Sunday, June 28, 2015

Metaphors

I watched "Ex Machina" this weekend and I enjoyed the metaphorical construction of the film.
There development is cleverly constructed and there are subtle references to many myths and other SF works. The scenery is breathtaking also.

http://www.vanityfair.com/hollywood/2015/04/ex-machina-location
Also the easter egg in the movie is nice: http://moviecode.tumblr.com/post/119171520870/in-the-movie-ex-machina-which-is-really-great


Kiwi Cider



To all my friends in NZ! Cheer mates!

Thursday, June 18, 2015

Sysadmin work

In the last weeks I have been tinkering around with some sysadmin tools. I had to build a highly available L7 router/load balancer.
I haven't touched the sysadmin hat for more than three year now so I had to sync with the latest technologies. Here are my findings and musings:

1. Operating systems: I had to choose between various Linux distributions. In the end I went with Centos 7. It was close to choose Ubuntu 14.04 but in the end I leaned to Centos due to systemd. I had to get rid of firewalld and use plain old netfilter for my purpose. The drawbacks in Centos are that it not always have the latest packages in epel and that the interface names are somehow unpredictable hence making it difficult to configure them from kickstart.

2.  L7 load balancer: I had to choose between NginX and HAProxy. NginX is extremely powerful but I had no previous experience with it I opted for HAProxy. This was also in part due to the fact that it also has TCP mode. However I am still in doubt if I will keep HAProxy because I had also to install some other webserver (lighttpd) along with it. It might have been simpler for me to have just NginX....

3. Some keepalive/watchdog solution. Here I did little research. I wanted a low level solution so I had to choose between vrrpd and keepalived. I went with keepalived and it was fairly easy to use it.

4. IPS - I had to test various solutions but I settled with Snort + fail2ban.

5. DevOps: I had no prior experience with DevOps tools so I have studied lots of them. I read about Chef, Puppet, Salt, Ansible and CFEngine. I ruled out Chef and Puppet as they were too heavy for my setup. CFengine was ok but I did not wanted a server for it. Salt was speedy indeed but I was afraid that its 0MQ transport will not be always carried by proxies. The final solution was in this case Ansible as it works masterless and is based on SSH - making it virtually ubiquous.

After putting everything together I had a nice working system that I stressed a bit and it performed more than fair. It was for me a nice experience - I have especially enjoyed working with Ansible - a very clean and lean solution.