Serf is a very interesting service discovery mechanism. Its dynamic membership and tags capability make it very flexible. Can we use it to generate a centralized ssh_known_hosts file?
Installing and Configuring Serf I like to use configuration management to manage servers. Here I use a Puppet module to install and configure Serf:
class { 'serf': config_hash => { 'node_name' => $::fqdn, 'tags' => { 'sshrsakey' => $::sshrsakey }, 'discover' => 'cluster', } } This particular module uses a hash to translate directly into the config.
Breaking down bundle exec rake spec What is happening when you run:
bundle exec rake spec Bundle The first command you are running is bundle. Bundle is kinda like virtualenv for Ruby. It makes sure that you use the same ruby libraries that you, everyone, and puppetmasters use.
Bundle uses a Gemfile, and searches downwards. As long as you have the Gemfile in the puppet repo, it will work.
Exec The second part is exec.
Whenever possible, I try to write Puppet code that is purgable and “Comment Safe”. That is not a very good description. What I mean is, Puppet code that removes resources from a system when the corresponding Puppet code is “Commented” out of a manifest. Lets look at a few examples.
Example: Managed Sudo Lets say you used this popular sudo module with the following params:
class { 'sudo': purge => true, } Great start.
The Problem The barrier to writing Nagios checks is high. I dare say very high. You have to think about check intervals, host groups, service groups, config files, etc.
But, I know my servers are not behaving, if only there was a way to check them! They run commands for me all the time. In the worst case they fail and no one knows. The best case is that they end up in my cron spam folder….
It’s Been a Great Ride There is no doubt that Wordpress is a great piece of software. As much as people love to hate on PHP, it runs a lot of the internet.
I’ve been running Wordpress personally and professionally for years. It only gets better. I was only hacked once :)
Rethinking What I Need Since moving to a Low End Box, my resources have been tight. Even on a tuned system, I can’t run much more interesting things than my Nginx+PHPfpm+MySQL.
Intro Sensu is a pretty cool monitoring framework. The authors designed it to be configured by a configuration management system from the beginning. Check out how easily I can make it put a report in my motd with a little bit of python and puppet.
The Report Script Sensu’s API is super easy to work with. For this I will be using the Events endpoint. Here is a quick script to get the events for a host (gist):
Why So you have a decent amount of things configured in Puppet. Great!
Are you finding that you have to manually update your DNS entries when things change, like when new hosts or added, or additional services are created?
Why? Your DNS zone files will forever be out of date, waiting for humans to update them. Just say no. Puppet already knows what the ip addresses and hostnames of your servers, why not take advantage of that existing data?
Nagios. So familiar. I feel like I’ve run Nagios at every job I have ever had.
Talk to most ops people, even at really big places, and they will probably admit to using it.
Puppet’s exported resources takes away some of the pain, but sometimes I think to myself, there must be a better way to do this. Sensu might be that better way.
Let’s try it out, but gosh, I am SO lazy.
I love my low end boxes. I also love mosh.
Low end boxes usually are tight on resources, so Dropbear is often used as a lightweight ssh server. Mosh is mostly tested with openssh-client/server, so I think there are some bugs.
But it can work, just make sure:
You are using the same version of mosh on the server as you are on your client. (otherwise they may not support the same command line options)
Working at Intel has been a great experience. I wish I could have stayed longer, but in the end we decided to part ways.
During my stay I learned lots of stuff. I would like to boil my experience down to my top Linux commands.
The List git: Lots of git. syscfg: Managing bios settings from within Linux. Nice. (Intel platforms) setupbios: More bios settings from within Linux. (Dell platforms) puppet: I actually enjoy manually running puppet.