Monthly Archives: April 2016

  • -

Infrastructure As Code Revisited


One can not talk about modern software delivery without mentioning Infrastructure As Code (IAC). It’s one of the cornerstones of DevOps. It turns ops into part-time coders and devs into part-time ops. IAC is undoubtedly a powerful concept  – it has enabled the shift to giant-scale data centers, clouds and has made a lot of lives easier. Numerous tools (generally referred to as DevOps tools) have appeared in the last decade to allow codified infrastructures. And even tools that originally relied on a user-friendly GUI (and probably owe much of their success to the GUI) are now putting more emphasis on switching to codified flows (I am talking about Jenkins 2.0 of course, with it’s enhanced support of delivery pipeline-as-code).

IAC is easy to explain and has its clear benefits:

  • It allows automation of manual tasks (and thus cost reduction)
  • Brings speed of execution
  • Allows version control for infrastructure configuration
  • Reduces human error
  • Brings devs and ops closer together by giving them a common language


But why am I writing about this now? What made me revisit this already quite widely known and accepted pattern? ( Even many enterprise organizations are now ready to codify their infrastructure )

The reason is that I recently got acquainted with an interesting man who has a mind-stimulating agenda. Peter Muryshkin of has started a somewhat controversial discussion regarding the future of devops in the light of overall business digitalisation. One thing he rightfully notices is that software engineering has been learning a lot from industrial engineering – automating production lines, copying Toyotism and theory of constraints, containerising goods and services, etc. The observation isn’t new  – to quote Fred Brooks as quoted by Peter :

Techniques proven and routine in other engineering disciplines are considered radical innovations in software engineering.”

This is certainly true for labour automation that has existed long before IAC has brought its benefits to software delivery. It’s also true for monitoring and control systems which have been used on factories since the dawn of the 20th century and which computers started being used for in the 1960-ies.

But the progress of software delivery disciplines wasn’t incremental and linear. The cloud and virtualization virtually exploded on us. We didn’t have the time to continue slowly adapting the known engineering patterns when the number of our servers suddenly rocketed from dozens to thousands.

In a way – that’s what brought IAC on. There were (and still are) numerous non-IAC visual infrastructure automation tools in the industry. But their vendors couldn’t quite predict the needed scale and speed of operation caused by the black hole of data gravity. So the quick and smart solution of infrastructure-as-code was born.

And that brings us to what I’ve been recently thinking quite a lot about – missing visualization.  Visibility and transparency (or measurement and sharing) are written all over the DevOps banners. Classic view of IAC actually insists that “Tools that utilize IaC bring visibility to the state and configuration of servers and ultimately provide the visibility to users within the enterprise“ In theory – that is correct. Everybody has access to configuration files, developers can use their existing SCM skills to make some sense of system changes over time… But that’s only in theory.

The practice is that with time the amount of IAC code lines grows in volume and complexity. As with any programming project – ugly hacks get introduced, logic bugs get buried under the pile of object and component interactions. (And just think of the power of a bug that’s been replicated to a thousand servers) Pretty soon only the people who support the infra code are able to really understand why and what configuration gets applied to which machine.

In the past years I’ve talked to enough desperate engineers trying to decipher puppet manifests or chef cookbooks written by their ops colleagues. Which makes me ask if maybe IAC sometimes hinders devops instead of enabling it…

Even the YAML-based configurations like those provided by Ansible or SaltStack become very hard to read and analyze beyond simple models.

As always is the problem with code – it’s written by humans for machines, not for other humans.

But on the other hand  – machines are becoming ever better at visualizing code so humans can understand them. So is that happening in the IAC realm?

In my overview of Weapons of Mass Configuration I specifically looked at the GUI options for each of the 4 ninja turtles of the IAC and sadly found out that not even one of them got any serious praise from the users for their visualization features. Moreover the GUI solutions were disregarded as “just something the OSS vendors are trying to make a buck from”.


I certainly see this as a sign of infrastructure automation still being in its artisanal state. Made by and for the skilled craft workers who prefer to write infra code by hand. But exactly as the artisans had to make way for the factories and labour automation of the industrial revolution – a change is imminent in the current state of IAC. It’s just that the usable visualization is still lacking, the tools still require too much special skills and the artisans of the IAC want to stay in control.


Don’t get me wrong – I’m not saying our infra shouldn’t be codified. Creating repeatable, automated infrastructure has been my bread and butter for quite some time and tools like Puppet and Ansible have made this a much easier and cleaner task. I just feel we still have a long way to go. ( Immutable infrastructure and containerisation while being a great pattern and having benefits of its own also relies heavily on manual codification of both the image definitions and the management layers. )

Infrastructure management and automation is still too much of an issue and still requires too much special knowledge to be effectively handled with the existing tools. Ansible is a step in the direction of simplicity, but it’s a baby step. Composing infrastructure shouldn’t be more complicated than assembling an Ikea bookshelf  – and for that new, simpler, ergonomic UIs need to be created.

Large-scale problems need industrial level solutions. Let’s just wait and see which software vendor provides such a solution first – one which will make even the artisans say ‘Wow!’ and let go of their chisel.

And with that said – I’ll go back to play with my newly installed Jenkins 2.0 instance for some artisanal pipeline-as-code goodness. :)

  • -

Microservice Development Toolkits part 1 – Otto


Otomato is happy to announce we’re collaborating with Codefresh on their great continuous delivery for docker containers solution. (If you’re using docker in your development/production or only thinking of doing it – go check out ) Our collaboration is mostly focused on industry analysis and docker development ecosystem research with the goal of identifying pain points and providing effective solutions. With quite a bit of evangelism on top. The linked post is the first fruit of that. ottologo

Microservice Development Workflow with Otto


  • -

Have you heard of Wajig?

We love productivity tools of all kind and believe that software should be making our lives easier. For some reason many software products we have to work with don’t really feel like their creators agree. They may have great architecture, reliability and functionality but it looks like usability is snapped on as an afterthought.
One example of this is apt – the Advanced Packaging Tool used on Debian/Ubuntu Linux. While a great tool in itself, for some reason it provides a number of different user interfaces for different purposes.

To install/remove/upgrade/download a package there's the apt-get tool:

apt-get is a simple command line interface for downloading and
installing packages. The most frequently used commands are update
and install.

   update - Retrieve new lists of packages
   upgrade - Perform an upgrade
   install - Install new packages (pkg is libc6 not libc6.deb)
   remove - Remove packages
   autoremove - Remove automatically all unused packages
   purge - Remove packages and config files
   source - Download source archives
   build-dep - Configure build-dependencies for source packages
   dist-upgrade - Distribution upgrade, see apt-get(8)
   dselect-upgrade - Follow dselect selections
   clean - Erase downloaded archive files
   autoclean - Erase old downloaded archive files
   check - Verify that there are no broken dependencies
   changelog - Download and display the changelog for the given package
   download - Download the binary package into the current directory


But then if you want to search or query for packages you have to remember that a different utility is used – apt-cache:

apt-cache is a low-level tool used to query information
from APT's binary cache files

   gencaches - Build both the package and source cache
   showpkg - Show some general information for a single package
   showsrc - Show source records
   stats - Show some basic statistics
   dump - Show the entire file in a terse form
   dumpavail - Print an available file to stdout
   unmet - Show unmet dependencies
   search - Search the package list for a regex pattern
   show - Show a readable record for the package
   depends - Show raw dependency information for a package
   rdepends - Show reverse dependency information for a package
   pkgnames - List the names of all packages in the system
   dotty - Generate package graphs for GraphViz
   xvcg - Generate package graphs for xvcg
   policy - Show policy settings

And what if we want to list all the files installed by a specific package? Well we’re supposed to remember that there’s a special utility for that – apt-file. And it’s not installed by default…

Figures we weren’t the only ones puzzled by this multitude of interfaces. Wajig is targeted at exactly that – providing a unified interface to all package-related functionality on Debian/Ubuntu. Or as stated on the site:
“Wajig is a simplifed and more unified command-line interface for package management. It adds a more intuitive quality to the user interface.  Wajig commands are entered as the first argument to wajig. For example: “wajig install gnome”. Written in Python, Wajig uses traditional Debian administration and user tools including apt-get, dpkg, apt-cache, wget, and others. It is intended to unify and simplify common administrative tasks. … You will also love the fact that it logs what you do so you have a trail of bread crumbs to back track with if you install something that breaks things.”

Another nice thing – wajig knows when root privileges are needed and takes care of that, so we don’t need to rerun a command each time we forget to prepend it with sudo.

We still need to play with wajig a bit more to decide if it performs on all its promises but it definitely is going into a right direction.

Wishing you all user-friendly software and a good week.