Trying to get some Infrastructure as Code skills
Posted by Expensive-Rhubarb267@reddit | sysadmin | View on Reddit | 21 comments
Like lots of people I'm trying to future proof my career skill-up on Infrastructure as Code/Platform Engineering.
My background is network engineering & general sysadmin stuff - cloud/on-prem. I'm good with PowerShell/Bash. Do have a bit of experience with Terraform.
My day job is 75% on-prem infra 25% Cloud.
I've spun up a Docker server in a lab, but have yet to see a container in a production environment ...
I'm looking at some certs to help me get started. Considering:
-Hashicorp Terraform Associate
-GitHub Foundations
-GitHub Actions
-Red Hat Certified Engineer (good for Ansible apparently)
I'm aware that certs =/= real world knowledge so I'd be labbing alongside studying.
Wondering if anyone has any other ideas for things to focus on.
Rude_Palpitation8755@reddit
If you want to stand out, focus on automating full workflows that touch both cloud and on prem. the approach we use helped me to explore that layer while learning IaC, it helps you design and validate cloud architectures before deployment and then generates production ready infrastructure code from those designs.
curious_maxim@reddit
The best proof is a small but smart project you own from toe-to-head. Theory does help but exponentially less efficient in software engineering. Something you can work on and add for the next decade: terraform, docker and cloud ecosystem do allow for that.
sudonem@reddit
If you don’t know the basics of git, and GitHub, start there. Version control is at the heart of this.
I’d start with Ansible since you’re already in the infra space.
The RHCE is good and well regarded but you should be aware that you have to pass the RHCSA exam as well as the RHCE exam to be considered a Red Har Certified Engineer. (And Red Hat exams are not a joke).
There’s no sense in any certifications related GitHub actions. You can learn what you need from a book or YouTube honestly. But. I’d also make a point to get comfortable with Jenkins since it’s quite prevalent and often used as a self hosted alternative for GitHub Actions.
I’d probably focus on those before moving on to terraform.
But also consider going hard into docker (not just deploying containers but building your own) and eventually getting into k8s because that’s the number one thing being requested for most systems engineering roles these days.
Beyond that, you need to get to at least an intermediate level with a scripting/programming language other than than Bash.
Python is pretty much considered bare minimum these days (which comes in handy anyway since Ansible is all Python and sometimes you need to write your own plugins for Ansible).
Golang is also becoming quite popular for things where Python isn’t enough for appropriate.
Python/Golang are often necessary for automating things and going the last mile when Terraform & Ansible aren’t enough to get the job done.
ItsAFineWorld@reddit
Man, you are so right about git. It literally ties all of this stuff together and it all makes sense when you think of it from a repo first perspective.
Knight_of_Tumblr@reddit
Seconding this. All of the truly great sysadmins I’ve known use it extensively and all the bad ones I’ve known barely know what it is lol.
hamburgler26@reddit
But legit. If you aren't proficient in Git start there without question. It is the center of so much these days you just can't go without knowing it unless you're in some really specialist situation.
maglax@reddit
Ansible makes no sense to me. Like why are we trying to learn some jank yaml language instead of just using an existing scripting/coding language? It's not declarative, so no need for rigidity. You're targeting your own machines, so it's not about sandboxing.
Like using yaml just makes it hard to do more context tasks, and makes existing knowledge of programming less useful (and/or you don't gain skills that can as easily be used elsewhere)
renderbender1@reddit
It is intended to be declarative though, it just has the flexibility to not be as well.
Obviously everything is possible using a standard programming language, but ansible abstracts away a lot of the intricacies involved in making an idempotent declarative configuration script.
I've yet to find anything that comes close to Ansible's capabilities when it comes to versioning and maintaining OS state.
sudonem@reddit
Because “technically correct is the best kind of correct” I do try to make a point of expressing that Ansible is Imperative not declarative (even though it’s often described as being declarative).
In this context, the best comparison is probably Ansible vs Terraform.
With Terraform, you just declare your desired state. You say “I want X”, then Terraform does all the heavy lifting to figure out how to make X happen.
Whereas with Ansible, you know your desired state, but you have to tell Ansible what steps to execute and in which order to get to that desired state.
That said - I definitely agree. Someone could absolutely do configuration management with straight bash or python or PowerShell - but the Ansible approach of abstracting that away in favor of a unified structure of modules makes development of roles & playbooks so much faster and flexible.
Not to mention the decently large ecosystem of collections.
Ansible also has the benefit of being Python all the way down so anyone can develop their own collections or custom plugins quite easily.
Furthermore, it plays really well with Terraform even within the same git repo - so using terraform to do your provisioning and Ansible to do your configuration management is a really effective approach.
All while being a hell of a lot faster to develop and much more accessible to juniors that might not have a lot of exposure to actual programming languages.
OnlyEntrance3152@reddit
You can obviously always get away with api calls and cli scripting, but you have to do it for each infra stack you gonna manage, which is a pain imho(looking at you Fortinet for keeping api docs behind inv only website), with ansible you just learn that yaml structure which is similiar for everything.
huntersM00N@reddit
What a great dumbass meandering response
sudonem@reddit
Ah. Yes. Thank you for gracing us all with that incredibly insightful, well reasoned, and thought provoking feedback. I’m certain we’ll all be reflecting deeply on it for the days and weeks to come.
I can only surmise that you are not only incredibly well liked and respected by your peers, but also have a great many close real in-person friends that actually like you for who you are as a person and definitely reach out to you for advice and companionship, and not just when they use your for your vast technical abilities to reinstall windows for them or whatever.
Rest assured, you’ve done a great service to the community. It will not soon be forgotten.
Well done.
huntersM00N@reddit
I might like you. Hows your terraform? I’m hiring.
Independent-Sir3234@reddit
Ansible was the one that clicked fastest for me coming from a sysadmin background — it just felt like writing a runbook but one that actually runs itself. I'd skip the RHCE for now and just pick one annoying manual task you do every week, then automate it with a playbook. That first real win beats any cert for building momentum.
HomelabStarter@reddit
the fastest way i learned terraform was just rebuilding my homelab with it. like literally tearing down my proxmox VMs and recreating them through terraform plans. painful at first because everything takes 5x longer, but after a couple weeks i could spin up a new service in minutes instead of clicking through the UI for half an hour.
ansible was similar, i started by just automating the stuff i was already doing manually. package installs, user creation, firewall rules. boring stuff but it builds the muscle memory for the yaml syntax without you having to think too hard about what the automation should actually do.
the CKA is worth it if you want kubernetes on your resume but honestly if your day job is 75% on-prem you'll get more mileage out of terraform plus ansible first
thehumblestbean@reddit
My background is network engineering & general sysadmin stuff
I transitioned about 7-8 years ago from: network engineer -> cloud engineer -> SRE / platform engineer.
My advice/opinion:
Build some toy program in any language of your choosing. Learn how to containerize it, build an image for it, run the container, update it, etc.
Terraform's official tutorials are quite good - https://developer.hashicorp.com/terraform/tutorials. Run through those to spin up some free/cheap cloud infra, write some custom modules, break stuff, etc.
IMO Terraform certs are worthless but if that's how you prefer learning then go for it.
Not sure if this is a cert, but you must learn git. Github itself is whatever, their docs are informative enough to find what buttons you need to click.
Tons and tons of tutorials out there for Git. If you want to go super in depth then you won't beat - https://beej.us/guide/bggit/html/split/
Take that toy app you wrote for Docker, then build a Github Action pipeline that builds a new image for you every time you make a commit. Add some more steps to run a linter or something against your code before building the image.
If you spun up some cloud infra with Terraform earlier, maybe build another pipeline that runs your Terraform for you to manage the infra.
If you want a "modern" job then you pretty much need to know Kubernetes. So learn a bit about Kubernetes (you can spin up a local KIND cluster in like 10 seconds, so you can play around with k8s without having to worry about building/managing a "real" k8s cluster which can be a hassle). This is a great "zero to hero" book on k8s - https://www.manning.com/books/kubernetes-in-action-second-edition
But you shouldn't really use Kubernetes until you're familiar with Linux and containers in general. So learn a bit about Linux and a bit more about containers (not necessarily just Docker)
You'll also want to be familiar with one or both of Go and Python. Probably more Go than Python these days.
Lots more I could say but I think that's already a lot for someone just starting.
Expensive-Rhubarb267@reddit (OP)
appreciate the effort that went into this reply. Thanks!
adept2051@reddit
You basically just listed the Devops Beginer road map so may as well take a proper look at it for ideas and links https://roadmap.sh/devops-beginner
bluelobsterai@reddit
I've come here to say what everyone else is saying: you need to have almost full stack dev experience to get into dev ops but understanding Git and git actions and the entire CI/CD pipeline is where I would start. It can all be done pretty much for free at home but getting comfortable with Git is definitely the starting place.
eufemiapiccio77@reddit
Don’t try do certs learn the fun way. Then do certs. Certs will just be do this to use our product and pass a course
Worried-Bother4205@reddit
Certs are fine, but they won’t move the needle much without real projects.
Spin up a full infra setup (CI/CD + Terraform + monitoring) and break/fix it — that’s where the actual learning happens.