Abstract Technology Concepts – Devops

Posted on May 28, 2014 by pete

When we think about technology, we often think of it as abstract concepts. For example, we think of a “telephone”, not a network of transducers wired through hubs and switches that create temporary channels that bridge calls together. It is natural for us to add layers of abstraction that help us to understand the purpose or use of something. In programming languages, we saw the rise of object oriented programming – the ability to define an object and then manipulate its attributes. The Windows operating system is a layer of abstraction that you interact with. These days, you can accomplish, with scripts (PowerShell), most of what you can do with a mouse. That brings me to the latest layer of abstraction – devops. It’s a concept that says that developers and operations join forces and share methodologies for the betterment of the company that they represent. For example: With a traditional sysadmin mindset, a systems administrator might click a button every day to accomplish a task. But a developer would write a program that automates pressing that button to gain efficiency. So devops is really about applying development concepts to systems administration. Aside from potential gains in efficiency, there are also gains in consistency, since the code will not forget to press the button – and it will press the button each day exactly the same way as the day before. Consistent input means more consistent output. So the task can be considered more reliable.

Sounds great, right? Why didn’t we do this 10 years ago?

Well, the truth is that in the Windows world, the GUI is king. But in the Linux world, the command-line is king. Automation in Linux is much easier to accomplish. Linux systems administrators have been practicing the concept of devops for quite some time now – it just never had a name. Microsoft has just in the past several years released tools, such as PowerShell, that allow Windows Systems Administrators to practice devops. I consider the devops mindset a tool because it is a concept that has a specific function. The function of devops is to automate, automate, automate. Like any other tool, there are problems that it is the solution for, and problems where it just does not fit.

So where does devops not fit? Ok, so devops is all about automation, right? So naturally, anything that we do not want to automate is something that probably is not something that the devops paradigm is a fit for. Here are a few examples of things that should not be automated:

User account information entry – someone needs to type this information at some point. From there forward, we can automate though.
Buidout of the automation scripts – this a tedious manual process that can possibly be partly automated, but not fully automated.
Image building – I am talking about base images. It is not that this cannot be automated. It is that in most cases, building a single image manually is more efficient than building a set of scripts to build it.

Devops is a great way to look at things, and it’s about time that the Linux mentality has spread to Windows. But as you might already understand by now, the effort required to automate is considerable. Devops is an abstract concept, just like the telephone is. Underneath the devops concept are additional processes and procedures that, without devops, would not be required. If you think of devops as a layer of abstraction, then you will quickly recognize that just like virtualization, or object oriented programming, there is a penalty when applying it. In most cases, the productivity/reliability gains of applying devops concepts far outweigh the penalty of implementing it, though.

Conclusion

Devops is best applied when the amount of manual work to be done is significantly greater than the amount of work required to automated it.

When considering whether or not to apply devops practices to an IT function, consider if the functional requirements vary too much to be automated, or if the function is used too infrequently to warrant the additional overhead required by the application of devops practices (automation). Remember the goals. Improve efficiency, improve consistency, improve reliability. Prioritize those goals, and then determine if the act of implementing devops is expected to hinder any of them. If the answer is no, devops does not hinder any of these goals, then go ahead and apply it. But if devops challenges your most important – top priority – goals, then perhaps reconsider its application.

Improve Zenoss Performance – Infrastructure Load Time

Posted on April 15, 2014 by pete

Q: Does the infrastructure page take a really long time to load for you?

A: Take a look at your open event log entries. Every open event gets indexed when the page loads. If you want the page to load faster, simply close as many events as is prudent for your historical needs.

If that fails to help, follow this guide to tune the caching and multi-threading options:

http://wiki.zenoss.org/Zenoss_tuning

Cell phone kill switches are a bad idea.

Posted on March 31, 2014 by pete

Why are cell phone kill switches a bad idea? Let’s consider a couple perspectives.

Good People with Good Intentions

Someone believes that their cell phone has been stolen, so they call the cell phone company to report that their phone has been stolen. The cell phone company triggers the kill switch. 5 minutes later, the person discovers that they had simply misplaced their phone. Now they have a useless paperweight.

Bad People with Bad Intentions

A cell phone is stolen and the robber immediately takes out the battery. With no way to communicate with the cell networks, the phone cannot be remotely disabled. The bad guy sells the phone to someone who reconditions stolen phones. Makes a few quick bucks. The person who reconditions phones brings the phone into room specially designed to not have any wireless coverage (faraday cage). He then proceeds to reprogram the phone to change the phone’s electronic serial number. When the phone returns on a cellular network, it can no longer be disabled.

Conclusion

Don’t be stupid. Don’t put kill switches in cell phones.

How to make a USB bootable Debian installer..

Posted on February 9, 2014 by pete

First, you need to install Grub2 on a USB drive. That is usually done with a command like this:

grub-install /dev/sda1 –root-device=/media/usb0 –no-floppy

Then, edit the grub.conf file like so:

nano /media/usb0/grub/grub.cfg

Add the following:

menuentry “Debian Wheezy Installer” {
set root=(hd0,1)
linux /debian/vmlinuz root=/ boot=USB vga=791 rootdelay=10 udev
initrd /debian/initrd.gz
}

If you intend to install the 64-bit version of Debian, you will want to download the files here:

http://ftp.nl.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/hd-media/

Place the boot.img.gz, initrd.gz, and vmlinuz files into the /media/usb0 folder.

Reboot, and you should be able to boot up Debian from your USB stick.

Subject Line Messages Lead to Ineffective Communication

Posted on October 29, 2013 by pete

One of my pet peeves in the professional world is when people send emails with the body empty and the entire message in the subject line. In my experience, I have isolated a few different characteristics of many (not all) people who exhibit this behavior.

Technologically Antiquated
Arogant
Narcissistic

Undoubtedly, there are more than just these three characteristics, but these capture my experiences. A very well-intentioned, educated, good mannered person might have a very good reason for sending such a succinct notice. These three categories simply represent the majority of people who I have encountered over the years who exhibit this behavior. Not everyone. But most.

If we have the luxury of time and the subject matter is not of urgent nature – that is when I cringe upon reading one of these specially crafted messages. The truth is that the all star over-achieving employees do always take the time to share enough words to properly convey their thoughts and use technology as it was intended to be used. A subject is a subject of a body, not the body itself.

But why does something so simple bother me enough to write about it? Well, when I am busy and I receive a hastily written message that is neither urgent nor meaningful, it sends an unwritten message to me. The message is that the writer believed so much that his/her time was so much more important than mine that he/she expects me to waste my time while attempting to decipher their incomplete and poorly written thoughts. Now, nobody really thinks that way, so I would expect no malintent. But the absence of respectful, thoughtful, and succinct writing is nearly as bad as malintent. It leads to ineffective communication, which then creates inefficiencies that cost additional time and therefore money. It is always better to take the extra few seconds to type the few additional words than to leave the person on the other end scratching their head, wasting time.

Web Fax for Asterisk

Posted on October 28, 2013 by pete

I discovered a web fax solution for Asterisk that works quite well.

First, let’s install ghostscript and spandsp. For a Ubuntu or Debian, you can type:

sudo apt-get install ghostscript
sudo apt-get install libspandsp-dev

If you compiled Asterisk by source, you can access the configuration dialog by typing:

make menuconfig

Now you need to enable the following modules.

Resources -> res_fax
Resources -> rs_fax_spandsp

Now let’s compile by typing the following:

make && sudo make install

Now, download the webfax package from sourceforge.

Now, extract the files into your web root. Something like this should do the trick:

tar -zxvf webfax-0.1.tar.gz -C /var/www/html/

Now tidy up the files. You can edit the /var/www/html/webfax/index.php file, for example, if you want to add default information to each form. Lastly, edit the faxnotify.php file and update the email addresses.

At this point, you should be able to upload a PDF and send a fax.

Hope this helps. Enjoy!

Passive-Aggressive Personality Disorder

Posted on October 14, 2013 by pete

So, I just made that up. But I truly believe that this is becoming an epidemic due in no small part to the heads-down “connected” culture that we are all a part of today. There is no substitute for a face-to-face conversation, where there are real consequences for bad behavior, innuendos, or blatant and excessive criticism. In the digital world, though, those rules do not apply. Emails are ripe with innuendos, and unlike face-to-face conversations, people do not typically wait to calm down before hastily typing a digital message that embodies their real and present, but short-lived, emotional state.

Sending emails or other digital communications is only half of the problem, though. The other half of the problem is quickly and accurately detecting the emotional state of the person who sent. The ability to assess this is critically important so that you can properly disarm them and have a meaningful and constructive conversation.

Even through digital communications, there are always hints of the composer’s state of mind. If you are angry, you might choose the more negative of two synonyms. Your precise choice of words draws a subtle picture in the reader’s mind. And this is where the passive-aggressive behavior comes into play. Whether we intend to or not, our choice of words tells just as much a story as the literal meaning behind them. The subtle nature of that information, makes it a passive, yet aggressive, form of communication. In summary, treat digital communications the same way you would face-to-face communications. Pause if you are upset. And when you do write something, choose your words carefully so as to not fall into the trap of becoming passive-aggressive. Be direct, and be professional and/or considerate.

Should the NSA have data monitoring capabilities?

Posted on June 10, 2013 by pete

Personal freedom is what is at stake here, or at least that is the concern of many. How can someone feel free to speak their mind on government matters if their anonymity is nothing but a transparent cloak in the eyes of the government? The ability for any person or organization to indiscriminately and discretely collect personal data about others is power, no matter how you look at it. As they say in the movies, “With great power comes great responsibility.”

Trust is the real issue for most people. Do we trust our government to use good judgment and sufficient discretion with a tool as powerful as the one that they have in front of them?

But this debate really goes even deeper than the previous questions. Without context, idealists on the right and the left will draw hard lines about this. But the challenges that our country faces are quite complicated. Working in the IT field, I have been presented with many real-world security challenges. Usually it boils down to the many vs. few predicament. Should we let the few rotten apples spoil the bunch? How do you save the good apples? If only a few people at a company present most of the risk to the entire company due to their abuse of policies, do you take away everyone’s rights by imposing restrictions on everyone? Or do you develop a comprehensive system for holding people accountable so that you can allow more freedoms? What if the same system of accountability that protects personal rights requires access that encroaches on personal freedoms? Now you have to choose between the lesser of two evils. When you throw in “trust”, it further complicates the decision. Maybe now, you too understand the predicament that we, as a country, face.

Leaving VirtualBox

Posted on May 16, 2013 by pete

After testing a virtual machine in VirtualBox, I decided to move to a different hypervisor. I removed the VirtualBox tools and after rebooting, I could no longer use my mouse. The following devices showed up with yellow exclamation marks in Windows XP.

HID-compliant mouse
PS/2 Compatible Mouse

After much research, I could not find a solution online. In the end, I managed to fix the issue on my own. Here is what I did to resolve this issue.

Open regedit as an administrator.
Expand HKEY_LOCAL_MACHINE and then SYSTEM.
Click on CurrentControlSet.
Search for “mouse”. The first entry returned should have a string for “UpperFilters”. If it is not there, repeat the search until you see an entry for “UpperFilters”.
Double-click UpperFilters and remove the reference to the VBox driver. It should only say “mouclass” at this point.
Click ok to complete the changes.
Reboot.

At this time, your mouse should be working again.

How to get Nginx Working With PHP Fastcgi in Debian Squeeze

Posted on April 9, 2013 by pete

First, you need to install the following.

sudo apt-get install php5-cgi nginx

Next, you need to edit the file /etc/nginx/fastcgi_params. It should look like this:

fastcgi_index  index.php;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_FILENAME        $document_root$fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

Now, you need to create a new site. Here is an example site that should work:

server {
	listen   *:80; ## listen for ipv4

	server_name  www.mysite.net mysite.net; # This is where you define your host headers.
        root   /var/www/html/;

	access_log  /var/log/nginx/localhost.access.log;
	location / {
		index  index.php index.html index.htm;
	}
	error_page  404  /index.php;
	location ~ \.php$ {
	  # Filter out arbitrary code execution
	  location ~ \..*/.*\.php$ {return 404;}
	  include fastcgi_params;
	  fastcgi_pass  127.0.0.1:9000;
	}
}

Take notice to the “root /var/www/html/;” line and how it is not inside the location tag. This is on purpose so that it is inherited by the other configuration blocks.

Now you just need to create a /etc/init.d/php-fastcgi file with the following content:

#!/bin/bash
### BEGIN INIT INFO
# Provides:          php-fcgi
# Required-Start:    $nginx $network
# Required-Stop:     $nginx
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts php over fcgi
# Description:       starts php over fcgi
### END INIT INFO
 
(( EUID )) && echo ‘You need to have root priviliges.’ && exit 1
BIND=127.0.0.1:9000
USER=www-data
PHP_FCGI_CHILDREN=15
PHP_FCGI_MAX_REQUESTS=1000
 
PHP_CGI=/usr/bin/php-cgi
PHP_CGI_NAME=`basename $PHP_CGI`
PHP_CGI_ARGS="- USER=$USER PATH=/usr/bin PHP_FCGI_CHILDREN=$PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=$PHP_FCGI_MAX_REQUESTS $PHP_CGI -b $BIND"
RETVAL=0
 
start() {
      echo -n "Starting PHP FastCGI: "
      start-stop-daemon --quiet --start --background --chuid "$USER" --exec /usr/bin/env -- $PHP_CGI_ARGS
      RETVAL=$?
      echo "$PHP_CGI_NAME."
}
stop() {
      echo -n "Stopping PHP FastCGI: "
      killall -q -w -u $USER $PHP_CGI
      RETVAL=$?
      echo "$PHP_CGI_NAME."
}
 
case "$1" in
    start)
      start
  ;;
    stop)
      stop
  ;;
    restart)
      stop
      start
  ;;
    *)
      echo "Usage: php-fastcgi {start|stop|restart}"
      exit 1
  ;;
esac
exit $RETVAL

Now, let’s make sure that the php-fastcgi script starts with the server:

sudo update-rc.d php-fastcgi defaults

And lastly, let’s start everything.

sudo service php-fastcgi start
sudo service nginx start

That’s it! Your site should work at this point.

IT Matters

Technology Advice

Category Archives: Technology Advice