24 Sep 2016
TLDR; rs_tag that works on Rightlink 10 agents.
As a DevOps guy that has to deal with AMIs (Amazon Machine Images) not under my control, this creates a few issues where we might be tempted to bake in tools.
One of our clients uses rightscale for infrastructure management and auditing and so one of these tools we use is the rightlink 6 agent. No problem, the provisioning workflow installs it when it creates a server, not an issue unless you loose a server (autoscaling or it just dies) and there is no workflow to install the agent.
Fortunately there is a solution, I've been testing the install 'on boot' of Rightlink 10, however this has some breaking changes.
The biggest is the missing tool RS_TAG, as a lot of the provisioning and automation scripts rely on this to get configuration information about the server.
The rightlink 10 (RL10) agent does come with a RightScale Client (RSC) that can help, but would require rewriting all the scripts. Some of the scripts need to be updated in any case, as the agent no longer executes as root.
I have written a RL10 RS_TAG that works on servers with the rightlink 10 agent installed as a drop in replacement.The only feature not implemented as of v0.1 is the --query function.
I chose to write this in GO as the RSC comes with a library in Golang. It also allows the binary to be statically linked, like the Rightscale Agent. This means no software dependencies are required on the server (other than the RightScale agent of course). Very handy when you're about to build and configure the server in your favourite tool such as Puppet or ansible.
Let me know if it is of use to you.
(Read more...)
09 Sep 2016
I attended the AWS User Group North meet yesterday at Zen Internet. What a fabulous day. A change to the usual evening format, we met up during the day.
This gave more time for talks and we were treated to two AWS guys and a few lightening talks.
Network Innovation at Scale - Colin Whittaker (Principal Network Engineer, AWS)
Colin showed us how the network that supports the Amazon Web Services structure has grown exponentially and described a few of the solutions to stay ahead of the demand. The hardware unit in the Datacenters is a prepopulated rack, with the hardware guys deploying a working rack, from arrival at the door to becoming available for customers in 2 hours. Colin also mentioned some of the challenges of moving a massive amount of network data at scale, with miles of fiber optic cables and Enhanced networking requiring custom network cards.
Lightning Talks
Lambda, Good for the little things - Carl Simpson (Technical Architect, Zen Internet)
In the 1st talk about Lambda, Carl helped us understand how this service from AWS can help with small tasks, such as EBS volume backups and other housekeeping tasks.
Having a Bash at AWS Management - Michael Pearce (Co-operatives UK)
Michael shared his journey learning about the AWS command line tools and showed us a working example of managing EBS snapshots in a rotation using these tools.
Five AWS features that shouldn't exist - Sam Bashton (Director, Bashton / Claranet)
Sam shared his opinion with us about some of the anti best practices that shouldn't be there but are available to AWS customers. He used the pets and cattle metaphor to show that you shouldn't use the console (script everything) for stopping instances, creating images or enabling auto recovery. In short don't use the console, use code, such as CloudFormation or Terraform.
"Mummy, where are the servers?" - Ian Harris (Cloud Consultant, BJSS)
Continuing the theme of Lambda, Ian showed us how a competition entry workflow was hosted mostly on Lambda with Js scripts and even running ClamAV in a Lambda container. A short description of how there are actually servers, however they are containerized and patched by AWS. This solution used POST to S3, Lambda events and API gateway to enable the submission of files and a form. Some security considerations were also mentioned so check your IAM policies.
AWS Update - Danilo Poccia (Technical Evangelist, AWS)
Danilo rounded off the day sharing the latest announcements from AWS, including HTTP/2 support, Application Load Balancing, Elastic File System and Aurora read ahead.
(Read more...)
31 Aug 2016
Like most of my team, I use vagrant to run local boxes for development of puppet builds, ruby apis and such like.
I recently upgraded my Windows workstation to vagrant 1.8.5 and immediately ran into an issue.
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
default: Warning: Authentication failure. Retrying...
default: Warning: Authentication failure. Retrying...
This monkey of an issue had me stumped for a while, as on another project, I was working with securing ssh logins to hosts on AWS, which made me suspect my id_rsa key setup under the git BASH.
My sanity has been saved by the admission of a bug on the vagrant issues list https://github.com/mitchellh/vagrant/issues/7610
A swift edit of the C:\HashiCorp\vagrant\embedded\gems\gems\vagrant-1.8.5\plugins\guests\linux\cap\public_key.rb file (line 58) and all is good again.
@@ -54,6 +54,7 @@
if test -f ~/.ssh/authorized_keys; then
grep -v -x -f '#{remote_path}' ~/.ssh/authorized_keys > ~/.ssh/authorized_keys.tmp
mv ~/.ssh/authorized_keys.tmp ~/.ssh/authorized_keys
+ chmod 0600 ~/.ssh/authorized_keys
fi
rm -f '#{remote_path}'
The easier fix is to head over to downloads where it is hoped that 1.8.6 will be released on 1st September 2016.
(Read more...)
26 Aug 2016
Quick post about docker.
What is docker?
Docker containers wrap a piece of software in a complete filesystem that contains everything needed to run: code, runtime, system tools, system libraries – anything that can be installed on a server. This guarantees that the software will always run the same, regardless of its environment. (https://www.docker.com/what-docker)
Docker is gaining popularity and some clients are using it in production. As a method to package and deploy self-sufficient applications in primarily stateless Linux containers it allows a consistent platform that in itself is quite simple for Ops to look after, and we don't need to know the inner workings of the application we are deploying.
However when writing and building Docker images, my virtual machine (local Docker host) starts looking a bit littered with docker containers and images. So here are a few commands to tidy up.
Kill running containers:
docker kill $(docker ps -qa)
Delete all containers (and their associated volumes):
docker rm -v $(docker ps -qa)
Remove all images:
docker rmi $(docker images -q)
(Thanks to Mike O'Conner)
(Read more...)
23 Aug 2016
Regular expressions can be a bit like marmite, some people love them and some hate them, and if you are like me, they just leave lots of room for confusion.
Fortunately there is a tool that will hopefully dispel some of the confusion.
https://regex101.com/
(Read more...)
