Under the Dome (of failure driven pipeline)
-
Upload
maciej-lasyk -
Category
Technology
-
view
951 -
download
1
Transcript of Under the Dome (of failure driven pipeline)
![Page 1: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/1.jpg)
Under the dome(of failure driven pipeline)
Maciej Lasyk
4developers – Warsaw
2015-04-20
![Page 2: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/2.jpg)
Join Fedora Infrastructure!
- learn Ansible- learn Docker with Fedora Dockerfiles
http://fedoraproject.org/en/join-fedora
![Page 3: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/3.jpg)
Agenda?
Don't run away ;)
![Page 4: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/4.jpg)
[…]
Situations like this only reinforce my deep suspicion of
developers: They're often carelessly breaking things and
then disappearing, leaving Operations to clean up the
Mess.
[…]
“The Phoenix Project”
by Gene Kim, Kevin Behr and George Spafford
![Page 5: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/5.jpg)
![Page 6: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/6.jpg)
![Page 7: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/7.jpg)
![Page 8: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/8.jpg)
Conway's law (1968)
organizations which design systems ... are constrained to produce designs which are copies
of the communication structures of these organizations
http://en.wikipedia.org/wiki/Conway%27s_law
![Page 9: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/9.jpg)
Ruth Malan (2008)
if the architecture of the system and the architecture of the organization are at odds, the
architecture of the organization wins.
The organizational divides are going to drive the true seams in the system.
http://traceinthesand.com/blog/2008/02/13/conways-law/
![Page 10: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/10.jpg)
Yup, you're gut is telling truth...
![Page 11: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/11.jpg)
Yup, you're gut is telling truth...
This will be another devops indoctrination
![Page 12: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/12.jpg)
Yup, you're gut is telling truth...
This will be another devops indoctrination
What did you expect? ;)
![Page 13: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/13.jpg)
Yup, you're gut is telling truth...
This will be another devops indoctrination
What did you expect? ;)
This presentation includes gentle product placement
![Page 14: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/14.jpg)
Yup, you're gut is telling truth...
This will be another devops indoctrination
What did you expect? ;)
This presentation includes gentle product placement
![Page 15: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/15.jpg)
DevOps Anti-Types & patterns
This is a copy/paste from
http://blog.matthewskelton.net/
w/my comments included
Great job Matthew! Thanks!
![Page 16: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/16.jpg)
DevOps Anti-Types
http://blog.matthewskelton.net/2013/10/22/what-team-structure-is-right-for-devops-to-flourish/
![Page 17: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/17.jpg)
DevOps Anti-Types
http://blog.matthewskelton.net/2013/10/22/what-team-structure-is-right-for-devops-to-flourish/
![Page 18: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/18.jpg)
DevOps Anti-Types
http://blog.matthewskelton.net/2013/10/22/what-team-structure-is-right-for-devops-to-flourish/
![Page 19: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/19.jpg)
DevOps Patterns
http://blog.matthewskelton.net/2013/10/22/what-team-structure-is-right-for-devops-to-flourish/
![Page 20: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/20.jpg)
DevOps Patterns
http://blog.matthewskelton.net/2013/10/22/what-team-structure-is-right-for-devops-to-flourish/
![Page 21: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/21.jpg)
DevOps Patterns
http://blog.matthewskelton.net/2013/10/22/what-team-structure-is-right-for-devops-to-flourish/
![Page 22: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/22.jpg)
DevOps Patterns
http://blog.matthewskelton.net/2013/10/22/what-team-structure-is-right-for-devops-to-flourish/
![Page 23: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/23.jpg)
DevOps Patterns
http://blog.matthewskelton.net/2013/10/22/what-team-structure-is-right-for-devops-to-flourish/
![Page 24: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/24.jpg)
Ok let's CAMS
![Page 25: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/25.jpg)
DevOPS ?== CAMS
(culture, automation, measurement, sharing)
![Page 26: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/26.jpg)
DevOPS !== CAMS
DevOPS === people!
![Page 27: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/27.jpg)
People
culture automation
measurement sharing
![Page 28: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/28.jpg)
C for Culture
A for Automation
M for Monitoring
S for Sharing
![Page 29: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/29.jpg)
![Page 30: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/30.jpg)
![Page 31: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/31.jpg)
Is there a need for change?
“agile” and “cloud”:
→ focus on delivery
→ close collaboration
→ lightweight environment and components
![Page 32: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/32.jpg)
cultural change
modification of a society through innovation, invention, discovery, or contact with other
societies
![Page 33: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/33.jpg)
Dead sea effect
→ most talented evaporates
→ the residue
→ maintenance experts & bus factor == 1
http://brucefwebster.com/2008/04/11/the-wetware-crisis-the-dead-sea-effect/
![Page 34: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/34.jpg)
→ talk. often. and get along
→ take responsibility - from beginning to the end
→ continuous improvement. seriously
→ be brave. don't be silent
→ it's better to be unpolite l/German than polite l/Englishman
![Page 35: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/35.jpg)
GTD? (getting things done)
![Page 36: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/36.jpg)
GTD? (getting things done)
JFDI? (just fuckin' do it)
![Page 37: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/37.jpg)
GTD? (getting things done)
JFDI? (just fuckin' do it)
MFBT? (move fast, break things)
![Page 38: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/38.jpg)
GTD + JFDI + MFBT = FCH
![Page 39: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/39.jpg)
GTD + JFDI + MFBT = FCH
(Fuckin' Customer Happy)
![Page 40: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/40.jpg)
![Page 41: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/41.jpg)
C for Culture
A for Automation
M for Monitoring
S for Sharing
![Page 42: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/42.jpg)
Automation is big for most sysadmins. We’re
inherently lazy, so the idea of pushing a button
and making programs work for us? Appealing.
Standalone Sysadmin
http://www.standalone-sysadmin.com/blog/2011/04/view-from-the-other-side/
![Page 43: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/43.jpg)
→ it has to be simple
→ don't reinvent the wheel. don't fabric
→ automate from very beginning
![Page 44: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/44.jpg)
→ repeatable tasks leads to automation
![Page 45: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/45.jpg)
→ repeatable tasks leads to automation
→ automation leads to consistency
![Page 46: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/46.jpg)
→ repeatable tasks leads to automation
→ automation leads to consistency
→ consistency reduces errors
![Page 47: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/47.jpg)
→ repeatable tasks leads to automation
→ automation leads to consistency
→ consistency reduces errors
→ reducing errors leads to stable environment
![Page 48: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/48.jpg)
→ repeatable tasks leads to automation
→ automation leads to consistency
→ consistency reduces errors
→ reducing errors leads to stable environment
→ stable environment leads to less unplanned work
![Page 49: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/49.jpg)
→ repeatable tasks leads to automation
→ automation leads to consistency
→ consistency reduces errors
→ reducing errors leads to stable environment
→ stable environment leads to less unplanned work
→ less unplanned work leads to focus on delivery
![Page 50: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/50.jpg)
Remember?
http://blog.matthewskelton.net/2013/10/22/what-team-structure-is-right-for-devops-to-flourish/
![Page 51: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/51.jpg)
Short story of Anti-Type C“we don't need ops”
# it's madness with paths for different users and such option as:# sudo su# sudo -i# su -# su# that is why we add variables to two places
ENVIRONMENT_FILE = '/etc/environment'PROFILE_FILE = '/etc/profile'INITIAL_PATH = '/usr/local/bin:/usr/bin:/bin'
# due to sudo issues (resetting PATH by /etc/sudoers)# we have to add PATH to /root/.profile as well
![Page 52: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/52.jpg)
Short story of Anti-Type C“we don't need ops”
# it's madness with paths for different users and such option as:# sudo su# sudo -i# su -# su# that is why we add variables to two places
ENVIRONMENT_FILE = '/etc/environment'PROFILE_FILE = '/etc/profile'INITIAL_PATH = '/usr/local/bin:/usr/bin:/bin'
# due to sudo issues (resetting PATH by /etc/sudoers)# we have to add PATH to /root/.profile as well
![Page 53: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/53.jpg)
Short story of Anti-Type C“we don't need ops”
Shells:→ login→ non-login→ interactive→ non – interactive
![Page 54: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/54.jpg)
Short story of Anti-Type C“we don't need ops”
Shells:→ login→ non-login→ interactive→ non – interactive
→ su→ sudo su: interactive, non-login, .bashrc→ sudo su -: interactive, login, /etc/profile;/root/.profile;/root/.bashrc→ sudo -i: interactive, login, /root/.profile;/root/.bashrc;/root/.login→ sudo /bin/bash: interactive, non-login, ~/.bashrc→ sudo -s: reads $SHELL and executes it
![Page 55: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/55.jpg)
Short story of Anti-Type C“we don't need ops”
Shells:→ login→ non-login→ interactive→ non – interactive
→ su→ sudo su: interactive, non-login, .bashrc→ sudo su -: interactive, login, /etc/profile;/root/.profile;/root/.bashrc→ sudo -i: interactive, login, /root/.profile;/root/.bashrc;/root/.login→ sudo /bin/bash: interactive, non-login, ~/.bashrc→ sudo -s: reads $SHELL and executes it
![Page 56: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/56.jpg)
Short story of Anti-Type C“we don't need ops”
Shells:→ login→ non-login→ interactive→ non – interactive
→ su→ sudo su: interactive, non-login, .bashrc→ sudo su -: interactive, login, /etc/profile;/root/.profile;/root/.bashrc→ sudo -i: interactive, login, /root/.profile;/root/.bashrc;/root/.login→ sudo /bin/bash: interactive, non-login, ~/.bashrc→ sudo -s: reads $SHELL and executes it
![Page 57: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/57.jpg)
Short story of Anti-Type C“we don't need ops”
Shells:→ login→ non-login→ interactive→ non – interactive
→ su→ sudo su: interactive, non-login, .bashrc→ sudo su -: interactive, login, /etc/profile;/root/.profile;/root/.bashrc→ sudo -i: interactive, login, /root/.profile;/root/.bashrc;/root/.login→ sudo /bin/bash: interactive, non-login, ~/.bashrc→ sudo -s: reads $SHELL and executes it
![Page 58: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/58.jpg)
Short story of Anti-Type C“we don't need ops”
Shells:→ login→ non-login→ interactive→ non – interactive
→ su→ sudo su: interactive, non-login, .bashrc→ sudo su -: interactive, login, /etc/profile;/root/.profile;/root/.bashrc→ sudo -i: interactive, login, /root/.profile;/root/.bashrc;/root/.login→ sudo /bin/bash: interactive, non-login, ~/.bashrc→ sudo -s: reads $SHELL and executes it
![Page 59: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/59.jpg)
Short story of Anti-Type C“we don't need ops”
Shells:→ login→ non-login→ interactive→ non – interactive
→ su→ sudo su: interactive, non-login, .bashrc→ sudo su -: interactive, login, /etc/profile;/root/.profile;/root/.bashrc→ sudo -i: interactive, login, /root/.profile;/root/.bashrc;/root/.login→ sudo /bin/bash: interactive, non-login, ~/.bashrc→ sudo -s: reads $SHELL and executes it
![Page 60: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/60.jpg)
def is_ubuntu(): return run("uname -a | grep Ubuntu | wc -l") == "1"def install_apache_fix():
if is_ubuntu():if exists("/lib/x86_64-linux-gnu/libssl.so.0.9.8"):
print "libssl.so.0.9.8 already installed - SKIPPING"else:
sudo("apt-get -y install libssl0.9.8")else:
#Debianif exists("/usr/lib/libssl.so.0.9.8"):
print "libssl.so.0.9.8 already installed - SKIPPING"else:
#download if necessary url = "http://.../libssl0.9.8_0.9.8o-squeeze14_amd64.deb"
if download.sync_opt_download(_download_libssl_lock, url, store_file_path):sudo('chmod ug+x %s' % store_file_path)sudo("dpkg -i %s" % store_file_path)
![Page 61: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/61.jpg)
def is_ubuntu(): return run("uname -a | grep Ubuntu | wc -l") == "1" /etc/issue maybe?def install_apache_fix():
if is_ubuntu():if exists("/lib/x86_64-linux-gnu/libssl.so.0.9.8"):
print "libssl.so.0.9.8 already installed - SKIPPING"else:
sudo("apt-get -y install libssl0.9.8")else:
#Debianif exists("/usr/lib/libssl.so.0.9.8"):
print "libssl.so.0.9.8 already installed - SKIPPING"else:
#download if necessary url = "http://.../libssl0.9.8_0.9.8o-squeeze14_amd64.deb"
if download.sync_opt_download(_download_libssl_lock, url, store_file_path):sudo('chmod ug+x %s' % store_file_path)sudo("dpkg -i %s" % store_file_path)
![Page 62: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/62.jpg)
def is_ubuntu(): return run("uname -a | grep Ubuntu | wc -l") == "1"def install_apache_fix():
if is_ubuntu():if exists("/lib/x86_64-linux-gnu/libssl.so.0.9.8"):
print "libssl.so.0.9.8 already installed - SKIPPING"else:
sudo("apt-get -y install libssl0.9.8")else:
#Debianif exists("/usr/lib/libssl.so.0.9.8"):
print "libssl.so.0.9.8 already installed - SKIPPING"else:
#download if necessary url = "http://.../libssl0.9.8_0.9.8o-squeeze14_amd64.deb"
if download.sync_opt_download(_download_libssl_lock, url, store_file_path):sudo('chmod ug+x %s' % store_file_path)sudo("dpkg -i %s" % store_file_path)
![Page 63: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/63.jpg)
def is_ubuntu(): return run("uname -a | grep Ubuntu | wc -l") == "1"def install_apache_fix():
if is_ubuntu():if exists("/lib/x86_64-linux-gnu/libssl.so.0.9.8"): ldconfig maybe?
print "libssl.so.0.9.8 already installed - SKIPPING"else:
sudo("apt-get -y install libssl0.9.8")else:
#Debianif exists("/usr/lib/libssl.so.0.9.8"):
print "libssl.so.0.9.8 already installed - SKIPPING"else:
#download if necessary url = "http://.../libssl0.9.8_0.9.8o-squeeze14_amd64.deb"
if download.sync_opt_download(_download_libssl_lock, url, store_file_path):sudo('chmod ug+x %s' % store_file_path)sudo("dpkg -i %s" % store_file_path)
![Page 64: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/64.jpg)
def is_ubuntu(): return run("uname -a | grep Ubuntu | wc -l") == "1"def install_apache_fix():
if is_ubuntu():if exists("/lib/x86_64-linux-gnu/libssl.so.0.9.8"):
print "libssl.so.0.9.8 already installed - SKIPPING"else:
sudo("apt-get -y install libssl0.9.8")else:
#Debianif exists("/usr/lib/libssl.so.0.9.8"):
print "libssl.so.0.9.8 already installed - SKIPPING"else:
#download if necessary url = "http://.../libssl0.9.8_0.9.8o-squeeze14_amd64.deb"
if download.sync_opt_download(_download_libssl_lock, url, store_file_path):sudo('chmod ug+x %s' % store_file_path)sudo("dpkg -i %s" % store_file_path)
![Page 65: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/65.jpg)
def is_ubuntu(): return run("uname -a | grep Ubuntu | wc -l") == "1"def install_apache_fix():
if is_ubuntu():if exists("/lib/x86_64-linux-gnu/libssl.so.0.9.8"):
print "libssl.so.0.9.8 already installed - SKIPPING"else:
sudo("apt-get -y install libssl0.9.8")else:
#Debian What about RHEL, Fedora, Slackware, Gentoo?if exists("/usr/lib/libssl.so.0.9.8"):
print "libssl.so.0.9.8 already installed - SKIPPING"else:
#downl. if necessary So whole this is for particular distro version? url = "http://.../libssl0.9.8_0.9.8o-squeeze14_amd64.deb"
if download.sync_opt_download(_download_libssl_lock, url, store_file_path):sudo('chmod ug+x %s' % store_file_path)sudo("dpkg -i %s" % store_file_path)
![Page 66: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/66.jpg)
def is_ubuntu(): return run("uname -a | grep Ubuntu | wc -l") == "1"def install_apache_fix():
if is_ubuntu():if exists("/lib/x86_64-linux-gnu/libssl.so.0.9.8"):
print "libssl.so.0.9.8 already installed - SKIPPING"else:
sudo("apt-get -y install libssl0.9.8")else:
#Debianif exists("/usr/lib/libssl.so.0.9.8"):
print "libssl.so.0.9.8 already installed - SKIPPING"else:
#downl. if necessary url = "http://libssl0.9.8_0.9.8o-squeeze14_amd64.deb"
if download.sync_opt_download(_download_libssl_lock, url, store_file_path):sudo('chmod ug+x %s' % store_file_path)sudo("dpkg -i %s" % store_file_path)
![Page 67: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/67.jpg)
def is_ubuntu(): return run("uname -a | grep Ubuntu | wc -l") == "1"def install_apache_fix():
if is_ubuntu():if exists("/lib/x86_64-linux-gnu/libssl.so.0.9.8"):
print "libssl.so.0.9.8 already installed - SKIPPING"else:
sudo("apt-get -y install libssl0.9.8")else:
#Debianif exists("/usr/lib/libssl.so.0.9.8"):
print "libssl.so.0.9.8 already installed - SKIPPING"else:
#downl. if necessary url = "http://libssl0.9.8_0.9.8o-squeeze14_amd64.deb"
if download.sync_opt_download(_download_libssl_lock, url, store_file_path):sudo('chmod ug+x %s' % store_file_path) # declarative madnesssudo("dpkg -i %s" % store_file_path)
![Page 68: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/68.jpg)
Imperativeness vs declarativeness
![Page 69: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/69.jpg)
Imperativeness vs declarativeness
def configure(dst_dir, config_properties, installer_file):_copy_conf_file(dst_dir, properties)
def _copy_conf_file(dst_dir, properties): sudo("cp %s %s" % (srcConfigPath, targetConfigPath)) change_directory_owner(targetConfigPath) sudo('chmod ug+x %s' % store_file_path)
- name: configure this hosts: all tasks:
- name: copy conf file file: >
src={{ some_source }}dest={{ some_destination }}perms=0750
![Page 70: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/70.jpg)
Imperativeness vs declarativeness
def configure(dst_dir, config_properties, installer_file):_copy_conf_file(dst_dir, properties)
def _copy_conf_file(dst_dir, properties): sudo("cp %s %s" % (srcConfigPath, targetConfigPath)) change_directory_owner(targetConfigPath) sudo('chmod ug+x %s' % store_file_path)
- name: configure this hosts: all tasks:
- name: copy conf file file: >
src={{ some_source }}dest={{ some_destination }}perms=0750
![Page 71: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/71.jpg)
![Page 72: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/72.jpg)
→ flat learning curve
![Page 73: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/73.jpg)
→ flat learning curve
→ doesn't required additional resources
![Page 74: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/74.jpg)
→ flat learning curve
→ doesn't required additional resources
→ fit for maintenance jobs / procedures
![Page 75: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/75.jpg)
→ flat learning curve
→ doesn't required additional resources
→ fit for maintenance jobs / procedures
→ great for any containers as non-daemon
![Page 76: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/76.jpg)
→ flat learning curve
→ doesn't required additional resources
→ fit for maintenance jobs / procedures
→ great for any containers as non-daemon
→ deals with “deployment specs”
![Page 77: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/77.jpg)
→ flat learning curve
→ doesn't required additional resources
→ fit for maintenance jobs / procedures
→ great for any containers as non-daemon
→ deals with “deployment specs”
→ might be easily adopted as universal language
![Page 78: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/78.jpg)
![Page 79: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/79.jpg)
![Page 80: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/80.jpg)
→selinux enforcing i -rw-r--r--. stash stash unconfined_u:object_r:mysqld_db_t:s0 authorized_keys
→/etc/ssh/sshd_config && /etc/network/interfaces
→ iptables-save nope?
→ broken _netfs ?
![Page 81: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/81.jpg)
![Page 82: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/82.jpg)
![Page 83: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/83.jpg)
![Page 84: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/84.jpg)
What if...
→ ./configure && make && make install → .zip
→ Dev & Ops have 2 different build & installation methods?
Plz..
→ pkg repos (or Nexus)
→ use fpm for creating pkgs if needed (demo)
![Page 85: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/85.jpg)
C for Culture
A for Automation
M for Monitoring
S for Sharing
![Page 86: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/86.jpg)
![Page 87: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/87.jpg)
→ make developers create monitoring
→ find yourself between RRD and InfluxDB
→ will product team be able to query your monitoring DB?
→ Etsy case (Ganglia / Graphite)
![Page 88: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/88.jpg)
→ make developers create monitoring
→ find yourself between RRD and InfluxDB
→ will product team be able to query your monitoring DB?
→ Etsy case (Ganglia / Graphite)
![Page 89: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/89.jpg)
→ make developers create monitoring
→ find yourself between RRD and InfluxDB
→ will product team be able to query your monitoring DB?
→ Etsy case (Ganglia / Graphite)
![Page 90: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/90.jpg)
→ make developers create monitoring
→ find yourself between RRD and InfluxDB
→ will product team be able to query your monitoring DB?
→ Etsy case (Ganglia / Graphite)
![Page 91: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/91.jpg)
C for Culture
A for Automation
M for Monitoring
S for Sharing
![Page 92: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/92.jpg)
→ learn on OPS mistakes
→ Major Incident Reports – source of improvement
→ Learn developers about change management
→ Make CM an easy process. Use simple tools.
![Page 93: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/93.jpg)
→ learn on OPS mistakes
→ Major Incident Reports – source of improvement
→ Learn developers about change management
→ Make CM an easy process. Use simple tools.
![Page 94: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/94.jpg)
→ learn on OPS mistakes
→ Major Incident Reports – source of improvement
→ Learn developers about change management
→ Make CM an easy process. Use simple tools.
![Page 95: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/95.jpg)
→ learn on OPS mistakes
→ Major Incident Reports – source of improvement
→ Learn developers about change management
→ Make CM an easy process. Use simple tools.
![Page 96: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/96.jpg)
Let's arch the infrastructure
![Page 97: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/97.jpg)
Addressing the space
→ VLSM
→ DHCP & DDNS
→ KISS: flat networks!
→ stop /24!
![Page 98: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/98.jpg)
Addressing the space
→ VLSM
→ DHCP & DDNS
→ KISS: flat networks!
→ stop /24!
![Page 99: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/99.jpg)
Addressing the space
→ VLSM
→ DHCP & DDNS
→ KISS: flat networks!
→ stop /24!
![Page 100: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/100.jpg)
Addressing the space
→ VLSM
→ DHCP & DDNS
→ KISS: flat networks!
→ stop /24!
![Page 101: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/101.jpg)
![Page 102: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/102.jpg)
What about DNS?
→ BIND roxx (views etc)
→ KISS: maybe decentralized w/Ansible?
![Page 103: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/103.jpg)
view "internal-view" { match-clients { internal; }; recursion yes;
zone "lasyk.info" IN { type master; file "internal.lasyk.info.conf"; allow-transfer { any; } };
view "external-view" { match-clients { any; }; recursion no;
zone "lasyk.info" IN { type master; file "external.lasyk.info.conf"; allow-transfer { none; }; };
![Page 104: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/104.jpg)
view "internal-view" { match-clients { internal; }; recursion yes;
zone "lasyk.info" IN { type master; file "internal.lasyk.info.conf"; allow-transfer { any; } };
view "external-view" { match-clients { any; }; recursion no;
zone "lasyk.info" IN { type master; file "external.lasyk.info.conf"; allow-transfer { none; }; };
![Page 105: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/105.jpg)
![Page 106: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/106.jpg)
Linux Containers = namespaces + cgroups + storage
Linux containers equation
![Page 107: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/107.jpg)
Control Groups provide a mechanism for
aggregating/partitioning sets of tasks, and
all their future children, into hierarchical groups
with specialized behavior
control groups (cgroups)
![Page 108: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/108.jpg)
→grouping processes
→allocating resources to particular groups
→memory
→network
→CPU
→storage bandwidth (I/O throttling)
→device whitelisting
control groups (cgroups)
![Page 109: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/109.jpg)
→grouping processes
→allocating resources to particular groups
→memory
→network
→CPU
→storage bandwidth (I/O throttling)
→device whitelisting
control groups (cgroups)
![Page 110: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/110.jpg)
→grouping processes
→allocating resources to particular groups
→memory
→network
→CPU
→storage bandwidth (I/O throttling)
→device whitelisting
control groups (cgroups)
![Page 111: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/111.jpg)
→grouping processes
→allocating resources to particular groups
→memory
→network
→CPU
→storage bandwidth (I/O throttling)
→device whitelisting
control groups (cgroups)
![Page 112: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/112.jpg)
→grouping processes
→allocating resources to particular groups
→memory
→network
→CPU
→storage bandwidth (I/O throttling)
→device whitelisting
control groups (cgroups)
![Page 113: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/113.jpg)
→grouping processes
→allocating resources to particular groups
→memory
→network
→CPU
→storage bandwidth (I/O throttling)
→device whitelisting
control groups (cgroups)
![Page 114: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/114.jpg)
→grouping processes
→allocating resources to particular groups
→memory
→network
→CPU
→storage bandwidth (I/O throttling)
→device whitelisting
control groups (cgroups)
![Page 115: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/115.jpg)
little demo?
control groups (cgroups)
![Page 116: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/116.jpg)
Providing a unique views of the system for processes.
→ PID – PIDs isolation
→ NET – network isolation (via virt-ifaces; demo)
→ IPC – won't use this
→ MNT – chroot like; deals w/mountpoints
→ UTS – deals w/hostname
Kernel Namespaces
![Page 117: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/117.jpg)
Providing a unique views of the system for processes.
→ PID – PIDs isolation
→ NET – network isolation (via virt-ifaces; demo)
→ IPC – won't use this
→ MNT – chroot like; deals w/mountpoints
→ UTS – deals w/hostname
Kernel Namespaces
![Page 118: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/118.jpg)
Providing a unique views of the system for processes.
→ PID – PIDs isolation
→ NET – network isolation (via virt-ifaces; demo)
→ IPC – won't use this
→ MNT – chroot like; deals w/mountpoints
→ UTS – deals w/hostname
Kernel Namespaces
![Page 119: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/119.jpg)
Providing a unique views of the system for processes.
→ PID – PIDs isolation
→ NET – network isolation (via virt-ifaces; demo)
→ IPC – won't use this
→ MNT – chroot like; deals w/mountpoints
→ UTS – deals w/hostname
Kernel Namespaces
![Page 120: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/120.jpg)
Providing a unique views of the system for processes.
→ PID – PIDs isolation
→ NET – network isolation (via virt-ifaces; demo)
→ IPC – won't use this
→ MNT – chroot like; deals w/mountpoints
→ UTS – deals w/hostname
Kernel Namespaces
![Page 121: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/121.jpg)
Providing a unique views of the system for processes.
→ PID – PIDs isolation
→ NET – network isolation (via virt-ifaces; demo)
→ IPC – won't use this
→ MNT – chroot like; deals w/mountpoints
→ UTS – deals w/hostname
Kernel Namespaces
![Page 122: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/122.jpg)
Providing a unique views of the system for processes.
→ PID – PIDs isolation
→ NET – network isolation (via virt-ifaces; demo)
→ IPC – won't use this
→ MNT – chroot like; deals w/mountpoints
→ UTS – deals w/hostname
Kernel Namespaces
![Page 123: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/123.jpg)
little demo?
Kernel Namespaces
![Page 124: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/124.jpg)
→ hell fast (you'll see)
→ page cache sharing
→ finally in upstream kernel (in rhel from 7.2)
→ finally supported by docker (-s overlay)
→ SELinux not there yet (but will be)
OverlayFS
![Page 125: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/125.jpg)
→ hell fast (you'll see)
→ page cache sharing
→ finally in upstream kernel (in rhel from 7.2)
→ finally supported by docker (-s overlay)
→ SELinux not there yet (but will be)
OverlayFS
![Page 126: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/126.jpg)
→ hell fast (you'll see)
→ page cache sharing
→ finally in upstream kernel (in rhel from 7.2)
→ finally supported by docker (-s overlay)
→ SELinux not there yet (but will be)
OverlayFS
![Page 127: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/127.jpg)
→ hell fast (you'll see)
→ page cache sharing
→ finally in upstream kernel (in rhel from 7.2)
→ finally supported by docker (-s overlay)
→ SELinux not there yet (but will be)
OverlayFS
![Page 128: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/128.jpg)
→ hell fast (you'll see)
→ page cache sharing
→ finally in upstream kernel (in rhel from 7.2)
→ finally supported by docker (-s overlay)
→ SELinux not there yet (but will be)
OverlayFS
![Page 129: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/129.jpg)
http://developerblog.redhat.com/2014/09/30/overview-storage-scalability-docker/
OverlayFS
![Page 130: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/130.jpg)
http://developerblog.redhat.com/2014/09/30/overview-storage-scalability-docker/
OverlayFS
![Page 131: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/131.jpg)
http://developerblog.redhat.com/2014/09/30/overview-storage-scalability-docker/
OverlayFS
![Page 132: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/132.jpg)
Developers' envs?
→ use containers!
→ configure cgroups
→ use LXC / LXC Web Panel
→ use Ansible for spinning up anything!
![Page 133: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/133.jpg)
Developers' envs?
→ use containers!
→ configure cgroups
→ use LXC / LXC Web Panel
→ use Ansible for spinning up anything!
![Page 134: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/134.jpg)
Developers' envs?
→ use containers!
→ configure cgroups
→ use LXC / LXC Web Panel
→ use Ansible for spinning up anything!
![Page 135: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/135.jpg)
Developers' envs?
→ use containers!
→ configure cgroups
→ use LXC / LXC Web Panel
→ use Ansible for spinning up anything!
![Page 136: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/136.jpg)
![Page 137: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/137.jpg)
Containers embraces granularity → microservices!
![Page 138: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/138.jpg)
Containers embraces granularity → microservices!
Watch out for microservices architecture, or...
![Page 139: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/139.jpg)
Containers embraces granularity → microservices!
Watch out for microservices architecture, or...
![Page 140: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/140.jpg)
![Page 141: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/141.jpg)
Who knows FHS?
![Page 142: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/142.jpg)
Who knows FHS?
→ 'temp' – what it consist?
![Page 143: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/143.jpg)
Who knows FHS?
→ 'temp' – what it consist?
→ actually: “This Entity Must Persist” ;)
![Page 144: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/144.jpg)
Who knows FHS?
→ 'temp' – what it consist?
→ actually: “This Entity Must Persist” ;)
→ Define your FHS!
![Page 145: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/145.jpg)
Mikado Method for the win!
→ set a goal
→ experiment
→ visualize
→ rollback
![Page 146: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/146.jpg)
Mikado Method for the win!
→ set a goal
→ experiment
→ visualize
→ rollback
![Page 147: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/147.jpg)
Mikado Method for the win!
→ set a goal
→ experiment
→ visualize
→ rollback
![Page 148: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/148.jpg)
Mikado Method for the win!
→ set a goal
→ experiment
→ visualize
→ rollback
![Page 149: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/149.jpg)
Mikado Method for the win!
→ before any work and rollbacks..
→ remember: monitoring & tests are your friends!
→ think about testing strategy – think heatmaps!
![Page 150: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/150.jpg)
Ansible & infra layers
Layer 1: bare metal,
Layer 2: VM
Layer 3: container
Networking
Hypervisor + VM provisioning
Storage
Networking
Container's engine & provisioning
Application build
Application env
Network interfaces
Storage mounts
Resources allocation
repo1
repo2
repo3
Much simpler w/one, flat network (for small envs)!
![Page 151: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/151.jpg)
Ansible & infra layers
Layer 1: bare metal,
Layer 2: VM
Layer 3: container
Networking
Hypervisor + VM provisioning
Storage
Networking
Container's engine & provisioning
Application build
Application env
Network interfaces
Storage mounts
Resources allocation
repo1
repo2
repo3
Much simpler w/one, flat network (for small envs)!
repo2
Layer 2: VMNetworking
Container's engine & provisioning
repo2
![Page 152: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/152.jpg)
Ansible & infra layers
Layer 1: bare metal,
Layer 2: VM
Layer 3: container
Networking
Hypervisor + VM provisioning
Storage
Networking
Container's engine & provisioning
Application build
Application env
Network interfaces
Storage mounts
Resources allocation
repo1
repo2
repo3
Much simpler w/one, flat network (for small envs)!
repo2
Layer 2: VMNetworking
Container's engine & provisioning
repo2
Network interfaces
Storage mountsrepo2
![Page 153: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/153.jpg)
Ansible & infra layers
Layer 1: bare metal,
Layer 2: VM
Layer 3: container
Networking
Hypervisor + VM provisioning
Storage
Networking
Container's engine & provisioning
Application build
Application env
Network interfaces
Storage mounts
Resources allocation
repo1
repo2
repo3
Much simpler w/one, flat network (for small envs)!
repo2
Layer 2: VMNetworking
Container's engine & provisioning
repo2
Network interfaces
Storage mountsrepo2
Layer 3: containerApplication build
Application env
repo3
![Page 154: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/154.jpg)
Ansible & infra layers
Layer 1: bare metal,
Layer 2: VM
Layer 3: container
Networking
Hypervisor + VM provisioning
Storage
Networking
Container's engine & provisioning
Application build
Application env
Network interfaces
Storage mounts
Resources allocation
repo1
repo2
repo3
Much simpler w/one, flat network (for small envs)!
repo2
Layer 2: VMNetworking
Container's engine & provisioning
repo2
Network interfaces
Storage mountsrepo2
Layer 3: containerApplication build
Application env
repo3Resources allocation
repo3
![Page 155: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/155.jpg)
Ansible & infra layers
Layer 1: bare metal,
Layer 2: VM
Layer 3: container
Networking
Hypervisor + VM provisioning
Storage
Networking
Container's engine & provisioning
Application build
Application env
Network interfaces
Storage mounts
Resources allocation
repo1
repo2
repo3
Much simpler w/one, flat network (for small envs)!
![Page 156: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/156.jpg)
→ automated service discovery and registration framework
→ ideal for SOA architectures
→ ideal for continuous integration & delivery
→ solves “works on my machine” problem
SmartStack
![Page 157: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/157.jpg)
→ automated service discovery and registration framework
→ ideal for SOA architectures
→ ideal for continuous integration & delivery
→ solves “works on my machine” problem
SmartStack
haproxy + nerve + synapse + zookeper = smartstack
![Page 158: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/158.jpg)
Synapse→ discovery service (via zookeeper or etcd)→ installed on every node→ writes haproxy configuration→ application doesn't have to be aware of this→ works same on bare / VM / docker→ https://github.com/airbnb/nerve
SmartStack
![Page 159: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/159.jpg)
SmartStack
![Page 160: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/160.jpg)
Nerve
→ health checks (pluggable)
→ register service info to zookeper (or etcd)
→ https://github.com/airbnb/synapse
SmartStack
![Page 161: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/161.jpg)
SmartStack
![Page 162: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/162.jpg)
SmartStack
![Page 163: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/163.jpg)
Smartstack + Docker = <3
![Page 164: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/164.jpg)
Smartstack + Docker = <3
but also remember about Consul(come to #dockerkrk 2 meetup!)
![Page 165: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/165.jpg)
questions?
![Page 166: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/166.jpg)
Archaeological workshop
![Page 167: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/167.jpg)
Archaeological workshop
→ nmap, tcpdump, lsof, strace, sysdig, sar
→ cgroups throttling on-the-fly
Do we have time for demo?
![Page 168: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/168.jpg)
Hardware: disks?
→ RAID5 vs RAID10
→ Howto RAID over 1 disk ;)
→ Cheap SSD drives?
![Page 169: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/169.jpg)
Hardware: disks?
→ RAID5 vs RAID10
→ Howto RAID over 1 disk ;)
→ Cheap SSD drives?
![Page 170: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/170.jpg)
Hardware: disks?
→ RAID5 vs RAID10
→ Howto RAID over 1 disk ;)
→ Cheap SSD drives?
![Page 171: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/171.jpg)
http://techreport.com/review/27909/the-ssd-endurance-experiment-theyre-all-dead
![Page 172: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/172.jpg)
Why use LVM?
→ indexation (capacity, inodes check)
→ capacity planning / iops per mount
![Page 173: Under the Dome (of failure driven pipeline)](https://reader033.fdocuments.in/reader033/viewer/2022042818/55bebfa2bb61eb0d7b8b463c/html5/thumbnails/173.jpg)
Under the dome(of failure driven pipeline)
Maciej Lasyk
4developers – Warsaw
2015-04-20