Category Archives: DevOps

Writing a Neo4j Puppet module for fun and profit

I haven’t had a chance to do any code in public recently.  Skewer and XFD have had to take a back seat to the day job, where I’ve been working on our Heroku Add-on.  We recognised that a PaaS won’t work for everyone, so I was asked to take a look at deploying Neo4j on EC2.

The original plan was to make an AMI that people evaluating Neo4j could instantiate on EC2.  I didn’t want to create a machine by hand and then build an image from that machine: it seems more repeatable to have a process where you bootstrap the OS using VeeWee and then use Puppet or Chef to finish the job.  In the end I decided to start with Puppet and Ubuntu and see how far I got.

I started by fixing our Neo Technology Debian repository so we could get signed packages.  That had benefits on its own – our release process is simpler now.  Then I wrote a Puppet module to install the packages on Ubuntu and apply some configuration changes on top to make it usable (for example, Neo4j doesn’t listen on all interfaces by default).  The README suggests that you download and run a wrapper script that will fetch the module, the dependencies, and then run them.  It’s looking decent.

We strongly suggest that people use the Oracle JDK, so I had to come up with a way to get that installed, without distributing the JDK myself.  Also, I felt it was important that the user signal their acceptance of the terms and conditions of the Java end user license, so I found a way to do that.  Also, doing anything on the cloud without authentication is foolish, so made it possible for the user to pass a username and password to use at runtime.  It’s looking useful.

Then I put myself in the position of someone who wants to install Neo4j, but isn’t familiar with the territory of EC2 and Ubuntu servers.  It wasn’t enough.  So I wrapped the entire thing in CloudFormation to create the AWS resources that the user needs, bootstrap the Puppet module, and pass down the parameters.  Now we’re getting somewhere.

The finished product is at  Feedback welcome.  I’m not sure I need to bother with an AMI.

I’m thinking about:

  • Making it compliant with Puppet Forge
  • Supporting other Linux distributions
  • Making it easier to get SSL going (though there’s no getting around the fact that the end user will need a cert, I guess)
  • Supporting multiple regions on AWS


How to interview a DevOps person

First: reflect on the fact that DevOps is a cultural shift about collaboration. Do you want to hire a DevOps person, or encourage people to collaborate?

Second: make them write fizzbuzz. In front of you. In any language they care to use. Can they make it work? Can they discuss how they might have done it differently?

Third: ask them to write some Puppet, Chef, or Cfengine code, to solve a specific and contrived problem. Don’t make them solve a real-world problem yet, as you want them to demonstrate their skills in infrastructure-as-code. Discuss their solution as above.

If you’re happy at this point, you can continue a normal hiring process.

Skewer – a tool for provisioning cloud nodes with Puppet

Puppet is amazing.  It changed my career (thanks to Luke , and before him Mark).  However, I have some itches.  I have attempted to write about these before, but haven’t felt like pushing the ‘publish’ button.

I’ve been running Puppet in a atypical way for some time now.

  • No Puppet Master
  • No distribution packaging
  • No commit until I know something works
  • Only test from the outside

The only thing I feel I need to expand on is the last: testing.  Obviously if you write Ruby code, you should rspec the hell out of it.  But should you test Puppet code?  It’s mostly a declarative language.  If you’re properly declaring the outcomes that you want, then it can be easy.  If too much logic creeps in, you’re doing it wrong or you should write a function or type – and you should rspec the hell out of that.  This approach has served me for years with decalarative build tools*.

I have no desire to go verify that Puppet does what I tell it.  But I do care about the outcome.  Also, I need to know that it runs on the target platform, as I use a MacBook.

So I wrote Skewer.   Skewer’s only job is to:

  • Provision cloud machines (or connect to existing ones)
  • Bootstrap Puppet (via shell scripts and rubygems)
  • Run Puppet
  • Optionally run Cucumber features at the end

That scratches my itch.  Skewer probably won’t scratch your itch if you run lots of nodes.  It works on Ubuntu, though adding support for other operating systems wouldn’t be too hard.  You may also like the Puppet Cloud Provisioner.

Skewer evolved from a Rakefile that I used to test my puppet code.  I set out to rewrite it over the Christmas period, and got the last feature passing on Friday.  Like my other open source project, I learned a lot while doing it.    Skewer has some wrinkles, but I use it in my day job, and I’ve managed to keep that so far.

* Okay, I actually do a little bit more.  I use Rake to run puppet parser validate on every .pp file in my project, and I use puppet-lint to catch howlers.

Tagged ,


Tools and titles are not a substitute for understanding and collaboration, sadly.

Silos, silos, everywhere

Now these types of efforts [ … ] are traditionally located in the marketing department. But in high tech, marketing is too ignorant to drive the bus. What appears to the generalist to be a a simple change may in fact cut across some fundamental technology boundary in a radically in-appropriate way. Or conversely, what looks impossible to achieve may in fact be a by-product of a minor adjustment. In either case, engineering must be a direct partner in the effort, or it is is wasted.

Crossing the Chasm, Geoffrey A. Moore

(Thanks to @jtf for the recommendation)

In the brain of Patrick Debois: London, January 27

Patrick Debois kicked off the first DevOpsDays conference (and in doing so, came up with the name). He’s coming over from Belgium in January to talk about DevOps at SkillsMatter. Patrick is a master at making entertaining presentations, and a nice guy to boot. I highly recommend registering for the talk now, regardless of your job title. There will be drinks in Clerkenwell after.