Every now and then we do have to use windows. So let’s try to make it as Linux like as possible
Enabling WinRM As Ansible leverages WinRM for managing Windows servers, it’s guide below provides a lot of helpful guidance:
https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html
The TL;DR is to use the following snippet below to run a powershell script that will correctly enable WinRM for the system:
$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1" $file = "$env:temp\ConfigureRemotingForAnsible.ps1" (New-Object -TypeName System.
Tools to verify for development.
Testing Toolsets - Documentation RunMe.dev: Run code from README.md files Testing Toolsets - Kubernetes Kink - Run KinD clusters as a Pod on an existing Kubernetes cluster Testing Toolsets - Infra/Ops TerraTest and Terratest, even without Terraform ServerSpec: Perhaps start for TDD for entire stack.
Captures ad-hoc scripting and process needs. Also includes resources making these ad-hoc scripts more robust and part of an automation framework.
Shell Minimally Safe Bash Shell Script Template Bash Style Guidelines Bash - Using Loops - Nice example of several looping and conditional structures. Debugging Bash Like a Sire: A stacktrace like mechanism for Shell! Gum - Pretty Shellscript Addon Testing Shell Scripts/CLI leveraging Go’s Testing Framework Higher Level Python Shell-like Scripting In Go - Might be a nice bridge when a shell script gets complex enough that you want to use a more robust langauge, but maintain a lot of “shell-like” features Cheatsheet Passing variables to curl bash (Example from coder)
Protect your infrastructure - some overlap with secure, so this will focus more on protection from non-security related incidents (buggy code, infrastructure outages, etc)
Backups Restic Kubernetes k8up: Open source k8s backup, allows for custom commands via annotations or generic RWX volume backups Kasten K10: Commercial Kubernetes backup, but up to 10 nodes for free. Velero: Backup both k8s manifests and volumes. Audit Kube Bench - Scan K8S clsuter against CIS best practices.
On Sunday, Feb 12th, I received a suspcious message about a DHL delivery from hello@namecheap.com. Pretty odd, but I ignored. Later I received notification from NameCheap that there had been a compromise. As of 18:18UTC on 2/13 it’s still being investigated. Below are the emails headers of my message, which appears to be an authenticated message from Sendgrid. I would venture to guess that an API key was leaked. Certainly highlights the need to protect third-party access to such systems.
Planning for a DevOps Cycle
Architecture Platform Engineering: Home for Platform Engineers. Includes a comprehensive tech library of stacks/solutions. Backstage: Open source developer portal Krato: Potentially lighter-weight solution to Backstage, but also seems heavily tied into ArgoCD and Crossplane Keeping Code Simple Questions for a new technology Redhat Demo Central - Architectures for a wide range of cloud infrastructures and problems. Who Cares If It Scales - Avoiding pre-mature optimization.
Now that my day job involves more specific DevOps practices, I’ve grown my Sysadmin phylosophy to be more all-encompassing.
Beyond just automation of system configuration, modern practices requires more encompassing practices such as tight integration with developers, version control, test driven development, and continuous integration and delivery.
From ScaledAgileFramework
Collaboration and organization: A primary focus of Devops is around culture. Instead of an “us versus them” mentality between production and development teams, high integration of those roles is necessary.
All things monitoring related.
Cloud Native My preferred stack: Prometheus, Grafana, Loki
Node Exporter: Prometheus exporter for server/OS statistics Elk Stack for Log Monitoring: ELK tends to be a bit heavy, but keeping this around just in case Changd: Notify if WebUI changes. Performance related articles at https://www.brendangregg.com Internet Monitoring (globally) AWS CloudWatch Internet Weather Map Contrack talkes - one thousand and one flows - Interesting article on monitoring the maximum number of entries in the Linux Contrack table, used for statefile firewall setup Pingdom’s State of the Internet Down Detector Oracle Internet Intelligence The Outage Mailing List - Network admins chatting about global issues Internet Monitoring (locally) Open Speed Test: Browser based, no client login required.
The configuration step in the DevOps toolchain will be covered. Also including any core infrastructure links in this page.
Kubernetes/Container Kubernetes(k8s) is the best modern approach for deploying and maintaining code.
Infrastructure As Code CrossPlane: Infrastructure provider as k8s resources Is Crossplane the Infrastructure LLVM? Terraform: A very popular IaC platform tf-free: Provision free-tier resources across a variety of cloud providers. Infracost: Terraform Infrastructure Cost estimation, which can be baked into a CD pipeline for better review of what infrastructure costs will be.