Install Doctor Blog

Single Sign-On (SSO) is a key feature in many enterprises. With it, you can protect all your web services by leveraging authentication methods that are already integrated into your code landscape or freely available from tech giants like Google, Microsoft, Facebook, and Twitter. Install Doctor paves the way from integrating SSO into your devices by making it incredibly easy to integrate SSO solutions like CloudFlare Teams and Ory.sh.

Coming soon..

Be sure to register for our newsletter for more details on our Single Sign-On capabilities.

If you want an efficient development team, you should make it as easy as possible for your developers to develop. One way you can do this is by packaging pre-made operating systems, complete with all the bells and whistles so your developers do not have to fuss over things like adb missing from the PATH. Our Self-Service Portal addresses this issue by integrating with your cloud provider so that your team can access fully-configured environments, optimized for working with your codebase at will.

Coming soon..

Be sure to register for the newsletter to be informed about details on our Self-Service Portal.

Persistence is key when designing any product. However, sometimes persistence, if tainted, can lead to unexplainable peculiar events. In some cases, from the perspective of a viewer of multiple timelines, these peculiar events can lead to both the birth and destruction of products like Install Doctor.

Coming soon..

Be sure to register for the newsletter to be informed about when this story is published.

Security experts are talking about reducing the attack footprint. The attack footprint basically boils down to all sections of 0s and 1s that are vulnerable to attack. Some people even go as far as basing their code on frameworks that have less code (like Xen with Qubes). However, regardless of how small the attack footprint is, once a successful attack is launched then your system is done. Poof. To address this, Install Doctor is introducing a new method for ensuring the integrity of parts of the attack footprint by introducing a feature that ensures the integrity of a system by storing the initial state of an operating system on a read-only file system.

Coming soon..

Be sure to subscribe to our newsletter to be informed about this simple invention.

When we began on our quest for our code-defined set of instructions to headlessly provision full workstations without having to micro-optimize settings after deployment, Ansible seemed to fit. However, we came up with a better solution.

Beginning with Ansible

Ansible is the de-facto standard for achieving what we were trying to do. This fit with our philosophy of, “choose the best software but heavily lean towards widely-accepted derivatives.” It did not hurt that it had advanced features like the ability to determine the idempotence of scripts. It also has a great testing framework called Molecule that we did quite a bit of work adding support for testing Archlinux, CentOS, Debian, Fedora, macOS, Ubuntu, and Windows all at the same time (example code here). We used Ansible for years while we slowly added more and more software to our unique stack.

Ansible Shortcomings

However, after using Ansible for awhile, Ansible’s shortcomings became apparent. For starters, you can achieve a lot more with less code using regular shell scripts. It makes things a lot more manageable when there is less code. Our original project called Gas Station included hundreds of roles and hundreds of variables used for customization. The codebase was huge!

Replacing Ansible with Chezmoi

We ended up introducing the use of Chezmoi to manage dotfiles. It includes must-have features like built-in encryption methods, templating features, and diffs for when files change. We liked it so much that we transitioned the entire project to Chezmoi by incorporating a special install-program script that makes cross-OS installtions easier. It makes the installations easier because you can define installation instructions in such a way that the user can run the command install-program android-studio on any operating system. It works by relying a software.yml software definition file and then selecting the preferred installation method based on the operating system. This made it possible to replace Ansible roles with dozens of files with single lines of code. It also made it ridiculously easy to add new pieces of software to our stack.

Chezmoi is Easier

In my opinion, Chezmoi is a lot easier to grasp. It took a few days to get the hang of, rather than weeks, even months for understanding Ansible. It, like Ansible, is wildly popular on GitHub. Another one of our philosophy’s is, “choose software with a lot of GitHub stars,” so Chezmoi seemed to fit. It is also hands-down probably the best way to manage dotfiles. Our dotfiles are a core part of our project which includes outstanding examples of feature-packed settings for Bash and ZSH sessions.

Chezmoi Encourages Bash / PowerShell Scripting

Chezmoi also allowed us to transition to the use of Bash scripts (as well as some PowerShell scripts, in the case of Windows). We still leverage Ansible in some cases though. Although, we are trying to transition away from it completely, our custom installer (install-program) supports Ansible roles as a package manager source. Ansible is a powerful framework and it is certainly important for deploying software over SSH. It might be ideal for deploying software on a group of a 100+ VPS. However, when provisioning a single device (or even a small group of them), you might want to just give bash <(curl -sSL https://install.doctor/start)> a try instead of investing the additional overhead that Ansible requires.

Ansible Roles Still Available

We plan on releasing all of our tested Ansible roles to Ansible Galaxy for public consumption but for now, if you are interested, you can check out the roles/ folder in the Gas Station project.