loading...

OPSoletes: Are Sysadmins/Ops becoming things of the past?

obierlaire profile image Olivier Bierlaire ・3 min read

At first, I was a developer. One day the guy in charge of the infrastructure/ops resigned and my boss asked me to take over his duties. Well… The handover was basically me asking dumb questions like “What the hell is SystemD?”, “Why do you want me to use docker?”, “Amazon? The bookstore?”… Again, I was a dev…

When he left, I still had no idea of what needed to be done in order to host our brand new web application. I learned.

One day, we asked an AWS expert to consult us. He taught me how to deploy an entire AWS EC2 infrastructure in few hours. He showed me how cool are AutoScaling Groups and Cloud-init/Userdata. And we started a new infrastructure, from scratch, with only 3 basic concepts:

User-data/Cloud-init

When you spin a new instance up in the cloud, you can add a little script. That script (user-data or cloud-init) is executed as soon as the machine is up. You can use it in order to set up your Linux server, install packages, get your code and run it!

#!/bin/bash
# Install NodeJS
curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
sudo apt-get install -y nodejs
# Install git
sudo apt-get install -y git
# Get our code
git archive --format=tar --remote=https://login:pass@github.com/mycompany/myproject.git HEAD | tar xf -
# Run the app
cd myproject
npm start

AutoScaling group (ASG)

Even if you don't need to “Auto-scale”, it is an elegant way to manage your machine(s). Imagine you have an API server, you need 3 instances in order to be highly available, you just tell your ASG to start 3 machines (using userdata to set up and run your api server). If you need 4, scale-it to 4 in one click. When a machine dies (memory full, etc), it will automatically be replaced! You need to upgrade, no problem, once you have updated your ASG (a new Launch configuration actually), you can kill one instance, it will be replaced by the new one with your new version! yay! Rolling upgrade!

Auto Scaling Groups

Elastic Load Balancer

In order to have one public endpoint you can place an Elastic Load Balancer in front of your Autoscaling Group. It will also perform health checks for helping your ASG replacing unhealthy instances. Done: you have a single public endpoint!

ELB and ASG

Seriously, the AWS consultant helped my workmates and I to set this up in one afternoon. One afternoon. You don't need more to have a robust infrastructure, no need to have a multi-year experienced ops background.

Of course, we also needed databases, a file storage, etc. The key is Managed Services. Cloud providers like Amazon or Google can provide it in one click. No need to take care of backup, logs, patch, etc. They will manage it for you.
By the end of the day, even if I was the Designated Ops Survivor, the entire dev team was able to deploy a new version of our code on our servers, on a real robust, highly available infrastructure, auto-managed by the team.

My job as ops expert became more about exploring new techs rather than dealing with daily issues like backups, patches, installing new versions of our app, etc.

That's why I'm thinking Sysadmins, ops, etc as a thing of the past. A few companies will probably still need them. Amazon need some in order to offer us a nice sparkling AWS Cloud! But if you are a start-up, creating a web application as a lot of us, you don't need to deal with linux patches. You need to focus on your business. With Cloud providers and a DevOps oriented organization: an infrastructure can be managed by the dev team. You can use the leverage of the IAAS (infrastructure as service) without the burden of sysadmin daily duties.

Are ops OPSolete?

Discussion

pic
Editor guide
Collapse
std_thread profile image
Sebastian Johansson

No, I don't think SysAdmins are going anywhere.

Cloud (god do I despise that term despite all this time) services are expensive, which is easy to see past when you're either too big to efficiently find talent to handle the architecture at your scale, or when you're small enough to not have the time to do so.

The fact is, there's a decent chunk of business where you need to store legally extra-sensitive data, and/or where the costs of Cloud services are prohibitive. I host most of my hobby stuff on a single VPS which cost $15 a year. On AWS, that instance costs $55 a year for just the instance (t2.nano) plus all the hidden costs on top of that.

Collapse
obierlaire profile image
Olivier Bierlaire Author

Thanks for your comment. I focused on Amazon and I should not have. Sorry.

I forgot to mention that Amazon is just an example. You can do the same on your VPS, even on your laptop. Look at Ansible, Terraform, Chef, Puppet, Docker, Kubernetes, etc. you can operate your home infrastructure, your extra sensitive on-premise racks, etc. No need to go to the cloud if you don't want to.

For hoobies however, you have plenty of Iaas (Heroku...) a bit cheaper, and also don't forget that Amazon and other providers have Free Tier plans. Your first t2.nano instance is almost free (aws.amazon.com/free/)

For security on Cloud, I'm not sure a small company with on-premises servers can do better than the big fat Amazon and their impressive list of security compliance certificate (ISO 27001, etc) (aws.amazon.com/compliance/). You have sensitive documents: AWS S3 with encryption enabled. Boom. Done. Free (5 Gb free, a good start).

Collapse
jacmoe profile image
Jacob Moen

That's all fine and dandy, but it assumes that we are willing and/or able to outsource to Amazon or Google.

It is great that the option exists, but it doesn't mean that sysadmins are a thing of the past. :)

Collapse
obierlaire profile image
Olivier Bierlaire Author

You need to focus on your product. Not on patching your firewall.

Sorry again for taking Amazon as the only example. You can do something similar on premises.
However yes, you are outsourcing your sysadmins if you move to Amazon: that's their business, not yours.

But surely, it's hard to make things moving :)

Collapse
greg_kulosa profile image
Greg Kulosa

I sure hope that you have offsite and offline backups. Just because AWS (or whoever) does some backups for you, does not protect you from everything.

This company went out of business when their AWS console login got hacked, and someone deleted all their backups:

arstechnica.com/security/2014/06/a...

They had all their eggs in one basket (the AWS basket).

So no - you cannot just put your head into the sand and totally rely on AWS (or other cloud provider) to "take care of everything for you". Not if you want your business to survive .

You still need someone with some kind of Operations mindset. Call them a Sysadmin, DevOps, or Engineer, or Developer. You still need that focus.

Also - this idea that you can just add "apt-get update" to your startup script and be good to go is quite naive. I have more than once been bitten by O/S updates that caused our apps to not work the same anymore. You need to test this stuff in a dev/QA environment first. It's also crazy to run different versions of stuff on your production cluster. That can cause debugging headaches.

Collapse
bur0v profile image
Mihail Burov

Unless you are using PaaS services, but in Amazon IaaS model you are actually responsible for patching your OS and Middleware.

Collapse
obierlaire profile image
Olivier Bierlaire Author

Correct. You are still responsible for patching everything. However, if you add an apt-get update at the top of your user-data script, you are ok... as soon as you recycle your machine frequently.
Of course there is still a bit of stuff to do, but nothing compared to hosting your own infrastructure and maintaining everything manually.