How to persist volumes/filesystems in a Packer EBS AMI for use in newly created EC2 instances?



I'm trying to build an AWS AMI that has all my filesystems set up as I'd expect, i.e. /var, /var/log, /tmp etc. I am attempting to achieve this using packer in conjunction with the Ansible provisioner.

Here is my HCL2 build file

source "amazon-ebs" "example" {
ami_name = "test_ami ${local.timestamp}"
ami_description = "test ami with predefined filesystems ${local.timestamp}"
instance_type = "t2.micro"
region = "eu-west-2"
source_ami_filter {
filters = {
name = "amzn2-ami-hvm-2.0.*-gp2"
root-device-type = "ebs"
virtualization-type = "hvm"
architecture = "x86_64"
}
most_recent = true
owners = ["amazon"]
}
# EBS for root volume
launch_block_device_mappings {
device_name = "/dev/xvda"
volume_size = 10
volume_type = "gp2"
delete_on_termination = true
}
# EBS for data volume
launch_block_device_mappings {
device_name = "/dev/sdb"
volume_size = 5
volume_type = "gp2"
delete_on_termination = true
}
ssh_username = "ec2-user"
}

I then have ansible provisioners to set up my physical volumes, volume groups and logical volumes, along with some xfs filesystems. This all works fine during the Packer AMI build. I can verify using PACKER\_LOG=1 packer build . that the plays are successful in my ansible playbook.

Once the AMI is created, I have built an EC2 instance off of it, but all the work the Ansible playbook has done in setting up the aforementioned volumes and file systems has disappeared. For example, /dev/sdb1 doesn't exist when I run blkid or fdisk -l
. My /etc/fstab file has also disappeared.

I was under the impression that although I've selected delete\_on\_termination under launch\_block\_device\_mappings , that the snapshot created from the AMI build would be applied to any EC2 instances that were built from the AMI, therefore my physical volumes and filesystems would have been intact.

Am I misunderstanding this? If so, can anybody clarify where I'm going wrong?

https://redd.it/n9rtll
@r_devops

Delete CloudFormation Stack Including S3 Objects

I needed to create and tear down development environments. Deleting CloudFormation Stack has issue with S3 objects. S3 bucket can not be deleted if it has objects (to the best of my understanding). So I wrote a script which does:

1. Removes deletion protection from DB instances belonging to the stack
2. Deletes S3 objects including versions (10 in parallel) in buckets belonging to the stack
3. Issues delete stack command after the above is finished

The script is at https://github.com/ngs-lang/nsd/blob/master/aws/cloudformation/delete-stack.ngs

It is written in Next Generation Shell.

Hope that helps!

https://redd.it/n9sf9o
@r_devops

Spacelift Feature Reveal: Local Preview

Multiple times have we been asked to implement local preview, here on Reddit and elsewhere. Creating small commits all the time to see if what you’re writing will properly execute is tedious! So is setting up all necessary accesses and environment variables locally.

We’re glad to let you know this is now available!

From now on, by turning on `Enable local preview` on a Stack, you can preview changes based on the changes in your local directory, you just have to run `spacectl stack --id <stack-name> local-preview` and you’ll get the output streamed right into your terminal!

Here’s a demo of it:

Spacelift Local Preview - asciinema

To find our more about Spacelift, check out: https://spacelift.io

https://redd.it/n9zl4x
@r_devops

Apache atlas configuration conenction cassandra backend [help]

Hi,

for a future poc i need to deploy an apache atlas 2.1 stack

but i can't found the parameter for the cassandra backend connection.

if anyone got a link or hadalready made a implementation with password authen.

or a other sub reddit where some one can have an answer

this is my current config file if it can help.

&#x200B;

atlas.graph.storage.backend=cql
atlas.graph.storage.hostname=cassandra
atlas.graph.storage.cassandra.keyspace=JanusGraph

atlas.graph.storage.clustername=cassandra
atlas.graph.storage.port=9042

atlas.EntityAuditRepository.impl=org.apache.atlas.repository.audit.CassandraBasedAuditRepository
atlas.EntityAuditRepository.keyspace=atlas_audit
atlas.EntityAuditRepository.replicationFactor=1

atlas.graph.index.search.backend=solr
atlas.graph.index.search.solr.mode=cloud
atlas.graph.index.search.solr.zookeeper-url=zookeeper:2181
atlas.graph.index.search.solr.zookeeper-connect-timeout=60000
atlas.graph.index.search.solr.zookeeper-session-timeout=60000
atlas.graph.index.search.solr.wait-searcher=true

atlas.graph.index.search.max-result-set-size=150

atlas.notification.embedded=false
atlas.data=${sys:atlas.home}/data/kafka

atlas.notification.create.topics=true
atlas.notification.replicas=1
atlas.notification.topics=ATLAS_HOOK,ATLAS_ENTITIES
atlas.notification.log.failed.messages=true
atlas.notification.consumer.retry.interval=500
atlas.notification.hook.retry.interval=1000

atlas.enableTLS=false

atlas.authentication.method.kerberos=false
atlas.authentication.method.file=true

atlas.authentication.method.ldap.type=none

atlas.authentication.method.file.filename=${sys:atlas.home}/conf/users-credentials.properties


atlas.rest.address=https://localhost:21000

atlas.audit.hbase.tablename=apache_atlas_entity_audit
atlas.audit.zookeeper.session.timeout.ms=1000
atlas.audit.hbase.zookeeper.quorum=atlas-zookeeper:2181

atlas.server.ha.enabled=false
atlas.authorizer.impl=simple
atlas.authorizer.simple.authz.policy.file=atlas-simple-authz-policy.json
atlas.rest-csrf.enabled=true
atlas.rest-csrf.browser-useragents-regex=^Mozilla.*,^Opera.*,^Chrome.*
atlas.rest-csrf.methods-to-ignore=GET,OPTIONS,HEAD,TRACE
atlas.rest-csrf.custom-header=X-XSRF-HEADER

atlas.metric.query.cache.ttlInSecs=900

######### Gremlin Search Configuration #########

#Set to false to disable gremlin search.
atlas.search.gremlin.enable=false

thanks for any help

https://redd.it/n9zi16
@r_devops

Interview for new job.

I need some help preparing for an interview for infrastructure and Devops Engineer position.

I currently have a personal project I have complete which using AWS: S3 Bucket, GitHub, Terraform, Route53, Python, YAML


Previous Work Experience: 1st / 2nd Line Engineer, Mainly Supporting Azure, Window Servers and standard day to day support

University Experience: DB - Full UML Design, Java


Any advise ?


>Requirements

>
>Ensure smooth operation of our CI/CD pipelines.
>
>Ensure the security of our cloud infrastructure and internal company communications.
>
>Support and effectively communicate with other teams (QA, Software Engineering, Product Development, etc.)
>
>Optimize the cost of the cloud-based infrastructure.
>
>Be a driver for innovation & change, staying up to date with new AWS announcements/new releases.
>
>Deliver and maintain best practice, utilising modern security & testing standards.
>
>Report the progress of work to EVP.
>
>WE NEED

>
>Must-have

>
>Interpersonal Skills

>
>Effective communication both within the department, and with external suppliers.
>
>Amazon Web Services

>
>EC2
>
>VPC ( and/or equivalent TCP Networking skills )
>
>Networking & Security

>
>Good understanding of TCP networking, Firewalls, and Basic Routing.
>
>Linux/Unix

>
>Linux/Unix Systems Admin Skills
>
>Windows

>
>Basic Exposure to Windows Servers, and willingness to learn.
>
>Configuration Management

>
>Puppet/Ansible or transferable skills in any similar systems.
>
>Programming/Scripting

>
>Basic Python
>
>Bash shell (or a flavour thereof)
>
>Source control

>
>Git
>
>Nice-to-have/willing to learn

>
>Amazon Web Services
>
>Other

>
>Experience with Ubuntu and/or CentOS.
>
>Docker
>
>Elasticsearch / Logstash / Kibana
>
>Monitoring Nagios, Munin & New Relic ( or Similar Systems )
>
>DDOS protection tools (Cloudflare)

https://redd.it/n9wda1
@r_devops

Introducing db-auth-gateway our Database Authentication Proxy (Blog Post)

We recently wrote an in house fork/re-implementation of cloudsql-proxy and I thought it would be interesting to talk about why, and how we did it. Hope you enjoy and would love your feedback!

Journey of a Cloud SQL Packet:

https://medium.com/kloeckner-i/journey-of-a-cloud-sql-packet-26b546db43e9

https://redd.it/n9u8u1
@r_devops

I just had to ask. I have done what the web says to do but I am still getting an HTTP 403 error in my Jenkins configuration

I have followed what people said they did. I used an API Token I generated from my user interface in Jenkins as a shared secret between it and the git repo but the error keeps showing up. I also chose the GitHub hook trigger I am an absolute beginner and this is my first trail. What could be happening?

https://redd.it/n9wa9b
@r_devops

Pulumi in go feels like trying to shove Typescript in a go shaped box. Am I the only one who feels that way?

Hello!

I recently tried my hand at Pulumi after working with Terraform.

I'm happy with terraform, but I wanted to see what all the fuss was about. Being a fan of go, I tried to create a EKS cluster with Pulumi in go, but oh my god it feels so wrong.

Feels like trying to shove typescript into a go shaped box, and I hate it. Am I the only one who feels that? Is it better in other languages?

I'm going to stick with terraform for now.

https://redd.it/n9qipq
@r_devops

Deploying code

Hi. I'm no devops (I'm now I guess), but I do have a two man project and I'm the one doing the infra. As of now all the automation works pretty good. Apart from the actual code deployments.

What I'm doing currently is that I build on gitlab (using my runner as I've ran out of quota already). Package an RPM, publish it to gitlab's generic package registry and curl an endpoint on AWX to download it to my RPM repo.

What I was planning to do now was to curl another endpoint (or instead of play trigger a workflow in the previous step) somehow wait until the RPM download finished and now the tricky part - elegantly get approle credentials from hashi vault (I failed miserably), update the RPM on the box (easy).

The thing is, I'm running AWX currently in docker. I don't have anything against docker, but I'd much rather run it outside of it. But that's kinda not doable as Red Hat is pushing it towards k8s. And I'm not running k8s. And I don't have budget for Tower either.

So the question, finally. What to replace AWX with? I'm fine with Ansible. I'd like to avoid shell scripts. I'm planning to look into Ansible semaphore. Is it still as good as people on Reddit said 3 years ago? (this should probably go to r/Ansible). I've looked at terraform, but that seems like something a bit different - I'm also not creating VMs at will. Everything seems to be either configuration management or infrastructure management. I'm missing some tools in between. What would you suggest me to look at?

Edit: Now I'm thinking, would Nomad be a good fit? I guess since I'm already on the hashi stack, why not?

https://redd.it/n9neoe
@r_devops

single dashboard for monitoring/apm

hey guys, wanted to see if you guys have any opinion about having a single dashboard to visualize your application. in the past, i used stuff like cacti and new relic. of course, some of features at my current job is replaced with prometius and grafana, but it doesn't give me the tracing of a new relic and managing the infrastructure for this is too much of a burden. i actually thought new relic was much easier, but it's not available at my current job. it's a nice and simple UI for my app and my infrastructure.

i was thinking of leveraging AWS and X-Ray, but aws logging me out all of the time, and forcing me to login and refresh all the screen is less than ideal. plus, i have three login actions - username, captcha, and google authenticator. i then need to go around each screen and do a refresh. it doesn't provide that single screen they everybody can look at to see how the application is doing.

https://redd.it/n9ndr4
@r_devops

Best way to provision email addresses for developer / business services?

What are ways that your team has divided up email accounts that manage things like

* GitHub Organizations
* Twilio / Send Grid
* First Azure account, etc

We are setting up a new domain...

At previous shops I’ve been with,
they will have an address like “[email protected]” to register billable accounts to do with development.

I was pretty much going to do it that way, but had an idea to setup separate domain emails into “business” and “developer” to separate access to dev critical accounts and root emails for stuff like Quickbooks or Trello.

What are y’all’s thoughts?

https://redd.it/n9k1lc
@r_devops

Scripting Language for DevOps Engineers

What's up mates.Which scripting(programming) language did you prefer for DevOps Engineers?

View Poll

https://redd.it/n9gext
@r_devops

GitHub (Enterprise) vs. GitLab vs. Bitbucket?

Hi folks,

Title says it all. What do you use for your DevOps and why? Any other options we should be considering? We’re prepping for Series A and starting to map out tools that will set us up well for growth. Right now, we’re looking at GitHub enterprise but trying to fully understand the landscape.

Thanks!

https://redd.it/n9akr4
@r_devops

Why so many FTP providers do not give an TLS vertificate for it

Honestly whenever I get a credentials to some FTP server in 99% it does not run via TLS, and Filezilla always asks me to trust it.

By FTP provider I mean ie. OVH

https://redd.it/n98zt1
@r_devops

Is SonarQube considered devops?

Tbh, not totally sure what DevOps means. Does setting up Sonar builds count as DevOps? Why or why not?

https://redd.it/naemto
@r_devops

salary misstep during interview process

company calls me to verbally make me an offer. I had given them range of (let's just say) 20-30k, HR lady offers me base of 35k plus an annual bonus. great! verbally accept pending seeing it all in writing

she emails me 30 mins later says woops I made a mistake it's 25k but with bonus it's close to 35k. wtf

I email her back saying I thought the 35k base was a sign of their strong desire to bring me on and I'm disappointed it's been lowered, we agreed to 35k verbally and that's what I'm ready to accept. she says I'll see what I can do might need more approvals. currently waiting for response

Even if they give me the 35k this whole thing has sort of soured my original excitement that they came in above my range and tainted my impression of this company. and if they don't give me the 35k I'm fucking walking.

anyone else had similar situations??

https://redd.it/nadfys
@r_devops

OCP operator deployed prometheus + thanos sidecar behind HTTPS. How to connect this as a store to a thanos querier that exists in different namespace within same cluster?

Do I need to do something like this?

--grpc-client-tls-secure
--grpc-client-tls-cert=/etc/thanos/cert/cert.pem
--grpc-client-tls-key=/etc/thanos/cert/key.pem
--grpc-client-tls-ca=/etc/thanos/cert/rootCA.crt
--grpc-client-server-name=thanos-world

IF it is something like this, then how do I go about generating the client tls? And what does the server-name relate to?

Having a bit of trouble understanding this.....

https://redd.it/nace03
@r_devops

A degree is needed?

Hello, I am working as a DevOps Engineer, and studying Computer Engineering because is the closest career related to our work environment.

&#x200B;

I really hate the University, the 99% of the time, I feel that I am wasting my time, I prefer to study stuff related to my daily work than related to the University, so, my question is:

&#x200B;

How would affect the lack of title in my professional development?

https://redd.it/nabf6o
@r_devops

MAAS - Deploying workstations right away

I'm using MAAS to deploy workstations.

Because workstations don't have management tools like IPMI, I have to PXE boot the workstation for MAAS to catch it, then do it again for it to commission, and then again for it to deploy, where each time I have to go back to my desk to make these changes.

Is it possible to configure MAAS so that when it would deploy a workstation right away? Or at least make it so that I would only need to do one confirmation?

Alternatively, is there a way to set a management tool that would allow MAAS to control the workstation? This is less ideal but is still an option.

Thanks ahead!

https://redd.it/nak1fo
@r_devops

SRE fundamentals 2021: SLIs vs SLAs vs SLOs

I thought this was a really good breakdown of the difference between these acronyms. Definitely 101 level, with info like:

"...because of the principle that availability shouldn’t be much better than the SLO, the availability SLO in the SLA is normally a looser objective than the internal availability SLO. This might be expressed in availability numbers: for instance, an availability SLO of 99.9% over one month, with an internal availability SLO of 99.95%. Alternatively, the SLA might only specify a subset of the metrics that make up the internal SLO."

https://cloud.google.com/blog/products/devops-sre/sre-fundamentals-sli-vs-slo-vs-sla

https://redd.it/napqdv
@r_devops

Devops subreddit menu?

Hello guys why isn’t there a guide for all new comers to devops.

https://redd.it/najjhz
@r_devops