CI/CD Tools: How to Choose Yours Wisely

Continous integration (CI) and continuous deployment (CD) tools allow teams to merge, build, test, and deploy code branches automatically. Implementing them along with conventions like “commit frequently” forces developers to test their code when it’s combined with other people’s work. Results include shorter development cycles and better visibility of code evolution among different teams.

Once you commit to using CI/CD in your software development cycle, you’re immediately faced with a galore of options: Travis, Jenkins, GitLab, CodeShip, TeamCity, and CircleCI, among others. Their names are catchy, but they hardly describe what the tools do. So here’s a roadmap for choosing the right tool for your needs.

CI/CD Tools: Choosing Wisely

Read More

Five To-Dos When Monitoring Your Kubernetes Environment

If you’re on the DevOps front line, Kubernetes is fast becoming an essential element of your production cloud environment. Since container orchestration is critical to deploying, scaling, and managing your containerized applications, monitoring Kubernetes needs to be a big part of your monitoring strategy.

Container environments don’t operate like traditional ones. So, if you are monitoring your applications and infrastructure, you need to be thoughtful about how you monitor your container environment in which they are running. Here are five best practices to inform your strategy:

  1. Centralize your logs and metrics. Orchestrating your containerized services and workloads through Kubernetes brings order to the chaos, but remember that your environment is still decentralized. You will give yourself a fighting chance if you centralize your logs and metrics.
  2. Account for ephemeral containers. The beauty of container orchestration is it’s easy to start, stop, kill, and clean up your containers in short order. However, monitoring them may not be so easy. You still need to debug problems and monitor cluster activity, even when services are coming and going. The trick is to grab the logs and metrics before they’re gone. If you don’t, your metrics will look more like the graph on the left than the one on the right.
    log files examples for transient containers
  3. Simplify, simplify, simplify. With all of the moving pieces in your container environment (services, APIs, containers, orchestration tool), you need to monitor without introducing unneeded complexity. Rather than bloating your container with various monitoring agents, each requiring updates on unique schedules, abstract your monitoring and management tools from what you’re monitoring and managing. This will also help your engineers focus on building and delivering software, not operating the delivery platform.
  4. Monitor each layer explicitly. You will need to collect logs and monitor for errors, failures, and performance issues at each layer – the pod, the container, and the controller manager – of your environment. For example, you’ll need to be able to troubleshoot pod issues, ensure the container is working, and collect runtime metrics in the controller manager.
  5. Ensure data consistency across layers. For fast, accurate debugging, you need to ensure data consistency across all the layers in your container environment. Things like accurate timestamps, consistent units of measurement (such as milliseconds vs. seconds), and collecting a common set of metrics and logs across applications and components will help you troubleshoot and debug quickly and accurately across all of your layers.

One best practice for accomplishing these to-dos in a simple, straightforward manner is to monitor the containers in your Kubernetes environment without touching your application containers. Do this by introducing a DaemonSet, or alternatively a sidecar, into your Kubernetes environment(s) that sits alongside your containerized services and includes your logging and metrics collection agent. Deploying in this method will ensure consistent data collection, minimize the changes required to your application containers, and most importantly, eliminate the possibility of selective blindness in your production environment.

A few ways to implement this include:

  • Introduce a DaemonSet with the Fluentd logging agent (this will give you logging but not metrics). If you already have an ELK cluster configured, this is probably the option for you. Learn more here.
  • Introduce a DaemonSet or sidecar with the Prometheus metrics agent (CoreOS has done an excellent job of integrating Prometheus and Kubernetes). Running Prometheus on your Kubernetes cluster will give you metrics instrumentation, querying, and alerting. Learn more here.
  • A variety of metrics and performance monitoring tools, including Heapster, DataDog, cAdvisor, New Relic, Weave/VMware, and several others also offer a DaemonSet or sidecar options for Kubernetes monitoring.
  • Scalyr, log management for the DevOps front line, has a preconfigured DaemonSet containing the open source Scalyr agent available for download and use. The Scalyr DaemonSet natively supports both Kubernetes logging and metrics. You can download the YAML file for deploying the containerized Scalyr agent from GitHub here. Note that you also can download the full open-source Scalyr agent from GitHub here.

 

Scalyr in the dark

Ying-yang symbol in black and whiteSometimes you want your dashboards to be dark.

And by dark, we mean dark backgrounds with light text and discernable colors. For many people who watch dashboards, looking for alerts and concerns, a darkened screen is more restful. And while research may have concluded that dark letters on a white background are easier to process, it also points out white backgrounds in a darkened environment may disrupt low light vision adjustments.

Scalyr dashboards are white, with dark text and colors in use to indicate the desired metrics. These dashboards are easy to read, understand, and clearly detail the tracked data.

Scalyr dashboard for Linux Processes with white background

However, it is reasonably easy to change this view by making use of the accessibility features in Chrome and Firefox. These reversed colors hack is not perfect as it impacts all of the sessions on the respective browser but quite suitable for a long-lived view or stable operations center.

Scalyr dashboard for Linux processes with black background

This hack is also not making use of the system-wide accessibility features, so only the browser is impacted. In short, the rest of your applications and background are viewable as usual, but the view of your browser has changed. Just be aware that other activity on your tabs may have rather wild results.

Chrome offers several accessibility extensions that allow some control over the look of a page presented in the browser. These extensions are available in the Chrome web store and are easily found via the Preferences (or Settings) page. The extension allows easy toggling of visual impact.

Firefox has built-in preferences that allow you to create the dark scheme. While it is easier than Chrome, requiring no extension installation, it does not provide an easy way to toggle off and on. It does have additional personalization features and does not change the data representation colors. (Note, an add-on exists that allowed toggling but is not supported in FireFox Quantum at this time.)

A similar capability exists on Safari, Windows Internet Explorer, and Edge but requires a CSS stylesheet insertion. I will cover those in a later blog.

The following directions are from my MacBook; however, the same workflow exists for all Firefox or Chrome browsers regardless of operating system. If you are having difficulty with your version, drop me a comment and I will try to help out.

Come to the Dashboard Dark Side. 

Step by step for Chrome:
  1. Open your Chrome browser.
  2. Click on the menu button.
  3. Choose the Settings or Preference menu item (alternatively, you could enter “chrome://settings” directly into the address bar).
  4. Scroll down the page and select Advanced.
  5. Scroll down to Accessibility and click on Add Accessibility Features. This click will open a new tab (or window).image cut of Chrome accessibility store
  6. In the Chrome store, find High Contrast.
  7. Click on Add to Chrome. This click will open a pop-up window. 
  8. Click Add Extension. High Contrast icon in Chrome browser bar
    A small icon will appear in Chrome in the upper right corner.
  9. Now the fun stuff. Click on the icon and Enable the extension. There are some cases where installing the extension automatically enables it. If so, just click the icon to bring up the selections.pop up window to control a11y settings
  10. Now that the extension is enabled click on Inverted Colors.
  11. To toggle back and forth, either make use of the keyboard accelerators or click the appropriate choice in the extension.
Step by step for Firefox:
  1. Open the Firefox browser
  2. Click the Menu button.
  3. Select Preferences or Settings (alternatively, you could enter “about:preferences” directly into the address bar).
  4. Scroll to Fonts & Colors (under Language and Appearance).Firefox Languages section of preferences
  5. Click on ColorsMenu of choices to change Firefox color selections
  6. In the Colors menu, change the associated colors.
    1. Text to White.
    2. Background to Black.
    3. Unvisited Links to Yellow (Optional).
    4. Visited Links to Light Blue (Optional).
      Please note that in Firefox, you can use what colors you would like. The above choices are offered as a starting point.
  7. In the Override the Colors box select Always.
  8. Click OK.

Reversing this choice requires entering preferences again and setting the Override the Colors choice to Never. As noted, the extension that offered a toggle button is not supported in Firefox Quantum.

So there you have it, a quick and dirty approach to getting your dashboards in the dark.

However, note that these changes will impact all tabs and windows of the browser, not just the dashboard views. For that reason, you may want to limit this use to a long-lived display or make use of the toggle capability of Chrome.

To learn more about accessibility in Chrome, check out Use Chrome with accessibility extensions – Google Chrome Help. For information about accessibility in Firefox, take a look at Accessibility features in Firefox. And to learn more about dashboards in Scalyr, check out how log analysis can lead you to needed actions.

If you try it out, tell me about your experiences in the comments.

 

The Build vs Buy Decision Tree

Chocolate or vanilla? Pancakes or waffles? Coke or Pepsi? We decide between similar choices every day. Some of us have preferences, and other times it’s just a feeling in the moment. A common decision in the IT world is the “build vs buy” decision. Sometimes this decision is not so cut and dry.

Can the decision to build or buy paralyze us with fear? Certainly. Do some have preferences? Definitely. However, all is not lost. There can be a logical system to decide whether to build or buy when it comes to software.

 

The Build vs Buy Decision Tree

 

Read More

DevOps Security Means Moving Fast, Securely

In this world of lightning-fast development cycles, MVPs, and DevOps, it may intuitively feel like security gets left behind. You might be thinking, “Aren’t the security guys the ones who want to stop everything and look at our code to tell us how broken it is right before we try to deliver it?” Many feel that DevOps security is a pipe dream.

Is it possible to be fast and secure? Lately, I’ve been drooling over a sports car—namely, the Alfa Romeo Giulia Quadrifoglio. Long name, fast car. It holds some impressive racing records and sports 505 horsepower but also is a Motor Trend Car of the Year and an IIHS Top Safety Pick. These awards are due to automatic braking technology, forward-collision warning, lane-keeping assistance, blind-spot monitoring, and rear cross-traffic alert. It is possible to be fast and safe.

The key to DevOps security is to move forward with development. Security teams need to understand why DevOps practices are so effective and learn to adopt them.

Man Running Fast with Scalyr Colors

Read More

Verbose Logging: Your Magnifying Glass for Bad Application Behavior

You probably don’t think of verbose logging as the stuff that hackathons and startups are made of.  Nor would most programmers consider it an especially advanced technique.  But it is important, and enough people ask about it that it’s worth covering.

Part of the reason that so many people inquire about the subject of verbose logging is that it’s kind of general in the same way that searching for “logging” is general.  So let’s start by at least getting more specific with a definition.

Chat bubbles with Scalyr colors

Read More

Java Exceptions and How to Log Them Securely

As a security consultant, I perform assessments across a wide variety of applications. Throughout the applications I’ve tested, I’ve found it’s common for them to suffer from some form of inadequate exception handling and logging. Logging and monitoring are often-overlooked areas, and due to increased threats against web applications, they’ve been added to the OWASP Top 10 as the new number ten issue, under the name “Insufficient Logging and Monitoring.”

So what’s the problem here? Well, let’s take a look.

Java Exceptions alert sign
Read More

Common Ways People Destroy Their Log Files

For this article, I’m going to set up a hypothetical scenario (but based on reality) that needs logging. We’re writing an application that automates part of a steel factory. In our application, we need to calculate the temperature to which the steel must be heated. This is the responsibility of the TemperatureCalculator class.

The class is fed a lot of parameters that come from external sensors (like current temperature of the furnace, weight of the steel, chemical composition of the steel, etc.). The sensors sometimes provide invalid values, forcing us to be creative. The engineers said that, in such a case, we should use the previous value. This isn’t something that crashes our application, but we do want to log such an event.

So the team has set up a simple logging system, and the following line is appended to the log file:

An invalid value was provided. Using previous value.

Let’s explore how this well-meant log message doesn’t actually help. In fact, combined with similar messages in our log file, the log file ends up being a giant, useless mess.

 

Trash Fire Depicting Way People Destroy Log Files

 

Read More

Real-World Applications of Increased Visibility

What can change in an organization when you increase visibility? A lot.

Previously I wrote about how providing visibility to key information is a core enabler of high-functioning, high-speed teams. When put into practice, information visibility increases can lead to transformative results. In this post I’ll use a mix of Scalyr customers and others I’ve worked with in my couple of decades here in Silicon Valley to show you concrete examples where companies have realized these benefits.

Common to all of these use cases is the elimination of “middlemen” and dramatically decreasing latency in the information retrieval process. Giving employees direct, rapid access to the information they need to make effective decisions facilitates decentralized decision-making and chips away at organizational silos. Enhancing knowledge worker productivity using this approach is not new. Harvard Business School analyzed the implications of decentralized decision-making, and GE conceptualized its path to eliminating silos more than 25 years ago. Unsurprisingly, in both cases the benefits far outweighed the costs.

Whether we’re talking about engineers or customer service specialists (and we’ll cover both) remember that Data != Information. Simply having access to data—even if it represents every event happening everywhere in your environment—isn’t enough. Care and effort must be taken to ensure that data is processed and organized to be immediately consumable by the intended audience.

As a general rule of thumb, figure that half of the work will be in gathering, storing, and calculating the raw data. The other half of the work is around the presentation and organization of information.

Engineering and SaaS Use Cases

These next examples walk through the benefits that result from giving engineers increased visibility into production environments. Similar impacts can be seen in Dev/Test environments, visibility into CI/CD pipelines, testing status, and related environments. In short, any situation with multiple teams and a potential “black box” is a candidate to reap the benefits of increased transparency.

Shortening the Product Defect Lifecycle

This is such a common—and important—use case for increased visibility that we wrote an entire post on it. Visibility is the first step in the process: Is the Customer Support team immediately alerted to issues? Can your CS and Dev teams get direct access to logs when troubleshooting? Do all of your teams have clear visibility into the same data? Answer no to any of those and your teams are wasting valuable time because they lack the visibility required to shorten the defect lifecycle.

Our customers report that their internal latency times around bug triage, inter-team escalations, and root cause analysis typically decrease by a factor of 5-10 when using Scalyr. Interestingly Scalyr customers have told us that this change matters less over time because increased visibility into log data doesn’t just shorten the product defect lifecycle—it actually decreases the number of product defects. They attribute this decrease to individual engineers’ very high engagement with the log data leading to them catching a correspondingly greater percentage of issues earlier in the development process.

Next Generation Deployment Techniques

Imagine if you will a traditional code deployment pipeline, one where the engineering team hands over a release to Ops, Ops deploys it during a specific window within which QA tests, and both Ops and Customer Support stand by post-deployment to verify the health of the running system. But if your goal is to deploy continuously, with multiple releases per week (or per day!) or partial releases via feature flags, blue/green deployments, or similar incremental deployment strategies, the traditional process quickly breaks down.

Why? In traditional environments, engineers monitor releases with prebuilt dashboards and tools (like daily email reports) but cannot access individual server logs or system/application performance metrics for the full stack. As companies move to a more integrated code release pipeline, developers need a more granular and up-to-date view of their code operating in production.

The continuous delivery model can only succeed if engineers have easy access to:

  • The current state of production systems
  • The detailed state of their code (dashboards aren’t enough)
  • All relevant log files (and when in doubt, let them see the data)

Logs as Primary Data

This next use case is slightly different since not only do employees need access to logs, but they need it fast enough to use in their typical decision-making workflow. Once you have that in place something magic happens… your logs become a primary information source, not one of last resort. The specific implications of this are pretty wide-ranging, but among Scalyr customers, the most common benefits are:

  • Better logging. Once developers know they can get to the logs for real debugging, they start putting more, and cleaner, logging events in their code.
  • Democratized access to logs. When engineers can freely explore how applications are running in production, more eyes are on the lookout for problems, engineers build code for “what is” vs. how things were described to them, and teams operate more asynchronously.
  • Better tools. Knowledge that the data you need is reliably in a central location allows enterprising teams to build specific tools to assist with team-specific issues. This is particularly powerful as over time teams build numerous small tools that would never make the official roadmaps but still provide tangible benefits.

The exact implications for you will depend on how your teams decide to make use of this new power. As the saying goes, “Garbage in, garbage out,” but clean and descriptive logs can transform a business,  as I’ll show in the next use cases.

From Engineering and SaaS to Customer Service

Visibility is not just a high-leverage tool for teams reporting to the CIO or VP of Engineering. Any team working to decentralize decision-making or increase organizational efficiency can benefit. The next two examples highlight how non-technical customer-facing teams made transformative changes by enabling employee visibility into operational metrics and data.

Improving Customer Support

Recently Return Path, a leading provider of outbound email services, granted all of their Tier 1 customer support employees direct access to the production application logs. This simple but dramatic shift reduced ticket turnaround times from three business days to about five minutes for customer issues like the following.

Previously, when a support rep received a ticket from a customer complaining that an email wasn’t delivered, the three-day investigation process went something like this:

  1. Work with the customer to verify common email client or other end-user issues weren’t to blame.
  2. Contact Ops to verify that no known issues for the application were to blame.
  3. Create a ticket for the Ops team to pull the relevant logs.
  4. Receive the logs and review the delivery status of the email(s) in question.
  5. Get back to the customer and if required, open a second ticket with Ops or Engineering for any application issues found.

Not the best experience for the customer…

Fast-forward to today and that the same ticket is handled much differently. While on the phone or chat with the customer, the support rep:

  1. Gets the customer’s message ID.
  2. Queries the application logs for the full status of that message (or any other potentially relevant messages) to identify the issue.
  3. Gives the customer an immediate answer and if required, creates a ticket for Ops or Engineering.

Not only is the customer experience dramatically improved, both the customer support and Ops teams can spend more time on actual work and less time passing around tickets.

Contact Center Employee Optimization

My last example veers off the standard software development and SaaS path to a very different type of organization: contact centers. For those of you not familiar with the space, contact centers consist of inbound customer support centers, inbound or outbound sales teams, and medium- to large-scale call centers. Contact centers have long had a multitude of metrics used to track their performance. These metrics are used for several key things, most importantly the contact center’s financial and employee performance.

A startup I once worked with called Merced Systems, stepped into the contact center space with a fairly simple proposition. If employees, frontline managers, and company executives had access to key metrics in a timely manner through a user interface that allowed them to understand the raw data, they could use that information to drive more efficient and successful customer engagements. In other words, they built a product that enabled employee visibility into contact center operational metrics and allowed their customers to operate more efficiently.

Customers realized these efficiency gains in several key areas:

  • Employees could self-optimize their actions to meet real-time goals.
  • Managers could evaluate employee performance based on actual vs. perceived performance.
  • Executives could analyze contact center performance along various dimensions.

Net result? Extremely happy customers like T-Mobile, Coca Cola, Echostar, and many others— and Merced Systems going from idea to $170m acquisition in less than 10 years. All from the simple idea that granting everyone visibility to key information leads to more efficient operations.

These examples give you some ideas on where, and how, you can apply increased visibility to your environment. If you have a story about how visibility into the right information transformed your environment, we’d love to hear it about it in the comments below!

Next time I’ll be talking about the nuts and bolts of enabling visibility in SaaS environments and where we’ve seen the biggest bang for the buck.

Visibility = Speed

Waiting … to … find … out … something … breaks … everything.

If you found yourself wanting to skip over that sentence, you’re not alone.

For engineers, and knowledge workers in general, milliseconds can mark the difference between a person’s willingness to wait for information and their need to take action. If they wait, they risk falling behind. If they act on incomplete information, they make suboptimal decisions.

As business trends—and the release cycles they drive—speed up and companies struggle to fill engineering roles, this tradeoff becomes even more important. If your teams are chronically understaffed by 10-20%, can you afford to have existing staff executing at anything less than 100% efficiency?

Rapid information flow is key to ensuring that employees have maximum visibility into the information they need, when they need it. In an ideal world teams use that visibility to move with speed AND accuracy—even Facebook realized that a maturing company can’t just move fast and break things. But given that the faster you move, the higher probability you have of breaking something, navigating the speed vs. accuracy conundrum becomes paramount. Giving employees a complete view of the environment and the results of their actions is the single biggest thing you can do to enable success. Put simply:

Maximum visibility depends on knowing four key things:

  1. What to do
  2. When to do it
  3. The starting state of the system
  4. What actually happened/is happening

Effective information flow for the first two are core tenets of the Agile movement. Done right, Agile makes it clear to both engineers and project managers what needs to be done, and when. Engineers no longer need to wait to learn (or guess at) what a product manager was intending, and product managers no longer have to guess how far along a project is, or if it can be built as desired. This visibility increase between product and engineering forms the basis of many of Agile’s advantages.

Numbers 3 and 4 might lack their own manifesto, but seasoned developers and ops engineers instinctively understand how critical they are. The methods and tools deployed to gain visibility into an environment fall broadly into five categories:

  • Application Performance Monitoring (APM)
  • Systems and Network Monitoring
  • Metrics Dashboards
  • Log Aggregation
  • Configuration Management

Collectively these categories represent a more than $15 billion-dollar market, and that’s not accounting for dominant open-source players in the space like Nagios, Grafana, ELK, and Ansible (among many, many others).

Why are so many resources aimed at solving this visibility issue?

The Benefits of Increased Visibility

Let’s use two fictitious organizations: Acme Corp and Nadir Corp, to explore how visibility impacts behavior and execution speed. In both companies any employee can access any piece of information—but the method and speed of access differ greatly.

Acme Corp has built a culture of radical transparency where every employee has immediate access to every piece of company information through a lightning-fast application accessible from anywhere in the world on any device. Employees have a top-level view of key information and can do ad-hoc data exploration, for near-perfect visibility into the operation of the system at all times.

At Nadir Corp, every request for information goes through a rigorous process, occasionally with hard-copy sign-offs, before being granted. Employees must find out where the data is stored, who to request it from, justify their request, and wait for approval. Once all of that work is complete they can finally try to answer their question using the data they received.

In practice, of course, no company is as open as Acme (for very good security reasons!) and very few are as convoluted as Nadir. But from this example it’s brutally apparent which company will be able to investigate, reach decisions, and execute faster.

Employees at Nadir either 1) won’t bother trying to get data unless they absolutely have to, or 2) will look for shortcuts that allow quicker access to a slice of the data. Both of these factors lead to a continuation of the speed vs. accuracy conundrum mentioned above. Employees at Nadir are forced to either wait for key information to act, or act with limited information.

Teams or individuals who take the first option get left behind, those that take the second option make more than their share of errors.

Every company has elements of Nadir Corp in them. Sometimes for good reasons (HR records), sometimes for no good reason (lack of priority/time), and sometimes for bad ones (silo building).

Companies that aspire to be more like Acme Corp and invest in finding and eliminating silos and legacy barriers to data will quickly realize the gains of increased visibility:

  • Increased visibility drives use of optimal data sources
  • Fast access to optimal data leads to more efficient work
  • More efficient work equals faster execution

In the age-old debate of good vs. fast vs. cheap, what should you do if you want good and fast but don’t have an unlimited budget? Invest in tools that allow employees to quickly get to key information, rapidly assess the results of their work, and continually refine their actions. Do that and those chronically overworked engineers and operations staff will be able to operate faster and with fewer errors. And isn’t that what we’re all building toward?

In my next posts, I’ll delve into the practical implications of increased visibility and common tools of the trade that promote visibility.