infrastructure as code -...
TRANSCRIPT
![Page 1: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/1.jpg)
infrastructure as code might be literally
impossiblejoe damato
packagecloud.io
![Page 2: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/2.jpg)
hi, i’m joei like computers
i once had a blog called timetobleed.com
@joedamato
![Page 3: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/3.jpg)
packagecloud.io@packagecloudio
![Page 4: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/4.jpg)
follow along
blog.packagecloud.io
![Page 5: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/5.jpg)
infrastructure as code might be impossible because nothing works.
![Page 6: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/6.jpg)
codewhat is code?
![Page 7: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/7.jpg)
codemakes Computer do complicated stuff in small steps
![Page 8: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/8.jpg)
codeeach small step is made up of a keyword (and other stuff)
![Page 9: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/9.jpg)
codeand so the keywords let you use Computer
![Page 10: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/10.jpg)
codedifferent languages have different tradeoffs
![Page 11: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/11.jpg)
codesome languages are difficult
![Page 12: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/12.jpg)
codeassembly C C++ …
![Page 13: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/13.jpg)
so, you need to use them defensively
![Page 14: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/14.jpg)
Story Timeopteron revision E
mysql+
![Page 15: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/15.jpg)
codesome languages are perceived as easy, but are terribly difficult
![Page 16: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/16.jpg)
codeRuby Perl Bash …
![Page 17: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/17.jpg)
An AsideYou must be an expert in C to write good, fast Ruby/etc
![Page 18: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/18.jpg)
that’s part of a different talk called: “high level languages don’t exist”
But
![Page 19: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/19.jpg)
hard or impossible to use these languages defensively enough
![Page 20: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/20.jpg)
Story TimeMRI segfaults MRI threading
![Page 21: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/21.jpg)
![Page 22: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/22.jpg)
ThusYour code does things outside of your reference frame
![Page 23: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/23.jpg)
UnlessYou’ve read every line all the way down (you haven’t).
![Page 24: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/24.jpg)
OK.
![Page 25: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/25.jpg)
infra codemakes Computer do complicated stuff in small steps
![Page 26: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/26.jpg)
infra codehas really high level ‘keywords’
![Page 27: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/27.jpg)
package “blah-pkg" do version "1:1.2.8-1" action :install end
![Page 28: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/28.jpg)
package { “blah-pkg“: ensure => present, source => “https://packagecloud.io/...”, provider => rpm, }
![Page 29: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/29.jpg)
what if i told you
![Page 30: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/30.jpg)
infra code operates outside of your reference frame, too
![Page 31: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/31.jpg)
meaning
![Page 32: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/32.jpg)
unless you’ve read every line all the way down…
![Page 33: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/33.jpg)
you haven’t
![Page 34: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/34.jpg)
OK.
![Page 35: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/35.jpg)
some things you (probably) didn’t
know
![Page 36: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/36.jpg)
what if i told you…
![Page 37: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/37.jpg)
an MRI bug once made puppet peg CPU usage
![Page 38: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/38.jpg)
sigprocmaska syscall used
via [sg]etcontext
![Page 39: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/39.jpg)
[sg]etcontext used for threading
and exception handling
![Page 40: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/40.jpg)
“The “puppet” process spends 40-60% time in “system time”, which
lengthens the time a single puppet run takes from a few
minutes to > 20 minutes.”
![Page 41: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/41.jpg)
I wrote a fix for this bug that was never accepted upstream
![Page 42: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/42.jpg)
(hi)
![Page 43: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/43.jpg)
http://timetobleed.com/fix-a-bug-in-rubys-
configurein-and-get-a-30-performance-boost/
![Page 44: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/44.jpg)
a friend working at a huge company told me that
without that patch, they couldn’t run puppet.
![Page 45: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/45.jpg)
(hi)
![Page 46: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/46.jpg)
coincidence?“We’re working on rebuilding our entire client-side technology stack, so it takes fewer resources, runs faster, and is more maintainable.”
- puppet blog
![Page 47: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/47.jpg)
supposivelythey are supposively rebuilding (some/all?) client side stuff in C++
![Page 48: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/48.jpg)
similarlyOHAI-330
Ohai crashes on Solaris 11, Ubuntu 12.04 in mixins/command.rb: popen4
![Page 49: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/49.jpg)
GC.disable / GC.enable
workaround
![Page 50: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/50.jpg)
(The work around is to disable a major feature of the language.)
workaround
![Page 51: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/51.jpg)
what if i told you…
![Page 52: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/52.jpg)
it’s impossible to install a program
securely on most linuxes
![Page 53: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/53.jpg)
But, package mangers have
GPG!!!11!!
![Page 54: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/54.jpg)
No
![Page 55: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/55.jpg)
YUM + GPGtl;dr: doesn’t work most
of the time and is nearly impossible to
get it working
![Page 56: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/56.jpg)
Story Timepygpgme repo_gpgcheck gpg v3 signatures
![Page 57: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/57.jpg)
gpg v3 signatures%__gpg_sign_cmd %{__gpg} \ gpg --force-v3-sigs --digest-algo=sha1 --batch --no-verbose --no-armor --passphrase-fd 3 --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}
![Page 58: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/58.jpg)
(hi)
![Page 59: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/59.jpg)
Story Time
sslverify
![Page 60: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/60.jpg)
APT + GPG
tl;dr: doesn’t work most of the time and is
nearly impossible to get it working
![Page 61: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/61.jpg)
Story Timedebsigs vs dpkg-sig
gpg signing deb packages is pointless
XML policy documents
![Page 62: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/62.jpg)
/etc/debsig/policies/DDDF2F4CE732A79A/hi.pol
<?xml version="1.0"?> <!DOCTYPE Policy SYSTEM "http://www.debian.org/debsig/1.0/policy.dtd"> <Policy xmlns="http://www.debian.org/debsig/1.0/"> ! <Origin Name="test" id="DDDF2F4CE732A79A" Description="Test package"/> ! <Selection> <Required Type="origin" File="debsig.gpg" id="DDDF2F4CE732A79A"/> </Selection> ! <Verification MinOptional="0"> <Required Type="origin" File="debsig.gpg" id="DDDF2F4CE732A79A"/> </Verification> </Policy>
![Page 63: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/63.jpg)
oh, and, um…
![Page 64: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/64.jpg)
Both are vulnerable to replay attacks
![Page 65: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/65.jpg)
Neither deal with key revocation
![Page 66: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/66.jpg)
Both are vulnerable to several GPG
related attacks
![Page 67: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/67.jpg)
(these are some of the ∞ reasons why
you should use packagecloud.io)
![Page 68: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/68.jpg)
what if i told you…
![Page 69: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/69.jpg)
the CA certificate bundle you use revoked AWS’s
SSL CA ?
![Page 70: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/70.jpg)
but before i explain that, periodic reminder that trusted CA certs come from this URL
![Page 71: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/71.jpg)
periodic reminder
curl.haxx.se
![Page 72: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/72.jpg)
OK, anw…
![Page 73: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/73.jpg)
bento, vagrant, kitchenopscode-centos-5.11!on or around 2015-02-23 updated the CA cert bundle
![Page 74: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/74.jpg)
bento, vagrant, kitchen
resulting in a bundle with AWS’s CA being revoked
![Page 75: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/75.jpg)
curl.haxx.se“We in the curl project didn't anticipate anything of this. We get the data from the Mozilla project and they changed the properties. We've run the same script daily since a long time. One day the output changed to this.” - http://curl.haxx.se/mail/archive-2014-10/0068.html
![Page 76: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/76.jpg)
bento, vagrant, kitchen
and then accessing S3 from vagrant boxes produced by bento stopped working
![Page 77: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/77.jpg)
read more on chef’s blog: “Bento Box Update for CentOS and Fedora”https://www.chef.io/blog/2015/02/26/bento-box-update-for-centos-and-fedora/
![Page 78: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/78.jpg)
PS
debugging SSL is really difficult
![Page 79: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/79.jpg)
BTW QUICK THING
![Page 80: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/80.jpg)
cognitive load
“cognitive load refers to the total amount of mental effort being used in the working memory"
![Page 81: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/81.jpg)
cognitive load
at some point you have to wonder: when does it become too much?
![Page 82: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/82.jpg)
cognitive load
“just read the code” is impossible because you need to read millions of lines of code
![Page 83: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/83.jpg)
cognitive load
“People changing our Chef recipes to make something work for them, but then breaking everyone else’s [stuff] is practically constant at [company] right now.”! !! ! ! - my friend who works at [company]
![Page 84: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/84.jpg)
this is all part of a different talk called:
“the effect of capitalism on computing”
But
![Page 85: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/85.jpg)
anw
![Page 86: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/86.jpg)
what if i told you…
![Page 87: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/87.jpg)
you can DoS a machine with
yum/apt metadata?
![Page 88: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/88.jpg)
when apt/yum request metadata,
just reply with a never ending file.
![Page 89: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/89.jpg)
ya but i’m not an official
mirror lol ??
![Page 90: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/90.jpg)
(ya tu sabes)
![Page 91: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/91.jpg)
“Debian and CentOS listed the mirror within a few hours, and Fedora listed the mirror in minutes.”
!
- academic paper
![Page 92: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/92.jpg)
what if i told you…
![Page 93: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/93.jpg)
createrepo generates
incorrect metadata sometimes?
![Page 94: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/94.jpg)
rpmUtils bug
rpmUtils uses python’s find method instead of rfind when
splitting version strings
![Page 95: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/95.jpg)
rpmUtils bug
version strings with two ‘-‘ in them are split on the first, not the last
(incorrect)
![Page 96: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/96.jpg)
rpmUtils bug
resulting in incorrect package metadata
![Page 97: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/97.jpg)
rpmUtils bug
this is live on the official mirrors right now
![Page 98: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/98.jpg)
rpmUtils bug
i filed a bug about it, but from the looks of it, it won’t be fixed.
![Page 99: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/99.jpg)
OK, these are all cool stories, but…
![Page 100: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/100.jpg)
people are using infrastructure as code today though?
what gives?
![Page 101: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/101.jpg)
indeed they are, with varying levels of success and in many
cases great pain
what gives?
![Page 102: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/102.jpg)
IN MY OPINION
![Page 103: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/103.jpg)
opinion 1
we won’t be able to have truly reproducible infrastructure until
we figure out better ways of building computer systems.
![Page 104: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/104.jpg)
opinion 2
each time you move to a higher level of abstraction, you need to know more stuff.
!
maybe cutting out some layers in between can make this more easily solvable?
![Page 105: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/105.jpg)
opinion 3
we need to be more honest and responsible about our choices
and analysis of technology.
![Page 106: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/106.jpg)
opinion 4
huge companies making billions of dollars on top of these software systems should take the initiative to invest in making them better.
![Page 107: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/107.jpg)
opinion 5
we haven’t found the “answer” yet. what we have is better than what we
had, but we need to think bigger.
![Page 108: infrastructure as code - chariotsolutions.comchariotsolutions.com/wp-content/uploads/2016/04/JoeDamato.pdf · infrastructure as code might be impossible because nothing works. code](https://reader033.vdocuments.us/reader033/viewer/2022042310/5ed7a33e48b98015c20209f3/html5/thumbnails/108.jpg)
?packagecloud.io@packagecloudio