-
Peerio Technologies
- DevOps
2015 - 2017
Wrote integration tests (NodeJS).
Wrote a set of ansible roles, configuring the different services we may require hosting Peerio (Riak, RiakCS, Redis, Ceph, ...)
Used ASG, ELB, ElastiCache & Route53, providing with a fully-redundant production setup
Used Riak MDC replication to set up our DR, then eventually migrated DB to Cassandra.
CircleCI tests project, then builds debian archive and eventually ships via CodeDeploy
Introduced shrinkwrap/shrinkpack, addressing potential 502s while running tests on CircleCI or deploying
Created a set of AMIs on AWS, fetching our latest ansible package on first boot according, configuring them based on contextualization variables we fed them with
Deployed icinga2 monitoring, used to send SMS notifications, now relays alerts to Slack
Deployed munin, netdata & ELK to keep an eye on our setup.
Deployed Wazuh, keeping track of OSSEC alerts via some Kibana plugin & dashboards.
Deployed Graphite & Riemann tracking BI metrics.
Patched & deployed PatchDashboard, keeping track of our installed packages
Deployed a few postfix servers, SPF+DKIM+LetsEncrypt certificates. Patched our server code sending its notifications via SMTP, instead of using Sendgrid. Mailer daemons translated into Slack notifications
Deployed Ceph & RiakCS clusters, patched our server code adding a s3 storage driver, that supersedes our legacy Azure driver. Migrated our staging's blob storage from Azure to RiakCS. Tested for a year. Now migrated to 2x Ceph 12.1.1 (rgw multisite)
Wrote a NodeJS library refactoring our backend code internal health checks, based on our processes setting up a few pub/sub, avoiding floods we've seen scaling out & allowing for better granularity failing over to DR.
Wrote a perl web server, used by AWS's ELB evaluating our MySQL server health (avoiding authentication failures from TCP check).
Migrated staging, then prod & dr databases from Riak to Cassandra, as Basho pro support stopped answering our requests.
-
self employed
- Versatile System Engineer
2015 - maintenant
Troubleshooting SIP connectivity, assistance and training using Elastix.
Mail setup, SPF, DKIM, DMARC, ... RBL removal.
Installed OpenNebula and created a cpanel template for some service provider. OpenNebula consulting for an other one.
Malware removal on various wordpresses sites (largest setup involved roughly 60 sites).
Writing shell scripts and apache rewriterules.
Contributions to open-source projects on GitHub, such as Patchdashboard (php), linuxcounter (bash), pakiti3 (perl), netdata (init script), facter (ruby, part of puppet), winston-syslog, azure-storage, riak-nodejs-client, mustache-express (nodejs modules).
Maintainer of mustache-express nodejs module.
Experimenting with OpenShift.
-
Smile, 1er intégrateur de solutions open source
- System & Network Engineer
Asnières-sur-Seine
2011 - 2015
I learned a lot about pfSense, OpenBSD (pfsync/carp/relayd), Kerberos, OpenLDAP, pam, IPSec, OpenSSL, Asterisk/FreePBX/Elastix, BlueMind, Puppet, OpenVZ, KVM...
Done reworking our IPSEC tunnels, adding some GRE layer, allowing us to use OSPF to dynamically route inter-offices traffic.
Installed some rsyslog concentrator, based on rsyslog-om-elasticsearch, elasticsearch and kibana. Everything being hosted in a dedicated OpenNebula/Ceph cluster.
Securing and normilizing our IT in general.
Sometimes dealing with user support.
Replaced our pfSense firewalls by redounded OpenBSD ones, and our random-asterisks by redounded Elastix.
Specialized in devops, by maintaining our old puppetmaster modules repository, before writing my own from scratch.
-
CamTrace
- Dev, sysadmin
2008 - 2011
CamTrace is a videosurveillance solution based upon FreeBSD.
I build the CamTrace v5 and v6 servers (respectievly powered by FreeBSD 7.2-RELEASE and 8.2-RELEASE).
I patched some ports like ntfsprogs, dialog and pgfsck.
I developped a proof of concept of an access control server, using HID VertX controllers, combined with PIN, RFID and biometrical readers.
I also worked on a few tools dealing with MJPEG and h264, like a movie generator (RIFF AVI 2.0), an image extractor (JPEG), and a motion detector (well... I just worked on improving the algorithm).
-
IONIS Educational Group
- System & Network Administrator
2007 - 2007
6 month internship working for the Bocal, the team composed by Epitech students managing IONIS IT.
Dealing with our system and network infrastructure daily maintenance, and a few new offices openings.