[HN Gopher] System Intiative is generally available
___________________________________________________________________
System Intiative is generally available
Author : jen20
Score : 74 points
Date : 2024-09-25 15:21 UTC (7 hours ago)
(HTM) web link (www.systeminit.com)
(TXT) w3m dump (www.systeminit.com)
| holoway wrote:
| Hello! Adam from System Initiative here. Happy to answer any
| questions. :)
| rmvt wrote:
| maybe it's because i'm not in the devops space but i'm 4
| paragraphs in and i still don't know what this is about?
| holoway wrote:
| Perhaps https://systeminit.com would make more sense. :)
| cjm42 wrote:
| Not to me. It says "System Initiative is an Intuitive,
| Powerful, and Collaborative replacement for Infrastructure
| as Code" but I still don't understand what it does or why I
| would want to use it.
| losteric wrote:
| I read through the blog post and entry page twice each -
| yeah still confused. The pitch reads like an engineer
| celebrating their implementation.
|
| What I took away is: it's a collaborative IDE for
| infrastructure? with some nifty simulators to catch issues
| earlier, and "somehow" changes are managed outside the
| popular git+pipelines workflows?
|
| There are elements of this that I like (faster validations
| that CDK deployments ). Those aspects are bundled with
| confusing, either unnecessary or poorly communicated, other
| elements. "Replacement for IaC" - is there a new paradigm?
| Or is IaC just now a graph in this local application?
| Because you tout being able to program new service models,
| so the code isn't _gone_ ...
| epgui wrote:
| First, I have to say this looks awesome. I am in awe at the
| level of effort I imagine is required to build and maintain
| something like this.
|
| That being said, I find the rationale a little bit confusing. I
| rather love IaC, and consider a GUI or no-code/low-code tool to
| be more of a dead end (not for any fundamental reason, but for
| more practical reasons) than plain text. I do really appreciate
| the problems solved by the simulation approach, but to me these
| two things are orthogonal. I feel like you could have a product
| that functionally does what your product does, but with a plain
| text interface. I appreciate that you're really going for
| something different here, but I am sure I am not the only
| person who feels this way.
| holoway wrote:
| I don't think you're alone, and to be honest, I'm as suprised
| as anyone that it turned out to be better. We built a lot of
| different implementations on the way here, and all of the
| initial versions started with code and plain text as the
| interface. But it's very hard (I think impossible) to change
| the user experience when you do that, because the data gets
| locked up in code - there isn't a good way to "see" what the
| real world is like, or what your proposed changes would do.
|
| But you're not alone in thinking this, and I completely
| understand why you would. The history of things that look
| like this in this space is.. not great. :)
| epgui wrote:
| > the data gets locked up in code
|
| I'm really not sure that this is a bad thing.
|
| > there isn't a good way to "see" what the real world is
| like
|
| If the IaC system had the same under-the-hood functionality
| as System Initiative, what's to stop someone from also
| building a GUI visualization of the IaC-code?
| holoway wrote:
| Think about it this way - how do you update the IaC from
| multiple places? How do you visualize drift? IaC grows
| like code grows - it gets factored differently, it gets
| abstracted, etc. It's easy enough to imagine how you
| would update a single declaration, but thinking about how
| to make the "code" reactive will break your brain.
|
| So what we do instead is have a reactive _data_ model,
| and shift the code part to a reactive graph of functions.
| hdjjhhvvhga wrote:
| I'm not a Tik-Tok child and have an attention span long enough
| to focus on coding longer pieces. However, I shouldn't be
| required to read all this wall of text to understand what this
| product is about. Could you summarize it in 4 sentences: what
| it is and why I should use it (instead of X or Y)?
| nickstinemates wrote:
| How about 1 sentence? "System Initiative is an Intuitive,
| Powerful, and Collaborative replacement for Infrastructure as
| Code" from https://systeminit.com
| mst wrote:
| That sentence reads to me as "the product has been
| described using marketing."
|
| (I don't have a better one sentence tagline as such, mind,
| but honestly if I'd only read that I'd never have bothered
| to look - see my sibling comment for an attempt at an
| actual high level description ... especially since I
| probably got something wrong you'll need to correct ;)
| nickstinemates wrote:
| Your comment is GREAT. We were all really impressed with
| your interpretation, thank you very much!
| mst wrote:
| Amusingly (to me at least) that was based just on the
| blog post and zooming in to the screenshot at the top.
|
| However, thank -you- very much for the response and
| you're absolutely welcome.
|
| Please consider the comment to be licensed under the
| union of all OSI approved licenses [1] if you want to
| steal and/or improve any of the wording.
|
| [1] The debian ftpmasters once complained about my having
| released something to CPAN with two licenses inside. I
| asked if they wanted the next release to be explicitly
| under said union so they'd have to tag the upload with
| all of them. They decided their complaint wasn't actually
| that important after all.
|
| (and if that makes you think I'm a monster ... ask Adam
| to explain just how right you are about that ;)
| mst wrote:
| "Imagine if you took IaC, bolted a slick Native Objects style
| frontend onto it, made it collaboratively editable and
| integrated version control and - perhaps most importantly[1]
| - a high fidelity preview simulator so you could look at the
| total expected results of your configuration changes without
| having to wait for AWS/etc. to finish catching up."
|
| [1] To me at least.
| pnathan wrote:
| So, my hot take on this is that it's an advanced GUI for AWS
| with change management built in.
|
| 1. Is that a good summary? 2. Why would I pick this?
|
| I know you LOVE it, it's your baby. But why should I love it?
| :-)
| holoway wrote:
| It's not a bad summary, but it is a shallow one. :)
|
| You should love it because it's a more intuitive and more
| powerful way to build this kind of infrastructure automation.
| What's happening under the hood isn't just infrastructure as
| code with a UI - it's a full reactive model of how things
| work. That's what makes the UI possible, but it's also what
| brings about so much power - the code that drives those
| models is _also_ fully exposed and versioned.
|
| So when you have something like a policy to write, you think
| about what resources you need, use them as inputs to the
| function, and then store the results. Check out what an early
| user had to say about it:
| https://matthewsanabria.dev/posts/take-the-system-
| initiative...
|
| We'll find out if you love it or not. :)
| mst wrote:
| I can see why you went full GUI to begin with now.
|
| The example component code reminds me a lot of mobx-state-tree
| (you have no idea how much cog. diss. I get reading the docs
| for that thing given they acronym the name everywhere ;) though
| I find myself much preferring the API shape of mobx-keystone at
| this point.
|
| (I've been experimenting a lot with reactive graphs of late
| though while it seemed an obvious thing to try at some point I
| haven't attempted to wire it up to systems automation yet;
| shall have to do my usual cover-to-cover documentation read on
| your site and then hopefully I'll be in touch with a baseline
| to actually chat about that part ;)
| holoway wrote:
| I mean, we didn't start there - we wound up there :)
|
| But yeah, you're not wrong that it's got a lot of inspiration
| from things like mobx and rxjs.
| mst wrote:
| Yeah, I guess I meant "for release 0.999_001" [1] or
| something rather than a strict interpretation of "to begin
| with."
|
| > But yeah, you're not wrong that it's got a lot of
| inspiration from things like mobx and rxjs.
|
| Please figure out how to deploy a subset of the reactive
| graph into a k8s operator. It'll be a really cool feature
| and also it'll probably save me a bunch of time when I want
| one of those if I can crib from your work :D
|
| I ... bah. I am really looking forwards to getting into
| another of our involved coversations about this stuff but
| I'm too tired today and besides I definitely do need to
| mainline your docs first. I'll probably see you on twitter
| first with the assumption you'll end up chasing me onto
| Discord sooner or later ;)
|
| [1] please interpret that in terms of how you remember me
| (ab)using version numbers ;)
| nickstinemates wrote:
| Excited to launch this! All of our early users feedback has been
| consistent: going back to Terraform after using System Initiative
| would be terrible.
|
| We're here if you have any questions.
| johnrwatson wrote:
| I'm privileged to have had the opportunity to help the team
| build the Production SI SaaS platform, leveraging SI itself to
| create all the infrastructure. I'd be happy to chat with anyone
| interested in how it works and share findings.
| BarryMilo wrote:
| Looking at the website, this is fully open source. Nice! Looking
| forward to trying it out.
| eltondegeneres wrote:
| How do you control/diff System Initiative resource changes with
| git? I'm not a fan of GUIs for infrastructure stuff since it's
| usually harder to review, automate, and roll back to a version
| other than N-1.
| holoway wrote:
| You don't, because we built the functionality in to the data
| model - you can review changes (in multiplayer!) and automate
| things directly in the application. Usually when we're talking
| infrastructure code, you don't really roll back to an N-1
| version. In SI, you would make the changes you want in a change
| set, it would tell you if it looks like your change would work,
| and then you would apply the change set to run the actions
| needed.
| eltondegeneres wrote:
| Can you review the changes async or over email?
| holoway wrote:
| You can show up whenever you want to! Today it happens in
| the UI, but we could certainly send you a diff in your
| email at some point. :)
| eikenberry wrote:
| How do you keep an annotated history of your changes? Using
| revision control is not about rolling back, it is about
| knowing why things are the way they are.
| holoway wrote:
| It's a good question! Having a history of how things
| transformed over time matters. We keep track of that in a
| couple of ways - one is the graph snapshots themselves, and
| the other is a raw history log. It's really just another
| view of a snapshot of the graph at a particular time, and a
| delta between that graph and the current.
|
| We have lots of planned work coming here - but we have a
| very rich dataset to do it from, and we're stoked to get
| there.
| eikenberry wrote:
| Having the history of changes is a step, but the
| important part of that is the why those changes were
| made. Git _can_ capture this with good commit messages.
| Do you have any plans to capture that "why"?
| notamy wrote:
| The question that immediately comes to mind is:
|
| Suppose that for one reason or another, I want to migrate off of
| the SI platform. Am I able to get any reusable IAC out in some
| form? Does SI provide any ways to migrate out of the platform? Or
| do I just have to rebuild all my infrastructure from scratch
| outside of SI?
| holoway wrote:
| You can export your workspace, and import it into another
| version of SI. But we aren't producing IaC under the hood - we
| have a high fidelity modeling layer, and then we allow you to
| program those models directly.
|
| But if you move off of System Initiative, we don't impact your
| resources at all. You can just stop using it.
| holoway wrote:
| Think of it this way - if you want to "move off of
| terraform", you're existing IaC isn't useful either (because
| you need Terraform/OpenTofu to run it). SI is the same.
| notamy wrote:
| The main reason I ask is because I use a competitor? of
| yours currently, and one of the big draws of it is "if we
| ever go out of business, or if you're dissatisfied with the
| product we offer, or ..., you can just take all your
| Terraform and keep using it. You aren't locked in to the
| platform."
| holoway wrote:
| I get it. System Initiative is 100% open source
| (https://github.com/systeminit/si) - if we go out of
| business, or you are dissatisfied with the product we
| offer, you can just take your workspace and keep using
| it.
|
| We don't make a free distribution of System Initiative -
| but we expect that someone will eventually, and you could
| use that.
| solatic wrote:
| DOA at my current employer because of a lack of support for other
| clouds (GCP and Azure). I'm sure improved API support is in the
| pipeline though, very psyched to see SI grow!
| holoway wrote:
| It absolutely is. We're adding more resources all the time, we
| hang out in Discord and build the things folks need most. We're
| working on GCP now.
| andrewstuart wrote:
| Maybe it could be called System-I.
| holoway wrote:
| I think all great companies have names that are _also_ great
| band names. System Initiative is a better band name than
| System-I. :)
| sntxrr wrote:
| SI house band when? :D
| holoway wrote:
| Just as soon as enough people use SI that we can have a
| conference.
| ZeroCool2u wrote:
| If I have existing infrastructure, are you able to generate a
| diagram/model of the current state given sufficient permissions?
| holoway wrote:
| This is a great question. Eventually, yes. In an earlier
| prototype of SI, we actually had this feature, and it was
| pretty dope. We removed it as we made things much more
| programmable, but it's high on the road map to bring back. The
| first will be an `import` function that just builds an
| individual component from a resource, followed by the full
| discovery feature.
| mst wrote:
| Naturally, what -I- really want is a three way diff between
| "the state SI thought production was in, the state SI has
| been asked to transition production to, and the state
| production is actually currently in."
|
| I recall trying to convince you to experiment with that when
| you were building Chef but you'd just come out of working
| with finance stuff so understandably felt that an
| uncontrolled change should always be dealt with via emitting
| a resume generating event.
|
| I continue to believe that for small non-bank organisations,
| when somebody gets paged in the middle of the night "whatever
| gets production to stop being on fire the fastest" is
| completely legitimate and systems automation tooling should
| support handling the config reconciliation -after- it's back
| up.
|
| ... but enjoy your launch day, having waited this long to
| argue my case again I can leave it a while longer :D
| orf wrote:
| Not to be too negative, but:
|
| > When modeling AWS IAM policy in System Initiative, we realized
| that AWS provides a sophisticated Policy Simulator. So we modeled
| it, connected our IAM Policies and resources to it, and had a
| new, real time interface to test the validity of IAM policy. It
| took less than an hour from start to finish.
|
| Clicking the link takes you to the docs on policy simulator,
| which seems to show it's quite limited and isn't representative
| of actual, deployed IAM rules:
|
| > Important:
|
| > The policy simulator results can differ from your live AWS
| environment. We recommend that you check your policies against
| your live AWS environment after testing using the policy
| simulator to confirm that you have the desired results.
|
| https://docs.aws.amazon.com/IAM/latest/UserGuide/access_poli...
| holoway wrote:
| It's actually pretty good - usually the reason it's not
| accurate is because enough data isn't being fed to the
| simulator. That's one of the things that was great about doing
| it in SI - it wasn't hard to get the data in to the simulator.
|
| But if I was AWS, I would also say you should check your IAM
| against the real world, because if you don't, it's pretty easy
| to wreck you environment. ;)
| lijok wrote:
| I think you should also talk about the drawbacks, potential
| roadblocks and failure points. Otherwise it's not possible to
| make an educated decision on whether to move to SI from, say,
| Terraform, and as such, we wont. SI is very early days and it's
| exceedingly obvious there will be a ton of issues with it.
| Terraform has a ton of drawbacks and it's old tech by now.
| Provide us information so we can decide whether it's worth
| dealing with SI issues to no longer have to deal with Terraform
| issues. Otherwise this is just marketing speak and will fall on
| flat ears.
| holoway wrote:
| All marketing is marketing that will land on flat ears. In the
| end, you'll have to try System Initiative, see if it is a fit
| for your use case today, and if it isn't, if it's worth paying
| attention to tomorrow. I wouldn't (and you shouldn't either)
| make a technology decision based on what anyone says on their
| website or blog. :)
|
| Today the obvious drawbacks:
|
| * Terraform has tons of coverage in their provider ecosystem,
| and we're not close to that yet.
|
| * We have some enterprise features still to add.
|
| * There is some work to be done around huge infrastructures,
| both in how to provide easy ways to visualize them and how we
| scale the underlying graphs.
|
| https://docs.systeminit.com/roadmap/
|
| We have plans for all these things, but it's early days. My
| advice (not just for SI) - you should always build
| representative prototypes if you want to understand what a
| technology might do for you. Your circumstances matter, and
| your problems are likely unique.
| lijok wrote:
| Prototypes are expensive and as such difficult to justify if
| the technology doesn't look promising. I'm sure you're aware
| there's a new self-proclaimed miracle tool appearing in this
| ecosystem every day. My point is that there is a severe lack
| of information to make an educated decision here.
|
| I think it's fair to say most people will be interested in
| potentially replacing Terraform with this. Do you have a
| comparison against Terraform? Is there a guide on how to
| import resources into SI?
| holoway wrote:
| Rest assured, we'll have more competitive content over
| time. :)
| bbu wrote:
| I love seeing innovation in this sector. I've long felt that
| there must be a better way than terraform and pulumi. Excited to
| try it out.
| holoway wrote:
| Thanks! Let us know if you need anything.
| gyre007 wrote:
| This is a very bold take on Infra management which has become a
| real PITA even at small orgs - Cloud really did a number on us.
|
| One thing I'm personally wondering about is whether I can import
| my Terraform state file - because that'd be a pretty good
| starting point for many orgs.
|
| Regardless, I'm curious how this pans out. Though we've had a few
| different iterations of IaC in the past decade or so, the infra
| crowd has been known for being sceptical when it comes to
| adopting new things than your usual software engineer, especially
| something that is more like a step change than a gradual
| evolution.
|
| Very happy someone's taking on this task with a very fresh
| approach.
___________________________________________________________________
(page generated 2024-09-25 23:01 UTC)