Make sure your shit works

DevOps Malaysia Meetup #3

18 September 2018

Kai Hendry

Who am I?

1. Running Linux since 2000
2. Devops specialist
3. AWS Hero
4. Created my own Linux distro Webconverger
5. Golang and serverless fan boy
6. Interesting in networking (Mikrotik stuff)

#alwayslearning

Share some best practices (overview)
Some tools I like
Solicit feedback
Subscribe to my Youtube channel
I use Archlinux btw

Unee-T

Bugzilla with a Meteor frontend
89LOC docker-compose.yml

version: '2'
services:
    bugzilla:
      image: uneet/bugzilla-customisation
      restart: on-failure
      ports:
        - 8081:80
      environment: # Setup by local .env file
            SES_SMTP_USERNAME: ${SES_SMTP_USERNAME}
            SES_SMTP_PASSWORD: ${SES_SMTP_PASSWORD}
            SES_VERIFIED_SENDER: ${SES_VERIFIED_SENDER}
            MYSQL_HOST: ${MYSQL_HOST}
            MYSQL_PORT: ${MYSQL_PORT}
            MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
            MYSQL_DATABASE: ${MYSQL_DATABASE}
            MYSQL_USER: ${MYSQL_USER}
            MYSQL_PASSWORD: ${MYSQL_PASSWORD}
            PARAMS_URL: ${PARAMS_URL}
      depends_on:
        - db
      volumes:
            - ./custom:/opt/bugzilla/template/en/custom
            - ./skin:/opt/bugzilla/skins/contrib/skin
            - ./extensions/UneeTBridge:/opt/bugzilla/extensions/UneeTBridge
      networks:
        - network

    apienroll:
      image: uneet/apienroll
      ports:
          - 4000:9000
      environment:
            MYSQL_HOST: ${MYSQL_HOST}
            MYSQL_USER: ${MYSQL_USER}
            MYSQL_PASSWORD: ${MYSQL_PASSWORD}
            API_ACCESS_TOKEN: ${API_ACCESS_TOKEN}
      networks:
            - network

    unit:
      image: uneet/unit
      ports:
          - 4001:9000
      environment:
            MYSQL_HOST: ${MYSQL_HOST}
            MYSQL_USER: ${MYSQL_USER}
            MYSQL_PASSWORD: ${MYSQL_PASSWORD}
            API_ACCESS_TOKEN: ${API_ACCESS_TOKEN}
      networks:
            - network

    invite:
      image: uneet/invite
      network_mode: host
      environment:
            MYSQL_HOST: ${MYSQL_HOST}
            MYSQL_USER: ${MYSQL_USER}
            MYSQL_PASSWORD: ${MYSQL_PASSWORD}
            API_ACCESS_TOKEN: ${API_ACCESS_TOKEN}
            CASE_HOST: http://127.0.0.1:3000

    db:
      image: mariadb
      ports:
        - 3306:3306
      environment:
            MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
            MYSQL_DATABASE: ${MYSQL_DATABASE}
            MYSQL_USER: ${MYSQL_USER}
            MYSQL_PASSWORD: ${MYSQL_PASSWORD}
      volumes:
            - ./mariadb:/var/lib/mysql
            - ./sql:/docker-entrypoint-initdb.d
            - ./sql-conf.d:/etc/mysql/conf.d
      networks:
            - network

    adminer:
     image: adminer
     ports:
        - 8082:8080
     depends_on:
        - db
     networks:
        - network

networks:
    network:
        driver: bridge

Basics

Monitoring your application

Make it possible for your customers to contact you (easily)
Your customer actually decides what is healthy ultimately
Design to do integration tests from the outset (CRUD) - full circle flow
Health check /health_check should test database connectivity
Alerts should describe how to act upon them (rare)
Centralised logging offered by AWS is quite nice
Canary metrics are awesome but THE DEVIL IS IN THE DETAILS

Tools I use and recommend

Grafana

Postman

UI-licious

Prometheus

Alerting

You can alert on 5xx from CloudWatch Metrics
Mobile notifications - if you plan to be awoken by this, you have failed
Slack Monitor your AWS account
Email

CloudWatch

[..., request = HTTP, status_code = 5**, , ,]
saw to tail to logs on your cli
TODO: Search across log groups is still not a solved problem

default Application code handlers

import (
    "fmt"
    "net/http"

    "github.com/apex/log"
)

func showversion(w http.ResponseWriter, r *http.Request) {
    fmt.Fprintf(w, "%v, commit %v, built at %v", version, commit, date)
}

func fail(w http.ResponseWriter, r *http.Request) {
    log.Warn("forcing 5xx")
    http.Error(w, "5xx", http.StatusInternalServerError)
}

func (h handler) ping(w http.ResponseWriter, r *http.Request) {
    err := h.db.Ping()
    if err != nil {
        log.WithError(err).Error("failed to ping database")
        http.Error(w, err.Error(), http.StatusInternalServerError)
    }
    fmt.Fprintf(w, "OK")
}

Golang CI/CD is quite awesome

Strongly typed FTW
go test
Travis
Watch out for perm issues though, workaround is to do a lot of mocking

Try do exercises if you work with other people

Make sure your health checks actually work, e.g. 1.2.3.4 timeouts are really hard
Trip up something and see if your colleague can figure it out
Always try and make sure you can roll back yourself

DevOps is actually quite complicated

Be super organised and detail orientated
People don't notice when you are doing a good job
Lots of communication required to keep signal
Write and digest health checks
Palm off tasks to third parties if you can
Gets easier with experience

Your job as always is to reduce complexity

Thank you

18 September 2018

Tags: Apex, Postman, Prometheus, AWS

Kai Hendry

hendry@iki.fi

https://unee-t.com/

@kaihendry