|
Bhodi posted:Roll call, who's bought into any of this, and for how much? Spill your shame here.  . On the other hand, I've got a pretty solid perspective by now on what the strengths and weaknesses are of all these platforms relative to one another. I'll do a writeup soon.MagnumOpus posted:Couple years back my team built a multi-DC private cloud with VMWare ESXi for infrastructure and a combination of Chef and in-house microservices supplying the platform layer. Vulture Culture fucked around with this message at 20:37 on Feb 20, 2015 |
#
¿
Feb 20, 2015 20:32
|
|
|
|
| # ¿ Apr 28, 2024 19:48 |
|
|
Docjowles posted:"Runs many core production services on OpenStack" guy checking in high six posted:I think a lot of it needlessly complicates things where it doesn't need to be used and causes a lot of unneeded issues. What's really transformative about cloud-computing technology is that it empowers all the different departments of the business to leverage code and automation in whatever way is valuable to them, without being bottlenecked by a central IT department that's getting pulled in fifty different directions by forty different departments. It frees up IT to be a strategic partner for the business, rather than just a cost center. For most applications outside core LoB, this is more important than five-nines uptime. Vulture Culture fucked around with this message at 23:17 on Feb 20, 2015 |
|
#
¿
Feb 20, 2015 23:10
|
|
Our OpenStack guru actually just gave his resignation today, so this should be fun. I understand how our environment works but not quite at his level, so, woohoo?
|
Bhodi posted:Or, if the system is particularly complex, some elements can be automated, some can't or haven't been. Like, the database piece and initial configuration is manual but bringing up additional workers to handle load is automated.
|
|
#
¿
Feb 21, 2015 17:56
|
|
|
MagnumOpus posted:That's the main problem with it. Like Puppet/Chef it lets you describe your networks and services well enough but the deployments are kludgy as gently caress. And when the deployment doesn't work right, triage is a nightmare because the mess of scripts tend to leave artifacts all over the place.
|
|
#
¿
Mar 17, 2015 21:16
|
|
|
adorai posted:Just wait until everyone starts doing it. re: OnMetal, there's no hourly billing option like SoftLayer, only monthly. What's the loving point?
|
|
#
¿
Mar 30, 2015 15:13
|
|
|
OpenStack nerds: is there any way to have an instance automatically terminate on shutdown, like in EC2?
|
|
#
¿
Mar 31, 2015 05:00
|
|
|
Docjowles posted:In EC2 you can set an instance so that if it is shut down (like "shutdown -h" at the command line), it automatically terminates instead of just shutting down as it normally would. He's asking if you can do that in OpenStack. Without explicitly calling "nova delete". Docjowles posted:I don't think OS has that feature, though I could easily be wrong. What we've done when we need automation that's not provided by OpenStack itself is write a little Python app that listens to the rabbit queues and takes appropriate action. You could write a handler that listens for the instance stop message and automatically fire a delete command when one comes through, for example. (A generic stream processing service for OpenStack that gets messages and fires webhooks might be even nicer to have someday.) Vulture Culture fucked around with this message at 18:54 on Mar 31, 2015 |
|
#
¿
Mar 31, 2015 18:49
|
|
|
MagnumOpus posted:We're currently looking into doing something along these lines with Stackstorm. Will be a while before I can give a field report though, we're still slowly unfucking the damage these devs did in the six months they were "doing DevOps" before it occurred to them to hire some people actually trained in operations.
|
|
#
¿
Apr 1, 2015 02:12
|
|
|
StabbinHobo posted:so appreciative, thanks I don't think you get any kind of console access at all with OnMetal; their documentation strongly implies that these are only available on virtual servers. Vulture Culture fucked around with this message at 02:56 on Apr 7, 2015 |
|
#
¿
Apr 7, 2015 02:52
|
|
|
https://www.youtube.com/watch?v=ZY8hnMnUDjU
|
|
#
¿
May 22, 2015 23:04
|
|
|
Bhodi posted:Like the guy said, systems guys are terrible at writing APIs and unfortunately, systems guys are the only ones writing cloud software. I really think that cloudfoundry has the right idea with their wholesale
|
|
#
¿
May 31, 2015 01:29
|
|
|
Bhodi posted:This came through my twitter feed today and I just have to laugh But it's just like that Summit video says -- there's so many weird architectural decisions in OpenStack that arose strictly from people sneaking changes into weird places so they wouldn't have to deal with some other person. Vulture Culture fucked around with this message at 22:09 on May 31, 2015 |
|
#
¿
May 31, 2015 22:06
|
|
|
evol262 posted:It's code reviewed before merge, but a lot of the weird decisions are because of this sense that openstack isn't really a platform, it's just a bunch of independent pieces talking to each other over a message bus with AAA handled by one common piece.
|
|
#
¿
Jun 1, 2015 05:45
|
|
|
squeakygeek posted:It was bad enough setting up Eucalyptus. I can only imagine how painful OpenStack is. The worst part is that OpenStack's reference architecture diagrams, especially ones from vendor slides, aren't even correct. We set up a multi-master Percona XtraDB/Galera (MySQL) cluster, because this seems to be an incredibly common deployment choice. Turns out that because of the way that OpenStack (especially Nova) uses SELECT ... FOR UPDATE, you can't have more than one node taking writes even though object IDs are mostly UUID rather than auto-increment -- for most services, you have to separate out your reader/writer connections like traditional master/slave topologies. Vulture Culture fucked around with this message at 15:48 on Jun 22, 2015 |
|
#
¿
Jun 22, 2015 15:43
|
|
|
Buffer posted:That's good to know, because it seems the docs everywhere are just do maria+galera, you'll be fine. But a lot of openstack docs are "it will work this way... in vagrant." Soo... anyway, how are you mitigating that? HAProxy in front with two vips, one for read, one for write? We're also a single-tenant organization, so we got rid of the DbQuotaDriver, which eliminates at least half of the lock contention via SELECT ... FOR UPDATE on the Nova database. This is a hilarious issue because if you watch the performance videos from the OpenStack summits, you know all about this problem (it's been covered by at least Percona and Mirantis in two different talks at two different summits), but it seems like for political reasons they don't actually go into any of this poo poo in the docs. Vulture Culture fucked around with this message at 16:51 on Jul 15, 2015 |
|
#
¿
Jul 15, 2015 16:48
|
|
|
Some great slides on Kubernetes 1.0 courtesy of Rajdeep Dua with VMware (!), if container scheduling is your thing: http://www.slideshare.net/rajdeep/introduction-to-kubernetes
|
|
#
¿
Jul 28, 2015 17:37
|
|
|
Some more Kubernetes resources as I find them: Kelsey Hightower of CoreOS has published a brief Google Compute Engine lab from his talk at OSCON for getting a very basic Kubernetes configuration up and running: https://github.com/kelseyhightower/intro-to-kubernetes-workshop The first two chapters of his upcoming Kubernetes: Up and Running book can also be found here: https://tectonic.com/assets/pdf/Kubernetes_Up_and_Running_Preview.pdf
|
|
#
¿
Jul 29, 2015 13:53
|
|
|
Mr Shiny Pants posted:I mean, every TCO study I've seen concludes that you pay more for the cloud in the long run. Running your own physical hardware is like running your own electrical grid -- there are certain kinds of businesses it makes sense for, but you'd better be prepared to rationalize it nowadays. Mr Shiny Pants posted:Meanwhile hardware is getting cheaper and cheaper and you need less and less of it because it does get faster.
|
|
#
¿
Aug 15, 2015 14:54
|
|
|
Mr Shiny Pants posted:Sorry we haven't all jumped on the cloud bandwagon, maybe it is different in the states. StabbinHobo posted:yea but, and I don't have a graph to prove this just a feel, it doesn't seem to be tracking moores law at all. 3 years of amazon price cuts might add up to a 50% price/performance improvement, but a fresh new generation of hardware will be 2x at least. Even running everything yourself, you have to deal with:
None of this stuff is remotely free, and every dumb little complication detracts a lot from the business's ability to just be a business. If you're fundamentally a logistics company, awesome, but there's a pretty big case to be made for "I don't want to deal with this poo poo." Cloud is not for everyone, but there's this big group of people clinging onto the legacy IT on-premises model like the people holding onto penny stocks appreciating 2% a year over the last decade because they're not actually losing money. Great, but wouldn't you still rather sell those and invest the capital into an asset that will actually make you money instead? Vulture Culture fucked around with this message at 20:45 on Aug 15, 2015 |
|
#
¿
Aug 15, 2015 20:32
|
|
|
MagnumOpus posted:Whether cloud is right for you depends on a lot of factors. Can you share some about your deployment?
|
|
#
¿
Aug 15, 2015 20:47
|
|
|
Mr Shiny Pants posted:Now that wasn't so hard now was it. Cloud vendors are aware that there's a big piece of the pie left uneaten in legacy/enterprise. I assure you, they're working hard to fix that problem.
|
|
#
¿
Aug 15, 2015 21:16
|
|
|
KS posted:Even if you have a bunch of legacy systems that don't fit the cloud model, getting them out of your building and making power/cooling/network someone else's problem is usually a really easy sell. I've had a few places where the combined bill from a colo is less than what it costs to just power server room critical load and HVAC at the corporate office.
|
|
#
¿
Aug 17, 2015 23:57
|
|
|
Thanks Ants posted:Last week I spent a couple of hours explaining AWS to someone developing web apps, I explained what part EC2, S3, RDS, VPC, Elastic Beanstalk etc. played in the overall solution, showed them some documentation as it related to Wordpress in terms of where to store static content. A pretty good overview I thought.
|
|
#
¿
Oct 12, 2015 19:48
|
|
|
StabbinHobo posted:if you wanted to run a cassandra ring or a xtradb cluster which three cloud providers would you run it across? I guess basically who are the top 3 where the product is similar enough to get stuff working and not poo poo for some other reason. Why do you need three different cloud providers instead of three regions on the same provider?
|
|
#
¿
Nov 8, 2015 18:51
|
|
|
Docjowles posted:edit: xtradb cluster is Percona's fork of galera IIRC
|
|
#
¿
Nov 8, 2015 19:29
|
|
|
Docjowles posted:True, although I don't know why you'd bother to use the cluster version if you weren't going to cluster.
|
|
#
¿
Nov 8, 2015 21:40
|
|
|
Ryaath posted:Image baking is going to lead to some real poo poo in my company... how do you you do it well (hook it to app ci, etc...)? Most our development is lovely java webapps. Ryaath posted:Not accessing each and every vm directly is a shift for us.... Log aggregating I get, but do people just not monitor the underlying vms of their services? Or do I just accept that I'm going to attach a floating ip to each vm? Ryaath posted:We're missing some key services... dnsaas mostly, but the lbaas also isn't 'production-ready' (the haproxy objects only run on 1 controller and don't fail over)... do I just cry til these get added in what I assume will be 3 years? If you're okay talking to the OpenStack compute API, it's really, really easy to automate HAProxy or an F5 BigIP or whatever your preferred load balancing technology is from something as simple as a Python script (I'm told there's a Powershell API client now, thanks to Rackspace). Don't rely on DNS for dynamic services. Vulture Culture fucked around with this message at 15:58 on Nov 9, 2015 |
|
#
¿
Nov 9, 2015 15:56
|
|
|
Smokeping is a good start if you think there's a problem at the physical layer, but pings will almost never reveal the kinds of problems you expect them to in production. Hitting a single endpoint probably won't reveal anything about asymmetrically misconfigured link aggregates, because you'll always be taking the same network path. Small ping packet sizes won't reveal anything related to mismatched MTUs along the network causing unexpected fragmentation. Systems that don't take notice of out-of-order packets won't see UDP packets randomly going round-robin and arriving in the wrong sequence to a bad application that doesn't cope with that. Certainly, a ping every second or two will not trigger any meddling QoS policies, and won't reveal anything in particular about links that are saturated under production load. As a practical example, here's the kind of dumb bullshit you'll run into in some cloud networks, and no quantity of pings will ever detect it for you: https://code.google.com/p/google-compute-engine/issues/detail?id=87 A better option is to come up with some kind of test suite that's representative of your production workload, start a packet capture (tcpdump ring buffer is an awesome option), run it until you see the issue, then inspect the network traffic. Are you seeing packets randomly arriving out of order at your endpoint? Are you receiving fragmented packets that you expect not to be fragmented? Is there significant latency between certain packets leaving the one system and arriving at the other? Is some traffic just plain missing? The best place to start is to just analyze a basic packet capture and see what Wireshark's UI flags in red. Your local network device error counters (and dmesg) are also your friend. necrobobsledder posted:For some general ideas, Brendan Gregg's book and his website have all sorts of solid methodologies for "figure out wtf is going wrong" and "why is poo poo so slow?" problems. I feel like an old neckbeard, but I've been relying more and more on sar/sysstat recently and less on stuff like collectd and Graphite. It's certainly a lot easier to scale. Vulture Culture fucked around with this message at 05:09 on Dec 7, 2015 |
|
#
¿
Dec 7, 2015 05:00
|
|
a lot because ntpd doesn't even work and half our clocks are off by 4+ minutes, but looking into how your TCP stack behaves with the rest of your system state is handy when running applications.
|
necrobobsledder posted:(load of 45 on an 8 vCPU box in prod is scary, man) e: wait, it was dual quad-core Vulture Culture fucked around with this message at 07:01 on Dec 8, 2015 |
|
#
¿
Dec 8, 2015 06:55
|
|
|
Tab8715 posted:Extra-circular question but when it comes to massive web-based SaaS Applications like Facebook, Salesforce, Apple iCloud what are they using for their Directory Service?
|
|
#
¿
Dec 22, 2015 03:00
|
|
|
Route53 alias record TTLs are set to the TTL of the target.
|
|
#
¿
Dec 23, 2015 14:35
|
|
|
If my OpenStack servers weren't blades I would literally pull them out from the rack on their rails and poo poo inside them
|
|
#
¿
Jan 13, 2016 06:33
|
|
|
evol262 posted:It's because their admins didn't bother configuring a resilient backend for glance, or their storage policies weren't set up (or were misconfigured) for swift.
|
|
#
¿
Jan 14, 2016 02:24
|
|
|
evol262 posted:But then we have to assume that all the VMs were running on a single compute node, and that a single disk failure killed that node (or at least /var), which is even dumber.
|
|
#
¿
Jan 14, 2016 03:24
|
|
|
MagnumOpus posted:I feel like this is the biggest change that occurred in the web ops world in terms of its effect on my day-to-day. It used to be that no one else in the org cared about what we were doing on an infrastructure level because they knew it was a nightmare realm they dared not enter. Since the rise of everything "cloud" now we've got armies of web devs who know just enough to be dangerous. My job is now running around trying to keep assholes from loving up long-term plans by applying half-understood cloudisms to their designs. Just about every day I find a new thing that makes me go cross-eyed with rage, and on the days I don't it's because instead I spent 3 hours arguing a web dev down from his 20% understanding of platform and infrastructure concepts.
|
|
#
¿
Jan 14, 2016 20:38
|
|
|
Can I create a big pile of stopped instances on EC2 without powering them on (and incurring the hourly charge) first?
|
|
#
¿
Apr 15, 2016 18:42
|
|
|
necrobobsledder posted:I don't think that's possible. I know I can do it with the API in VMware's stuff, but in EC2 you have to launch an instance to create or clone one, and launching means it gets put into pending and then running state. The official lifecycle document from AWS pretty much means that you don't get any state of an instance before the Pending state. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html Only thing I could think of as a sneaky way possibly is to create an AMI that will immediately shut down the machine before the bootloader kicks in the first time you launch it, but I suspect that won't help because it might have to be put into the Running state first for that to kick in.
|
|
#
¿
Apr 16, 2016 00:11
|
|
|
I'm firing these up in bulk through Terraform, so there's no big deal if I have to actually start them in response to demand. It would have been nice to be able to hand our CTO or whoever instructions to just power a bunch of stuff on, though. (ASGs don't work for our use case for a litany of reasons I'm not going to get into.)
|
|
#
¿
Apr 18, 2016 06:07
|
|
|
Internet Explorer posted:Hopefully quick HIPAA / Cloud question. I don't deal with HIPAA but something I heard does not pass the smell test. Vulture Culture fucked around with this message at 19:54 on May 18, 2016 |
|
#
¿
May 18, 2016 19:51
|
|
|
|
| # ¿ Apr 28, 2024 19:48 |
|
|
Bhodi posted:VPC *IS* for site to site connections. good jovi posted:Does anyone here have any experience setting up a VPN endpoint in an AWS VPC? Everything I've been able to find seems to be aimed at site-to-site connections, rather than just something for developers to connect to. It looks like this involves running some 3rd party software appliance, rather than being built in to AWS itself. Any recommendations there? Vulture Culture fucked around with this message at 01:24 on May 21, 2016 |
|
#
¿
May 21, 2016 01:19
|
|