Über Franz Pletz

Being a purely functional and lazy hacker at heart, Franz keeps our infrastructure running with style and advises our customers and development teams regarding automation, deployment, configuration management and security with his rich Unix and Open Source experience.

Hardening Compiler Flags for NixOS

In the past year some Mayflower colleagues have started using and contributing to NixOS, a purely functional GNU/Linux distribution that combines package and configuration management. We decided that we would give it a try in production but stumbled upon some issues that had to be resolved first. We have added new packages, services and fixed up some internal. Due to this work two colleagues have even gained commit access in the process. Weiterlesen

Secure Password Authentication

If you’re running a web service where your users have to authenticate, one of your options will probably be the classic password authentication. The user provides a term that uniquely identifies it, probably a user name or an email address, and a secret only known by the two involved parties, your service and the user. By presenting the correct secret both parties agreed upon when the user account was created, the user can prove his identity to the web service. Weiterlesen

The Puppet Anchor Pattern in Practice

Recently, my team rewrote all Puppet manifests for Mayflower’s core infrastructure with our two year long Puppet experience in mind. Many mistakes were made in the past, but this time we decided to write clean and structured Puppet code based on the latest language features from Puppet 3. More blog posts about advanced Puppet topics are going to be published in 2014.

The main theme of the rewrite was abstraction. Our goal was to use as many third-party modules as possible. Because many modules needed fixes, we contributed a lot of code back to the community. We adopted the Roles, Profiles, Components Design and use Hiera extensively to separate business logic, modules, manifests and data. Our manifests basically glue the modules together and embed them sensibly in our environment, seeded with data from Hiera.

The Problem

If you’ve written your fair share of Puppet manifests, you can imagine that such an architecture requires the definition and inclusion of lots of classes. Sadly, Puppet’s dependency system treats classes different than resources: If you include class foo in class bar, then class  foo and all its contained resources and dependencies won’t have any dependency relations with class bar. Weiterlesen