Hey Stephen Wood: configuration management

Friday, November 8, 2013

Using Saltstack to manage linux users

Saltstack makes it very easy to manage users. You can use pillars to predefine all of the users and add them later, or you can define them within a single sls state file.

By example here is an sls file that will add or remove any number of users to a system. If you want the user dropped from the system, change "present" to "absent" and run it again.

Thanks Will for fixes and pointing out that if you're not on a debian system you'll want to use something else for the "adm" group.

{% set users = {
  'someuser': {
    'state': 'present',
    'fullname': 'User One',
    'pub_key': 'ssh-rsa .... '
  },
  'someuser2': {
    'state': 'present',
    'fullname': 'User two',
    'pub_key': 'ssh-rsa .... '
  }
} %}
 
{% for name, user in users.items() %}
{{ name }}:
  {% set shell = user.shell | default('/bin/bash') %}
  {% set groups = user.groups | default(['sudo', 'adm']) %}
  user.{{ user.state }}:
    - fullname: {{ user.fullname }}
    - home: /home/{{ name }}
    - shell: {{ shell }}
    - groups:
    {% for group in groups %}
      - {{ group }}
    {% endfor %}
  {% if user.state == 'present' %}
ssh_key_{{ name }}:
  ssh_auth:
    - present
    - user: {{ name }}
    - names:
      - {{ user.pub_key }}
    - require:
      - {{ name }}
  {% endif %}
{% endfor %}

Saturday, October 12, 2013

The Deployment Manifesto

This has nothing to do with the word devops. Instead, this is a discussion about certain responsibilities in which both the ops teams and the developer teams overlap. This is about cooperation between teams to create a better product.

The 10 Requirements

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
     NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
     "OPTIONAL" in this document are to be interpreted as described in
     RFC 2119.

1. Configuration management MUST NOT be coupled to an external service, such as EC2, Openstack, Foreman, or anything else.

2. Devops SHOULD provide a self-service framework for the automatic creation and destruction of hosts from the ground up.

3. Devops SHOULD work with engineering teams to come up with continuous deployment strategy that doesn’t involve the destruction and creation of fresh operating systems.

4. All code required for deployments MUST be maintained in a centralized source repository.

5. Deployments MUST use immutable snapshots -- such as a git tag -- from source code.

6. Hosts being provisioned MUST get their configurations from source control and MUST NOT rely on resources from an individual user or an engineer’s local computer.

7. Developers MUST provide a way to test code before it is deployed.

8. Devops MUST have an automated and tested rollback plan with every deployment.

9. Devops SHOULD provide feedback and planning support for hardware, infrastructure, and software dependencies necessary to run applications.

10. Devops MUST monitor all deployments and have clear, identified benchmarks for success or failure.