/techblog

As mentioned in the previous Ansible post, we use Ansible quite a lot for day to day operations. While we prefer Puppet for configuration management, Ansible is excellent for automation of maintenance procedures.

One such procedure is gracefully applying package upgrades, including any required reboot, of application servers. In this post we’ll take a look at upgrading a cluster of web application servers defined in the Ansible hostgroup “webservers”. They’re located behind a redundant pair of HAProxy load balancers ... [continue reading]

Personally, I consider the script parameter in a Vagrantfile to be a feature that is not abused enough. It’s got a lot of potential - every script can have a parameter (or several). Modifying your Vagrant use to include this gives you a more flexible and reliable way of quickly deploying some test nodes.

That automation thing

While juggling around with Vagrant and provisioning boxes for the local test environment - which certainly is a lot of ... [continue reading]

Sometimes you need just a little something on your network to do a simple task. Perhaps you need a small router, a firewall or load balancer. Currently, the most popular option is to deploy a little Linux server. There is a downside though, a Linux is rather heavy. It requires quite a bit of disk and memory and there is the never ending stream of updates.

For those who don’t know what a unikernel is here is a very short ... [continue reading]

Distro packages are a blessing that most of us take for granted (thank you and sorry package maintainers everywhere!). They make installation, maintenance and even removal of both simple and complex software a breeze.

Sometimes you disagree

But sometimes you disagree with a decision made in the distro package. Or maybe just have a use-case that is specific enough that the generalized setup provided by the distro package collides with your needs.

A sometime

A while ago I ... [continue reading]

S2I, Source-To-Image, is a toolkit for building Docker images with minimum effort. The S2I project description describes itself like this:

Source-to-Image (S2I) is a toolkit and workflow for building reproducible Docker images from source code. S2I produces ready-to-run images by injecting source code into a Docker container and letting the container prepare that source code for execution. By creating self-assembling builder images, you can version and control your build environments exactly like you use Docker images to version your ... [continue reading]

While Varnish is most famous for its speedy caching capabilities, it is also a general Swiss army knife of web serving. In the spirit of Christmas, here’s Twelve Days of Varnish Cache, or at least, twelve use cases.

And no, none of these examples are proof-read nor tested. They are only left as a taste of what Varnish can do. Quality assurance is left as an exercise to the happy reader.

1. Use Varnish to offload the backend and ... [continue reading]

So, the database is slow - why?

There can be several reasons for this. Perhaps a few very heavy queries are bogging down the database. In this case, you’d typically set up slow query logging and find them in the slow.log. However, sometimes the reason is simply lots of frequent queries.

The simple query is run twice a second and completed in 30ms during the beta testing. However, the database has grown and the query contains clauses not catched by ... [continue reading]

In today’s threat landscape, with botnets, ransomware, and unpatched and unprotected IoT toasters and garbage bins in every home, the ability to quickly and easily identify suspicious activities and artifacts is probably more important than ever before. If your company’s web server is being probed from a particularly malicious IP network, you might want some alarms to go off; if a zip file known to contain a variant of a cryptovirus crosses your network perimeters, someone should be told; and ... [continue reading]

Log-rotation is a key for running a stable server, but removing log files is often an anathema to security, traceability, and server history. In reality, you want a perfect rotation setup in order to maximise the retention of logs.

Instead of trying to continuously trying to balance the number of logs to keep on disk, why not just set the “rotate” value to a higher value and add a small script in cron to handle deletion of old files?

A ... [continue reading]

When installing OpenShift, the default certificates that are being installed are self-certified. Although this gives you functional encryption, this is in no way best practice and is especially annoying for the route being exposed for the Hawkular metrics, which is integrated within the Web console.

Luckily there is a relatively easy (and did I mention it is free?) solution: use Let’s Encrypt as your certificate authority.

Installing Let’s Encrypt

Let’s Encrypt is an automated and open certificate ... [continue reading]