<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Configuration on Azarudeen.com</title><link>http://azarudeen.com/tags/configuration/</link><description>Recent content in Configuration on Azarudeen.com</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Tue, 01 Apr 2014 10:00:00 +0530</lastBuildDate><atom:link href="http://azarudeen.com/tags/configuration/index.xml" rel="self" type="application/rss+xml"/><item><title>Shared Fate: Heartbleed, Mass Reboots, and the Limits of Cloud Trust</title><link>http://azarudeen.com/posts/02-apr-2014-to-jun-2015-shared-fate-in-the-cloud/</link><pubDate>Tue, 01 Apr 2014 10:00:00 +0530</pubDate><guid>http://azarudeen.com/posts/02-apr-2014-to-jun-2015-shared-fate-in-the-cloud/</guid><description>&lt;h1 id="shared-fate-in-the-cloud-apr-2014--jun-2015"&gt;Shared Fate in the Cloud (Apr 2014 – Jun 2015)&lt;/h1&gt;
&lt;p&gt;This window is when the industry learned that moving to the cloud means sharing
your provider&amp;rsquo;s fate — their hypervisor patches, their config rollouts, and
their operators&amp;rsquo; keystrokes. It&amp;rsquo;s also when security incidents started being
written up with the same discipline as availability incidents.&lt;/p&gt;
&lt;h2 id="the-incidents-that-defined-the-period"&gt;The incidents that defined the period&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Heartbleed, April 2014&lt;/strong&gt; — The OpenSSL bug that forced mass certificate
rotation across the internet. Its real operational lesson: almost nobody had
an inventory of where TLS terminated, so &amp;ldquo;patch and rotate&amp;rdquo; took weeks.
Shellshock (September 2014) repeated the drill for bash.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Joyent, May 2014&lt;/strong&gt; — An operator running a routine update &lt;strong&gt;rebooted an
entire data center&amp;rsquo;s worth of customer systems&lt;/strong&gt; with one command. Joyent&amp;rsquo;s
postmortem was admirably direct: the problem wasn&amp;rsquo;t the operator, it was that
the tooling &lt;em&gt;allowed&lt;/em&gt; a datacenter-wide target with no confirmation. A textbook
blameless writeup.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;AWS Xen reboot, September 2014&lt;/strong&gt; — AWS rebooted a large fraction of EC2
instances to patch a Xen vulnerability before disclosure. Customers who had
followed the &amp;ldquo;design for instance failure&amp;rdquo; gospel (Netflix, famously) sailed
through; those who hadn&amp;rsquo;t discovered pet servers the hard way.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Microsoft Azure Storage, November 2014&lt;/strong&gt; — A performance fix was rolled out
&lt;strong&gt;globally, skipping the staged &amp;ldquo;flighting&amp;rdquo; process&lt;/strong&gt;, and an infinite loop in
the blob frontends took down storage across regions. Microsoft&amp;rsquo;s postmortem
admitted the human deviation from their own rollout policy — one of the most
cited config-change postmortems ever.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;NYSE, United Airlines, and the WSJ — July 8, 2015&lt;/strong&gt; — Three unrelated
same-day outages that the public assumed were connected. A lesson in how
reliability failures become news cycles.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2 id="what-the-postmortems-reveal"&gt;What the postmortems reveal&lt;/h2&gt;
&lt;p&gt;&lt;strong&gt;1. Configuration change became the leading villain.&lt;/strong&gt; The Azure writeup
crystallized a pattern that dominates postmortems to this day: the code was
fine; the &lt;em&gt;rollout&lt;/em&gt; of a config flag was the failure. &amp;ldquo;All deploys are staged,
no exceptions, including configuration&amp;rdquo; started appearing in action items.&lt;/p&gt;</description></item></channel></rss>