On IT Operations and Infrastructures

Devopsday USA 2010 and the first Silicon Valley Devops Meetup

In late june/early july this year I went to San Francisco for devopsday USA 2010 that I had the pleasure to co-organized with Damon Edwards, Patrick Debois and Andrew Shafer.

I really enjoyed the experience and am glad so many people came to attend the conference (spéciale dédidace to the French Diaspora: Alexis, Olivier, Patrice and Jérôme). I look forward now for another chance to contribute to the next events!

I was still in the Bay Area on july the 6th when the first Silicon Valley Devops Meetup was organized by Dave Nielsen in Mountain View and I decided to join attend their first meetup.

Although Patrick and I have been in contact and working on presentations about "Agile and Operations" and "Continuous Deployment pipelines" months before he pinned the devops term and decided to create the first Devopsdays, we don't live close enough to one another to be able to see each other regularly, and I don't know yet enough devops-minded people locally to be able to start regular meetups, so it was interesting for me to to see what form it would take (sadly I haven't managed to attend to the popular london meetups yet).

The meetup started with a little discussion on the group name and on what the content and form should be for the following meetups.

The first Devopsdays was a 2 days conference with speakers in the morning and openspaces/unconference in the afternoon. I felt it was a nice format since the morning presentation would raise interest on specific subjects and fuel the afternoon debates without restricting them. (We were more constrained by time -only one day- for devopsday USA 2010 and had plenty of speakers so we decided to only have panels and a few lightning talks to raise interest/awareness to other subjects.)

I guess I felt that I was passing on the torch somehow and since some of the topics and discussions that took place during (and after) Devopsdays came back, it was an opportunity to share what was said and done back then. I think that the biggest benefit the devops movement is that it enables people to share their experience with one another, and I believe this is one of the way we can solve the problem I addressed on my first post.

One of the things from Ghent that I mentioned was the very nice experiment by Lindsay Holmwood when he proposed a 1-hour gang-development session on "cucumber as a script language". Not only because the subject was cool, but also because there was actually concrete code produced after this session, and I believe this is great if we can not only exchange ideas but also produce something that goes in the right direction.

Even though the devops movement is very much about people, about having the right mindsets, about breaking silos and about business alignment and change management, it is also about tools. And I think that since developers and ops (and network and security and QA) people meet together during the meetups and conferences, it is also probably the right place for new tools to emerge, tools that can efficiently and elegantly solve the daily pain points and bring people together/help them concentrate on what's really important.

This is why I was really happy to see that the meetup then followed by a nice presentation by Alex Honor on the "devops toolchain project". I'm glad I had the opportunity to meet Alex several time during my stay in the USA as he also had been thinking about those issues for a long time. His work on the toolchain helps pointing the gaps, the same way the "missing tools?" session during Ghent's Devopsdays did and there is a lot to do!

Devops Dojos?

Before I was involved in the devops movement, I was very much influenced by the Agile community, thanks to my friend Raphaël Pierquin (I also met Patrick thanks to him). He is the one who introduced me to the notion of "Coding Dojos".

I'm not sure who invented the Coding Dojos in the first place (it might have been Laurent Bossavit and al), but the idea is roughly "how come you are supposed to become a java expert after a one-week course when it takes a life time of regular training to become a martial art expert?", and as a martial art practitioner myself I find this idea sound.

Still, while I'm sure regular trainings on devops ideas makes sense, I'm not sure exactly how this should be done:

• Do we need to train on a specific problem, a specific tool or on a specific method?

• Maybe we could do retrospectives on a problem we've had and the solution we've implemented, to see how others would have fixed it?

• Maybe this could be an opportunity to design a tool that would solve a specific problem, or a modification on an existing tool so it would be a better fit?

If you guys have an idea about this, I'd be really interested hearing it!

Yesterday my friend and ex-colleague Iain send me a link to this dailyWTF article. I felt the content of the article and of (most of) the comments were so wrong on so many levels I had to write something about it...

the RH Performance Tuning course

I suspect he did this because he remembered a heated discussion I had in a team meeting with our team leader back when Iain and myself worked together: our team leader was coming back from a "Red Hat Performance Tuning" course and said there was a lot of things that we could do to improve the performance of our systems, including:

• ensure that all systems had swap defined as twice the amount of RAM
• ensure that the /tmp partitions were created on the outside parts of the "spindles"

I expressed serious doubts about the validity of those assumptions in a modern IT environment.

First of all, memory is cheap nowadays and QoS matters. In most cases, a swapping server is the best way to guarantee that it won't be able to offer the right level of service: it is either an indication that there is something wrong with the software like a memory leak, or that the server is not properly sized for the task.

The partitioning issue is very similar to the case described in the dailyWTF article. It is based on physical assumptions that are not necessarily true nowadays, especially when we are talking about partitions made on a hardware raid1 volume using multi-platter drives. In my opinion, there was no guarantee that the firmware of the RAID controller nor the one from the drives will do what we think they do.

Proof versus Belief

Interestingly enough, it seems that I was wrong and that drives manufacturers do their best to keep a mapping that is still in sync with the belief system in place, as the proved by the zcav tests pointed in one of the article's comment.

What is important here is the experimental evidence as opposed to beliefs or possibly outdated knowledge.

Still, it is important to remember that the zcav published datas are only valid in the context of the tests: they might not be valid for your production system with your set of drives, your raid controller and moreover, for your application needs.

Of course, with enough experience with a specific application, there is a possibility that generic rules can be deducted, as long as they are methodically deduced rules and not just wild assertions.

Alas, if the conditions changes, the rules are no longer valid, so you can't blindly follow them when you do performance optimization, you can just use them as hints or possible things to try: only in-situ measures can validate an hypothesis and prove performance increases.

Which means that if you have to optimize performance, you have to use your brains, common sense and produce reproducible test results!

Overcomplicated setup

With such a complicated setup, it can be difficult to measure the right thing and there can be plenty of unwanted interactions.

On the other hand, if you can't prove it makes a difference, you just over-complicate for the sake of it, which means it will be more difficult to maintain and diagnose for no provable benefit.

If it brings more performance, the benefits will still have to be evaluated against the operational risks that the complexity brought.

Not only the amount of complexity but also where you add the complexity matters: the more complexity you push down the stack, the harder it is to change things: a configuration option in an application is easier to do (and revert) than changing the version of the software.

If you depend on a specific software and hardware stack for your system/application to work, you are tied and have very limited ways to make your solution evolve or adapt. This tend to create systems where changes induce more risks.

It might not necessarily be a problem, especially if your system does not evolve a lot either in functionality or scale, and the risks can be mitigated by tests, but those costs must be clearly understood when the decision is taken.

Usually a lot of optimization can be done on the highest level, i-e the user side, with limited risks and efforts. However it can't be achieved if you don't understand what you're doing nor if you don't understand what the client application/users are doing,

Instead of shooting in the dark by applying random recipes, talking to the users to get the Big Picture can help making the system more in sync with the actual needs, and will let you identify which path that can be explored.

Sometimes it can be as easy as spreading the load over the course of a day/week/month instead of having everyone doing their queries at the same time.

Also, provided the DB is not used by a blackbox system, there are different things that can be done either on the DB or at the application system:

• pruning the tables
• optimizing the schema/indexes/queries
• queuing/asynchronous queries
• spliting/sharding the tables

From my experience, the need to do performance tuning usually comes from a bad design and the inability to scale horizontally. The IT industry has been relying too much on the ability to do vertical scaling, and unfortunately, it seems that apart from the big web players, only a few companies have realized that vertical scaling is barely an option now.

The communication problem

I believe the communication issue and lack of trust to be the most fundamental problem.

It is obvious that the company has a "Us vs Them" syndrome between DBAs and Ops, indicating a big silo problem, and I doubt this problem is only limited to the Ops DBA interaction, but probably spans to other teams interactions as well.

I think the Ops persons and his boss did the wrong thing there by hiding things under the rug. I believe that it was only pride that made the Ops guy behave the way he did, and I think this will only create more problems for him in the future.

Maybe a better way to do is to show the DBA that there was a better way to do things on a system level, to create a trust relationship with him and to encourage communication with the DB users.

Pouring oil on the fire is not going to stop the fire spreading nor the false beliefs...

As far I know, there is no course to become a Systems and Networks Engineer, aside from courses to learn (and gain certification in) a given vendor's product. In fact, back in my university years, I remember that my teachers seemed to assume that there was no interest in this kind of thing as learning the options and caveats of a particular product was all you needed. In their eyes, algorithmic and development approaches (RAD and OO at the time) were where the real focus lay.

In my case, the situation might have been worsened by the traditional friction in France between university (were the "real, pure, academic" research is done) and the Ecoles d'Ingénieur (where you learn about engineering and sometimes conduct "applied research"), but I'm not so sure the situation would have been so different in an engineering school or another country (I'll be interested in your feedback there to prove me wrong!).

So, how does one becomes a Systems and Networks Engineer? Well, it's easy, you learn by yourself, usually starting with a small set of machines and mainly by a trial-and-error approach. If you're lucky enough, you might benefit from someone else's experience and coaching. But still, it remains mostly an ad-hoc approach.

Of course, you quickly learn to avoid tinkering with the production platform on a Friday evening, and given enough experience you can even begin to "guesstimate" - to a greater or lesser degree of accuracy - the impact of such-and-such a modification, then hopefully the number of systems you manage will increase until eventually you find out the hard way that complexity doesn't grow linearly with the number of systems.

I would even claim that given the chance to work with different environments and large scale platforms (highly available, highly loaded web platforms; HPC clusters; heterogeneous banking environments), one might infer common rules of thumb and even have the hubris to try to find a meaning in the chaos.

The fact, however, is that I believe this ad-hoc approach to learning the job and the lack of (field proven) best-practice references to be The Source Of All Evil.

First of all, from this learning process comes an approach comprising unproven beliefs, mythology or carved-in-stone rules ("one needs twice the amount of ram as swap space"). It also makes it difficult to assess someone's ability as a Systems and Networks Engineer if not by considering her technical knowledge/certifications or previous experience in a similar position.

Secondly, the good practice of "not changing what works" forged by the trial-and-error approach, tends to encourage cruft accumulation and creates a certain reluctance to change anything at all. As a result risk-mitigation approaches such as continuous integration and minor steps are replaced by "big-bang" style changes with increased risks of failures.

All in all, I believe that it has created a situation whereby IT Operations is working against the (in my eyes desirable) goal of becoming agile and business-oriented - a true competition differentiator and not just a "cost center" working in firefighting mode.

The "cost center" aspect has motivated the few approaches trying to address the lack of maturity in IT Operations: ITIL, Cobit and so on. To the best of my knowledge, they are all process-oriented and mostly address the problem from a financial perspective (ROI, risk management).

While I believe there are interesting ideas in all of them, and that cost is an important factor in the need - solution equation, I am not too convinced by the "process" approach which limits risk but adds weight and inertia to the organisation and kills pleasure and innovation. I confess I might be too influenced by the ideas of the Agile Manifesto here, but I can't stop myself thinking that neither Google nor Facebook used ITIL to get where they are.

I also find them too complicated to be real enablers and believe that even though they warn against it, they incite dogmatism where pragmatism should rule. Because of this, I think they fight against the exact goals they are trying to achieve.

So how can we get out of this mess?

We would definitely benefit from an increase in interest from the academic world towards IT Operations and Infrastructure realities. Consider Google's study on Hard Drives failures. Before its publication different people had wildly differing beliefs about disk failures based on factors such as: their own experience with a statistically-insignificant sample size of drives; manufacturer advertising (propaganda); luck. With a large scale, scientific study to turn to, people gained a much better understanding of the subject matter.

Naturally, courses about availability, scalability, large scale systems and networks design and management would be welcome in Universities.

But successful companies such as Google or Amazon couldn't have emerged without good IT engineering practices and a sound infrastructure (after all Amazon even sells its services now via EC2 and S3!), so, it is certainly possible today to build an IT infrastructure that makes a difference.

Then we definitely have the responsibility to learn from those leaders and spread that information around if we want IT Operations and Infrastructures to mature and serve the business and our own users (kudos here to websites such as High Scalability or Storage Mojo for their excellent work).

Undoubtedly most of the technologies those companies use to manage their infrastructures are purpose-built in-house developments that won't be published, so we as a community need to build the tools we need in the same way developers have started open-source re-implementations of well known building blocks such as MapReduce for instance hadoop.

Tools such as Luke Kanies' Puppet configuration management, rapid deployments tools such as openqrm or easily adaptable and scalable monitoring systems such as hobbit (now renamed Xymon) should be endemic to our infrastructures, yet they are sadly too often an exception.