Re: [PLUG] Devops: was LINUX ADMIN ADVICE

[Christopher Barry <christopher.r.barry@gmail.com>]

"...Dev releases are secure from vulnerabilities by default."

Uh-huh... yup...

Feel safer already.

On Thu, Jul 26, 2018, 6:24 PM Lee H. Marzke <lee@marzke.net> wrote:

+1 for Gene Kim's book the Phoenix project, and also his DevOps handbook and conferences.

So changing people's minds is quite hard in addition to the huge learning curve on the dev ops tools.

One of the big issues with DevOps,  Agile,  Microservices, the SW defined Datacenter,  and cloud Ops is there

is a huge mix of possible options,  many tools are open-source, changing rapidly, and not fully

documented.  Does this sound like it makes sense for production ?

Issues arise such as when developers include 'Alpha' release libraries in the Docker image because it 'works for them'

and they want to release to production without Ops approval, which they likely wouldn't get.  Also when new vulnerabilities come

out against a library and Ops doesn't even know which libraries are in production because it's hidden in a container.

Just because Facebook, Google , etc. have been successful doesn't mean that smaller companies

will be able to afford the learning curve.   There are so many variations of Docker,  Kubernetes, Kubes,

Pivotal Cloud Foundry PAAS,  VMware Infrastruture containers (VIC) etc.    Many companies decide to hire

beginner developers who haven't run this in production and let them try to figure it out.  This leads to 100's if not

thousands of variations in DevOps workflows across companies, basically each DevOps setup is a unique

snowflake  process unlike anyone else's,  so things never get caught up.    Many companies also want to be

multi-cloud to lower risk, so the learning curve goes up again.

I interviewed early this year with Pivotal, and got to present a demo of PCF (Pivotal Cloud Foundry )

which seems really neat.   It takes Java Spring-boot source code and and a few XML hints as input and

is able to auto-compile and run that in production.   All cross-pod networking is managed by commercial

NSX-T from VMware.

The developer deploys just his code to bare  stemcells  (a base OS) provided/patched by Pivotal.  Typically

Ubuntu 14.04.  All libraries are mated with source and auto-compiled ( not part of the OS )

The Ops people have some control over options available to devs,  and allow Operators to redeploy

from source with a simple click.   Any vulnerabilities in developer referenced libraries are detected

and fixed with each dev 'push' so Dev releases are secure from vulnerabilities by default.

Ops folks can also redeploy with a click, building from source without needing developer help to do the rebuild

so new vulnerabilities can be patched by just Ops.

The trade-off is Pivotal is extremely expensive ( one paid consultant for each programming pair ) , so as to fix the

pair-programming issues as well as teach the tools and best practices.   So far mostly Fortune

100 companies buying,  and the Air Force has a big contract.

This all works because Pivotal has so much control over all the pieces.  All the networking comes from VMware

NSX-t.    In contrast the various Kubernetes releases are put together in so many ways, with different networking ( using

Cisco ACI, AOS, Big Cloud Fabric, Cilium, Contiv, Conrtrail, Flannel, Kube-router, GCE, OpenVswitch, OVN,

Calico, Weave, etc.)   You never get it fully working before major changes get rolled out in one of the parts, and

you start again.

I think all this rush to DevOps is still in the upswing of the Hype cycle and due for a correction.

---

From: "Andy Wojnarek" <andy.wojnarek@theatsgroup.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Thursday, 26 July, 2018 17:24:54
Subject: Re: [PLUG] LINUX ADMIN ADVICE

+1 for the Phoenix Project. Great book.

 

SRE Handbook is also free until 8/23 which is a great read as well:

https://landing.google.com/sre/book.html

 

--

Andy

 

From: plug <plug-bounces@lists.phillylinux.org> on behalf of Doug Stewart <zamoose@gmail.com>
Reply-To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Date: Thursday, July 26, 2018 at 4:40 PM
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] LINUX ADMIN ADVICE

 

The Phoenix Project/DevOps Handbook are good intros to those concepts as well as the Jez Humble books.

 

On Thu, Jul 26, 2018 at 4:36 PM, JP Vossen <jp@jpsdomain.org> wrote:

On Jul 26, 2018, at 14:57, Paul Walker <starsinmypockets@gmail.com <mailto:starsinmypockets@gmail.com>> wrote:

On a related not - is there a good manual or finite source of information that is particularly useful for getting started in the trade?

On 07/26/2018 04:11 PM, Tlbox-verizon wrote:
> The Nemeth/Snyder/Hein Linux Admin Handbook is decent IIRC.

Which trade?

_Essential System Administration_ is old but an awesome survey of how to do "stuff" on many different Unix platforms.

_Absolute FreeBSD_ is great because it talks a lot about *why* things work the way they do.

_Backup & Recovery_ is a great survey of, well Backup & Recovery.

Then there is Linux itself (but which distro), Ansible (or Chef, Puppet, Salt or 1,001 other similar CMS tools), AWS (or other <insert cloud here> (AKA "someone else's data center)), backup & *recovery*, Postfix, DNS, DHCP, shell scripting (& probably Git), and tons more...

Good luck, bring aspirin,
JP

--  -------------------------------------------------------------------
JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

 

--

-Doug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

--

"Between subtle shading and the absence of light lies the nuance of iqlusion..."  - Kryptos

Lee Marzke,  lee@marzke.net     http://marzke.net/lee/
IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug