So I've heard of this continuous deployment concept and it all sounds great. I am keen to give it a go myself but am unsure where to start. So rather than attempt this with a production application in work I pick a nice small app that I've written to manage some of our application config.
This is a small web application hosted on one of our servers which has a database for persistence. Not much you might say but still has got the ingredients to try some sort of automatic deployment. To give you an idea of what I was trying to get away from I need to describe the evolution of the deployment.
What I started with
When writing the application I was not at all concerned about deployment, I could barely write html never mind get the thing running on an actual server. However as time went on I realised that I would have to have a go at getting this deployed out to a running server. This started with a very very manual process. First I had to install all the prerequisites, in this case python 2.7, mysql server, mysql-python connector, django and all those other little good things that it needed to run.
After that it's a matter of getting the code on the machine. For this I had a bunch of hand cranked scripts which replied heavily on ssh keys on my local machine to do the deployment. Not ideal. This really became apparent when other developers wanted to get in to make some changes. I wanted to remove this reliance on me as a bottle neck for deployments.
Conversion to rpm's
In step rpm's, Red Hats package management system. This was something we'd been trying to investigate in work of how to package our production code so I wanted to see how I could implement this as part of a trail run. This took care of the any scripts that had to run post deployment as all is catered for in the rpm word. A better solution alright however I was still taking the rpm down to my local VM after CI had built it and doing manual testing after an export from the live database.
Automated deployment to a test environment
In order to take me and my lovely VM out of the picture I really needed a test environment where I could tear down the database and recreate as necessary. This meant that I would be able to automatically deploy to this environment when the CI build had completed. A much better solution. In order to do this I had to get a new environment up and running, back to compiling and install python again. To hell with this I said - in order to be able to do this anywhere I really needed packages for all my dependencies as well.
I was much more confident in rpm's now so I created one for all the dependencies also, I now have a python rpm, a mysql-python rpm, a mod_wsgi rpm. All ready to set up on a new environment if I so wish. There was another angle on this as well - any developer could get up and running with a developer environment in no time, assuming they would use Red Hat or one of it's alternatives (CentOS in my case)
Current State
I'm now able to deploy to the test environment my new rpm from the build. I also scripted an export of the database, a fresh if you will before the deployment so that the test database would be as close as possible to live data. This means now more testing on my local VM to make sure that the rpm and deployment is up to scratch.
Next Steps
What now. Testing that's what. And lots of it. I'm of the opinion that in order for me to get to the point where I'm able to click the button to deploy to live, i.e. that I've deployed to the test environment and am able to test the change I need a bunch of integration tests. Something that I didn't do well in the first line of development, yes to my shame I cut some corners on the testing front.
I'm really feeling the pain of this architectural blunder now. I have very little confidence in what I add into the app will not regress some other part of it. The technical debt that I have to pay down is quite substantial on this front. There was a second side affect to this I didn't think of either. A social get out clause that other developers were able to see that I hadn't put effort into proper testing and were able to not bother with it themselves, further increasing the technical debt within the application.
Definitely the lessons learned here are that testing, while not an immediate concern at the time of writing the application, is key to be able to take the human out of the picture. I now have a deeper respect when jumping into writing a part of an application to the tests that need to be in place to support the change that I'm making and the resultant lack of confidence in my change if this is not done at the start.
Monday, October 29, 2012
Testing through your home firewall router
Recently I came across a problem where I needed to test a hosted service getting access to a port on my laptop. The general workflow was that I would initiate the request from the hosted service which would then talk to a service running on a tomcat on my local laptop.
There are a number of problems to get around when attempting to do this. First you can't just use your IP address as you see it on a command prompt ipconfig or ifconfig. The network address that you see here is the internal address that your home router has given you and any device connected to it. Therefore the hosted service isn't going to have a clue how to get to 192.168.0.*
What you need here is the external IP address from your home router. There are a number of ways to get this, including some websites that will display it for you but I went to the source - the router. Luckily there was a configuration page which told me the external IP that my router was using.
The next problem is your firewall. Most modern routers come with a firewall - for good reason - to stop those nasties from getting in to your local network. For this test I was testing for a short time so I was happy to bore a hole through my firewall to my local computer IP through port forwarding. This is where you select a port on the router and a port on your laptop and any traffic hitting your router via it's external IP will be forwarded to that port on your laptop through it's local network IP.
In my case I just forwarded port 80 to port 80 (the default) as I was able to set up my service on my local laptop on that port. So after all this was done I was ready to test. Initiating the test from the hosted service still did not work however...ragin.
The final thing that you need to complete is to turn off your windows firewall (if you're running windows). Since I had already let the traffic through the router it was the windows firewall that was blocking the traffic.
Very happy with myself for actually getting that done as I've never tried it before. Good fun.
Oh and yes, I did quickly turn on my firewall again after the testing was complete and remove the port forwarding!
There are a number of problems to get around when attempting to do this. First you can't just use your IP address as you see it on a command prompt ipconfig or ifconfig. The network address that you see here is the internal address that your home router has given you and any device connected to it. Therefore the hosted service isn't going to have a clue how to get to 192.168.0.*
What you need here is the external IP address from your home router. There are a number of ways to get this, including some websites that will display it for you but I went to the source - the router. Luckily there was a configuration page which told me the external IP that my router was using.
The next problem is your firewall. Most modern routers come with a firewall - for good reason - to stop those nasties from getting in to your local network. For this test I was testing for a short time so I was happy to bore a hole through my firewall to my local computer IP through port forwarding. This is where you select a port on the router and a port on your laptop and any traffic hitting your router via it's external IP will be forwarded to that port on your laptop through it's local network IP.
In my case I just forwarded port 80 to port 80 (the default) as I was able to set up my service on my local laptop on that port. So after all this was done I was ready to test. Initiating the test from the hosted service still did not work however...ragin.
The final thing that you need to complete is to turn off your windows firewall (if you're running windows). Since I had already let the traffic through the router it was the windows firewall that was blocking the traffic.
Very happy with myself for actually getting that done as I've never tried it before. Good fun.
Oh and yes, I did quickly turn on my firewall again after the testing was complete and remove the port forwarding!
Wednesday, June 13, 2012
MySQL GRANT oddities
The problem
Just yesterday after setting up a mysql slave I tried to switch the backups of the master to the slave, trying to reduce the load on the master. While trying the following command:
mysql> GRANT ALL ON *.* TO 'backupuser'@'localhost';
I got the following error:
Access denied for user 'root'@'localhost' (using password: NO)
hmmm, quite curious since I was logged into the mysql server as root. After some googling on the subject I found a weird little problem with the tables between versions.
This error above only happened because I had upgraded the mysql server from a 5.0 to a 5.5 server. I had thought there wasn't much to this, I also changed the location of the data directory to be a new partition to handle the amount of data that I had.
The crux of the issue was that during the upgrade I moved the data directory contents as well. Meaning that the old tables were in place with the new server.
The Solution
What I didn't realize was that I needed to upgrade the mysql tables from the old version to the new. So with the following command:
shell> mysql_upgrade
I got the above error again.
Access denied for user 'root'@'localhost' (using password: NO)
Damn! But not to worry, with the above command is able to take a username and password:
shell> mysql_upgrade -u root -p
Nice one I'm now in and it gives me a bunch of errors. Damn! Error code 13? Hold on that's a permissions error. I wonder if running it as the mysql user that has ownership of the data file tables will work:
shell> sudo su - mysql
shell> mysql_upgrade -u root -p
Nice, worked a charm this time.
I can now go back to my little grant that I was trying to do in the first place:
mysql> GRANT ALL ON *.* TO 'backupuser'@'localhost';
And I'm able to complete it. Nice one.
Friday, June 8, 2012
Implementing Kanban
Frustrations
A general frustration of mine of using an agile type board to track the work the team I am currently working in was that we had very little insight into what types of work that we completed. I had worked in a development team a while back and was very impressed about how good it can work for a team on a specific project. About a year and a half ago I moved into the DevOps type role, still a software developer by title but more concerned about the build and release side of things. The board that we implemented for this was the following:
A couple of things to note about this board.
Along with the changing role there were a great deal of work type baggage. For instance we might have to change build scripts, promote code, build the latest release candidate, fix a problem with an environment. The main change was that a good portion of this work was not planned, all very ad hoc. People coming up to our desk and saying "I need a build" or "the MQ server is down", stuff like that.
The problem with the above board is that none of this ad hoc work is visualized. This meant that the planned work sat in the backlog for a very very long time and the in progress stories were there for a long time too. Things would also come straight into next without be prioritized in the backlog either. So all in all, although being very busy, it felt like we were doing nothing cause the board wasn't moving.
Trying something different
I was then lucky enough to get on a conference about Lean. A couple of speakers at it specifically talked about Kanban for DevOps. This is a growing subject and I was very interested in how they applied lean/kanban to there teams work. It talked alot about visualizing the types of work that are completed by the team, showing the dependencies on other teams and how to make changes to the current way of things.
From this then we created a new board, after the first couple of days it looked something like this:
The things to note are:
The new swim lanes go a long way to showing the actual types of work that are coming across our desk. As you can see the different colors show that a good proportion of the work is actually incidents. These are not typically large jobs however they do involve a context switch which is time consuming in it's own right.
The difference it makes
There are a couple of differences we say this could make to the team.
Next Steps
Next steps will be what to do with the data that is being captured from the board. We are planning to clear the board every week and capture the data that we can get and then make some improvements. Cause that's the end game really, is to make some genuine improvements into the way that we work. This will mean that the "done" column will also be cleared down and the board will look fresh for the new week coming.
I'm still undecided whether or not there is enough data there to be useful to us, and what we're marking down is going to tell us anything. But what we record will possible change by having a look at what is useful to us with the data that we currently have.
Anyway, I might post something in a month or two about this to see if the same holds true, if we've made any improvements or just clean scrapped the board for something else.
A general frustration of mine of using an agile type board to track the work the team I am currently working in was that we had very little insight into what types of work that we completed. I had worked in a development team a while back and was very impressed about how good it can work for a team on a specific project. About a year and a half ago I moved into the DevOps type role, still a software developer by title but more concerned about the build and release side of things. The board that we implemented for this was the following:
A couple of things to note about this board.
- There's no rhyme or reason for the colors that are used
- The backlog is huge and rarely moves as things get put directly into next
- All the backlog items are "planned" work things that we need to get to at some point but very rarely get the time for
Along with the changing role there were a great deal of work type baggage. For instance we might have to change build scripts, promote code, build the latest release candidate, fix a problem with an environment. The main change was that a good portion of this work was not planned, all very ad hoc. People coming up to our desk and saying "I need a build" or "the MQ server is down", stuff like that.
The problem with the above board is that none of this ad hoc work is visualized. This meant that the planned work sat in the backlog for a very very long time and the in progress stories were there for a long time too. Things would also come straight into next without be prioritized in the backlog either. So all in all, although being very busy, it felt like we were doing nothing cause the board wasn't moving.
Trying something different
I was then lucky enough to get on a conference about Lean. A couple of speakers at it specifically talked about Kanban for DevOps. This is a growing subject and I was very interested in how they applied lean/kanban to there teams work. It talked alot about visualizing the types of work that are completed by the team, showing the dependencies on other teams and how to make changes to the current way of things.
From this then we created a new board, after the first couple of days it looked something like this:
The things to note are:
- There are three main swim lanes one for each type of work that we think we do, incidents (yellow), change requests (blue) and planned work (green) with a waiting for or impediment (pink) for problems
- We have a lot less in our backlog
- Blockers and waiting for are visualised
The new swim lanes go a long way to showing the actual types of work that are coming across our desk. As you can see the different colors show that a good proportion of the work is actually incidents. These are not typically large jobs however they do involve a context switch which is time consuming in it's own right.
The difference it makes
There are a couple of differences we say this could make to the team.
- Allows people coming up to the desk to see what work is currently going on and how there task would fit into the current work load
- Shows the flow across the board, meaning that it actually looks like we're doing something - this is more personal for me as I was able to feel better about the work getting done
- Data - it might not be apparent from the picture but we track how long something is sitting in the board with a start date and how long it is in progress with a dot for every day
Next Steps
Next steps will be what to do with the data that is being captured from the board. We are planning to clear the board every week and capture the data that we can get and then make some improvements. Cause that's the end game really, is to make some genuine improvements into the way that we work. This will mean that the "done" column will also be cleared down and the board will look fresh for the new week coming.
I'm still undecided whether or not there is enough data there to be useful to us, and what we're marking down is going to tell us anything. But what we record will possible change by having a look at what is useful to us with the data that we currently have.
Anyway, I might post something in a month or two about this to see if the same holds true, if we've made any improvements or just clean scrapped the board for something else.
Monday, May 21, 2012
Sonar analysis and mysql max_allowed_packet size
Recently I had the problem where sonar was failing my CI plans with the following error:
"Packet for query is too large (1363557 > 1048576). You can change this value on the server by setting the max_allowed_packet' variable."
I wasn't sure whether this was the sonar server i.e. the web frontend or the mysql server that I was using for the backend database, however off to google and a couple of checks later outlines it being a mysql server with the best example being:
http://dev.mysql.com/doc/refman//5.5/en/set-statement.html
It's also worth checking first if this variable is actually able to be changed at runtime:
http://dev.mysql.com/doc/refman/5.5/en/server-system-variables.html#sysvar_max_allowed_packet
So from the above two links I was able then to go off to the mysql server and set the value:
First of all check that the current value is what is expected:
mysql> show variables like "max_allowed%";
| Variable_name | Value |
| max_allowed_packet | 1048576 |
1 row in set (0.00 sec)
Good, our variable is as expected from the error we received in the first place. Now from the first link above set the value to 16M:
mysql> SET GLOBAL max_allowed_packet=16*1024*1024;
Query OK, 0 rows affected (0.00 sec)
and verify:
mysql> show variables like "max_allowed%";
| Variable_name | Value |
| max_allowed_packet | 1048576 |
1 row in set (0.00 sec)
Eh, hold on - that's not right, seems like the multiplier isn't working, so off to the calculator to work it out ourselves and try again:
mysql> SET GLOBAL max_allowed_packet=16777216;
Query OK, 0 rows affected (0.00 sec)
mysql> show variables like "max_allowed%";
| Variable_name | Value |
| max_allowed_packet | 16777216 |
1 row in set (0.00 sec)
Nice!
Since we changed this just in memory we need go to our my.cnf file to make sure the change is persisted at server restart:
my.cnf
[mysqld]
max_allowed_packet=16M
You should now not get the error on the sonar upload.
Monday, April 30, 2012
From Django to Rails
Recently I've done some Django development for the company I work for. It was my first real delve into web design and daunting as that was to me, I was pleasantly surprised by the ease of use. Coming from an enterprise background I always thought of developing web applications as a lengthy process with lots of planning and forethought.
In previous jobs the database migration for an application has been involving at least four people and tens of scripts in order to run the changes in. I'm not saying that this is a bad thing at all, depending on your stack but surely there is a slicker way of doing things.
Enter Django, and it's models as descriptor files within the application source itself. Oh I'm sure this is the same in other older frameworks but it's my first experience of this. Being a grumpy, not so old (yet) man I just want to see things working when starting out with something new, and the Django docs are quite nice, with a four part series of getting up and going with your first Django app.
A couple of weeks later (cut me some slack - it was my first web app) I was running away with the little app in my environment and starting to integrate different scripts and systems with it. I was quite pleased with myself and believe it or not some other developers are starting to take the code and do some work with it.
Last weekend I wanted to pilot a little project to look after a client database, holding details of different services that they had received. Having used Django before my knee-jerk reaction is to jump straight into it and get the models written and get up and running. But I held fast and checked out Ruby on Rails.
I had been hearing a lot of chat about this framework from other guys at work who had just started a project with it and I was really keen to check it out. Again wanting to get something up and running really quickly I started with the first guide on the website. I was very surprised at the low entry cost of getting something up and running. I went from nothing to setting up my environment to running a web app entering data and changing the color of the background of my page in a couple of hours. I have to say I was very very impressed.
That was only getting up and going from nothing to actually being able to play around in my development environment, taking it one step further I decided to supplement what I'd done with another guide which in my opinion is much more complete coming from an engineering perspective. It runs through getting set up with source control and getting your app deployed into a running production environment as soon as possible.
In particular the Heroku setup was exceptional, as a engineer who is trying to streamline the release and deployment process as part of his day job this process is something to aspire to. With a couple of commands the code is under source control, deployed to a running server and you're able to view the logs, all from your command line.
The problem is now is that I really want to go back and re-write my Django app in Rails :(
In previous jobs the database migration for an application has been involving at least four people and tens of scripts in order to run the changes in. I'm not saying that this is a bad thing at all, depending on your stack but surely there is a slicker way of doing things.
Enter Django, and it's models as descriptor files within the application source itself. Oh I'm sure this is the same in other older frameworks but it's my first experience of this. Being a grumpy, not so old (yet) man I just want to see things working when starting out with something new, and the Django docs are quite nice, with a four part series of getting up and going with your first Django app.
A couple of weeks later (cut me some slack - it was my first web app) I was running away with the little app in my environment and starting to integrate different scripts and systems with it. I was quite pleased with myself and believe it or not some other developers are starting to take the code and do some work with it.
Last weekend I wanted to pilot a little project to look after a client database, holding details of different services that they had received. Having used Django before my knee-jerk reaction is to jump straight into it and get the models written and get up and running. But I held fast and checked out Ruby on Rails.
I had been hearing a lot of chat about this framework from other guys at work who had just started a project with it and I was really keen to check it out. Again wanting to get something up and running really quickly I started with the first guide on the website. I was very surprised at the low entry cost of getting something up and running. I went from nothing to setting up my environment to running a web app entering data and changing the color of the background of my page in a couple of hours. I have to say I was very very impressed.
That was only getting up and going from nothing to actually being able to play around in my development environment, taking it one step further I decided to supplement what I'd done with another guide which in my opinion is much more complete coming from an engineering perspective. It runs through getting set up with source control and getting your app deployed into a running production environment as soon as possible.
In particular the Heroku setup was exceptional, as a engineer who is trying to streamline the release and deployment process as part of his day job this process is something to aspire to. With a couple of commands the code is under source control, deployed to a running server and you're able to view the logs, all from your command line.
The problem is now is that I really want to go back and re-write my Django app in Rails :(
Wednesday, April 11, 2012
Well not so much code stories
hmm, code fabulae, or code stories? Well not so much I guess - this will be just random blurb from whatever mood I'm in at the time. Why Latin? Well it makes me look intelligent doesn't it??? I even went to the trouble of looking up the plural of it.
Today's post, well it's my first blog post so it's just a place holder for me to see what it all looks like and have a play around, but I have been meaning to do a blog for a while now and I would encourage everyone to have a go I suppose. If only for myself to go over and see some of the trails and tribulations that I will undoubtedly have with my job.
Today's post, well it's my first blog post so it's just a place holder for me to see what it all looks like and have a play around, but I have been meaning to do a blog for a while now and I would encourage everyone to have a go I suppose. If only for myself to go over and see some of the trails and tribulations that I will undoubtedly have with my job.
Subscribe to:
Posts (Atom)