68°F

Aaron Parecki

  • Articles
  • Notes
  • Photos

#ops

  • New year means new keys (bear.im)
    Fri, Jan 6, 2017 2:53pm -08:00 #ssh #security #ops
  • Several Days of Server Migrations Later...

    I just spent two days finishing migrating the last of my old websites and services off my old server and into new homes. This project has been on my todo list for over two years, and I've been making slow progress since then, mostly by spending a day on it here and there.I finally finished moving the last things off the server today. The last two things left were my Twitter streaming search script and a really old MediaWiki website. Both were running on a 6-year old operating system, and under deprecated versions of Ruby and PHP. The MediaWiki instance had been EOL since 2012. The OpenSSL library was so old the Heartbleed bug hadn't even been written yet. Other things on that server were a Gitlab install (which I replaced with Gogs in February), my own SSL root authority (which is significantly less useful now that Letsencrypt makes certificates free and easy), an old web app I haven't used since 2009, and many cobbled together scripts.This was quite a painful process all told, and I would like to avoid getting into this this situation in the future. Here are some things I'm planning to do that will help make the upgrade process easier in the future.Upgrade regularlySpend the time it takes to upgrade the whole server (OS as well as application dependencies) every 3-6 months, instead of letting the machine get to be several years old. The whole reason I got into this situation in the first place is the OS was so old incremental upgrades were no longer possible. Updating the OS, PHP/Ruby versions, and applications regularly means smaller incremental changes rather than getting into a situation where your app no longer runs because the scripting language changed so much since the last upgrade.Separate the web and database serversI've had a separate database server for a long time. The main benefit this gives me is I'm able to move the source code for a website to a new server without having to also worry about migrating the database at the same time. It's one less moving part in the migration process, and I will continue to do this in the future.Productize everythingSome of these projects and websites were so old that I didn't actually have them in Git repos yet. Some of them were in Subversion, some were just piles of files on disk. A few of them shared a common set of files on the server, rather than using any sort of package management and proper dependency chain. Of course my more recent projects are much better packaged, but I had forgotten I had not always done things this way. Making each project a self-contained application with its own Git repo makes it easier to move them around to new servers later.Avoid using servers in the first placeThese days, we have many options for running applications without dealing with the underlying operating system. Google AppEngine (on which I currently run indiewebify.me and xray.p3k.io), Amazon Lambda (where I run ca3db), and Heroku to name a few. Once a service is running in infrastructure such as these, you can forget worrying about the underlying operating system updates, and focus on your application logic. The service providers will handle everything under the hood and you can forget that upgrading OpenSSL is a thing that needs to happen.
    continue reading...
    1 like
    Tue, Apr 5, 2016 7:02pm -07:00 #indieweb #server #migration #ops #database
  • Nick Craver - Stack Overflow: The Architecture - 2016 Edition (nickcraver.com)
    Wed, Feb 17, 2016 2:01pm -08:00 #stackoverflow #ops #servers #scale
  • How We Partitioned Airbnb's Main Database in Two Weeks - Airbnb Engineering (nerds.airbnb.com)
    Tue, Oct 6, 2015 10:13pm -07:00 #scaling #ops #database #mysql
  • ulimit - Too many open files with nginx, can't seem to raise limit - Server Fault (serverfault.com)
    Sat, Apr 4, 2015 2:46pm -07:00 #nginx #linux #ops
  • Monitoring CPU and memory usage from Postgres

    Let's say you have a cluster of Postgres database servers and you want a way to easily monitor their CPU and memory usage. You could install any of the system monitoring daemons like Nagios, Collectd, Munin, etc, but that means opening up another port in your firewall, and maintaning another running process. If all you're after is basic info like CPU and memory usage, there's an easier way!
    continue reading...
    1 mention
    Thu, Feb 19, 2015 12:30pm -08:00 #postgres #ops #linux
  • Knightmare: A DevOps Cautionary Tale – Doug Seven (dougseven.com)
    This is the story of how a company with nearly $400 million in assets went bankrupt in 45-minutes because of a failed deployment.
    Tue, Feb 3, 2015 5:25pm -08:00 #devops #ops
  • furbo.org · Fear China (furbo.org)
    The first course of business was to regain control of the server. Every service on the machine was unresponsive, including SSH. The only thing to do was perform a remote restart and wait for things to come back online.
    Thu, Jan 22, 2015 4:48pm -08:00 #greatfirewall #sysadmin #linux #ops
  • Handling AWS Spot Instance Termination Notices | Luminal (luminal.com)
    Tue, Jan 6, 2015 4:32pm -08:00 #aws #ops
  • Rolling Your Own CDN – Build A 3 Continent CDN For $25 In 1 Hour (www.scalescale.com)
    Sun, Jul 27, 2014 5:00pm -07:00 #DNS #ops #web
  • Akamai Heartbleed Response (blogs.akamai.com)
    Sat, Apr 12, 2014 2:29am -07:00 #heartbleed #ops #ssl
  • Reverse Heartbleed Tester (reverseheartbleed.com)
    Thu, Apr 10, 2014 2:01pm -07:00 #heartbleed #ops #security #ssl
  • What should a website operator do about the Heartbleed OpenSSL exploit? (security.stackexchange.com)
    Thu, Apr 10, 2014 1:35pm -07:00 #heartbleed #openssl #ops #security
  • How to explain Heartbleed without technical terms? (security.stackexchange.com)
    Thu, Apr 10, 2014 1:22pm -07:00 #heartbleed #ops #security #ssl
  • How to test and confirm OpenSSL is updated for Nginx and Ruby on Ubuntu 12.04

    A quick guide to updating OpenSSL on Ubuntu 12.04 running Nginx and Ruby and verifying that your system is safe from the Heartbleed bug.
    continue reading...
    7 likes 6 reposts 11 replies 2 mentions
    Tue, Apr 8, 2014 3:16pm -07:00 #heartbleed #ops #ubuntu #linux #openssl #ssl
  • SSH to EC2 Servers by Instance ID

    I often know an EC2 instance ID and need to SSH to the server. In order to avoid manually looking up the IP address or hostname, I wrote a small script to let myself SSH to an EC2 given an instance ID.
    continue reading...
    1 like 2 reposts 1 reply
    Tue, Feb 11, 2014 11:14am -08:00 #ssh #ec2 #aws #ops
  • Add nginx as a ubuntu service stop and reload doesn't work (stackoverflow.com)
    Service started well with the init file, but stop or restart didn't. In the end the cause was a different path to the pid file in the nginx.conf and the init script. Make sure they both point to the same location.
    Sat, Feb 8, 2014 11:29am -08:00 #linux #nginx #ops #servers #ubuntu
  • Auto-scale Sidekiq workers on Amazon EC2 (pablocantero.com)
    Fri, Jan 31, 2014 3:56pm -08:00 #aws #ec2 #ops #scaling #sidekiq
  • Four Linux server monitoring tools (aarvik.dk)
    Sun, Jan 26, 2014 8:58am -08:00 #linux #monitoring #ops #server
  • How Facebook Ships Code (framethink.wordpress.com)
    Mon, Jan 17, 2011 4:44pm -08:00 #development #facebook #ops #workflow
older

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv