How to dry-run with chef-client

The answer is simple: do not "dry-run", do "why-run"!

chef-client --why-run
chef-client -W

And the output looks nicer when using "-Fmin"

chef-client -Fmin -W

As with all other automation tools, the dry-run mode is not very predictive. Still it might indicate some of the things that will happen.

CDN Usage by Large Web Sites

Last updated in 05/2014. This is a list of all top domains scanned for the report What Large Sites Use grouped by CDN detected. Feel free to verify the detected CDNs by checking out the CDN detector provided by cdnplanet.com and report misdetection in the comments.

Measurement Method

For each domain the main page was fetched. All <script> and <img> domains where checked for CDNs behind them. Note that this does not necessarily find the primary CDN due to scripting libraries loaded from other CDNs (e.g. jQuery).

Each site might appear multiple times which might hint on a transparent Multi-CDN provider.

Additionally in the case of Cedexis it is not clear if it is used just for monitoring or as Multi-CDN.

Results 2014-05

CDN Sites
Akamai web.mit.edu adobe.com amazon.com aol.de apple.com ask.com autobild.de avg.com bbc.co.uk bigpoint.com bild.de bing.com buch.de buzzfeed.com chip.de cnet.com cnn.com computerbild.de conduit.com dailymotion.com dooyoo.de ebay.de edarling.de erento.com facebook.com finanzen.net flickr.com flipkart.com focus.de forbes.com godaddy.com huffingtonpost.com hungryhouse.co.uk imdb.com immonet.de indeed.com jamba.de java.com last.fm lieferheld.de linkedin.com mashable.com microsoft.de mjam.at morgenpost.de mozilla.org msdn.com msn.com mtv.com mytoys.de mywebsearch.com netflix.com n-tv.de otto.de pizza.de qq.com reddit.com reference.com rp-online.de rtl.de salesforce.com skype.com skype.de slashdot.org sourceforge.net spiegel.de sport1.DE stepstone.de stern.de stumbleupon.com sueddeutsche.de superantojo.com.mx taobao.com theguardian.com welt.de wetter.com wetteronline.de xing.de zdf.de zedo.com
amazonaws morgenpost.de netflix.com nzz.ch rp-online.de tape.tv
cachefly arstechnica.com cdnplanet.com
CDNetworks ifeng.com
Cedexis autobild.de bild.de computerbild.de finanzen.net morgenpost.de welt.de
Cloudflare adf.ly crunchbase.com foodpanda.in foodpanda.pl foodpanda.ru imgur.com pingdom.com statcounter.com
CloudFront web.mit.edu addthis.com amazon.com amazon.de arstechnica.com bannersdontwork.com berlinonline.de cdnplanet.com chefkoch.de foodarena.ch foodpanda.in foodpanda.ru hungryhouse.co.uk imdb.com instagram.com kicker.de neobux.com nzz.ch onlinepizza.se pizzaportal.pl samsung.com spotify.com stumbleupon.com superantojo.com.mx tape.tv theguardian.com tivo.com tvinfo.de
EdgeCast web.mit.edu buzzfeed.com dailymotion.com forbes.com reddit.com soundcloud.com sueddeutsche.de tumblr.com twitter.com
fastly web.mit.edu github.com samsung.com theguardian.com twitter.com
Level3 go.com groupon.de kicker.de myvideo.de photobucket.com stern.de sueddeutsche.de theguardian.com wetter.com zalando.de
Limelight arstechnica.com arte.tv linkedin.com softpedia.com swissre.com xnxx.com xvideos.com zeit.de
lxdns ku6.com weibo.com xyxy.net
netdna neobux.com stumbleupon.com webpagetest.org
phncdn.com pornhub.com redtube.com tube8.com youporn.com
rncdn1.com thepiratebay.sx tube8.com
WaveCDN upjers.com

Large Website Technology Changes in November 2013

As in the last two months I performed another a indexing of the information reported by major websites. It covers mostly request header, HTML and DNS based information of the top 200 sites listed by Alexa and the top 100 German websites. All the information is freely available and only extracted from the website responses!

The detailed results can be found here:

What Changed?

DNS-Prefetching The HTML header based DNS prefetching is still there and gained another site: German job portal stepstone.de
IPv6 IPv6 support did not spread in the last month. Several sites have flapping visibility of their AAAA records.
Version Upgrades adf.ly upgrades from PHP 5.3.8 to 5.4.21.
rtl.de upgrades from Apache 2.2.21 to 2.4.6.
Webserver Change German health portal imedo.de switched from Mongrel to Apache
Hiding Server Version Porn site xnxx.com stopped reporting usage of PHP 5.3.6
CDN In 11/2013 conduit.com switched from Cotendo to Akamai CDN.
Hoster German couples portal parship.de seems to have changed hoster and is using BigIP F5 load balancers now.

Note: the website links lead to a history page for the measurements.

Caution!

All the results listed above are based on a simple scanning script. The results present a snapshot of the websites and a single response only. This is of course not necessarily an indicating for what techniques the site uses in daily operations!

GTK Tray StatusIcon Example with PyGI

Here is an example on how to build a GtkStatusIcon using PyGI (Python GObject). The code actually implements a libpeas plugin that could be used with any GTK+ project that allows GI plugins. The tray icon could respond to left clicking by toggling the application window like many instant messengers do. On right clicks it presents a menu with the options to toggle the application window or quit the application.

from gi.repository import GObject, Peas, PeasGtk, Gtk

class TrayiconPlugin (GObject.Object, PeasActivatable):
    __gtype_name__ = 'TrayiconPlugin'

    object = GObject.property (type=GObject.Object)

    def do_activate (self):
        self.staticon = Gtk.StatusIcon ()
	self.staticon.set_from_stock (Gtk.STOCK_ABOUT)
        self.staticon.connect ("activate", self.trayicon_activate)
        self.staticon.connect ("popup_menu", self.trayicon_popup)
        self.staticon.set_visible (True)

    def trayicon_activate (self, widget, data = None):
        print "toggle app window!"

    def trayicon_quit (self, widget, data = None):
        print "quit app!"

    def trayicon_popup (self, widget, button, time, data = None):
        self.menu = Gtk.Menu ()

        menuitem_toggle = Gtk.MenuItem ("Show / Hide")
        menuitem_quit = Gtk.MenuItem ("Quit")

        menuitem_toggle.connect ("activate", self.trayicon_activate)
        menuitem_quit.connect ("activate", self.trayicon_quit)

        self.menu.append (menuitem_toggle)
        self.menu.append (menuitem_quit)

        self.menu.show_all ()
	self.menu.popup(None, None, lambda w,x: self.staticon.position_menu(self.menu, self.staticon), self.staticon, 3, time)

    def do_deactivate (self):
        self.staticon.set_visible (False)
        del self.staticon

Website Technology Crawl 12/2013

I've update the What Large Sites Use page with the results crawled in December 2013. Check it out to see who is using what! New column for HTML DOCTYPE was added. I'll soon post the followup on the changes compared to November.

What Job Offers Tell About Architectures #5

Part 5 of the Unix/Linux system administrator job offer and technologies survey. Here are several new companies. This time watch out for "or's" in the table and the order of the alternative which might give an indication what the employer uses and what knowledge he deems equivalent. Also keep in mind that such "or's" indicate once more that each position might describe only wishes, but not that actual architecture the company uses. It depends on how open they want to be...

If you want to check for yourself click the "[src]" for the original reference, but know that it might be already offline.

Todays List

Company Sector Reference OS Languages Databases Software Hardware Monitoring Virtualization Automation
allesklar meinestadt.de Internet: Web [src] Linux MySQL, Postgres, Cassandra DB HA and Loadbalancing
Xing Social [src] Java, Scala ElasticSearch or (Lucene or Solr) Haadop, HBase, Cassandra
Hanwha Q Cells Industry [src] AIX System P, Storages, Tape
buch.de Online Store: Books [src] Redhat Apache, Tomcat, Redhat Satellite SAN yes
goodgame Studios Gaming [src] Debian, Redhat Shell MySQL Apache, Postfix Nagios, Munin, Icinga
International Algorithmic Trading GmbH Finance [src] Redhat, CentOS, Scientific Linux Bash, Perl yes
Lidl Online Store: Food [src] Redhat Shell MySQL VMWare
EOS UPTRADE GmbH Internet [src] Debian, CentOS PHP MySQL Cisco FW, Watchguard Icinga XenServer, VMWare Cloud Puppet

The Interesting Things

Well this is the first time I see someone using Scientific Linux. As with the previous posts automation doesn't seem to play a big role as only 2 out of 8 mentioned it. Also no startupish devops style offers here as the scripting languages seem to indicate. It seems to be just good old robust Unix administration :-)

And look at Q Cells, no wonder they went bankrupt using IBM hardware...

Note: You can find the complete index of all companies I checked so far here:
What Job Offers Tell About Architectures.

Nagios Plugin for dmesg Monitoring

So far I found no easy solution to monitor for Linux kernel messages. So here is a simple Nagios plugin to scan dmesg output for interesting stuff:

#!/bin/bash

SEVERITIES="err,alert,emerg,crit"
WHITELIST="microcode: |\
Firmware Bug|\
i8042: No controller|\
Odd, counter constraints enabled but no core perfctrs detected|\
Failed to access perfctr msr|\
echo 0 > /proc/sys"

# Check for critical dmesg lines from this day
date=$(date "+%a %b %e")
output=$(dmesg -T -l "$SEVERITIES" | egrep -v "$WHITELIST" | grep "$date" | tail -5)

if [ "$output" == "" ]; then
	echo "All is fine."
	exit 0
fi

echo "$output" | xargs
exit 1

"Features" of the script above:

  • It gives you the 5 most recent messages from today
  • It allows to whitelist common but useless errors in $WHITELIST
  • It uses "dmesg" to work when you already have disk I/O errors and to be faster than syslog parsing

This script helped a lot to early on detect I/O errors, recoverable as well as corruptions. It even worked when entire root partition wasn't readable anymore, because then the Nagios check failed with "NRPE: unable to read output" which indicated that dmesg didn't work anymore. By always showing all errors from the entire day one cannot miss recovered errors that happened in non-office hours.

Another good thing about the check is detecting OOM kills or fast spawning of processes.

Removing newlines with sed

My goal for today: I want to remember the official sed FAQ solution to replace multiple newlines:

sed ':a;N;$!ba;s/\n//g' file

to avoid spending a lot of time on it when I need it again.

Chef Gets Push in Q1/2014

Sysadvent features a puppetlabs sponsered article (yes, honestly, check the bottom of the page!) about chef enterprise getting push support. It is supposed to be included in the open source release in Q1/2014.

With this change you can use a push jobs cookbook to define jobs and an extended "knife" with new commands to start and query about jobs:

knife job start ...
knife job list

and

knife node status ...

will tell about job execution status on the remote node.

At a first glance it seems nice. Then again I feel worried when this is intened to get rid of SSH keys. Why do we need to get rid of them exactly? And in exchange for what?

Simple Chef to Nagios Hostgroup Export

When you are automatizing with chef and use plain Nagios for monitoring you will find duplication quite some configuration. One large part is the hostgroup definitions which usually map many of the chef roles. So if the roles are defined in chef anyway they should be sync'ed to Nagios.

Using "knife" one can extract the roles of a node like this

knife node show -a roles $node | grep -v "^roles:"

Scripting The Role Dumping

Note though that knife only shows roles that were applied on the server already. But this shouldn't be a big problem for a synchronization solution. Next step is to create a usable hostgroup definition in Nagios. To avoid colliding with existing hostgroups let's prefix the generated hostgroup names with "chef-". The only challenge is the regrouping of the role lists given per node by chef into host name lists per role. In Bash 4 using an fancy hash this could be done like this:

declare -A roles

for node in $(knife node list); do
   for role in $(knife node show -a roles $i |grep -v "roles" ); do
      roles["$role"]=${roles["$role"]}"$i "
   done
done

Given this it is easy to dump Icinga hostgroup definitions. For example

for role in ${!roles[*]}; do
   echo "define hostgroup {
   hostgroup_name chef-$role
   members ${roles[$role]}
}
"
done

That makes ~15 lines of shell script and a cronjob entry to integrate Chef with Nagios. Of course you also need to ensure that each host name provided by chef has a Nagios host definition. If you know how it resolves you could just dump a host definition while looping over the host list. In any case there is no excuse not to export the chef config :-)

Easy Migrating

Migrating to such an export is easy by using the "chef-" namespace prefix for generated hostgroups. This allows you to smoothly migrate existing Nagions definitions at your own pace. Be sure to only reload Nagios and not restart via cron and to do it at reasonable time to avoid breaking things.

Syndicate content Syndicate content