Yeah, that's meMatt Ouille Site Reliability Engineer A software engineer focused on infrastructure automation, Linux, and service reliability.

Splitting up Terraform & state file separation

Terraform is fundamentally operated off of these things called “state files”. State files literally are the single source of truth, as far as Terraform is concerned, in regard to your infrastructure. They’re formatted in regular JSON but carry a lot of metadata that helps Terraform plan and predict what will happen with your infrastructure.

All infrastructure orchestrators have to work off of some sort of state. Interpreting live infrastructure state is complicated and sluggish at scale so many of them resort to some sort of centrally hosted file system that indicates this state to them. CloudFormation actually does much of the same thing with CloudFormation templates in S3 Buckets, you just see less of it exposed to you.

What Terraform really enables is an organization of infrastructure that can be reused, version controlled, and browsed by anyone in the organization. Nobody goes to the S3 bucket and views the Terraform state file, rather, they view the code that generated that state file hence it’s important not to make manual modifications to infrastructure once an orchestrator has run.

How an automation engineer migrates to Google Music

I recently posted on Facebook that I was ditching Facebook and all of the apps dependent on it. While Spotify isn't inherently dependent on it, I also wanted the opportunity to use Google Music for some of my favorite podcasts. Thus, I made the decision that Spotify was going down too. Migrating from Spotify to Google Play Music is already kind of a difficult task. I've had years of being on Spotify, to the point where I have 850 tracks on playlists and my library. I wanted a way to move my playlists I've built over the years over to Google Music. I found a service called [Soundiiz](soundiiz.com) that performs some needed functions. First, it matches Spotify tracks to Google Play tracks and copies your playlist over. Unfortunately, I found that this only worked for playlists and not my music library. Thus, I took things into my own hands.

Why what Trustico did is so bad

If you haven’t heard, last Wednesday it was revealed that Trustico, a large reseller of TLS certificates, violated customer trust by emailing another reseller 23,000 of their customer private keys. That’s really the gist of what they did, what these articles don’t really cover is the underlying reasons why this is directly bad and why what it means is even worse.

DevOps and SRE in the Enterprise

At start ups we have the luxury of starting from the ground up. Philosophical and cultural revolutions are always easier to consider when simply nothing exists. This is a common complaint of large enterprises when they examine DevOps, SRE, or Production Engineering for their own organizations. Subsequently they end up morphing the core beliefs of those philosophies to fit their existing culture. While this can be done it really results in a lot of confusion and frustration especially at the ground level where, in the aforementioned disciplines, most of the work and decision making takes place. The question remains what does a properly scaled Enterprise grade version of DevOps looks like?

Using return values inside CloudFormation UserData

I've been working on a project that uses CloudFormation exclusively, so I don't get to do variable interpolation that's as simple as Terraform makes it. Thus, I've had to do some improvising when generating files based off my infrastructure orchestration.

Testing Jekyll with Travis CI

I've finally settled with the fact that Jekyll is going to be my mainstay for a while. It's got a lot of features I like some of which are subsequent to being a static site generator, others being thoughtful implementations.

Taking Security a Step Further with VPC Endpoints

Ever since I wrote S3 Bucket Security and Best Practices I’ve been playing with how to extend security within a given AWS account.

Policies and KMS are great but to me assurance comes in threes. That said I don’t see VPC Endpoints discussed very much when people are talking about S3 Bucket Security, especially for something that’s served over a public API!

Variations in High Availability

High availability is a term thrown around quite a bit these days. Many professionals conflate high availability with the idea of a theoretical 100% availability. I'll be the barer of bad news in saying such a thing rarely exists, is even harder/more expensive to obtain, and often not worth it. Rather, I encourage teams to identify what high availability means to them. This article will be an exercise in exactly that.

Variations in High Availability feature imagePhoto Credit: PerconaDB

A Big Thank You

I owe everyone a tremendous debt of gratitude. I’ve been posting on this blog for quite some time. I’ve made some transitions from Ghost, to Wordpress, and now to Jekyll. In that time I also tried out some SaaS platforms like Medium and Blogger but I’d rather not remember those times. Thus, you see the articles that are on my current blog - I’ve lost a lot but I’ve gained a lot. Just like myself my blog had to evolve over time. One thing has remained fairly consistent though: why I write.

S3 Bucket Security and Best Practices

In this write up I explore some of the intricacies of Amazon S3's permission matrix. I go over best practices, ACL's, Policies, KMS, and Server Side Encryption. Read on for more!

Docker and Docker-Compose for the developing mind

Introducing docker and docker-compose to developers for developing powerful local development environments and easy to deploy production environments.

Docker commands every dev should know

Docker is a really awesome containerization platform. It dutifully simplifies LXC (Linux Containers) and enables developers to develop faster. That said, at times Docker can be a tad confusing and things can get out of hand quickly if you’re not up to speed on your docker commands. These are all commands that I keep up to date on my GitHub gists page for docker, so I use them regularly as well.

Pointers in Go

I've been learning Go recently and I've been having some issues solidifying my understanding of pointers, so I thought I'd write a quick blog post explaining what I've learned and how to easily understand it. Click the title to read on!

“The Most Forgotten Pattern”

Developers love consistent ways of solving repeating problems, but the most consistent problem of them all is never solved repeatedly. Every time we sit down to solve problems with software we apply design patterns to overcome situations that would be contentious if we hadn’t already solved them years ago. There’s no point in reinventing the wheel, right? So why are we sitting here planning development of software for months on end still?

The switch to Jekyll and updates

2017 has been really good to me and I’ve had the opportunity to grow a lot both as as person and in my career. I’m currently writing this post sitting on my back porch watching my dogs play.

That said, earlier versions of my website were always based on Wordpress. While Wordpress is a great functional FOSS blogging platform, it was really a bit bloated for my needs. As a developer, and someone who is trying to make more efficient use of their time, I was looking for something that got down to the nuts and bolts of what I wanted without sacrificing too much functionality.

In that I found Jekyll and GitHub pages. I kind of wrote this off as a poor man’s solution to a common problem, however, I’ve discovered the elegance in what Jekyll provides. Jekyll is categorized as a Static Site Generator written in Ruby and extended through plugins and API driven services such as Disqus. You can checkout Jekyll here.

I use a Mac and haven’t done a lot of Ruby focused projects so I was really unaware of how to start. What I’ve figured out though is that between RVM and HomeBrew you can get a sustainable environment going. I could probably also have written a Dockerfile to do a lot of the dependency management for me, but I’m only using one gem and that’s Jekyll itself.

As for deployment, I already pay for GitHub. I was a little disappointed to discover GitHub pages doesn’t support a CDN proxy to run SSL on custom domains but I looped in CloudFlare for that. All in all, a blog post is just a commit away and I can use Atom as a post editor.

While I’ve been writing a lot of specific ‘getting started’ tutorials lately I think it’s time that I start writing more Site Reliaibility Engineering focused work. I currently work in an AWS environment but dumping my virtual machine provider frees me up to do some AWS and GCP tutorials. Who knows, maybe I’ll get froggy and do some Azure too.

Test Driven Infrastructure Basics

Today I’m going to go over the basics of Test Driven Infrastructure, what it means, how to do it, when it applies, and why. In this tutorial I’m going to use Chef, but you can use whatever you want.

User error caused a massive S3 blackout

At 9:37AM PST, an authorized S3 team member using an established playbook executed a command which was intended to remove a small number of servers for one of the S3 subsystems that is used by the S3 billing process. Unfortunately, one of the inputs to the command was entered incorrectly and a larger set of servers was removed than intended. The servers that were inadvertently removed supported two other S3 subsystems. source: https://aws.amazon.com/message/41926/

Is this where we echo one of the great pillars of Linux? With great power comes great responsibility.

SendGrid DNS White Labeling and CloudFront for Secure Click Tracking Links

At StarLeaf we had a need to secure our SendGrid click tracking links, unfortunately our provider, SendGrid, had no way of sending HTTPS traffic with their in place white labeling solution. This is how we solved that.

Starting a Career in DevOps

A few years ago I got out of the military as a radio technician, but before I got out I had a ominous conversation with a long time friend explaining that I thought the future of an IT career lied in a mix of systems, programming and virtualization. At the time I really knew nothing about virtualization, had really only web and some Perl/Python experience and a life long love of Linux. Since then, my experience has turned it into a beautiful well-rounded career that’s only growing.

Basic Ubuntu Security

Especially in 2017 everyone should be concerned about security. You don’t need to be a genius or completely paranoid in order to avoid most potentially compromising situations. Follow these instructions and you’ll have a basic understanding of what it is to secure your brand new, vanilla Ubuntu server. That said, if you use the web or have a publicly accessible service then there is always a chance you will be compromised. You cannot predict application patches with vulnerabilities or the colorful attempts a hacker that is specifically targeting you may employ. You may simply prep with your best effort.