4–7 Nov 2019
Please log in

Configuration is riskier than code

Jamie Wilkinson (Google)
15:5016:30 Wednesday, 6 November 2019
Location: Hall A3
Average rating: ***..
(3.80, 5 ratings)

Who is this presentation for?

  • SREs, DevOps engineers, and software developers




Over 10 years ago, Puppet Labs and others espoused the idea of “configuration as code,” setting a course that crossed DevOps, the API-ification of systems, the cloud, and serverless. Today, you can write a few lines of config and invoke thousands of CPUs, doing hundreds of operations, deploying entire clusters of systems—a huge force multiplier for IT operations.

This force multiplier comes at a cost, and that cost is risk and impact. Never before has it been so easy to turn off an entire content delivery network (CDN) with a single command. While numbers vary, studies show that a majority of incidents in IT operations are caused by configuration changes. Configuration is code, but lacks the same rigor that code receives. Configuration formats like YAML and JSON do not have the same quality of syntax checkers and debuggers that languages like C++, Go, and Ruby have. Often, the only time you know that a configuration is semantically correct is after it’s running in production.

Jamie Wilkinson examines this problem with universal Turing machine (UTM) theory, so you can see why configuration should be treated exactly as code, but also why that’s more difficult. You’ll explore what other practices—like progressive rollouts and minimization of the “control surface”—you can apply to manage the increased risk associated with configuration.

What you'll learn

  • Learn why configuration is riskier than code and some best practices, including testing and why that isn't a good return on investment, minimizing the "control surface" of configuration and opportunities that creates, safe rollout practices (e.g., progressive deployments), handling failure, and a hint to what new exciting problems you'll have if you go down this path
Photo of Jamie Wilkinson

Jamie Wilkinson


Jamie Wilkinson is a site reliability engineer at Google. He’s a contributing author to the SRE Book and has presented on contemporary topics at prominent conferences such as Linux.conf.au, Monitorama, PuppetConf, Velocity, and SRECon. His interests began in monitoring and the automation of small installations and have continued with human factors in automation and systems maintenance on large systems. Despite his more than 15 years in the industry, he’s still trying to automate himself out of a job.

  • Oracle Cloud Infrastructure
  • Cloudflare
  • JFrog
  • Akamas
  • Aqua Security Software
  • Fastly
  • Google
  • Instana
  • JetBrains
  • LaunchDarkly
  • LightStep
  • OVHcloud
  • SignalFx
  • VictorOps
  • Wayfair
  • Blameless
  • Chronosphere
  • FusionReactor
  • humanitec
  • replex GmbH
  • StackState
  • Datadog
  • GitLab
  • Gremlin
  • StormForger
  • SysEleven GmgH
  • Vamp.io

Contact us


For conference registration information and customer service


For more information on community discounts and trade opportunities with O’Reilly conferences


For information on exhibiting or sponsoring a conference


For media/analyst press inquires