Éder Gillian

I designed a pipeline for infrastructure as code (IaC) to provision all the required resources on Oracle OCI to host a group of web applications.
There was a specific need for an Oracle database, and getting on-premises licenses was not a viable option. It was decided that Oracle Cloud Infrastructure was the way to go.

From the get-go, as the senior infrastructure manager, I encouraged the developers involved to go for as much automation as possible, so I wrote a proof-of-concept for an IaC pipeline using Terraform that would provision all the resources from the ground up, including some basic tests along the way.

The result was a pipeline that provisions the entire infrastructure, including development, staging, training, and production environments. The code is versioned on GitLab, and every environment has its own long-lived branch. Every push to a branch starts a pipeline that initializes Terraform, validates the code, and saves a plan for the run. After the plan is approved, the changes are deployed to the environment represented by that branch with the click of a button. This pipeline was built using GitLab CI/CD. The Terraform state is saved using Gitlab-Terraform integration.

This GitLab CI/CD pipeline was designed to remove credentials and other sensitive information from the codebase (and from GitLab CI/CD variables) and consume them from an external secret management tool.
HashiCorp Vault was configured with a JWT authentication back end, using GitLab as JWKS endpoint. Secret information would be read from Vault server by GitLab Runner deployment jobs that would authenticate and have access to specific secret back ends according to the policies set.

Two ways of reading the sensitive information were implemented: Setting environment variables and templating. The last one required a CLI tool to read from Vault and inject the values in the template file (consul-template).

A pipeline developed to generate VM templates (VMware vSphere templates) for the Foreman and Rancher automated provisioning processes.
The templates were built using HashiCorp Packer, and the code for it was stored in a GitLab repository. The operating system of choice was Ubuntu Linux, contemplating the current LTS version and the one before that (e.g., 20.04 and 18.04). A GitLab CI pipeline was built to automate the whole process, scheduled to run once a week. With this, all templates were reasonably up-to-date with the latest kernel and security updates for each OS version.

As a system administrator, I provisioned and maintained a large virtualization infrastructure hosted on VMWare vSphere. Everything was done manually, so I decided to start a project to automate those tasks.
At first, every VM (existing or new) had its own manifest written in Puppet DSL and the agent was installed manually. All code was saved in the Puppet server and had no version control.

I upgraded the whole solution: Foreman was used to do end-to-end VM provisioning and monitor Puppet execution in the managed hosts. It was integrated with vCenter for the VM provisioning and other services (DNS and DHCP) to get the network automatically configured. Puppet agent was automatically installed during the provisioning process and took care of the configuration of the whole system based on roles and profiles modules defined in Foreman and Puppet. The entire code was versioned on GitLab and went to production automatically using webhooks. This new way of managing infrastructure and the implementation of a CI/CD pipeline using Jenkins reduced VM provisioning from weeks to minutes, allowing applications to be delivered to production in a much faster and more secure manner.

We implemented a VPN-based solution for the users to solve the company's transition from an entirely on-site to a fully remote work policy when the COVID-19 pandemic hit. The manual generation of VPN clients was not fast enough, so I developed a Python app using Flask to automate issuing certificates and generating the clients for the users. With this, system administrators were given a simple web UI to provide all the information needed and got back the generated client for VPN connection within a few minutes, as opposed to several minutes of back and forth manual interaction with different tools and environments.