How to quit ssh in 90 days

Transcript

1. How to quit ssh in 90 days Jerome Dassonville Software

   engineer, datadoghq

2. Who am I ? @jdassonvil

3. Devops ? @jdassonvil

4. Automate all the things ! @jdassonvil

5. The end of server management ? @jdassonvil

6. What is ssh ? SSH is a cryptographic network protocol

   for operating network services securely over an unsecured network. @jdassonvil
7. None

8. The cools kids like ssh • You can do everything

   you want • Your family think you are talking to the matrix • You can impress your coworkers @jdassonvil

9. @jdassonvil

10. Why it’s bad • You can do everything you want

    • It doesn’t force you to define a process • It does not scale @jdassonvil

11. Scalability @jdassonvil

12. Humans in production @jdassonvil

13. Humans in production @jdassonvil

14. What do we do with our ssh connection ? 1.

    Manage software pieces ◦ Deploy binaries and configuration ◦ Configure load balancers and firewalls ◦ Upscale or downscale @jdassonvil

15. What do we do with our ssh connection ? 1.

    Manage software pieces 2. Manage the platform ◦ Configure servers ◦ Upgrades OS ◦ Clean up stuff @jdassonvil

16. What do we do with our ssh connection ? 1.

    Manage software pieces 2. Manage the platform 3. Troubleshoot ◦ Read the logs ◦ Check the system metrics ◦ Read the config files @jdassonvil

17. SSH free journey @jdassonvil

18. First 30 days: Know your system @jdassonvil

19. Log everything • Application logs • System logs • Tools

    logs • SSH connection logs

20. Log as a first class citizen if __name__ == '__main__':

    log.info(‘hello world’)

21. Centralized and exploitable logging

22. Metrics collections

23. Easy setup Collection and aggregation platform Server A Server B

    agent agent

24. What do we do with our ssh connection ? 1.

    Manage software pieces 2. Manage the platform 3. Troubleshoot @jdassonvil

25. Next 30 days: Improve your deployment @jdassonvil

26. Deployment @jdassonvil

27. Deployment maturity levels Level 1: No automation Level 2: Daily

    operation are scripted Level 3: THE deploy button Level 4: Changes flow continuously to prod

28. You need a contract between your infrastructure and your developers

29. Containers are the easy win

30. What containers technology brings us A set of good old

    unix features (cgroup, namespaces) that guarantee the isolation of your applications + a packaging format + an api to control them + many more we won’t discuss

31. Run everything in containers • Every application • Every daemon

    • Every tool • Everything

32. Orchestration ? Be pragmatic

33. How to move to containers 1. Write a dockerfile for

    all your apps 2. Run them with pragmatism ◦ Use host network ◦ Mount host volumes ◦ Don’t try to run more services per host 3. Update your custom tools (if any)

34. What do we do with our ssh connection ? 1.

    Manage software pieces 2. Manage the platform 3. Troubleshoot @jdassonvil

35. Last 30 days: Improve the culture @jdassonvil

36. Users will resist

37. Improving the culture • Break the habits • Don’t make

    people’s life easy on servers • Kill your pets • Monitor your ssh usage

38. Revoking ssh access • You might have to do it

    to comply with HIPAA/PCI/… • If not make it a real privilege

39. And now ship it !

40. Key takeaway • Log everything • Run everything in containers

    • Be pragmatic

41. Thank you ! @jdassonvil