2021-12-05: Le vent se lève
Some days ago I decided to finally merge my hosting provider accounts to
post an update here.
The last five months I was vaccinated and the last three it was realistic
to do stuff again. I had quite the checklist, learn to play tennis at least
a bit, take up dancing again, and of course impro.
Glad I got to do all of that (if you know me you know what I left out to
manage expectations) before we’re all at home again.
To think that the beginning of my working life was mostly a never ending
holding pattern, the turbulence brought forth by this global health crisis
may finally have had some effects. Starting with the solidarity and doing
what needs to be done while at my wits’ end, followed by a period of
euphoria before the damning realization that a big part of the population
were not really as intent on being done with all this as I was, I’m in
a different place. Let’s hope it’s for the better.
Long time no post. But I had some holidays last week so I thought I’d
I already visited Bruges with family a few years ago, but this time I
decided to go at it in a different configuration.
In the Groeningemuseum I saw some of the
works of Gustave Marissiaux that I quite liked.
Of course there was a lot of beer drinking involved but the problem is that that impacts my energy levels too
much, but what can you do, it’s what Belgium is known for.
Those energy levels are also a mayor concern for me right now - the things I need to do
right now mostly require to stick around for a long time, something that I only know to do
with a laptop and work.
I had a lot of fun projects these last 6 months. But it was mostly to pass
the time. If I could only bring up the same stubbornnes for non-computer-related projects I could be happy. But the rapid feedback loop is either not there or really scary.
2016-10-29: Desired State and Maneuverability
I want to talk about my recent advances on infrastructure as code below. But
first, did you know about the garden of the Ferme de Budé? I was just strolling around Petit-Saconnex and
decided that after some years of being around I may actually explore
what’s there. Another turn to quickly escape the main roads, at the
least. I haven’t been there during market time, but I just might
Ok, now to the main topic: First of all, excuse the militant title, it
must have rubbed off from the Lean Enterprise book I’m just reading
— it’s strange to think about the work in these terms, as
usually the military implies a lot of suffering and terror. But anyway,
I’ll suspend my criticism of the form for now, I mostly wanted
to get some new ideas.
One of the things I have been focusing on at work is to make all the
infrastructure choices for our enviroments explicit, which meant a lot of
PowerShell, and, most recently Chef.
Today’s achievement was to get some recipes to my Mac in the cloud
(tried out macincloud).
The steps I followed were activating public key authenticated ssh connections, changing to not prompt for the password during sudo, setting up an SSH tunnel to
VNC for verification, bringing up a chef server and then bootstrap my Mac node with something like
knife bootstrap myhost.macincloud.com --ssh-user admin \
--sudo --identity-file ../ssh_keys/macincloud \
--node-name node1-macincloud --run-list 'recipe[mac_readme]'
Now the next, harder part, will be to figure out whether the prerequisites
to one of our cool products we did at work (sorry, can’t go into
more details about what it does) can actually be installed this way.
It would be cool because it would mean we can actually scale out and get
away from a model that involves one guy knowing all the quirks, walking
around with a USB key. We’ll see.
Oh, of course if you have some experience with provisioning macs, do not
hesitate to talk to me.
The Windows Servers
Of course on the Microsoft side, there’s a whole toolchain in the
works around PowerShell DSC. One thing that bothered me until now was
that when writing these resources, I had to execute some of them with
domain accounts. There is, as always, a plain-text-password option that’s easy to set up, but that would have been bad for my self-esteem.
So I ventured into securing our MOF files, which got a lot easier once I actually
understood the separation of environmental
from structural configuration, something I didn’ even think
of before (of course parametrizing the calls was obvious, but having an actual
second file for it with all the convention support didn’t occur to me).
Now that’s achieved. I have a repeatable way to modify my MOFs, typing
the necessary credentials and encrypting them with the correct public keys,
which means I can check in what actually matters, the configuration and the
environment data without credentials in source control and not worry about it
This whole experience taught me again that the actual time spent focusing
on articles, listening to talks and podcasts is really required to make
smart choices here. I would say that talking to my colleagues on the
infrastructure side helped as well, but I’m not yet at the stage
where this would be natural.
There are many interesting non-tech side projects where I would like
to apply this approach to as well, but it’s harder to get motivated
(even though the increased options after having learnt about a subject
should be an obvious win). Who knows, maybe it’ll work out.