It is in general very good idea to manage infra configuration as a code. Unfortunately, Mirkotik terrafrom support is basic, as OSS driven.

Nevertheless, I appreciate author for effors.

Here is an example how to use it with Hashicorp Vault.

Commands

export VAULT_ADDR=http://vault_address:8200
export VAULT_TOKEN=<token>
terraform init
terraform plan

Example

main.tf

provider "vault" {}

data "vault_generic_secret" "main" {
  path = "common/mikrotik/nexus-home"
}

provider "mikrotik" {
  host           = data.vault_generic_secret.main.data["address"]  # Or set MIKROTIK_HOST environment variable
  username       = data.vault_generic_secret.main.data["username"] # Or set MIKROTIK_USER environment variable
  password       = data.vault_generic_secret.main.data["password"] # Or set MIKROTIK_PASSWORD environment variable
  tls            = false                                           # Or set MIKROTIK_TLS environment variable
  ca_certificate = "/path/to/ca/certificate.pem"                   # Or set MIKROTIK_CA_CERTIFICATE environment variable
  insecure       = true                                            # Or set MIKROTIK_INSECURE environment variable
}

// /ip address
// :put [find where address="192.168.88.1/24"]
// *1

// terraform import mikrotik_ip_address.lan '*1'
resource "mikrotik_ip_address" "lan" {
  address   = "192.168.88.1/24"
  comment   = "LAN Network"
  interface = "ether2"
}

// uncomment on release https://github.com/ddelnano/terraform-provider-mikrotik
# resource "mikrotik_firewall_filter_rule" "https" {
#   action             = "accept"
#   chain              = "forward"
#   comment            = "Web access to local HTTP server"
#   connection_state   = ["new"]
#   dst_port           = "443"
#   in_interface       = "ether1"
#   in_interface_list  = "local_lan"
#   out_interface_list = "ether3"
#   protocol           = "tcp"
# }

terraform.tf

There are lots of options to greet collegue or close ones with cards.

This one was recommended by one of the coworkers.

Group Greeting Cards

Impressive things and points of interest

Self-Improvement

https://theholisticpsychologist.com/ - mental self-healing of issues from the Past

Technologies assessment

https://www.nomadproject.io/ - K8s is not only one option for container orchestration. Looks good!

https://www.boundaryproject.io/ - Remote access management from Hashicorp

https://www.ambient.run/ - WebAssembly Game engine targeting browsers

https://www.playstation.com/de-de/ps-vr2/ - New Sony VR2 headset.

Technology adoption

https://docs.docker.com/build/buildkit/ Docker buildkit and it’s advanced caching techniques.

As the IT support business we want to keep our users happy, they need to use the software with no interruptions. Though the share of the incidents in the tickets is still 30% no matter what.

So why is IT support is so hard these days? Why do we still have the incidents despite all the progress IT industry did so far?

Long story short this is because of the software complexity, that causes incidents and security issues.

Things I Learned

Git push with force from the command line

git push --force origin master
git push -f origin master
git push origin +master

Make your git life a bit easier

git config --global push.autoSetupRemote true

Check DNS from the inside of docker container

This is super useful when you don’t have neither dig nor nslookup utilities inside your docker container.

getent hosts google.com

Recently I’ve started investigation on the most effective shortcuts for Emacs. Already for a long time I’ve been using Caps Lock remapped to Esc when pressed alone, and Ctrl-Key when pressed with any other key.

I didn’t use Emacs with native bindings for a long time, because of wrist related issues, which immediately appeared after using pinky for pressing long chords which normally included Ctrl-C combination. This is why I used Spacemacs and later Doom Emacs as the configuration of choice.

Update: I added several key things recently after started implementing SRE concepts in Billie.

Site Reliability Engineering makes sense only if you bothered with Reliability. It doesn’t bring you much value if the most significant thing at current stage is delivering new features, say in recently founded startup this is probably not a good time to start with SRE.

SRE is a way to balance between the product Stability (Reliability) and Changes you’re going to make to the product, as changes are the most frequent root cause of the bad events. The core concept is when your changes breaking your product too much, you probably need to stop delivering these to the production and focus on stability. In order to switch the focus timely, you need to establish and track stability metrics. Also you need to define steps you going to take when stability promise to users about to be broken.

Let me share my thought after completing this superuseful SRE Course.

You need to make several steps to consider SRE path.

1. Think what makes user unhappy using your services.
2. Decide on metrics that reflects user happiness and start gathering it.
3. Create plans on how to maintain the service level target and policies describing what you going to do when situation become dangerous to achieving your availability targets.
4. Create plans for improve these metrics.
5. Act, measure, reflect, improve.

Little bit clarity on abbreviations those used by google guys.

SLA - service level agreement. This is the service perception boundary you shouldn’t cross. When user considers your service as bad, you didn’t match his expectations, so either you didn’t set proper expectations or you breached your promise on the service quality.

SLO - service level objectives. Same as SLA, but this is only internal promise and compass to meet user expectations, and this is a bit more tight because we don’t want to dissapoint user by breaching SLA.

SLI - service level indicator shows how you meet user expectation in some point in time. Normally this is ratio of good events to all valid events in some period of time.

How these relate to each other? Let me describe this in this little mantra.

We measure SLIs, which shouldn’t breach SLOs not to disappoint users by breaking SLAs.

I moved to Germany from Ukraine in March 2020, so I was able to use my driving license only for half a year. So I applied to driving courses in Emmendingen instead of ones in Freiburg as they have russian speaking teachers and it was a bit less tricky to get an appointment there.

Anyway, it took me more than a year (probably w/o Corona it would be a bit faster) to get my new shiny German driver license.

• Open source IAM service Kratos
• Datomic like database engine

Recently Oxid has presented the GraphQL API support and announced a hackathon-like event.

This experience was really refreshing and interesting. Having tight timeframe and some task in hand it was challenging to distribute efforts and get in sync with participants.

Our team had to deliver unified settings management solution like Google Chrome or Firefox has for numerous different things.