How to quit ssh in 90 days

Ebaa01b82b8763ac12c8219765e4c93c?s=47 Jérôme Dassonville
February 23, 2018
Technology
0
140

How to quit ssh in 90 days

Ebaa01b82b8763ac12c8219765e4c93c?s=128

Jérôme Dassonville

February 23, 2018
Tweet

Other Decks in Technology

See All in Technology
2564c99f616f1ecfc0f617a6fe87e2a9?s=48 penguin045
0
130
C58d9fc209cfdc0b822f851911110fa6?s=48 coe
11
4.9k
0b238801605070def81a98cfe8061aee?s=48 shonansurvivors
1
190
F01c8fdfa64bdfc00a94896e0b1359e0?s=48 tmdoi
0
270
921515dc03f89bafe3d8f5d0b3ca0b74?s=48 mmarukaw
0
460
9df0566fad9c9ca3bf669917848878fe?s=48 i35_267
3
1.2k
B29f42636a5f1249b640473d49aa4514?s=48 linedevth
1
180
8a84268593355816432ceaf78777d585?s=48 dena_tech
1
1.9k
C422cc033079e005fd1aa1b845b099da?s=48 meow_noisy
0
100
53850955f15249a1a9dc49df6113e400?s=48 line_developers
0
220
88964b936e864ca7d326272eaa70fa9a?s=48 hgsgtk
0
100
84907687e50c8ac2a09b02e0d1b36ab1?s=48 toricls
35
11k

Featured

See All Featured
Ba530e786553390f3fb271848485681c?s=48 3n
160
22k
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
4
490
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
190
17k
E837d2996f52008ace055a08fbfff992?s=48 frogandcode
121
20k
D67fff74178013024d833b3eec6cf27f?s=48 lynnandtonic
265
16k
245cee81a9c424266e5e401d844ea881?s=48 lara
169
9.2k
C35e01544a0dd94a2cf1619ee8a42ebb?s=48 clairelew
10
1.2k
Dafc4723e9a1c067796c0fec6f509774?s=48 lemiorhan
621
40k
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
366
42k
4262b9cfacfb6b2c77f23e1d0310cd3e?s=48 myddelton
104
10k
Be9caeb9d4ef9944d151af909063ed6e?s=48 samlambert
236
9.7k
5b9fe87ec1faa67a4599782930f45ec9?s=48 sstephenson
145
12k

Transcript

  1. How to quit ssh in 90 days Jerome Dassonville Software

    engineer, datadoghq

  2. Who am I ? @jdassonvil

  3. Devops ? @jdassonvil

  4. Automate all the things ! @jdassonvil

  5. The end of server management ? @jdassonvil

  6. What is ssh ? SSH is a cryptographic network protocol

    for operating network services securely over an unsecured network. @jdassonvil
  7. None

  8. The cools kids like ssh • You can do everything

    you want • Your family think you are talking to the matrix • You can impress your coworkers @jdassonvil

  9. @jdassonvil

  10. Why it’s bad • You can do everything you want

    • It doesn’t force you to define a process • It does not scale @jdassonvil

  11. Scalability @jdassonvil

  12. Humans in production @jdassonvil

  13. Humans in production @jdassonvil

  14. What do we do with our ssh connection ? 1.

    Manage software pieces ◦ Deploy binaries and configuration ◦ Configure load balancers and firewalls ◦ Upscale or downscale @jdassonvil

  15. What do we do with our ssh connection ? 1.

    Manage software pieces 2. Manage the platform ◦ Configure servers ◦ Upgrades OS ◦ Clean up stuff @jdassonvil

  16. What do we do with our ssh connection ? 1.

    Manage software pieces 2. Manage the platform 3. Troubleshoot ◦ Read the logs ◦ Check the system metrics ◦ Read the config files @jdassonvil

  17. SSH free journey @jdassonvil

  18. First 30 days: Know your system @jdassonvil

  19. Log everything • Application logs • System logs • Tools

    logs • SSH connection logs

  20. Log as a first class citizen if __name__ == '__main__':

    log.info(‘hello world’)

  21. Centralized and exploitable logging

  22. Metrics collections

  23. Easy setup Collection and aggregation platform Server A Server B

    agent agent

  24. What do we do with our ssh connection ? 1.

    Manage software pieces 2. Manage the platform 3. Troubleshoot @jdassonvil

  25. Next 30 days: Improve your deployment @jdassonvil

  26. Deployment @jdassonvil

  27. Deployment maturity levels Level 1: No automation Level 2: Daily

    operation are scripted Level 3: THE deploy button Level 4: Changes flow continuously to prod

  28. You need a contract between your infrastructure and your developers

  29. Containers are the easy win

  30. What containers technology brings us A set of good old

    unix features (cgroup, namespaces) that guarantee the isolation of your applications + a packaging format + an api to control them + many more we won’t discuss

  31. Run everything in containers • Every application • Every daemon

    • Every tool • Everything

  32. Orchestration ? Be pragmatic

  33. How to move to containers 1. Write a dockerfile for

    all your apps 2. Run them with pragmatism ◦ Use host network ◦ Mount host volumes ◦ Don’t try to run more services per host 3. Update your custom tools (if any)

  34. What do we do with our ssh connection ? 1.

    Manage software pieces 2. Manage the platform 3. Troubleshoot @jdassonvil

  35. Last 30 days: Improve the culture @jdassonvil

  36. Users will resist

  37. Improving the culture • Break the habits • Don’t make

    people’s life easy on servers • Kill your pets • Monitor your ssh usage

  38. Revoking ssh access • You might have to do it

    to comply with HIPAA/PCI/… • If not make it a real privilege

  39. And now ship it !

  40. Key takeaway • Log everything • Run everything in containers

    • Be pragmatic

  41. Thank you ! @jdassonvil