1. chmod 777
2. chmod 4755 $file
3. setenforce 0
4. echo ” |passwd –stdin root
5. service iptables stop
6. echo ‘reboot’ > /etc/cron.daily/fix-hanging-db.sh
7. curl http://randomwebsite/foo.sh | bash

The last one bugs the crap out of me when good software developers assume this is a valid way to install software (outside of your personal machine).

Recent versions of puppet do not add subjectAltNames to the server certificate when it’s generated by the puppetmaster process.  This means that if you do not use the same name as your masters hostname to connect to puppet you will get a lovely cert mismatch.  I posted a question on serverfault about this (here).  It looks like the common practice for EC2 in particular is to use a uuid as the certname for each puppet client.  This avoids name collisions and problems with hostnames changing everytime the instance is rebooted.  It’s a little harder to keep track of since they aren’t very easy to remember, so caveat emptor.

First get puppet installed.  I tend to use gems (even though I despise them) since they update much faster upstream than anything else.  Do NOT run puppet or start the puppetmaster.

Generate a uuid or pick some string/name/moniker that’s going to be uniq and consistent.  (uuidgen to get a uuid)

Setup a basic puppet.conf, rpm installs will do this for you, gem installs you are on your own.

[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
vardir = /var/lib/puppet
ssldir = $vardir/ssl
pluginsync = true
server = puppet
environment = production
certname = ENTER_UUID_HERE
dns_alt_names = puppet
report = true

You can also manually generate the cert with the following.
puppet cert generate --dns_alt_names puppet ENTER_UUID_HERE
Your master cert will have the subjectAltNames field now, This is all addressed in http://projects.puppetlabs.com/issues/10739 and should be fixed in the next puppet release.

The concept of using the uuid for ec2 type instances is sound and will prevent ssl headaches in the future.

Names also provide a very important psychological edge for our poor meat brains.  Names allow us to recall information in a similar way that a key allows you to recall information from a database.  A message from  your alert system saying ‘Alert gandalf.example.com is DOWN!’ would (in theory) trigger something in your memory.  Gandalf is a wizard, that’s the master DNS server!  This key isn’t as good as a more meaningful name but it’s a key none the less.  I prefer names which are functional and overload information into the rest of the domain.  proxy01.atl.example.com tells me very quickly this is a proxy server, it’s one of a multinode cluster, likely load balanced, and is located in Atlanta.  All of this allows me to asses the situation at hand faster.  All of the pertinent details should be written down in a wiki, or some other document source, but the naming gives me a fast way to access that without having to go look it up.  172.14.2.1 is DOWN only tells me something is broken, not how important, how impacting or anything about it.  Maybe that’s a dev box or 1 node in a 40 node cluster, but I don’t know that (unless I just memorize it which stresses the meat brain) until I look it up.

Consistency is the key, I don’t in general like ‘clever’ names not because they are unprofessional or silly, but because they only mean something to the person who came up with it.  I know why I named the database ‘pearl’ (bonus points to anyone that guesses), but my other team members might not and likely that someone coming behind me wouldn’t either.  I’m a huge fan of code names and clever names for software / service names / etc just not machine names.  Here are some of the conventions I use.

Multinode clusters are numbered 2 digit starting at 01.

10 servers in a web cluster, web01 – web10.  Using 2 digit precision gives you 99 machines before you end up changing field sizes.

Short hostnames are the most common functional purpose.

Sometimes it’s ok to call it a server and put more information into the sub domain.  ’Web’ in general sucks, it’s too generic and means very little, what does it ‘do’.

If you think they’ll be more than one, name it 01.

Don’t use a sequential numbering system for unrelated things.

If you have two webservers that serve different content/services/etc don’t name them web01 / web02.  This creates a logical grouping of those two machines which are not actually tied together from a service standpoint.  I’ve heard of shared filesystems being named fs01, fs02, fs03, fs04, etc.  They aren’t related other than that they are all shared filesystems, why are you grouping them into something that looks like a cluster.  People assume that 1 is related to 2 to 3 to 4.  Put some thought into it and give it a name based on what it does or what’s important about it.

Use A / B notation for duality relationships.

I name my netapp filers: filer01a / filer01b.  They are both addressable services but provide failover for each other.  There will never be a ‘c’ since netapp doesn’t support wheel based failover.  They are a matched set, so they are named as such.  A vs B gives less cardinality than 1 vs 2 and that’s a good thing.

Use subdomains in a consistent manner to produce a lightweight hierarchy of information.

proxy01.www.internal.nyc.example.com lets me denote physical location, security context (internal), content type (www), and functional purpose (proxy) all in one name.  Granted this assumes a high degree of machine / service separation and may not work for everything, but you can use that name to store quickly accessible information.

Order is important, remember that.

In english we read left to right.  Information is ordered in that direction as well.  Put the thing you care about most (or quickest) to the left and less immediate information flows to the right).  database01.hr.alt  tells me it’s a database (important!), it’s part of a cluster (less important than being a db but still relevant), HR database (eeek will I get paid?!), and finally location which may not matter (alt is a backup site, I can deal with that later).  Order frames your response into the correct context.  database.atl.hr.clusternode1 tells me this machine is a database (important), in Atlanta (wait that’s the dr site I might not care right away), it’s HR (wait we don’t have a primary b/c it died last week), and that it’s a clusternode.  Is this better or worse?  Depends on the context, order is important.

The crux of the whole point is that names are useful things, humans name things not because they want to be clever but because it’s an effective way to partition information about something without having to memorize it all.  It comes down to the difference between knowing something and memorizing it.  You design a convention and stick to that convention until it doesn’t work, then you redefine that convention.  The convention saves you time but only if everyone ‘gets’ the convention or it can be easily explained.  If your convention is a complicated scheme involving lollipop guild chairmen’s you are requiring the audience to have immediate intrinsic knowledge of Mid 1930′s Judy Garland films, which is the same as asking them to look it up.

Ruby development in general is moving very fast, most developers are working on 1.9 and likely 1.9.3.  Trying to stay on 1.8 means you may be stuck with libraries/gems/tools that don’t work as well as their 1.9 counterparts.  In addition you have to put up with constant complaints from the development side about why they have to run unfrozen caveman ruby and why can’t they use the latest tool/gem/whizzbang they want.  So now you roll up your sleeves and decide to upgrade your system ruby.  The ‘recommended’ method for updating ruby is installing from source.  I love installing from source, I also love mowing my grass.  They are both mindless pursuits that I start and autonomously go through until I complete them.  There’s no shame in compiling and I don’t shy away from it, but it has its place.  That place is not on a production server.  It doesn’t scale, it introduces error and inconsistencies and isn’t reproducible.  I don’t want any of my production servers to even have a compiler on them if I can help it.  The next best alternative is rvm.  I love the concept of rvm (though not necessarily the implementation, I prefer rbenv there).  But if you tell me to use rvm on my production servers I’m going to laugh at you and ask you to come back when you have your big boy developer pants on.  Now I’m not only building ruby on every machine I have, I’m doing fancy shell tricks to determine my execution environment.  I’m also at the mercy of random files littered in directories for what libraries I can see, what binaries I’m going to use, etc.  How is this anything but a recipe for a long night with cold pizza and a bottle of scotch that ends with updating my resume?  RVM works great when it’s your environment on your laptop, but in my infrastructure it’s just not a viable solution.

What about packages you say.  Excellent question.  I’m a fan of packages, rpm in specific, but I have no objections to debs either (solaris sit down over there, you don’t have packages, you have tarballs there’s a difference).  I’m comfortable building packages, I’ll bust out a specfile to deploy 5 or so bash scripts cause it’s the right thing to do.  If your OS uses packages us it, as much as you can.  Not using your native package management system is like jumping out the second story window because you didn’t want to dent the carpet on the stairs.  Ruby packaging is ugly at least from the rpm side.  The 1.8 specfile won’t cleanly rebuild 1.9 and when you do get it to work, there are all sort of library issues abi compatibility problems and a host of other things.  Not all of this is ruby’s fault.  A fair amount of it lies with people distributing rpms of other things that use ruby but not following the correct dependency management techniques.  At the end of the day that doesn’t matter, building upgraded packages for ruby is non-trivial task.  It’s also a rabbit hole.  Rebuild ruby, well there’s 6 packages there (though in a single spec) as someone decided it was awesome to break each binary out into its own package.  Now rebuild rubygems.  Using anything OS level that depends on ruby, chances are good that spec writer locked the version to 1.8 so now you’re rebuilding that as well.  Don’t forget the random ruby C library extensions as well (ruby-mysql, ruby-shadow, etc).  At a certain point you wonder if it wouldn’t be easier to just maintain your own custom distro or pull your eyelids off with plyers.

Here’s where the real evilness starts to creep in.  You’ve now spent hours, days, weeks trying to work through technical debt and build a standard and repeatable environment to support development and are ready to pull your hair out.  The thought starts to creep in ‘Maybe it would be easier to run rvm, or build it on each box, how much extra work could it be’.  People don’t build crappy infrastructures intentionally, they make one small compromise after another until they are neck-deep in debt they have no idea how to pay off.

At this point the python folks are grinning from ear to ear (eggs and pip and the trouble they represent are another topic for discussion) because they’ve kinda moved past this.  For one python development benefits from not being as ‘trendy’ as ruby/rails and the like.  They also benefit from the fact that redhat engineering, as well as ubuntu engineering are pretty heavy python shops.  They have a vested interest to make sure that python doesn’t suck at the OS level.

So where does that leave us?

1. Build from source / use rvm (there’s no difference between the two other than shell magic) YUCK!
2. Package everything into rpms/debs (a ton of extra work, weird corner case breakage)
3. Something else

Here’s my idea on something else, until the state of distro support of ruby is saner.

• package ruby into its own location (/opt/ruby/$version or something that makes you happy)
• use bundle pack and bundle install –deployment

Repackaging a language it’s own prefix is not my favorite plan but till I can sanely update ruby OS wide it’ll have to do.  You still are going to need to do PATH tricks or edit the shebangs on every script in order for things to work right, but this way we’re not installing ruby 17 times b/c we run 17 apps on a single machine.  I do not install gems here, with 1 exception.  I install bundler.  If you’re working with ruby or supporting ruby and you are not using bundler then you need to be shot (here yeller, here boy… that’s a good dog).

Once you start using bundler, use bundle pack.  This tells bundler to install gem dependencies in the vendor/cache directory of your application.  You should then put Gemfile.lock under revision control (or include it in your deployment packaging).  This will enable you to run bundle install –deployment on your production environment.  The –deployment flag tells bundler to avoid running gem install and use the vendor/cache directory.  This keeps all of your application gems ‘inside’ your application.  Which means you avoid messes with wrongly ‘activated’ gems, accidental version upgrades etc.  You do need to remember to run any commands under bundle exec (like bundle exec rake db:migrate) else you’ll start running into subtle errors, but the trade-off in sanity is worth it.

Hopefully as ruby adoption continues this state of affairs will get better.  Better OS packages are a start.  Standards around deployment like bundler are a must.  I’d really like to see a gem->rpm/deb integration rather than continued fractured directions but I’m not sure that’s much on anyone else’s radar.  It all (almost) makes me pine for the days of installing everything with CPAN.

First plugin I use is pathogen, it’s a must and the only plugin that actually resides in the normal places in vim’s rc directory. Pathogen allows you to define a bundle directory (~/.vim/bundles by default) and will load plugins in whole from that tree. That allows each plugin to have it’s own tree and you don’t get file collisions etc. It also makes it super easy to enable or disable a plugin.

I won’t go into super detail on all the vim’ness that I’ve setup most of it is from this great article. I’m not a pure developer so some of the things I don’t use but the plugins he recommends are spot on.

One of the core tenets in puppet is to not duplicate work, it even gets enforced to a certain degree with not being able to duplicate resources. When you combine this the the recommended module structure and correct use of the autoloader and you will find yourself creating a lot of manifest files. There are two things I use that help with this. One is a template plugin, the other is snipmate. The template plugin comes into play whenever I create a new file, I have a skeleton directory that contains stub for different filetypes. When I edit a new file it reads in that template, interpolates a few tokens and inserts it into my new file buffer. I always work on modules from the top of the module (makes moving easier and helps with the git side of things I think). So in my ssh module when I do:

$ vi manifests/server.pp

I get a file that looks like:

This file didn't exist prior to editing.

If you notice the header comment is mostly filled out, the class declaration is already set and a few other things. How does this work? Well the skeleton file has tokens in it that I have defined (called tags, which is a bit of an overload of the term). That tag can be a simple string or you can use vi’s scripting language to a certain extent to figure things out. In the case of the class declaration I know that I almost always work in the top dir of a module so I know what module I’m in from that. Then the autloader in puppet has very specific rules how how filenames translate to classes so I take advantage of that with a little substitute. The template plugin I use is eteSkeleton, I liked how relatively simple it was, however I did have to fork it and fix a few things with it. The original source is here, my fork is here and my specific tags file is here to see how I did the class logic.

I also use snipmate to create definitions, language constructs etc within manifests. Snipmate lets you type if and get a completed if statement that you can tab through the various elements of. Those familiar with TextMate will recognize it instantly. My snippets file for puppet is here, it was originally done by R.I. Pienaar but I modified it to match my personal syntax style etc.

Syntax highlighting is pretty simple, there’s a puppet.vim that’s included in the puppet source tree, it defines the groups and objects and how to highlight them, then you can control the colors through vim’s colorschemes. I don’t change my colors from the default, I just tweak my terminal settings to brighten up some of the colors (dark blue on black specifically).

ftdetect/puppet.vim handles file detection of manifest files, there’s a lot of things that are keyed off of set filetype=puppet, this just matches *.pp. There’s not really a case where I’m editing a manifest and it’s not a .pp so we don’t have to read lines or anything to determine filetype, if we did that would go here. ftplugin/puppet.vim contains any filetype specific settings I want for puppet.

kp=pi looks a little cryptic. kp is shorthand for kewordprg (or keyword program). This defines the program that vim will run when you press ‘K’ (note the capital) in normal mode. In stock vim if you try this on a word it will run man (cword is vim-speak for word under cursor). pi is actually shipped as part of puppet (at least it’s in the gem install) as an analog to ri (ruby documentation). It acts exactly the same as puppet describe. This means that in a manifest I can position the cursor on say an ‘exec’ resource that I’m writing and hit ‘K’ and it’ll shell out and run pi exec (puppet describe exec) and give me all the resource documentation for that version of puppet (assuming I’m on a box that has puppet installed). This is great when I can’t remember the exact attribute on a resource or similar. My only complaint is that pi doesn’t page when it returns a lot of text (see pi file) and it’s annoying to have to page up to start reading (I run 100% of the time in screen and have my pageup key mapped to copymode). But wait I have a solution. Vim always runs &kp so I can’t really set kp to something with a pipe and pager in it. If you try: :set kp="pi | less -F" you will end up running: pi exec |less -F execas kp always appends . So in my .bashrc I define the following:

function pi() {
  command pi "$@" | less -F
}

This defines a local bash function called pi which calls pi with whatever arguments were passed and pipes it to less -F (-F only paging if there’s more than 1 screen of text). The command construct in bash prevents a loop between the function and the actual command. It also allows the path to be used rather than hardcoding /usr/bin/pi which would have the same net effect. It’s a tad more portable. Now in vim when I cursor over a resource and hit ‘K’ I get nice puppet documentation without having to switch windows or anything. Be aware that since it’s a locally defined function you have to set set shellcmdflag=-ic in your .vimrc else when vim shells out the function won’t be defined. I could also make a shell command in my path somewhere and use that as that adding the ‘i’ flag to the shell causes it to bg vim in certain circumstances as it’s an interactive shell now.

The surround plugin is great for throwing quotes or curlys around things, since puppet uses two different syntaxes for variables when they are quoted vs bare, I use that alot to wrap a variable in curlys. The normal mapping (see surround’s documentation) to do that is: ysiw}. Cryptic and hard to remember? Yup. Basically it’s ‘ys’ (you surround); ‘iw’ (inner word, :h text-objects will change your life), ‘}’. The surround plugin uses the left brace to surround with spaces and the right brace to surround without. I map this to } to make it easy.

NERD_Commenter (a very awesome plugin to do filetype/language specific comments) uses a dictionary for filetypes to define additional comment characters.

let g:NERDCustomDelimiters = {
      \ 'puppet': { 'left': '#', 'leftAlt': '/*', 'rightAlt': '*/' }
      \ }

This defines the comment character (and alternate comment character) for puppet filetypes. Using NERD_Commenter you can switch between shell style and c-style comments. Do things like visually select a block and comment it one swoop, and uncomment sections really easily.

Puppet resources use fat comma’s to specify parameters. The style guide (and I tend to agree) states that all co-located fat commas should be aligned based on the longest parameter in the list. Fixing that is tedious and annoying. This is where the ‘Align’ plugin comes in handy. Align can do a million things to reformat text, but simply for this case I only use it for fat commas. I want to select a block of text with visual select mode (greatest thing in vim ever btw).
Then run :Align =>. This will align everything on those delimiters. I have this mapped to = in my .vimrc. I don’t use tabs so there might be additional settings to get it to align with tabs instead of spaces, but I think it honors expandtab and smarttab as needed.

I have ctags and taglist setup to integrate with puppet, but I’m finding myself not really using it much. I tend to think in the autoloaders terms and just open a new window/etc to what I need to look up rather than use vim to jump back and forth. If I could get it setup such that when I cursor over a statement like:
include ssh::serverand hit ] (which causes a taglookup); it would then take me to where class ssh::server was defined I would probably use it more, but since ‘::’ isn’t a part of a word boundary that doesn’t work. I got the ctags configuration from Nasrat and it works great, I just haven’t really figured out how to integrate it into my coding-workflow. If anyone has any more practical enhancements or advice leave them in the comments.

Syntax checking is a must. I’ve written a couple of shell scripts to wrap around puppet --parseonly to check a whole module, do erb checking etc etc. Then I found syntastic. Syntastic is simply put… fan-fucking-tastic. It supports doing syntax checking based on filetype so you can change things per language. Vim has always had the ‘make’ and ‘makeprg’ settings but syntastic wraps that up in a nice package and gives you a way to extend it. It also provides a function you can put in your statusline to alert you when you open (or save) a file that the file has syntax errors (and where they are).

A quick aside about the statusline. I used to hate it, this ugly white line at the bottom that broke up the visual and flow of the text and really didn’t contain anything useful. Then I discovered how to change it and fill it with all sorts of useful information. All of my statusline settings (with the exception of setting laststatus=2 in .vimrc) are found in statusline.vim.

The code found in syntax_checkers/puppet.vim defines the proper makeprg and does the other syntastic setup. The hard part is getting the errorformat set correctly. Vim often times bails back home to it’s ‘C’ roots and this is one of those times. errorformat (:h errorformat for in depth information) is a pattern that will be matched against the output of the makeprg (in this case puppet apply –parseonly … ). The difficulty is it’s not a regular expression, it’s a scanf expression. scanf is an older c routine for matching single or multiline text and it’s a bit cryptic and confusing. Give me a regex anyday, you combine that with how vim needs things escaped and it was a chore. But it’s done now and hopefully I’ve saved you some time. Puppets parse-only option it’s terribly smart. Once it finds a single error it will stop parsing. I talked to Luke about this and it’s a limitation of the DSL in ruby. The parser can’t really continue once it finds and error so it doesn’t have any way to report on all the errors. The net result is that if you sit down and bang out a manifest really fast then syntax check it, you’ll get the first error, fix it, save see the second, etc etc etc. Still nicer than having to quit, run puppet, edit, fix, and repeat. Be aware that forcing a syntax check each time the buffer is opened does slow vim down a bit (well not really vim, it’s just waiting on puppet), so if you notice it and it bothers you (it doesn’t me) look at syntastic documentation on how to disable it and only turn it on when you want it. I’m toying around with seeing if I can get syntastic to check against running puppet in noop mode to catch things like duplicate definitions and other things that parser doesn’t deal with, but there’s a lot to ignore and filter through and noop mode generates a lot of output since it’s not really changing anything. I’m also not sure if it’s all that useful at that phase, I generally do a lot of sandbox and vm testing anyway which I would still have to do. I’m sure if someone wanted to write a specific parser for manifests that was smarter than parseonly but friendlier than noop there would be beer and scotches all around, but I tend to think most of us are more interested in writing actual manifests than something to check manifests.

That’s all of my puppet specific vim setup, my entire vim tree is online at http://github.com/stick/vimfiles and is mostly documented as to what various things do. All the credit for the various plugins goes to their authors, the vim community is really good, just spend a bit getting to know vim before you jump in.

Happy puppeteering!

Anyone have suggestions?

However my RFC was denied not because of any technical reason, not because of any concern over the technology, the implementation, or the timing.  It was denied because I didn’t put the correct information into the details page and because my dates were wrong.  I’m all for doing process right (when it makes sense), but does it make sense to derail a security fix for 4 days because the form was incorrect?  Especially when there exists a forum in which you can be asked to clarify anything regarding your RFC.

Now when security takes a backseat to process, your organization has truly begun the decent to failure.  This may indeed be the straw…

Several of the things I played with were adding a lun to a machine and getting it to show up without rebooting.  Translating docs gleaned from the web to my configuration was a bit tough at the beginning because we have a highly redundant fabric.  That meaning we have 2 HBAs in each host each with 2 fiber paths.  What this means is that when I get luns to show up I see them 4 times for each lun.  Apparently most people that write about their SAN experiences do it with a single path to their storage device through the fabric.   I also went through the rigamarole of removing a lun from a host (again without rebooting).  All in all it was pretty clean, a series of echo’s to the /sys subsystem, not nearly as ugly as adding and removing actual scsi devices.  It was also completely non-disruptive to other luns and overall performance.

There’s been quite a bit of debate among the other SAs at work about how we should handle luns at the host level.  Originally the thought was to add LVM on top of the LUN (which with multipath is kinda a bear) then create the filesystem on top of LVM.  The thought was originally that this would enable us to grow and shrink as needed and give us a similiar flexibility to the NFS volumes we are so used to dealing with.  Turns out shrinking is still iffy.  I’ve tried it twice now and had catestrophic failures both times.  The filer seems to handle it fine, but the host just flat out fails to see it as a valid filesystem once the lun gets smaller.

With multipath configured correctly what we see with an fdisk -l is 5 new ‘disks’.  sdX – sd{X+4} and dm-X.  So depending on how many existing scsi devices (including other luns) we have sde,f,g,h and dm-0 (assuing a, b, c already existing and no other san luns).  What’s a little confusing is that each of these devices is the same disk, you don’t want to use the sdX devices for anything (unless it’s a onetime operation) in case you lose a path.  So you do everything to the dm-X device created by multipath.  The other confusing thing is that while these are ‘disks’ they also are not.  You can create partitions on them but you don’t really need to, so it kinda confuses your brain in what you are used to dealing with.

So the original plan with LVM was to create a partition consisting of the entire disk, add it as a PV, create a volume group, then a LV on the volume group of the whole size.  It struck several of us that this really was overkill.  Where LVM shines is when you have lots of descrete storage objects and you want to group them all together.  Logically this ‘thing’ is a single lun where all the physical abstraction is already done (with about 4 levels of abstraction in the case of NetApp).  The other alternative, which I ended up doing for this particular implementation, was to just create a filesystem right on dm-0.  I didn’t create a partition, didn’t do LVM, just mkfs.ext3 /dev/dm-0.  Worked like a charm, no wasted space, very simple.

There is a gotcha though.  Multipath has the annoying habit of renaming the multi-disk device (dm-X) when the host reboots and it encounters additional luns.  So if you add a lun to a machine that already has one then reboot it’s possible, nigh on likely, that they will swap dm-1 and dm-0 to the opposite of what you expect.  This is pretty annoying from a mounting standpoint.  This is one potential winning point for LVM, since the LVM data is written to the disk itself you can have a consistent name which to use in fstab etc.  But all that overhead just for a consistent name?  Am I really getting anything else out of LVM in this scenerio?

Enter ext2/3 labels.  Most SAs I know don’t like labels because if you do things like label a disk ‘/’ and try to put it in another machine for recover purposes, you probably won’t get the disk you expect (it’ll depend on bus order).  However labels give us a way to consistently name a dm device regardless of what multipath wants to call it.  This also lets me give meaningful symbolic names to SAN disks that may move hosts (oracle volumes is their current use, so there are 2, 1 for primary and 1 for standby).  So I use e2label /dev/dm-0 FOO to label my san disk.  Then in fstab I use LABEL=FOO. An interesting side effect is that df output shows the uuid of the disk rather than it’s multipath name, but other than that it seems to work.

Next I need so spend a bunch of time with a non-critical volume and figure out all the ins and outs of growing and (maybe) shrinking the fileystem.  All of the above work was done on a RHEL5 system (64bit), my feeling is that all bets are off when it comes to RHEL4 and LVM might be a very real hard requirement.  I also wonder if multipath is the right way to go.  Would it be possible to use LVM to create a fault tolerant storage device?

This was my second trip to LISA, I went last year in Dallas.  This year was definatly better.  It being in San Diego meant not only the the weather was fantastic, but there was also lots to do outside of the conference.  I think that particular locale made it easier for people on the west coast to come.  For those that haven’t been, LISA consists on basically 2 ‘tracks’, which you can mix and match.  The technical sessions, which are later in the week and the training sessions, which run the entire week long (up to 2 per day).  This year I took a full week of training.

All in all the training is good.  There’s a bit of a trick to it.  You have to take classes on things that you don’t know anything about because they tend not to be very advanced.  Also from year to year the training doesn’t seem to improve much, many of the instructors are using their same slides from the previous year (or further back).  The Technical sessions are more like 2 hour lectures on a particular topic.  They are not geared toward training but more toward presenting.  I’ve never found them that interesting.

By far where LISA wins out is what’s called the ‘Hallway Track’.  This is basically the hobnobbing in the halls with other SAs and going out to dinner and all the conversations that occur as a result of that.  Each year I’ve found that amazingly useful.  Most SAs operate in a bit of a vacum, they may have a small (or large) team, but there’s a heirarchy there.  If they are in a solo shop they don’t usually have someone to bounce ideas off of.  Even if they do company size, budget, etc limit the focus.  The people you meet with at LISA cover all sorts of areas from the large financial sector, to academia, to startups.  It’s those different perspectives that are really valuable and why I go back each year.

I am however disappointed that LISA has been shrinking a bit, they need to improve their training and try to attract different groups of SAs.  I think alot of small shop SAs don’t come to LISA because it has this air of being only for really large installs.  If you are serious about your craft as an SA you hope to one day be in a large install, either by growing the one you have or moving into one.  I think it’s important for small SAs to attend a conference like this to learn about techniques they could implement before they get too big.

Another point of disappoitment is with the vendors.  As an employee for what easily can be described as a vendor we don’t have a presence at LISA (except as attendees).  There were probably only 25 vendors this year and most of them were in the SAN space.  SUN was there, but they didn’t really seem into promoting their product.  FreeBSD was there as well, but they are kinda preaching to the choir with their userbase if you ask me.  Fedora had no presence there, Red Hat had nothing.  Where were all the security product vendors?  Where were the groupware vendors?  Splunk always shows up and does a good job.  In fact I started using Splunk last year after talking with their sales guys at LISA ’07. Alot of people at LISA are either buying or making the technical recommendation and indirectly buying the products that their companies will use.  Reductive Labs personally has LISA to thank for at least one contract.  I wouldn’t have bought a support contract with them if I hadn’t met Luke and had some really good discussions with him.

The after hours stuff at LISA is also excellent.  They have BoFs (Birds of a Feather) sessions about a wide range of topics.  Anyone can run a BoF, they are meant to be informal roundtable discussions about a particular topic.  They often stray off the technical, there was a hockey bof last year, and their’s usually a semi-secret scotch bof every year as well.

Next year LISA will be in Baltimore.  I will likely go because it’s so close and I get alot out if each year.  Even when I don’t learn alot of training, being around a bunch of other SAs and spending a week discussing methods and other aspects of SA always invigorates me and gets me all fired up for when I return to work.  It’s kinda like a career reset.  When your job has you beaten down and you’re burned out sometimes a vacation helps release that pent of stress.  Sometimes however getting away from work but staying technical and learning about other ways of doing your job can be an even bigger boost.