Growing a High-Performance DevOps Culture

Culture is one of those things where we all know what it is but can’t explain it. Well, according to Wikipedia, culture is “the social behavior and norms found in human societies.” But in simple words, it’s all about people: how they interact, how they behave, how they talk, and what they practice. And culture is the foundation of a successful implementation of DevOps.

John Willis, an established speaker and writer on the subject of DevOps, coined the term CAMS (culture, automation, measurement, sharing) at a talk where he explained that DevOps culture is about breaking down silos. But what I find most striking about his discussion of culture, as summarized in the DevOps Dictionary, is the observation that “fostering a safe environment for innovation and productivity is a key challenge for leadership and directly opposes our tribal managerial instincts.” So the starting point for your DevOps journey is good leadership. After that, it’s just about how to grow your team to become a high-performing one.

A high-performing team in DevOps, according to recent research, is one that

  • Does deployments often, meaning several times a day.
  • Delivers a change with a fast lead time (minutes) after it’s been pushed to a shared repository.
  • Has a short (again, minutes) mean time to recover (MTTR).
  • Has a small change failure rate (described here).

So how do you grow a high-performance DevOps culture? You create a culture that will produce a team that delivers on time with confidence in a predictable manner. Here are the things that will help you get there.

High performance gauge with Scalyr colors

Read More

Java Exceptions and How to Log Them Securely

As a security consultant, I perform assessments across a wide variety of applications. Throughout the applications I’ve tested, I’ve found it’s common for them to suffer from some form of inadequate exception handling and logging. Logging and monitoring are often-overlooked areas, and due to increased threats against web applications, they’ve been added to the OWASP Top 10 as the new number ten issue, under the name “Insufficient Logging and Monitoring.”

So what’s the problem here? Well, let’s take a look.

Java Exceptions alert sign
Read More

Getting Started Quickly with Ruby Logging

Time for us to continue with our ongoing series, in which we teach you how to get started logging quickly in a variety of programming languages. We started out the series with C#, we proceeded to cover Java, and then we wrote about Python.

So, what about tipping the scale to the side of dynamically-typed interpreted languages? That’s exactly what we’re doing today by teaching you how to get up and running with logging, using the Ruby programming language.

Today’s post will follow the basic structure that’s been used in the previous articles. It will cover

  • How to implement a very rudimentary logger.
  • A discussion on the fundamentals of logging: why bother logging, which data to log, and where to log.
  • Finally, a very simple yet realistic example of proper logging, with help from the Ruby “Logger” class.

Like the previous installments of the series, we’ll create a very simple toy app in order to demonstrate how to log. As we’ve just said, we’re going to start with a very primitive—though functional—approach, and we’ll then evolve it toward a more sophisticated and realistic solution.

Ruby With Scalyr Colors

Read More

But I’m a Dev, Not a DevOps!

My experience with DevOps began before I even knew there was a name for the approach, when my boss asked me for some help in operations. The company I worked for was small at that time, so I always had the opportunity to get my hands dirty in the release automation process. I knew a few things about servers and Linux, so I was up for the challenge. To my surprise, I loved it. I knew it wasn’t the classic way of doing operations by manually managing physical servers, firewalls, virtual machines, and the like. We were using a cloud vendor. This meant that to spin up a new server, it wasn’t necessary to know which buttons to click.

The cloud vendor had his own API and SDKs for several languages, so I never really felt like I stopped programming. Of course, that was just the tip of the iceberg because systems administration is not just about spinning up new servers, adding more storage or rebooting servers. I had to take care of the architecture and which cloud services were needed for the job. But I was sure I could apply some development skills to operations, and I did. I created some scripts that launched a new environment from scratch, made backups, and restored databases.

Then, I found out about DevOps and all its practices. And because my background was in development, I was able to work with developers and explaining in their language how they could be destroying our log files and why it was important.

So if you’re a developer new to this DevOps world, trust me. You’ll like this new way of working.

Developer with a tie considering DevOps


Read More

HTTP Monitor: What It Is and Why You Need It

One day, one of our main web APIs was down, and the first person that knew it was my boss. We were so worried about bringing the API up that we never paid attention to how he was able to be one step ahead of us. There were times when we even thought he had nothing else to do than constantly refresh the web page. But the truth is that he wasn’t doing that at all. He was using an HTTP monitor that emailed him every time the API was down, slow, or unresponsive.

It was actually lucky for us that he had that monitor: it helped everyone fix things before our clients could notice. But what is an HTTP monitor, anyway? And why else would you need it?


Illustration of Person Using HTTP Monitoring


Read More

Common Ways People Destroy Their Log Files

For this article, I’m going to set up a hypothetical scenario (but based on reality) that needs logging. We’re writing an application that automates part of a steel factory. In our application, we need to calculate the temperature to which the steel must be heated. This is the responsibility of the TemperatureCalculator class.

The class is fed a lot of parameters that come from external sensors (like current temperature of the furnace, weight of the steel, chemical composition of the steel, etc.). The sensors sometimes provide invalid values, forcing us to be creative. The engineers said that, in such a case, we should use the previous value. This isn’t something that crashes our application, but we do want to log such an event.

So the team has set up a simple logging system, and the following line is appended to the log file:

An invalid value was provided. Using previous value.

Let’s explore how this well-meant log message doesn’t actually help. In fact, combined with similar messages in our log file, the log file ends up being a giant, useless mess.


Trash Fire Depicting Way People Destroy Log Files


Read More

Get Started Quickly With Python Logging

Picking up from the previous logging articles on how to get started logging with C# and Java, today we’ll be looking at how to get up and running quickly with logging in Python.

Even if you’ve already read the previous articles, this post is worth a read. It will cover new ground, like the basics around application logging in Python and a few other things, such as

  • Configuring the logging module.
  • What to log and why.
  • The security implications of logging.

So what are you waiting for? Keep reading, and let’s get a simple project set up to begin working with.

Python Scalyr Colors with LogRead More

Sexy But Useless DevOps Trends

What’s sexy but useless? A Ferrari in a traffic jam. It’s beautiful, but all that power means nothing. When trapped in traffic, it can’t live up to its full potential.

Same with DevOps. While there are some critical DevOps functions that you absolutely need, there are some sexy but useless DevOps trends that are good to be aware of. Truth be told, there’s no recipe that will tell you how to succeed in DevOps. Everyone will have different opinions, and what worked for others might not work for you. But you can trust one thing: there are some actions that will guide you directly to frustration with DevOps.

With the amount of information out there about DevOps, you might get overwhelmed and think it’s not for you. You also might think the learning curve is too steep—that you need to change too many things before you get started. Maybe you’ll need a new team, new tools, more metrics, more time… you name it.

My advice is this: don’t get distracted by all things that people say about DevOps. These things I’m going to talk about here, for instance, are all style and no substance.


Like this Ferrari if it were stuck in a traffic jam, some DevOps trends are sexy but useless.

Read More

5 Critical DevOps Practices

DevOps is like pizza. We can’t think of pizza without considering critical ingredients: dough, sauce, cheese, and your preferred choice for vegetables and proteins. Everyone likes different toppings. In my case, I can’t think about pizza without extra cheese and meat. You might choose differently, but I think we can agree there are some ingredients that are critical for this food to be called pizza. Quality and ingredients will vary, but some things will always remain true.

Well, it’s the same with DevOps practices. There are some critical practices, and you can’t think about DevOps without considering them. Everyone will have preferred choices regarding the tools and the process, but the practice will remain and each practice complements the other.

Every critical DevOps practice takes time to get down, but the end result will be magnificent. So, let’s discuss what they are and how to implement them.

Pizza with Scalyr Colors

Read More

A Detailed Introduction to the Apache Access Log

What is the Apache access log?  Well, at the broadest level, it’s a source of information about who is accessing your website and how.

But as you might expect, a lot more goes into it than just that.  After all, people visiting your website aren’t like guests at your wedding, politely signing a registry to record their presence.  They’ll visit for a whole host of reasons, stay for seconds or hours, and do all sorts of interesting and improbable things.  And some of them will passively (or even actively) thwart information capture.

So, the Apache access log has a bit of nuance to it.  And it’s also a little…complicated at first glance.

But don’t worry — demystifying it is the purpose of this post.

Apache Access Log: the Why

I remember starting my first blog years and years ago.  I paid for hosting and then installed a (much younger) version of WordPress on it.

For a while, I blogged into the void with nobody really paying attention.  Then I started to get some comments: a trickle at first, and then a flood.  I was excited until I realized that they were all suspiciously vague and often non-sequiturs.  “Super pro info site you have here, oPPS, I HITTED THE CAPSLOCK KEY.”  And these comments tended to link back to what I’ll gently say weren’t the finest sites the internet had to offer.

Yep.  Comment spam.

Somewhere between manually deleting these comments and eventually installing a WordPress plugin to help, I started to wonder where these comments were all coming from.  They all seemed to magically appear in the middle of the night and they were spammy, but I was interested in patterns beyond that.

This is a perfect use case for the Apache access log.  You can use it to examine a detailed log of who has been to your website.  The information about visitors can include their IP address, their browser, the actual HTTP request itself, the response, and plenty more.

An apache feather, representing our look at the apache access log.Read More