Server Administration in Python with Fabric, Cuisine and Watchdog

ffunction inc. Fabric, Cuisine & Monitoring Sébastien Pierre, ffunction inc.
@Confoo, February 2011 www.ffctn.com

ffunction inc. How to use Python for Server Administration Thanks
to Fabric Cuisine* & monitoring* *custom tools

ffunction inc. The way we use servers has changed

ffunction inc. WEB SERVER The era of dedicated servers DATABASE
SERVER EMAIL SERVER Hosted in your server room or in colocation

SERVER EMAIL SERVER Hosted in your server room or in colocation Sysadmins typically SSH and configure the servers live Sysadmins typically SSH and configure the servers live

SERVER EMAIL SERVER Hosted in your server room or in colocation The servers are conservatively managed, updates are risky The servers are conservatively managed, updates are risky

ffunction inc. SLICE 1 The era of slices/VPS SLICE 10
Linode.com SLICE 11 SLICE 9 SLICE 1 SLICE 1 SLICE 1 SLICE 1 SLICE 6 Amazon Ec2 We now have multiple small virtual servers (slices/VPS) We now have multiple small virtual servers (slices/VPS)

Linode.com SLICE 11 SLICE 9 SLICE 1 SLICE 1 SLICE 1 SLICE 1 SLICE 6 Amazon Ec2 Often located in different data-centers Often located in different data-centers

Linode.com SLICE 11 SLICE 9 SLICE 1 SLICE 1 SLICE 1 SLICE 1 SLICE 6 Amazon Ec2 ...and sometimes with different providers ...and sometimes with different providers

Linode.com SLICE 11 SLICE 9 SLICE 1 SLICE 1 SLICE 1 SLICE 1 SLICE 6 Amazon Ec2 DEDICATED SERVER 1 DEDICATED SERVER 2 IWeb.com We even sometimes still have physical, dedicated servers We even sometimes still have physical, dedicated servers

ffunction inc. The challenge ORDER SERVER

ffunction inc. The challenge ORDER SERVER SETUP SERVER

ffunction inc. The challenge ORDER SERVER SETUP SERVER Create users,
groups Customize config files Install base packages Create users, groups Customize config files Install base packages

ffunction inc. The challenge ORDER SERVER SETUP SERVER DEPLOY APPLICATION

Install app-specific packages deploy application start services Install app-specific packages deploy application start services

MAKE THIS PROCESS AS FAST (AND SIMPLE) AS POSSIBLE

ffunction inc. The challenge

ffunction inc. The challenge Quickly integrate your new server in
the existing architecture Quickly integrate your new server in the existing architecture

ffunction inc. The challenge ...and make sure it's running! ...and
make sure it's running!

ffunction inc. Today's menu FABRIC Interact with your remote machines
as if they were local

ffunction inc. Today's menu FABRIC CUISINE Interact with your remote
machines as if they were local Takes care of users, group, packages and configuration of your new machine

ffunction inc. Today's menu FABRIC CUISINE monitoring Interact with your
remote machines as if they were local Takes care of users, group, packages and configuration of your new machine Ensures that your servers and services are up and running

ffunction inc. Today's menu FABRIC CUISINE monitoring Interact with your
remote machines as if they were local Takes care of users, group, packages and configuration of your new machine Ensures that your servers and services are up and running Made by Made by

ffunction inc. Part 1 Fabric - http://fabfile.org application deployment &
systems administration tasks

ffunction inc. Fabric is a Python library and command-line tool
for streamlining the use of SSH for application deployment or systems administration tasks.

ffunction inc. Fabric is a Python library and command-line tool
for streamlining the use of SSH for application deployment or systems administration tasks. Wait... what does that mean ? Wait... what does that mean ?

ffunction inc. Streamlining SSH version = os.popen(“ssh myserver 'cat /proc/version'”).read()
version = run(“cat /proc/version”) By hand: Using Fabric:

ffunction inc. Streamlining SSH version = os.popen(“ssh myserver 'cat /proc/version').read()
from fabric.api import * env.hosts = [“myserver”] version = run(“cat /proc/version”) By hand: Using Fabric:

from fabric.api import * env.hosts = [“myserver”] version = run(“cat /proc/version”) By hand: Using Fabric: You can specify multiple hosts and run the same commands across them You can specify multiple hosts and run the same commands across them

from fabric.api import * env.hosts = [“myserver”] version = run(“cat /proc/version”) By hand: Using Fabric: Connections will be lazily created and pooled Connections will be lazily created and pooled

from fabric.api import * env.hosts = [“myserver”] version = run(“cat /proc/version”) By hand: Using Fabric: Failures ($STATUS) will be handled just like in Make Failures ($STATUS) will be handled just like in Make

ffunction inc. Example: Installing packages sudo(“aptitude install nginx”) if run("dpkg
-s %s | grep 'Status:' ; true" % package).find("installed") == -1: sudo("aptitude install '%s'" % (package)

-s %s | grep 'Status:' ; true" % package).find("installed") == -1: sudo("aptitude install '%s'" % (package) It's easy to take action depending on the result It's easy to take action depending on the result

-s %s | grep 'Status:' ; true" % package).find("installed") == -1: sudo("aptitude install '%s'" % (package) Note that we add true so that the run() always succeeds* * there are other ways... Note that we add true so that the run() always succeeds* * there are other ways...

ffunction inc. Example: retrieving system status disk_usage = run(“df -kP”)
mem_usage = run(“cat /proc/meminfo”) cpu_usage = run(“cat /proc/stat” print disk_usage, mem_usage, cpu_info

ffunction inc. Example: retrieving system status disk_usage = run(“df -kP”)
mem_usage = run(“cat /proc/meminfo”) cpu_usage = run(“cat /proc/stat” print disk_usage, mem_usage, cpu_info Very useful for getting live information from many different servers Very useful for getting live information from many different servers

ffunction inc. Fabfile.py from fabric.api import * from mysetup import
* env.host = [“server1.myapp.com”] def setup(): install_packages(“...”) update_configuration() create_users() start_daemons() $ fab setup

* env.host = [“server1.myapp.com”] def setup(): install_packages(“...”) update_configuration() create_users() start_daemons() $ fab setup Just like Make, you write rules that do something Just like Make, you write rules that do something

* env.host = [“server1.myapp.com”] def setup(): install_packages(“...”) update_configuration() create_users() start_daemons() $ fab setup ...and you can specify on which servers the rules will run ...and you can specify on which servers the rules will run

ffunction inc. Multiple hosts @hosts(“db1.myapp”) def backup_db(): run(...) env.hosts =
[ “db1.myapp.com”, “db2.myapp.com”, “db3.myapp.com” ]

ffunction inc. Roles $ fab -R web setup env.roledefs =
{ 'web': ['www1', 'www2', 'www3'], 'dns': ['ns1', 'ns2'] }

ffunction inc. Roles $ fab -R web setup env.roledefs =
{ 'web': ['www1', 'www2', 'www3'], 'dns': ['ns1', 'ns2'] } Will run the setup rule only on hosts members of the web role. Will run the setup rule only on hosts members of the web role.

ffunction inc. Some facts about Fabric Fabric 1.0 just released!
On March, 4th 2011 3 years of development First commit 1161 days ago (on March 10th, 2011) Related Projects Opscode's Chef and Puppet

ffunction inc. What's good about Fabric? Low-level Basically an ssh()
command that returns the result Simple primitives run(), sudo(), get(), put(), local(), prompt(), reboot() No magic No DSL, no abstraction, just a remote command API

ffunction inc. What could be improved ? Ease common admin
tasks User, group creation. Files, directory operations. Abstract primitives Like install package, so that it works with different OS Templates To make creating/updating configuration files easy

ffunction inc. Cuisine: Chef-like functionality for Fabric

ffunction inc. Part 2 Cuisine

ffunction inc. What is Opscode's Chef? Recipes Scripts/packages to install
and configure services and applications API A DSL-like Ruby API to interact with the OS (create users, groups, install packages, etc) Architecture Client-server or “solo” mode to push and deploy your new configurations http://wiki.opscode.com/display/chef/Home

ffunction inc. What I liked about Chef Flexible You can
use the API or shell commands Structured Helped me have a clear decomposition of the services installed per machine Community Lots of recipes already available from http://cookbooks.opscode.com/

ffunction inc. What I didn't like Too many files and
directories Code is spread out, hard to get the big picture Abstraction overload API not very well documented, frequent fall backs to plain shell scripts within the recipe No “smart” recipe Recipes are applied all the time, even when it's not necessary

ffunction inc. The question that kept coming... Django recipe: 5
files, 2 directories sudo aptitude install apache2 python django- python What it does, in essence

ffunction inc. The question that kept coming... Django recipe: 5
files, 2 directories sudo aptitude install apache2 python django- python What it does, in essence Is this really necessary for what I want to do ? Is this really necessary for what I want to do ?

ffunction inc. What I loved about Fabric Bare metal ssh()
function, simple and elegant set of primitives No magic No abstraction, no model, no compilation Two-way communication Easy to change the rule's behaviour according to the output (ex: do not install something that's already installed)

ffunction inc. What I needed Fabric

ffunction inc. What I needed Fabric File I/O File I/O

User/Group Management User/Group Management

Package Management Package Management User/Group Management User/Group Management

Package Management Package Management User/Group Management User/Group Management Text processing & Templates Text processing & Templates

ffunction inc. How I wanted it Simple “flat” API [object]_[operation]
where operation is something in “create”, “read”, “update”, “write”, “remove”, “ensure”, etc... Driven by need Only implement a feature if I have a real need for it No magic Everything is implemented using sh-compatible commands No unnecessary structure Everything fits in one file, no imposed file layout

ffunction inc. Cuisine: Example fabfile.py from cuisine import * env.host
= [“server1.myapp.com”] def setup(): package_ensure(“python”, “apache2”, “python-django”) user_ensure(“admin”, uid=2000) upstart_ensure(“django”) $ fab setup

= [“server1.myapp.com”] def setup(): package_ensure(“python”, “apache2”, “python-django”) user_ensure(“admin”, uid=2000) upstart_ensure(“django”) $ fab setup Fabric's core functions are already imported Fabric's core functions are already imported

= [“server1.myapp.com”] def setup(): package_ensure(“python”, “apache2”, “python-django”) user_ensure(“admin”, uid=2000) upstart_ensure(“django”) $ fab setup Cuisine's API calls Cuisine's API calls

ffunction inc. File I/O

ffunction inc. Cuisine : File I/O • file_exists does remote
file exists? • file_read reads remote file • file_write write data to remote file • file_append appends data to remote file • file_attribs chmod & chown • file_remove

ffunction inc. Cuisine : File I/O • file_exists does remote
file exists? • file_read reads remote file • file_write write data to remote file • file_append appends data to remote file • file_attribs chmod & chown • file_remove Supports owner/group and mode change Supports owner/group and mode change

ffunction inc. Cuisine : File I/O (directories) • dir_exists does
remote file exists? • dir_ensure ensures that a directory exists • dir_attribs chmod & chown • dir_remove

ffunction inc. Cuisine : File I/O + • file_update(location, updater=lambda
_:_) package_ensure("mongodb-snapshot") def update_configuration( text ): res = [] for line in text.split("\n"): if line.strip().startswith("dbpath="): res.append("dbpath=/data/mongodb") elif line.strip().startswith("logpath="): res.append("logpath=/data/logs/mongodb.log") else: res.append(line) return "\n".join(res) file_update("/etc/mongodb.conf", update_configuration)

_:_) package_ensure("mongodb-snapshot") def update_configuration( text ): res = [] for line in text.split("\n"): if line.strip().startswith("dbpath="): res.append("dbpath=/data/mongodb") elif line.strip().startswith("logpath="): res.append("logpath=/data/logs/mongodb.log") else: res.append(line) return "\n".join(res) file_update("/etc/mongodb.conf", update_configuration) This replaces the values for configuration entries dbpath and logpath This replaces the values for configuration entries dbpath and logpath

_:_) package_ensure("mongodb-snapshot") def update_configuration( text ): res = [] for line in text.split("\n"): if line.strip().startswith("dbpath="): res.append("dbpath=/data/mongodb") elif line.strip().startswith("logpath="): res.append("logpath=/data/logs/mongodb.log") else: res.append(line) return "\n".join(res) file_update("/etc/mongodb.conf", update_configuration) The remote file will only be changed if the content is different The remote file will only be changed if the content is different

ffunction inc. User Management

ffunction inc. Cuisine: User Management • user_exists does the user
exists? • user_create create the user • user_ensure create the user if it doesn't exist

ffunction inc. Cuisine: Group Management • group_exists does the group
exists? • group_create create the group • group_ensure create the group if it doesn't exist • group_user_exists does the user belong to the group? • group_user_add adds the user to the group • group_user_ensure

ffunction inc. Package Management

ffunction inc. Cuisine: Package Management • package_exists is the package
available ? • package_installed is it installed ? • package_install install the package • package_ensure ... only if it's not installed • package_upgrade upgrades the/all package(s)

ffunction inc. Text & Templates

ffunction inc. Cuisine: Text transformation text_ensure_line(text, lines) file_update( "/home/user/.profile", lambda
_:text_ensure_line(_, "PYTHONPATH=/opt/lib/python:${PYTHONPATH};" "export PYTHONPATH" ))

ffunction inc. Cuisine: Text transformation text_ensure_line(text, lines) file_update( "/home/user/.profile", lambda
_:text_ensure_line(_, "PYTHONPATH=/opt/lib/python:${PYTHONPATH};" "export PYTHONPATH" )) Ensures that the PYTHONPATH variable is set and exported, If not, these lines will be appended. Ensures that the PYTHONPATH variable is set and exported, If not, these lines will be appended.

ffunction inc. Cuisine: Text transformation text_replace_line(text, old, new, find=.., process=...)
configuration = local_read("server.conf") for key, value in variables.items(): configuration, replaced = text_replace_line( configuration, key + "=", key + "=" + repr(value), process=lambda text:text.split("=")[0].strip() )

configuration = local_read("server.conf") for key, value in variables.items(): configuration, replaced = text_replace_line( configuration, key + "=", key + "=" + repr(value), process=lambda text:text.split("=")[0].strip() ) Replaces lines that look like VARIABLE=VALUE with the actual values from the variables dictionary. Replaces lines that look like VARIABLE=VALUE with the actual values from the variables dictionary.

configuration = local_read("server.conf") for key, value in variables.items(): configuration, replaced = text_replace_line( configuration, key + "=", key + "=" + repr(value), process=lambda text:text.split("=")[0].strip() ) The process lambda transforms input lines before comparing them. Here the lines are stripped of spaces and of their value. The process lambda transforms input lines before comparing them. Here the lines are stripped of spaces and of their value.

ffunction inc. Cuisine: Text transformation text_strip_margin(text) file_write(".profile", text_strip_margin( """ |export
PATH="$HOME/bin":$PATH |set -o vi """ ))

ffunction inc. Cuisine: Text transformation text_strip_margin(text) file_write(".profile", text_strip_margin( """ |export
PATH="$HOME/bin":$PATH |set -o vi """ )) Everything after the | separator will be output as content. It allows to easily embed text templates within functions. Everything after the | separator will be output as content. It allows to easily embed text templates within functions.

ffunction inc. Cuisine: Text transformation text_template(text, variables) text_template(text_strip_margin( """ |cd
${DAEMON_PATH} |exec ${DAEMON_EXEC_PATH} """ ), dict( DAEMON_PATH="/opt/mongodb", DAEMON_EXEC_PATH="/opt/mongodb/mongod" ))

ffunction inc. Cuisine: Text transformation text_template(text, variables) text_template(text_strip_margin( """ |cd
${DAEMON_PATH} |exec ${DAEMON_EXEC_PATH} """ ), dict( DAEMON_PATH="/opt/mongodb", DAEMON_EXEC_PATH="/opt/mongodb/mongod" )) This is a simple wrapper around Python (safe) string.template() function This is a simple wrapper around Python (safe) string.template() function

ffunction inc. Cuisine: Goodies • ssh_keygen generates DSA keys •
ssh_authorize authorizes your key on the remote server • mode_sudo run() always uses sudo • upstart_ensure ensures the given daemon is running & more!

ffunction inc. Cuisine Tips: Structuring your rules BOOTSTRAP

ffunction inc. Cuisine Tips: Structuring your rules BOOTSTRAP You just
received your new VPS, and you want to set it up so that you have a base system that you can access without typing a password You just received your new VPS, and you want to set it up so that you have a base system that you can access without typing a password

ffunction inc. Cuisine Tips: Structuring your rules BOOTSTRAP SETUP

ffunction inc. Cuisine Tips: Structuring your rules BOOTSTRAP SETUP You
install your users, groups, preferred packages and configuration. You also install you applications. You install your users, groups, preferred packages and configuration. You also install you applications.

ffunction inc. Cuisine Tips: Structuring your rules BOOTSTRAP SETUP UPDATE

You want to deploy the new version of the application you just built You want to deploy the new version of the application you just built

def bootstrap(): # Secure SSH, create admin user # Authorize SSH public keys # Remove unwanted packages

def setup(): # Create directories (ex: /opt/data, /opt/services, etc) # Create user/groups (ex: apps, services, etc) # Install base tools (ex: screen, fail2ban, zsh, etc) # Edit configuration (ex: profile, inputrc, etc) # Install and run your application

def update(): # Download your application update # Freeze/stop the running application # Install the update # Reload/restart your application # Test that everything is OK

ffunction inc. Why use Cuisine ? • Simple API for
remote-server manipulation Files, users, groups, packages • Shell commands for specific tasks only Avoid problems with your shell commands by only using run() for very specific tasks • Cuisine tasks are not stupid *_ensure() commands won't do anything if it's not necessary

ffunction inc. Limitations • Limited to sh-shells Operations will not
work under csh • Only written/tested for Ubuntu Linux Contributors could easily port commands

ffunction inc. Get started ! On Github: http://github.com/sebastien/cuisine 1 short
Python file Documented API

ffunction inc. Part 3 monitoring Server and services monitoring

ffunction inc. The problem

ffunction inc. The problem Low disk space Low disk space

ffunction inc. The problem Archive files Rotate logs Purge cache
Archive files Rotate logs Purge cache

ffunction inc. The problem HTTP server has high latency HTTP
server has high latency

ffunction inc. The problem Restart HTTP server Restart HTTP server

ffunction inc. The problem System load is too high System
load is too high

ffunction inc. The problem re-nice important processes re-nice important processes

ffunction inc. We want to be notified when problems occur

ffunction inc. We want automatic actions to be taken whenever
possible

ffunction inc. (Some of the) existing solutions Monit, God, Supervisord,
Upstart Focus on starting/restarting daemons and services Munin, Cacti Focus on visualization of RRDTool data Collectd Focus on collecting and publishing data

ffunction inc. The ideal tool Wide spectrum Data collection, service
monitoring, actions Easy setup and deployment No complex installation or configuration Flexible server architecture Can monitor local or remote processes Customizable and extensible From restarting deamons to monitoring whole servers

ffunction inc. Hello, monitoring! SERVICE

ffunction inc. Hello, monitoring! RULE SERVICE

ffunction inc. Hello, monitoring! RULE SERVICE A service is a
collection of RULES A service is a collection of RULES

ffunction inc. Hello, monitoring! RULE SERVICE HTTP Request CPU, Disk,
Mem % Process status I/O Bandwidth

ffunction inc. Hello, monitoring! RULE SERVICE HTTP Request CPU, Disk,
Mem % Process status I/O Bandwidth Each rule retrieves data and processes it. Rules can SUCCEED or FAIL Each rule retrieves data and processes it. Rules can SUCCEED or FAIL

ffunction inc. Hello, monitoring! RULE ACTION SERVICE HTTP Request CPU,
Disk, Mem % Process status I/O Bandwidth

Disk, Mem % Process status I/O Bandwidth Logging XMPP, Email notifications Start/stop process ….

Disk, Mem % Process status I/O Bandwidth Logging XMPP, Email notifications Start/stop process …. Actions are bound to rule, triggered on rule SUCCESS or FAILURE Actions are bound to rule, triggered on rule SUCCESS or FAILURE

ffunction inc. Execution Model MONITOR

ffunction inc. Execution Model MONITOR RULE (frequency in ms) SERVICE
DEFINITION

DEFINITION Services are registered in the monitor Services are registered in the monitor

DEFINITION Rules defined in the service are executed every N ms (frequency) Rules defined in the service are executed every N ms (frequency) Rules defined in the service are executed every N ms (frequency) Rules defined in the service are executed every N ms (frequency)

ffunction inc. Execution Model MONITOR RULE (frequency in ms) ACTION
ACTION ACTION SERVICE DEFINITION SUCCESS FAILURE

ACTION ACTION SERVICE DEFINITION If the rule SUCCEEDS actions will be sequentially executed If the rule SUCCEEDS actions will be sequentially executed SUCCESS FAILURE

ACTION ACTION SERVICE DEFINITION If the rule FAIL failure actions will be sequentially executed If the rule FAIL failure actions will be sequentially executed SUCCESS FAILURE

ffunction inc. Monitoring a remote machine #!/usr/bin/env python from monitoring
import * Monitor( Service( name = "google-search-latency", monitor = ( HTTP( GET="http://www.google.ca/search?q=monitoring", freq=Time.s(1), timeout=Time.ms(80), fail=[ Print("Google search query took more than 50ms") ] ) ) ) ).run()

import * Monitor( Service( name = "google-search-latency", monitor = ( HTTP( GET="http://www.google.ca/search?q=monitoring", freq=Time.s(1), timeout=Time.ms(80), fail=[ Print("Google search query took more than 50ms") ] ) ) ) ).run() A monitor is like the “main” for monitoring. It actively monitors services. A monitor is like the “main” for monitoring. It actively monitors services.

import * Monitor( Service( name = "google-search-latency", monitor = ( HTTP( GET="http://www.google.ca/search?q=monitoring", freq=Time.s(1), timeout=Time.ms(80), fail=[ Print("Google search query took more than 50ms") ] ) ) ) ).run() Don't forget to call run() on it Don't forget to call run() on it

import * Monitor( Service( name = "google-search-latency", monitor = ( HTTP( GET="http://www.google.ca/search?q=monitoring", freq=Time.s(1), timeout=Time.ms(80), fail=[ Print("Google search query took more than 50ms") ] ) ) ) ).run() The service monitors the rules The service monitors the rules

import * Monitor( Service( name = "google-search-latency", monitor = ( HTTP( GET="http://www.google.ca/search?q=monitoring", freq=Time.s(1), timeout=Time.ms(80), fail=[ Print("Google search query took more than 50ms") ] ) ) ) ).run() The HTTP rule allows to test an URL The HTTP rule allows to test an URL And we display a message in case of failure And we display a message in case of failure

import * Monitor( Service( name = "google-search-latency", monitor = ( HTTP( GET="http://www.google.ca/search?q=monitoring", freq=Time.s(1), timeout=Time.ms(80), fail=[ Print("Google search query took more than 50ms") ] ) ) ) ).run() If it there is a 4XX or it timeouts, the rule will fail and display an error message If it there is a 4XX or it timeouts, the rule will fail and display an error message

ffunction inc. Monitoring a remote machine $ python example-service-monitoring.py 2011-02-27T22:33:18
monitoring --- #0 (runners=1,threads=2,duration=0.57s) 2011-02-27T22:33:18 monitoring [!] Failure on HTTP(GET="www.google.ca:80/search? q=monitoring",timeout=0.08) : Socket error: timed out Google search query took more than 50ms 2011-02-27T22:33:19 monitoring --- #1 (runners=1,threads=2,duration=0.73s) 2011-02-27T22:33:20 monitoring --- #2 (runners=1,threads=2,duration=0.54s) 2011-02-27T22:33:21 monitoring --- #3 (runners=1,threads=2,duration=0.69s) 2011-02-27T22:33:22 monitoring --- #4 (runners=1,threads=2,duration=0.77s) 2011-02-27T22:33:23 monitoring --- #5 (runners=1,threads=2,duration=0.70s)

ffunction inc. Sending Email Notification send_email = Email( "[email protected]", "[monitoring]Google
Search Latency Error", "Latency was over 80ms" "smtp.gmail.com", "myusername", "mypassword" ) […] HTTP( GET="http://www.google.ca/search?q=monitoring", freq=Time.s(1), timeout=Time.ms(80), fail=[ send_email ] )

Search Latency Error", "Latency was over 80ms" "smtp.gmail.com", "myusername", "mypassword" ) […] HTTP( GET="http://www.google.ca/search?q=monitoring", freq=Time.s(1), timeout=Time.ms(80), fail=[ send_email ] ) The Email rule will send an email to [email protected] when triggered The Email rule will send an email to [email protected] when triggered

Search Latency Error", "Latency was over 80ms" "smtp.gmail.com", "myusername", "mypassword" ) […] HTTP( GET="http://www.google.ca/search?q=monitoring", freq=Time.s(1), timeout=Time.ms(80), fail=[ send_email ] ) This is how we bind the action to the rule failure This is how we bind the action to the rule failure

ffunction inc. Sending Email+Jabber Notification send_xmpp = XMPP( "[email protected]", "monitoring:
Google search latency over 80ms", "[email protected]", "myspassword" ) […] HTTP( GET="http://www.google.ca/search?q=monitoring", freq=Time.s(1), timeout=Time.ms(80), fail=[ send_email, send_xmpp ] )

ffunction inc. Monitoring incident: when something fails repeatedly during a
given period of time

ffunction inc. Monitoring incident: when something fails repeatedly during a
given period of time You don't want to be notified all the time, only when it really matters. You don't want to be notified all the time, only when it really matters.

ffunction inc. Detecting incidents HTTP( GET="http://www.google.ca/search?q=monitoring", freq=Time.s(1), timeout=Time.ms(80), fail=[ Incident(
errors = 5, during = Time.s(10), actions = [send_email,send_xmpp] ) ] )

errors = 5, during = Time.s(10), actions = [send_email,send_xmpp] ) ] ) An incident is a “smart” action : it will only do something when the condition is met An incident is a “smart” action : it will only do something when the condition is met

errors = 5, during = Time.s(10), actions = [send_email,send_xmpp] ) ] ) When at least 5 errors... When at least 5 errors...

errors = 5, during = Time.s(10), actions = [send_email,send_xmpp] ) ] ) ...happen over a 10 seconds period ...happen over a 10 seconds period

errors = 5, during = Time.s(10), actions = [send_email,send_xmpp] ) ] ) The Incident action will trigger the given actions The Incident action will trigger the given actions

ffunction inc. Example: Ensuring a service is running from monitoring
import * Monitor( Service( name="myservice-ensure-up", monitor=( HTTP( GET="http://localhost:8000/", freq=Time.ms(500), fail=[ Incident( errors=5, during=Time.s(5), actions=[ Restart("myservice-start.py") ])] )))).run()

import * Monitor( Service( name="myservice-ensure-up", monitor=( HTTP( GET="http://localhost:8000/", freq=Time.ms(500), fail=[ Incident( errors=5, during=Time.s(5), actions=[ Restart("myservice-start.py") ])] )))).run() We test if we can GET http://localhost:8000 within 500ms We test if we can GET http://localhost:8000 within 500ms

import * Monitor( Service( name="myservice-ensure-up", monitor=( HTTP( GET="http://localhost:8000/", freq=Time.ms(500), fail=[ Incident( errors=5, during=Time.s(5), actions=[ Restart("myservice-start.py") ])] )))).run() If we can't reach it during 5 seconds If we can't reach it during 5 seconds

import * Monitor( Service( name="myservice-ensure-up", monitor=( HTTP( GET="http://localhost:8000/", freq=Time.ms(500), fail=[ Incident( errors=5, during=Time.s(5), actions=[ Restart("myservice-start.py") ])] )))).run() We kill and restart myservice-start.py We kill and restart myservice-start.py

ffunction inc. Example: Monitoring system health from monitoring import *
Monitor ( Service( name = "system-health", monitor = ( SystemInfo(freq=Time.s(1), success = ( LogResult("myserver.system.mem", extract=lambda r,_:r["memoryUsage"]), LogResult("myserver.system.disk", extract=lambda r,_:reduce(max,r["diskUsage"].values())), LogResult("myserver.system.cpu", extract=lambda r,_:r["cpuUsage"]), ) ), Delta( Bandwidth("eth0", freq=Time.s(1)), extract = lambda v:v["total"]["bytes"]/1000.0/1000.0, success = [LogResult("myserver.system.eth0.sent")] ), SystemHealth( cpu=0.90, disk=0.90, mem=0.90, freq=Time.s(60), fail=[Log(path="monitoring-system-failures.log")] ), ) ) ).run()

ffunction inc. Monitoring system health from monitoring import * Monitor
( Service( name = "system-health", monitor = ( SystemInfo(freq=Time.s(1), success = ( LogResult("myserver.system.mem", extract=lambda r,_:r["memoryUsage"]), LogResult("myserver.system.disk", extract=lambda r,_:reduce(max,r["diskUsage"].values())), LogResult("myserver.system.cpu", extract=lambda r,_:r["cpuUsage"]), ) ), Delta( Bandwidth("eth0", freq=Time.s(1)), extract = lambda v:v["total"]["bytes"]/1000.0/1000.0, success = [LogResult("myserver.system.eth0.sent")] ), SystemHealth( cpu=0.90, disk=0.90, mem=0.90, freq=Time.s(60), fail=[Log(path="monitoring-system-failures.log")] ), ) ) ).run()

( Service( name = "system-health", monitor = ( SystemInfo(freq=Time.s(1), success = ( LogResult("myserver.system.mem", extract=lambda r,_:r["memoryUsage"]), LogResult("myserver.system.disk", extract=lambda r,_:reduce(max,r["diskUsage"].values())), LogResult("myserver.system.cpu", extract=lambda r,_:r["cpuUsage"]), ) ), Delta( Bandwidth("eth0", freq=Time.s(1)), extract = lambda v:v["total"]["bytes"]/1000.0/1000.0, success = [LogResult("myserver.system.eth0.sent")] ), SystemHealth( cpu=0.90, disk=0.90, mem=0.90, freq=Time.s(60), fail=[Log(path="monitoring-system-failures.log")] ), ) ) ).run() SystemInfo will retrieve system information and return it as a dictionary SystemInfo will retrieve system information and return it as a dictionary

( Service( name = "system-health", monitor = ( SystemInfo(freq=Time.s(1), success = ( LogResult("myserver.system.mem=", extract=lambda r,_:r["memoryUsage"]), LogResult("myserver.system.disk=", extract=lambda r,_:reduce(max,r["diskUsage"].values())), LogResult("myserver.system.cpu=", extract=lambda r,_:r["cpuUsage"]), ) ), Delta( Bandwidth("eth0", freq=Time.s(1)), extract = lambda v:v["total"]["bytes"]/1000.0/1000.0, success = [LogResult("myserver.system.eth0.sent")] ), SystemHealth( cpu=0.90, disk=0.90, mem=0.90, freq=Time.s(60), fail=[Log(path="monitoring-system-failures.log")] ), ) ) ).run() We log each result by extracting the given value from the result dictionary (memoryUsage, diskUsage,cpuUsage) We log each result by extracting the given value from the result dictionary (memoryUsage, diskUsage,cpuUsage)

( Service( name = "system-health", monitor = ( SystemInfo(freq=Time.s(1), success = ( LogResult("myserver.system.mem=", extract=lambda r,_:r["memoryUsage"]), LogResult("myserver.system.disk=", extract=lambda r,_:reduce(max,r["diskUsage"].values())), LogResult("myserver.system.cpu=", extract=lambda r,_:r["cpuUsage"]), ) ), Delta( Bandwidth("eth0", freq=Time.s(1)), extract = lambda v:v["total"]["bytes"]/1000.0/1000.0, success = [LogResult("myserver.system.eth0.sent")] ), SystemHealth( cpu=0.90, disk=0.90, mem=0.90, freq=Time.s(60), fail=[Log(path="monitoring-system-failures.log")] ), ) ) ).run() Bandwidth collects network interface live traffic information Bandwidth collects network interface live traffic information

( Service( name = "system-health", monitor = ( SystemInfo(freq=Time.s(1), success = ( LogResult("myserver.system.mem=", extract=lambda r,_:r["memoryUsage"]), LogResult("myserver.system.disk=", extract=lambda r,_:reduce(max,r["diskUsage"].values())), LogResult("myserver.system.cpu=", extract=lambda r,_:r["cpuUsage"]), ) ), Delta( Bandwidth("eth0", freq=Time.s(1)), extract = lambda _:_["total"]["bytes"]/1000.0/1000.0, success = [LogResult("myserver.system.eth0.sent")] ), SystemHealth( cpu=0.90, disk=0.90, mem=0.90, freq=Time.s(60), fail=[Log(path="monitoring-system-failures.log")] ), ) ) ).run() But we don't want the total amount, we just want the difference. Delta does just that. But we don't want the total amount, we just want the difference. Delta does just that.

( Service( name = "system-health", monitor = ( SystemInfo(freq=Time.s(1), success = ( LogResult("myserver.system.mem=", extract=lambda r,_:r["memoryUsage"]), LogResult("myserver.system.disk=", extract=lambda r,_:reduce(max,r["diskUsage"].values())), LogResult("myserver.system.cpu=", extract=lambda r,_:r["cpuUsage"]), ) ), Delta( Bandwidth("eth0", freq=Time.s(1)), extract = lambda _:_["total"]["bytes"]/1000.0/1000.0, success = [LogResult("myserver.system.eth0.sent=")] ), SystemHealth( cpu=0.90, disk=0.90, mem=0.90, freq=Time.s(60), fail=[Log(path="monitoring-system-failures.log")] ), ) ) ).run() We print the result as before We print the result as before

( Service( name = "system-health", monitor = ( SystemInfo(freq=Time.s(1), success = ( LogResult("myserver.system.mem=", extract=lambda r,_:r["memoryUsage"]), LogResult("myserver.system.disk=", extract=lambda r,_:reduce(max,r["diskUsage"].values())), LogResult("myserver.system.cpu=", extract=lambda r,_:r["cpuUsage"]), ) ), Delta( Bandwidth("eth0", freq=Time.s(1)), extract = lambda _:_["total"]["bytes"]/1000.0/1000.0, success = [LogResult("myserver.system.eth0.sent=")] ), SystemHealth( cpu=0.90, disk=0.90, mem=0.90, freq=Time.s(60), fail=[Log(path="monitoring-system-failures.log")] ), ) ) ).run() SystemHealth will fail whenever the usage is above the given thresholds SystemHealth will fail whenever the usage is above the given thresholds

( Service( name = "system-health", monitor = ( SystemInfo(freq=Time.s(1), success = ( LogResult("myserver.system.mem=", extract=lambda r,_:r["memoryUsage"]), LogResult("myserver.system.disk=", extract=lambda r,_:reduce(max,r["diskUsage"].values())), LogResult("myserver.system.cpu=", extract=lambda r,_:r["cpuUsage"]), ) ), Delta( Bandwidth("eth0", freq=Time.s(1)), extract = lambda _:_["total"]["bytes"]/1000.0/1000.0, success = [LogResult("myserver.system.eth0.sent=")] ), SystemHealth( cpu=0.90, disk=0.90, mem=0.90, freq=Time.s(60), fail=[Log(path="monitoring-system-failures.log")] ), ) ) ).run() We'll log failures in a log file We'll log failures in a log file

ffunction inc. monitoring: Decentralized architecture APP SERVER STATIC FILE SERVER
DB SERVER SERVER

ffunction inc. monitoring: Decentralized architecture APP SERVER W STATIC FILE
SERVER DB SERVER SERVER Ensures the App is running (pid & HTTP test) Ensures the App is running (pid & HTTP test)

SERVER W DB SERVER SERVER Ensures the static file server is running an has low latency Ensures the static file server is running an has low latency

SERVER W DB SERVER SERVER W Ensures the DB is running and that queries are not too slow. Ensures the DB is running and that queries are not too slow.

ffunction inc. monitoring: Centralized Architecture APP SERVER STATIC FILE SERVER
DB SERVER SERVER

DB SERVER SERVER PLATFORM SERVER

DB SERVER SERVER PLATFORM SERVER W Does high-level (HTTP, SQL) queries on the servers and execute actions remotely when problems are detected Does high-level (HTTP, SQL) queries on the servers and execute actions remotely when problems are detected

ffunction inc. monitoring: Deploying on Ubuntu UPSTART! UPSTART!

ffunction inc. monitoring: Deploying on Ubuntu # upstart - monitoring
Configuration File # ===================================== # updated: 2011-02-28 description "monitoring - service monitoring daemon" author "Sebastien Pierre <[email protected]>" start on (net-device-up and local-filesystems) stop on runlevel [016] respawn script # NOTE: Change this to wherever the monitoring is installed monitoring_HOME=/opt/services/monitoring cd $monitoring_HOME # NOTE: Change this to wherever your custom monitoring script is installed python monitoring.py end script console output # EOF

ffunction inc. monitoring: Deploying on Ubuntu # upstart - monitoring
Configuration File # ===================================== # updated: 2011-02-28 description "monitoring - service monitoring daemon" author "Sebastien Pierre <[email protected]>" start on (net-device-up and local-filesystems) stop on runlevel [016] respawn script # NOTE: Change this to wherever the monitoring is installed monitoring_HOME=/opt/services/monitoring cd $monitoring_HOME # NOTE: Change this to wherever your custom monitoring script is installed python monitoring.py end script console output # EOF Save this file as /etc/init/monitoring.conf Save this file as /etc/init/monitoring.conf

ffunction inc. monitoring: Overview Monitoring DSL Declarative programming to define
monitoring strategy Wide spectrum From data collection to incident detection Flexible Does not impose a specific architecture

ffunction inc. monitoring: Use cases Ensure service availability Test and
stop/restart when problems Collect system statistics Log or send data through the network Alert on system or service health Take actions when the system stats is above threshold

ffunction inc. monitoring: What's coming? ZeroMQ channels Data streaming and
inter-monitoring comm. Documentation Only the basics, need more love! Contributors? Codebase is small and clear, start hacking!

ffunction inc. Get started ! On Github: monitoring 1 Python
file Documented API

ffunction inc. Merci ! www.ffctn.com [email protected] github.com/sebastien

Server Administration in Python with Fabric, Cuisine and Watchdog

Server Administration in Python with Fabric, Cuisine and Watchdog

More Decks by sebastien

Featured

Transcript