The DevOps Tool Bazaar at Blue Yonder on February 20, 2018 was a refreshing change from the otherwise monothematic DevOps Meetups. The diverse topics not only stimulated discussion, but also gave an insight into the respective domains of the speakers and the associated challenges.
Debianized Sentry
Jürgen Hermann from 1&1 deals with the packaging of Python software in platform-native packages with tools such as dh-virtualenv and fpm. Using the example of Sentry, a system for centralized logging and management of application exceptions, he explains how these tools work and what pitfalls to watch out for. You can find out more on his slides.
Kill all your wrapper bash scripts - you don't need them, you don't want them!
Sebastian Neubauer from Blue Yonder already points out in his Meetup announcement that he wants to deliberately provoke with his talk, which can already be guessed from the title of his talk: Discard All Your Wrapper Bash Scripts! By subjecting himself to this challenge, he also asks the audience whether most of the wrapper scripts are not superfluous.
The often poor quality and maintainability of the scripts is a moot point. Sebastian's decisive thesis is that the supposedly noble goal of protecting the user from complexity should be viewed negatively. In his opinion, wrapper scripts obscure the user's view of the necessary basic Ops know-how. It is therefore of greater value to write good documentation that makes it possible to understand the underlying technologies from the operator area better.
To explain: Wrapper scripts are the rarely small scripts, often written in Bash, that are intended to simplify the handling of complex technology for the user. Everyone knows them, many have already written them themselves, few want to maintain them.
Docker containers and Gitlab CI using the example of the Hugo blogging software
Johannes Graf from Synyx uses the company's own blog based on the blogging tool Hugo to show how Gitlab-CI and containerized test instances can massively simplify blogging for employees and thus motivate them.
Hugo generates static pages from Markdown files that are uploaded to the target system. This lays the foundation for quick and easy blogging. To give employees a preview of the blog post in the context of the blog site, Gitlab-CI generates a complete executable preview instance of the entire blog in a Docker container based on a branch. Within this instance, functionality and content can be checked and corrected if necessary. After a successful merge into the master branch, the preview instance is removed again.
SSH certificates
Michael Ströder's specialty is the important but often neglected topic of security. His basic credo for more security is to change keys frequently and increase the number of security layers. Unfortunately, there is no inherent technical solution for enforcing regular key changes for public/private key pairs. Employer policies are a rather cumbersome and unwieldy tool to guarantee higher security. Michael is therefore working on a practical method of using the SSH certificates already implemented in OpenSSL. The basic idea is to have a secure instance generate short-lived certificates based on the public-private key pair, which are validated on the target system.
Meltdown in detail
Nobody has been able to avoid the topics of Meltdown and Spectre in recent weeks. Most of the articles on the relevant IT news sites often only stated that the cause lies in the modern architecture of processors and that the kernel programmers of the various operating systems now have to find ways to eliminate the possibilities for side-channel attacks that have arisen from pipelining, branch prediction and the like. If you really want to understand Meltdown, you need to take a closer look at this complex issue. Patrick M. Hausen from punkt.de has done this and in his presentation he uses illustrative examples in C to show how the behavior of the processors can be exploited by means of time measurement, caching and shadow registers.
