How to quit ssh in 90 days

How to quit ssh in 90 days

Ebaa01b82b8763ac12c8219765e4c93c?s=128

Jérôme Dassonville

February 23, 2018
Tweet

Transcript

  1. How to quit ssh in 90 days Jerome Dassonville Software

    engineer, datadoghq
  2. Who am I ? @jdassonvil

  3. Devops ? @jdassonvil

  4. Automate all the things ! @jdassonvil

  5. The end of server management ? @jdassonvil

  6. What is ssh ? SSH is a cryptographic network protocol

    for operating network services securely over an unsecured network. @jdassonvil
  7. None
  8. The cools kids like ssh • You can do everything

    you want • Your family think you are talking to the matrix • You can impress your coworkers @jdassonvil
  9. @jdassonvil

  10. Why it’s bad • You can do everything you want

    • It doesn’t force you to define a process • It does not scale @jdassonvil
  11. Scalability @jdassonvil

  12. Humans in production @jdassonvil

  13. Humans in production @jdassonvil

  14. What do we do with our ssh connection ? 1.

    Manage software pieces ◦ Deploy binaries and configuration ◦ Configure load balancers and firewalls ◦ Upscale or downscale @jdassonvil
  15. What do we do with our ssh connection ? 1.

    Manage software pieces 2. Manage the platform ◦ Configure servers ◦ Upgrades OS ◦ Clean up stuff @jdassonvil
  16. What do we do with our ssh connection ? 1.

    Manage software pieces 2. Manage the platform 3. Troubleshoot ◦ Read the logs ◦ Check the system metrics ◦ Read the config files @jdassonvil
  17. SSH free journey @jdassonvil

  18. First 30 days: Know your system @jdassonvil

  19. Log everything • Application logs • System logs • Tools

    logs • SSH connection logs
  20. Log as a first class citizen if __name__ == '__main__':

    log.info(‘hello world’)
  21. Centralized and exploitable logging

  22. Metrics collections

  23. Easy setup Collection and aggregation platform Server A Server B

    agent agent
  24. What do we do with our ssh connection ? 1.

    Manage software pieces 2. Manage the platform 3. Troubleshoot @jdassonvil
  25. Next 30 days: Improve your deployment @jdassonvil

  26. Deployment @jdassonvil

  27. Deployment maturity levels Level 1: No automation Level 2: Daily

    operation are scripted Level 3: THE deploy button Level 4: Changes flow continuously to prod
  28. You need a contract between your infrastructure and your developers

  29. Containers are the easy win

  30. What containers technology brings us A set of good old

    unix features (cgroup, namespaces) that guarantee the isolation of your applications + a packaging format + an api to control them + many more we won’t discuss
  31. Run everything in containers • Every application • Every daemon

    • Every tool • Everything
  32. Orchestration ? Be pragmatic

  33. How to move to containers 1. Write a dockerfile for

    all your apps 2. Run them with pragmatism ◦ Use host network ◦ Mount host volumes ◦ Don’t try to run more services per host 3. Update your custom tools (if any)
  34. What do we do with our ssh connection ? 1.

    Manage software pieces 2. Manage the platform 3. Troubleshoot @jdassonvil
  35. Last 30 days: Improve the culture @jdassonvil

  36. Users will resist

  37. Improving the culture • Break the habits • Don’t make

    people’s life easy on servers • Kill your pets • Monitor your ssh usage
  38. Revoking ssh access • You might have to do it

    to comply with HIPAA/PCI/… • If not make it a real privilege
  39. And now ship it !

  40. Key takeaway • Log everything • Run everything in containers

    • Be pragmatic
  41. Thank you ! @jdassonvil