OMG! I’ve been doing it wrong!!!! At least, that seems to be what ScriptRock’s Blog entry would have me (and quite possibly, you too?) believe...
Let me start by saying, I have not used GuardRail. I do not speak from definitive experience here, but I can respond to some of the blog posting because of the context.
The first thing that came to mind as I was reading it? Hey, these are some really valid points... But the ones that I actually liked most were not the “Main Points” but rather, some of the smaller blurbs - like “Don’t automate what you don’t understand,” “Don’t automate what you can’t validate,” and “No Silver Bullet,” which was one of the topic posts. It was the only one that really stuck out.
Now for one of the other things I noticed as I was reading; this is one hell of an ad for their product. Picking out weaknesses in other apps, in order to make their product more appealing. But therein lies the flaw. What is Ansible? Ansible is an orchestration platform. What is GuardRail? Well, from the sounds of it, rather the same thing. So then, why do I have a problem with this ad? Simply put, because they seem to want you to focus on the negative points in other platforms, but don’t want you to consider that their app has some of the very same flaws.
As taken directly from that page:
“But my automation tool will do this for me, you bleat. Really? If you think that the tool building your apps and infrastructure should also be the one validating it then I would beg to differ. What is validating that the automation tool is correctly configured?”
Ok, so, GuardRail protects against all of this intelligently? So it just magically knows my ports, I don’t have to do a thing?! SWEEET!... Ok, now back to reality. GuardRail can and will suffer the exact same limitations as any other product. So then, why is it ok that GuardRail is trusted, but not other products? Simple. It’s an AD.
The truth about the situation is that you will still have to configure GuardRail, just like you have to configure your own unit testing, you will have to intelligently know which ports you need set, and you can set these in variables in tools like chef, or puppet, or ansible.
The one thing I will give GuardRail, based on that page alone? The tool does have beautiful visualizations, and that can simplify things greatly; but even then, it’s still not everything. In this case, it seems like an intelligent blog post that will dive into devops, which it does - but it is also a very well crafted AD meant to heighten your interest in their product, while making you forget that even with their app, the responsibility is still on the Engineer to do things right.
I’ll actually respond to some of the points and give some validity to them, but wanted to at least respond to this for a bit.