All posts by Christian Kauhaus

About Christian Kauhaus

Christian is a systems engineer working with Flying Circus Internet Operations. View all posts by Christian Kauhaus →

NixCon talk: Migrating a Hosting Infrastructure from Gentoo to NixOS

October 25, 2018EventstalkChristian Kauhaus

Christian Kauhaus gave a talk at NixCon 2018 about our experiences with migrating Gentoo-based customer VMs to NixOS. The slides are already online, a video recording will follow.

We have moved into our new office

September 3, 2018CompanyChristian Kauhaus

As previously announced, the Flying Circus has a new office address since September 1st. If you’d like to write us a letter or visit us, please be sure to use our new address:

Flying Circus Internet Operations GmbH
Leipziger Str. 70/71
06108 Halle (Saale)
Germany

It’s only a few blocks away from our old office. Why the move? We’re teaming up with other companies from Halle to form SaltLabs, a loosely coupled collective of IT-related companies under one roof. Details on this will follow, so stay tuned!

New default: Truncated IP addresses in nginx access logs

February 5, 2018Platformprivacy, sysadminChristian Kauhaus

Effective on 2018-03-01, we will be changing the platform default log format for managed nginx web servers. It will log only truncated IP addresses which makes it impossible to identify individual users. This change is motivated by recent developments in data protection regulations.

Continue reading New default: Truncated IP addresses in nginx access logs →

Improvements in customer support

February 5, 2018Company, Newsself-serviceChristian Kauhaus

On 2018-02-13 we will be changing our customer support tool. Although the Flying Circus has always been offering high-quality customer support, there is nothing that cannot be improved. 🙂

The contact address support@flyingcircus.io is not going to change.

Continue reading Improvements in customer support →

NixOS: The DOs and DON’Ts of nixpkgs overlays

November 7, 2017Platformnixos, technologyChristian Kauhaus

One presentation at NixCon 2017 that especially drew my attention was Nicolas Pierron‘s talk about Nixpkgs overlays (video, slides). I’d like to give a quick summary here for future reference. All the credits go to Nicolas, of course. Continue reading NixOS: The DOs and DON’Ts of nixpkgs overlays →

Announcing fc-userscan

October 4, 2017Platformnixos, technologyChristian Kauhaus

NixOS manages dependencies in a very strict way—sometimes too strict? Here at Flying Circus, many users prefer to compile custom applications in home directories. They link them against libraries they have installed before by nix-env. This works well… until something is updated! On the next change anywhere down the dependency chain, libraries get new hashes in the Nix store, the garbage collector removes old versions, and user applications break until recompiled.

In this blog post, I would like to introduce fc-userscan. This little tool scans (home) directories recursively for Nix store references and registers them as per-user roots with the garbage collector. This way, dependencies will be protected even if they cease to be referenced from “official” Nix roots like the current-system profile or a user’s local Nix profile. After registering formerly unmanaged references with fc-userscan, one can fearlessly run updates and garbage collection.

Continue reading Announcing fc-userscan →

How to renew Puppet CA and server certificates in place

September 1, 2017PlatformPuppet, technologyChristian Kauhaus

It used to run fine for years… but now the (deprecated) Puppet infrastructure at the Flying Circus is showing signs of aging. It’s not about server hardware or something like this (fully virtualized anyway) – it’s about SSL certificates of Puppet’s own SSL infrastructure. Time for a face lift.

In the following, I will describe what we did to renew both CA and Puppet server certificates. Despite that this problem should occur on every Puppet server running for a prolonged amount of time, I found remarkably few resources on the net (that did not involve completely replacing the CA) – so I’m going to share our findings.

Continue reading How to renew Puppet CA and server certificates in place →

Dirty Cow: Restarting all VMs

November 15, 2016PlatformsecurityChristian Kauhaus

All VMs are currently affected by the “Dirty Cow” kernel bug. The upcoming release 2016_034 contains a kernel update which upgrades Linux to the unaffected version 4.4.28. As usual, the kernel update requires to reboot all VMs.

Schedule:

Tue 15 through Thu 17 November 2016: reboot staging VMs
Thu 17 through Thu 24 November 2016: reboot productive VMs.

VM reboots will be scheduled along the agreed maintenance windows. We will piggy-back a Qemu binary environment update which would require a separate reboot otherwise.

Sneak Preview: Upcoming FC Platform and Infrastructure Features

July 4, 2016PlatformChristian Kauhaus

We are planning to implement some cool stuff for the Flying Circus hosting platform and its underlying infrastructure during the second half of this year. In this post, I will give a preview to technical improvements you can happily look forward to.

All of these improvements are included in the platform subscription (this is what the platform subscription is actually for!) so you don’t have to pay extra for any of them.

Continue reading Sneak Preview: Upcoming FC Platform and Infrastructure Features →

Thoughts on systems management methods

May 6, 2016Platformnixos, sysadminChristian Kauhaus

Reading Why Order Matters: Turing Equivalence in Automated Systems Administration (by Steve Traugott and Lance Brown) 15 years ago has been a career-changing moment for me. In this blog post, I will explore the meaning of some of the points made in this article for today’s data center infrastructures. I will also give a bit of background on what motivated our recent move to NixOS.

Continue reading Thoughts on systems management methods →