Agile does not imply cowboy. Gather requirements and build a safe plan.

One trend I’d love to bury with 2020 is strategy shaming.

I’ve seen speakers ridicule the question: “but what if we deploy without containers?” My question to those speakers is: How can you give unwarranted guidance or constraints to a solution without understanding the use case or environment?

The truth is some applications are still not a fit for containers or microservices. Some applications aren’t even fit for virtualization. Some people forget that not all workloads use HTTP(S) or REST APIs. I’ve seen an entire team of developers at a banking organization dedicated to an application used by just a…

Why does HashiCorp prefer Golang for our projects and what that means for you as a user?

What are the pros and cons of Golang and why does HashiCorp prefer it for our projects? More importantly how does it simplify your customer experience? I’ll consider this an outside perspective because my own history as a coder tends to be very low-level in the memory management and kernel space of C and C++. I have also worked supporting many projects based on JIT and scripting options like Java, .NET, Python, and Ruby. I will consider Go objectively with all advantages and disadvantages. …

Just 100 lines of code let your computer tell others when you’re in a web call.

At the beginning of COVID lockdown and multiple people working from home it was obvious there was a need to let others know when I’m in a meeting or on a live webcam. So naturally it took me one year to finally do something about it. Now I’m here to share what I learned along the way. You too can have your very own “do not disturb” sign automatically light up outside your door to tell people not to walk in half-dressed on laundry day.

At first I was surprised Zoom doesn’t have this kind of feature built in, but…

Whether you’re upstream or downstream or a business trying to weather rough times, open source can be mutually beneficial.

Whether you’re a business or an individual the open source community presents great opportunities during recessions like this. This post digs into the business of it all, including the ugly balance of CAPEX vs OPEX and budget squeezing. A lot of open source projects thrive and are even boosted by recessions. I am no Economist but you don’t have to take my word for this. A bit of digging finds plenty of great information:

  1. BusinessInsider
  2. CNET [2008]
  3. DotEDUGuru
  4. Drupal founder Dries Buytaert
  5. Forbes [2009]
  6. LinuxInsider [2009]
  8. TechCrunch
  9. TechRepublic

To start out it’s important to lay out the business of…

Supported and secured RPM and DEB repositories are now available for Hashicorp OSS and ENT binaries.

It’s been a long time coming but we finally have official Linux repositories for both our open source and enterprise offerings. This provides signed RPMs and DEB files along with automatic updates and simple rollbacks. This also both simplifies and deprecates quite a few of our Terraform examples and deployment strategies. It’s a good thing. Official release launch is at the end of July but early availability is public.

[Update] Repos are now public and contain all of Hashicorp’s products including newer Boundary and Waypoint. An interactive Instruqt track lets you simulate installation and upgrades here.

If you’ve used my…

Can you schedule heterogeneous jobs and containers in the cloud without systemd? What comes after systemd?

With another HashiConf in the books, I’m feeling another wild experiment coming on. Every HashiConf I get a few questions about Terraform that tell me a lot of people have the wrong idea about Terraform. Since it’s one of our most popular products people tend to try to do everything with it, including configuring and deploying services via provisioners and pull requests. This is the job of schedulers or orchestrators, not infrastructure provisioning tools.

Terraform apply is an inefficient way to start/stop a service.

Even some of our own Terraform examples demonstrate nested heredocs for installing binaries, configuring systemd units…

Packer open source is still the solid foundation of automation no matter how you deploy it.

Packer is HashiCorp’s second project and a big shift from Vagrant’s built in scripted Ruby to the glorious world of compiled GoLang. These two tools are our only open source offerings without Enterprise support options. Packer is completely free. That doesn’t mean that Packer isn’t used in the enterprise. Even Terraform Enterprise users need images to provision. Suggested best practice is to only use runtime Terraform provisioners as a last resort for customizing an image after deployment. So how are you supposed to create specialized environments without Terraform provisioners? The answer is Packer’s own provisioners. Deployments are much quicker and…

OpenAPI and JSON schemas make your Infrastructure as Code life much simpler.

As we near Hashiconf EU Digital, I’d like to recap an important concept that was announced last year. Hashicorp products made a big push for OpenAPI support, starting with Vault. Users have occasionally asked for JSON schemas for our products, which help formalize our API payloads and enable really helpful tooling if you work with our JSON-enabled products. OpenAPI is finally making sense to me as an “extended subset” of JSON schema standards, which combine payloads as well as API functionality. While OpenAPI is much more powerful with API tooling, IDEs and IaC tools often include support for the JSON…

Supercomputers like Oak Ridge National Lab’s Summit schedule HPC jobs at super scale to solve problems where nanoseconds matter.

HashiCorp isn’t just about digital transformation and the cloud. Nomad and Consul are also great for heterogeneous workloads. We often say that, but what does it look like? HashiCorp engineering supports x86 and ARM builds across multiple variants and OS releases, but what about Power and IBM Z?

With the widespread usage of x86 processors in clouds, it’s important to remember that other platforms still exist and are still very relevant. Don’t forget the current #1 publicly listed supercomputer in the world [Update #2, top slot was taken by Japan with ARM] is the US DOE’s $325 Million Summit which…

Apply some general system hardening to your platforms to protect your Vault secrets from attackers.

System hardening for Vault

As customers put a lot of trust in their HashiCorp Vault installations, it’s important to think about good old system hardening guidelines. Why do security guidelines recommend installing on VMs instead of Kubernetes? What are the chances an external or internal attack could compromise your Vault? I’ll put on my white hat 🤠 and show you exactly what I would try if I were trying to compromise your Vault from either an external connection or an internal vector within your DevSecOps team. You can use the information to help prevent anyone from getting through. …

John Boero

Hashicorp Channel Solutions Engineer for International Partners. I’m from Chicago but live in London. Cloud is great but I’m also a tin man.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store