One of the best things about being a consultant in the DevOps space is the all-you-can-eat buffet of tools, tech stacks, and implementations out in the wild. Over the past two decades, I've been involved in several customized implementations. Some may make you scratch your head and ask “why didn't you go with the most common/easy solution?". Short answer is we all have to make some concessions to fit within a customer's requirements and budget.

Continue reading

What you'll need to follow this guide: RDS database (Aurora clusters as well) EC2 instance IAM role & policy Concept: If the nightly backup snapshots are too far apart for your comfort, consider incremental snapshots using AWSCLI, leveraging the instance profile attached to an EC2 instance. We will be creating a snapshot that is 3hours old every 3 hours and replacing the prior snapshot so there is no clutter or pages of snapshots you need to weed through.

Continue reading

What you'll need to follow this guide AWS admin (or at least permissions to manage IAM policies and enforce for all users) AWSCLI Concept The AWS instance metadata service (IDMS) version 1 service has been found to produce sensitive information that can be far too easily accssed. We will disable the ability to launch instances with IDMSv1 going forward and use a simple bash script to modify the instance metadata service to version 2 for running instances.

Continue reading

What you'll need to follow this guide a BitBucket repo you want to migrate from a GitHub repo you want to migrate to the GitHub CLI Concept Migrate one more repositories from BitBucket to GitHub using a simple bash script. Benefits For a time, BitBucket was a great place to find free code repository hosting. In more recent years however, GitHub has also introduced a free tier that provides more bells and whistles:

Continue reading

What you'll need to follow this guide: GitLab Repo with pipelines enabled Superuser account on server (this guide is written for Ubuntu but other distributions should still be very similar) SSH enabled on destination server A running webserver (we'll assume NGINX is running here) A Hexo website you wish to deploy (optional) an SSL Certificate for use with your site or LetsEncrypt setup knowledge Concept: A few weeks back, I was looking for an easy-to-use framework for blogging.

Continue reading

What you'll need to follow this guide: Terraform >12.13 & understanding of basic Terraform usage AWS API Access, preferably with admin-level permissions Bitbucket Repository with Pipelines enabled An EC2 Instance you wish to push your code repository contents to Concept: Using Bitbucket Pipelines and Bitbucket Deploy, we will set up automatic pushes to an EC2 Instance with AWS CodeDeploy. Target EC2 Instance does not need to be publicaly accessible in any way for this approach.

Continue reading

Summary: Saltstack is a configuration management tool written in Python and is one of the newer contenders in the space that's been getting good adoption. Features: ZeroMQ is fast, without using SSH to interact with systems OnPremise open-source SaltAPI via CherryPy for extended functionality and automation Deployment: Set up a SaltMaster Install Salt-Minions Accept salt-minion keys on saltmaster Usability: Written in Python Write in YAML Jinja2 templating Maintainability: Easy updates via system package installers Pretty easy to pick up and write states Jinja2 templating provides for a lot of reusability List Pricing: On-Premise open-source Enterprise/Cloud - $150/machine/year I've honestly never taken the Enterprise route.

Continue reading