AWS and some of its more popular services. While these were fine I'd point people looking for this level of information at the Amazon Webservice Advent 2012 instead. Following this are a handful of more cookbook like chapters that each present a small amount of theory and advice about how to run a given applications on AWS - interspaced with multiple pages of python code. The chapters don't go in to enough details to bring much value to their subjects and the code detracts from the narrative without bringing much technical insight. I was particularly irked at the commented out sections - if you're going to publish a lot of code in a small book then at least be conscious that each line should bring something to the table.

It feels like this book should have been a series of blog posts rather than a printed book. Very disappointing and not recommended. Programming Amazon EC2 Programming Amazon EC2 by the same authors is much better.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!]]> Dean Wilson <dean.wilson@gmail.com> /books Sun, 10 Feb 2013 16:23:00 GMT resilience-and-reliability-on-aws-book-review http://blog.unixdaemon.net/cgi-bin/blosxom.pl/tools/puppet/prettier-puppet-with-pocco.html "pocco - a puppet manifest documentation experiment" as a way of generating much nicer looking documentation for puppet classes (you can see an example and reducing the amount of boilerplate needed to document your classes.

After some issues with the ruby libraries it depends on, I ran it over a couple of my smaller manifests and I have to say the output is very readable and quite presentable. If you write manifests for other peoples use then this is well worth a look.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!]]> Dean Wilson <dean.wilson@gmail.com> /tools/puppet Sun, 27 Jan 2013 11:10:00 GMT prettier-puppet-with-pocco http://blog.unixdaemon.net/cgi-bin/blosxom.pl/events/tech-events-q1-2013.html

We start off with the return of PuppetCamp to its home in Gent. Puppetcamps are a great, informal way to see how other people are using Puppet and put names to faces. A number of the more active European community members will be present and Ghent is a lovely city so it's worth a couple of days out of the office - and then of course you can stay for ...

the 800 pound gorilla of Free and Open conferences - FOSDEM 2013. It's hard to describe how much happens at FOSDEM, both in terms of material presented and project planning. 473 lectures (including the Configuration Systems Management devroom) and over 5000 people make this one a pleasure.

This year also marks the first DevopsDays London. Love or hate the name, the ideas discussed at the previous devopsdays have had a massive impact on our industries patterns and practises (and of course twitter and Hacker News) and the arrival of PuppetCamp London. Details on this one are a little thin at the moment but considering the number of puppet users in the city it'll be interesting to see who submits talks.

If after all this you still have any Euros or Holiday time left then I can recommend Linux Open Administration Days 2013 in April. LOAD is a hidden gem of a sysadmin conference with a great informal feel, excellent talks and a audience of very passionate people.

It's a great time to learn, get involved and meet your peers - I'm aiming to be at most of the above conferences and it'll be nice to see some of you there too.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!]]> Dean Wilson <dean.wilson@gmail.com> /events Sun, 27 Jan 2013 10:46:00 GMT tech-events-q1-2013 http://blog.unixdaemon.net/cgi-bin/blosxom.pl/cloud/aws-advent-2012-rocks.html 2012 SysAdvent posts I did have a chance to look at the inaugural, and quite excellent Amazon Webservice Advent 2012

Each post is well written, concise, mostly practical (there are a couple of more high level overview entries but most are immediately applicable) and serves as a perfect jumping on point for someone new to the service being discussed. Even though I normally skim each of the AWS announcements looking for new, useful tools, I still found the explanations and examples to go that little bit further and add to the topic. I even sent a couple of the pages around to co-workers so the could get a head start on certain services.

One of my favourite posts was the primer on Cloudformation. While it's a technology so ugly only a maven user could love it, you can see the potential (and we have a similar itch that needs scratching in our private cloud at $WORK). It also reminded me of a DSL invented by Ken Barber in a Puppet / OpenNebula presenation (warning: PDF) on slides 46 - 51).

Brandon Burton has created a great little resource that I hope returns again next year.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!]]> Dean Wilson <dean.wilson@gmail.com> /cloud Sat, 12 Jan 2013 00:08:00 GMT aws-advent-2012-rocks http://blog.unixdaemon.net/cgi-bin/blosxom.pl/books/puppet-types-and-providers-short-review.html Puppet Types and Providers means that the rest of you won't have to - this book brings most of the power with far, far less of the pain and uncertainty.

The book itself is a short one. Its contents are focused, well chosen examples and explanations that you'll actually be able to find and read when you need them rather than multiple pages covering every part of API trivia. This book may not cover every nook and cranny but I'd have no problem recommending it to co-workers who want to know the how and why of writing their own types and feeling safe that they'd be able to hit the ground running.

There are a couple of things that I'd liked to have seen covered, such as writing tests for your new types and providers, types with composite namevars and maybe an appendix on how to interrogate your puppet catalog (considering how well the short appendix on the ruby debugger comes across I think the authors would have nailed it) but these are things that can be covered in the second edition - or a larger book that covers all the puppet extension points (hint hint O'Reilly). I do think that this book will be one that stays within reach whenever you're doing Puppet work and will be useful for much more than the initial few readthroughs.

A useful, clearly written, book that saves a lot of source code diving and manually compiling information from many disparate online sources. Currently the best place to learn about how puppet types and providers work and how to create your own. 7/10

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!]]> Dean Wilson <dean.wilson@gmail.com> /books Thu, 10 Jan 2013 21:34:00 GMT puppet-types-and-providers-short-review http://blog.unixdaemon.net/cgi-bin/blosxom.pl/books/building-and-testing-with-gradle-short-review.html very slim tome I knew nearly nothing about Gradle. Over the hundred odd well written pages of Building and Testing with Gradle I learned enough to understand the basic how, when and whys of the tool.

The book itself covered basic Gradle usage, how it compares to existing tools like maven, how to use ant and your existing ant task toolbox from within it and a basic look at how to write a custom task and integrate your own testing. From a beginners perspective the code samples and explanations made sense (although from these snippets I find Groovy an ugly language) and were mostly small and focused enough to read on a busy train.

The ideal readers are people who are very unfamiliar with this tool and who are looking for a working introduction to the how and why that they can absorb in a single quick sitting. I don't think the book would have much value once you move beyond this level of understanding and are able to put the online docs in to context but for my need it was fine.

Clear, well written and covered the essentials but probably a one off read. 7/10.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!]]> Dean Wilson <dean.wilson@gmail.com> /books Thu, 10 Jan 2013 21:15:00 GMT building-and-testing-with-gradle-short-review http://blog.unixdaemon.net/cgi-bin/blosxom.pl/tools/introduction-to-dsac.html @ripienaar and I had a chat in a pub about monitoring, event systems and lots of related subjects. As we all know he's way more productive than is fair and so while he's been doing a BUNDLE of work with on subjects like monitoring frameworks and event correlation I've been doing some thinking (and no actual coding) about event auditing, continuous compliance and security event management.

Now I've finished the $TIMESINK_PROJECT I'm soon going to actually need some of this stuff so I've started putting together a prototype framework that I'm calling DSAC - Dump Send and Correlate. The code is in a very early stage at the moment but is dealing with a small number of agents on a test network of a couple of hundred nodes. I'm going to start documenting the sections as it becomes ready for more public consumption but I thought I'd show my architectural plans for version 0.1.

The architecture is quite simple at the moment. Every node runs the "consumer and dispatch" stack which generates events, currently all events are made from cron invoked agents. A separate process, also cron invoked (for now) then runs through the spool and invokes all the dispatchers that have registered an interest in the output of that agent. Simple dispatcher examples are an AMQ pusher or a MySQL loader.

At the other end of the process, and quite symmetrically, we have the consumer stack. This reads from the nice big fuzzy cloud of transient data loss and spools files for later processing. We then have another process pick the files up and run them through a number of processors.

I've got working prototypes of a simple bulk archiver and some debugging aids but I can also envision some more useful real time dashboards. The last stage at the moment are the simple reports. I'm currently focusing on the easier reports that will help me show changes to an auditor, package updates, service status changes and user logins but this step will hopefully expand to encompass a lot of our rote compliance needs.

Once I've tidied up the code (and picked up some more ruby!) I'll start putting the bits I work on in my spare time on github.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!]]> Dean Wilson <dean.wilson@gmail.com> /tools Tue, 05 Jul 2011 17:45:00 GMT introduction-to-dsac http://blog.unixdaemon.net/cgi-bin/blosxom.pl/tools/puppet/simple-puppet-module-grepper-prototype.html

One of the ideas that has been sitting on my todo list is having a command that lets me grep a puppet manifest for certain properties, values or even just resources in a smarter way than just running a raw grep over files. While a simple grep works in some cases it is annoyingly fragile when you're trying to ignore literal strings in resource types that you're not interested in or narrow your search down to resources that have a property that can also appear in other types.

  # Show all file resources with a mode of 644
  $ pm-grep -t file -p mode -v 644 files.pp

  # Show all host resources with an alias of any value
  $ pm-grep -t host -p host_aliases hosts.pp

  # Check a number of pp files at once
  $ find /etc/puppet/modules/ -name "*.pp" | xargs -n 1 pm-grep -t file -p mode

pm-grep (puppet manifest grep) isn't anywhere near finished but it does work on simple manifests. It yet doesn't handle corner cases, global parameter defaults and a number of other more advanced techniques but it does fulfil some of my needs and has given me some more to mull over for version 2.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!]]> Dean Wilson <dean.wilson@gmail.com> /tools/puppet Mon, 20 Jun 2011 23:36:00 GMT simple-puppet-module-grepper-prototype http://blog.unixdaemon.net/cgi-bin/blosxom.pl/tools/puppet/smarter-service-status-in-puppet.html ensure a service is running the mechanism it uses to determine if a service is actually running is often unexplored.

By default (at least up to Puppet 2.6) puppet assumes that a service doesn't supply a working status option and so will look up the services name in the process table to check if it's running. If your service does support the status argument you can set 'hasstatus => true' and the platforms service provider will be used to interrogate the services current status.

While most services only report a simple status of running or not running puppet, when you've specified 'hasstatus => true' puppet will consult a second property, if it's present, - status - which is where things get a little more interesting and extendable.

  # puppet manifest
  service { "httpd":
      ensure    => "running",
      hasstatus => true,
      status    => "/usr/local/bin/puppet-status-http-check",
  }


  # puppet-status-http-check - example check

  #!/usr/bin/perl
  use strict;
  use warnings;

  my @checks = (
    "/usr/lib/nagios/plugins/check_procs -C httpd",
    "/usr/lib/nagios/plugins/check_http -I 127.0.0.1",
    "/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -u /about",
    "/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -u / -s udlab",
  );

  for my $check ( @checks ) {
    $check .= " 2>&1 > /dev/null"; # suppress output
    system( $check ) == 0 or exit 1;
  }

  # when running under debug you'll see a line like:
  debug: Service[httpd](provider=redhat): Executing '/usr/local/bin/puppet-status-http-check'

By specifying our own command in the status property we can do more complex, and domain specific, status checks. For example we don't so much care that apache is running as that it's serving our chosen vhosts correctly. You can use any command as the right hand side of status and puppet will treat a return code of 0 as confirmation that the service is running and anything else as a failure; which will trigger an attempt to restart the service in our example.

One possibility is to tie this in to nrpe-runner with a carefully chosen command name pattern to reap all the benefits of your already defined nagios checks.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!]]> Dean Wilson <dean.wilson@gmail.com> /tools/puppet Thu, 16 Jun 2011 16:22:00 GMT smarter-service-status-in-puppet http://blog.unixdaemon.net/cgi-bin/blosxom.pl/books/vmware-vsphere-hadrs-deep-dive-review.html VMware vSphere 4.1 HA and DRS Technical deepdive does you have to make some room on your (virtual) bookshelf.

Despite its small page count this book covers its subject material in a simple, direct and technically clear way. There is very little fluff and while you could find some of the details buried in VMWare KB articles or white papers its presence here in such a well combined and cohesive form more than justifies the books frankly tiny price tag (at least in the kindle store).

I came away from this book with enough of an understanding of the technologies covered to see where they'd fit, the issues we'd need to monitor for and some of the edge cases that would bite us in deployment. And that's a good return for the small investment of time reading this book takes.

The only downside of the book is that it could really do with another editorial pass or two. While this doesn't alter the quality of the technical content it does make the reading experience a little jarring.

If you want to get in to vSphere HA / DRS then this is a recommended read. Score - 7/10

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!]]> Dean Wilson <dean.wilson@gmail.com> /books Sun, 22 May 2011 08:49:00 GMT vmware-vsphere-hadrs-deep-dive-review http://blog.unixdaemon.net/cgi-bin/blosxom.pl/tools/wrapping-mcollective-for-nagios.html

Luckily I'm running MCollective, so all this synchronous discovery and polling is in my past. After a little bit of delving in to the existing package and service clients I've come up with a prototype environment wide MCollective backed service check and an MCollective backed package check.

I'm not sure if I'd be willing to replace existing low level checks (for things like cron and ssh processes) with this just yet but it does show how easy it is to wrap MCollective with third party code in order reap its benefits from further down the tool chain. With a little scaffolding hopefully it'll be useful in validating individual policies in security policies and guidelines. But more about that later.

Phase two is probably to pull the scripts together (and just use another parameter to select the resource to check) and to be green or red based on percentage. As an example, requiring 40% of the web servers to be returning 200 before starting the next batch of host upgrades.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!]]> Dean Wilson <dean.wilson@gmail.com> /tools Sat, 14 May 2011 16:55:00 GMT wrapping-mcollective-for-nagios http://blog.unixdaemon.net/cgi-bin/blosxom.pl/events/london-devops-may-2011.html ep.io, a Python hosting platform, was the first speaker, and he did an excellent job of explaining their internal platform, how they make their decisions and what makes them special. While it was both an interesting and engaging talk it did leave me a little worried about the size of the operation.

While small companies are great to deal with in the right situations they can also be a risk due to their low survival odds, questionable ability to grow alongside you and inability to throw resources at an awkward but urgent problem. On the other hand they can provide better levels of support, knowledge and assistance if you can find a good one and treat them more as partners than vendors, and I suspect that ep.io is going to be one of the good ones.

Then we had the VMWare talk. Until a couple of years ago, when budgets shrank again and Xen and KVM began to rise, I was a big fan and a happy user of VMWare products both on server and desktop. While I've not kept up with all the product details it's hard not to have heard of CloudFoundry.

The two speakers, one from RabbitMQ and one from SpringSource (both now part of the VMWare org chart) had very different speaking styles, the speaker from RabbitMQ had a keen wit and kept the tone light with lots of amusing comments like "VMWare is about 9000 staff, about 8000 of them write device drivers" and while the man from SpringSource spent the whole time complaining about how slow his laptop was. At one point the audience nearly had a whip-round to cover the cost of a couple of GB of RAM for him. As for the content it left me a little adrift. I came out of the talk without knowing much more than I went in with. Although I always have to smile when I hear people from SpringSource describe their product line, Spring Tomcat, Spring AMQ, Spring ls and Spring Bash (I might have made the last two up) so it wasn't a complete waste.

Obviously there will be comparisons made between the talk platforms being discussed and one of the most interesting aspects of the evening for me was how well ep.io came out of the deal. They've got an architecture every bit as well thought out as that of VMWares, they're already looking at the next set of problems that both platforms are going to experience and they came across as remarkable professional for such a small team.

CloudFoundry on the other hand will probably have a bigger effect on my working life. VMWare is often quite an easy sell due to its track record and feature set and I can see more companies talking parts of CloudFoundry on board than I can see them hosting with ep.io. So it's one to spend a little time investigating. The fact that it's open source will just make the whole process easier.

The talks were very well attended with 70-80 people in the audience and once again we should say thank you to the Guardian for providing the venue and Gareth for organising it.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!]]> Dean Wilson <dean.wilson@gmail.com> /events Sat, 14 May 2011 11:56:00 GMT london-devops-may-2011 http://blog.unixdaemon.net/cgi-bin/blosxom.pl/events/loadays-2011.html Kris mentioned a conference called LOAD (2010) to me. I was a little late in booking the hotel and in the end I couldn't make it over - and judging by the quality of this years event that was a big mistake.

While it's nice to spend time in the devops world and talk about communication, processes and how to merge development and operational tool-chains sometimes it's nice to focus on solid, production grade sysadmining; and LOAD was the perfect conference for it. Over two days, two tracks of talks and one of tutorials, a selection of top notch speakers covered kerberos, LDAP, packaging (Debs and RPMs), storage systems, single sign on, advanced networking, virtualisation, security, HA and monitoring. Some of the talks presented were perfectly timed (DNSSEC and IPv6 from a working admins perspective), some were very solid updates on technologies we sometimes take for granted (PKI, LDAP, SSO and HA clustering) and some covered more vertical admin niches (inventory systems, Exchange replacements and small business servers).

The conference felt like a large local LUG meeting. The people were friendly, the sessions and speakers encouraged the audiences involvement both in and outside of the talks and even when the event was over everyone seemed happy to stay and chat about what they'd seen or further discuss subjects with the speakers (although I suspect the free food and drink didn't hurt in keeping the conference going after hours!)

The LOAD organisers did a marvellous job of finding so many talented speakers and promoting home grown talent. I'd only seen maybe a dozen of the people speak before and the amount of preparation each and every speaker had obviously invested made being in the audience a pleasure. No one was "quipping" about the fact they'd only just written their slides or started to prepare and a number of the speakers tailored their talks based on the other sessions to help reduce duplication and present their own take on certain subjects - and their talks, and the conference, were enhanced by it.

This post may seem a little gushing but this was the best sysadmin conference I've been to for years. I've come back with information that's going to help me do my job better and it's going to be one of the first conferences I book next year.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!]]> Dean Wilson <dean.wilson@gmail.com> /events Tue, 19 Apr 2011 15:29:00 GMT loadays-2011 http://blog.unixdaemon.net/cgi-bin/blosxom.pl/security/airgapped-gary.html Our source code has always been air gapped from the Internet. The forensic examination confirmed that software development servers and workstations were not affected by the incident -- from HBGary

Anyone else find it hard to accept that none of the developers, testers, documentation writers or build people ever accessed source code from their Internet connected laptops / workstations? Especially considering the state of their other security measures.

Don't get me wrong, in some cases it's a sensible solution ( off-line key signing for example) but for entire teams working on a shared code base?

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!]]> Dean Wilson <dean.wilson@gmail.com> /security Tue, 19 Apr 2011 13:33:00 GMT airgapped-gary