I just had to ask. I have done what the web says to do but I am still getting an HTTP 403 error in my Jenkins configuration

I have followed what people said they did. I used an API Token I generated from my user interface in Jenkins as a shared secret between it and the git repo but the error keeps showing up. I also chose the GitHub hook trigger I am an absolute beginner and this is my first trail. What could be happening?

https://redd.it/n9wa9b
@r_devops

Pulumi in go feels like trying to shove Typescript in a go shaped box. Am I the only one who feels that way?

Hello!

I recently tried my hand at Pulumi after working with Terraform.

I'm happy with terraform, but I wanted to see what all the fuss was about. Being a fan of go, I tried to create a EKS cluster with Pulumi in go, but oh my god it feels so wrong.

Feels like trying to shove typescript into a go shaped box, and I hate it. Am I the only one who feels that? Is it better in other languages?

I'm going to stick with terraform for now.

https://redd.it/n9qipq
@r_devops

Deploying code

Hi. I'm no devops (I'm now I guess), but I do have a two man project and I'm the one doing the infra. As of now all the automation works pretty good. Apart from the actual code deployments.

What I'm doing currently is that I build on gitlab (using my runner as I've ran out of quota already). Package an RPM, publish it to gitlab's generic package registry and curl an endpoint on AWX to download it to my RPM repo.

What I was planning to do now was to curl another endpoint (or instead of play trigger a workflow in the previous step) somehow wait until the RPM download finished and now the tricky part - elegantly get approle credentials from hashi vault (I failed miserably), update the RPM on the box (easy).

The thing is, I'm running AWX currently in docker. I don't have anything against docker, but I'd much rather run it outside of it. But that's kinda not doable as Red Hat is pushing it towards k8s. And I'm not running k8s. And I don't have budget for Tower either.

So the question, finally. What to replace AWX with? I'm fine with Ansible. I'd like to avoid shell scripts. I'm planning to look into Ansible semaphore. Is it still as good as people on Reddit said 3 years ago? (this should probably go to r/Ansible). I've looked at terraform, but that seems like something a bit different - I'm also not creating VMs at will. Everything seems to be either configuration management or infrastructure management. I'm missing some tools in between. What would you suggest me to look at?

Edit: Now I'm thinking, would Nomad be a good fit? I guess since I'm already on the hashi stack, why not?

https://redd.it/n9neoe
@r_devops

single dashboard for monitoring/apm

hey guys, wanted to see if you guys have any opinion about having a single dashboard to visualize your application. in the past, i used stuff like cacti and new relic. of course, some of features at my current job is replaced with prometius and grafana, but it doesn't give me the tracing of a new relic and managing the infrastructure for this is too much of a burden. i actually thought new relic was much easier, but it's not available at my current job. it's a nice and simple UI for my app and my infrastructure.

i was thinking of leveraging AWS and X-Ray, but aws logging me out all of the time, and forcing me to login and refresh all the screen is less than ideal. plus, i have three login actions - username, captcha, and google authenticator. i then need to go around each screen and do a refresh. it doesn't provide that single screen they everybody can look at to see how the application is doing.

https://redd.it/n9ndr4
@r_devops

Best way to provision email addresses for developer / business services?

What are ways that your team has divided up email accounts that manage things like

* GitHub Organizations
* Twilio / Send Grid
* First Azure account, etc

We are setting up a new domain...

At previous shops I’ve been with,
they will have an address like “[email protected]” to register billable accounts to do with development.

I was pretty much going to do it that way, but had an idea to setup separate domain emails into “business” and “developer” to separate access to dev critical accounts and root emails for stuff like Quickbooks or Trello.

What are y’all’s thoughts?

https://redd.it/n9k1lc
@r_devops

Scripting Language for DevOps Engineers

What's up mates.Which scripting(programming) language did you prefer for DevOps Engineers?

View Poll

https://redd.it/n9gext
@r_devops

GitHub (Enterprise) vs. GitLab vs. Bitbucket?

Hi folks,

Title says it all. What do you use for your DevOps and why? Any other options we should be considering? We’re prepping for Series A and starting to map out tools that will set us up well for growth. Right now, we’re looking at GitHub enterprise but trying to fully understand the landscape.

Thanks!

https://redd.it/n9akr4
@r_devops

Why so many FTP providers do not give an TLS vertificate for it

Honestly whenever I get a credentials to some FTP server in 99% it does not run via TLS, and Filezilla always asks me to trust it.

By FTP provider I mean ie. OVH

https://redd.it/n98zt1
@r_devops

Is SonarQube considered devops?

Tbh, not totally sure what DevOps means. Does setting up Sonar builds count as DevOps? Why or why not?

https://redd.it/naemto
@r_devops

salary misstep during interview process

company calls me to verbally make me an offer. I had given them range of (let's just say) 20-30k, HR lady offers me base of 35k plus an annual bonus. great! verbally accept pending seeing it all in writing

she emails me 30 mins later says woops I made a mistake it's 25k but with bonus it's close to 35k. wtf

I email her back saying I thought the 35k base was a sign of their strong desire to bring me on and I'm disappointed it's been lowered, we agreed to 35k verbally and that's what I'm ready to accept. she says I'll see what I can do might need more approvals. currently waiting for response

Even if they give me the 35k this whole thing has sort of soured my original excitement that they came in above my range and tainted my impression of this company. and if they don't give me the 35k I'm fucking walking.

anyone else had similar situations??

https://redd.it/nadfys
@r_devops

OCP operator deployed prometheus + thanos sidecar behind HTTPS. How to connect this as a store to a thanos querier that exists in different namespace within same cluster?

Do I need to do something like this?

--grpc-client-tls-secure
--grpc-client-tls-cert=/etc/thanos/cert/cert.pem
--grpc-client-tls-key=/etc/thanos/cert/key.pem
--grpc-client-tls-ca=/etc/thanos/cert/rootCA.crt
--grpc-client-server-name=thanos-world

IF it is something like this, then how do I go about generating the client tls? And what does the server-name relate to?

Having a bit of trouble understanding this.....

https://redd.it/nace03
@r_devops

A degree is needed?

Hello, I am working as a DevOps Engineer, and studying Computer Engineering because is the closest career related to our work environment.

​

I really hate the University, the 99% of the time, I feel that I am wasting my time, I prefer to study stuff related to my daily work than related to the University, so, my question is:

​

How would affect the lack of title in my professional development?

https://redd.it/nabf6o
@r_devops

MAAS - Deploying workstations right away

I'm using MAAS to deploy workstations.

Because workstations don't have management tools like IPMI, I have to PXE boot the workstation for MAAS to catch it, then do it again for it to commission, and then again for it to deploy, where each time I have to go back to my desk to make these changes.

Is it possible to configure MAAS so that when it would deploy a workstation right away? Or at least make it so that I would only need to do one confirmation?

Alternatively, is there a way to set a management tool that would allow MAAS to control the workstation? This is less ideal but is still an option.

Thanks ahead!

https://redd.it/nak1fo
@r_devops

SRE fundamentals 2021: SLIs vs SLAs vs SLOs

I thought this was a really good breakdown of the difference between these acronyms. Definitely 101 level, with info like:

"...because of the principle that availability shouldn’t be much better than the SLO, the availability SLO in the SLA is normally a looser objective than the internal availability SLO. This might be expressed in availability numbers: for instance, an availability SLO of 99.9% over one month, with an internal availability SLO of 99.95%. Alternatively, the SLA might only specify a subset of the metrics that make up the internal SLO."

https://cloud.google.com/blog/products/devops-sre/sre-fundamentals-sli-vs-slo-vs-sla

https://redd.it/napqdv
@r_devops

Devops subreddit menu?

Hello guys why isn’t there a guide for all new comers to devops.

https://redd.it/najjhz
@r_devops

Hikaru v0.4b released; submit requests to Kubernetes from Hikaru, integrate your own subclasses

Integration with the Kubernetes Python client through the model classes, so you can now instruct Kubernetes to create a Pod from the Hikaru Pod object. Full doc and type annotations provided for each instance/class method. Register your own subclasses of Hikaru classes with Hikaru so that it will use them when needed. Get richer details on differences between two instances with diff(). Improved use of annotations to allow cyclic and recursive references in the model classes.

https://pypi.org/project/hikaru

https://redd.it/naj9av
@r_devops

Maven Gitflow plugin

I was struggling for some time now to get this to work and I was wondering if anyone is using the gitflow plugin for maven: https://github.com/aleksandr-m/gitflow-maven-plugin

So basically I'm using a maven gitflow plugin in my Jenkins instance and when I'm running it for my hotfix branch, you can add the parameter fromBranch. This can help you if you want to specify another branch from which the hotfix is created. In the documentation it says that is support Production branches and Support branches. However it seems that support branches are not working or at least it's not working for me.

​

Here is the code:

sh './mvnw gitflow:hotfix-start -B -DfromBranch="support/test" -s $MAVEN_SETTINGS -DmvnExecutable=$(pwd)/mvnw -Dsurefire.useSystemClassLoader=false -Dgitflow.push.remote=true -Dgitflow.maven.argline="-s $MAVEN_SETTINGS -Dgitflow.push.remote=true"'

​

Here is the error:

[ERROR\] Failed to execute goal com.amashchenko.maven.plugin:gitflow-maven-plugin:1.11.0:hotfix-start (default-cli) on project *******: The fromBranch is not production or support branch. -> [Help 1\]

​

It works with -DfromBranch="master" or without the parameter at all but it seems like support branches are not accepted.

If anyone encountered the same issue, I'll appreciate any help.

Thank you.

https://redd.it/nazda7
@r_devops

Has anyone ever tried to make you the release manager

So I hope that's a good title

Also thank you for reading, writing this on mobile because I had to step away from my pc for a bit

So we all know the DevOps field is a wide spectrum of skills and is more a way of running a company than a title in itself.

Keeping that in mind I was wondering has anyone ever tried to make you the release manager as well?

I mean we implemented the pipelines (or inherited a very legacy one that held together by straws). We know what to look for when thinking CI/Cd, or how to quickly recover from bad code that was pushed. Don't get me wrong. I am all for releasing and improving on how we get to a true CI/CD state, but never ever did I or WOULD I want to be the guy that is in the middle trying to bring all teams together and ask them, will you please, pretty please, push the button that is asking you to go forward

I have nothing against a release manager and I do admire you for taking one for the team, but we're here to get your software out as fast as possible with little to no downtime,and I sure as hell can't do that if I need to make sure that the software we are pushing is stable, and everyone is on board with the changes and all admin has been followed up with.

Not a rant, just really curious?

https://redd.it/natxy3
@r_devops

Additional Insight regarding good practices regarding directly accessing elasticsearch to perform queries

Hey Everyone,

Being a Graylog user/Admin for 2.x on of the main points that I always advocate was against the directly access on Elasticsearch to perform any kind of query. Not only for the security aspect of it but also to make sure that graylog performance would not be impacted by other systems ( grafana in this case ) to perform queries directly on Elasticsearch. A few days ago, our team is debating towards granting queries capabilities directly from grafana for the mentioned points by creating a datasource on ES towards all the indexes ( or the aliased one ) so other teams that should not have access directly to graylog, could visualize some metrics on grafana.

My question would be, based on my experience and past ugly situations when granting access directly to elasticsearch. I never saw or found an official documentation stating that accessing elasticsearch directly isn’t considered good or bad practice.

Again, from my point of view based on years of graylog administration, granting access directly to elasticsearch could cause some security problems along with performance issues ( for example if someone performs a query of 1+ year on grafana and graylog being impacted by that ) but I would like to know more opinions about this.

Thanks in advance!

https://redd.it/nav0cq
@r_devops

Licenses and learning from public infrastructure code

As is common in the industry, I often use reference implementations of e. g. a certain functionality in Terraform or Ansible on Github and then implement it myself in order to actually understand the code. Unfortunately, there's often no real liberty in implementing that functionality so I'm forced to pretty much copy it with alterations to suit my style. For a practical example, I was looking at this today and I'm pretty sure there's just no substantially different way to implement AWS WAF Classic logging with Terraform. It's Apache-licensed which I guess means I'm allowed to learn from it but I'm not even really sure about that.

This has become a real problem because I avoid things that might be helpful for understanding an entire concept even if I don't look at the code later on. From my understanding (under German copyright law specifically, but this topic might also be interesting for people in other jurisdictions), code needs to have a certain level of creativity and originality to it in order to be protected. I can well see that for e. g. an interesting way to implement a complex algorithm but you don't really get to be creative with infrastructure. It's rather like craftsmanship: more or less complete as per vendor best practices if minute details like handling a single step elegantly don't matter. (Just copying an entire module is a different thing, I'm just talking about using it for reference.)

Still, I avoid looking at anything that's not licensed very permissively but I don't know if that's necessary. As with most devops things, we're not shipping our code but either use it entirely for internal needs or sell the resulting system we create with our internal code as a service or final product. (I assume the rules are very different if we'd sell e. g. a set of Terraform modules to a company to create their internal resources?)

Can someone explain how copyright and licensing affect us in this position (or devops more generally if you're good at this)? I don't think there's really any good resource for infrastructure code specifically, and the use case is quite different from "normal" code. What are my duties under the various licenses when referencing code in this situation? So far, I've just been putting a link to the original resource as a comment but that's more for documentation than anything.

https://redd.it/nb1nbi
@r_devops

How would you describe what jenkins is in simple terms?

Is it accurate to say that it runs scripts regularly at scheduled times or is that wrong or there's much more to it?

https://redd.it/nayqev
@r_devops