SlideShare ist ein Scribd-Unternehmen logo

Systems administration for coders presentation

Als PPTX, PDF herunterladen
M
Matt Willsher

A presentation given at Unified Diff in Cardiff in 2013, with the aim of introducing the art & science of systems administration to software developers, based on experiences at the web dev agency.

Technologie
1 von 27
SYSTEMS ADMINISTRATION FOR CODERS Hints & tips to increase reliability & reduce maintenance time.
WHAT IS A SYSTEM? An assemblage or combination of things or parts forming a complex or unitary whole.
WHAT DOES A SYSTEMS ADMINISTRATOR DO? • Introduces new technologies into an environment • Analyses system logs and identifies potential issues with a system. • Plans and performs routine maintenance • Performs and maintains backups • Installs and configures new software and hardware
WHAT DOES A SYSTEMS ADMINISTRATOR DO? • Manages user accounts • Responsibility for security • Responsibility for documentation of the system • Plans systems upgrades and outages to apply upgrades • Troubleshooting reported problems • Deals with, often frustrated, system users... ... etc. etc.
A COMPUTER SYSTEM • Many components working together - software (application, web server, OS), hardware (disks, RAM, CPU) & others (networking equipment, switches, routers, load balancers) • Provides stability and maintainability that underpins the entire application. • Supports your software for its lifetime. • Can provide parts of your application. Sometimes a problem has already been solved by some other software.
START AT BEGINNING • Start sysadmin tasks at the beginning of the project. • Write tools to aid deployment. • Write tools to set up environments. • Iterate over these tools and stabilise for production
ENVIRONMENTS • Dev, QA, Live • Dev, Test, QA, UAT, Live ~~ Dev, Test, QA, UAT, Staging, Live • The nearer they get to live, the closer the should resemble live. • Dev environment should at least be the same major versions, preferably OS version. • Vagrant is a useful tool for this.
SSH • Probably the most frequently used tool • Forwarding SSH agent to allow key use remotely (e.g. git, hopping between servers) • Tunnels for access to remote resources • Reverse tunnels for remote access to local resource • Easy to configure the client
SSH-AGENT • Generate keys >2048 bits (e.g. ssh-keygen -b 4096) • ssh-add to load default key (~/.ssh/id_rsa) • ssh-copy-id <server> to copy to remote server • ssh -A <server> to forward agent back to local instance. • Agent runs at login for modern Linux desktop, Mac OS.
SSH-TUNNELS • Local access to remote: ssh -L3307:localhost:3306 <server> • Remote access to local: ssh -R:3307:localhost:3306 <server> • SOCKS proxy: ssh -D5050 <server>
SSH CLIENT CONFIGURATION • Per user configuration: ~/.ssh/config • Config options can be set per host or via wild card, e.g. User, ForwardAgent, Hostname & many more • manpage: ssh_config
UNIX/LINUX PRINCIPLES • Most things in Linux & UNIX are text. • Each command line tools does one task and does it well. • Command line tools process text with relative ease. • Much of the text is separated into fields - especially logs, or as key = value pairs. • There are standard locations for many types of file.
BASIC TOOLS • cat - display text • grep - find text • awk - field processing (and more) • sed - search and replace text • wc - count • cut - simple field processing • head, tail - print first and last lines of text • sort - sort text
LOCATION, LOCATION, LOCATION • /etc - configuration • /usr - read-only user data • /var - variable length files (caches, logs, temporary files) • /home - users' home directories • /opt - optional applications • /srv - served site specific data • See the Filesystem Hierarchy Standard. Same across most distros
VARIABLE LENGTH FILES • /var/log - Logs go here • /var/cache - Cached files • Watch your permissions • During normal operation, /usr, /opt should be able to be mounted read only
SOFTWARE DEPLOYMENT • Use vendor supplied packages whenever possible: • Reduces risk of misconfigurations • Easier to seek help • Usually well tested • Easier upgrades, timely security fixes • Building from source will take a fair amount of time, CPU • Ruby may be an exception. PHP isn't
CHOICE OF LINUX DISTRIBUTION • Two main camps - Debian and RedHat • Red Hat Enterprise Linux is rock solid but expensive & packages tend to be older. CentOS is Enterprise Linux recompiled from the same source RPMs. • Debian stable is rock solid but packages tend to be old. Community/3rd party support only. • Ubuntu LTS is pretty solid, packages are more recent than EL. Well supported in the Cloud - AWS, OpenStack especially.
SOURCE OF PACKAGES • Use as stable, well testing packages as much possible • Ubuntu main, Debian stable ideally • For EL distros, EPEL augments core packages well • For EL, IUS provide recent versions of MySQL, PHP but is less well tested. • Avoid one person repos, PPAs if at all possible.
BUILDING FROM SOURCE • Do not build on live servers. Deploy only compiled code. • Ideally produce a package. • Avoid if possible. Increased risk of problems - more moving parts.
DIAGNOSTICS • Check disk space: df -h 100% full is bad. • Check logs: /var/log, /var/log/syslog, /var/log/messages - get to know your logs. • dmesg for hardware information. • Check RAM (free -m) and CPU usage with top. • Install sysstat package early on - sar will gather data. Also gives you iostat, vmstat, mpstat.
SECURITY • Install denyhosts/fail2ban to help protect SSH. • Disable SSH in as root, use SSH keys. • Use host based firewalls, AWS security groups. • Don’t run your servers as root. Try to split them over different users with clear paths between them. One user nginx, one. php-fpm • Audit trials are useful.
BACKUPS • Databases: Dump the DB, don’t take hot copies of the DB files, • Make use of your hosting providers backup services. • Make sure you can restore. Test regularly.
PROCESS • Repeat manual tasks often • Try to use the same deployment system across stages • Get live up early, treat it as UAT and deploy to it regularly. Avoid 'big bang' deployment • Use what suits - don't blindly follow trends, assess risks as suits the type of project. • Small steps, iterative improvement. Agile, Kanban, Lean etc.
AUTOMATION • CFEngine, Puppet, Chef can get you quick wins. They can quickly become hard to manage. Learning curves are steep. • Ansible is simple to get going on. Can be hacked at and still get good results. Data driven. Pretty new, but growing fast. • Nothing wrong with shell/Python/Ruby/Perl scripts. Configuration management tools are not essential. • Packaging gets you out of a lot of automation tasks.
THAT’S A LOT OF STUFF! • Not touched on DR, monitoring, OS provisioning, storage, networking... • Hire a sys-admin :) • A good sys-admin will work with you... • ...to let you get on with the job you enjoy.
QUESTIONS? matt@monki.org.uk
THANKS! matt@monki.org.uk

Empfohlen

Device drivers Introduction
Device drivers IntroductionDevice drivers Introduction
Device drivers Introduction
vijay selva
 
Developing a Ceph Appliance for Secure Environments
Developing a Ceph Appliance for Secure EnvironmentsDeveloping a Ceph Appliance for Secure Environments
Developing a Ceph Appliance for Secure Environments
Ceph Community
 
Device Drivers in Linux
Device Drivers in LinuxDevice Drivers in Linux
Device Drivers in Linux
Shreyas MM
 
Simplifying Ceph Management with Virtual Storage Manager (VSM)
Simplifying Ceph Management with Virtual Storage Manager (VSM)Simplifying Ceph Management with Virtual Storage Manager (VSM)
Simplifying Ceph Management with Virtual Storage Manager (VSM)
Ceph Community
 
2. introduction to linux
2. introduction to linux2. introduction to linux
2. introduction to linux
Mohd yasin Karim
 
Unix tc
Unix tcUnix tc
Unix tc
Bill Chea
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOV
Eric Vanderburg
 
Linux操作系统01 简介
Linux操作系统01 简介Linux操作系统01 简介
Linux操作系统01 简介
lclsg123
 

Empfohlen

Device drivers Introduction
Device drivers IntroductionDevice drivers Introduction
Device drivers Introduction
vijay selva
 
Developing a Ceph Appliance for Secure Environments
Developing a Ceph Appliance for Secure EnvironmentsDeveloping a Ceph Appliance for Secure Environments
Developing a Ceph Appliance for Secure Environments
Ceph Community
 
Device Drivers in Linux
Device Drivers in LinuxDevice Drivers in Linux
Device Drivers in Linux
Shreyas MM
 
Simplifying Ceph Management with Virtual Storage Manager (VSM)
Simplifying Ceph Management with Virtual Storage Manager (VSM)Simplifying Ceph Management with Virtual Storage Manager (VSM)
Simplifying Ceph Management with Virtual Storage Manager (VSM)
Ceph Community
 
2. introduction to linux
2. introduction to linux2. introduction to linux
2. introduction to linux
Mohd yasin Karim
 
Unix tc
Unix tcUnix tc
Unix tc
Bill Chea
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOV
Eric Vanderburg
 
Linux操作系统01 简介
Linux操作系统01 简介Linux操作系统01 简介
Linux操作系统01 简介
lclsg123
 
XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016
The Linux Foundation
 
Embedded Systems: Lecture 5: A Tour in RTOS Land
Embedded Systems: Lecture 5: A Tour in RTOS LandEmbedded Systems: Lecture 5: A Tour in RTOS Land
Embedded Systems: Lecture 5: A Tour in RTOS Land
Ahmed El-Arabawy
 
Arch linux and whole security concepts in linux explained
Arch linux and whole security concepts in linux explained Arch linux and whole security concepts in linux explained
Arch linux and whole security concepts in linux explained
krishna kakade
 
What can QNAP Turbo NAS do for your business
What can QNAP Turbo NAS do for your businessWhat can QNAP Turbo NAS do for your business
What can QNAP Turbo NAS do for your business
qnap
 
Embedded Systems: Lecture 6: Linux & GNU
Embedded Systems: Lecture 6: Linux & GNUEmbedded Systems: Lecture 6: Linux & GNU
Embedded Systems: Lecture 6: Linux & GNU
Ahmed El-Arabawy
 
SOUG_Deployment__Automation_DB
SOUG_Deployment__Automation_DBSOUG_Deployment__Automation_DB
SOUG_Deployment__Automation_DB
UniFabric
 
GPLS/PINES GenaSYS Presentation - EG2012
GPLS/PINES GenaSYS Presentation - EG2012GPLS/PINES GenaSYS Presentation - EG2012
GPLS/PINES GenaSYS Presentation - EG2012
pines
 
Building a Two Node SLES 11 SP2 Linux Cluster with VMware
Building a Two Node SLES 11 SP2 Linux Cluster with VMwareBuilding a Two Node SLES 11 SP2 Linux Cluster with VMware
Building a Two Node SLES 11 SP2 Linux Cluster with VMware
geekswing
 
NGENSTOR_ODA_P2V_V5
NGENSTOR_ODA_P2V_V5NGENSTOR_ODA_P2V_V5
NGENSTOR_ODA_P2V_V5
UniFabric
 
Course 101: Lecture 4: A Tour in RTOS Land
Course 101: Lecture 4: A Tour in RTOS Land Course 101: Lecture 4: A Tour in RTOS Land
Course 101: Lecture 4: A Tour in RTOS Land
Ahmed El-Arabawy
 
Nrpe
NrpeNrpe
Nrpe
Tushar Dwivedi
 
My experience with embedding PostgreSQL
My experience with embedding PostgreSQL My experience with embedding PostgreSQL
My experience with embedding PostgreSQL
Jignesh Shah
 
Gnubs-pres-foss-cdac-sem
Gnubs-pres-foss-cdac-semGnubs-pres-foss-cdac-sem
Gnubs-pres-foss-cdac-sem
Sagun Baijal
 
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGICXPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
The Linux Foundation
 
Tuning DB2 in a Solaris Environment
Tuning DB2 in a Solaris EnvironmentTuning DB2 in a Solaris Environment
Tuning DB2 in a Solaris Environment
Jignesh Shah
 
Course 101: Lecture 6: Installing Ubuntu
Course 101: Lecture 6: Installing Ubuntu Course 101: Lecture 6: Installing Ubuntu
Course 101: Lecture 6: Installing Ubuntu
Ahmed El-Arabawy
 
Nagios Conference 2013 - John Sellens - Monitoring Remote Locations with Nagios
Nagios Conference 2013 - John Sellens - Monitoring Remote Locations with NagiosNagios Conference 2013 - John Sellens - Monitoring Remote Locations with Nagios
Nagios Conference 2013 - John Sellens - Monitoring Remote Locations with Nagios
Nagios
 
1184 Quayle
1184 Quayle1184 Quayle
1184 Quayle
Stanley F. Quayle
 
Linux basics (part 2)
Linux basics (part 2)Linux basics (part 2)
Linux basics (part 2)
OSU Open Source Lab
 
Deployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxDeployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS Linux
WO Community
 
Ansible.pdf
Ansible.pdfAnsible.pdf
Ansible.pdf
shaikshazil1
 
How to Build a Compute Cluster
How to Build a Compute ClusterHow to Build a Compute Cluster
How to Build a Compute Cluster
Ramsay Key
 

Weitere ähnliche Inhalte

Was ist angesagt?

What can QNAP Turbo NAS do for your business
What can QNAP Turbo NAS do for your businessWhat can QNAP Turbo NAS do for your business
What can QNAP Turbo NAS do for your business
qnap
 
SOUG_Deployment__Automation_DB
SOUG_Deployment__Automation_DBSOUG_Deployment__Automation_DB
SOUG_Deployment__Automation_DB
UniFabric
 
NGENSTOR_ODA_P2V_V5
NGENSTOR_ODA_P2V_V5NGENSTOR_ODA_P2V_V5
NGENSTOR_ODA_P2V_V5
UniFabric
 
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGICXPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
The Linux Foundation
 

Was ist angesagt? (18)

XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016
 
Embedded Systems: Lecture 5: A Tour in RTOS Land
Embedded Systems: Lecture 5: A Tour in RTOS LandEmbedded Systems: Lecture 5: A Tour in RTOS Land
Embedded Systems: Lecture 5: A Tour in RTOS Land
 
Arch linux and whole security concepts in linux explained
Arch linux and whole security concepts in linux explained Arch linux and whole security concepts in linux explained
Arch linux and whole security concepts in linux explained
 
What can QNAP Turbo NAS do for your business
What can QNAP Turbo NAS do for your businessWhat can QNAP Turbo NAS do for your business
What can QNAP Turbo NAS do for your business
 
Embedded Systems: Lecture 6: Linux & GNU
Embedded Systems: Lecture 6: Linux & GNUEmbedded Systems: Lecture 6: Linux & GNU
Embedded Systems: Lecture 6: Linux & GNU
 
SOUG_Deployment__Automation_DB
SOUG_Deployment__Automation_DBSOUG_Deployment__Automation_DB
SOUG_Deployment__Automation_DB
 
GPLS/PINES GenaSYS Presentation - EG2012
GPLS/PINES GenaSYS Presentation - EG2012GPLS/PINES GenaSYS Presentation - EG2012
GPLS/PINES GenaSYS Presentation - EG2012
 
Building a Two Node SLES 11 SP2 Linux Cluster with VMware
Building a Two Node SLES 11 SP2 Linux Cluster with VMwareBuilding a Two Node SLES 11 SP2 Linux Cluster with VMware
Building a Two Node SLES 11 SP2 Linux Cluster with VMware
 
NGENSTOR_ODA_P2V_V5
NGENSTOR_ODA_P2V_V5NGENSTOR_ODA_P2V_V5
NGENSTOR_ODA_P2V_V5
 
Course 101: Lecture 4: A Tour in RTOS Land
Course 101: Lecture 4: A Tour in RTOS Land Course 101: Lecture 4: A Tour in RTOS Land
Course 101: Lecture 4: A Tour in RTOS Land
 
Nrpe
NrpeNrpe
Nrpe
 
My experience with embedding PostgreSQL
My experience with embedding PostgreSQL My experience with embedding PostgreSQL
My experience with embedding PostgreSQL
 
Gnubs-pres-foss-cdac-sem
Gnubs-pres-foss-cdac-semGnubs-pres-foss-cdac-sem
Gnubs-pres-foss-cdac-sem
 
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGICXPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
 
Tuning DB2 in a Solaris Environment
Tuning DB2 in a Solaris EnvironmentTuning DB2 in a Solaris Environment
Tuning DB2 in a Solaris Environment
 
Course 101: Lecture 6: Installing Ubuntu
Course 101: Lecture 6: Installing Ubuntu Course 101: Lecture 6: Installing Ubuntu
Course 101: Lecture 6: Installing Ubuntu
 
Nagios Conference 2013 - John Sellens - Monitoring Remote Locations with Nagios
Nagios Conference 2013 - John Sellens - Monitoring Remote Locations with NagiosNagios Conference 2013 - John Sellens - Monitoring Remote Locations with Nagios
Nagios Conference 2013 - John Sellens - Monitoring Remote Locations with Nagios
 
1184 Quayle
1184 Quayle1184 Quayle
1184 Quayle
 

Ähnlich wie Systems administration for coders presentation

Linux security quick reference guide
Linux security quick reference guideLinux security quick reference guide
Linux security quick reference guide
Craig Cannon
 

Ähnlich wie Systems administration for coders presentation (20)

Linux basics (part 2)
Linux basics (part 2)Linux basics (part 2)
Linux basics (part 2)
 
Deployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxDeployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS Linux
 
Ansible.pdf
Ansible.pdfAnsible.pdf
Ansible.pdf
 
How to Build a Compute Cluster
How to Build a Compute ClusterHow to Build a Compute Cluster
How to Build a Compute Cluster
 
Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhyd
 
Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3
 
Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticians
 
Flexible compute
Flexible computeFlexible compute
Flexible compute
 
Ansible - A 'crowd' introduction
Ansible - A 'crowd' introductionAnsible - A 'crowd' introduction
Ansible - A 'crowd' introduction
 
Insider operating system
Insider operating systemInsider operating system
Insider operating system
 
Operating Systems & Applications
Operating Systems & ApplicationsOperating Systems & Applications
Operating Systems & Applications
 
Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)
 
nessus
nessusnessus
nessus
 
DevOps for database
DevOps for databaseDevOps for database
DevOps for database
 
Automated Deployment and Configuration Engines. Ansible
Automated Deployment and Configuration Engines. AnsibleAutomated Deployment and Configuration Engines. Ansible
Automated Deployment and Configuration Engines. Ansible
 
Still All on One Server: Perforce at Scale
Still All on One Server: Perforce at Scale Still All on One Server: Perforce at Scale
Still All on One Server: Perforce at Scale
 
Linux security quick reference guide
Linux security quick reference guideLinux security quick reference guide
Linux security quick reference guide
 
Linux
LinuxLinux
Linux
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup.
 
Best Practices for Deploying Enterprise Applications on UNIX
Best Practices for Deploying Enterprise Applications on UNIXBest Practices for Deploying Enterprise Applications on UNIX
Best Practices for Deploying Enterprise Applications on UNIX
 

Kürzlich hochgeladen

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 

Systems administration for coders presentation

  • 1. SYSTEMS ADMINISTRATION FOR CODERS Hints & tips to increase reliability & reduce maintenance time.
  • 2. WHAT IS A SYSTEM? An assemblage or combination of things or parts forming a complex or unitary whole.
  • 3. WHAT DOES A SYSTEMS ADMINISTRATOR DO? • Introduces new technologies into an environment • Analyses system logs and identifies potential issues with a system. • Plans and performs routine maintenance • Performs and maintains backups • Installs and configures new software and hardware
  • 4. WHAT DOES A SYSTEMS ADMINISTRATOR DO? • Manages user accounts • Responsibility for security • Responsibility for documentation of the system • Plans systems upgrades and outages to apply upgrades • Troubleshooting reported problems • Deals with, often frustrated, system users... ... etc. etc.
  • 5. A COMPUTER SYSTEM • Many components working together - software (application, web server, OS), hardware (disks, RAM, CPU) & others (networking equipment, switches, routers, load balancers) • Provides stability and maintainability that underpins the entire application. • Supports your software for its lifetime. • Can provide parts of your application. Sometimes a problem has already been solved by some other software.
  • 6. START AT BEGINNING • Start sysadmin tasks at the beginning of the project. • Write tools to aid deployment. • Write tools to set up environments. • Iterate over these tools and stabilise for production
  • 7. ENVIRONMENTS • Dev, QA, Live • Dev, Test, QA, UAT, Live ~~ Dev, Test, QA, UAT, Staging, Live • The nearer they get to live, the closer the should resemble live. • Dev environment should at least be the same major versions, preferably OS version. • Vagrant is a useful tool for this.
  • 8. SSH • Probably the most frequently used tool • Forwarding SSH agent to allow key use remotely (e.g. git, hopping between servers) • Tunnels for access to remote resources • Reverse tunnels for remote access to local resource • Easy to configure the client
  • 9. SSH-AGENT • Generate keys >2048 bits (e.g. ssh-keygen -b 4096) • ssh-add to load default key (~/.ssh/id_rsa) • ssh-copy-id <server> to copy to remote server • ssh -A <server> to forward agent back to local instance. • Agent runs at login for modern Linux desktop, Mac OS.
  • 10. SSH-TUNNELS • Local access to remote: ssh -L3307:localhost:3306 <server> • Remote access to local: ssh -R:3307:localhost:3306 <server> • SOCKS proxy: ssh -D5050 <server>
  • 11. SSH CLIENT CONFIGURATION • Per user configuration: ~/.ssh/config • Config options can be set per host or via wild card, e.g. User, ForwardAgent, Hostname & many more • manpage: ssh_config
  • 12. UNIX/LINUX PRINCIPLES • Most things in Linux & UNIX are text. • Each command line tools does one task and does it well. • Command line tools process text with relative ease. • Much of the text is separated into fields - especially logs, or as key = value pairs. • There are standard locations for many types of file.
  • 13. BASIC TOOLS • cat - display text • grep - find text • awk - field processing (and more) • sed - search and replace text • wc - count • cut - simple field processing • head, tail - print first and last lines of text • sort - sort text
  • 14. LOCATION, LOCATION, LOCATION • /etc - configuration • /usr - read-only user data • /var - variable length files (caches, logs, temporary files) • /home - users' home directories • /opt - optional applications • /srv - served site specific data • See the Filesystem Hierarchy Standard. Same across most distros
  • 15. VARIABLE LENGTH FILES • /var/log - Logs go here • /var/cache - Cached files • Watch your permissions • During normal operation, /usr, /opt should be able to be mounted read only
  • 16. SOFTWARE DEPLOYMENT • Use vendor supplied packages whenever possible: • Reduces risk of misconfigurations • Easier to seek help • Usually well tested • Easier upgrades, timely security fixes • Building from source will take a fair amount of time, CPU • Ruby may be an exception. PHP isn't
  • 17. CHOICE OF LINUX DISTRIBUTION • Two main camps - Debian and RedHat • Red Hat Enterprise Linux is rock solid but expensive & packages tend to be older. CentOS is Enterprise Linux recompiled from the same source RPMs. • Debian stable is rock solid but packages tend to be old. Community/3rd party support only. • Ubuntu LTS is pretty solid, packages are more recent than EL. Well supported in the Cloud - AWS, OpenStack especially.
  • 18. SOURCE OF PACKAGES • Use as stable, well testing packages as much possible • Ubuntu main, Debian stable ideally • For EL distros, EPEL augments core packages well • For EL, IUS provide recent versions of MySQL, PHP but is less well tested. • Avoid one person repos, PPAs if at all possible.
  • 19. BUILDING FROM SOURCE • Do not build on live servers. Deploy only compiled code. • Ideally produce a package. • Avoid if possible. Increased risk of problems - more moving parts.
  • 20. DIAGNOSTICS • Check disk space: df -h 100% full is bad. • Check logs: /var/log, /var/log/syslog, /var/log/messages - get to know your logs. • dmesg for hardware information. • Check RAM (free -m) and CPU usage with top. • Install sysstat package early on - sar will gather data. Also gives you iostat, vmstat, mpstat.
  • 21. SECURITY • Install denyhosts/fail2ban to help protect SSH. • Disable SSH in as root, use SSH keys. • Use host based firewalls, AWS security groups. • Don’t run your servers as root. Try to split them over different users with clear paths between them. One user nginx, one. php-fpm • Audit trials are useful.
  • 22. BACKUPS • Databases: Dump the DB, don’t take hot copies of the DB files, • Make use of your hosting providers backup services. • Make sure you can restore. Test regularly.
  • 23. PROCESS • Repeat manual tasks often • Try to use the same deployment system across stages • Get live up early, treat it as UAT and deploy to it regularly. Avoid 'big bang' deployment • Use what suits - don't blindly follow trends, assess risks as suits the type of project. • Small steps, iterative improvement. Agile, Kanban, Lean etc.
  • 24. AUTOMATION • CFEngine, Puppet, Chef can get you quick wins. They can quickly become hard to manage. Learning curves are steep. • Ansible is simple to get going on. Can be hacked at and still get good results. Data driven. Pretty new, but growing fast. • Nothing wrong with shell/Python/Ruby/Perl scripts. Configuration management tools are not essential. • Packaging gets you out of a lot of automation tasks.
  • 25. THAT’S A LOT OF STUFF! • Not touched on DR, monitoring, OS provisioning, storage, networking... • Hire a sys-admin :) • A good sys-admin will work with you... • ...to let you get on with the job you enjoy.