« Back to home

ChatOps and Cog

ChatOps: A Brief History If you’ve been in the DevOps space over the past few years, you’ve probably heard the term “ChatOps” thrown around. If not, there’s a simple definition: ChatOps: Performing Operations tasks in group chat. A good example of this would be kicking off a deployment to production by typing a command in a chat room. There are plenty of videos and slidedecks of the power of this approach, but I’ll just include GitHub’s here:…

Read more »

Secrets in AWS

Managing secrets in the cloud Moving hosted services to cloud-based archictectures has introduced a lot of different pain points, some new, some pre-existing that become more of an issue. One such issue is secrets1. There have been a number of different discussions and solutions for this problem, including: Hacker News: Ask HN: In a microservice architecture, how do you handle managing secrets? Docker GitHub: Secrets: write-up best practices, do’s and don’ts, roadmap The main question here is: “How do you expose secrets to only those services that require them, without exposing them to those that don’t, and at the same time make their lifecycle (rotating/replacing/expiring) easy to maintain?…

Read more »

Serverless Blog

Hello from CloudFront As of today, this blog is now being served by Amazon S3, and cached globally by CloudFront. You can say it’s “serverless”, even if the term isn’t quite true (after all, it’s always running on someone’s server). The transition wasn’t too easy, but it was my first crack at hosting a site purely in S3, and it was a chance to learn to use CloudFront and Travis CI.…

Read more »

From Debian to CoreOS

Moving to CoreOS Just a quick entry here. Historically this site has been running on a Digital Ocean Debian droplet. I liked having a remote Linux host that I could run random things on, including this blog. However, recently I’ve only been using it to run things within Docker containers. Since CoreOS was designed for exactly this purpose, I decided to try setting up a single-host cluster as a DO droplet.…

Read more »

Yubikey, Keybase and SSH

History About a year ago, I purchased a Yubikey NEO, a hardware-based two-factor authentication keyfob. I’d had an earlier version that could generate tokens upon being pressed, but the NEO included a few things I wanted to test out, including the ability to store gpg keys on it. I was also curious to see how hard it’d be to use the Yubikey with SSH connections. I went through the entire setup a year ago, got frustrated with using GPGTools on OS X and the keychain, and then promptly forgot about it for a year until my key expired and I’d forgotten the passphrase I’d use to encrypt it.…

Read more »

Docker lifecycle with Caddy

Caddy was recently updated to 0.8.31. My website’s Docker image was built with the previous version, so I had to update the corresponding Dockerfile and rebuild it on the Docker Hub2. To update the container running on my DigitalOcean droplet, I just ran the following: docker pull steeef/stp5net docker stop stp5net docker rm stp5net docker run -d –restart unless-stopped <environment-specific-options-here> –name stp5net steeef/stp5net Notice I’m using the –restart unless-stopped restart policy3 for the run command.…

Read more »

raspberry pi projects

Interesting Raspberry Pi Projects I have a few Raspberry Pi Model B’s laying around, and I’ve been meaning to try out some things with them. I also bought the recently-released Raspberry Pi 3 that I wanted to find a use for. Pi-hole Pi-hole, put simply, is an ad-blocking, anti-tracking DNS server that you can use in your home network. It was super-easy to set up, and even has a pretty web interface for viewing stats:…

Read more »

Caddy and Let's Encrypt

Note: this is a follow-up to my earlier post on setting up Caddy with Docker, which is here. I’ve just enabled Caddy’s Automatic HTTPS function, which leverages Let’s Encrypt to generate a key and get a signed certificate as soon as the server starts up. It’s free and simple. Awesome! I was able to figure this out by reading the official documetation on Automatic HTTPS1 and Abiola Ibrahim’s example Dockerfile for Caddy, which included a nice section on how to persist the .…

Read more »

Using Docker in OS X with DLite

The Past If you’ve ever used Docker in OS X, you’re probably familiar with the pain of being forced to run a Linux VM to test Docker containers. I’ve personally spent hours troubleshooting problems while using boot2docker and its successor, docker-machine. Historically, relying on VirtualBox for anything in OS X development has never been painless (though I’ll admit it’s improved over the past few years). xhyve Luckily, there’s a better way.…

Read more »

Creating my blog with Docker, Hugo, and Caddy

A lonely web server I pay for a small DigitalOcean droplet running Debian. I originally created it just to have a remote server with which to play around with various tools. One of which was to host a static site via nginx running in a Docker container. Nothing’s really changed with it since that initial setup, save running the container with systemd-nspawn1. Let’s get blogging Fast forward a few years, and I’ve been itching to try out some newer technologies.…

Read more »