[LUNI] SSH Trickery

[Ramin K]

Demetri Mouratis wrote:
> No development root access for engineeers, eh?  Must be nice.  I tried, 
> unsuccesfully first with Eng, then with QA but got beaten back horribly 
> until I just said fine.  Now I just take joy each time they screw 
> something up and can't figure out why.

	I was able to set this shop up from scratch and it's a LAMP stack which 
makes things a bit easier. Additionally I've got an extra five to ten 
years in the field on most of the developers other then the two seniors 
who are all for not having admin access.
	It's not that I hate programmers it's just that many of them think a CS 
degree is a license to have input into complex operational issues. Once 
I made it clear that input into operational issues is actually a license 
for me to question you in excruciating detail as to how you missed the 
ninety odds issues that make your idea crap while shaking my head sadly 
that sort of "help" generally stops.

	The key for us, jumpcut.com, is that production, staging, and dev need 
to be running the same versions of everything, unless there is an 
environment upgrade that is part of a build. Once you have known correct 
environments at each level it's easy to stop problems from creeping in 
at the staging level. A developer could load all sorts of weird modules 
within their vhost or local apache env which they control, but it's 
going to fail spectacularly when we push it to staging and attempt to QA 
it. And when we do have production problems they need to be troubleshot 
on staging, not production. That does mean more work for programmers in 
some cases, but also has the benefit of making sure a test case actually 
gets built and added to the QA process.

In any case if you go the openvpn route, ping me as I have some server 
and client configs that actually work. The sample ones are sort of wonky 
and have issues.

Ramin