July 14, 2022

Terraform Progress

Terraform has been going well, it’s been nice to use the tool to do what it takes some serious scripting to work around. The one thing I’m concerned about, especially with the libvirt provider, is how terraform remediates minor things in the infrasturcure. That begets the question, is it then something that is a core part of the deployment strategy to work around? Using a tool as part of the process, vs using the tool and working within its confines is something that has always been difficult to determine the best practice of.

July 5, 2022

Roadmap: DevOps

I’ve been really feeling stepping up my DevSecOps skills, after really feeling comfortable working with chef and ansible to run configs. I found roadmap.sh, and found myself most of the way down the roadmap for DevOps. I’m halfway through the Infrastructure as Code, needing to do infrastructure provisioning. I’ve written my own provisioning, but perhaps using Terraform can provide value, especially as my code was libvirt only. Being more agile with regards to deployment zone makes the code portable.

July 5, 2022

Roadmap: GoLang

Writing code has been something that has not been something I found I could just jump into and do for hours, but has been enourmously satisfing, personally and professionally. My public git works show that I have been able to write some small projects, but I have never felt comfortable enough to write anything more than some quick utilites. To me, what feels like a complete project are things like persistent daemons or backends that interface with r/w databases and the like, and learning how to do that is something that could be yet another tool in the belt, or possibly a career change.

June 27, 2022

DevOps

It’s been a while; there was a big changeover as I prepared to leave one job and start another. Starting at this new job, I got exposed to Chef, and had the time to really bash at it until I feel comfortable with it. It is a really interesting tool compared to Ansible, as it feels a bit easier to use it as a configuration management tool only, and not taking advantage of Ansible’s ability to reach into anything and do things in almost any manner. Looking back, I see how some of my Ansible playbooks were more like scripts than configuration management. There’s a place for both, and the two tools are not mutually exclusive.

May 5, 2022

My Own API

Work has progressed on my own API: just messing with some data with a spy theme. I’ve been able to do GET, PUT, POST, and DELETE, which has been cool. I’ve got some more avenues to explore, along with just general tidying up: call and run a script via the API for value setting, then general edges to clean up.

After that, putting a web client in front of the API to show off the data and how to work with it. Then I will have been a “full stack dev” and can see what pulled me in to work with. Really exciting stuff!

April 25, 2022

Work Projects

My work projects have mostly scratched my dev itch lately, but with a good one coming to an end, its time to share. I’ve been enjoying writing a switch management project in Ansible, as its been great to have a hack at API’s, network gear, and plain old optimisiation logic. The API’s have been loads of fun and really interesting to get into, after being on my to-do list for ages, and I have a good feeling for JSON structs. This project has been mainly object orientated (if I have terminology right), being that we have an object (the switch) and are making tasks based on what is where. At home, I want to write some API servers for my own use case to get a good feel and slide yet further into dev land.

March 24, 2022

Where I've Been

It’s been a while since I was able to update here, for serveral reasons. First, I was accepted for a Masters at UC Berkeley, and was trying to make that work. Second, I made no progress with Keycloak behind haproxy. Finally, there’s been no other code to show you as its all been on work git servers.

Starting with the UC. I applied for the MICS, or Masters of Information in Cyber Security. The school charged a princely sum of $80k USD to do the course, and with everything I tried, that number never got comfortable. I’m scrapping that plan, moving forward with self-taught hard skills (golang, CEH), and if I want a masters, I can go back to WGU.

February 28, 2022

Blog

When I started doing this blog, I’m not sure exactly what I wanted it to be. Some of my first posts were simply papers I had written for school I thought were cool. There have been few technically explict posts (with configs, tutorials, etc) based on things I had done myself, as most of the posts are just summaries of things I have done or are working on. I supposed that’s because I don’t have many peers who would be interested and I am not involved in any tech groups.

February 28, 2022

Tired of Docker?

The Docker deployment I am using is looking more promising, especially for web front ends. The Let’s encrypt wildcard is easy to use, so using the single wildcard with haproxy makes for a compelling single moving part. I suppose a clustered deploy would be useful, to prevent downtime with the single load balancer, but that’s okay for my size.

Next, I want to get some NIPS or perhaps WAF in place behind the SSL balancer, to keep that honest, before opening up the firewall. As I’m typing that, doing some more firewall rules on the docker host to prevent action when comprimised, but that’s another kettle of fish.

February 19, 2022

More Docker

At work, there’s a push towards using K8s. I’ve setup a test K8s, I’ve run some docker, but I’m no expert. As I mess with all that tech, I’m starting to get behind it as a concept and want to use it in a meaningful way, and get away from “my apt packages and debian servers work fine thanks.”

Some of the services I run at home are now in containers. I’ve set up a haproxy server to act as a load balancer entry point, complete with SSL. This is funky, as in the backend network, everything is exposed (and some Docker containers expect the security to be on the host, implictly trusting traffic), but also means I need a wildcard cert. Will need to read up on Lets Encrypt to see how that is this days.