Automation Paid Off

When I set up this web site, I decided to make it very easy to:

• rebuild the entire website with minimum effort
• easily migrate to another hosting provider
• apply software updates with as little risk as possible
• learn more about infrastructure automation

To achieve these goals, I picked the following projects:

• Terraform - lay the groundwork by setting up virtual Linux servers and configuring DNS entries
• Ansible - to secure and prepare the Linux server to serve web content

I chose Terraform because it allows me to bring up Linux servers in many different VPS providers with a simple configuration file. The tipping point that sold me was setting up the dynamic IP address of the newly brought up server into Cloudflare’s DNS. And all this declaratively:

resource "digitalocean_droplet" "server1" {
  name = "server1"
  image = "ubuntu-20-04-x64"
  size = "s-1vcpu-1gb"
  backups = false
  ipv6 = false
  …
}


resource "cloudflare_record" "server1-svilen-ivanov-dev" {
  zone_id = var.cloudflare_zone_id
  name = "svilen-ivanov.dev"
  value = digitalocean_droplet.server1.ipv4_address
  type = "A"
  proxied = true
}

I chose Ansible after (unsuccessfully) evaluating Chef first. Chef being Ruby seems more natural choice for me because I know proficient in that language. The whole client-server mechanics of Chef pushed me away. It was too complicated for a simple setup. Then I moved to Ansible which won me with plethora of built-in tasks: from simple user management to managing UFW

I build several roles that mold generic Ubuntu service to my liking:

• secure SSH by removing password login and configuring my SSH keys
• close all ports
• setup time, date and locale
• install vital packages: vim, mc, tree, htop, etc.
• install ngnix web server and configure it work as Cloudflare upstream proxy with TLS client authentication
• configure long term caching and compression of this web site

I executed these tasks several times until I was confident that they produce a working state.

Fast-forward to yesterday. I decided to upgrade my server distribution from Ubuntu 19.10 to the new shiny 20.04. Having these tools under my belt, it was a breeze.

1. I brought up a new Digital Ocean droplet with the new distribution by simply editing Terraform file
2. I executed all the Ansible tasks that brought that server to the same state as the existing one
3. I deployed (copied) all the web site assets to the new server
4. Tested under a new subdomain
5. Swapped the servers in Cloudflare DNS and destroyed the 19.10 droplet

It took me half an hour. The automation paid off