diff options
Diffstat (limited to '.html/devops')
| -rw-r--r-- | .html/devops/_list.html | 98 | ||||
| -rw-r--r-- | .html/devops/autodeploy.html | 131 | ||||
| -rw-r--r-- | .html/devops/continuous-signing.html | 93 | ||||
| -rw-r--r-- | .html/devops/glassfish-and-upstart.html | 231 | ||||
| -rw-r--r-- | .html/devops/index.html | 98 | ||||
| -rw-r--r-- | .html/devops/notes-on-bootstrapping-grimoire-dot-ca.html | 166 | ||||
| -rw-r--r-- | .html/devops/puppet-2.7-to-3.1.html | 147 | ||||
| -rw-r--r-- | .html/devops/self-daemonization-sucks.html | 162 |
8 files changed, 0 insertions, 1126 deletions
diff --git a/.html/devops/_list.html b/.html/devops/_list.html deleted file mode 100644 index b121d4f..0000000 --- a/.html/devops/_list.html +++ /dev/null @@ -1,98 +0,0 @@ -<!DOCTYPE html> -<html> -<head> - <title> - The Codex » - ls /devops - </title> - - <link - rel='stylesheet' - type='text/css' - href='http://fonts.googleapis.com/css?family=Buenard:400,700&subset=latin,latin-ext'> - <link - rel="stylesheet" - type="text/css" - href="../media/css/reset.css"> - <link - rel="stylesheet" - type="text/css" - href="../media/css/grimoire.css"> -</head> -<body> - -<div id="shell"> - - <ol id="breadcrumbs"> - - <li class="crumb-0 not-last"> - - <a href="../">index</a> - - </li> - - <li class="crumb-1 not-last"> - - <a href="./">devops</a> - - </li> - - <li class="crumb-2 last"> - - <span class="list-crumb">list</span> - - </li> - - </ol> - - - - <div id="listing"> - <h1><code>ls /devops</code></h1> - - - - - <div id="pages"> - <h2>Pages</h2> - <ul> - - <li><a href="continuous-signing">Code Signing on Build Servers</a></li> - - <li><a href="glassfish-and-upstart">Glassfish and Upstart</a></li> - - <li><a href="notes-on-bootstrapping-grimoire-dot-ca">Notes on Bootstrapping This Host</a></li> - - <li><a href="puppet-2.7-to-3.1">Notes on upgrading Puppet from 2.7 to 3.1</a></li> - - <li><a href="autodeploy">Notes towards automating deployment</a></li> - - <li><a href="self-daemonization-sucks">Self-daemonizing code is awful</a></li> - - </ul> - </div> - - - - </div> - - - - - - - <div id="footer"> - <p> - - The Codex — - - Powered by <a href="http://markdoc.org/">Markdoc</a>. - -<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/devops">See this directory on Bitbucket</a>. - - </p> - </div> - -</div> -</body> -</html>
\ No newline at end of file diff --git a/.html/devops/autodeploy.html b/.html/devops/autodeploy.html deleted file mode 100644 index 67644a2..0000000 --- a/.html/devops/autodeploy.html +++ /dev/null @@ -1,131 +0,0 @@ -<!DOCTYPE html> -<html> -<head> - <title> - The Codex » - Notes towards automating deployment - </title> - - <link - rel='stylesheet' - type='text/css' - href='http://fonts.googleapis.com/css?family=Buenard:400,700&subset=latin,latin-ext'> - <link - rel="stylesheet" - type="text/css" - href="../media/css/reset.css"> - <link - rel="stylesheet" - type="text/css" - href="../media/css/grimoire.css"> -</head> -<body> - -<div id="shell"> - - <ol id="breadcrumbs"> - - <li class="crumb-0 not-last"> - - <a href="../">index</a> - - </li> - - <li class="crumb-1 not-last"> - - <a href="./">devops</a> - - </li> - - <li class="crumb-2 last"> - - autodeploy - - </li> - - </ol> - - - - <div id="article"> - <h1 id="notes-towards-automating-deployment">Notes towards automating deployment</h1> -<p>This is mostly aimed at the hosted-apps folks; deploying packaged software for -end users requires a slightly different approach.</p> -<h2 id="assumptions">Assumptions</h2> -<ol> -<li> -<p>You have one or more <em>services</em> to deploy. (If not, what are you doing -here?)</p> -</li> -<li> -<p>Your services are tracked in <em>source control</em>. (If not, go sort that out, -then come back. No, seriously, <em>now</em>.)</p> -</li> -<li> -<p>You will be deploying your services to one or more <em>environments</em>. An -environment is an abstract thing: think “production,” not -“web01.public.example.com.” (If not, where, exactly, will your service run?)</p> -</li> -<li> -<p>For each service, in each environment, there are one or more <em>servers</em> to -host the service. These servers are functionally identical. (If not, go pave -them and rebuild them using Puppet, Chef, CFengine, or, hell, shell scripts -and duct tape. An environment full of one-offs is the kind of hell I wouldn't -wish on my worst enemy.)</p> -</li> -<li> -<p>For each service, in each environment, there is a canonical series of steps -that produce a “deployed” system.</p> -</li> -</ol> -<hr> -<ol> -<li>Decide what code should be deployed. (This is a version control activity.)</li> -<li>Get the code onto the fucking server.</li> -<li>Decide what configuration values should be deployed. (This is also a - version control activity, though possibly not in the same repositories as - the code.)</li> -<li>Get the configuration onto the fucking server.</li> -<li>Get the code running with the configuration.</li> -<li>Log to fucking syslog.</li> -<li>When the machine reboots, make sure the code comes back running the same - configuration.</li> -</ol> - </div> - - - -<div id="comments"> -<div id="disqus_thread"></div> -<script type="text/javascript"> - /* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */ - var disqus_shortname = 'grimoire'; // required: replace example with your forum shortname - - /* * * DON'T EDIT BELOW THIS LINE * * */ - (function() { - var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; - dsq.src = 'http://' + disqus_shortname + '.disqus.com/embed.js'; - (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); - })(); -</script> -<noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript> -<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a> -</div> - - - - <div id="footer"> - <p> - - The Codex — - - Powered by <a href="http://markdoc.org/">Markdoc</a>. - -<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/devops/autodeploy.md">See this page on Bitbucket</a> (<a href="https://bitbucket.org/ojacobson/grimoire.ca/history-node/master/wiki/devops/autodeploy.md">history</a>). - - </p> - </div> - -</div> -</body> -</html>
\ No newline at end of file diff --git a/.html/devops/continuous-signing.html b/.html/devops/continuous-signing.html deleted file mode 100644 index 5f61000..0000000 --- a/.html/devops/continuous-signing.html +++ /dev/null @@ -1,93 +0,0 @@ -<!DOCTYPE html> -<html> -<head> - <title> - The Codex » - Code Signing on Build Servers - </title> - - <link - rel='stylesheet' - type='text/css' - href='http://fonts.googleapis.com/css?family=Buenard:400,700&subset=latin,latin-ext'> - <link - rel="stylesheet" - type="text/css" - href="../media/css/reset.css"> - <link - rel="stylesheet" - type="text/css" - href="../media/css/grimoire.css"> -</head> -<body> - -<div id="shell"> - - <ol id="breadcrumbs"> - - <li class="crumb-0 not-last"> - - <a href="../">index</a> - - </li> - - <li class="crumb-1 not-last"> - - <a href="./">devops</a> - - </li> - - <li class="crumb-2 last"> - - continuous-signing - - </li> - - </ol> - - - - <div id="article"> - <h1 id="code-signing-on-build-servers">Code Signing on Build Servers</h1> -<p>We sign things so that we can authenticate them later, but authentication is -largely a conscious function. Computers are bad at answering "is this real".</p> -<p>Major signing systems (GPG, jarsigner) require presentation of credentials at -signing time. CI servers don't generally have safe tools for this.</p> - </div> - - - -<div id="comments"> -<div id="disqus_thread"></div> -<script type="text/javascript"> - /* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */ - var disqus_shortname = 'grimoire'; // required: replace example with your forum shortname - - /* * * DON'T EDIT BELOW THIS LINE * * */ - (function() { - var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; - dsq.src = 'http://' + disqus_shortname + '.disqus.com/embed.js'; - (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); - })(); -</script> -<noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript> -<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a> -</div> - - - - <div id="footer"> - <p> - - The Codex — - - Powered by <a href="http://markdoc.org/">Markdoc</a>. - -<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/devops/continuous-signing.md">See this page on Bitbucket</a> (<a href="https://bitbucket.org/ojacobson/grimoire.ca/history-node/master/wiki/devops/continuous-signing.md">history</a>). - - </p> - </div> - -</div> -</body> -</html>
\ No newline at end of file diff --git a/.html/devops/glassfish-and-upstart.html b/.html/devops/glassfish-and-upstart.html deleted file mode 100644 index 0d03620..0000000 --- a/.html/devops/glassfish-and-upstart.html +++ /dev/null @@ -1,231 +0,0 @@ -<!DOCTYPE html> -<html> -<head> - <title> - The Codex » - Glassfish and Upstart - </title> - - <link - rel='stylesheet' - type='text/css' - href='http://fonts.googleapis.com/css?family=Buenard:400,700&subset=latin,latin-ext'> - <link - rel="stylesheet" - type="text/css" - href="../media/css/reset.css"> - <link - rel="stylesheet" - type="text/css" - href="../media/css/grimoire.css"> -</head> -<body> - -<div id="shell"> - - <ol id="breadcrumbs"> - - <li class="crumb-0 not-last"> - - <a href="../">index</a> - - </li> - - <li class="crumb-1 not-last"> - - <a href="./">devops</a> - - </li> - - <li class="crumb-2 last"> - - glassfish-and-upstart - - </li> - - </ol> - - - - <div id="article"> - <h1 id="glassfish-and-upstart">Glassfish and Upstart</h1> -<p><strong>Warning</strong>: the article you're about to read is largely empirical. Take -everything in it in a grain of salt, and <em>verify it yourself</em> before putting -it into production. You have been warned.</p> -<p>The following observations apply to Glassfish 3.1.2.2. Other versions probably -act similarly, but check the docs.</p> -<h2 id="asadmin-create-service"><code>asadmin create-service</code></h2> -<p>Glassfish is capable of emitting SysV init scripts for the DAS, or for any -instance. These init scripts wrap <code>asadmin start-domain</code> and <code>asadmin -start-local-instance</code>. However, the scripts it emits are (justifiably) -minimalist, and it makes some very strong assumptions about the layout of your -system's rc.d trees and about your system's choice of runlevels. The minimal -init scripts avoid any integration with platform “enhancements” (such as -Redhat's <code>/var/lock/subsys</code> mechanism and <code>condrestart</code> convention, or -Debian's <code>start-stop-daemon</code> helpers) in the name of portability, and the -assumptions it makes about runlevels and init layout are becoming -incrementally more fragile as more distributions switch to alternate init -systems with SysV compatiblity layers.</p> -<h2 id="fork-and-expect">Fork and <code>expect</code></h2> -<p>Upstart's process tracking mechanism relies on services following one of three -forking models, so that it can accurately track which children of PID 1 are -associated with which services:</p> -<ul> -<li> -<p>No <code>expect</code> stanza: The service's “main” process is expected not to fork at - all, and to remain running. The process started by upstart is the “main” - process.</p> -</li> -<li> -<p><code>expect fork</code>: The service is expected to call <code>fork()</code> or <code>clone()</code> once. - The process started by upstart itself is not the “main” process, but its - first child process is.</p> -</li> -<li> -<p><code>expect daemon</code>: The service is expected to call <code>fork()</code> or <code>clone()</code> - twice. The first grandchild process of the one started by upstart itself is - the “main” process. This corresponds to classical Unix daemons, which fork - twice to properly dissociate themselves from the launching shell.</p> -</li> -</ul> -<p>Surprisingly, <code>asadmin</code>-launched Glassfish matches <em>none</em> of these models, and -using <code>asadmin start-domain</code> to launch Glassfish from Upstart is not, as far -as I can tell, possible. It's tricky to debug why, since JVM thread creation -floods <code>strace</code> with chaff, but I suspect that either <code>asadmin</code> or Glassfish -itself is forking too many times.</p> -<p>From <a href="https://java.net/projects/glassfish/lists/dev/archive/2012-02/message/9">this mailing list -thread</a>, -though, it appears to be safe to launch Glassfish directly, using <code>java -jar -GLASSFISH_ROOT/modules/glassfish.jar -domain DOMAIN</code>. This fits nicely into -Upstart's non-forking expect mode, but you lose the ability to pass VM -configuration settings to Glassfish during startup. Any memory settings or -Java environment properties you want to pass to Glassfish have to be passed to -the <code>java</code> command manually.</p> -<p>You also lose <code>asadmin</code>'s treatment of Glassfish's working directory. Since -Upstart can configure the working directory, this isn't a big deal.</p> -<h2 id="sigterm-versus-asadmin-stop-domain"><code>SIGTERM</code> versus <code>asadmin stop-domain</code></h2> -<p>Upstart always stops services by sending them a signal. While you can dictate -which signal it uses, you cannot replace signals with another mechanims. -Glassfish shuts down abruptly when it recieves <code>SIGTERM</code> or <code>SIGINT</code>, leaving -some ugly noise in the logs and potentially aborting any transactions and -requests in flight. The Glassfish developers believe this is harmless and that -the server's operation is correct, and that's probably true, but I've not -tested its effect on outward-facing requests or on in-flight operations far -enough to be comfortable with it.</p> -<p>I chose to run a “clean”(er) shutdown using <code>asadmin stop-domain</code>. This fits -nicely in Upstart's <code>pre-stop</code> step, <em>provided you do not use Upstart's -<code>respawn</code> feature</em>. Upstart will correctly notice that Glassfish has already -stopped after <code>pre-stop</code> finishes, but when <code>respawn</code> is enabled Upstart will -treat this as an unexpected termination, switch goals from <code>stop</code> to -<code>respawn</code>, and restart Glassfish.</p> -<p>(The Upstart documentation claims that <code>respawn</code> does not apply if the tracked -process exits during <code>pre-stop</code>. This may be true in newer versions of -Upstart, but the version used in Ubuntu 12.04 does restart Glassfish if it -stops during <code>pre-stop</code>.)</p> -<p>Yes, this does make it impossible to stop Glassfish, ever, unless you set a -respawn limit.</p> -<p>Fortunately, you don't actually want to use <code>respawn</code> to manage availability. -The <code>respawn</code> mode cripples your ability to manage the service “out of band” -by forcing Upstart to restart it as a daemon every time it stops for any -reason. This means you cannot stop a server with <code>SIGTERM</code> or <code>SIGKILL</code>; it'll -immediately start again.</p> -<h2 id="initctl-reload"><code>initctl reload</code></h2> -<p>It sends <code>SIGHUP</code>. This does not reload Glassfish's configuration. Deal with -it; use <code>initctl restart</code> or <code>asadmin restart-domain</code> instead. Most of -Glassfish's configuration can be changed on the fly with <code>asadmin set</code> or -other commands anyways, so this is not a big limitation.</p> -<h2 id="instances">Instances</h2> -<p>Upstart supports “instances” of a service. This slots nicely into Glassfish's -ability to host multiple domains and instances on the same physical hardware. -I ended up with a generic <code>glassfish-domain.conf</code> Upstart configuration:</p> -<pre><code>description "Glassfish DAS" -console log - -instance $DOMAIN - -setuid glassfish -setgid glassfish -umask 0022 -chdir /opt/glassfish3 - -exec /usr/bin/java -jar /opt/glassfish3/glassfish/modules/glassfish.jar -domain "${DOMAIN}" - -pre-stop exec /opt/glassfish3/bin/asadmin stop-domain "${DOMAIN}" -</code></pre> -<p>Combined with a per-domain wrapper:</p> -<pre><code>description "Glassfish 'example' domain" -console log - -# Consider using runlevels here. -start on started networking -stop on deconfiguring-networking - -pre-start script - start glassfish-domain DOMAIN=example -end script - -post-stop script - stop glassfish-domain DOMAIN=example -end script -</code></pre> -<h2 id="possible-refinements">Possible refinements</h2> -<ul> -<li> -<p>Pull system properties and VM flags from the domain's own <code>domain.xml</code> - correctly. It might be possible to abuse the (undocumented, unsupported, but - helpful) <code>--_dry-run</code> argument from <code>asadmin start-domain</code> for this, or it - might be necessary to parse <code>domain.xml</code> manually, or it may be possible to - exploit parts of Glassfish itself for this.</p> -</li> -<li> -<p>The <code>asadmin</code> cwd is actually the domain's <code>config</code> dir, not the Glassfish - installation root.</p> -</li> -<li> -<p>Something something something password files.</p> -</li> -<li> -<p>Syslog and logrotate integration would be useful. The configurations above - spew Glassfish's startup output and stdout to - <code>/var/log/upstart/glassfish-domain-FOO.log</code>, which may not be rotated by - default.</p> -</li> -</ul> - </div> - - - -<div id="comments"> -<div id="disqus_thread"></div> -<script type="text/javascript"> - /* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */ - var disqus_shortname = 'grimoire'; // required: replace example with your forum shortname - - /* * * DON'T EDIT BELOW THIS LINE * * */ - (function() { - var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; - dsq.src = 'http://' + disqus_shortname + '.disqus.com/embed.js'; - (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); - })(); -</script> -<noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript> -<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a> -</div> - - - - <div id="footer"> - <p> - - The Codex — - - Powered by <a href="http://markdoc.org/">Markdoc</a>. - -<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/devops/glassfish-and-upstart.md">See this page on Bitbucket</a> (<a href="https://bitbucket.org/ojacobson/grimoire.ca/history-node/master/wiki/devops/glassfish-and-upstart.md">history</a>). - - </p> - </div> - -</div> -</body> -</html>
\ No newline at end of file diff --git a/.html/devops/index.html b/.html/devops/index.html deleted file mode 100644 index b121d4f..0000000 --- a/.html/devops/index.html +++ /dev/null @@ -1,98 +0,0 @@ -<!DOCTYPE html> -<html> -<head> - <title> - The Codex » - ls /devops - </title> - - <link - rel='stylesheet' - type='text/css' - href='http://fonts.googleapis.com/css?family=Buenard:400,700&subset=latin,latin-ext'> - <link - rel="stylesheet" - type="text/css" - href="../media/css/reset.css"> - <link - rel="stylesheet" - type="text/css" - href="../media/css/grimoire.css"> -</head> -<body> - -<div id="shell"> - - <ol id="breadcrumbs"> - - <li class="crumb-0 not-last"> - - <a href="../">index</a> - - </li> - - <li class="crumb-1 not-last"> - - <a href="./">devops</a> - - </li> - - <li class="crumb-2 last"> - - <span class="list-crumb">list</span> - - </li> - - </ol> - - - - <div id="listing"> - <h1><code>ls /devops</code></h1> - - - - - <div id="pages"> - <h2>Pages</h2> - <ul> - - <li><a href="continuous-signing">Code Signing on Build Servers</a></li> - - <li><a href="glassfish-and-upstart">Glassfish and Upstart</a></li> - - <li><a href="notes-on-bootstrapping-grimoire-dot-ca">Notes on Bootstrapping This Host</a></li> - - <li><a href="puppet-2.7-to-3.1">Notes on upgrading Puppet from 2.7 to 3.1</a></li> - - <li><a href="autodeploy">Notes towards automating deployment</a></li> - - <li><a href="self-daemonization-sucks">Self-daemonizing code is awful</a></li> - - </ul> - </div> - - - - </div> - - - - - - - <div id="footer"> - <p> - - The Codex — - - Powered by <a href="http://markdoc.org/">Markdoc</a>. - -<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/devops">See this directory on Bitbucket</a>. - - </p> - </div> - -</div> -</body> -</html>
\ No newline at end of file diff --git a/.html/devops/notes-on-bootstrapping-grimoire-dot-ca.html b/.html/devops/notes-on-bootstrapping-grimoire-dot-ca.html deleted file mode 100644 index e5a1b47..0000000 --- a/.html/devops/notes-on-bootstrapping-grimoire-dot-ca.html +++ /dev/null @@ -1,166 +0,0 @@ -<!DOCTYPE html> -<html> -<head> - <title> - The Codex » - Notes on Bootstrapping This Host - </title> - - <link - rel='stylesheet' - type='text/css' - href='http://fonts.googleapis.com/css?family=Buenard:400,700&subset=latin,latin-ext'> - <link - rel="stylesheet" - type="text/css" - href="../media/css/reset.css"> - <link - rel="stylesheet" - type="text/css" - href="../media/css/grimoire.css"> -</head> -<body> - -<div id="shell"> - - <ol id="breadcrumbs"> - - <li class="crumb-0 not-last"> - - <a href="../">index</a> - - </li> - - <li class="crumb-1 not-last"> - - <a href="./">devops</a> - - </li> - - <li class="crumb-2 last"> - - notes-on-bootstrapping-grimoire-dot-ca - - </li> - - </ol> - - - - <div id="article"> - <h1 id="notes-on-bootstrapping-this-host">Notes on Bootstrapping This Host</h1> -<p>Presented without comment:</p> -<ul> -<li> -<p>Package updates:</p> -<pre><code>apt-get update -apt-get upgrade -</code></pre> -</li> -<li> -<p>Install Git:</p> -<pre><code>apt-get install git -</code></pre> -</li> -<li> -<p>Set hostname:</p> -<pre><code>echo 'grimoire' > /etc/hostname -sed -i -e $'s,ubuntu,grimoire.ca\tgrimoire,' /etc/hosts -poweroff -</code></pre> -<p>To verify:</p> -<pre><code>hostname -f # => grimoire.ca -hostname # => grimoire -</code></pre> -</li> -<li> -<p>Add <code>owen</code> user:</p> -<pre><code>adduser owen -adduser owen sudo -</code></pre> -<p>To verify:</p> -<pre><code>id owen # => uid=1000(owen) gid=1000(owen) groups=1000(owen),27(sudo) -</code></pre> -</li> -<li> -<p>Install Puppetlabs Repos:</p> -<pre><code>wget https://apt.puppetlabs.com/puppetlabs-release-pc1-trusty.deb -dpkg -i puppetlabs-release-pc1-trusty.deb -apt-get update -</code></pre> -</li> -<li> -<p>Install Puppet server:</p> -<pre><code>apt-get install puppetserver -sed -i \ - -e '/^JAVA_ARGS=/ s,2g,512m,g' \ - -e '/^JAVA_ARGS=/ s, -XX:MaxPermSize=256m,,' \ - /etc/default/puppetserver -service puppetserver start -</code></pre> -</li> -<li> -<p>Test Puppet agent:</p> -<pre><code>/opt/puppetlabs/bin/puppet agent --test --server grimoire.ca -</code></pre> -<p>This should output the following:</p> -<pre><code>Info: Retrieving pluginfacts -Info: Retrieving plugin -Info: Caching catalog for grimoire.ca -Info: Applying configuration version '1446415926' -Info: Creating state file /opt/puppetlabs/puppet/cache/state/state.yaml -Notice: Applied catalog in 0.01 seconds -</code></pre> -</li> -<li> -<p>Install environment:</p> -<pre><code>git init --bare /root/puppet.git -# From workstation, `git push root@grimoire.ca:puppet.git master` to populate the repo -rm -rf /etc/puppetlabs/code/environments/production -git clone /root/puppet.git /etc/puppetlabs/code/environments/production -</code></pre> -</li> -<li> -<p>Bootstrap puppet:</p> -<pre><code>/opt/puppetlabs/bin/puppet agent --test --server grimoire.ca -</code></pre> -</li> -</ul> - </div> - - - -<div id="comments"> -<div id="disqus_thread"></div> -<script type="text/javascript"> - /* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */ - var disqus_shortname = 'grimoire'; // required: replace example with your forum shortname - - /* * * DON'T EDIT BELOW THIS LINE * * */ - (function() { - var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; - dsq.src = 'http://' + disqus_shortname + '.disqus.com/embed.js'; - (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); - })(); -</script> -<noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript> -<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a> -</div> - - - - <div id="footer"> - <p> - - The Codex — - - Powered by <a href="http://markdoc.org/">Markdoc</a>. - -<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/devops/notes-on-bootstrapping-grimoire-dot-ca.md">See this page on Bitbucket</a> (<a href="https://bitbucket.org/ojacobson/grimoire.ca/history-node/master/wiki/devops/notes-on-bootstrapping-grimoire-dot-ca.md">history</a>). - - </p> - </div> - -</div> -</body> -</html>
\ No newline at end of file diff --git a/.html/devops/puppet-2.7-to-3.1.html b/.html/devops/puppet-2.7-to-3.1.html deleted file mode 100644 index ca53067..0000000 --- a/.html/devops/puppet-2.7-to-3.1.html +++ /dev/null @@ -1,147 +0,0 @@ -<!DOCTYPE html> -<html> -<head> - <title> - The Codex » - Notes on upgrading Puppet from 2.7 to 3.1 - </title> - - <link - rel='stylesheet' - type='text/css' - href='http://fonts.googleapis.com/css?family=Buenard:400,700&subset=latin,latin-ext'> - <link - rel="stylesheet" - type="text/css" - href="../media/css/reset.css"> - <link - rel="stylesheet" - type="text/css" - href="../media/css/grimoire.css"> -</head> -<body> - -<div id="shell"> - - <ol id="breadcrumbs"> - - <li class="crumb-0 not-last"> - - <a href="../">index</a> - - </li> - - <li class="crumb-1 not-last"> - - <a href="./">devops</a> - - </li> - - <li class="crumb-2 last"> - - puppet-2.7-to-3.1 - - </li> - - </ol> - - - - <div id="article"> - <h1 id="notes-on-upgrading-puppet-from-27-to-31">Notes on upgrading Puppet from 2.7 to 3.1</h1> -<h2 id="bad">Bad</h2> -<ul> -<li> -<p>As usual, you have to upgrade the puppet master first. 2.7 agents can speak - to 3.1 masters just fine, but 3.1 agents cannot speak to 2.7 masters.</p> -</li> -<li> -<p>I tried to upgrade the Puppet master using both <code>puppet agent</code> (failed when - package upgrades shut down the puppet master) and <code>puppet apply</code> (failed for - Ubuntu-specific reasons outlined below)</p> -</li> -<li> -<p><a href="https://projects.puppetlabs.com/issues/19308">This bug</a>.</p> -</li> -<li> -<p>You more or less can't upgrade Puppet using Puppet.</p> -</li> -</ul> -<h2 id="good">Good</h2> -<ul> -<li> -<p>My 2.7 manifests worked perfectly under 3.1.</p> -</li> -<li> -<p>Puppet's CA and SSL certs survived intact and required no maintenance after - the upgrade.</p> -</li> -<li> -<p>The Hiera integration into class parameters works as advertised and really - does help a lot.</p> -</li> -<li> -<p>Once I figured out how to execute it, the upgrade was pretty smooth.</p> -</li> -<li> -<p>No Ruby upgrade!</p> -</li> -<li> -<p>Testing the upgrade in a VM sandbox meant being able to fuck up safely. - <a href="http://www.vagrantup.com">Vagrant</a> is super awesome.</p> -</li> -</ul> -<h2 id="package-management-sucks">Package Management Sucks</h2> -<p>Asking Puppet to upgrade Puppet went wrong on Ubuntu because of the way Puppet -is packaged: there are three (ish) Puppet packages, and Puppet's resource -evaluation bits try to upgrade and install one package at a time. Upgrading -only “puppetmaster” upgraded “puppet-common” but not “puppet,” causing Apt to -remove “puppet”; upgrading only “puppet” similarly upgraded “puppet-copmmon” -but not “puppetmaster,” causing Apt to remove “puppetmaster.”</p> -<p>The Puppet aptitude provider (which I use instead of apt-get) for Package -resources also doesn't know how to tell aptitude what to do with config files -during upgrades. This prevented Puppet from being able to upgrade pacakges -even when running standalone (via <code>puppet apply</code>).</p> -<p>Finally, something about the switchover from Canonical's Puppet .debs to -Puppetlabs' .debs caused aptitude to consider all three packages “broken” -after a manual upgrade ('aptitude upgrade puppet puppetmaster'). Upgrading the -packages a second time corrected it; this is the path I eventually took with -my production puppetmaster and nodes.</p> - </div> - - - -<div id="comments"> -<div id="disqus_thread"></div> -<script type="text/javascript"> - /* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */ - var disqus_shortname = 'grimoire'; // required: replace example with your forum shortname - - /* * * DON'T EDIT BELOW THIS LINE * * */ - (function() { - var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; - dsq.src = 'http://' + disqus_shortname + '.disqus.com/embed.js'; - (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); - })(); -</script> -<noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript> -<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a> -</div> - - - - <div id="footer"> - <p> - - The Codex — - - Powered by <a href="http://markdoc.org/">Markdoc</a>. - -<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/devops/puppet-2.7-to-3.1.md">See this page on Bitbucket</a> (<a href="https://bitbucket.org/ojacobson/grimoire.ca/history-node/master/wiki/devops/puppet-2.7-to-3.1.md">history</a>). - - </p> - </div> - -</div> -</body> -</html>
\ No newline at end of file diff --git a/.html/devops/self-daemonization-sucks.html b/.html/devops/self-daemonization-sucks.html deleted file mode 100644 index 14e2c01..0000000 --- a/.html/devops/self-daemonization-sucks.html +++ /dev/null @@ -1,162 +0,0 @@ -<!DOCTYPE html> -<html> -<head> - <title> - The Codex » - Self-daemonizing code is awful - </title> - - <link - rel='stylesheet' - type='text/css' - href='http://fonts.googleapis.com/css?family=Buenard:400,700&subset=latin,latin-ext'> - <link - rel="stylesheet" - type="text/css" - href="../media/css/reset.css"> - <link - rel="stylesheet" - type="text/css" - href="../media/css/grimoire.css"> -</head> -<body> - -<div id="shell"> - - <ol id="breadcrumbs"> - - <li class="crumb-0 not-last"> - - <a href="../">index</a> - - </li> - - <li class="crumb-1 not-last"> - - <a href="./">devops</a> - - </li> - - <li class="crumb-2 last"> - - self-daemonization-sucks - - </li> - - </ol> - - - - <div id="article"> - <h1 id="self-daemonizing-code-is-awful">Self-daemonizing code is awful</h1> -<p>The classical UNIX approach to services is to implement them as “daemons,” -programs that run without a terminal attached and provide some service. The -key feature of a classical daemon is that, when started, it carefully -detaches itself from its initial environment and terminal, then continues -running in the background.</p> -<p>This is awful and I'm glad modern init replacements discourage it.</p> -<h2 id="process-tracking">Process Tracking</h2> -<p>Daemons don't exist in a vacuum. Administrators and owners need to be able to -start and stop daemons reliably, and check their status. The classic -self-daemonization approach makes this impossible.</p> -<p>Traditionally, daemons run as children of <code>init</code> (pid 1), even if they start -out as children of some terminal or startup process. Posix only provides -deterministic APIs for processes to manage their children and their immediate -parents; the classic daemonisation protocol hands the newly-started daemon -process off from its original parent process, which knows how to start and -stop it, to an unsuspecting <code>init</code>, which has no idea how this specific -daemon is special.</p> -<p>The standard workaround has daemons write their own PIDs to a file, but a -file is “dead” data: it's not automatically updated if the daemon dies, and -can linger long enough to contain the PID of some later, unrelated program. -PID file validity checks generally suffer from subtle (or, sometimes, quite -gross) race conditions.</p> -<h2 id="complexity">Complexity</h2> -<p>The actual <em>code</em> to correctly daemonize a process is surprisingly complex, -given the individual interfaces' relative simplicity:</p> -<ul> -<li> -<p>The daemon must start its own process group</p> -</li> -<li> -<p>The daemon must detach from its controlling terminal</p> -</li> -<li> -<p>The daemon should close (and may reopen) file handles inherited from its - parent process (generally, a shell)</p> -</li> -<li> -<p>The daemon should ensure its working directory is predictable and - controllable</p> -</li> -<li> -<p>The daemon should ensure its umask is predictable and controllable</p> -</li> -<li> -<p>If the daemon uses privileged resources (such as low-numbered ports), it - should carefully manage its effective, real, and session UID and GIDs</p> -</li> -<li> -<p>Daemons must ensure that all of the above steps happen in signal-safe ways, - so that a daemon can be shut down sanely even if it's still starting up</p> -</li> -</ul> -<p>See <a href="http://www.freedesktop.org/software/systemd/man/daemon.html">this list</a> -for a longer version. It's worse than you think.</p> -<p>All of this gets even more complicated if the daemon has its own child -processes, a pattern common to network services. Naturally, a lot of daemons -in the real world get some of these steps wrong.</p> -<h2 id="the-future">The Future</h2> -<p><a href="http://supervisord.org">Supervisord</a>, -<a href="http://ddollar.github.io/foreman/">Foreman</a>, -<a href="http://upstart.ubuntu.com">Upstart</a>, -<a href="https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/launchctl.1.html">Launchd</a>, -<a href="http://www.freedesktop.org/wiki/Software/systemd/">systemd</a>, and <a href="http://cr.yp.to/daemontools.html">daemontools</a> all -encourage services <em>not</em> to self-daemonize by providing a sane system for -starting the daemon with the right parent process and the right environment -in the first place.</p> -<p>This is a great application of -<a href="http://c2.com/cgi/wiki?DontRepeatYourself">DRY</a>, as the daemon management -code only needs to be written once (in the daemon-managing daemon) rather -than many times over (in each individual daemon). It also makes daemon -execution more predictable, since daemons “in production” behave more like -they do when run attached to a developer's console during debugging or -development.</p> - </div> - - - -<div id="comments"> -<div id="disqus_thread"></div> -<script type="text/javascript"> - /* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */ - var disqus_shortname = 'grimoire'; // required: replace example with your forum shortname - - /* * * DON'T EDIT BELOW THIS LINE * * */ - (function() { - var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; - dsq.src = 'http://' + disqus_shortname + '.disqus.com/embed.js'; - (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); - })(); -</script> -<noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript> -<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a> -</div> - - - - <div id="footer"> - <p> - - The Codex — - - Powered by <a href="http://markdoc.org/">Markdoc</a>. - -<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/devops/self-daemonization-sucks.md">See this page on Bitbucket</a> (<a href="https://bitbucket.org/ojacobson/grimoire.ca/history-node/master/wiki/devops/self-daemonization-sucks.md">history</a>). - - </p> - </div> - -</div> -</body> -</html>
\ No newline at end of file |