Archive for October, 2011
Route53 – the good the bad and the great
Posted by Andrew McGrath in Uncategorized on October 20, 2011
So recently at work we’ve been looking to migrate a few services that are hosted on legacy infrastructure over to a much better set of servers at Amazon AWS. Along the way we hit a few issues, i wanted to share my experience with you so people never have to worry about these issues again…
Issue 1:
When using Amazon AWS Elastic Load balancers you get provided with a host name for the load balancer (not an IP – this is key). This is all good and well but DNS RFC 1034 states that the origin of a domain has to be a A record, but Amazon gave us a host name, so thats a CNAME? Our current DNS provider did not support host names as A records, so this isnt good.
Solution:
Use Route53 at Amazon. Amazon allows you to use their Route53 DNS service and create A records with an “AliasTarget”. These basically setup some crazy round robin DNS setup. There are a few steps to this:
1. Create the HostedZone using the Route53 API. Here is the XML required to create the hostedzone for my domain bitchasscode.com
<CreateHostedZoneRequest xmlns="https://route53.amazonaws.com/doc/2010-10-01/"> <Name>bitchasscode.com.</Name> <CallerReference>dns_migration_amcgrath_20111018</CallerReference> <HostedZoneConfig> <Comment>Migrate an existing domain to Route 53</Comment> </HostedZoneConfig> </CreateHostedZoneRequest>
2. Create the individual A records and Cnames for the domain using the Route53 API:
<?xml version="1.0" encoding="UTF-8"?> <ChangeResourceRecordSetsRequest xmlns="https://route53.amazonaws.com/doc/2011-05-05/"> <ChangeBatch> <Comment>Create record for bitchasscode.com.</Comment> <Changes> <Change> <Action>CREATE</Action> <ResourceRecordSet> <Name>www.bitchasscode.com.</Name> <Type>CNAME</Type> <TTL>300</TTL> <ResourceRecords> <ResourceRecord> <Value>bitchasscode.com<Value> </ResourceRecord> </ResourceRecords> </ResourceRecordSet> </Change><Change> <Action>CREATE</Action> <ResourceRecordSet> <Name>bitchasscode.com.</Name> <Type>A</Type> <AliasTarget> <HostedZoneId>YOUR LOAD BALANCERS HOSTED ZONE ID</HostedZoneId> <DNSName>DNS NAME OF THE LOAD BALANCER</DNSName> </AliasTarget> </ResourceRecordSet> </Change></Changes>
</ChangeBatch>
</ChangeResourceRecordSetsRequest>
This is a key step, becsause this is what lets you have a “hostname” as a A record. Sexy stuff…
3. Test your setup, it worked fine for me, however honestly its a real pain in the ass to do all of this. This created a new issue for me, i didnt really trust what I just did…so i started thinking about creating a UI for Route53 so i could easily view my edits.
Issue 2:
There is no UI for route53 provided by Amazon.
Solution:
Use Interstate53 as your UI, you just need to provide an AWS API key & secret…then you’re done!
Honestly i dont know a lot about Interstate53, other than its very amazing. I tried a few other services which didnt do the job for me:
- nsRoute (Doesnt do Alias records to ELB’s properly)
- dns30 (Doesnt do Alias records to ELB’s properly)
- easydns (They wanted me to signup, pay or something – too hard, i gave up after i couldnt work out how to get an account.)
Interstate53 were super easy to get going with (just provide an api key and secret), there is no registration or anything and their UI is great. It works perfectly with Alias records going to ELB’s and then you’re cooking!
I rotate weekly…and i like it!
Posted by Andrew McGrath in Things we use on October 15, 2011
Its time we all admitted that rotating our log files is something we should get our act together with and do properly. I was a bit surprised how relevant and simple examples were hard to find online the first time i had to do this, so i figured since i just had to install “logrotate” on my Ubuntu server again today that this is a good day to write about it.
Why is this important? Well if you don’t rotate your logs you will suffer from erosion. A massive problem for servers that don’t get a lot of love and attention…and honestly who wants to love a server? If you servers disk space is filling up with logs, and you are not emptying them faster than they fill up…thats erosion.
The following example tells you how to install logrotate and configure it to rotate your Apache2 log files.
Step 1.
Install logrotate on your server.
sudo apt-get install logrotate
Step 2.
Edit the logrotate config file to tell it where your apache logs are.
sudo vi /etc/logrotate.conf
Add the following to the very bottom of the file:
/var/log/apache2/*.log {
weekly
missingok
rotate 52
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
postrotate
/etc/init.d/apache2 restart > /dev/null
endscript
}
Thats great, but what does it mean?
Line by line, this is the breakdown:
1. /var/log/apache2/*.log
This is the path to the logs you want to rotate. I’ve said *.log here, because i want all logs in this directory to rotate
2. weekly
Tells log rotate to rotate these weekly
3. missingok
Prevents us from getting errors if there are no logs
4. rotate 52
How long should archived files be retained before being deleted
5. compress
duh…
6. delaycompress
Sometimes you dont want to compress the file right away, as the app is writing to the logs and will be for some period of time
7. notifempty
Only rotates logs that are not empy
8. create 640 root adm
This defines the file permissions that the archives will be created with
9. sharedscripts
Ensures any prescript or postscript elements of this log rotation are only run once
10-12. postrotate
This section defines what logrotate should do at the end of the rotation. In this case i’ve told it to restart apache, because we want to make sure new log files get created. Even although log rotate renamed the log file, apache will keep writing to the renamed file until its restarted (this is why we included the option ‘delaycompress’)
13. }
end of the log rotation config
ROTATE YOUR LOGS! SAVE YOUR DISK SPACES! OR I WILL HURT THIS RABBIT!
Fix your shit or i’ll take your customers money for you!?
Posted by Andrew McGrath in Uncategorized on October 7, 2011
Recently I’ve run into so many poorly setup systems, and what makes me sad is that people paid for them to do this. If you wrote any code recently and you’re trying to get people to pay for it, do them (and yourself) a credit by at least doing the following:
- GET A LOAD BALANCER
They are very simple to setup, services like Amazon AWS and Rackspace provide these for around $20 / month; they are not expensive. If you have your reputation on the line they are worth the spend! Even if you only have 1 machine behind the load balancer, if you dont use one from the start in order to introduce one later when things get serious you need to make a DNS change. This is a big issue because you probably want it to happen quickly. Add the load balancer in from the start! You can always add more servers behind it and with sticky sessions as an option, you dont even need to make code changes to your app! - DISABLE SSH ACCESS FROM THE ENTIRE WORLD
At Amazon this is very simple, create a custom security group and whitelist only the IP’s you want to have access via SSH. - DO NOT USE MYSQL WITH ROOT
Always create custom usernames for applications. Its nice to tell the difference between your app, and someone using the root account. - ALWAYS USE PASSWORDS WITH MYSQL
I came across a case yesterday where people were using root with no password - ONLY GIVE MYSQL ACCESS TO PEOPLE WHO NEED IT
Again back to the security groups, dont let anyone get access to your machine on port 3306! Only white-list servers which need access to your database. Sadly the same case i ran into yesterday using root and no password also had their instance open to the entire world. Major no no! - KNOW YOUR HOSTING PROVIDER
Companies like Amazon provide some amazing tools that if used properly can result in some great results. If you’re at Amazon try use things like RDS (Rather than installing MYSQL on an EC2 instance), take advantage of different availability zones (dont put every machine behind your load balancer in the same zone), know how to secure your site using tools like “Security Groups”, and understand how to enable monitoring. - Finally…MONITOR YOUR SERVICE
At Amazon CloudWatch is your friend, use it! Its cheap ($3/month) and very useful…if you want to get an email when the number of unhealthy servers in a load balanced group increases, this service can tell you! Tie that baby in with companies like PagerDuty and hey presto, every time a server goes out of service you get a phone call.
If you use the tools you are provided with properly, your life is easy. If you dont someone like me will jump on your machine, drop your database, sit back and laugh because you’re not monitoring it and you dont have a clue it happened until the customer calls to yell at you.
Fix your shit, or i’ll take your customers money and keep it for myself!
A new day, a new office!
Posted by Andrew McGrath in Funny, Things we use on October 4, 2011
We decided that we’ve been far too well behaved this year. We’ve saved up some decent capital, worked hard, built up a bunch of new customers and now its time to reward ourselves! What better way to do this than by getting a flashy new office (and by flashy i mean, slightly dusty…)
Meet our new 27.5ft boat office.
TechCrunch – Thats a problem I’d like to have…again
Posted by Andrew McGrath in Facebook, Funny, Media coverage, Startups on October 3, 2011
Not so long ago one of my products was featured on TechCrunch. Let me tell you, its freaking cool to have happen. For those of you who are curious about “How does that happen?” and “What happens when it happens?” this blog post is for you!
Read the rest of this entry »
Want to know your Facebook user / customers best friend?
Posted by Andrew McGrath in Facebook, Startups, Things we use on October 1, 2011
Its a question that I think most people who own a business would say yes to. After all, who’s advice are you more likely to take than your best friends? You probably have similar interests, grew up in a similar geographical location, talk regularly, are part of the same age group and possibly even work together.
We have seen that Like, Recommend and Share buttons seem to…suck? A good like button will get something like 1% of your customers click it, maybe 10% if you’re doing something special. I don’t know about you, but I’m yet to see any money from people who have liked my pages. Wouldn’t it be better if you could say something like:
Hi <<Friend>> I think you should really buy a new phone from Samsung, I’m going to!
<<link to product>>
Cheers,
Andrew
We all spend a lot of money trying to target our customers in the right way, why not target their friends in the right way! They are probably pretty similar and very likely to buy the same products as each other.
To help with this we have created is our Beta Friends API. Its free while in Beta and you can use it with just 3 pieces of data that you probably already have! Read the rest of this entry »