Config Management Camp notes 2019

Around Config Management Camp 2019

Like FOSDEM, this is also my first time at [Config Management Camp][cmc]. I’m not sure if I was expecting less from this event than from FOSDEM, or perhaps it was the unpleasant weather in Brussels, but I did really enjoy more CMC. Here are my take overs.

Observability

It was the first time I had the chance to attend Charity Majors’ live talks (I declare myself a fan, so many of her posts and youtube videos helped me in the past I’ve already lost the count…) and as always she never dissapointed me, what a keynote she granted us! Full of passion, unicorns and memes (Charity’s style) kept us engadged for more than an hour.

From testing in production up to focus on what really matters (forget about the known unknowns, focus on the unknoun unknouns!) the gave us some helpful tips and shared some guidance towards observability in microservices ecosystems. More about her talk Observability for emerging infra: what got you here won’t get you there here

Deployments

Another cool talk was Drilling down a software bug: lessons about observability, monitoring, automation and good practices. My takeover were the five whys (you should never ask yourself more than five whys while debugging an issue, don’t go further) and disseminate your postmortens out of your team. Second one was particulary interesting because it reflected how her team learnt from other teams mistakes and thus less and less company errors (communications issues mainly) were fixed within less than a year. I’ve never thought about writting postmortens for company processes, that was both shocking and smart. More about that here.

Best Practices

Some hot topics

Scattered talks gave me some topics to check later; while I heard them before never caught my attention until this talks, I promisse I’ll give it a whirl! These hot topics were:

Unikernels: Configuration and configuration management with Unikernels
Stream Processing: Solving large scale operational metadata problems using stream processing
Istio: Control and Observability for Microservices

Testing

What did you InSpec

TIP: Use for docker images and databases too TIP2: Use inspec shell to validate your tests

Jenkins/Packer/Inspec/Terraform to bake and test AWS AMIs

Security

And last but not least, some names related to security that everyone should be aware of:

Clair - https://github.com/coreos/clair - https://github.com/arminc/clair-local-scan
OWASP Zed Attack Proxy (ZAP) / Nessus / Burp Suite / Arachni - Vulnerability scanners
Cypress - https://www.cypress.io/
Metasploit - https://www.metasploit.com

Security Shift Left!!!

What else?

After an intense week, full of great content and foody experiences, it’s time to go back to Tenerife. My deepest thanks to CMC team for such a great time and hope to meet you all again!