Introduction to Server Operations and Automations

Unless otherwise noted, the text of and illustrations in this slide are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License by Hirotaka Nakajima.
Keio University Logo is licensed by its copyright holders.
Server Operation & Automation
SFC-RG Lecture

14 May 2015

Hirotaka Nakajima (@nunnun)

View Slide

Server Operations

"Racks line" by Tristan Schmurr is licensed under CC BY 2.0

View Slide


Way to build a web server
• Purchase a server

• Installation (Physically)

• Install an Operating System

• Conﬁgure an Operating System

• Install Applications

• Conﬁgure Application settings

• Build a Web application

• Done!!

View Slide


Purchase
• Design a speciﬁcation

• CPU

• Architecture: x86_64? SPARC? ARM?

• How many cores? CPUs?

• Memory

• ECC or Registered?

• Disk requirement

• Capacity

• Reliability; RAID? which level?

• Speed; SSD? SATA? SAS?

• Network requirement

• Interface

• Budget and political issues

View Slide


Installation
• Mount a server to Rack

• Cabling

• Power backup plan
"new space" by emmma peel is licensed under CC BY 2.0
"Data Center" by Bob Mical is licensed under CC BY 2.0

View Slide


Operating System
• Which Operating System?

• Linux? Windows?

• Which Linux? Debian? Ubuntu? RedHat?

• Version? Latest? Stable version?

• Conﬁguration

• Hostname

• Date & Time

• Network

• Disk initialization

• User Management

• Installation takes 1-2 hours

View Slide


Application
• Application

• Which service; Web service? Mail service?

• Which Application for Web service?

• Apache? lighthttpd? nginx?

• Conﬁguration

• Host

• Which hostname is served with the service

• Security

• Using https? how about a server certiﬁcate?

• Directory

• Where web documents are located?

View Slide


Content
• Server-side Dynamic? Static?

• Which Language & Runtime?

• PHP, Perl, Java, C#, JavaScript….

• Middle-ware?

• WordPress etc…

• Framework?

• CakePHP, Symfony?

• Client-side Dynamic? Static?

• JavaScript Libraries

• jQuery, Angular.js

View Slide

Done!!!

View Slide


Am I all set and free to go?
• NO!!!!

• We need to do maintenance works

• Maintenance work

• OS update

• Application, Middleware, Library update

• Hardware failure

• Security update

View Slide


Documentation
• What if we need to setup 100 servers  
with same configuration?

• Make a setup manual

• How about changes?

• Make a changelog

• Are we sure  
if we can deploy service to 
a server like this?
[May 1] Server is delivered.
[May 2] Debian version x is installed.
Installation log is here
[May 3] Apache is installed.
Configurations are here
[Jun 1] DNS Cache setting
changed…
….
[Jun 15] PHP settings changed…
[Aug 10] Apache Configuration
changed..

View Slide


Undocumented Knowledge
• Information not documented

• Forget to be documented

• Workaround not ﬁgured out why it work

• They don’t know why but it works

• “Secret Recipe” Issue / ൿ఻ͷλϨ໰୊

• “Don’t touch the system if it’s running”

View Slide


Security Update comes suddenly…
• All software contains bugs

• Some bugs may trigger a security
incident

• Vulnerability (੬ऑੑ)

• We don’t know vulnerabilities
beforehand

• Once they publish, we need to
handle

• Apply a workaround

• Apply a security update

• What if we have 100++ servers?

• Update all server by hand?
LINE Icons are copyrights LINE corporation

View Slide

Virtualisation

View Slide


What is virtualisation?
• “virtualization refers to the act of creating a
virtual (rather than actual) version of something,
including (but not limited to) a virtual computer
hardware platform, operating system (OS),
storage device, or computer network
resources” from wikipedia

• Hardware Virtualization

• Operating System Virtualizaion

View Slide


Hardware Virtualization
• Virtualize server architecture on a server

• Virtual Machines are packaged in ﬁles.

• We don’t need to bind a speciﬁc server

• We can move a virtual machine

• Resource Optimization
Hardware Virtualisation image from http://download.parallels.com/doc/psbm/v5/rtm/Parallels_Server_Bare_Metal_Users_Guide/29765.htm

View Slide


IaaS
• Infrastructure as a Service

• Provides computing infrastructure as an
Internet service

• Virtual Machine

• Network

• Storage

• Amazon Web Services, Google Compute
Engine

• OpenStack, CloudStack

View Slide


VM Image & Template
• Customized virtual machine

• Install speciﬁc softwares, conﬁgurations

• Easy for massive deployment

• Deployment can be done by RESTful API

• Server deployment becomes programmable

View Slide

Automation

View Slide


Infrastructure as Code
• IaaS achieves  
program/system can operate infrastructure

• We don’t need to do all by hand.

• How about a configuration?

• We can automate a server configuration

• Configuration Management Tools

• CFEngine, LCFG, BCFG

• Apply configuration

• Test if the configuration is current

View Slide


Deﬁne what the server should be.
• Manual deployment

• 1. Install Apache, 2. Set the document root

• What if somebody uninstalled a Apache?

• Re-apply a entire installation step?

• Deﬁne a state not a procedure

• Apache should be installed

• Document root should be “/var/www/htdocs”

• Puppet, Chef

View Slide


Idempotence / ႈ౳ੑ
• Idempotence is the property of certain
operations in mathematics and computer
science, that can be applied multiple times
without changing the result beyond the initial
application.

• ৘ใ޻ֶʹ͓͚Δႈ౳ͱ͸ɺ͋Δૢ࡞Λ1౓
ߦͬͯ΋ෳ਺ճߦͬͯ΋ಉ͡ޮՌͱͳΔ͜ͱΛ
ݴ͏ɻಛʹɺԿճߦͬͯ΋Τϥʔ΍ෆ੔߹ͷঢ়
ଶ͕มΘΒͳ͍ૢ࡞Λࢦ͢ɻ

View Slide


What Puppet, Chef do?
• Keep a machine to meet a defined state

• Automated server configuration

• Defined state

• Completing an installation on abandoned server

• Somebody abandoned an installation in a middle

• Update a server configuration to current

• Revert a temporary change to original configuration

• Operating System independent configuration

• With version control tools

• Track changes on the infrastructure

• Review the changes before applying to whole server

View Slide


Puppet repository on GitHub

View Slide


Security update with Automation
• Automation tools can help deployment of
security patches

• Recipe example;

• We don’t need to patch all servers by hand!!
package {
"openssl":
ensure => "latest";
"libssl":
ensure => "latest";
"unsafesoftware":
ensure => "purged";
}

View Slide


Test driven Development
• Puppet/Chef enables automated server conﬁguration

• How we assure the recipe applied to all servers?

• SSH login and conﬁrm?

• In software development, we have test-driven
development

• Write a test case what function/program is expected to
work

• Write a function/program

• Run a test if function/program works correctly

• Let’s do a same thing!

View Slide


Test driven Infrastructure
• Test the infrastructure if it meets the test case

• Apache is installed

• OpenSSL is up-to-date

• Test-driven Infrastructure

• Write a test case of infrastructure

• Write a recipe of automation tool

• Apply the recipe to servers

• Run a test case

• Serverspec

View Slide


Serverspec example
require "spec_helper"
describe 'nginx' do
it { should be_installed }
it { should be_enabled }
it { should be_running }
end
describe 'port 443' do
it { should be_listening }
end
describe '/etc/nginx/nginx.conf' do
it { should be_file }
it { should contain "server_name" blog.nunnun.jp }
end

View Slide


Old-fashioned software development
• Code a module

• Then merge modules and test

• Most of the case, it fails!!

• Someone will ﬁx the issue

• Someone will implement new feature

• Then merge again, of course it will fail!
MS Project image from http://projectsproﬁler.com/images/blog/msfsw_1.PNG

View Slide


Continuous Integration (CI)
• Any changes must be tested with entire system.

• If you ﬁnd issues, contact other developer to ﬁx
the issue.

View Slide


CI on Infrastructure
• Unable to test a recipe before applying

• Sometimes untested recipe breaks a
production server

• Want to test my recipe before applying 
production server

• Test a recipe before applying production
environment with test environment

• Test environment is build from scratch in every
test using container technologies (Docker)
# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for
ldap0.kamoike.net
Info: Applying configuration version
'1431407810'
Error: /Stage[main]/Kamoikeldap::Server/
Openldap::Server::Dbindex[master_mdb_conf
ig_entryCSN]/
Openldap_dbindex[master_mdb_config_entryC
SN]/ensure: change from absent to present
failed: LDIF content:
dn: olcDatabase={1}mdb,cn=config
add: olcDbIndex
olcDbIndex: entryCSN eq
Error message: Execution of '/usr/bin/
ldapmodify -Y EXTERNAL -H ldapi:/// -f /
tmp/
openldap_dbindex20150514-9204-17e4z8y'
returned 20: SASL/EXTERNAL authentication
started
SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=ex
ternal,cn=auth
SASL SSF: 0
ldap_modify: Type or value exists (20)
additional info: modify/add:
olcDbIndex: value #0 already exists
modifying entry "olcDatabase={1}
mdb,cn=config"
Notice: Finished catalog run in 2.08
seconds

View Slide


Immutable / Disposable Infrastructure
• Immutable 
มΘΒͳ͍ɺมԽ͠ͳ͍ɺෆมͷɺෆқͷɺม
͑Δ͜ͱͷͰ͖ͳ͍ɺมߋෆՄೳͳ

• Disposable 
࢖͍ࣺͯͷɺ؆୯ʹॲ෼Ͱ͖Δɺ࢖͍ࣺͯͰ͖
Δ

View Slide


Amazon’s example
• Deploy 1,000 times per hour
Image from http://www.publickey1.jp/blog/12/amazon11000_aws_reinventday2_am.html

View Slide


Amazon’s example
Image from http://www.publickey1.jp/blog/12/amazon11000_aws_reinventday2_am.html

View Slide


So…
• If your Mac/PC is not working good, 
we sometimes reinstall the OS and setup again.

• Same thing

• Build an instance based on recipe,

• If it works correctly, use it

• If not, just keep using old instance

View Slide


Conclusion
• Focus on server operations and deployment

• Old-fashioned deployment

• Infrastructure as a Service

• Infrastructure as Code

• Test-driven Infrastructure

• Continuous Integration on Infrastructure

• Immutable / Disposable Infrastructure

• Now we’re able to design and code an infrastructure

• How about network?

• It may be possible, but more diﬃcult.

• e.g. Route change continuously by external issues

View Slide

Introduction to Server Operations and Automations

Introduction to Server Operations and Automations

Hirotaka Nakajima

More Decks by Hirotaka Nakajima

Other Decks in Technology

Featured

Transcript