As found on Cloud burst… causing a flood of snippets by my colleague, this post details how to set up AWS SSM to replace your bastion host in AWS with authentication tied to your AWS account. Looks impressive, and means you can have an entirely SSH-ingress-free environment! Win!
I read an article like this a few months ago, and it really resonated with me. Sometimes I forget to ask, but on the whole, this is a good thing to do – everyone hates the “where do I rate against you” question, and these are great questions to break the ice which don’t involve that question!
This is a particularly extensive and well written article. If you’re thinking of running your own email service, this is the comprehensive guide to it for OpenSMTPD and Dovecot. Great work!
One to read: “My favourite Git commit | fatbusinessman.com”
Oh wow. If ever you were looking for a reason to write expressive Git commits – this is the one to go for! Found via Jamie Tanner’s blog at https://www.jvt.me and well worth a 2 minute read!
One to read: “Prometheus: Embracing the Exporter Life – YetiOps”
I’ve been looking at mapping out my network for a while, to try to understand where latency and instability was coming from. This post encourages me to take another look at the issue from, perhaps, another angle. Thanks for the info Stuart!
One to read: “More productive Git”
If you’re often doing “git” things, and you’ve mastered the
git add README.md ; git commit -m 'Added readme' ; git push origin cycle, then these steps might help you.
A few weeks ago, during a podcast binge, I came across this podcast (Salary Negotiations for DevOps with Josh Doody on the Real World DevOps Podcast). I noted at the time that it was really good content with great advice… and then forgot about it. (Oh, and it’s not just for DevOps people!)
Fast forward to today, when one of the Admin Admin Podcast Listeners (in our Telegram Channel) announces that he’s just gone for a new job, had been offered it, and was thinking of taking the job… but that they’d offered him a package lower than he was hoping to receive. My response “Say you wanted more, see if they can meet you halfway!” The main thing I took away from this podcast was that by the time you’re in the interview stage, the company you’re being interviewed by is *likely* to have already paid several thousand pounds/dollars/euros to have you sat in front of them, so if they want you, they’ll probably pay that bit more to not have to go through that process again!
Anyway, this is a great podcast for anyone who works for an employer, is thinking of asking for a pay rise or is looking for a new job, and it’s well worth a listen!
One to read: “Testing Ansible roles with Molecule”
This is a good brief summary of Molecule – the default testing product for Ansible (it’s now a product that the Ansible project maintains). This post also makes reference to TestInfra which is another project I need to look in to.
TestInfra really is the more interesting piece (although Molecule is interesting too), because it’s how you check exactly what is on a host. Here’s an example snippet of code (from the front page of that site’s documentation):
def test_passwd_file(host): passwd = host.file("/etc/passwd") assert passwd.contains("root") assert passwd.user == "root" assert passwd.group == "root" assert passwd.mode == 0o644 def test_nginx_is_installed(host): nginx = host.package("nginx") assert nginx.is_installed assert nginx.version.startswith("1.2") def test_nginx_running_and_enabled(host): nginx = host.service("nginx") assert nginx.is_running assert nginx.is_enabled
See how easily this clearly defines what your server should look like – it’s got a file called /etc/passwd owned by root with specific permissions, and that the file contains the word root in it, likewise there is a package called nginx installed at version 1.2 and also it’s running and enabled… all good stuff, particularly from an infrastructure-as-code perspective. Now, I just need to go away and test this stuff with more diverse backgrounds than just a stock Ubuntu machine :)