Group items tagged

the abstraction of the infrastructure layer, which is now considered code. Deployment of a new application may require the deployment of new infrastructure code as well.

"big bang" deployments update whole or large parts of an application in one fell swoop.

Big bang deployments required the business to conduct extensive development and testing before release, often associated with the "waterfall model" of large sequential releases.

Rollbacks are often costly, time-consuming, or even impossible.

In a rolling deployment, an application’s new version gradually replaces the old one.

new and old versions will coexist without affecting functionality or user experience.

Each container is modified to download the latest image from the app vendor’s site.

two identical production environments work in parallel.

Once the testing results are successful, application traffic is routed from blue to green.

In a blue-green deployment, both systems use the same persistence layer or database back end.

You can use the primary database by blue for write operations and use the secondary by green for read operations.

Blue-green deployments rely on traffic routing.

long TTL values can delay these changes.

The main challenge of canary deployment is to devise a way to route some users to the new application.

Using an application logic to unlock new features to specific users and groups.

With CD, the CI-built code artifact is packaged and always ready to be deployed in one or more environments.

Use Build Automation tools to automate environment builds

Use configuration management tools

Enable automated rollbacks for deployments

An application performance monitoring (APM) tool can help your team monitor critical performance metrics including server response times after deployments.

When a Workspace is declared in a job, one or more files or directories can be added. Each addition creates a new layer in the Workspace filesystem. Downstreams jobs can then use this Workspace for its own needs or add more layers on top.

Unlike caching, Workspaces are not shared between runs as they no longer exists once a Workflow is complete.

A prime example is package dependency managers such as Yarn, Bundler, or Pip.

Caches are global within a project, a cache saved on one branch will be used by others so they should only be used for data that is OK to share across Branches

Artifacts are used for longer-term storage of the outputs of your build process.

If your project needs to be packaged in some form or fashion, say an Android app where the .apk file is uploaded to Google Play, that’s a great example of an artifact.

rolify just adds some class methods in an existing User class

disambiguate the relationship

Ansible AWX is the open-sourced project that was the foundation on which Ansible Tower was created. With this being said, Ansible AWX is a development branch of code that only undergoes minimal testing and quality engineering testing.

Ansible AWX is a powerful open-source, freely available project for testing or using Ansible AWX in a lab, development, or other POC environment.

to use an external PostgreSQL database, please note that the minimum version is 9.6+

Full enterprise features and functionality of Tower

Not limited to 10 nodes

DNS zones can be on the same servers

Master zones, contain a read/write copy of the zone data.

If you want to have redundancy, you must have the zone data accessible on multiple servers.

The Slave zone is a read-only copy of the zone data.

Most of the times Slave DNS zones are copies of Master zones.

the primary purposes of a Slave zone is to serve as a backup

With respect to permissions, all users on the system except those with a user role of No Access have read access to objects in partition Common, and by default, partition Common is their current partition.

The current partition is the specific partition to which the system is currently set for a logged-in user.

A partition access assignment gives a user some level of access to the specified partition.

assigning partition access to a user does not necessarily give the user full access to all objects in the partition

user account objects also reside in partitions

when you first install the BIG-IP system, every existing user account (root and admin) resides in partition Common

the partition in which a user account object resides does not affect the partition or partitions to which that user is granted access to manage other BIG-IP objects

the object it references resides in partition Common

a referenced object must reside either in the same partition as the object that is referencing it

A minimum of three instances are required to create an InnoDB cluster

Rails gives your ability to configure application time zone.

It's not Rails responsible for adding time zone, but ActiveSupport

switch from Time.now to Time.zone.now

Time.zone.now

no need to use it explicitly as there is shorter and more clear option.

Time.zone.today

Time.zone.local

Time.zone.at

Time.zone.parse

DateTime.strptime(str, "%Y-%m-%d %H:%M %Z").in_time_zone

Vegeta was designed to be run on the command line; it reads from stdin a list of HTTP transactions to generate, and sends results in binary format to stdout,

Vegeta is a really strong tool that caters to people who want a tool to test simple, static URLs (perhaps API end points) but also want a bit more functionality.

Vegeta can even be used as a Golang library/package if you want to create your own load testing tool.

Wrk is so damn fast

being fast and measuring correctly is about all that Wrk does

k6 is scriptable in plain Javascript

k6 is average or better. In some categories (documentation, scripting API, command line UX) it is outstanding.

Jmeter is a huge beast compared to most other tools.

Siege is a simple tool, similar to e.g. Apachebench in that it has no scripting and is primarily used when you want to hit a single, static URL repeatedly.

A good way of testing the testing tools is to not test them on your code, but on some third-party thing that is sure to be very high-performing.

use a tool like e.g. top to keep track of Nginx CPU usage while testing. If you see just one process, and see it using close to 100% CPU, it means you could be CPU-bound on the target side.

If you see multiple Nginx processes but only one is using a lot of CPU, it means your load testing tool is only talking to that particular worker process.

Network delay is also important to take into account as it sets an upper limit on the number of requests per second you can push through.

If, say, the Nginx default page requires a transfer of 250 bytes to load, it means that if the servers are connected via a 100 Mbit/s link, the theoretical max RPS rate would be around 100,000,000 divided by 8 (bits per byte) divided by 250 => 100M/2000 = 50,000 RPS. Though that is a very optimistic calculation - protocol overhead will make the actual number a lot lower so in the case above I would start to get worried bandwidth was an issue if I saw I could push through max 30,000 RPS, or something like that.

Wrk managed to push through over 50,000 RPS and that made 8 Nginx workers on the target system consume about 600% CPU.

When you combine a custom resource with a custom controller, custom resources provide a true declarative API.

A declarative API allows you to declare or specify the desired state of your resource and tries to keep the current state of Kubernetes objects in sync with the desired state.

Custom controllers can work with any kind of resource, but they are especially effective when combined with custom resources.

the API represents a desired state, not an exact state.

define configuration of applications or infrastructure.

The main operations on the objects are CRUD-y (creating, reading, updating and deleting).

You want to put the entire config file into one key of a configMap.

You want to perform rolling updates via Deployment, etc., when the file is updated.

You want to build new automation that watches for updates on the new object, and then CRUD other objects, or vice versa.

You want the object to be an abstraction over a collection of controlled resources, or a summarization of other resources.

CRDs are simple and can be created without any programming.

CRDs allow users to create new types of resources without adding another API server

Defining a CRD object creates a new custom resource with a name and schema that you specify.

The name of a CRD object must be a valid DNS subdomain name

each resource in the Kubernetes API requires code that handles REST requests and manages persistent storage of objects.

The main API server delegates requests to you for the custom resources that you handle, making them available to all of its clients.

The new endpoints support CRUD basic operations via HTTP and kubectl

Custom resources consume storage space in the same way that ConfigMaps do.

Aggregated API servers may use the same storage as the main API server

CRDs always use the same authentication, authorization, and audit logging as the built-in resources of your API server.

most RBAC roles will not grant access to the new resources (except the cluster-admin role or any role created with wildcard rules).

The upgrade procedure on control plane nodes should be executed one node at a time.

Manually upgrade your CNI provider plugin.

sudo systemctl daemon-reload sudo systemctl restart kubelet

If kubeadm upgrade fails and does not roll back, for example because of an unexpected shutdown during execution, you can run kubeadm upgrade again.

To recover from a bad state, you can also run kubeadm upgrade apply --force without changing the version that your cluster is running.

kubeadm-backup-etcd contains a backup of the local etcd member data for this control plane Node.

the contents of this folder can be manually restored in /var/lib/etcd

kubeadm-backup-manifests contains a backup of the static Pod manifest files for this control plane Node.

the contents of this folder can be manually restored in /etc/kubernetes/manifests

Enforces the version skew policies.

Upgrades the control plane components or rollbacks if any of them fails to come up.

The slowms and sampleRate profiling settings are global. When set, these settings affect all databases in your process.

db.setProfilingLevel(1, { slowms: 20 })

db.setProfilingLevel(0, { slowms: 20 })

show profile

The system.profile collection is a capped collection with a default size of 1 megabyte.

By default, sampleRate is set to 1.0, meaning all slow operations are profiled.

When logLevel is set to 0, MongoDB records slow operations to the diagnostic log at a rate determined by slowOpSampleRate.

The slowms field indicates operation time threshold, in milliseconds, beyond which operations are considered slow.

You cannot enable profiling on a mongos instance.

profiler logs information about database operations in the system.profile collection.

Journaling guarantees that MongoDB can quickly recover write operations that were written to the journal but not written to data files in cases where mongod terminated due to a crash or other serious failure.

To use read concern level of "majority", replica sets must use WiredTiger storage engine.

Write concern describes the level of acknowledgement requested from MongoDB for write operations.

With stronger write concerns, clients must wait after sending a write operation until MongoDB confirms the write operation at the requested write concern level.

The HTTP interface is disabled by default. Do not enable the HTTP interface in production environments.

Avoid overloading the connection resources of a mongod or mongos instance by adjusting the connection pool size to suit your use case.

ensure that each mongod or mongos instance has access to two real cores or one multi-core physical CPU.

The WiredTiger storage engine is multithreaded and can take advantage of additional CPU cores

the ELB also performs a vital role in improving the fault tolerance of the services which it fronts.

he Open Systems Interconnection Model, or OSI Model, is a conceptual model which is used to facilitate communications between different computing systems.

Layer 1 is the physical layer, and represents the physical medium across which the request is sent.

Layer 2 describes the data link layer

Layer 3 (the network layer)

Layer 7, which serves the application layer.

A network device, of which the Classic ELB is an example, reads the protocol and port of the incoming request, and then routes it to one or more backend servers.

Whereas a request to a specific URL backed by a Classic ELB would only enable routing to a particular pool of homogeneous servers, the ALB can route based on the content of the URL, and direct to a specific subgroup of backing servers existing in a heterogeneous collection registered with the load balancer.

The Classic ELB is a simple load balancer, is easy to configure

As organizations move towards microservice architecture or adopt a container-based infrastructure, the ability to merely map a single address to a specific service becomes more complicated and harder to maintain.

oute traffic to different services based on either the host or the content of the path contained within that URL.

kubectl provides the most flexible management of Node Problem Detector.

run the Node Problem Detector in your cluster to monitor node health.

Percona XtraBackup works by remembering the log sequence number (LSN) when it starts, and then copying away the data files.

Percona XtraBackup runs a background process that watches the transaction log files, and copies changes from it.

Percona XtraBackup uses Backup locks where available as a lightweight alternative to FLUSH TABLES WITH READ LOCK.

Locking is only done for MyISAM and other non-InnoDB tables after Percona XtraBackup finishes backing up all InnoDB/XtraDB data and logs.

When backup locks are supported by the server, xtrabackup first copies InnoDB data, runs the LOCK TABLES FOR BACKUP and then copies the MyISAM tables.

the STDERR of xtrabackup is not written in any file. You will have to redirect it to a file, e.g., xtrabackup OPTIONS 2> backupout.log

During the prepare phase, Percona XtraBackup performs crash recovery against the copied data files, using the copied transaction log file. After this is done, the database is ready to restore and use.

the tools enable you to do operations such as streaming and incremental backups with various combinations of copying the data files, copying the log files, and applying the logs to the data.

To restore a backup with xtrabackup you can use the --copy-back or --move-back options.

Users: cn=users,cn=accounts,$SUFFIX Groups: cn=groups,cn=accounts,$SUFFIX

The reason to use an account like this rather than creating a normal user account in IPA and using that is that the system account exists only for binding to LDAP. It is not a real POSIX user, can't log into any systems and doesn't own any files.

This use also has no special rights and is unable to write any data in the IPA LDAP server, only read.

When possible, configure your LDAP client to communicate over SSL/TLS.

/etc/openldap/ldap.conf

Some system unit configuration options do not work in the rootless container

it's better to create an override.conf drop-in that sets PrivateNetwork=no

Difficult to use additional stores for sharing content

Can not use overlayfs driver, but does support fuse-overlayfs

No CNI Support

Making device nodes within a container fails, even when running --privileged.