Sunday, September 26, 2010

Setting up a load balancer on slicehost

Goal: set-up a single load balancer using LVS-TUN technique to direct traffic to web servers running Rails being served by Passenger Phusion on Ubuntu 10.04.

1. Request slicehost to set-up a shared IP. The load balancer (LB) must have a shared IP with the web servers. Read the LVS-TUN docs to understand more of the why, but for the how, be like Arnold and just do it. If you explain to them what you're doing, they will know what to do and configure stuff the right way for you.

2. Install ldconfig
apt-get install ldirectord


3. Follow these directions ignoring the bits about heartbeat (I feel that heartbeat is needless complexity for me now but I'll probably want to add it later).

The Linux-Directors must be able to route traffic to the real-servers. Specifically in addition to correctly configuring the interfaces and routes you must enable IPV4 forwarding. This is done by adding configuration of net.ipv4.ip_forward to /etc/sysctl.conf as follows:


#



# Enables packet forwarding
net.ipv4.ip_forward = 1

For these changes to take effect the sysctl command may be used:

/sbin/sysctl -p
net.ipv4.ip_forward = 1



Thanks to UltraMonkey for this information.

4. Install ldirectord.cf in /etc. You can use the sample file from the UltraMonkey site article above. Make your modificaitons to reflect your setup. Mine looks like this:


checktimeout=10
checkinterval=2
autoreload=yes
logfile="local0"
quiescent=yes

virtual=SHARED.IP.ADDRESS:80
real=web1.server.ip.address:80 ipip
real=web2.22.33.44:80 ipip
service=http
request="healthcheck.html"
receive="OK"
scheduler=rr
protocol=tcp
checktype=negotiate


virtual=SHARED.IP.ADDRESS:443
real=web1.server.ip.address:443 ipip
real=web2.server.ip.address:443 ipip
service=https
request="healthcheck.html"
receive="OK"
scheduler=rr
protocol=tcp
checktype=negotiate


Obviously plug-in the correct IP addresses for the shared IP that you requested from slicehost, and the real IPs of the 2 web servers.

Check the output of ipvsadm:


root@SatelliteIngestionLB-01:/etc# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 67.207.134.92:80 rr
-> 67.207.134.84:80 Tunnel 0 0 0
-> 67.207.143.51:80 Tunnel 0 0 0
TCP 67.207.134.92:443 rr
-> 67.207.134.84:443 Tunnel 0 0 0
-> 67.207.143.51:443 Tunnel 0 0 0


5. ARP hacking

Follow the "Restrict ARP advertising" config on Ultra Monkey. I'll copy it here just in case but this is their genius not mine!

On Debian, the arp_ignore and arp_announce sysctl flags are used to ensure that the VIP is not announced via ARP on the real-servers, eth0 should be set to only use its addresses for ARP. This is done by adding the following lines to /etc/sysctl.conf. The eth0 lines below should be replicated for any devices that respond to ARP.


# Enable configuration of arp_ignore option
net.ipv4.conf.all.arp_ignore = 1

# When an arp request is received on eth0, only respond if that address is
# configured on eth0. In particular, do not respond if the address is
# configured on lo
net.ipv4.conf.eth0.arp_ignore = 1

# Ditto for eth1, add for all ARPing interfaces
#net.ipv4.conf.eth1.arp_ignore = 1


# Enable configuration of arp_announce option
net.ipv4.conf.all.arp_announce = 2

# When making an ARP request sent through eth0 Always use an address that
# is configured on eth0 as the source address of the ARP request. If this
# is not set, and packets are being sent out eth0 for an address that is on
# lo, and an arp request is required, then the address on lo will be used.
# As the source IP address of arp requests is entered into the ARP cache on
# the destination, it has the effect of announcing this address. This is
# not desirable in this case as adresses on lo on the real-servers should
# be announced only by the linux-director.
net.ipv4.conf.eth0.arp_announce = 2

# Ditto for eth1, add for all ARPing interfaces
#net.ipv4.conf.eth1.arp_announce = 2


Don't forget to run sysctl -p after editing this file.


6. Create a tunnel network interface

make sure ipip is enabled


modprobe ipip


then add the tunl0 interface to /etc/network/interfaces


iface tunl0 inet static
pre-up ip tunnel add tunl0 mode ipip
post-down ip tunnel del tunl0 mode ipip
address 67.207.134.92
netmask 255.255.255.255


then bring it up


ifup tunl0


see if it worked


/etc/network# ip add sh tunl0
7: tunl0: mtu 1480 qdisc noqueue state UNKNOWN
link/ipip 0.0.0.0 brd 0.0.0.0
inet 11.22.33.44/32 scope global tunl0


add a permanent route


route add -host 67.207.134.92 dev tunl0


ok almost works... still seeing only 443 on ipvsadm


ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 67.207.134.92:443 rr
-> 67.207.134.84:443 Tunnel 0 0 0
-> 67.207.143.51:443 Tunnel 0 0 0

Thursday, June 17, 2010

Fresh Stories

Bad stories are like dandelions. Once they get into the backlog, they tend to multiply. You can keep weeding them, but they'll usually come back. The thing is, there is no cure for them. In SDD, you have to just keep plucking out the crappy stories, keep dis-aggregating excessively vague and/or complex stories, checking with the team the whole time. Right now in the heat of development of a large complex project, the scrum master (myself) and the product owner are spending all day every day cleaning out bad stories, refreshing stale stories, writing new stories that offer greater clarity and detail (and therefore are more testable), consulting with the team about pointing the stories. It's a full time job for the two of us. Extending the definition of done requires that you have a high quality definition, and if you don't have a testable doneness criteria, you don't have a good story.

On the other hand, it's critical to remember that stories are (I think Mike Cohn said this) "a reminder to have a conversation". I've found that people new to agile constantly struggle with its intrinsic ambiguities and its reliance on a bit of chaos and emergence to sort itself out. In our project, we're handling this by keeping stories in current and at the top of the backlog in a very testable, verifiable that it is doneness state. They are typically 1 or 2 points on the 8 point scale, sometimes 3. A lot of the big system stories that are just big because of the heavy lifting they require behind the scenes are done (eg set-up the amazon s3 encrypted url generator or other things with low BV but high effort). As you go down the backlog, you see more and more dandelions - stale stories, too big stories, non-testable stories, etc. These are the reminder stories. In fact it seems like dandelions are a reminder to the scrum master and the product owner to do more work!

Something I've struggled with in the lack of hard and fast rules department is, when does a story have to deliver business value (BV) and when does it not? Is it ever ok to have "system" stories (hahaha, The system shall do everything I want in 3 weeks for $10)? I want philosophically for every story to deliver end-user BV, but in order to get there, we were ending up with 8 point stories that were just not helping the developers get stuff done. We argued about it, and we decided that there are some cases where the benefits of a non-BV story out weigh the potential drawbacks of "rewarding" the team with burn down for a story that is really a dependency for other stories to deliver BV. Setting up amazon cloudfront and s3 to use non-shareable urls for digital assets was a piece of architecture work that took a developer 3 days to do that then unblocked a large number of BV-delivering stories. We elected to point and burn down these stories, and I think the morale boost this generated was worth it. Sometimes the psychological needs of the team outweigh the benefit of philosophical purity, which can be intellectually interesting but not always pragmatic.

In conclusion, making agile work is all about being pragmatic most of the time, and reaching for the higher principals when it's a win. And it's a lot of freakin work. Keeping your backlog of stories accurately prioritized and testable is a full time job. If you're finding that your adoption of agile isn't working, ask yourself how many hours a day is your scrum master spending managing the backlog with the product owner. In the middle of a project, this could easily be 3 full business days of work a week.


Friday, June 4, 2010

7 tips on getting yet another new team up and running on Agile

Going to try to lay down some quick observations about getting new teams ramped up on Agile. It's just like everything else in life, you keep getting better at doing what you've been doing, but you keep having to lead new horses to the same water.

1. Agile is hard to understand, and it's really hard to understand if you aren't intimately familiar with the challenges of modern software development. When you have to bring in business stakeholders and other non-developer team members into the mix, be prepared for a longer than desirable ramp-up time. Reading books about Agile is like reading books about skiing. You can glimpse about 5% of what there is to know this way, but until you do it a lot of times for a lot of different projects, you ain't gone skiing yet.

2. Every project is different, and your process needs to be allowed to emerge. This is something that can drive new people crazy - "But how did you do it before on other projects? Why are we using process and procedure X when we did Y before?" People naturally resist emergent approaches because to them change means that there is a problem, that something is wrong, that something wasn't well thought out. They don't know that every project and every team is going to have an unique mix of personalities, technical problems, logistical problems, etc., that will result in an unique set of solutions that are built on the shoulders of giants from previous problems.

3. Initial story quality always sucks. Don't spent too much time doing it. You have to spend time and energy every iteration - for us, every day - evaluating existing stories, throwing stale ones out, and writing new stories that cover the gaps that you didn't think of until you tried to actually do any work.

4. Try to get from mockup to building real applications/web pages ASAP. No one will really understand what the true UX challenges are going to be with your brilliant ideas until you can click on something that does something. Light-weight mockup tools like Balsamiq are incredible productivity-enhancers for this phase, but don't spend too much time on them. YOU MUST BUILD to really discover. This is probably the most important and profound learning on my agile journey - Just Do It. Stop talking, stop thinking, stop planning, just build something, inspect what's wrong with it, solve one small well-scoped problem at a time. Emerge.

5. Do not confuse visual pretty makers with interaction designers. Pixel pushers almost universilly are bad at UX. If your product doesn't make sense to users it doesn't matter what it looks like. Decorate it later. The extra work your HTML person might have to do and bitch about is sad, but it's nothing compared to the amount time you saved not decorating first and building later.

6. Small bite size pieces at all levels, from stories, to the size of your iteration, to the time to initial launch, to your release cycle. The smaller you make things the less you have to think about, the more you can focus on doing one thing perfectly right.

7. There are two kinds of reactions to Agile. "I get it, this is how it's done," and "WTF???" Don't bother trying to lecture or explain to the latter crowd. Lead them to water and spend as little time as you can trying to convince them of anything. Some people are never going to play the game as its meant to be played 100%, but as long as they don't get in the way it's ok.

Tuesday, April 6, 2010

Maven JAXB 2.0 schemagen goal

I've been building a RESTful API client using Sun's jersey JAX-RS reference implementation. My approach has been to create a domain model out of Java POJOs. It felt like wasted effort to create an XSD that was going to be derived from a fluid RESTful API that I have no control over. It's easier to use the JAXB annotations to control marshalling and unmarshalling behavior from API calls. The XSD seemed like an artifact that added no value... Except that I now have a use case where customers would like to provide me with XML data to transmit up to said API. Life is easier if customers can provide me with the data in a format I can just get for free. In order to create a data specification, I wanted to generate an XSD from my domain model using schemagen. Figuring this is something I'll want to do on a regular basis, and it's something other developers on the team may need to do in the future, I decided to use the Maven JAXB schemagen plugin, which is very poorly documented. However, I found a sample POM configuration that got me through quickly. Thanks to Mark for sharing! Just in case, I'll repost here.


<pluginrepositories>
<pluginrepository>
<id>maven-repository.dev.java.net</id>
<name>Java.net Maven 2 Repository</name>
<url>http://download.java.net/maven/2</url>
</pluginrepository>
</pluginrepositories>

<plugin>
<groupid>com.sun.tools.jxc.maven2</groupid>
<artifactid>maven-jaxb-schemagen-plugin</artifactid>
<version>1.2</version>
<executions>
<execution>
<phase>generate-resources</phase>
<goals>
<goal>generate</goal>
</goals>
</execution>
</executions>

<configuration>
<project>${project}</project>
<destdir>${project.build.directory}/schemas</destdir>
<srcdir>${project.build.sourceDirectory}/za/co/jumpingbean/dal/model/core/</srcdir>
<verbose>true</verbose>
</configuration>
<dependencies>
<dependency>
<groupid>javax.xml.bind</groupid>
<artifactid>jaxb-api</artifactid>
<version>2.2</version>
</dependency>
<dependency>
<groupid>com.sun.xml.bind</groupid>
<artifactid>jaxb-xjc</artifactid>
<version>2.2</version>
</dependency>
<dependency>
<groupid>com.sun.xml.bind</groupid>
<artifactid>jaxb-impl</artifactid>
<version>2.2</version>
</dependency>
<dependency>
<groupid>com.sun.xml.bind</groupid>
<artifactid>jaxb-xjc</artifactid>
<version>2.2</version>
</dependency>
</dependencies>
</plugin>

Friday, April 17, 2009

What is strategy?

Strategy is the process of choosing a broad goal, creating measurable objectives, executing a plan, and seeing if your execution is driving towards the objectives. It sounds incredibly easy, yet very few people are capable of actually conducting themselves in this manner in a professional context. You could ask many reasons why, but that wouldn't help you make the change.

Agile development methodologies are all about coming up with short, concise, measurable objectives in the form of a lightweight spec, such as a user story. I don't know if it is beneficial for team members to really get their head around the mechanics of how an effective strategy works. I think one of the outputs of effective strategic execution is predictable results, such as being able to forecast a team's velocity.

I'll tell a little parable that illustrates how even in the simplest of situations, our emotions and other psychological inputs can distract us from executing our strategy. Anyone who knows anyone from New York City and its environs will be amazed to find that New Yorkers talk about trains the way people in other cities talk about traffic. And anyone who lives in the boroughs is required to understand the nuance and intricacies of the train schedules on the weekend.

My fiancee has been spending a lot of time with me in NYC and I've had to explain all of my strategies to her for effective train riding. Check out the system map if you're not familiar. Our apartment is in Ft. Greene right near one of the busiest subway stations, Atlantic-Pacific. From our house you are within 3 blocks of the A, B, C, D, Q, G, M, N, R, 2, 3, 4, and 5 trains! So the question is often, which train should I take? Well, the entrance that is closest to our house takes you right down to the platform where the B/Q can be caught, so we almost always take these two lines.

So that right there is an example of strategy in action: our goal is to wander the least and catch a train in the least amount of time that will get us to our destination in the least amount of time. The N and the Q are probably the 2 best trains that go through the station, but a stupid strategy would be to go downstairs and if the Q isn't there, go get the N - this is because in the time it takes you to walk to the N, you will probably miss the B or the Q. If I am trying to go somewhere that is only serviced by the Broadway line, I will still just wait for the Q (unless of course it is a weekend in which case I will walk over to the D/N platform since those trains, while requiring an extra walk, are more reliable on the weekend).

Now my office is over on 26th between 6th and 7th. The very closest station is in fact the 1 train station at 7th ave and 28th street. But the 2/3 is really slow and I have to transfer from the 2/3 to the 1, so this route is automatically out of the running. The next closest is the F train station at 23rd and 6th, so if I catch the B train, I have a strategy: if I pull into Broadway/Lafayette or West 4th, and the F train is pulling in at the exact same time, such that I can catch the F with no waiting, it is faster to take the F. Otherwise I just stay on the B and take it up to 34th street, the next stop after W. 4th. While this is a longer walk, waiting for the F is longer.

Does this make any sense? I've optimized my journey for the MOST important objective, which is to get to work in the least time possible so that I can sleep later and eat breakfast at home which is healthier than eating a bagel and cream cheese from the deli. The objective of getting to the station that is closest to my office is less important than getting to my office quickly. Doing the extra walk from 34th street also serves a nice-to-have objective of trying to get as much exercise as I can even when I don't go to the gym.

There are myriad choices to get from my house to the office, and all of them will eventually result in my arrival at work; however, I've clearly identified an objective, which is different from a goal since it is measurable, which is to get to work in the least amount of time possible for the least amount of money. There are many decision points along the way, but by limiting the number of branches in the decision-making process, I have arrived at a very consistent formula. If I take the B or the Q, I know I can be at work, door-to-door, in about 40 minutes. Taking the F may reduce this time by a few minutes, but the risk of sitting on the F train platform for 5 minutes (which happens maybe 1 out of 3 times I choose to do so) is not a risk worth taking.

Teams doing work need to limit their choices and come up with a consistent tactic to getting work done quickly by choosing the right goals and objectives. Over and over again, I find the most effective way to trim time off of projects getting done is to force developers to give me code that I can acceptance test on the build host. I generally don't consider any of the sub-stories of value, I only care about stories like, "As the public, I can see this website feature do something." Plumbing may have been required to get there, but the surest way to know if the plumbing, chores, sysadmin crap, and all other work required to get paid - because that is the mother of all objectives - is if I have a working website that lets me exercise the story in question. Letting broken untestable or unacceptable (meaning work that can not be acceptance tested) sit around is classic waste in the lean sense of the word.

Wednesday, April 15, 2009

Agile Contracting

Oh man, this topic is a doozy. Customers want to know how much something will cost and when it will be done without knowing what it is we are really going to end up doing. When you suggest that we will discover things and course correct, they stare at you blankly and ask if that means they are getting a discount. Customers generally don't want to have to think, and they want to shift the responsibility of designing their business model onto you, the contractor, because bless their hearts, they probably don't even have a business plan that would let them articulate their business and revenue model as it applies to the work they want you to do.

Having a consulting services based business means that your business consulting service model must be laced up and iron clad. You need to be the Delta Force that your customer is looking for. When you are a small business trying to keep all your customers happy, doing operations and support, figuring out your own revenue model that's required to support your existing client base, while at the same time figuring out how to grow your company to cover your new expenses that have emerged from your own success... it's really hard to do this. This is why most small businesses fail. An added challenge is when your business is small and there are limited numbers of partners, the partners tend to be the business development team, the sales team, the account execs, the PMs... and those roles have conflicting agendas that can make course correction in the middle of a project very hard. Sales people don't want to admit that the company's capabilities are a work in progress.

Here are some very cool articles on alternative contract models. The fixed cost, fixed scope, fixed time model ALWAYS fails without a change control officer pounding the client relentlessly, which often results in an unhappy client; on the other hand, if you don't pound them with change control, they eat into your margin, for us, typically by 50% of our margin. We desperately want to be fixed scope bucket, but varying content of bucket; we want to be fixed cost and fixed time, where we append the emerging requirements into a new bucket of cost and time.

http://www.sparkboxx.com/sparkboxx/types-of-contracts.html
http://alistair.cockburn.us/Agile+contracts

Friday, April 10, 2009

Rails has no application context

Something my developers have been complaining about lately is the difficulty in creating a generic dependency injection framework for a project with a lot of different plug-ins. I am asserting that there should be a generalized mechanism to set properties on a Rails domain model, rather than allowing plug-ins unholy access to reek havoc on my model objects.

We have a use case where we want to be able to inject different implementations for the same interface. The idea is that we are using attachment_fu to decorate models, but we want to be able to store attachments in a different persistence mechanism (currently local filesystem or Amazon S3). We've implemented a generic framework as an engine that depends on attachment_fu to handle the attachments. For a given client project, we'd like to able to inject the implementation for S3 or filesystem persistence, but since attachment_fu totally hacks our objects to bits, we have to write some exotic and smelly code to configure a given model to do what we want.

This is not the first time they've lodged this complaint, which is more or less that no matter how much (by much I mean well-defined, encapsulated, well designed OO etc) of an interface one of our in-house APIs surfaces, we are always already limited by the hackers who infiltrate our code with no contract. Plugins like attachment_fu offer no contract, they simply save the desperate ruby hacker from having to write lines of code, but the end result is a totally non-transferable hunk of smelly spaghetti code.

Perhaps Rails just doesn't support our over-arching design goal, which is the ability to write one piece of code to handle the use cases all of our clients ask for on every project we do. Maybe it's faster to just re-write the same code over and over. I called this article "Rails has no application context" because I am used to working in an environment like Spring where I can request any implementation I want through the application context. Objects communicate through an interface and there is no shared knowledge of implementation details. I want this same kind of service bus in Rails, where objects can register themselves and be available, and other objects can request an implementation of an interface and know that the required operations (eg save to storage mechanism) will be available without having any idea about implementation details of each other. Jaroslav Tulach calls this a "Teleinterface" which I think describes this situation accurately.

I've proposed to my development team that we create some kind of proxy for attachment_fu to rape as the sacrifical vigrin, rather than treat our whole domain model as an open harem. We must repel the godless Romans from our code. We can create some kind of proxy object that gets wired up with the attachment_fu hooks, and this object can then act as an API for our code to consume.