As found on Cloud burst… causing a flood of snippets by my colleague, this post details how to set up AWS SSM to replace your bastion host in AWS with authentication tied to your AWS account. Looks impressive, and means you can have an entirely SSH-ingress-free environment! Win!
I read an article like this a few months ago, and it really resonated with me. Sometimes I forget to ask, but on the whole, this is a good thing to do – everyone hates the “where do I rate against you” question, and these are great questions to break the ice which don’t involve that question!
This is a particularly extensive and well written article. If you’re thinking of running your own email service, this is the comprehensive guide to it for OpenSMTPD and Dovecot. Great work!
One to read: “My favourite Git commit | fatbusinessman.com”
Oh wow. If ever you were looking for a reason to write expressive Git commits – this is the one to go for! Found via Jamie Tanner’s blog at https://www.jvt.me and well worth a 2 minute read!
One to read: “Prometheus: Embracing the Exporter Life – YetiOps”
I’ve been looking at mapping out my network for a while, to try to understand where latency and instability was coming from. This post encourages me to take another look at the issue from, perhaps, another angle. Thanks for the info Stuart!
One to read: “More productive Git”
If you’re often doing “git” things, and you’ve mastered the
git add README.md ; git commit -m 'Added readme' ; git push origin cycle, then these steps might help you.
One to read: “Testing Ansible roles with Molecule”
This is a good brief summary of Molecule – the default testing product for Ansible (it’s now a product that the Ansible project maintains). This post also makes reference to TestInfra which is another project I need to look in to.
TestInfra really is the more interesting piece (although Molecule is interesting too), because it’s how you check exactly what is on a host. Here’s an example snippet of code (from the front page of that site’s documentation):
def test_passwd_file(host): passwd = host.file("/etc/passwd") assert passwd.contains("root") assert passwd.user == "root" assert passwd.group == "root" assert passwd.mode == 0o644 def test_nginx_is_installed(host): nginx = host.package("nginx") assert nginx.is_installed assert nginx.version.startswith("1.2") def test_nginx_running_and_enabled(host): nginx = host.service("nginx") assert nginx.is_running assert nginx.is_enabled
See how easily this clearly defines what your server should look like – it’s got a file called /etc/passwd owned by root with specific permissions, and that the file contains the word root in it, likewise there is a package called nginx installed at version 1.2 and also it’s running and enabled… all good stuff, particularly from an infrastructure-as-code perspective. Now, I just need to go away and test this stuff with more diverse backgrounds than just a stock Ubuntu machine :)
One to read: “Using Ansible for system updates”
Thinking of using Ansible to perform your system updates for you? Well, why not take a look at this. I’ve been using a fabric script to do stuff like this for projects I’m involved in, but this looks a lot more sensible than what I was doing. Thanks Redpill Linpro!
As a result of this post, I’ve now updated that playbook (using more current modules) to a slightly cleaner version without load balancer updates! That playbook is on my Github Repository.