Skip to main content

From automation to immutable infrastructure

When you are starting your company, especially IT company, and its focus is on developing some software product, you probably do not put much thoughts and time into planning and building your network and server infrastructure. 

And why should you? It is not easy, it takes time, knowledge and experience and it is not important for your development. In a small team, where you can trust everybody and everybody knows everything about infrastructure, it is faster, cheaper and easier to just roll with it.

Falling down the rabbit hole 

Planning and building your infrastructure will take time and resources that can never pay off if your company will not be successful, so it is basically not a wise investment.

It is all fine until you hit certain point when your company kicks off and you need to employ more people. More people mean more security risks and harder information flow between them. So you decide to hire a system administrator.

And he will start to set up your infrastructure. But your infrastructure is in poor condition, there are lot of problems and every old and new employee has problems, that need to be solved. So there is not much time to do things right and system administrator is just patching one problem after another as quickly as he can.

To prevent stuff from getting worse, you and your system administrator or system administrators team needs to set up some standards to make the maintenance as easy as possible.

Climbing out

First approach is to create standards and just distribute them to everybody and hope that they will hold them up. Good luck.

Better approach is to use some automation. That means to make scripts that set up your infrastructure automatically. This eliminates human errors, makes everything standardized automatically and is easier to maintain and to change later.

But why should you write your own scripts? It is hard, it takes time and it is harder to maintain. Just use some automation tool. There is a lot of them. I use Ansible.

There is not a lot of dependencies, it just uses SSH, so you do not need to install client software. All you need is Python 2 installed.

Now, instead of writing a lot of bash and other scripts, you write (mostly) Ansible playbooks. They are simpler, easier to read and easier to maintain.

Next level

After you have automatized your infrastructure configuration, you can go next level and make it immutable. What does that mean? It means that you only use your automation tool to setup your infrastructure and any changes made directly on your servers or other devices are reversed automatically to desired state defined in your automation tool.

This gives you total control over your infrastructure. At any given time you know how is any device on your network set up, who has access to what, what are the latest versions of software and configurations installed etc.


Why should you want that? You need fewer people to take care of your infrastructure, you do not need to create (almost) any documentation about the state of the infrastructure, you can easily let your system administrator leave without loosing any capability to maintain your infrastructure or (almost) without fear of it being compromised and that is just begining.

So, please, automate.


Popular posts from this blog

ProLinks #57 - Truth, Wayland and Sex Tapes

Tech Let's talk about Wayland ... This is the fundamental principle of every single product (including security products). If you cannot use a thing, because its "safety" or "security" mechanisms prevents the core functionality from being utilized in the intended fashion, the product is useless. For example, a Web browser without an Internet connection is possibly very secure from Internet exploits - but it also doesn't do its main function - let people browse the Internet Speed is the killer feature When you touched a Razr or a Palm phone, there was a delay. It felt sluggish and slow. Apple removed the delay between your finger tapping the screen and something happening. Your finger could finally manipulate the UI in realtime, just like in the real world. It felt magical. If there was even a slight delay, the whole experience fell apart. Everything is broken, and it’s okay Every car you’ve ever ridden in, every elevator you’ve ever taken, every s

ProLinks #65 - North Korea, Cryptocurrencies, Propaganda and more

Tech The Incredible Rise of North Korea’s Hacking Army He was right. As the newspapers soon reported, more than sixteen million dollars was withdrawn from roughly seventeen hundred 7-Eleven A.T.M.s across Japan that morning, using data stolen from South Africa’s Standard Bank. The newspapers surmised that 7-Elevens had been targeted because they were the only convenience stores in Japan whose cash terminals all accepted foreign cards. Soon after the raids, the withdrawal limit for many A.T.M.s in the country was reduced to fifty thousand yen Why Cryptocurrency Is A Giant Fraud ❧ Current Affairs Schweikert is partly right: “selling it as a revolution” is a hugely important part of why cryptocurrency is succeeding. But as is generally the case when someone is trying to sell you something, the whole thing should seem extremely fishy. In fact, much of the cryptocurrency pitch is worse than fishy. It’s downright fraudulent, promising people benefits that they will not get and trying

ProLinks #64 - Cookies, How to Survive Apocalypse, Fall of Rome and more

Tech Ubuntu 21.04 is here Ubuntu machines can join an Active Directory (AD) domain at installation for central configuration. AD administrators can now manage Ubuntu workstations, which simplifies compliance with company policies. Data Brokers Are a Threat to Democracy The Arkansas firm claims to have data on 2.5 billion people around the world. And in the US, if someone’s interested in that information, there are virtually no restrictions on their ability to buy and then use it. How to fight back against Google FLoC Federated Learning of Cohorts (FLoC) proposes a new way for businesses to reach people with relevant content and ads by clustering large groups of people with similar interests. This approach effectively hides individuals “in the crowd” and uses on-device processing to keep a person’s web history private on the browser. How Live TV Works Do Neural Networks Think Like Our Brain? OpenAI Answers! 🧠 koush Difficult to quantify what an ecological disaster Bitcoin

ProLinks #58 - Evangelicals, Screen time and BASE Jumping

Tech The technical interview practice gap, and how it keeps underrepresented groups out of software engineering MIT gave me was a big stamp on my forehead that, to this day, makes strangers think I’m smart. But there was another, more relevant gift that gave me a serious advantage over students who did not attend an elite computer science institution: boundless access to technical interview practice. Not only was there a multi-week course during the month-long break between Fall and Spring semesters that was dedicated exclusively to passing technical interviews, but all of my peers were going through exactly the same thing at the same time Clone Wars - Open source clones of popular sites 70+ open-source clones of popular sites like Airbnb, Amazon, Instagram, Netflix, Tiktok, Spotify, Trello, Whatsapp, Youtube, etc. List contains source code, demo links, tech stack, and, GitHub stars count. Great for learning purpose!  “Well, it seems great to me” But if your music, your graphic

ProLinks #59 - Terrible men, Facebook and SOCOM

Tech You’re Doing It Wrong: Notes on Criticism and Technology Hype What is less obvious is why Shoshana Zuboff, an emerita professor of Harvard Business School, so uncritically repeats the digital industry’s marketing materials, nor why she never points to or assesses evidence that goes against her argument. Yet her writings are full of hyperbole that sounds like she took press releases from Facebook’s and Google’s PR departments and rewrote them to be alarming, How Facebook got addicted to spreading misinformation Zuckerberg’s obsession with getting the whole world to use Facebook had found a powerful new weapon. Teams had previously used design tactics, like experimenting with the content and frequency of notifications, to try to hook users more effectively. Their goal, among other things, was to increase a metric called L6/7, the fraction of people who logged in to Facebook six of the previous seven days. L6/7 is just one of myriad ways in which Facebook has measured “e