Static websites are coming back, just like vinyl LPs. Link to heading
I’ve been lately playing with Hugo, popular open-source static site generator. With its incredible speed and flexibility, Hugo makes building websites fun again. The tools like Hugo or Jekyll build HTML files for serving directly, rather than dynamically generating them on-demand using your popular server-side programming language. Static blog engines have high performance, and since the pages are static, they will cache easily.
This is not my first blog. I was self-employed back in Slovenia from 2009 to 2013, and during that era, I was actively writing two blogs. One in English and one in Slovenian language. Both of them can now only be seen on Wayback Machine.
Captured snapshot of www.celavi.org Link to heading
Captured snapshot of my old English blog by Wayback Machine.
Captured snapshot of www.internet-solutions.si Link to heading
Captured snapshot of my old Slovenian blog by Wayback Machine.
Bringing back my motivation for blogging Link to heading
Everyone has its reasons and motivations for writing a blog. This is my blog, where I’ll write for myself, me doing something for me. I often find myself searching for code snippets I used in the past and then wasting my time and energy to find them again. Putting them someplace safe (Snippets) where I could access them anytime makes perfect sense. I don’t expect that vast population will read this. It’s for specific people, including me, who will find useful bits and pieces later when needed. Out there are thousands of tutorial posts and how to articles, and I’ll try to distance myself for writing similar content.
Another big motivation for promoting myself is the reason I’ve decided to move from a permanent position to work as a freelancer. I am currently in a transition period, which will probably take a couple of months. I’ve realized that I am now my own business, a brand, a product and a service. In order to sell myself, I need to promote myself 😉
For some, this comes naturally, for me … well, it sucks. Through my posts, I am going to indicate that I’ve come to the solutions/ideas from the ground up, and I can do the same for my clients. They will know me, learn what I am passionate about, what I can do for them, and how it will benefit them, and why they should choose me.
There are plenty of exciting things I’m currently doing as a Software Engineer / DevOps Advocate, and I hope to share some of them on this blog.
Photo by Clark Tibbs on Unsplash
You build it, you run it Link to heading
Werner Vogels, CTO @ Amazon, uttered this legendary quote back in 2006, regarding how development is done at Amazon. It laid out most impactful tech trend and core principles which we are now referring as DevOps. The key principle is all about development teams operate their own product. There is no handoff to Operations. One “single” side is writing the code, testing the build, deploying the service and responding to support requests.
I’ve always been taking care of the operation part of all my pet projects. I’ve automated as much as possible of this work long before DevOps was born. That usually involved some Bash scripting and using rsync for keeping local files in synchronization with those on a server. But all the services and infrastructure were still configured manually; all the patches and updates were done manually. Each of the servers was practically unique, like a snowflake, difficult to reproduce and even more difficult to fire up another server to support the same functions.
Times have changed. In the world of DevOps and Cloud Computing, we thread everything as code, even our infrastructure. As a DevOps Advocate, I’ve used some of the tools from DevOps toolchain to help me build and deploy this blog.
Tools of trade Link to heading
The most trivial way to host a static website would probably be to use the Amazon S3 bucket. It’s quite straightforward to create and configure Amazon S3 buckets for website hosting and to upload your website content. That would be too easy 😉 I love learning by doing it, which gives me a better understanding of what it means to do the activity. It also gets me a deeper understanding of the tools and API’s. Learning by doing also promotes critical thinking.
Here are the tools I’ve used for this blog:
Hugo Link to heading
The world’s fastest framework for building websites.
- Using it to draft posts and test site locally with
hugo serve
GitHub Link to heading
- It contains all source code including infrastructure without generated files. You should never store secrets or credentials here.
Scaleway Link to heading
Scalable Cloud Platform designed for Developers. I would not recommend using Scaleway for anything serious. But low prices, unmetered bandwidth, SSD volumes makes it perfect for the developer’s playground.
- Utilizing Compute services to spin up Linux instances in the Cloud
Packer Link to heading
Packer is perfect for creating immutable and identical machine images for multiple platforms from a single source configuration file.
- Using it for building virtual-machine images for later deployment on Scaleway
- My base image is Debian Stretch, and on top of it I’ve:
- removed root access and added a limited user account
- installed all required packages
- secure the server
- automated security updates
- harden SSH access
- utilize Fail2Ban for SSH login protection
Terraform Link to heading
Infrastructure as a code software tool which enables provisioning and adapting virtual infrastructure across all major cloud providers.
- Terraform is my favourite infrastructure orchestrator, besides that is cloud-agnostic and it is written in Go. It’s maintaining the state of your infrastructure using a concept called state files.
- Using it to create immutable infrastructure on Scaleway
Ansible Link to heading
Software for provisioning, configuration management, and application-deployment.
- I love Ansible. It’s agent-less configuration management, provisioning as well as an orchestration tool. Configuration modules called a “Playbooks” are written in readable YAML format, and it is relatively easy to write when compared to other configuration management tools. Definitely number one tool when building automated tasks to ensure idempotency and battle against Configuration Drift.
Nginx Link to heading
- Using it for serving static content, minimal features need, just as fast as possible.
Certbot Link to heading
Automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates.
- Using it to obtain a wildcard certificate from Let’s Encrypt.
- For obtaining the certificate on a machine other than a target web server, we can use one of Certbot’s DNS plugins.
- CloudFlare manages my domain DNS records. Cloudflare DNS plugin for Certbot automates the process of completing a dns-01 challenge(DNS01) by creating and subsequently removing, TXT records using the Cloudflare API.
You can find the complete source code of my blog on GitHub. Link to heading
Configuration files Link to heading
Currently, all sensitive information, such as API tokens, API access keys, passwords, server IP addresses, … are stored in -dist files and are not containing the actual values. For all scripts to working correctly, we need first to copy the -dist files to right config files and add the exact parameters.
Example for .envrc
$ cd iac
$ cp .envrc-dist .envrc
Installing Link to heading
A step by step series of examples that tell you how to get everything up and running
Build Debian Base image Link to heading
$ cd iac
$ ./build.sh
Deploy infrastructure with Terraform Link to heading
$ cd iac
$ terraform init
$ terraform plan -out plan.out
$ terraform apply plan.out
Provision software and configuration with Ansible Link to heading
$ cd iac/ansible
$ # Let's use ping module to check if our machine is up and running
$ ansible hugo -i hosts.ini -u deploy --private-key ../pki/id_rsa_deploy -m ping
$ # install requirements
$ ansible-galaxy install -r requirements.yml
$ # provision machine
$ ansible-playbook -u deploy -i hosts.ini --private-key ../pki/id_rsa_deploy provision-hugo.yml
Once the infrastructure is created and all software installed and configured, we can generate and deploy new content with the following command.
Generate static content and deploy it to the web server Link to heading
cd iac/ansible
$ ansible-playbook -u deploy -i hosts.ini --private-key ../pki/id_rsa_deploy deploy-content.yml
The new content is generated, deployed and ready to serve in less than 15 seconds.
Analysis Link to heading
Some thoughts about how to improve the blog deployment process
Handling sensitive data Link to heading
Currently, confidential information is stored in plain text as placeholder values. The better way to do this is to use a tool for securely managing secrets and encryption, for example, Ansible Vault, Vault by HashiCorp, Chamber and similar.
CI/CD Pipeline Link to heading
Setting up a streamlined pipeline with CI/CD tool like Jenkins or Travis CI should be like a walk in a park.
Rotate tokens and secrets periodically Link to heading
All API tokens, secrets, credentials, SSH keys … should be regularly rotated. Ansible playbook can be easily extended to switch SSH key with a new one.
Service monitoring Link to heading
We need to monitor every dimension of the service that we are using. First one in the list should be the monitoring of SSL certificate expiration. Next thing on the list is infrastructure & application monitoring. The Sensu is an open source solution that monitors cloud infrastructure simply and efficiently.
You did it! Link to heading
Congratulations!!! I am now a proud owner of a new blog. Let’s start playing!
Are you still manually deploying your code or opening tickets for your Operations team and throwing them artefacts over the wall of confusion? Let’s meet for Coffee. ☕ We’ll discuss how you can transform your current software principles to be more DevOps friendly across your entire organization.
And remember, contributions earn you karma. 😜