DevOps

Warden: the self-healing framework for local actions

Warden: the self-healing framework for local actions

This article is the follow up to Selfheal at Webhosting – The External Part published on 2020-07-17.Part two below covers the local self-healing system. Introduction With over 15-000 servers dedicated to providing services for 6 million websites and web applications of all sorts, across multiple data-centers and geographical zones, a certain amount of software failures …

Warden: the self-healing framework for local actions Read More »

The Bastion - Part 3

The Bastion – Part 3 – Security at the core

In previous parts, we’ve covered the basic principles of the bastion. We then explained how delegation was at the core of the system. This time, we’ll dig into some governing principles of how The Bastion is written. In a nutshell, the main purpose of the bastion is to ensure security, auditability and reliability in all …

The Bastion – Part 3 – Security at the core Read More »

OVHcloud Predictor - Part 1

OVHcloud Predictor, part 1

In our previous article concerning the CVE-2017-9841 vulnerability, we presented our web application firewall (WAF) implemented with NAXSI. Usually, a WAF is run directly on the web server. At OVHcloud, we chose to run our web application firewall upstream, on a very powerful software layer that is specific to our web hosting infrastructures. These are …

OVHcloud Predictor, part 1 Read More »

The OVHcloud Bastion - Part 2

The OVHcloud SSH Bastion – Part 2: delegation dizziness

This is the second part of a blog series, here is part one. We’ve previously found that the bastion is not your usual SSH jumphost (in fact, we found it is not a jumphost at all) and we discussed how the delegation was one of the core features we’d originally needed. So, let’s dive into …

The OVHcloud SSH Bastion – Part 2: delegation dizziness Read More »

Selfheal at Webhosting – The external part

Selfheal at Webhosting – The external part

Introduction With almost 6000000 websites hosted on more than 15000 servers, the OVHcloud Webhosting SRE team manage lots of alerts during their working day. Our infrastructure is constantly growing, but to scale smoothly, the amount of time spent solving alerts should not increase proportionally. We need, therefore, some tools to help us.  In our team, we …

Selfheal at Webhosting – The external part Read More »

Pimp my Makefile

To avoid repeating yourself, it is good practice to put all tasks that you might run twice somewhere in your project. A Makefile is the perfect place and is also an executable documentation: instead of documenting the build process, you should write it in a build target. Make is almost everywhere – either installed, or …

Pimp my Makefile Read More »

Another day in ProxySQL life: sharing is caring

This post is another part of our list of short posts pinpointing specific cases OVHcloud has dealt with, both preparing for and during the migration. Here, we tell a story of how sometimes, a little unexpected behaviour can lead to a bug fix in a software program used by millions of people around the world. …

Another day in ProxySQL life: sharing is caring Read More »