Baremetal or Cloud?

After doing some research and make it happen to production state, we were so glad and proud (yes of course at the first time). But, after running its platform since 2013 till now, we have many problem especially hardware and actually the cloud is not what we needs.

Since we choose Openstack as Cloud Platform, we must actively digging knowledge of the openstack from freenode. Why we didn’t read carefully the documentation? Yes, we have read them, but it’s not a problem solving. And since the Openstack’s backend still immature (we start using Openstack from Folsom -> Grizlly -> Havana) and there’s no way to upgrade them easyly and sometimes you will got data fail or outage.

To perform the upgrade you could try this approach:

Build an update cloud along side your new cloud
Get it configured
Make your old cloud read-only
Copy the state into your new cloud
Move to using your new cloud

This approach leads to too much downtime

PS: If you didn’t have a big ecosystem (hardware, network peripheral, etc), please dont build self-cloud based services :)

Who says cloud is zero downtime? Who? Yes it was said by the sales executive / account executive to reach their markets. But, did you mentioned from the engineers team ?

Before you completely read this article, please read carefully the different between cloud and virtualization. If you just only needs virtualization, try only virtualization ecosystem instead than cloud ecosystem :)

— 8< private story end here 8< —

Financial Views :

It’s more important views to make Engineer happy, wait.. What? Happy? Yes! Salary? No! It’s all about infrastructure needs. Build Cloud Ecosystem needs more than couple servers to serving their dependencies, such as object storage, computing, networking, database, etc.

The different from Cloud & Dedicated Hardware are moving away from a traditional CAPEX model (buy the dedicated hardware and depreciate it over a period of time) to the OPEX model (use a shared cloud infrastructure and pay as one uses it). But most company, are still using cloud to maintain long term uses. For the example, Company A, using cloud to keep their mature assets (websites & traffic) running and profitable. But they forget, their assets should be up ’till unspecified time :)

This is simple calculator from Amazon to calculate based on our needs. 1 yr AWS Contract and on-demand billing (no billing contract).

AWS Specification :

Virtual Core: 8 Core
Memory: 30GBytes
EBS-Volumed (Provisioned): 100GB @ 1000 IOPS

1Yr Contract from AWS SIN : $1,961 (one-time fee) + $302.78 (1st month), next-monthly payment $302.78

On-Demand Billing from AWS SIN : $695.13 (no billing contract)

Baremetal Specification :

Dedicated Processor Xeon E5-2620 v2 6 core 6 threads (12 core on system)
Memory: 32GBytes
Harddrive: 4 x 1 TB (RAID 10) w/ 500IOPS

3yr lifetime from hardware & warranty : $2500 ($833 yearly cost), ($70 monthly cost)

From simple calculation above, on 1 yr contract we can have a brand new & same specification physical server on 2nd month, and on-demand contract, we can have a brand new & same specification physical server on 4th month. Still want continuing OPEX to AWS ? :D

Engineer Views :

The engineers team should be ready to adapt all new technology but it must be balanced with the infrastructure. Most of IT Engineers Industry on Indonesia didn’t care about the minimal requirements / minimal ecosystem to build them. And, most of them thinks that cloud is only Virtual Computing! Try to ask your co-workers about cloud :)

Actually, cloud is sucks! Really! Start from the simple one, coming from Amazon AWS, we are unable to setup high performance MySQL Server using EC2 + EBS. Default config? Yes it’s running well. Have you try to add hugepages to your kernel parameter? See this


Virtual Core: 8 Core
Memory: 30GBytes
EBS-Volumed (Provisioned): 100GB @ 1000 IOPS


  • No need infrastructure preparation & dependencies
  • There is no big fees at first time (on-demand billing only)


  • Shared infrastructure (can’t gain max performance) & sometimes performance degradation
  • Not good for long term (financial)
  • Limitaion feature by it’s hypervisor (cloud-host)

Baremetal :

Dedicated Processor Xeon E5-2620 v2 6 core 6 threads (12 core on system)
Memory: 32GBytes
Harddrive: 4 x 1 TB (RAID 10) w/ 500IOPS


  • Gain Max Performance as we needs
  • Long-term hardware support (mostly hardware can survive until 3yr later)


  • Need big fees at first times to buy dedicated hardware (CAPEX)

User Views

Since cloud computing goes mainstream and they never know about it, how to use it, and how to make the right choice, common user always choose cloud than baremetal. Isn’t it? How about you?

vsFTPd with SELinux Enforcing

Kali ini saya coba untuk nulis catetan pribadi supaya si vsftpd ini bisa membaca dan menulis menggunakan SELinux Enabled dengan lancar dan sesuai dengan privileges yang berlaku.

Policy :

  • Only registered user can access (read/write) FTP File Server
  • Anonymous user will be denied by default
  • PASV Mode Enabled

Awal hal yang harus kita lakukan adalah melakukan labeling context sesuai dengan kebutuhan, di sini saya menggunakan label public_content_t

$ semanage fcontext -a -t public_content_t "/ftp/homedir(/.*)?"
$ restorecon -v -R -F /ftp/homedir
$ ls -lZ /ftp/
drwxr-xr-x. user group system_u:object_r:public_content_t:s0 homedir

Oke, kita sudah melakukan labeling pada directory tersebut. Kemudian, sekarang kita set supaya directory tersebut bisa membaca dan menulis dengan sempurna di dalam SELinux system. Sesuai dengan policy di atas, silakan jalankan perintah berikut ini:

$ setsebool -P allow_ftpd_full_access 1
$ setsebool -P ftp_home_dir 1
$ setsebool -P ftpd_use_passive_mode 1

Untuk melihat listing options nya, bisa menggunakan semanage boolean -l | grep ftp

Setelah konfigurasi tersebut diatas selesai dilakukan, sekarang restart vsftpd nya.

$ service vsftpd restart

Dan sekarang silakan test kembali untuk login :)