freistilbox Blog

Newer articles « Page 12 of 17 » Older articles

freistilbox comes to DrupalCamp North East

In terms of Drupal events, there is no summer break; the best example being the DrupalCamping going on in Wolfsburg at the moment. I’m so sad that my schedule doesn’t allow me be there and camp with my German Drupal friends!

Fortunately, I get to attend DrupalCamp North East in Sunderland next weekend. I’m very much looking forward to fly over to the UK again for the third time this year because I enjoy the Drupal community there as much as the ones in Germany and Ireland.

Since community is one of our core values at freistil IT, we try to participate at these events as actively as possible. I’m proud to announce that my session proposal about “ DevOps with Drupal” has been accepted and I’ll do my very best to explain how embedding development in operations and vice versa can improve working with Drupal in a great way.

If you’re also going to be at DrupalCamp NE next weekend, give me a shout via Twitter! I’ll happily arrange sharing a few drinks and great news about our new Partner Programme!

Why you need an ops team and how you can get it for free

If you’re the type of customer we love the most, you’re a Drupal or WordPress shop that builds amazing websites. This requires great developers and these developers tend to know a thing or two about web infrastructure. So, why not have them also run the hosting of the websites they know best?

Let me tell you why not. Why I think that that’s a really bad idea that can quickly lead you to lose track of your main business goal, which is — remember — building amazing websites.

The world of web operations

Running a website that serves a lot of users is far from trivial. There are a lot of IT topics that need to be covered in order to build and operate an application that…

  • …reliably and quickly delivers the information the user needs (= performance),
  • …can cope with a steadily (or even exponentially!) growing user base (= scalability),
  • …and is robust enough that smaller incidents (e.g. disk failure, network partitions) will not cause it to be inaccessible (= availability).

I found a detailed overview of all the important issues that an operations engineer needs to address in Mathias Meyer’s blog post [Web Operations 101 For Developers](http://www.paperplanes.de/2011/7/25/web_operations_101_for_developers.html). It’s a long post and I highly recommend reading it in full (after you’ve finished this article).

Managing infrastructure

Every business relies on some kind of infrastructure. If you were a transport business, you’d rely on infrastructure like highways, gas stations and warehouses. Your business is based on web applications, so you rely on IT infrastructure like networks and server racks, operating systems and software applications.

Getting some kind of hosting infrastructure is easy. It’s just a few clicks over at Amazon Web Services or DigitalOcean. But in his article, Mathias points out the catch:

Every little piece of it can break at any time, can stall at any time. The more pieces you have in your application puzzle, the more breaking points you have. And everything that can break, will break.

Someone needs to manages this IT infrastructure. This could be you or someone from your team, it could also be someone you specifically hire for that task. And keeping stuff running requires know-how and experience:

You don’t need to know everything about every piece of hardware out there, but you should be able to investigate strengths and weaknesses, when an SSD is an appropriate tool to use, and when SAS drives will kick butt. Learn to distinguish the different levels of RAID, why having an additional file system buffer on top of a RAID that doesn’t have a backup battery for its own internal write buffer is a bad idea. That’s a pretty good start, and will make decisions much easier.

I’d say that’s quite a laundry list of insight that doesn’t come by just reading some manuals. And that’s only the hardware aspect – Mathias also details a separate list for the operating system level.

Is this how you want to spend valuable engineering time?

Managing incidents

There will come the time when stuff hits the fan.

You should be willing to dig into whatever data you have posthumous to find whatever went wrong, whatever caused a strange latency spike in database queries, or caused an unusually high amount of errors in your application.

Troubleshooting and incident response are a special area of expertise that requires both deep knowledge and experience to find and eliminate the problem’s root causes.

Is this how you want to spend valuable engineering time?

Managing automation

Deploying your application to a single server is easy and it’s actually not that much more demanding to use version control software like Git or even a Continuous Integration tool like Capistrano. But how about deploying a new app version to 5 or 15 servers? What if that new version alters the database schema making it incompatible with older versions, so all servers need to updated at the same time instead of sequentially?

As Mathias points out in his post, you need automation:

”There’s an abundance of tools available to automate infrastructure, hand-written script are only the simplest part of it. Once you go beyond managing just one or two servers, tools like Chef, Puppet and MCollective come in very handy to automate everything from setting up bare servers to pushing out configuration changes from a single point, to deploying code.”

But before you will be able to benefit from the high efficiency these tools offer, you need to learn how they work and how you describe to them the infrastructure you want them to build.

Is this how you want to spend valuable engineering time?

Managing growth

Over its lifetime, your web application will probably become more complex and with it the IT infrastructure required to support it. You’ll add a caching service here, a key-value database there – want a PHP extension with that? All these add-ons need to be installed, configured and fine-tuned.

Whenever you add a new component, a new feature to an application, you add a new point of failure.

Complex systems tend to break in very interesting ways, so troubleshooting will also become more difficult as your application grows.

Is this how you want to spend valuable engineering time?

Managing health

Only by monitoring the current status of your hosting components and recording metrics about their performance over time, you can make decisions when things start to behave strangely, or — better yet — before they do so.

I can’t say it enough how important having a proper monitoring and metrics gathering system in place is. It should be by your side from day one of any testing deployment.

So you’ll soon decide to get some monitoring software and a metrics collection service in place. But that’s just the start:

You’ll never get alerting and thresholds right the first time, you’ll adapt over time, identifying false negatives and false positives, but if you don’t have a system in place at all, you’ll never know what hit your application or your servers.

Is this how you want to spend valuable engineering time?

Managing logs

Probably every service in your hosting infrastructure writes some kind of log where it saves details about the things it does and events that happen. That’s very useful:

In case of an emergency, a good set of log files will mean the world to you. This doesn’t just include the standard set of log files available on a Unix system. It includes your application and all services involved too.

But each service will log its own kind of details in its individual format, sometimes as a text file, sometimes in a database. It takes a lot of time to learn how to find and understand the relevant stories buried in thousands of lines of text scattered over different sources.

Is this how you want to spend valuable engineering time?

Managing failure

Failure will happen. All the time.

The bottom line of everything is, stuff breaks, everything breaks at different scale. Embrace breakage and failure, it will help you learn and improve your knowledge and skill set over time.

In our experience, failures will almost every time lead to better insight, improved skills and a more robust hosting infrastructure. But:

Is this how you want to spend valuable engineering time?

Stay on course

The answer is No. No, you most certainly don’t want to spend valuable engineering time on doing all these daily IT operations tasks. They tend to get more and more expensive over time, and, more importantly, they distract you from your core business.

Behind freistilbox, there’s a team of IT experts that know how to manage a growing business-critical infrastructure. We take care of all daily (and nightly) operations tasks, handle incidents and make sure that your website runs with optimal performance.

By fully managing your hosting platform, we enable you to keep a laser-like focus on your mission: building amazing websites.

That’s how you should spend every second of valuable engineering time.

How you can do DevOps without an ops team

Better yet, we’re available to you like an in-house ops team, via phone, email and chat; with our Premium Support, you can even reach us 24/7.

  • Got a question about HTTP caching headers? We’ll explain them to you over the phone.
  • You need help in optimising a database query? Send us a support request and we’ll work out a solution.
  • You’d like us to keep an eye on our servers while you launch your new website? We’ll set up a chat room where you get instant answers and live updates how your hosting platform is keeping up.

This is much more than just technical support, it’s decades of IT know-how at your fingertips during the whole life cycle of your web application. And it’s included for free in all our hosting packages.

freistilbox is not only high-performance web hosting, it’s DevOps done right.

Changelog: Fully writeable shell user homes

The “Changelog” is a new category in our blog where we publish important changes to freistilbox infrastructure and functionality.

Each freistilbox cluster comes with its own “shell node” that customers access via SSH to run maintenance tasks like mysqldump or drush. In order to make it easy to access the right website instance, each one has its own user account.

So far, the interactive use of these user accounts was severely limited by tight write restrictions on the user home directory.

In a change we’ve rolled out this week, we’ve replaced the old instance directories with homes to which the shell user has full write access. This solves the problems that many customers experienced when they tried to store configuration files or to create arbitrary files and subdirectories.

Together with all the symlinks to important website directories, the work subdirectory that we used to create as a workaround for the previous write restrictions has been automatically moved to the new shell user home directory. Apart from the full write permissons, everything should look and function exactly as it used to.

Enjoy!

Incident review: Outage vm3

On Thursday, 15 May, one of our VM hosts named vm3 did not return back to operation after a standard maintenance procedure, resulting in an outage of more than 14 hours. While we were able to restore all affected DrupalCONCEPT POWER servers, we only had backups available that were more than 24 hours old. And in the case of a custom-built managed server, we even lost most of its files completely.

We regard reliability and effective IT processes as essential for our business. An outage of this duration and with these results is not acceptable. We are embarassed and deeply sorry about this incident and I apologize on behalf of freistil IT to all customers that we disappointed.

In this review, I’d like to give you detailed insight into what’s happened and what we’re going to do to prevent incidents like this in the future.

What’s happenend

On Monday, 12 May, the VM host vm3 signaled one of two disks of its RAID–1 array as failed. It kept running on the second disk without any problems. We scheduled a maintenance window to have the failed disk replaced for Thursday, 15 May at 19:00 UTC, and announced the scheduled maintenance on the freistilbox Status Page.

Data center staff shut down the server at 18:55 UTC (a few minutes early) and replaced the broken disk. After restarting the server, we found that the server would not boot into a working system again. It turned out that there was no bootable operating system available on the remaining disk any more, which suggested that this disk had failed, too. When we realised that there was nothing we could do about the second failed disk, we decided to go the only viable, albeit laborious, way of rebuilding the server from scratch. After getting the second disk replaced, we started reinstalling the server OS, then the host environment and finally, the guest servers.

When we started the restore process, we realised that already the first phase, building a directory tree of the data to restore, would take several hours. We hoped that it would finish over night, but after 7 hours on Friday morning, the backup database was still working on collecting data for the restore directory tree. Fortunately, we found out by experimenting that by aborting the slow query on the database server, we could force the backup system to fall back to doing a full restore of all files in the backup set.

After the restore jobs were finished on all affected servers, we started reimporting the database dumps that were included in the backups. That’s when we found that we had timed the creation of these dumps badly: The job for doing daily database dumps actually ran later than the file backup that was supposed to pick them up. Restoring data from the Wednesday night backup meant that we had lost almost a whole day of data but the backup then only contained database backups from Tuesday night.

And as if this wasn’t bad enough news for our customers already, it turned out that one of the affected servers didn’t have any of its websites backed up at all. The respective server is a custom-built managed server. While with DrupalCONCEPT and freistilbox servers, everything (including the backup) is configured automatically, this server would have needed a manual backup configuration and we obviously had forgotten this part during setup.

Some customers had newer backups available that we were able to copy back to their server but in the end, most of them still suffered a catastrophic loss of data.

On Friday at about 11:30 UTC, all servers were online again. We then spent the rest of the day with assisting our affected customers to solve some minor remaining issues.

What we are going to do about it

In a post mortem meeting on Monday, 19 May, we discussed the incident and decided on remediation measures to prevent it from repeating.

The root cause of the incident, the loss of both disks of a RAID–1 array, is a rare event but we need to be prepared for it to occur. We especially need to minimise the amount of data lost due to such a failure.

While the affected customers had consciously chosen a one-server setup that has many single points of failure (SPOF), neither they nor we had expected that an outage would take this long and would result in such catastrophic data loss. We need to make sure that all our backups have complete coverage and that they can be restored within a reasonable amount of time (a few hours max).

As a result of our post mortem, we decided on the following remedial measures:

  • We checked to make sure that all customer data, especially on custom-built servers, will be fully backed up from now on.
  • We rescheduled our file backup in order to include the latest database dumps.
  • Planned maintenance must be done right after a backup run. We will either schedule it after the regular daily backup job or we’ll trigger an extra backup in advance of the maintenance.
  • We’ll schedule regular disaster recovery exercises where we take production backups and restore them to a spare server.
  • We’ll research how we can speed up the restore process. This could mean improvements to specific components or even switching to a different backup system altogether.
  • If customers need shorter backup periods than 24 hours, we’ll support them in setting up custom backup jobs directly from their content management system.

In conclusion, I’d like to state that this incident showed an embarassing lack of preparation on our side for the failure of a whole disk array. I apologize to all affected customers that we were not able to restore normal operation more quickly and to the full extent. I assure you that we are working hard to prevent an incident like this from ever happening again.

Newer articles « Page 12 of 17 » Older articles