Recently I’ve been playing around with Prometheus. For now I think it is the best open source solution for monitoring (in the same way that chlamydia is probably the best STD). Previously I was a fan of Sensu, but honestly there are just too many moving parts to go wrong with Sensu, which meant they inevitably did. So, why do I like Prometheus? Basically, it stays pretty close to the UNIX philosophy of doing one thing and doing it well - basically it is just a time-series database.

The big announcement of the recent DockerCon was 1.12 integrating Swarm. As far the as the ecosystem goes that is quite a game changer, but I will not be dwelling on that. I am just going to regurgitate what others have said and add a few bit of my own. I am going to build a simple cluster that looks like this: What we have here is 2 nodes running Centos 7 which run Docker 1.

I seem to be writing more about cycling than anything else at the moment. I even have some more posts lined up on the subject, but there are few IT related ones coming too. Anyway, I just got these the the other day to replace my old Scotts that had served through a hard Brittany winter. I got them because I read they were incredibly comfortable. They are pretty standard fair for their RRP of €145.

I love both Open Source and Cycling, but the 2 do not ofen meet. In fact the cycling industry is incredibly secretive and dominated by patents. It is one of the major reasons that it is very hard to enter the groupset market (for roadies there are 3 major brands, for MTBers only 2). SRAM recently completely changed the way derailleur shifting worked with their new eTap electronic groupset, basically to work around Shimano’s patent library.

Using Puppet to manage Letsencrypt certs and Apache VirtualHosts

There has been boo-hoo-hooing the last few days about an injury sustained by Francisco Ventoso at Paris-Roubaix. Yes that spongey looking bit is his bone. It is seriously nasty and the UCI have re-banned disc brakes as a result. However, the fact is that disc brakes are a lot better than rim brakes. Rim brakes suck - especially in the wet. On carbon rims they suck even more even in the dry.

Drown is the latest vulnerability in OpenSSL. Essentially it allows an attacker to decrypt your TLS session and get data out of that session. The thing is, it is based on a vulnerability in SSLv2! Here lies my problem with this: SSLv2 has been known to be insecure for 20 years. Not only that, but SSLv3 also and even TLS1.0 (effectively SSLv4). The number of clients requiring even support for TLS1.

Happy 2016 all This weekend I finally got round to adding eyaml support to Puppet in my lab. What is on earth am I talking about? Puppet can use a thing called Hiera as a data source, think of it as a database for configuraion. In an ideal world, your manifests will be completely generic - in fact your control repo could consist of nothing but a Puppetfile with a list of modules to install (if any one lives in that ideal world, you are better than me).

I've been shopping! I've recently bought myself a new pair of pair of bib tights (for the full Dave Lee Roth effect) and a new jersey. More specifically I've bought DHB Vaeon Roubaix padded tights and a DHB Windslam jersey. DHB is the house brand of online cycle megastore Wiggle. Wiggle are based in Portsmouth, which is where I studied, lived for 10 years, met my wife and where both my children were born.

The basics of defining what modules get applied to a particular node is really simple in Puppet. Out of the box you just use the hostname and the FQDN and everyone is happy. You find this everywhere in documentation, blog posts, presentations, etc. However is has a problem: scale. What if you have an elastic infrastructure with nodes being created and destroyed automatically? What if you want to use the same manifests in different environment, but use different hostnames?