Cogini Blog
Articles by ansible
Featured articles
Port forwarding with iptables
Managing user accounts with Ansible
As part of developing and deploying web applications, we need to be able to manage OS user accounts and control access for developers and systems admins. To do this, we wrote an Ansible role to manage users. Read more…
Managing app secrets with Ansible
In web applications we usually have a few things that are sensitive, e.g. the login to the production database or API keys used to access a third party API. We need to be particularly careful about how we manage these secrets, as they may allow attackers to access data … Read more…
Port forwarding with iptables
In order to listen on a TCP port less than 1024, an app traditionally needs to be started as root. Over the years this has resulted in many security problems. A better solution is to run the application on a normal port such as 4000, and redirect traffic in the … Read more…
Setting Ansible variables based on the environment
When deploying applications, we we usually have the same basic architecture in different environments (dev, test, prod), but settings differ. Some settings are common to all the machines in the environment, e.g. the db server connection string. We need to vary the size of instances depending on the environment … Read more…
Is it time for Lisp in DevOps?
We have been working on a project migrating a big Rails app from physical hardware to AWS, and I have been doing a lot of automation work. It strikes me how we are doing the same thing over and over with different tools: reading variables, templating files and running semi-declarative … Read more…
90 percent immutable
After a fair amount of debugging, I got an app running in an AWS Auto Scaling Group (ASG), pulling its config on startup from S3 and code from Amazon CodeDeploy. On the way I found out some annoying parts of the cloud initialization process in AWS. The idea is that … Read more…