hyperbo.la :: lifestream
permalink

I was first introduced to closures in summer '08 via #ruby blocks. This was probably the most magical moment I've ever experienced programming. That code was just another object you could pass around was amazing. Lisp would've been mind blowing. #history

permalink

when reading from stdin, ansible-vault encrypt_string does not trim trailing newlines, forcing one to use echo -n. #ansible knows this is a sharp edge and documents it, but they should do the right thing and make it consistent with password files #fail

permalink

in the quest to thin out the top-level directory sprawl in hyperbola, I got rid of .secrets. required rotating ansible vault password and rekeying everything because my password had single quotes, double quotes, and backticks (of course) #fail

permalink

#fail do not try to install ansible in a virtualenv in packer. you need a compiler. you don't want a compiler

permalink

the hyperbola + hyperbola-tools binary star monorepos is a common failure state, so I am told #fail

permalink

I just realized that by merging hyperbola-tools into hyperbola and converting my ad hoc ruby scripts to python, I moved to a monorepo and standardized on a language

permalink

6. addendum: since I already had a deploy script, it was straightforward to translate it to #ansible tasks

permalink

6. problem: bespoke deployment steps. deploy and cron run as lopopolo. deploy needs sudo password. solution: #ansible deploy_helper module

permalink

5. problem: environment names are inconsistent across tooling and deployment. solution: hyperbola_environment #ansible variable which parameterizes everything

permalink

4. addendum: I used #LetsEncrypt before migrating to AWS with a combination of cron, systemd timers, and dehydrated. ACM is easier, less error prone, and set-it-and-forget-it #win

permalink

4. problem: https is hard. solution: ACM + #terraform + ALB + CloudFront

permalink

3. problem: manual, bespoke server configuration. solution: #ansible, #vagrant, #packer, prebaked AMIs. immutable infrastructure

permalink

2. django-backup.py sucks. problems: email based, backup size is limited, unconfirmed delivery, plaintext transmission. solution: move media to versioned S3 bucket, daily RDS snapshots, logical backup json to S3

permalink

1. problem: python not running the latest 2.7.x release. solution: pyenv for local development and xenial (python3.5) + ansible + (future) deadsnakes ppa

permalink

I found a page in my wiki called hyperbola suckage 2015. This was a forward-looking list of gripes to fix as I moved from hyperbola1 to a new host #history

permalink

unexpectedly memory: I had to spoof my mac address to that of my xbox 360 so that I could register it on MIT's network #history

permalink

DNS is flipped and propagated! Live in #aws! #win

permalink

#aurora was much less forgiving with unique constraints than mysql. The schema for one of my utf8mb4 varchars had a max length of 255 and a unique index. It appears mysql silently truncates, whereas aurora complained the index was > 767 bytes. ~ #win

permalink

One source of difficulty was getting django, s3, vpc endpoints, and security groups to work together to enable s3 access from my backends #fail

permalink

my #terraform life became much easier by using name_prefix instead of name. name and name_prefix parameters were never interpolated. Instead, use interpolation in tags. In practice this means config can change without rebuilding the world #win

permalink

I initially went with the unclustered variants of elasticache and rds. Once I wrapped my head around the topology, #redis cluster mode and #aurora were much easier to work with in #terraform

permalink

buliding the #aws infra took about 30 commits, two #terraform destroys, and two terraform code rewrites. some fun bits in the following posts

permalink

The migration from a bespoke-bootstrapped, manual (scripted) deploy process to an #ansible playbook took about 20 commits. I deployed to a local #vagrant box first

Photo for post 507.
permalink

And with post 506, I can now say that hyperbola is hosted on #aws #win

permalink

2am hot take: all systems problems are best solved with pointers and routing. aka dependency and service injection

permalink

The #webpack configuration, on the other hand, was not fun to get set up. I particularly struggled fighting with the gulp plugin, which pins webpack 1.x

permalink

#webpack is amazing. I added the time-elements web components to the lifestream and contact pages. Only took an hour. Before this would have been next to impossible. #frontend #win

permalink

Rebuilt everything and modulo some zombie deposed resources, everything is good again

permalink

Discovered I had duplicate stanzas in my tfvars file. Removed the extraneous one. Broke EVERYTHING. #fail The worst was my admin IAM account losing access in the midst of a terraform apply. destroyed module.network, module.iam, and module.hyperbola-wiki

permalink

Converted wiki from ELB to ALB this morning ... took a couple of hours. modified #terraform config and updated #ansible ... also converted from Let's Encrypt to ACM. https://github.com/hyperbola/hyperbola-tools/commit/23fb9a7 #win

permalink

💯💯💯💯💯 = 500 posts #win

permalink

related, using pip-tools to manage and pin python dependencies has removed uncertainty from my deploy process. Upgrade packages only when I intend to #win #django 1.11.3 upgrade went super smoothly in part due to this

permalink

this is why #AWS

permalink

2 minutes of #downtime for libc security upgrade https://www.ubuntu.com/usn/usn-3323-1/