Category Archives: Articles

Maidan: Feb 23

No links today. The only thoughts are with those on the Maindan who gave their lives to the future of Ukraine.

I am happy that we have managed to overthrow the criminal regime that had been built over recent years. With the evidence transpiring from the documents found at Mezhyhirya and firms affiliated with the clan, the scale of corruption and law abuse is plainly incomprehensible.

As with everything in our life, the lessons we should draw from the situation we’ve been through, are of the equal importance as the feat that has just been accomplished. The change is not over yet. If people stop now, it would bring the same profound disappointment and disenchantment as Yushchenko brought us after his election. There is no other way except sweeping lustration. Police, prosecutors, judges, and corrupt MPs are the first on the list.

Life is rough and often concealed by decoration. As the events unfolded over the past 3 months, I clearly remember thinking many times: “It can’t be worse, he will not dare to exacerbate situation further, it’s against his own good”. And every time I thought it, situation turned even worse, and every time he dared to take that step to aggravate events further.

This is a great lesson about moral values some people have, their desire to desperately cling to power, how dwarfish their thoughts are, and how midget their desires are. Clearly, there’s no quick solution to the problems we face, just look at the following map, the map of where the people died were from:

ac76f2dd81d344726bf8094c98b317e3

Does this need an explanation? We are divided, and refusing this is a delusion. Delusion is always a mistake, it’s a wilful ignorance. I bet most of people’s thoughts about Yanukovich were delusions. Like that he would stop, he would hold an election in 2015, etc. Believing in a black-and-white world is also a delusion, world has infinite shades of grey, and virtually no white and no black objects.

We have to aspire to better understanding and boarding horizons of our world-views. This is a foundation for solid civil society. We need to strive for (and learn, and teach) critical thinking. We need to learn to live with people who don’t share our beliefs without hatred. People will be manipulated again and again, and the only way to fight this is proper education.

The history tells us: “Revolutions are made by romantics, but their fruits are reaped by scoundrels”. Will this time be different? I really hope it will.

Glory to Ukraine.

Bundle execution time randomization in cfengine3

Read this article in Russian.

In our environment we use cfengine to manage servers across the organization. Having a fairly large infrastructure we have to give a lot of thought to such things as smoothing the load on cfengine hubs and other parts of the infrastructure.

This article presents some approaches to bundle execution time randomization. This might be useful when you have a bundle which is going to affect a lot of servers and you don’t want it to execute simultaneously across a whole lot, thus causing a pressure point and possible event storms.

The first approach which comes to mind is splayclass() function, which defines a class if the system clock lies within a scheduled time-interval that maps to a hash of the first argument – arbitrary string, usually set to fqdn. Different strings will hash to different time intervals, and thus one can map different tasks to time-intervals. The code utilizing this function looks like this:

This will execute report at a random moment every hour.

A nuisance with this function is that it’s somewhat limited, having only “hourly” and “daily” policies. With “hourly” policy, the class will be defined for a 5-minute interval every hour, and with “daily” policy then the class will be defined for one 5-minute interval every day. This might be either too frequent or too seldom for a specific case. This also might be a problem if you use an cfengine run interval different from a default one.

To address this nuisance we might employ dist keyword in classes’ definition which generates a probabilistic class distribution. For example:

In this example class “percent_of_runs_15”  will be defined in 15 out of (15+85=) 100 cases or in 15% of cf-agent runs. Considering that cf-agent runs with 5 minutes interval by default, that makes 15% out of (24*12 =) 288 runs per day, or 43 runs, or approximately twice per hour at a random moment. Tuning the sum and the initial number we might change the random frequency at which the class will get defined.

Dist might give us even more flexibility, for example when we need the bundle to execute at the random hour every 12 hours, but at that hour we’d like bundle to run every 5 minutes. This might be needed when bundle requires multiple runs to fix things (deleting stuff from a file is a good example). So for that matter we might combine dist keyword with persistent classes, like in:

This approach seems to be more flexible, but it also contains an issue – due to its nature, dist is probabilistic and that means it doesn’t guarantee that the percent of distribution will be exact. In fact, you should keep in mind that +/- error is a norm here and, for instance, running the 15%/85% example drew results from 13% to 18% for 15% class.

We can also apply the approach with persistent classes to splayclass() function in the following manner:

Which would allow us to execute a report (or bundle) every 5 mins throughout a random hour of the day.