Everything is a Freaking DNS problem - cloud

Devops and Cloud

Kris Buytaert — Wed, 28 Apr 2010 21:15:54 +0000

Whenever I give my Cloud security talk there's a slide in there talking about the most scary idea about Cloud and Security, the fact that Marketing people will build things on their own while IT, or any other departement isn't involved, and as we all know marketing people have no clue about security, it's not on their mind they won't even think about adding some sort of security to their application.

So IT isn't involved, Development isn't involved , and Operations isn't involved ...

Ages ago.. well.. about a decade I was working in those very marketing departments sitting there, writing code, hired by the marketeers, not by IT , the marketing PM did the talking to IT , we still had to go trough their IT department to get stuff deployed.

The marketing people had to deal with their impossible deadlines, a nationwide tv or radio campaign that was going to be launched , with a supporting website which meant that the website functionality needed to go live just before the first airing of the commercial. Obviously the website was lower priority than finding a famous voice or face to record the commercial with, so it became only late in the planning.. even more obvious was the fact that talking to IT about getting these new features deployed was even later on their planning .

Back then, part of my job was to smooth that process, my role was both creating the technical backend for the sites , putting them in production and doing the daily maintenance afterwards ...

Looking back at those days I realize the pains of both deployment and procurement, getting a new machine racked and then installed up to a bare os installations took up to 6 weeks, in a marketing driven world that meant that I'd often had to bypass the whole procurement process of expensive sunboxen and had to quickly deploy a linux box under my desk that could be used to move to production as plan B , and trust me .. we had to use plan B a lot ..

Letting nontechnical people deploy stuff in the cloud will only widen the gap, but getting involved early enough in the concept fase of a project with a good devops methodology/team in place will give the business people the opportunity to learn that things have changed , it doesn't take 6 weeks anymore to get an expensive Sun box racked and a Solaris instance installed after which a team of engineers needs to install an application server, then a different team needs to install the database etc .. these days it's a virtual machine instantiation and a couple of recipes ,in that way we can get manageable, reproducible and scalable deployments in no time.

A long overdue report of DevopsDays

Kris Buytaert — Thu, 05 Nov 2009 19:32:41 +0000

Here's how it started :

So I used to be a software developer, writing perl for the web, then C, then Java, then PHP, till I realized nobody ever configured my servers correctly and I changed trades becoming a system engineer, while teaching new developers the basics of their trade, whom grew into doing Infrastructure Architecture .. familiar story for much of the crowd at DevopsDays ... a crowd that wants to stopping the war between developers and system engineering , a crowd that wants to automate builds, integrate testing, deploy, deploy on very large scale, deploy in the cloud and much more.

So what do you get when you put together some of the experts on building software, organizing development teams , Agile geeks, Cloud infrastructure projects, and Automating guru's in 1 location for 2 days in Gent ? Exactly .. DevopsDays ..

The format was 2 days .. 3 kickass formal talks in the morning.. Open Space sessions in the afternoon. ... Friday featured talks on Non Functional Requirements, CucumberNagios and Monitoring in the Cloud with FlapJack and Building Agile Infrastructures with Puppet while discussing the James White Manifesto ..

which I had never heard of, but which apparently comes down to this

== Rules ==
On Infrastructure
-----------------
There is one system, not a collection of systems.
The desired state of the system should be a known quantity.
The "known quantity" must be machine parseable.
The actual state of the system must self-correct to the desired state.
The only authoritative source for the actual state of the system is the system.
The entire system must be deployable using source media and text files.
On Buying Software
-------------------
Keep the components in the infrastructure simple so it will be better understood.
All products must authenticate and authorize from external, configurable sources.
Use small tools that interoperate well, not one "do everything poorly" product.
Do not implement any product that no one in your organization has administered.
"Administered" does not mean saw it in a rigged demo, online or otherwise.
If you must deploy the product, hire someone who has implemented it before to do so.
On Automation
-------------
Do not author any code you would not buy.
Do not implement any product that does not provide an API.
The provided API must have all functionality that the application provides.
The provided API must be tailored to more than one language and platform.
Source code counts as an API, and may be restricted to one language or platform.
The API must include functional examples and not requre someone to be an expert on the product to use.
Do not use any product with configurations that are not machine parseable and machine writeable.
All data stored in the product must be machine readable and writeable by applications other than the product itself.
Writing hacks around the deficiencies in a product should be less work than writing the product's functionality.
In general
----------
Keep the disparity in your architecture to an absolute minimum.
Use [http://en.wikipedia.org/wiki/Set_theory Set Theory] to accomplish this.
Do not improve manual processes if you can automate them instead.
Do not buy software that requires bare-metal.
Manual data transfers and datastores maintained manually are to be avoided.

Much unlike the FAIL Manifesto

The openspaces tackled how to migrate from a totally unreproducable environment too a correctly bootstrapped infreaastructure, over the Ubuntu Enterprise Cloud , then dinner and off for beers to the Vooruit . The OpenQRM "crowd" stayed at my place so I didn't stay around too late ..

Saturday morning came early ... sadly I missed the first 10 minutes of a very interresting talk about Kanban in operations ... let's ee if we can convince some more people to try it out ...

The talk on Continuous integration, Build Pipelines and Continuous deployment was also really interresting with lots of stories from the real world.. . after the openqRM talk it was time again for OpenSpaces with e.g discussions on svn vs git and building a feature matrix of Cloud , with @botchagalupe, @openqrm and @maesjoch in the room and @diegomarino online .

Devopsdays ended too soon , with way to much interresting ideas to build on .. Let's hope we can all work them out !

CloudCamp Antwerp

Kris Buytaert — Fri, 10 Apr 2009 19:21:53 +0000

So yesterday a 100+ crowd met in the Antwerp Zoo.
I heard different comments from that crowd... some of them liked the event, good networking, interresting topics , a broad overview, meeting new vendors active in the Cloud, others of them didn't .. it wasn't a real camp , just some vendors pitching, they didn't hear any new stuff , or we didn't touch the real stuff.

So different opinions from different expectations...

Anyhow for all those who could't read the slides :

CloudSec , don't forget Security in the Cloud !

View more presentations from Kris Buytaert.

Or here

VirtSec, and Open Source

Kris Buytaert — Mon, 16 Mar 2009 18:51:00 +0000

The slides from the presentation I gave last friday at Lsec are now online, both at My Site and on Slideshare

VirtSec, and the Open Source impact

View more presentations from Kris Buytaert.

I learned a lot last friday , I`ll be talking to some more people about the technical details , but be expecting some of my findings on Virtualization.com soon :)

Image Sprawl , and the new cure ..

Kris Buytaert — Thu, 05 Feb 2009 22:24:43 +0000

When I tell people that the concept of copying VM's around as frequently done in the VMWare world is one of the most stupid ideas on this planet, I get the weirdest looks.

In my world it is, I want my infrastructure to be reproducible , I want to be able to throw any machine in my infrastructure out of the 10th floor of a building and be up and running again in no time. If I spread a bunch of VM copies around who knows what kind of life they start leading. Some will get upgrades, some won't ..
If I get an image from someone, how did he get there ? Nobody knows ..

To me Image Sprawl is more than not being able to to manage your Virtual Machines, it also matters for physical machines that are being deployed using a golden image.

Now rewind back about 4 something years.. back then I wrote a paper for LinuxKongress titled Automating Xen Virtual Machine Deployment which described a Hybrid way of Bootstrapping an infrastructure.
Quicly summarized, you use the benefits of images to quickly deploy a minimal image which
Luke today calls a Stem Cell then go on using centralized package management and a configuration management tool to keep them up to par. There are 2 things that changed in between,
we replaced CFEngine with Puppet , and the fact that today some people do care a bit more about the infrastructure side of the web, guess we have to thank Amazon and the Cloud Hype for that

But fundamentally .. not that much changed :)

Oldskool, Fuck the Cloud

Kris Buytaert — Wed, 21 Jan 2009 18:56:12 +0000

This comment by Jim Leonard, Trixter/Hornet for those who still remember our previous lives , is right on the spot.

"This is the longest post I’ve ever seen that says “do not put your only copy of data on a site you do not pay for or trust.”

Weird, how you suddenly bump online into someone you haven't heard from for over a decade, and even weirder how they still seem to have similar ideas to yours :-)

JoliCloud

Kris Buytaert — Fri, 19 Dec 2008 18:36:44 +0000

Am I the only one who thinks the JoliCloud screenshot on TechCrunch really really looks like a default eeebuntu setup ?

This was not a Cloudcamp ! :)

Kris Buytaert — Fri, 31 Oct 2008 21:15:53 +0000

This was not a CloudCamp !

Don't get me wrong, it was a great event and I met lots of interesting people , but it was not a *camp.
The idea was there to have an unconference after the formal sessions, but the formal sessions ran out and there was no time because of food and bar duties.

The event was a mixture of regular Belgian Campers, Virtualization geeks, Open Source folks , obviously there were a couple of "lost" americans , and the crowd from up North :)

The location was weird to say the least, what if the boat hat floated off on the river :)

It's obvious the world doesn't have a fixed definition for "Cloud Computing" yet , Tarry really made a safe bet by cut and pasting the definition from WikiPedia but the thing that really worried me was that when Raph asked if the audience could define Open Source they couldn't either.

Given the audience it's really hard to understand why they couldn't explain what Open Source is .. they should be able to. As the biggest chunk of Cloud Infrastructure is based on Open Source , the audience of a CloudCamp should be able to define Open Source, but then again there was quite a number of suits around that weren't expected to understand what it is all about :)

The fact is that a the cloud today still is a bit of undefined, different marketeers are grabbing the opportunity to rebrand their longtime existing product as fresh and hot cloud.

The interesting part of the Cloud to me is the mix of Virtualization, Scalability, Automation , Large Scale Deployment , playing the puppetmaster, and High Availability ..

It's stuff I have been doing for ages , it's the stuff this blog has been covering since the beginning ... but I don't plan on renaming my blog .. as afterall the whole cloud issue is just a Freaking DNS Problem

Pictures of the event are here

DevMinistration

Kris Buytaert — Mon, 27 Oct 2008 17:57:40 +0000

In his CloudCafe 18 Podcast John talks about Puppet to Luke and they coin the idea of Devministration

I really like the terminology, so I`m a devministrator, and probably the bigger part of Inuits are Devministrators.

The first stage in becoming a devministrator is using version control, then bugtracking .. etc.
Coming from an era where I was the sysadmin pushing the developers to use version control this sounds really strange to me..
Yes I had to convince developers to use version control, while Luke thinks he needs to convince sysadmins to use version control.
Weird.. other continent, other habits, but the important part is we all use it.

But the big part is that we don't spend our time managing servers, but rather scripting the automation of the management. Learning machines how they should manage our configs and automate.

Like the old Google saying, you have to automate yourself out of a job every 18 months.

Guess that's also what ad Devministrator is.

CloudCamp BXL

Kris Buytaert — Mon, 27 Oct 2008 17:52:15 +0000

Don't forget .. this thursday : CloudCamp Brussels !