How to quit ssh in 90 days

Transcript

1. 1.

   How to quit ssh in 90 days Jerome Dassonville Software

   engineer, datadoghq
2. 2.

   Who am I ? @jdassonvil

3. 3.

   Devops ? @jdassonvil

4. 4.

   Automate all the things ! @jdassonvil

5. 5.

   The end of server management ? @jdassonvil

6. 6.

   What is ssh ? SSH is a cryptographic network protocol

   for operating network services securely over an unsecured network. @jdassonvil
7. 7.

   None
8. 8.

   The cools kids like ssh • You can do everything

   you want • Your family think you are talking to the matrix • You can impress your coworkers @jdassonvil
9. 9.

   @jdassonvil

10. 10.

    Why it’s bad • You can do everything you want

    • It doesn’t force you to define a process • It does not scale @jdassonvil
11. 11.

    Scalability @jdassonvil

12. 12.

    Humans in production @jdassonvil

13. 13.

    Humans in production @jdassonvil

14. 14.

    What do we do with our ssh connection ? 1.

    Manage software pieces ◦ Deploy binaries and configuration ◦ Configure load balancers and firewalls ◦ Upscale or downscale @jdassonvil
15. 15.

    What do we do with our ssh connection ? 1.

    Manage software pieces 2. Manage the platform ◦ Configure servers ◦ Upgrades OS ◦ Clean up stuff @jdassonvil
16. 16.

    What do we do with our ssh connection ? 1.

    Manage software pieces 2. Manage the platform 3. Troubleshoot ◦ Read the logs ◦ Check the system metrics ◦ Read the config files @jdassonvil
17. 17.

    SSH free journey @jdassonvil

18. 18.

    First 30 days: Know your system @jdassonvil

19. 19.

    Log everything • Application logs • System logs • Tools

    logs • SSH connection logs
20. 20.

    Log as a first class citizen if __name__ == '__main__':

    log.info(‘hello world’)
21. 21.

    Centralized and exploitable logging

22. 22.

    Metrics collections

23. 23.

    Easy setup Collection and aggregation platform Server A Server B

    agent agent
24. 24.

    What do we do with our ssh connection ? 1.

    Manage software pieces 2. Manage the platform 3. Troubleshoot @jdassonvil
25. 25.

    Next 30 days: Improve your deployment @jdassonvil

26. 26.

    Deployment @jdassonvil

27. 27.

    Deployment maturity levels Level 1: No automation Level 2: Daily

    operation are scripted Level 3: THE deploy button Level 4: Changes flow continuously to prod
28. 28.

    You need a contract between your infrastructure and your developers

29. 29.

    Containers are the easy win

30. 30.

    What containers technology brings us A set of good old

    unix features (cgroup, namespaces) that guarantee the isolation of your applications + a packaging format + an api to control them + many more we won’t discuss
31. 31.

    Run everything in containers • Every application • Every daemon

    • Every tool • Everything
32. 32.

    Orchestration ? Be pragmatic

33. 33.

    How to move to containers 1. Write a dockerfile for

    all your apps 2. Run them with pragmatism ◦ Use host network ◦ Mount host volumes ◦ Don’t try to run more services per host 3. Update your custom tools (if any)
34. 34.

    What do we do with our ssh connection ? 1.

    Manage software pieces 2. Manage the platform 3. Troubleshoot @jdassonvil
35. 35.

    Last 30 days: Improve the culture @jdassonvil

36. 36.

    Users will resist

37. 37.

    Improving the culture • Break the habits • Don’t make

    people’s life easy on servers • Kill your pets • Monitor your ssh usage
38. 38.

    Revoking ssh access • You might have to do it

    to comply with HIPAA/PCI/… • If not make it a real privilege
39. 39.

    And now ship it !

40. 40.

    Key takeaway • Log everything • Run everything in containers

    • Be pragmatic
41. 41.

    Thank you ! @jdassonvil