Books, Cloud Infra, HashiCorp, SysAdmin

Book Review – Terraform: Up & Running: Writing Infrastructure as Code

Terraform: Up & Running: Writing Infrastructure as Code

On Terraform: Up & Running: Writing Infrastructure as Code author Yevgeniy Brikman does an excellent job defending the use of Terraform, a tool designed to make the deployment of infrastructure as code. The book comes with many hands-on examples with all the code available on github for download allowing the reader to follow along.

The author provides answers to questions such as What is Infrastructure as code and What are the benefits of using Infrastructure as code. He provides context of why we are seeing a proliferation of a new set of tools – think Terraform, Packer, Docker, Ansible. He finally show how ties them back to the rise of the DevOps movement.

On DevOps, he uses a definition shared by many, myself included: “The goal of DevOps is to make software delivery more efficient”. The emphasis here is on efficiency and Terraform delivers it.

Throughout the rest of the book the many examples and exercises are set to run on Amazon AWS. Although you can run them someplace else, I would tell you to create an account on AWS and do it there. The examples do follow a logical path. You start with a single server and ending with a cluster of web servers.

To make use of new Terraform concepts, the author makes changes to the initial examples, adopting building blocks available on AWS. These concepts can to different cloud providers and the choice of AWS illustrates the power of Terraform.

One thing to keep in mind, is the fact that there isn’t a simple “brain transfer” between one cloud provider and another. This means that you can’t expect that a specific configuration on one platform will work on another. For example, an Elastic Load Balancers is a specific solution from Amazon and although a similar offer might exist in another place, Terraform can’t guarantee that it will work or act the same.

Terraform uses the HashiCorp Configuration Language (HCL), a declarative language intended to create the infrastructure. “Why should I learn yet another language” you might ask and the answer is: “To make your life easier” and here is why. Terraform can create infrastructure on different platforms such as public and private cloud providers (e.g.: AWS, Azure, DigitalOcean, OpenStack) and virtualization solutions like vSphere. This a core concept in Terraform called providers. Terraform knows how to ‘talk’ to different providers. This takes you away from having to know how to automate these platforms. Instead you can focus on learning one declarative language, HCL. This saves you from having to keep up with CloudFormation, ARM, HEAT, vRealize Automation and others.

Using Infrastructure as Code brings some important considerations. How to provide file isolation, file locking and safeguard the state of the infrastructure managed by Terraform? This brings another point, the trade-offs when using Infrastructure as Code. There are advantages of using Terraform to deploy an infrastructure. Its clear, concise, reproducible method are a plus. The drawback to have in mind is this: when not careful, a commit can break your entire infrastructure. This could be your production and staging environment.

To mitigate potential issues like that, the author shows a few practical approaches. To start, he talks about file isolation and proposes a layout to better organize your code. There’s a chapter deidcated to the use of modules (to avoid code duplication) and version control your code.

If you are new to Terraform this book will bring you up to speed and teaching you about this new and powerful tool. If you have used Terraform before, chances are you can still learn from the vast experience that Yevgeniy brings.

Terraform is a cutting edge tool and it is here to address a complex problem. This book allows you to get the information you need in no time with many examples. Recommended!

To Yevgeniy Brikman: Thank you for writing this book. Staying up to date with a tool still in it’s early days is a challenge. Writing about it must be very hard, so thank you.

FreeBSD, SysAdmin

Merry Xmas: Gift ideas for a BSD aficionado

Greetings fellow BSD folks! Christmas is here ! Did you know that there’s life outside of chocolate, turkey and countless hours of watching Home Alone? Here are 6 gift ideas for the BSD aficionados out there.

1. Introduction to the FreeBSD Open Source Operating System LiveLessons


This series of videos from Addison-Wesley, is a must have for the BSD fan. During the more than 10 hours of discourse,  Dr. Marshall Kirk McKusick does a superb job of taking you into a tour of the many subsystems that make FreeBSD. The material presented here will go side-by-side with the Design and Implementation of the FreeBSD Operating System. This course is a subset of a 15-weeks long training that McKusick offers as a consultant. More information can be found on his personal website

Here’s what Dr. McKusick covers during this LiveLessons:

  • Lesson 1: Introduction to the FreeBSD Community
  • Lesson 2: Introduction to the Kernel
  • Lesson 3: Processes
  • Lesson 4: Virtual Memory
  • Lesson 5: I/O System Overview
  • Lesson 6: Devices
  • Lesson 7: The Fast Filesystem
  • Lesson 8: The ZFS Filesystem
  • Lesson 9: Networking and Interprocess Communication

You can buy the LiveLessons here.

2. Raspberry Pi


Yes, the Raspberry Pi, a tiny little computer that you can run FreeBSD. You can fetch a ready to go image at the official repo (RPI-B and RPI2) and for RPI3 you can use the images at RaspBSD. In my setup (above picture) I have a mix of 3 RPI2 and one RPI3 coupled with a NETGEAR GS108E switch (capable of VLAN tagging). To power up this setup, I’m using an Anker Multi-USB Charger.

With FreeBSD you can access the GPIO interface with gpioctl(1). Vadim Zaigrin has a full detailed blog post on how to use it.

3. Annual subscription to the FreeBSD Journal

FreeBSD Journal.png

Keeping up with all things FreeBSD might be hard, we have a very active community and  there seems to be something interesting happening. An excellent resource to keep you up to date is the FreeBSD Journal. The Journal is a bi-monthly publication that contains articles from known FreeBSD figures such as Allan Jude, Dru Lavigne, George Neville-Neil, Joseph Kong and Michael W. Lucas just to name a few.

4. All of the books from Michael Lucas


I can’t praise him enough, Michael Lucas has a rare gift of making really dry material palatable to the masses. From SSH, to PAM going to FreeBSD (including an incredible specialty series on filesystems – yep, ZFS is covered), he has done it all – but don’t tell him that, we still want him to publish more  🙂 . You can’t go wrong with any of his material, so this is extremely recommended. Check out his work at the Tilted Windmill Press or at Amazon.

5. BSD Magazine Online Courses


The BSD Magazine is a free (yes, free!) online resource that is published on a monthly basis with news, various articles and tutorials. On the BSD Magazine website you can also find some courses such as the DevOps with Chef on FreeBSD, Using FreeBSD as a Fileserver with ZFS and Deploying on office / workgroup server on FreeBSD. During the holiday season you can use the promo code holidays30 to get 30% off on everything announced on their site! A pretty good deal!

6. FreeBSD Mall Goodies


The FreeBSD Mall is a known place if you want to get FreeBSD memorabilia. From t-shirts, polo shirts, CDs, books, stickers and hats, the FreeBSD Mall has it all. Check their promo and special sections to get extra savings on assorted items. On December 23rd they just released two new FreeBSD baseball caps (have to check them out!).

Have your self a Merry Christmas and an awesome New Year !


FreeBSD, SysAdmin

Continuous Learning: Why I’ve opted to learn BSD’s and so should you

– I’m making this a permanent entry into the blog under “Learn BSD”.
– Added reference to BSDTV, OpenBSD FAQ, Dragronfly BSD Digest

Magic now. Magic I unnerstan’.

The Color of Magic, Discworld #1


Yes, magic, but unlike our character Rincewind in The Color of Magic, the spells that I’ve learned over the years by using BSD’s are still somewhat accessible in my memory – I don’t just forget them after studying it for months but using it for just a single time. This is the kind of knowledge you should be going for as well, the one that you can build and sharp over time, that is, without having to relearn it all.

Roughly after 15 years using FreeBSD and OpenBSD and working in a different industries and positions, I do not regret my choice to stick with these systems. I initially, as many I believe, started my UNIX-like journey with Linux, trying various distros for a while. I was fortunate to be introduced to FreeBSD (and OpenBSD after that) by a friend during college, and since that, never looked back. Don’t get me wrong, I still do use Linux, as I did use Solaris, when they made more sense or were somehow required – and that’s ok. I still try to use FreeBSD/OpenBSD whenever I can, in and out of Corporate world.

The BSD Culture

On an interview for the BSD Magazine, Dru Lavigne phrased how the BSD community really works:

You can (and should) slow down and learn how things work. It can be a mind shift to learn that the freedom to use and change how something works does exist, and isn’t considered stealing. And that learning how something works, while hard, can be fun. BSD culture, in particular, is well suited for those who have the time and temperament to dive into how things work.

The BSD culture does indeed invites one to go on, learn and share. Overtime, this mindset will stick with you, it sure did to me, becoming a part of my professional and personal life.

Really ? How? Mind sharing some examples?

I am all for using the right tool for the right job and I’ve being satisfied to a large degree by the amount of proper tools that both, FreeBSD and OpenBSD bring to the table. Here’s a brief list of solutions that I’ve used:

  • OpenBSD’s svlan interface to capture QinQ traffic for a Telecom Customer (capture traffic from a DSLAM Cabinet on the street).
  • Flow analysis with pflow and nfsen on OpenBSD.
  • File sharing with FreeNAS.
  • Firewalling a branch office with OpenBSD.
  • Using Asterisk (Soft PBX) on OpenBSD to connect a small office.
  • Create a 3G wifi hotspot with OpenBSD (pf, ppp) on a tradeshow.
  • Deployed a reversed ssh tunnel from an OpenStack private cloud into a FreeBSD droplet at Digital Ocean. This allowed me and my team to troubleshoot our OpenStack cloud appliance running  on a conference floor (that is, working after hours from the hotel).

All of that can/could be done by something else (Linux, for example). But the simplicity and careful way the BSDs are documented were unprecedented for me as an Engineer. Many times all I had access to were the man pages so knowing they were accurate was unprecedent.

The situation today

The one topic that bothers me though, is the latest trends in IT. Every week, it seems to be a tremendous amount of “new technology” (aka NIH solutions)  all over the place – followed by nonsense hype.  With that, think about what makes sense to you and think about the time you will invest (yes, invest) continuous learning these technologies.

If you are coming from Linux and is new to BSDs, take a moment to read the excelent A Comparative Introduction to FreeBSD for Linux Users at Digital Ocean.

The Tomes of Magic – Audio, Video et al

Reading material (Online):


FreeBSD –

  • The Design and Implementation of the FreeBSD (Amazon)
  • Absolute FreeBSD: The Complete Guide to FreeBSD, 2nd Edition (Amazon)
  • FreeBSD Mastery: Storage Essentials (IT Mastery) (Volume 4) (Amazon)
  • FreeBSD Mastery: ZFS (IT Mastery) (Volume 7) (Amazon)
  • FreeBSD Mastery: Specialty Filesystems (IT Mastery) (Volume 8) (Amazon)
  • FreeBSD Mastery: Advanced ZFS (IT Mastery) (Volume 9) (Amazon)

OpenBSD –

  • Absolute OpenBSD: Unix for the Practical Paranoid 2nd Edition (Amazon)
  • The Book of PF: A No-Nonsense Guide to the OpenBSD Firewall  (Amazon)

Audio and Video:

Meeting the Wizards

In some occasions, you can meet the “pointy-hats” in these events:

This is by no means a full list of the events. For an updated list, please refer to these:

Baking it: Running FreeBSD on a Raspberry Pi

If you want to learn or teach BSD, you should be aware that FreeBSD runs on a few accessible devices ($) such as the Raspberry Pi (B+, 2 and now 3). This is incredible interesting and as we move move forward, more of these devices are expected to be supported. Here’s an idea, you can use RPI’s with the _free_ material from to spread the knowledge. As a matter of fact this would work not only for the internals of FreeBSD  but also for practitioners to get hands on.

  • Pros: Cheap platform, easy way to get started and to teach others.
  • Cons: Initial setup and cost when going with more than one PI. Availability of the Raspberry Pi in your region can be tricky.

In a hurry ? Try using a cloud

A quick way to have access to BSDs is to use one of the main public cloud providers such as Digital Ocean, AWS and Microsoft Azure.

  • Pros: Immediate access. Easiest way to get started. Can be very cheap (pay per use).
  • Cons: Initial setup. Might not be accessible from a Corporate environment (firewall, etc).

If you can’t go with a cloud environment, another option is to fire up Vagrant with FreeBSD with the official releases from the FreeBSD Release Team.

Going all in: Using it as a desktop

To fully learn FreeBSD or another BSD for that matter, is to go all in. Based on my own experience, I would suggest that you install either one of the BSDs and build up a desktop (which is honestly fairly easy) or to go with a ready-to-go option such as the awesome TrueOS. As a matter of fact, one should go ahead with TrueOS and see how well integrated a FreeBSD desktop can be. Don’t be fooled, TrueOS _IS_ FreeBSD and carries all of the advanced computing capabilities you’d find on FreeBSD (OpenZFS, Dtrace, GELI Encryption, Jails, bhyve just to name a few) but it takes the burden of building and fine tuning a FreeBSD Desktop – plus some extra awesomeness developed by Kris and the team (AppCafe, SysAdm, etc).


2016 is almost coming into an end, so how about this as a challenge. How about starting 2017 by deep diving into FreeBSD, taking the time to learn a set of tools that are likely to stay with you for the next years to come? Expect more information on that front here.




Cloud Infra, SysAdmin, Uncategorized


Have you ever been in a situation where you had to go down to your home lab datacenter to reset a stubborn system? I bet you did and that’s not cool (at all). Luckily, many servers have a way to help you out with this. For me, salvation came in the form and shape of the Intel RMM (Remote Management Module) board.

According to Intel here are the key features:

  • Full remote access keyboard, video and mouse (KVM)
  • USB media redirection
  • Remote power actions
  • Proactive system health monitoring
  • Secure, embedded web server
  • Dedicated network connection

Which translates into pretty much the same experience as one would have by sitting in front of the machine (BIOS access and such). This also means that one could install an operating system remotely and even reboot/shutdown/poweron a server (again, remotely).

The access to this board is usually done through ssh. After you login you will be prompted into some form of shell (a bit more crude), specified by the Systems Management Architecture for Server Hardware Command-Line Protocol (aka SMASH CLP), specified bt the DTMF.

Continue reading