On Thursday, 15 May, one of our VM hosts named “vm3” did not return back to operation after a standard maintenance procedure, resulting in an outage of more than 14 hours. While we were able to restore all affected DrupalCONCEPT POWER servers, we only had backups available that were more than 24 hours old. And in the case of a custom-built managed server, we even lost most of its files completely.
We regard reliability and effective IT processes as essential for our business. An outage of this duration and with these results is not acceptable. We are embarassed and deeply sorry about this incident and I apologize on behalf of freistil IT to all customers that we disappointed.
In this review, I’d like to give you detailed insight into what’s happened and what we’re going to do to prevent incidents like this in the future.
On Monday, 12 May, the VM host vm3 signaled one of two disks of its RAID–1 array as failed. It kept running on the second disk without any problems. We scheduled a maintenance window to have the failed disk replaced for Thursday, 15 May at 19:00 UTC, and announced the scheduled maintenance on the freistilbox Status Page.
Data center staff shut down the server at 18:55 UTC (a few minutes early) and replaced the broken disk. After restarting the server, we found that the server would not boot into a working system again. It turned out that there was no bootable operating system available on the remaining disk any more, which suggested that this disk had failed, too. When we realised that there was nothing we could do about the second failed disk, we decided to go the only viable, albeit laborious, way of rebuilding the server from scratch. After getting the second disk replaced, we started reinstalling the server OS, then the host environment and finally, the guest servers.
When we started the restore process, we realised that already the first phase, building a directory tree of the data to restore, would take several hours. We hoped that it would finish over night, but after 7 hours on Friday morning, the backup database was still working on collecting data for the restore directory tree. Fortunately, we found out by experimenting that by aborting the slow query on the database server, we could force the backup system to fall back to doing a full restore of all files in the backup set.
After the restore jobs were finished on all affected servers, we started reimporting the database dumps that were included in the backups. That’s when we found that we had timed the creation of these dumps badly: The job for doing daily database dumps actually ran later than the file backup that was supposed to pick them up. Restoring data from the Wednesday night backup meant that we had lost almost a whole day of data but the backup then only contained database backups from Tuesday night.
And as if this wasn’t bad enough news for our customers already, it turned out that one of the affected servers didn’t have any of its websites backed up at all. The respective server is a custom-built managed server. While with DrupalCONCEPT and freistilbox servers, everything (including the backup) is configured automatically, this server would have needed a manual backup configuration and we obviously had forgotten this part during setup.
Some customers had newer backups available that we were able to copy back to their server but in the end, most of them still suffered a catastrophic loss of data.
On Friday at about 11:30 UTC, all servers were online again. We then spent the rest of the day with assisting our affected customers to solve some minor remaining issues.
What we are going to do about it
In a post mortem meeting on Monday, 19 May, we discussed the incident and decided on remediation measures to prevent it from repeating.
The root cause of the incident, the loss of both disks of a RAID–1 array, is a rare event but we need to be prepared for it to occur. We especially need to minimise the amount of data lost due to such a failure.
While the affected customers had consciously chosen a one-server setup that has many single points of failure (SPOF), neither they nor we had expected that an outage would take this long and would result in such catastrophic data loss. We need to make sure that all our backups have complete coverage and that they can be restored within a reasonable amount of time (a few hours max).
As a result of our post mortem, we decided on the following remedial measures:
- We checked to make sure that all customer data, especially on custom-built servers, will be fully backed up from now on.
- We rescheduled our file backup in order to include the latest database dumps.
- Planned maintenance must be done right after a backup run. We will either schedule it after the regular daily backup job or we’ll trigger an extra backup in advance of the maintenance.
- We’ll schedule regular disaster recovery exercises where we take production backups and restore them to a spare server.
- We’ll research how we can speed up the restore process. This could mean improvements to specific components or even switching to a different backup system altogether.
- If customers need shorter backup periods than 24 hours, we’ll support them in setting up custom backup jobs directly from their content management system.
In conclusion, I’d like to state that this incident showed an embarassing lack of preparation on our side for the failure of a whole disk array. I apologize to all affected customers that we were not able to restore normal operation more quickly and to the full extent. I assure you that we are working hard to prevent an incident like this from ever happening again.
26 May 2014
We’re very happy to welcome Philipp Kaiser as our first full-time employee! As an experienced system administrator, Philipp will help us get our IT operations backlog shortened to a more human size, and to get new, innovative changes out of the door more quickly.
Did you know this is actually the second time I’ve hired Philipp? Back in 2004, as the new IT team lead “CRM, Billing and WEB.Cent” at WEB.DE, I got him to join my team as its second member. During his interview, he had impressed me by how he handled the stress at the place where he did his apprenticeship as a Qualified IT Specialist. I was responsible for a bunch of business-critical systems and thought “If he’s lived through this, he’ll be able to survive here, too.” He did much more than just survive and I enjoyed working with him during several years.
As sysadmin #1 at freistil IT, Philipp will be responsible for business-critical systems, too — business-critical not only for us but especially for our customers. And I’m 100% sure he’ll be doing a great job.
The day-to-day in our distributed team at freistil IT will be quite different from what he’s used to and we’re well aware that there’s a learning curve waiting for all of us. That’s exactly what makes running freistil IT so exciting for me. Learning is one of our core values, and every new employee will notice this quickly. From his time back at WEB.DE, Philipp is already used to the concept of the Ops Bootcamp which we’ve implemented at freistil IT: In this programme spanning several weeks, we’re going to introduce him to all important aspects of his job from Asana to zsh. At the same time, he’ll already be working on internal projects and support requests.
So, welcome, Philipp, and thanks for joining our team! Cheers — to a lot of fun!
05 May 2014
The Open Source Datacenter Conference has been an established DevOps conference even before the term was widely used. For 2014, the Netways team left Nürnberg as their traditional location behind and moved the event to Berlin.
I’m happy that they kept the “conference hotel” concept; nothing beats being able to walk from bed to breakfast to conference session under the same roof. For me, the Hotel MOA in Berlin-Moabit ticked all the boxes. My room was comfortable and spacious, the catering was excellent and there were more than enough seats in the conference rooms for all the attendees.
There is an essential aspect of tech conferences where OSDC 2014 unfortunately left a lot to be desired: reliable internet connectivity. The hotel WiFi clearly was not built to accomodate a crowd of techies who each brought 2 or more WiFi clients. Unfortunately, Netways had not prepared a dedicated network in advance so I had to fall back to my 3G hotspot when my WiFi connection broke down only a few minutes into the introductory talk.
As regular OSDC participants have come to expect, the talks were diverse, interesting and on a professional level. Here is a short excerpt of the session programme:
- Lennart Koopmann & Jordan Sissel: Intro to Log Management
- Mike Adolphs: How we run Support at GitHub
- Martin Gerhard Loschwitz: What’s next for Ceph?
- Thomas Schend: Introduction to the Synnefo open source cloud stack
- Michael Renner: Secure encryption in a wiretapped future
- Christopher Kunz: Software defined networking in an open-source compute cloud
- Andreas Schmidt: Testing server infrastructure with serverspec
Netways generously published their recordings from OSDC 2014 on Youtube, including my own talk, “Dynamic Infrastructure Orchestration”.
Making our configuration management more dynamic is one of our main concerns at freistil IT. Our infrastructure is growing steadily and we have to make sure that changes are executed in a quick and reliable manner. Conventional configuration management tools like our trusted Chef are limited in terms of change rollout speed because they are based on regular convergence runs. That’s why I took a closer look at serf and etcd. I’ve then summarised my findings in my OSDC talk:
After I watched the recording, I realised sadly that I missed the bar at least on the aspect of “professional presentation”. Judging from the many interested questions during and after the talk, I managed to convey everything I had intended to. But I had not rehearsed the talk enough and that showed clearly in far too many errs and uhms. I apologise to all attendees for not delivering the presentation quality that you can expect at such a conference. I’ll push myself harder in order to always arrive fully prepared when I’m invited as a speaker.
With the move to Berlin, the Open Source Datacenter Conference is on the way from a German IT event to an international DevOps conference. And I’ll be happy to return next year!
04 May 2014
Tomorrow morning, I’m going to jump on the train to the first DrupalCamp Frankfurt. I’m looking forward to meet my friends of the German Drupal community and also to get to know some new folks, so say hi!
If you’re interested in how to build a Drupal development environment with Vagrant and automation tools, come by my session that I’ll be doing on Sunday morning!
See you in Frankfurt!
11 Apr 2014
And just so, the first quarter of 2014 has passed. Wow, time flies when you’re busy. And busy we were!
Our conference schedule for this year is so packed that we need to distribute events within the team. In March, while I visited Szeged, Hungary, and enjoyed the community feeling at the Drupal Developer Days, Markus attended DevOpsCamp Nuremberg. DevOps is at the core of our business, so DevOps Days and DevOps Camps are ideal opportunities for us to exchange experiences with other IT specialists and also gain new inspiration.
Our managed hosting platform freistilbox keeps growing and now hosts 282 websites (Feb: 266, +6%). Our total uptime was 99.93% (Feb: 99,97%) and with 11.96 TB, our website traffic came up to about the same level as in the previous month (Feb: 12.5 TB).
We’re working hard every day to keep our promise, “Work efficiently, sleep peacefully.” And it’s feedback like this customer’s that always makes our day: “Pingdom reports 99.99% availability of our cluster for March. Thank you.”
In March, we achieved a great improvement in tech support quality. While ticket traffic resembled the one in February, our reaction times were substantially better.
We got 150 support requests (Feb: 149) and were able to resolve 126 tickets (Feb: 127), leaving a backlog of 48 (Feb: 35). Our average first reply time came in at 16h, a whopping 31% less than last month (Feb: 23h). You can see the cause in the time breakdown: We shifted a significant part of “tickets we didn’t answer within 24h” to the 8h bracket. This month, we tackled 42% of all tickets within an hour (Feb: 43%) and 31% within 8h (Feb: 23%); together, this makes 73% of all incoming requests. The number of tickets answered within 24h stayed the same (Feb, Mar: 15%), and only 12% took us longer than 24h (Feb: 20%).
With these results, it’s not surprising that our customer’s satisfaction feedback stayed at 100% “good”. These are some of the comments we got from solved support requests:
- “VERY fast and great support!”
- “CSI Varnish ^^”
- “Super fast response, thanks!”
- “A kind of magique”
Customer happiness is our primary goal and we’re glad that we’re well on target here.
Since we’re able put existing capacity to more efficient use, we only added 2 new hosts to our infrastructure (Feb: 282). From all these hosts, we’re collecting 108,880 distinct health and performance metrics (Feb: 107,706) — every 10 seconds.
The number of on-call notifications decreased further to 1122 (Feb: 1397, –20%). This number doesn’t mean that we experience an outage every 40 minutes on average. We’re quite happy that the biggest part of these alerts get automatically resolved within minutes because the issue (for example a high system load) was only short-lived. As soon as we get to fine-tune our alert thresholds, the number of notifications will go down significantly.
All in all, it’s been a great month and a successful first quarter. We’re looking forward to what’s coming next!
07 Apr 2014
Next week, I’m going to attend the Open Source Datacenter Conference (OSDC). Conviently for me, the event will take place in Berlin now after Netways, the company behind the conference, decided to move it there from its traditional location in Nuremberg.
The OSDC takes place on Wednesday and Thursday and is packed with sessions about the newest developments in Open Source technology. Some of my personal highlights:
- Jordan Sissel: “Find Happiness in your Logs”
- Andreas Schmidt: “Testing server infrastructure with serverspec”
- Martin Gerhard Loschwitz: “What’s next for Ceph?”
- Mike Adolphs: “How we run Support at GitHub”
On Thursday, I’ll give a talk myself, titled “Dynamic Infrastructure Orchestration”. My goal is to point out possible next steps after getting configuration management solutions like Puppet or Chef in place. I’ll cover two different approaches:
- using central key-value stores like etcd for service discovery and
- configuration, and
- decentralising system automation with tools like serf.
OSDC always is a fun event and I’m excited to meet old colleagues and talk to fellow IT professionals.
Hm. I wonder if the city has changed much since I last visited Berlin in 1987…
04 Apr 2014
Three findings on my flight home:
- Compared with Hungarian, German with its puny three umlauts can pack up and go home.
- Compared with Ireland, Hungary has much nicer weather.
- Compared with the pubs at home, in Hungary you can treat four or five times as many people to a beer for the same amount of money.
As you can see, Hungary has the advantage in many regards and I had a great time here at the Drupal Developer Days this past week.
When I arrived in Szeged on Wednesday evening, Drupal 8 coding sprints had already been running for a few days and they’d continue all week. During this time, up to 150 Drupal developers were working to make progress on code and documentation issues. There were 115 commits to Drupal core and after removing 19 blocker issues, we’re now 40% closer to Drupal 8 Beta. Our Git repository traffic was so high that it even triggered drupal.org’s DDoS defenses!
At the event location only, we consumed 5500 sandwiches, 1000 servings of coffee, 240l of beer, 300kg of sweet snacks and 120kg of bananas. The venue was a really good choice. It had all the space we needed, good catering and the WiFi worked well throughout the event. And having the Novotel (with its amazing value for money) right next door is unbeatable convenience.
From Thursday to Saturday, there were a lot of interesting presentations as well as a reprise of the “Caching Deep Dive” multi-hour workshop that had a lot of success at DrupalCon Prague. Almost every talk referenced the upcoming Drupal version. And although many things are still in flux, it feels to me like Drupal 8 is taking shape.
What drove engagement most was the great community spirit. Everyone was welcome, from the Drupal novice to the long-time core contributor. There were smiling faces all around and you could simply walk up to anyone to have a chat or ask a question. People got together spontaneously, be it to code or to go have dinner. These personal experiences are what I love most about the Drupal community. If you haven’t been to a DrupalCamp yet, go to DrupiCal now and see what’s happening near your place! Go on, I’ll wait here.
My personal highlight was the #AberdeenFreistilCloudBox party on Friday night which I had the pleasure to co-organize. I had contacted Aaron Porter before the event, suggesting we join forces and do something about the community’s lack of awareness of our European Drupal hosting companies that we both had perceived at DrupalCamp London a few weeks earlier. When I met Aaron on Thursday morning, he invited me to join him in scouting for a party venue for Friday night. We looked at two bars in the center of Szeged and decided on hosting (that’s what we’re good at, after all!) the party at the CoolTour Cafe. We were able to make a deal that secured our guests 100 free beers as well as free admission to the concert room where one of Hungary’s best-known Jazz singers was going to be on stage. And when on Friday afternoon the number of sign-ups for the party crossed the 100 mark, Aaron and I decided to throw in another 100 beer vouchers. The party was a success and fun was had by everyone. The title of “drink distributor extraordinaire” goes to Dave Hall who’s apparently related to a huge Dutch family since he returned every few minutes to grab a voucher for another member of the Needabeer clan.
In the end, I’d like to congratulate the organization team around Kristof van Tomme to a great Drupal community event! I’m thankful for a lot of good conversations, and happy that I overcame my initial reluctance to register and got to be a part of Drupal Developer Days Szeged 2014.
31 Mar 2014
2014 is the year of Drupal 8 and we’re getting our freistilbox hosting platform ready to host its first Drupal 8 websites. Of course, Drupal 8 will be the central topic of the Drupal Developer Days in Szeged from 24 to 30 March. We can’t miss such an important event, so Jochen will be following DrupalMarvin’s invitiation from DrupalCon Prague last year.
Jochen is going to be in Szeged from Wednesday the 26th to Sunday the 30th, so if you’re there, make sure to say Hi! He’ll be more than happy to get you a beer or coffee, and you can ask him whatever you’d like to know about freistilbox.
And don’t forget to pack your towel!
22 Mar 2014