DevOps projects: CronCI

Create a cron job that polls a github repository for changes and runs some tests using an LXC sandbox. For extra bonus points think about serving the test results from files using Apache or NGINX directory listings. Your polling script will also need to use GitHub’s status API to report results. For extra extra bonus points see if you can do it all with just bash and some utilities like jq.

Modelling Encryption Key Hierarchies with Alloy

Setting up key hierarchies with the proper access rights can be a little tricky because reasoning through the implications of access and storage can get a little convoluted. Some questions I had when I was trying to do this at work was how do I set things up so that people can have the access they need without jumping through too many hoops and how many hoops do I need for non-trivial security properties? Also, which keys need to encrypt which other keys and where/how can they be stored without sacrificing security? Continue reading

System design 101

I’ve seen a certain pattern of thinking in engineering organizations that feels backwards to me but I keep running up against it. Part of the reason it feels backwards to me is probably because I tend to think axiomatically and the pattern of thinking that I’ve observed makes no sense logically. Abstractly the argument almost always involves 3 components of a system (A, B, C). If it makes things simpler you can pretend A = front-end, B = back-end, and C = database. Continue reading

Terraform as a backend (in a compiler sense)

Every time I’ve tried to use terraform proper I have failed. Fundamentally it is a non-composable tool so if you want compostionlity you have to work around its limitations. One way I’ve found to force compositionality is to not rely on any of its high level features. I only use it for managing resource graphs. That’s the only part I think it is good at and that’s the only part that consistently works. If you feed it a resource graph then it will mostly work. This means you’ll have to find some way to generate and feed it the resource graph. There are a few ways to do it and in the past I would have recommended ERB but there is actually a simpler way that just requires generating JSON. You could generate the JSON from anything you are comfortable with that provides the kind of compostionality you expect. I’m going to outline how I use Rake and Ruby to do this for a very basic VPC configuration across several regions and availability zones. Continue reading