Infrastructure Nerds

DevOps

Overview

Clasically, when systems administrators would want to make a change on a server, they'd log in remotely, and make changes manually. They'd edit a file, restart a service, or run a command, and if you were lucky they'd document what they did on whatever ticketing system you used in house. In the eventual case that a server fails, needs to be upgraded, or needs to be refactored for some other reason, you were left hunting through tickets or other sporadic documentation and spending hours or days reconstructing past work.

Enter DevOps, an automation approach that includes automated deployment amd configuration mangement software, aka 'Infrastructure as Code.' Using this approach, there are no manual changes that aren't put into a code base, which means that your work is documented, repeatable, and self-documenting. Compliance and change control become much easier because they're tracked through merge requests in the code's source controli repositories, and everything's transparent.

A lot of smaller scale operations don't see the point of configuration management, but the benefits really start showing themselves once you have to manage 30+ servers, or after you've had to sink a few weekends into rebuilding a failed and sparsely documented server. Luckily for y'all, we've faced these problems.

pocketprotector

To fulfill our clients' DevOps needs at Infrastructure Nerds, we utilize the Puppet programming language to develop pocketprotector, a configuration management solution for Linux servers that includes:

  • automatic monitoring using nagios
  • user management
  • package management
  • mailserver support using postfix
  • configuration utilizing YAML as much as possible
  • multiple Linux distributions
    • Ubuntu
    • openSUSE
    • RedHat (planned)
  • support for system roles based on use case, such as
    • desktops
    • web servers
    • HPC compute nodes
  • puppet web dashboard using puppetboard

Compliance

Compliance, no matter what the standard, requires a few things:

  • documentation
  • change control
  • security standards

Using a DevOps approach can greatly simplify fulfillment of these requirements. No more going manually over someone's past work to reconstruct what they did. Instead, work is performed straight out of the code base and changes are tracked via merge requests. Anyone can leave an organization, and their work can be reproduced. Moving code between development, QA, and testing can be as simple as merging git branches.

At Infrastructure Nerds, we're familiar with GxP, PCI, and NIST 800-53 compliance standards and are happy to help you fulfill any of those requirements.

Relatedly, we are planning on eventually implementing all of the NIST 800-53 standard in pocketprotector, and are doing that incrementally whenever our clients have relevant business needs.