It’s been years since I’ve read a book on VMWare. Between the maturity and ease of use of their GUI tools and my own continual move towards Free virtualisation I’ve not had the professional need or the spare time to invest but when a book comes as highly recommended as the VMware vSphere 4.1 HA and DRS Technical deepdive does you have to make some room on your (virtual) bookshelf. Despite its small page count this book covers its subject material in a simple, direct and technically clear way. Read on →

I’ve been doing a little tinkering with pre/post release checklists and compliance reporting using cucumber and some Nagios wrapping (among other things) in my test lab and recently needed to do some higher level entire environment checks before moving on to the next step. While it’s possible to wrap something like nmaps ping check and then Nagios each target it does feel like stepping back a few years in the tool chain. Read on →

I never thought I’d use a cliche like “David vs Goliath” but considering the two speakers at London Devops it does seem a little apt. Andrew Godwin from, a Python hosting platform, was the first speaker, and he did an excellent job of explaining their internal platform, how they make their decisions and what makes them special. While it was both an interesting and engaging talk it did leave me a little worried about the size of the operation. Read on →

Last year at one of the many Belgium tech events Kris mentioned a conference called LOAD (2010) to me. I was a little late in booking the hotel and in the end I couldn’t make it over - and judging by the quality of this years event that was a big mistake. While it’s nice to spend time in the devops world and talk about communication, processes and how to merge development and operational tool-chains sometimes it’s nice to focus on solid, production grade sysadmining; and LOAD was the perfect conference for it. Read on →

Our source code has always been air gapped from the Internet. The forensic examination confirmed that software development servers and workstations were not affected by the incident – from HBGary Anyone else find it hard to accept that none of the developers, testers, documentation writers or build people ever accessed source code from their Internet connected laptops / workstations? Especially considering the state of their other security measures. Don’t get me wrong, in some cases it’s a sensible solution ( off-line key signing for example) but for entire teams working on a shared code base?

Sometimes it’s the little niggles that annoy people the most. As my team progress in to puppet they have an annoying habit of asking very good questions; which can sometimes be a struggle to answer. Todays best question was - “How do I tell if this file is under puppets control?” While there are a couple of different ways to check (grepping through your git checkout or modifying the file and running puppet were the immediate winners) the best way is probably to look inside the catalog and check against the title of the File resources it contains. Read on →

<tl;dr>Log nrpe-runner state changes when puppet runs to see what broke or was fixed.</tl;dr> While people most often use puppet to configure and repair their infrastructures sometimes they also inadvertently use it to damage and cripple them. As part of my attempt to reduce the mean time to spot a mistake across my systems I’ve come up with a handful of small scripts that let me wrap a puppet run in a Nagios NRPE powered safety net. Read on →

At work we try, and sometimes even succeed, in using Test Driven Deployment so as one of my background projects I’ve been wrapping certain tools in to cucumber friendly forms. Over the last couple of days I’ve been grabbing ten minutes here and there to incorporate Puppet 2.6 in to the pile. Feature: Puppetwrappers Puppet Provider Examples Scenario: Confirming package installation When a machine has been puppeted Then the bash package should be installed Scenario: Confirm doodoodoo package is absent When a machine has been puppeted Then the doodoodoo package should not be installed Scenario: Confirm cron service is running When a machine has been puppeted Then the cron service should be running Scenario: Confirm tomcat6 service is not running When a machine has been puppeted Then the tomcat6 service should not be running Scenario: Confirm dwilson is in libvirtd group When a machine has been puppeted Then dwilson should be a member of libvirtd Scenario: Confirm dwilson has a uid of 1000 When a machine has been puppeted Then dwilson should have a uid of 1000 Scenario: Confirm dwilson has a given shell When a machine has been puppeted Then dwilson should have the /bin/bash shell I really like using the puppet providers for this because of the abstraction benefits they provide. Read on →

Tonights (the March 2011) London OpenSolaris User Group (LOSUG) was a little different to usual and while the topics have always been quite diverse we’ve never had as seditious a talk as one covering the Solaris fork, OpenIndiana, Illumos and the OpenSolaris community. Alasdair Lumsden did an excellent job of explaining the new projects, why they exist and what they’re aiming for. As someone who took a few steps back when Oracle purchased Solaris it was an interesting catch up. Read on →

It all started with one of those annoying little items on the todo list - find all the unpuppeted ssh authorized_keys files on a machine and alert on them. On first impressions it was going to be quite manual (always a bad sign), involve digging in to legacy installs and would be something we’d need to re-verify occasionally. It couldn’t be that bad though could it? After all how many places can an unmanaged-by- puppet sshkey live? Read on →