Debconf, and encouraging contributions

Posted on 2013-08-23 by Dominic Hargreaves

Last week I was fortunate enough to be able to go to the annual Debian developers’ conference, Debconf, which this year was held in Vaumarcus, Switzerland, in a glorious setting with views of a lake and mountains (if you look closely you can see evidence of the Debian swirl):

View from Debconf13

I would like to thank IT Services for enabling me to go on this conference, taking time out of a busy schedule at work, as well as the Debconf team for organising an excellent conference.

Debian is used extensively by my team as a primary hosting platform for our services, and as a community based “Universal Operating System” with a strong focus on freedoms and openness, it fits well with the team culture. Whilst I became involved in Debian before taking up my role at IT Services (formerly OUCS), I find my involvement in Debian useful as a way of getting more value out of Debian for the team (for example by being familiar with Debian processes and developments and being able to contribute back work which has evolved within the team). The most visible evidence of this are the RT packages which I have been maintaining since 2008, originally as part of a project to upgrade our own instance to the then-current 3.8.

The conference took place over the course of a full (8 day) week and combined the traditional presentation sessions with ample opportunities to meet with follow developers and contributors (many for the first time face to face) and work closely as a team on some objectives (including, for me, the inclusion of Perl 5.18 into Debian; I have been co-maintaining the Perl packages for the past few years). Some of the highlighted events for me were:

  • Freedombox – an excellent presentation from Bdale Garbee on the Freedombox project, which aims to deliver an easy to use bundle of software for installation in cheap home servers, to enable users to keep control of their own data rather than putting it at the mercy of governments
  • The Technical committee BoF – it was interesting to hear a bit more about how the tech-ctte, one of the few formal management structures in Debian, operates in order to resolve technical issues or disputes
  • use Perl – the annual perl packagers’ meeting: one of the teams I am most actively involved in as a side effect of co-maintaining Perl; I met several team members for the first time at this Debconf and this ended up being a very productive exercise
  • Debian on Google Compute Engine and AWS Debian – these talks from David McWherter and James Bromberger respectively were interesting updates for someone like me who has not yet had a chance to try out these services. It was reassuring to note that the AWS images of Debian are now “official” in that they are minimal images built by a Debian developer.

The most interesting talk from a direct Sysdev perspective was by martin f. krafft, who presented his tool reclass, an ‘recursive external node classification’ engine. This is a system designed to integrate with a number of modern configuration management tools such as puppet, salt and ansible, which behaves eerily like Sysdev’s own rb3 tool (see the original paper) though with possibly fewer of the annoying quirks! It addresses the need to minimise repetition in large installations via multiple inheritence, and acts as a layer between the user and the configuration managements tools itself. Following the talk we had a chance to explore some of the issues in more detail with a separate BoF session. This is definitely something I’ll be keeping in mind as we discuss a coordinated strategy for configuration management across the new, larger department.

The above were only some of the events that made Debconf so enjoyable for me – there were plenty of social occasions including the now famous Cheese and Wine BoF, and Debian’s 20th birthday, which was an afternoon of talks targetted at a wider audience than regular Debconf attendees followed by a barbecue, and a huge birthday cake.

Photo credit: Christian Perrier

Scenic hacklab. Photo credit: Christian Perrier

If any of this whets your appetite (sorry, no cake), you might be interested in looking at the video archive of many of the scheduled talks and events, some of which I was involved in producing, as a new member of the Debconf video team.

So. where does the ‘encouraging contributions’ part of this post come in? A recent personal objective of mine at work has been to help people within IT Services and particular my own team to get more directly and deeply involved with Debian development. Most of the team already has a lot of the relevant expertise, as we deploy all software via Debian packages and so end up packaging or modifying other packages of quite a bit of our own software and those of others. To that end, I am hoping to run a Debian packaging workshop/bug squashing party at IT Services later this year or early next year, and see if I can persuade some of my colleagues to maintain packages for Debian, to increase our contributions back to a project which provides so much value to us. I chatted with quite a few people at Debconf about this type of event and got some useful ideas for how to run it.

If you are reading this from IT Services or indeed across the University/Oxford and would be interested in taking part in such an event, I’d love to hear from you. You can comment on this blog or email me at my University email address.

Photo credit: Christian Perrier

Photo credit: Christian Perrier

Posted in Conferences, Uncategorized | 1 Comment

Unix/Linux sysadmin vacancy

Posted on 2013-07-17 by Dominic Hargreaves

We have a new vacancy within Sysdev:

Do you consider yourself a capable Unix/Linux systems administrator? Are you enthusiastic about working in an expert team where quality of service, attention to detail, and a willingness to respond positively to new challenges are all important? Would you also be able to specify, install, network and configure Linux platforms for resilient, enterprise IT systems? If so, we invite you to apply for the post of Unix Systems Administrator at IT Services, University of Oxford.

The Unix Systems Administrator will join a team responsible for many of the IT services critical to the operation of the University, including Identity and Access Management services; web hosting; email and
collaboration services; standard and bespoke application hosting platforms for other parts of the department; and substantial infrastructure and monitoring capabilities. The postholder will contribute to, and carry out independent work on, the development and management of new and existing systems and services.

The primary deployment platform used by the Systems Development and Support section is Debian GNU/Linux, and includes an extensive configuration and software management suite. The ideal candidate will have
experience of web application hosting and development, the ability to address the interoperability challenges posed by a mixed platform environment, and experience of large-scale systems management.

For further details and to apply, please see the official recruitment site.

Posted in Vacancies | Comments Off on Unix/Linux sysadmin vacancy

FLOSS UK LISA workshop 2013 notes

Posted on 2013-06-05 by Peter Grandi

The UKUUG (UK Unix User Group) are now calling themselves FLOSS (Free, Libre, Open Source Software) UK and they continue to have annual workshops centred around UNIX-like systems like GNU/Linux.

The 2013 edition of their LISA (Large Installation Systems Administration) workshop was as usual interesting and well attended like the one reported upon in this blog last year.

Here “Large Installation” means in the order of dozens up to hundreds of systems, rather than thousands to hundreds of thousands as in specialised application areas like physics and web search.

But then typical installations running dozens to hundreds of systems use them like Sysdev for a rather diverse set of applications, while installations running thousands to hundreds of thousands of systems tend to use them as fairly uniform compute clusters, effectively running a single application, the cluster job scheduler.

The challenges in administration of an installed base with dozens to hundreds of server across a rather diverse set of applications are significant, with a careful balance between simplifying by having uniformity, and the requirement to run diverse applications.

This has been reflected in several of the presentations at the workshop, for example in the number about monitoring systems. In a different ways in those presentations about specific parts of the application supporting infrastructure. My impressions of the presentations I like best follow.

Ansible was presented in both a tutorial and a talk, and was an interesting topic, and I liked both the tutorial and the talk. Ansible is a configuration delivery system, where customised configuration files are transported and installed onto target systems. It is usually coupled to a configuration building system based on the Jinja2 templating system.

Its distinctive design goals, which were very emphasised by the presenters, are to have minimal dependencies and in particular to avoid requiring explicit installation on the target hosts. This is achieved by:

  • implementing the system in Python;
  • using SSH to connect to a shell prompts on the targets hosts;
  • downloading over SSH to the target hosts local Python programs to perform preparatory actions, such as host profiling;
  • uploading the host profile, if any, to the Ansible server, and generating templated configuration files;
  • downloading the generated configuration files.

Overall the idea is a generalisation of the very useful FISH file transfer protocol.

Ansible overall seems to be fairly attractive, as it simplifies a number of issues, and perhaps is an attractive substitute for similar systems like Chef or Puppet.

It is however harder to compare with client systems with a very different flavour like CfEngine or Sysdev’s own RB3/ConfigTool pair, which are mostly aimed at the issues around generating configurations rather than distributing them.

Of the monitoring systems there were some impressive and well delivered presentations about the availability monitor Icinga which is a derivative and mostly improved version of Nagios and is particularly suitable for smaller installations (dozens of hosts) out of the box, and can scale to larger ones (hundreds of hosts) with a bit of planning.

Another good talk was about progress with the OpenNMS availability monitor, which includes a network discovery system, and has been designed for scaling to hundreds of monitored hosts.

On the overall monitoring problem there was a very informative, very well presented, candid report of the history of monitoring at a web hosting company. They went through several iterations of both their monitoring infrastructure and reaction processes as business growth pushed higher the number of installed hosts. They made some quite interesting points:

  • The most efficient performance monitor is collectd, and they display the performance graphs using Graphite.
  • Ganglia is almost as efficient.
  • They use Icinga for availability monitoring.
  • Performance issues: a 10 second collection interval is essential to spot transient performance issues, and gives a much better feel than a longer interval.
  • Writing to dozens of log-like RRD files for hundreds of systems can hit hard a storage system, and putting the RRD archive on a RAM disk and periodically copying it to disk or using a purpose written RRD caching tool is a good idea.

One of the best presentations was an enthusiastic one by a maintainer about the 9.2 release of PostgreSQL, a very robust DBMS which is advisedly used extensively by Sysdev. It is also widely used by “cloud database” companies like Heroku who report having 1.5 million databases run by PostgreSQL. The major advances in the 9.2 release are:

  • Even better handling of highly variable workloads (for cloud databases) and of highly parallel ones (for transactional systems).
  • Foreign tables which are views (read-only) over tables held in other DBMSes.
  • Much faster spatial index access, and parts of queries using a covering index no longer need access to the table.
  • Even better support for non-tabular data such as key-value and textual data, and improved type handling, including range/interval types.

The 9.3 release is progressing well, and its new features have already been written and are being tested, among them:

  • Event triggers, 64b object addressing, table snapshots.
  • Materialised views, and ability to update foreign table views.

PostgreSQL is probably the relational DBMS which comes closest to the ideal described in the 12 rules and even in the more controversial third relational manifesto and generalised handling of views is one of the most important and less commonly implemented aspects of the relational model, and one that is particularly important to realise a three schema design in a relational database.

In some release after 9.3 on PostgreSQL will have multimaster (active/active) clustering, which is already being tested, similar to Apache Cassandra.

A presentation on alternative DNS servers was also quite useful, as relatively recent updates to the DNS protocols offer very useful flexibility if it is easy to take advantage of them. The presentation was made by the author of the good book Alternative DNS Servers.

One of the themes of the presentation was that as DNS is a truly critical service for the Internet many core DNS service providers have felt a need to create independent DNS server implementations to provide diversity of code base reducing the change of a single bug affecting all or most of them.

Of the various DNS servers:

  • Unbound was highly recommended, because of efficiency, robustness, extensibility with Python.
  • NSD was also recommended as a reliable, complete implementation for serving large numbers of domains at high speed, in part thanks to compiled zone files. NSD version 4 is about to offer also dynamic zone add and delete.
  • PowerDNS was even more recommended, having a number of interesting zone database back-ends, a very good DNSSEC implementation, and zone transfer via database replication. Also pretty easy to use Dynamic DNS updates with DNSSEC and maintain the zone database that way. Also there are several tools to edit zones directly in the zone database.

DNS server flexibility can help a lot by providing a layer of indirection in service provision, and to delegate the update of sub-zones to relevant administrators.

Another interesting short presentation was about storage caching. The premise was the widespread issue that consolidating storage into dedicated shared storage servers subjects them to extremely different workloads, and this results into either lower performance or higher costs to accomodate the demand for high IOPS (IO Operations Per Second).

This can be counteracted by caching application specific data on the systems local to the application, and the storage for those systems can be customized for the demands of the application, and the demand for high IOPS can be satisfied with local caching on flash SSDs.

There are 3 major open-source caching systems:

  • Flashcache was developed by Facebook as an extension to DM (Device Mapper). It handles retries, but needs careful consideration because its mode of operation is write-back.
  • bcache is an independent kernel module which comes as an intrusive kernel patch, and requires a dedicated partition for caching. It has specific support for SSD caching.
  • ZFS is a well known filesystem which supports SSD caching in one of two modes, L2ARC and slog. Cache areas can be added or removed dynamically but are not persistent.
Posted in Conferences | Tagged , , , , , , , | Comments Off on FLOSS UK LISA workshop 2013 notes

An Advent Adventure – Stardev Syswars

Posted on 2012-12-01 by John Ireland

On 24th November 2012, sysdev were given an advent calendar by one of their most highly respected and long-standing colleagues. Circumstances mean that we cannot all get together for a daily team meeting over a cup of coffee to open each window as we follow the lead up to Christmas Day. Instead, each of us in the team will share in the honourable duty of unveiling this series of seasonal surprises (sequentially!), and post the new-found treasures here to be seen by all, but most importantly by our esteemed and trusted friend.

There is a member of the team ready to leap into action for each day in advent, and their find will be added to this post. Please note that practicalities at weekends may mean that some additions won’t appear until the following weekday.

Continue reading

Posted in Star Wars Advent | Comments Off on An Advent Adventure – Stardev Syswars

New Vacancy for Unix Systems Administrator

Posted on 2012-07-05 by Lyn Waddington

We have a new vacancy for a Grade 7 Unix Systems  Administrator. Though it may not be obvious to the casual onlooker, many of our vacancies arise because we promote them into new roles. So if you are a competent Sys Admin wanting to join to a team where you will be valued, stretched and developed read on…

Do you consider yourself a capable Unix/Linux systems administrator? Are you enthusiastic about working in an expert team where quality of service, attention to detail, and a willingness to respond positively to new challenges are all important? Would you also be able to specify, install, network and configure Linux platforms for resilient, enterprise IT systems? If so, we invite you to apply for the post of Unix Systems Administrator at Oxford University Computing Services.

The Unix Systems Administrator will join a team responsible for many of the IT services critical to the operation of the University, including Identity and Access Management services; web hosting; email and collaboration services; standard and bespoke application hosting platforms for other parts of the Department; and substantial infrastructure and monitoring capabilities. The post holder will contribute to, and carry out independent work on, the development and management of new and existing systems and services.

The primary deployment platform used by the Systems Development and Support section is Debian GNU/Linux, and includes an extensive configuration and software management suite. The ideal candidate will have experience of a university environment, and knowledge of technologies such as Kerberos, LDAP, Shibboleth, and systems management and monitoring. There are many advantages to working at the University other than the world-class research culture. Benefits include flexible working, an excellent pension, career prospects and generous holiday provision.

In order to apply to apply for this role and for further details, including a job description and selection criteria, please visit the University recruitment site: Unix Systems Administrator.

The closing date for applications is 12:00 noon (GMT) on Tuesday 31st July 2012. Interviews are expected to take place on Friday 10th August 2012.

Posted in Vacancies | Tagged , | Comments Off on New Vacancy for Unix Systems Administrator