Reverse DevOps, inviting to the Bell project - action at a distance

Typical DevOps makes sure the code moves from Dev towards PROD, and that’s fine. Well, how good it can be in our IT world. Jenkins, Terraform, Octopus and much more at your service. But with the movement of information back, everything is much more complicated.

Yes, many companies have processes for copying databases from PROD to QA and DEV (with cutting off secret information), but in difficult cases it is necessary to look at what is happening on PROD. At least the logs. And, if you work in Enterprise, then everything is difficult or very difficult – depending on the level ~~paranoid~~ the importance of information.

In the worst cases, the developers have no access to the PROD and are told (lol) what is going on there. Alternatively, a rally (with 20 invitees) is organized, where the screen scrolls around, and the programmer says which buttons to press to view the logs. The efficiency of such rallies is extremely low.

In more civilized places, some developers or DBAs may be given temporary access to PROD through various systems. As an example of such a system, I will mention CA PAM, which I observed at work in some departments. The disadvantages of such systems (with Remote Desktop Access) are that they give all or nothing – potentially access to PROD allows you to destroy everything there, although, as a rule, read-only access is sufficient to analyze the problem. Even for access to a DBMS, where you can explicitly organize read-only access, the problem exists:

Due to what is written in the second line, RDP / Citrix access to PROD often has copy-paste disabled, which makes work a nightmare (if you need, for example, to copy a useful script to PROD – alas, copy-paste cannot be disabled only in one side, only completely!)

The mission of the project is to organize a safe method of access to higher environments, guaranteeing ease and interactivity with a full audit of all operations. The project is called Bell – Action at a distance, and the bearded man on the logo is John Bell, you know him from the concept of “quantum entanglement”.

What is done

The project is fully functional and used wherever I work. Project site here and in this article I will not repeat what is written on the site, I will only briefly go through the content.

The project is, of course, open source. Modules are now written in PowerShell, and the server itself runs under Windows, although there are no direct links to Windows and PowerShell (except for hardcode * .ps1 in some places). Of course, I want it to work under Linux, and here the hope is for the community.

Modules are written very simple – as if you are collecting something from Lego. Like the same Jenkins, the freshly installed server is ’empty’ – if in Jenkins you create your Jobs, then here you write your modules from scratch, or take ready-made ones and file them according to your specifics. There are ready-made modules:

MSSQL – SQL server – statistics, metrics, logs
WMI – Shows LUNs, free space, service status
VMware – Inventories and statistics from VMware servers (read from Postgre)
FileBrowse – allows to read log, txt, xml, config files on Windows servers
PerfMon – Reads Perfmon statistics on Windows servers and plots graphs
EventLog – Shows Event Log
Postgres – Everything for Postgres database
MySQL – Everything for MySQL
AWS – Shows the status of EC2 and RDS instances and allows you to show files on S3 buckets.

What do you want to do

Modules: one of the authors of the project, yours truly, MSSQL DBA. Therefore Postgres, MySQL and AWS modules were made ~~on departure~~ minimalistic, for a DBMS I was just trying to transfer what was done in MS SQL (when there is an analogue). Of course, if you are an expert in Postgre, MySQL (and compatible databases), AWS – you will have a lot of ideas what to add. I also want to add support for Oracle.

Server: The front is written in vue.js version 2, the back is Node.js. It might make sense to change something about the stack you’re using.

Linux: Yes, and any shell script instead of ps1.

UI: further development