SlideShare uma empresa Scribd logo

Systems administration for coders presentation

Transferir como PPTX, PDF
M
Matt Willsher

A presentation given at Unified Diff in Cardiff in 2013, with the aim of introducing the art & science of systems administration to software developers, based on experiences at the web dev agency.

Tecnologia
1 de 27
SYSTEMS ADMINISTRATION FOR CODERS Hints & tips to increase reliability & reduce maintenance time.
WHAT IS A SYSTEM? An assemblage or combination of things or parts forming a complex or unitary whole.
WHAT DOES A SYSTEMS ADMINISTRATOR DO? • Introduces new technologies into an environment • Analyses system logs and identifies potential issues with a system. • Plans and performs routine maintenance • Performs and maintains backups • Installs and configures new software and hardware
WHAT DOES A SYSTEMS ADMINISTRATOR DO? • Manages user accounts • Responsibility for security • Responsibility for documentation of the system • Plans systems upgrades and outages to apply upgrades • Troubleshooting reported problems • Deals with, often frustrated, system users... ... etc. etc.
A COMPUTER SYSTEM • Many components working together - software (application, web server, OS), hardware (disks, RAM, CPU) & others (networking equipment, switches, routers, load balancers) • Provides stability and maintainability that underpins the entire application. • Supports your software for its lifetime. • Can provide parts of your application. Sometimes a problem has already been solved by some other software.
START AT BEGINNING • Start sysadmin tasks at the beginning of the project. • Write tools to aid deployment. • Write tools to set up environments. • Iterate over these tools and stabilise for production
ENVIRONMENTS • Dev, QA, Live • Dev, Test, QA, UAT, Live ~~ Dev, Test, QA, UAT, Staging, Live • The nearer they get to live, the closer the should resemble live. • Dev environment should at least be the same major versions, preferably OS version. • Vagrant is a useful tool for this.
SSH • Probably the most frequently used tool • Forwarding SSH agent to allow key use remotely (e.g. git, hopping between servers) • Tunnels for access to remote resources • Reverse tunnels for remote access to local resource • Easy to configure the client
SSH-AGENT • Generate keys >2048 bits (e.g. ssh-keygen -b 4096) • ssh-add to load default key (~/.ssh/id_rsa) • ssh-copy-id <server> to copy to remote server • ssh -A <server> to forward agent back to local instance. • Agent runs at login for modern Linux desktop, Mac OS.
SSH-TUNNELS • Local access to remote: ssh -L3307:localhost:3306 <server> • Remote access to local: ssh -R:3307:localhost:3306 <server> • SOCKS proxy: ssh -D5050 <server>
SSH CLIENT CONFIGURATION • Per user configuration: ~/.ssh/config • Config options can be set per host or via wild card, e.g. User, ForwardAgent, Hostname & many more • manpage: ssh_config
UNIX/LINUX PRINCIPLES • Most things in Linux & UNIX are text. • Each command line tools does one task and does it well. • Command line tools process text with relative ease. • Much of the text is separated into fields - especially logs, or as key = value pairs. • There are standard locations for many types of file.
BASIC TOOLS • cat - display text • grep - find text • awk - field processing (and more) • sed - search and replace text • wc - count • cut - simple field processing • head, tail - print first and last lines of text • sort - sort text
LOCATION, LOCATION, LOCATION • /etc - configuration • /usr - read-only user data • /var - variable length files (caches, logs, temporary files) • /home - users' home directories • /opt - optional applications • /srv - served site specific data • See the Filesystem Hierarchy Standard. Same across most distros
VARIABLE LENGTH FILES • /var/log - Logs go here • /var/cache - Cached files • Watch your permissions • During normal operation, /usr, /opt should be able to be mounted read only
SOFTWARE DEPLOYMENT • Use vendor supplied packages whenever possible: • Reduces risk of misconfigurations • Easier to seek help • Usually well tested • Easier upgrades, timely security fixes • Building from source will take a fair amount of time, CPU • Ruby may be an exception. PHP isn't
CHOICE OF LINUX DISTRIBUTION • Two main camps - Debian and RedHat • Red Hat Enterprise Linux is rock solid but expensive & packages tend to be older. CentOS is Enterprise Linux recompiled from the same source RPMs. • Debian stable is rock solid but packages tend to be old. Community/3rd party support only. • Ubuntu LTS is pretty solid, packages are more recent than EL. Well supported in the Cloud - AWS, OpenStack especially.
SOURCE OF PACKAGES • Use as stable, well testing packages as much possible • Ubuntu main, Debian stable ideally • For EL distros, EPEL augments core packages well • For EL, IUS provide recent versions of MySQL, PHP but is less well tested. • Avoid one person repos, PPAs if at all possible.
BUILDING FROM SOURCE • Do not build on live servers. Deploy only compiled code. • Ideally produce a package. • Avoid if possible. Increased risk of problems - more moving parts.
DIAGNOSTICS • Check disk space: df -h 100% full is bad. • Check logs: /var/log, /var/log/syslog, /var/log/messages - get to know your logs. • dmesg for hardware information. • Check RAM (free -m) and CPU usage with top. • Install sysstat package early on - sar will gather data. Also gives you iostat, vmstat, mpstat.
SECURITY • Install denyhosts/fail2ban to help protect SSH. • Disable SSH in as root, use SSH keys. • Use host based firewalls, AWS security groups. • Don’t run your servers as root. Try to split them over different users with clear paths between them. One user nginx, one. php-fpm • Audit trials are useful.
BACKUPS • Databases: Dump the DB, don’t take hot copies of the DB files, • Make use of your hosting providers backup services. • Make sure you can restore. Test regularly.
PROCESS • Repeat manual tasks often • Try to use the same deployment system across stages • Get live up early, treat it as UAT and deploy to it regularly. Avoid 'big bang' deployment • Use what suits - don't blindly follow trends, assess risks as suits the type of project. • Small steps, iterative improvement. Agile, Kanban, Lean etc.
AUTOMATION • CFEngine, Puppet, Chef can get you quick wins. They can quickly become hard to manage. Learning curves are steep. • Ansible is simple to get going on. Can be hacked at and still get good results. Data driven. Pretty new, but growing fast. • Nothing wrong with shell/Python/Ruby/Perl scripts. Configuration management tools are not essential. • Packaging gets you out of a lot of automation tasks.
THAT’S A LOT OF STUFF! • Not touched on DR, monitoring, OS provisioning, storage, networking... • Hire a sys-admin :) • A good sys-admin will work with you... • ...to let you get on with the job you enjoy.
QUESTIONS? matt@monki.org.uk
THANKS! matt@monki.org.uk

Recomendados

Device drivers Introduction
Device drivers IntroductionDevice drivers Introduction
Device drivers Introductionvijay selva
 
Developing a Ceph Appliance for Secure Environments
Developing a Ceph Appliance for Secure EnvironmentsDeveloping a Ceph Appliance for Secure Environments
Developing a Ceph Appliance for Secure EnvironmentsCeph Community
 
Device Drivers in Linux
Device Drivers in LinuxDevice Drivers in Linux
Device Drivers in LinuxShreyas MM
 
Simplifying Ceph Management with Virtual Storage Manager (VSM)
Simplifying Ceph Management with Virtual Storage Manager (VSM)Simplifying Ceph Management with Virtual Storage Manager (VSM)
Simplifying Ceph Management with Virtual Storage Manager (VSM)Ceph Community
 
2. introduction to linux
2. introduction to linux2. introduction to linux
2. introduction to linuxMohd yasin Karim
 
Unix tc
Unix tcUnix tc
Unix tcBill Chea
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Linux操作系统01 简介
Linux操作系统01 简介Linux操作系统01 简介
Linux操作系统01 简介lclsg123
 

Recomendados

Device drivers Introduction
Device drivers IntroductionDevice drivers Introduction
Device drivers Introductionvijay selva
 
Developing a Ceph Appliance for Secure Environments
Developing a Ceph Appliance for Secure EnvironmentsDeveloping a Ceph Appliance for Secure Environments
Developing a Ceph Appliance for Secure EnvironmentsCeph Community
 
Device Drivers in Linux
Device Drivers in LinuxDevice Drivers in Linux
Device Drivers in LinuxShreyas MM
 
Simplifying Ceph Management with Virtual Storage Manager (VSM)
Simplifying Ceph Management with Virtual Storage Manager (VSM)Simplifying Ceph Management with Virtual Storage Manager (VSM)
Simplifying Ceph Management with Virtual Storage Manager (VSM)Ceph Community
 
2. introduction to linux
2. introduction to linux2. introduction to linux
2. introduction to linuxMohd yasin Karim
 
Unix tc
Unix tcUnix tc
Unix tcBill Chea
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Linux操作系统01 简介
Linux操作系统01 简介Linux操作系统01 简介
Linux操作系统01 简介lclsg123
 
XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016The Linux Foundation
 
Embedded Systems: Lecture 5: A Tour in RTOS Land
Embedded Systems: Lecture 5: A Tour in RTOS LandEmbedded Systems: Lecture 5: A Tour in RTOS Land
Embedded Systems: Lecture 5: A Tour in RTOS LandAhmed El-Arabawy
 
Arch linux and whole security concepts in linux explained
Arch linux and whole security concepts in linux explained Arch linux and whole security concepts in linux explained
Arch linux and whole security concepts in linux explained krishna kakade
 
What can QNAP Turbo NAS do for your business
What can QNAP Turbo NAS do for your businessWhat can QNAP Turbo NAS do for your business
What can QNAP Turbo NAS do for your businessqnap
 
Embedded Systems: Lecture 6: Linux & GNU
Embedded Systems: Lecture 6: Linux & GNUEmbedded Systems: Lecture 6: Linux & GNU
Embedded Systems: Lecture 6: Linux & GNUAhmed El-Arabawy
 
SOUG_Deployment__Automation_DB
SOUG_Deployment__Automation_DBSOUG_Deployment__Automation_DB
SOUG_Deployment__Automation_DBUniFabric
 
GPLS/PINES GenaSYS Presentation - EG2012
GPLS/PINES GenaSYS Presentation - EG2012GPLS/PINES GenaSYS Presentation - EG2012
GPLS/PINES GenaSYS Presentation - EG2012pines
 
Building a Two Node SLES 11 SP2 Linux Cluster with VMware
Building a Two Node SLES 11 SP2 Linux Cluster with VMwareBuilding a Two Node SLES 11 SP2 Linux Cluster with VMware
Building a Two Node SLES 11 SP2 Linux Cluster with VMwaregeekswing
 
NGENSTOR_ODA_P2V_V5
NGENSTOR_ODA_P2V_V5NGENSTOR_ODA_P2V_V5
NGENSTOR_ODA_P2V_V5UniFabric
 
Course 101: Lecture 4: A Tour in RTOS Land
Course 101: Lecture 4: A Tour in RTOS Land Course 101: Lecture 4: A Tour in RTOS Land
Course 101: Lecture 4: A Tour in RTOS Land Ahmed El-Arabawy
 
Nrpe
NrpeNrpe
NrpeTushar Dwivedi
 
My experience with embedding PostgreSQL
My experience with embedding PostgreSQL My experience with embedding PostgreSQL
My experience with embedding PostgreSQLJignesh Shah
 
Gnubs-pres-foss-cdac-sem
Gnubs-pres-foss-cdac-semGnubs-pres-foss-cdac-sem
Gnubs-pres-foss-cdac-semSagun Baijal
 
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGICXPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGICThe Linux Foundation
 
Tuning DB2 in a Solaris Environment
Tuning DB2 in a Solaris EnvironmentTuning DB2 in a Solaris Environment
Tuning DB2 in a Solaris EnvironmentJignesh Shah
 
Course 101: Lecture 6: Installing Ubuntu
Course 101: Lecture 6: Installing Ubuntu Course 101: Lecture 6: Installing Ubuntu
Course 101: Lecture 6: Installing Ubuntu Ahmed El-Arabawy
 
Nagios Conference 2013 - John Sellens - Monitoring Remote Locations with Nagios
Nagios Conference 2013 - John Sellens - Monitoring Remote Locations with NagiosNagios Conference 2013 - John Sellens - Monitoring Remote Locations with Nagios
Nagios Conference 2013 - John Sellens - Monitoring Remote Locations with NagiosNagios
 
1184 Quayle
1184 Quayle1184 Quayle
1184 QuayleStanley F. Quayle
 
Linux basics (part 2)
Linux basics (part 2)Linux basics (part 2)
Linux basics (part 2)OSU Open Source Lab
 
Deployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxDeployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxWO Community
 
Ansible.pdf
Ansible.pdfAnsible.pdf
Ansible.pdfshaikshazil1
 
How to Build a Compute Cluster
How to Build a Compute ClusterHow to Build a Compute Cluster
How to Build a Compute ClusterRamsay Key
 

Mais conteúdo relacionado

Mais procurados

XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016The Linux Foundation
 
Embedded Systems: Lecture 5: A Tour in RTOS Land
Embedded Systems: Lecture 5: A Tour in RTOS LandEmbedded Systems: Lecture 5: A Tour in RTOS Land
Embedded Systems: Lecture 5: A Tour in RTOS LandAhmed El-Arabawy
 
Arch linux and whole security concepts in linux explained
Arch linux and whole security concepts in linux explained Arch linux and whole security concepts in linux explained
Arch linux and whole security concepts in linux explained krishna kakade
 
What can QNAP Turbo NAS do for your business
What can QNAP Turbo NAS do for your businessWhat can QNAP Turbo NAS do for your business
What can QNAP Turbo NAS do for your businessqnap
 
Embedded Systems: Lecture 6: Linux & GNU
Embedded Systems: Lecture 6: Linux & GNUEmbedded Systems: Lecture 6: Linux & GNU
Embedded Systems: Lecture 6: Linux & GNUAhmed El-Arabawy
 
SOUG_Deployment__Automation_DB
SOUG_Deployment__Automation_DBSOUG_Deployment__Automation_DB
SOUG_Deployment__Automation_DBUniFabric
 
GPLS/PINES GenaSYS Presentation - EG2012
GPLS/PINES GenaSYS Presentation - EG2012GPLS/PINES GenaSYS Presentation - EG2012
GPLS/PINES GenaSYS Presentation - EG2012pines
 
Building a Two Node SLES 11 SP2 Linux Cluster with VMware
Building a Two Node SLES 11 SP2 Linux Cluster with VMwareBuilding a Two Node SLES 11 SP2 Linux Cluster with VMware
Building a Two Node SLES 11 SP2 Linux Cluster with VMwaregeekswing
 
NGENSTOR_ODA_P2V_V5
NGENSTOR_ODA_P2V_V5NGENSTOR_ODA_P2V_V5
NGENSTOR_ODA_P2V_V5UniFabric
 
Course 101: Lecture 4: A Tour in RTOS Land
Course 101: Lecture 4: A Tour in RTOS Land Course 101: Lecture 4: A Tour in RTOS Land
Course 101: Lecture 4: A Tour in RTOS Land Ahmed El-Arabawy
 
My experience with embedding PostgreSQL
My experience with embedding PostgreSQL My experience with embedding PostgreSQL
My experience with embedding PostgreSQLJignesh Shah
 
Gnubs-pres-foss-cdac-sem
Gnubs-pres-foss-cdac-semGnubs-pres-foss-cdac-sem
Gnubs-pres-foss-cdac-semSagun Baijal
 
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGICXPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGICThe Linux Foundation
 
Tuning DB2 in a Solaris Environment
Tuning DB2 in a Solaris EnvironmentTuning DB2 in a Solaris Environment
Tuning DB2 in a Solaris EnvironmentJignesh Shah
 
Course 101: Lecture 6: Installing Ubuntu
Course 101: Lecture 6: Installing Ubuntu Course 101: Lecture 6: Installing Ubuntu
Course 101: Lecture 6: Installing Ubuntu Ahmed El-Arabawy
 
Nagios Conference 2013 - John Sellens - Monitoring Remote Locations with Nagios
Nagios Conference 2013 - John Sellens - Monitoring Remote Locations with NagiosNagios Conference 2013 - John Sellens - Monitoring Remote Locations with Nagios
Nagios Conference 2013 - John Sellens - Monitoring Remote Locations with NagiosNagios
 

Mais procurados (18)

XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016
 
Embedded Systems: Lecture 5: A Tour in RTOS Land
Embedded Systems: Lecture 5: A Tour in RTOS LandEmbedded Systems: Lecture 5: A Tour in RTOS Land
Embedded Systems: Lecture 5: A Tour in RTOS Land
 
Arch linux and whole security concepts in linux explained
Arch linux and whole security concepts in linux explained Arch linux and whole security concepts in linux explained
Arch linux and whole security concepts in linux explained
 
What can QNAP Turbo NAS do for your business
What can QNAP Turbo NAS do for your businessWhat can QNAP Turbo NAS do for your business
What can QNAP Turbo NAS do for your business
 
Embedded Systems: Lecture 6: Linux & GNU
Embedded Systems: Lecture 6: Linux & GNUEmbedded Systems: Lecture 6: Linux & GNU
Embedded Systems: Lecture 6: Linux & GNU
 
SOUG_Deployment__Automation_DB
SOUG_Deployment__Automation_DBSOUG_Deployment__Automation_DB
SOUG_Deployment__Automation_DB
 
GPLS/PINES GenaSYS Presentation - EG2012
GPLS/PINES GenaSYS Presentation - EG2012GPLS/PINES GenaSYS Presentation - EG2012
GPLS/PINES GenaSYS Presentation - EG2012
 
Building a Two Node SLES 11 SP2 Linux Cluster with VMware
Building a Two Node SLES 11 SP2 Linux Cluster with VMwareBuilding a Two Node SLES 11 SP2 Linux Cluster with VMware
Building a Two Node SLES 11 SP2 Linux Cluster with VMware
 
NGENSTOR_ODA_P2V_V5
NGENSTOR_ODA_P2V_V5NGENSTOR_ODA_P2V_V5
NGENSTOR_ODA_P2V_V5
 
Course 101: Lecture 4: A Tour in RTOS Land
Course 101: Lecture 4: A Tour in RTOS Land Course 101: Lecture 4: A Tour in RTOS Land
Course 101: Lecture 4: A Tour in RTOS Land
 
Nrpe
NrpeNrpe
Nrpe
 
My experience with embedding PostgreSQL
My experience with embedding PostgreSQL My experience with embedding PostgreSQL
My experience with embedding PostgreSQL
 
Gnubs-pres-foss-cdac-sem
Gnubs-pres-foss-cdac-semGnubs-pres-foss-cdac-sem
Gnubs-pres-foss-cdac-sem
 
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGICXPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
 
Tuning DB2 in a Solaris Environment
Tuning DB2 in a Solaris EnvironmentTuning DB2 in a Solaris Environment
Tuning DB2 in a Solaris Environment
 
Course 101: Lecture 6: Installing Ubuntu
Course 101: Lecture 6: Installing Ubuntu Course 101: Lecture 6: Installing Ubuntu
Course 101: Lecture 6: Installing Ubuntu
 
Nagios Conference 2013 - John Sellens - Monitoring Remote Locations with Nagios
Nagios Conference 2013 - John Sellens - Monitoring Remote Locations with NagiosNagios Conference 2013 - John Sellens - Monitoring Remote Locations with Nagios
Nagios Conference 2013 - John Sellens - Monitoring Remote Locations with Nagios
 
1184 Quayle
1184 Quayle1184 Quayle
1184 Quayle
 

Semelhante a Systems administration for coders presentation

Deployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxDeployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxWO Community
 
How to Build a Compute Cluster
How to Build a Compute ClusterHow to Build a Compute Cluster
How to Build a Compute ClusterRamsay Key
 
Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3Juan Herrera Utande
 
Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansPeter Clapham
 
Insider operating system
Insider operating systemInsider operating system
Insider operating systemAditi Saxena
 
Operating Systems & Applications
Operating Systems & ApplicationsOperating Systems & Applications
Operating Systems & ApplicationsMaulen Bale
 
Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)MongoDB
 
Automated Deployment and Configuration Engines. Ansible
Automated Deployment and Configuration Engines. AnsibleAutomated Deployment and Configuration Engines. Ansible
Automated Deployment and Configuration Engines. AnsibleAlberto Molina Coballes
 
Still All on One Server: Perforce at Scale
Still All on One Server: Perforce at Scale Still All on One Server: Perforce at Scale
Still All on One Server: Perforce at Scale Perforce
 
Linux security quick reference guide
Linux security quick reference guideLinux security quick reference guide
Linux security quick reference guideCraig Cannon
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Neeraj Shrimali
 
Best Practices for Deploying Enterprise Applications on UNIX
Best Practices for Deploying Enterprise Applications on UNIXBest Practices for Deploying Enterprise Applications on UNIX
Best Practices for Deploying Enterprise Applications on UNIXNoel McKeown
 

Semelhante a Systems administration for coders presentation (20)

Linux basics (part 2)
Linux basics (part 2)Linux basics (part 2)
Linux basics (part 2)
 
Deployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxDeployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS Linux
 
Ansible.pdf
Ansible.pdfAnsible.pdf
Ansible.pdf
 
How to Build a Compute Cluster
How to Build a Compute ClusterHow to Build a Compute Cluster
How to Build a Compute Cluster
 
Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhyd
 
Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3
 
Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticians
 
Flexible compute
Flexible computeFlexible compute
Flexible compute
 
Ansible - A 'crowd' introduction
Ansible - A 'crowd' introductionAnsible - A 'crowd' introduction
Ansible - A 'crowd' introduction
 
Insider operating system
Insider operating systemInsider operating system
Insider operating system
 
Operating Systems & Applications
Operating Systems & ApplicationsOperating Systems & Applications
Operating Systems & Applications
 
Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)
 
nessus
nessusnessus
nessus
 
DevOps for database
DevOps for databaseDevOps for database
DevOps for database
 
Automated Deployment and Configuration Engines. Ansible
Automated Deployment and Configuration Engines. AnsibleAutomated Deployment and Configuration Engines. Ansible
Automated Deployment and Configuration Engines. Ansible
 
Still All on One Server: Perforce at Scale
Still All on One Server: Perforce at Scale Still All on One Server: Perforce at Scale
Still All on One Server: Perforce at Scale
 
Linux security quick reference guide
Linux security quick reference guideLinux security quick reference guide
Linux security quick reference guide
 
Linux
LinuxLinux
Linux
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup.
 
Best Practices for Deploying Enterprise Applications on UNIX
Best Practices for Deploying Enterprise Applications on UNIXBest Practices for Deploying Enterprise Applications on UNIX
Best Practices for Deploying Enterprise Applications on UNIX
 

Último

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Último (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Systems administration for coders presentation

  • 1. SYSTEMS ADMINISTRATION FOR CODERS Hints & tips to increase reliability & reduce maintenance time.
  • 2. WHAT IS A SYSTEM? An assemblage or combination of things or parts forming a complex or unitary whole.
  • 3. WHAT DOES A SYSTEMS ADMINISTRATOR DO? • Introduces new technologies into an environment • Analyses system logs and identifies potential issues with a system. • Plans and performs routine maintenance • Performs and maintains backups • Installs and configures new software and hardware
  • 4. WHAT DOES A SYSTEMS ADMINISTRATOR DO? • Manages user accounts • Responsibility for security • Responsibility for documentation of the system • Plans systems upgrades and outages to apply upgrades • Troubleshooting reported problems • Deals with, often frustrated, system users... ... etc. etc.
  • 5. A COMPUTER SYSTEM • Many components working together - software (application, web server, OS), hardware (disks, RAM, CPU) & others (networking equipment, switches, routers, load balancers) • Provides stability and maintainability that underpins the entire application. • Supports your software for its lifetime. • Can provide parts of your application. Sometimes a problem has already been solved by some other software.
  • 6. START AT BEGINNING • Start sysadmin tasks at the beginning of the project. • Write tools to aid deployment. • Write tools to set up environments. • Iterate over these tools and stabilise for production
  • 7. ENVIRONMENTS • Dev, QA, Live • Dev, Test, QA, UAT, Live ~~ Dev, Test, QA, UAT, Staging, Live • The nearer they get to live, the closer the should resemble live. • Dev environment should at least be the same major versions, preferably OS version. • Vagrant is a useful tool for this.
  • 8. SSH • Probably the most frequently used tool • Forwarding SSH agent to allow key use remotely (e.g. git, hopping between servers) • Tunnels for access to remote resources • Reverse tunnels for remote access to local resource • Easy to configure the client
  • 9. SSH-AGENT • Generate keys >2048 bits (e.g. ssh-keygen -b 4096) • ssh-add to load default key (~/.ssh/id_rsa) • ssh-copy-id <server> to copy to remote server • ssh -A <server> to forward agent back to local instance. • Agent runs at login for modern Linux desktop, Mac OS.
  • 10. SSH-TUNNELS • Local access to remote: ssh -L3307:localhost:3306 <server> • Remote access to local: ssh -R:3307:localhost:3306 <server> • SOCKS proxy: ssh -D5050 <server>
  • 11. SSH CLIENT CONFIGURATION • Per user configuration: ~/.ssh/config • Config options can be set per host or via wild card, e.g. User, ForwardAgent, Hostname & many more • manpage: ssh_config
  • 12. UNIX/LINUX PRINCIPLES • Most things in Linux & UNIX are text. • Each command line tools does one task and does it well. • Command line tools process text with relative ease. • Much of the text is separated into fields - especially logs, or as key = value pairs. • There are standard locations for many types of file.
  • 13. BASIC TOOLS • cat - display text • grep - find text • awk - field processing (and more) • sed - search and replace text • wc - count • cut - simple field processing • head, tail - print first and last lines of text • sort - sort text
  • 14. LOCATION, LOCATION, LOCATION • /etc - configuration • /usr - read-only user data • /var - variable length files (caches, logs, temporary files) • /home - users' home directories • /opt - optional applications • /srv - served site specific data • See the Filesystem Hierarchy Standard. Same across most distros
  • 15. VARIABLE LENGTH FILES • /var/log - Logs go here • /var/cache - Cached files • Watch your permissions • During normal operation, /usr, /opt should be able to be mounted read only
  • 16. SOFTWARE DEPLOYMENT • Use vendor supplied packages whenever possible: • Reduces risk of misconfigurations • Easier to seek help • Usually well tested • Easier upgrades, timely security fixes • Building from source will take a fair amount of time, CPU • Ruby may be an exception. PHP isn't
  • 17. CHOICE OF LINUX DISTRIBUTION • Two main camps - Debian and RedHat • Red Hat Enterprise Linux is rock solid but expensive & packages tend to be older. CentOS is Enterprise Linux recompiled from the same source RPMs. • Debian stable is rock solid but packages tend to be old. Community/3rd party support only. • Ubuntu LTS is pretty solid, packages are more recent than EL. Well supported in the Cloud - AWS, OpenStack especially.
  • 18. SOURCE OF PACKAGES • Use as stable, well testing packages as much possible • Ubuntu main, Debian stable ideally • For EL distros, EPEL augments core packages well • For EL, IUS provide recent versions of MySQL, PHP but is less well tested. • Avoid one person repos, PPAs if at all possible.
  • 19. BUILDING FROM SOURCE • Do not build on live servers. Deploy only compiled code. • Ideally produce a package. • Avoid if possible. Increased risk of problems - more moving parts.
  • 20. DIAGNOSTICS • Check disk space: df -h 100% full is bad. • Check logs: /var/log, /var/log/syslog, /var/log/messages - get to know your logs. • dmesg for hardware information. • Check RAM (free -m) and CPU usage with top. • Install sysstat package early on - sar will gather data. Also gives you iostat, vmstat, mpstat.
  • 21. SECURITY • Install denyhosts/fail2ban to help protect SSH. • Disable SSH in as root, use SSH keys. • Use host based firewalls, AWS security groups. • Don’t run your servers as root. Try to split them over different users with clear paths between them. One user nginx, one. php-fpm • Audit trials are useful.
  • 22. BACKUPS • Databases: Dump the DB, don’t take hot copies of the DB files, • Make use of your hosting providers backup services. • Make sure you can restore. Test regularly.
  • 23. PROCESS • Repeat manual tasks often • Try to use the same deployment system across stages • Get live up early, treat it as UAT and deploy to it regularly. Avoid 'big bang' deployment • Use what suits - don't blindly follow trends, assess risks as suits the type of project. • Small steps, iterative improvement. Agile, Kanban, Lean etc.
  • 24. AUTOMATION • CFEngine, Puppet, Chef can get you quick wins. They can quickly become hard to manage. Learning curves are steep. • Ansible is simple to get going on. Can be hacked at and still get good results. Data driven. Pretty new, but growing fast. • Nothing wrong with shell/Python/Ruby/Perl scripts. Configuration management tools are not essential. • Packaging gets you out of a lot of automation tasks.
  • 25. THAT’S A LOT OF STUFF! • Not touched on DR, monitoring, OS provisioning, storage, networking... • Hire a sys-admin :) • A good sys-admin will work with you... • ...to let you get on with the job you enjoy.