A short overview of current technologies plucked from the Texas Linux Fest schedule for 2014. Includes overviews of systemd, popular configuration management tools, docker, distributed log collection, and openstack.
7. systemd
• Replaces init
• Dependency-based
• Also replaces inetd
starts programs at boot
programs are started only when needed by other programs
• parallel startup
can start programs in response to TCP connections, but also via DBUS
9. Lines 77 - 162
/etc/init.d/ssh
Debian Squeeze
case "$1" in
start)
[...]
;;
!
stop)
[...]
;;
!
reload|force-reload)
[...]
;;
!
restart)
[...]
;;
!
try-restart)
[...]
;;
!
status)
[...]
;;
!
*)
[...]
esac
Hard to see, important thing is the case statement that responds to start, stop, etc.
86 lines, less than half the init script for ssh
14. systemd
• units, not scripts
• dependencies, not ordering
• systemctl, not service
versus traditional init
15. root@box-sol-aus-eop-pup-aio-000-i-simulate:~# service --status-all
[ + ] acpid
[ + ] apache2
[ ? ] apt-cacher-ng
[ + ] atd
[ - ] bootlogd
[ - ] bootlogs
[ ? ] bootmisc.sh
[ ? ] checkfs.sh
[ - ] checkroot.sh
[ ? ] console-setup
[ ? ] cron
[ - ] exim4
[ - ] fancontrol
[ - ] hostname.sh
...
service(8) System Manager's Manual service(8)
!
[...]
!
DESCRIPTION
[...]
The SCRIPT parameter specifies a System V init script, located in
/etc/init.d/SCRIPT. The supported values of COMMAND depend on the
invoked script, service passes COMMAND and OPTIONS it to the init
script unmodified. All scripts should support at least the start
16. UNIT LOAD ACTIVE SUB DESCRIPTION
[...]
chronyd.service loaded active running NTP client/server
crond.service loaded active running Command Scheduler
cryptsetup.target loaded active active Encrypted Volumes
dbus.service loaded active running D-Bus System Message Bus
dbus.socket loaded active running D-Bus System Message Bus So
dev-dmx2d0.swap loaded active active /dev/dm-0
dev-hugepages.mount loaded active mounted Huge Pages File System
dev-mqueue.mount loaded active mounted POSIX Message Queue File Sy
dm-event.socket loaded active listening Device-mapper event daemon
docker.service loaded active running Docker Application Containe
fedora-readonly.service loaded active exited Configure read-only root su
firewalld.service loaded active running firewalld - dynamic firewal
getty.target loaded active active Login Prompts
getty@tty1.service loaded active running Getty on tty1
kmod-static-nodes.service loaded active exited Create list of required sta
local-fs-pre.target loaded active active Local File Systems (Pre)
local-fs.target loaded active active Local File Systems
lvm2-lvmetad.service loaded active running LVM2 metadata daemon
lvm2-lvmetad.socket loaded active running LVM2 metadata daemon socket
lvm2-monitor.service loaded active exited Monitoring of LVM2 mirrors,
lvm2-pvscan@8:2.service loaded active exited LVM2 PV scan on device 8:2
multi-user.target loaded active active Multi-User System
network.target loaded active active Network
paths.target loaded active active Paths
polkit.service loaded active running Authorization Manager
proc-sys...t_misc.automount loaded active waiting Arbitrary Executable File F
remote-fs.target loaded active active Remote File Systems
session-3.scope loaded active running Session 3 of user vagrant
slices.target loaded active active Slices
sockets.target loaded active active Sockets
sound.target loaded active active Sound Card
sshd.service loaded active running OpenSSH server daemon
[...]
Tracks state automatically
17. Unit Commands:
list-units List loaded units
list-sockets List loaded sockets ordered by address
start [NAME...] Start (activate) one or more units
stop [NAME...] Stop (deactivate) one or more units
reload [NAME...] Reload one or more units
restart [NAME...] Start or restart one or more units
try-restart [NAME...] Restart one or more units if active
reload-or-restart [NAME...] Reload one or more units if possible,
otherwise start or restart
reload-or-try-restart [NAME...] Reload one or more units if possible,
otherwise restart if active
isolate [NAME] Start one unit and stop all others
kill [NAME...] Send signal to processes of a unit
is-active [NAME...] Check whether units are active
is-failed [NAME...] Check whether units are failed
status [NAME...|PID...] Show runtime status of one or more units
show [NAME...|JOB...] Show properties of one or more
units/jobs or the manager
set-property [NAME] [ASSIGNMENT...]
Sets one or more properties of a unit
help [NAME...|PID...] Show manual for one or more units
reset-failed [NAME...] Reset failed state for all, one, or more
units
list-dependencies [NAME] Recursively show units which are required
or wanted by this unit or by which this
unit is required or wanted
Standard set of commands for all services
20. Configuration Management
• Declarative, not imperative
• Extensible
• Master-client or standalone
Some are less declarative than others
All are extensible
All can run master-client or standalone
21. Architecture
master
client
config
repo
disc.
agent
ansible chef puppet salt
repo
module/
playbook
recipe/
cookbook
module/
repo
state/pillar
server ansible chef master master
client N/A client agent minion
discovery
agent
ansible
facts
ohai facter salt grains
remote
commands
(built in) knife mcollective (built in)
GUI Tower
Chef
Manage
Puppet
Enterprise
Halite
(alpha)
22. Ansible
• Python-based (2.X)
• Push-based (no server)
• Works over SSH
• Config format: YAML
• Modules: Any language
Emphasis on virtual infrastructure integration
23. Chef
• Ruby-based
• Config format: Ruby
• Modules: Ruby
Emphasis on developer-friendly, agile experience
24. Puppet
• Ruby-based
• Config format: Puppet DSL
• Modules: Puppet DSL, Ruby (for extensions)
Emphasis on declaration, not process
32. Containers
• lightweight virtual machine
• chroot on steroids
Lighter than a VM
• Same kernel
• Little or no boot time
• As little as one process
Mightier than chroot
• resource constraints (memory, CPU)
• separate pids, users, groups, networking
40. ElasticSearch + Kibana
• Auto-balancing, auto-scaling search index, REST API
• Pretty GUI for searching logs
Works with any of these aggregators
Great replacement for Splunk
Missing the alerting component, but easy to work around
44. AWS Equivalents
OpenStack AWS
Compute Nova EC2
Networking Neutron Classic + VPC
Database Trove RDS
Storage (Block) Cinder EBS
Storage (Object) Swift S3
Identity Keystone IAM
Monitoring Celiometer CloudWatch
Orchestration Heat CloudFormation
Dashboard Horizon AWS Console
Some are similar, but not direct equivalents (e.g. Keystone)
!
OpenStack-based providers usually provide several other services like DNS, CDN, or message queues (Amazon does too)
47. Setting Up Your Own
• DevStack (http://devstack.org/)
• OpenStack Guides
• http://docs.openstack.org/icehouse/
• Ubuntu Cloud Installer
http://www.ubuntu.com/download/cloud/install-
ubuntu-cloud
DevStack is installable on a VM, even Vagrant
Guides for CentOS, Debian Wheezy, Fedora, RedHat, SuSE, Ubuntu
Cloud Installer requires six hosts (can be VMs)
I’m not an expert in these technologies
Mostly learned about them in the last few days
starts programs at boot
programs are started only when needed by other programs
parallel startup
can start programs in response to TCP connections, but also via DBUS
Hard to see, important thing is the case statement that responds to start, stop, etc.
86 lines, less than half the init script for ssh
Contrast
15 lines!
Metadata at the top of init scripts
Helps maintains run level link madness
Requirements
Target: runlevel equivalent
Tracks state automatically
Standard set of commands for all services
Some are less declarative than others
All are extensible
All can run master-client or standalone
Emphasis on virtual infrastructure integration
Emphasis on developer-friendly, agile experience
Emphasis on declaration, not process
Emphasis on speed, scalability
Lighter than a VM
Same kernel
Little or no boot time
As little as one process
Mightier than chroot
resource constraints (memory, CPU)
separate pids, users, groups, networking
Accept
native formats like system logs, message queues, snmp
via client agents
Transform
Add structure (json, etc)
Extract data into fields (hostname, message, time, etc)
Filter
Remove or combine entries
combine multi-line
criteria matching
Forward
Send logs to their destination
storage, notifications/alerts, message queues
Logstash - Aimed at flexibility
includes tons of inputs, filters, and outputs
FluentD - Aimed at robustness
built-in support for high availability, delivery assurance
Flume - Part of the Hadoop ecosystem
stores data in HDFS
Works with any of these aggregators
Great replacement for Splunk
Missing the alerting component, but easy to work around
Some are similar, but not direct equivalents (e.g. Keystone)
OpenStack-based providers usually provide several other services like DNS, CDN, or message queues (Amazon does too)
DevStack is installable on a VM, even Vagrant
Guides for CentOS, Debian Wheezy, Fedora, RedHat, SuSE, Ubuntu
Cloud Installer requires six hosts (can be VMs)