atp

Some aspects of linux have the reputation of being hard. Traffic control via queueing disciplines for bandwidth management for example. Even the title is enough to strike fear into the heart of a seasoned system admin.

Which is a pity really, as the things outlined in chapter 9 of the lartc are very useful in practise.  The problem is the documentation is very descriptive - which is good once you know roughly what you're doing - but which has quite a steep learning curve if you don't. In fact it's pretty vertical if you don't already know quite a lot about networking. A few more worked examples would help over and above those in the cookbook.

Instead, like most people in a rush, I have relied on attempting to bash together snippets of code that are on random blogs to make /sbin/tc do what I want it to do, without really understanding what is going on. 

This time, when presented with a problem for which this is the exact tool, I found I needed to dive deeper, and actually understand it, as none of the precanned recipes worked. It was a case of "if all else fails try the manual".

So now I think I've got a vague handle on what is going on, I'm documenting what I ended up doing because I'm sure I will need a worked example when I come back to this in the future. If its useful to you too, so much the better.

We had to clean up some left over cgroups after another set of experiments with LXC.The guys doing it encountered problems, as the logic is the opposite of what you expect from your experience on a normal unix filesystem.

Specifically the problem happens when you have a nested cgroup - for example /cgroup/foo/bar/

A week ago Rhoda and I got married. It came together very smoothly, mainly down to Rhoda’s phenomenal organisational skills, as well as the wedding planner we hired – (W.E.D.). That by itself would be more than enough - but to top it off we also took a couple of side trips with our friends.

While setting up rhoda's blog on tinola I came across a couple of hurdles converting from one site to multiple sites.

The pivotx manual helps with a section on running multiple websites. But not everything works that smoothly. So, here's what I needed to do to make it work.

This is nothing to do with spelling. Oddly enough I seem to be developing a bit of a reputation at work for insisting on proper spelling (as well as keeping the comms room tidy). Personally I find lines are a very effective method of correction, and 25 lines is just about right for an agile story card. The general lack of ability of some members of the team to spell is not however entirely unexpected, as a couple of them grew up in the bush (Shepherds judging by the accent).

It has been a long while since I have had the time to write a post. Particularly a technical one. And unfortunately that wil have to wait a tad longer. Which is a bit of a shame as there is some good stuff happening in the performance and stability corner of LMAX that I would like to talk about.

By way of mitigation I've been submerged in the business of helping the better half plan our wedding.  This weekend however was all about bread. I'll leave the lovecraftian nightmare of making croissants which has taken over our lives for the past 48 hours to another post, and instead talk about a brief break in the action I took to make a spelt loaf.

I promised matt carter I'd start writing up aspects of how we run agile operations (aka devops) at LMAX. Apologies this is so overdue.

One of the major tensions in any small techical operations team is the tension between project work and "interrupt driven" work. Interrupt work is hard to define, other than the slightly circular "being anything that is not project work". In practise this ranges from problems in production through to getting users working mice.

Small IT teams are usually pretty bad at dealing with interruptions, so we've developed the concept of an "Interruption Monkey" to keep things manageable.

Like most people I've got an amazon ec2 cloud instance for all sorts of things. Mine is used as a DNS secondary.

I'm currently fed up with the gyrations that running a proper dns secondary makes me go through. It was not complex until I introduced views. At that point you find that the replication of DNS zone data starts becoming mixed up with the acls on the zone views themselves, forcing you to use multiple IP addresses to replicate both internal and external views of the DNS. Thats painful, and hard to maintain.

When I added the EC2 instance, I also had the problem of dealing with replicating across the internet, for which the usual remedy is to use a VPN. However I found it far simpler to use rsync and make each one believe it is the master for the zones. Its easiest to rsync as the named user, or root itself. However, you don't really want to let privileged users accept stuff from the internet directly, and turning PermitRootLogins on is anathema.

So this post is about how to use ssh forced-command-only and the from options to lock down rsync backups,  as I had to assemble this from bits of blog posts and man pages, and I'll probably need it again in the future.

In this article I run through how to create a simple ticker app off the LMAX API using PHP.

LMAX is the London Multi Asset Exchange. This is a low latency financial exchange which can be accessed directly by retail customers over the web using JSON or XML over a REST based interface.

The raw protocol not that pretty, so there are client libraries written in C# and Java. For fun and monitoring, I have written an unofficial PHP client library which I'm using here.