Packaging software with Docker and Effing

Using pre-packaged software is the quickest and most robust way to provision instances.
However, building software packages can be tedious as 1) it must be done on a clone of the instances to be provisioned and 2) it requires specific knowledge on the type of package/platform that has to be created. Also, 3) a repeatable/automatic workflow might be difficult to create.

In this post, we show how we can use docker and the Effing Package Management to greatly simplify, speed and account the packaging process.

Continue reading →

Share this:

Building AWS AMIs with Packer-Ansible: tips and tricks

Continuous deploy with immutable infrastructure requires an automatic and robust workflow for building virtual machines. This article lists some tips and tricks on how to use Packer and Ansible with the base AWS Linux AMI.
Using Packer and Ansible, a simple bash script “wrapper” can be responsible to build, provision and deploy AMIs into your AWS infrastructure.
Continue reading →

Share this:

Building an AWS AMI with encrypted root device

There is not much to dispute about the importance of encrypting data.

Elastic Block Store (EBS) encryption offers a solution to encrypt EBS volumes, i.e. machine “disks”. Data residing on encrypted EBS volumes are assured to be encrypted at rest, while moving between the volume and the instance and also when dumped into a volume snapshot.
However, unlike other services such as S3 Server-Side Encryptions (SSE-S3, SSE-KMS, SSE-C) or Redshift clusters (immutably encrypted on-demand during nodes launch), AWS does not provide any guideline on how to create a base AMI with all the EBS volumes encrypted. This article describes the solution we have implemented @ Sequra.

Continue reading →

Share this:

In my .pryrc (part 1 of… 3?)

I develop software all day, every day. Some days, I don’t open my editor, and it’s all drawings on a whiteboard. Other days, I write five little classes that work together to solve a big problem. And sometimes, I write code to help me figure out what I’m doing. Some of that code goes into the .pryrc of the current project, so that every teammate can use it and so that it’s available on production servers as well. In this mini-series of who-knows-how many parts, I’m going to talk about some of that code. Perhaps it can be useful for others, and perhaps it can inspire better tools.

Continue reading →

Share this: