GitHub (Enterprise) vs. GitLab vs. Bitbucket?

Hi folks,

Title says it all. What do you use for your DevOps and why? Any other options we should be considering? We’re prepping for Series A and starting to map out tools that will set us up well for growth. Right now, we’re looking at GitHub enterprise but trying to fully understand the landscape.

Thanks!

https://redd.it/n9akr4
@r_devops

Why so many FTP providers do not give an TLS vertificate for it

Honestly whenever I get a credentials to some FTP server in 99% it does not run via TLS, and Filezilla always asks me to trust it.

By FTP provider I mean ie. OVH

https://redd.it/n98zt1
@r_devops

Is SonarQube considered devops?

Tbh, not totally sure what DevOps means. Does setting up Sonar builds count as DevOps? Why or why not?

https://redd.it/naemto
@r_devops

salary misstep during interview process

company calls me to verbally make me an offer. I had given them range of (let's just say) 20-30k, HR lady offers me base of 35k plus an annual bonus. great! verbally accept pending seeing it all in writing

she emails me 30 mins later says woops I made a mistake it's 25k but with bonus it's close to 35k. wtf

I email her back saying I thought the 35k base was a sign of their strong desire to bring me on and I'm disappointed it's been lowered, we agreed to 35k verbally and that's what I'm ready to accept. she says I'll see what I can do might need more approvals. currently waiting for response

Even if they give me the 35k this whole thing has sort of soured my original excitement that they came in above my range and tainted my impression of this company. and if they don't give me the 35k I'm fucking walking.

anyone else had similar situations??

https://redd.it/nadfys
@r_devops

OCP operator deployed prometheus + thanos sidecar behind HTTPS. How to connect this as a store to a thanos querier that exists in different namespace within same cluster?

Do I need to do something like this?

--grpc-client-tls-secure
--grpc-client-tls-cert=/etc/thanos/cert/cert.pem
--grpc-client-tls-key=/etc/thanos/cert/key.pem
--grpc-client-tls-ca=/etc/thanos/cert/rootCA.crt
--grpc-client-server-name=thanos-world

IF it is something like this, then how do I go about generating the client tls? And what does the server-name relate to?

Having a bit of trouble understanding this.....

https://redd.it/nace03
@r_devops

A degree is needed?

Hello, I am working as a DevOps Engineer, and studying Computer Engineering because is the closest career related to our work environment.

​

I really hate the University, the 99% of the time, I feel that I am wasting my time, I prefer to study stuff related to my daily work than related to the University, so, my question is:

​

How would affect the lack of title in my professional development?

https://redd.it/nabf6o
@r_devops

MAAS - Deploying workstations right away

I'm using MAAS to deploy workstations.

Because workstations don't have management tools like IPMI, I have to PXE boot the workstation for MAAS to catch it, then do it again for it to commission, and then again for it to deploy, where each time I have to go back to my desk to make these changes.

Is it possible to configure MAAS so that when it would deploy a workstation right away? Or at least make it so that I would only need to do one confirmation?

Alternatively, is there a way to set a management tool that would allow MAAS to control the workstation? This is less ideal but is still an option.

Thanks ahead!

https://redd.it/nak1fo
@r_devops

SRE fundamentals 2021: SLIs vs SLAs vs SLOs

I thought this was a really good breakdown of the difference between these acronyms. Definitely 101 level, with info like:

"...because of the principle that availability shouldn’t be much better than the SLO, the availability SLO in the SLA is normally a looser objective than the internal availability SLO. This might be expressed in availability numbers: for instance, an availability SLO of 99.9% over one month, with an internal availability SLO of 99.95%. Alternatively, the SLA might only specify a subset of the metrics that make up the internal SLO."

https://cloud.google.com/blog/products/devops-sre/sre-fundamentals-sli-vs-slo-vs-sla

https://redd.it/napqdv
@r_devops

Devops subreddit menu?

Hello guys why isn’t there a guide for all new comers to devops.

https://redd.it/najjhz
@r_devops

Hikaru v0.4b released; submit requests to Kubernetes from Hikaru, integrate your own subclasses

Integration with the Kubernetes Python client through the model classes, so you can now instruct Kubernetes to create a Pod from the Hikaru Pod object. Full doc and type annotations provided for each instance/class method. Register your own subclasses of Hikaru classes with Hikaru so that it will use them when needed. Get richer details on differences between two instances with diff(). Improved use of annotations to allow cyclic and recursive references in the model classes.

https://pypi.org/project/hikaru

https://redd.it/naj9av
@r_devops

Maven Gitflow plugin

I was struggling for some time now to get this to work and I was wondering if anyone is using the gitflow plugin for maven: https://github.com/aleksandr-m/gitflow-maven-plugin

So basically I'm using a maven gitflow plugin in my Jenkins instance and when I'm running it for my hotfix branch, you can add the parameter fromBranch. This can help you if you want to specify another branch from which the hotfix is created. In the documentation it says that is support Production branches and Support branches. However it seems that support branches are not working or at least it's not working for me.

​

Here is the code:

sh './mvnw gitflow:hotfix-start -B -DfromBranch="support/test" -s $MAVEN_SETTINGS -DmvnExecutable=$(pwd)/mvnw -Dsurefire.useSystemClassLoader=false -Dgitflow.push.remote=true -Dgitflow.maven.argline="-s $MAVEN_SETTINGS -Dgitflow.push.remote=true"'

​

Here is the error:

[ERROR\] Failed to execute goal com.amashchenko.maven.plugin:gitflow-maven-plugin:1.11.0:hotfix-start (default-cli) on project *******: The fromBranch is not production or support branch. -> [Help 1\]

​

It works with -DfromBranch="master" or without the parameter at all but it seems like support branches are not accepted.

If anyone encountered the same issue, I'll appreciate any help.

Thank you.

https://redd.it/nazda7
@r_devops

Has anyone ever tried to make you the release manager

So I hope that's a good title

Also thank you for reading, writing this on mobile because I had to step away from my pc for a bit

So we all know the DevOps field is a wide spectrum of skills and is more a way of running a company than a title in itself.

Keeping that in mind I was wondering has anyone ever tried to make you the release manager as well?

I mean we implemented the pipelines (or inherited a very legacy one that held together by straws). We know what to look for when thinking CI/Cd, or how to quickly recover from bad code that was pushed. Don't get me wrong. I am all for releasing and improving on how we get to a true CI/CD state, but never ever did I or WOULD I want to be the guy that is in the middle trying to bring all teams together and ask them, will you please, pretty please, push the button that is asking you to go forward

I have nothing against a release manager and I do admire you for taking one for the team, but we're here to get your software out as fast as possible with little to no downtime,and I sure as hell can't do that if I need to make sure that the software we are pushing is stable, and everyone is on board with the changes and all admin has been followed up with.

Not a rant, just really curious?

https://redd.it/natxy3
@r_devops

Additional Insight regarding good practices regarding directly accessing elasticsearch to perform queries

Hey Everyone,

Being a Graylog user/Admin for 2.x on of the main points that I always advocate was against the directly access on Elasticsearch to perform any kind of query. Not only for the security aspect of it but also to make sure that graylog performance would not be impacted by other systems ( grafana in this case ) to perform queries directly on Elasticsearch. A few days ago, our team is debating towards granting queries capabilities directly from grafana for the mentioned points by creating a datasource on ES towards all the indexes ( or the aliased one ) so other teams that should not have access directly to graylog, could visualize some metrics on grafana.

My question would be, based on my experience and past ugly situations when granting access directly to elasticsearch. I never saw or found an official documentation stating that accessing elasticsearch directly isn’t considered good or bad practice.

Again, from my point of view based on years of graylog administration, granting access directly to elasticsearch could cause some security problems along with performance issues ( for example if someone performs a query of 1+ year on grafana and graylog being impacted by that ) but I would like to know more opinions about this.

Thanks in advance!

https://redd.it/nav0cq
@r_devops

Licenses and learning from public infrastructure code

As is common in the industry, I often use reference implementations of e. g. a certain functionality in Terraform or Ansible on Github and then implement it myself in order to actually understand the code. Unfortunately, there's often no real liberty in implementing that functionality so I'm forced to pretty much copy it with alterations to suit my style. For a practical example, I was looking at this today and I'm pretty sure there's just no substantially different way to implement AWS WAF Classic logging with Terraform. It's Apache-licensed which I guess means I'm allowed to learn from it but I'm not even really sure about that.

This has become a real problem because I avoid things that might be helpful for understanding an entire concept even if I don't look at the code later on. From my understanding (under German copyright law specifically, but this topic might also be interesting for people in other jurisdictions), code needs to have a certain level of creativity and originality to it in order to be protected. I can well see that for e. g. an interesting way to implement a complex algorithm but you don't really get to be creative with infrastructure. It's rather like craftsmanship: more or less complete as per vendor best practices if minute details like handling a single step elegantly don't matter. (Just copying an entire module is a different thing, I'm just talking about using it for reference.)

Still, I avoid looking at anything that's not licensed very permissively but I don't know if that's necessary. As with most devops things, we're not shipping our code but either use it entirely for internal needs or sell the resulting system we create with our internal code as a service or final product. (I assume the rules are very different if we'd sell e. g. a set of Terraform modules to a company to create their internal resources?)

Can someone explain how copyright and licensing affect us in this position (or devops more generally if you're good at this)? I don't think there's really any good resource for infrastructure code specifically, and the use case is quite different from "normal" code. What are my duties under the various licenses when referencing code in this situation? So far, I've just been putting a link to the original resource as a comment but that's more for documentation than anything.

https://redd.it/nb1nbi
@r_devops

How would you describe what jenkins is in simple terms?

Is it accurate to say that it runs scripts regularly at scheduled times or is that wrong or there's much more to it?

https://redd.it/nayqev
@r_devops

trying to switch from travis to github actions

Hi All,
I would like some help. I am trying to switch to Github actions. Essentially my travis file looks like this

dist: bionic
language: r
sudo : false
cache: packages

r:
- release
- devel

rpackages:
- Rcpp
- RcppArmadillo
- methods

rgithubpackages:
- jimhester/covr

warningsareerrors: true

beforeinstall:
- sudo apt-get install libharfbuzz-dev libfribidi-dev

aftersuccess:
- Rscript -e 'covr::coveralls()'

beforedeploy:
- Rscript -e 'install.packages("devtools"); devtools::install(quick = TRUE); install.packages(c("mlbench", "ggthemes", "gridExtra", "vcd", "tidyr")); devtools::document(); pkgdown::buildsite();'
deploy:
provider: pages
skip-cleanup: true
github-token: $GITHUBPAT
local-dir: docs
on:
branch: master


Any help is appreciated to get this working in Github actions

https://redd.it/nb0rol
@r_devops

Are there reputable sites (preferably canadian or somewhere without cross country restrictions) that one can sign up to potentially do some freelance devops jobs?

Looking to make some extra cash essentially

https://redd.it/nb3o6m
@r_devops

Interview DevOps engineer ??

I have a year and 6 months of experience. I have a final technical interview round for 3hours, how difficult would it be, and what would be the kind of questions can I expect?

https://redd.it/nb63r5
@r_devops

Has anyone ever worked for or with a DevOps Consulting Company?

So some backstory, I'm looking for a new gig, as the current one is starting to falls apart from the top down, and I've had a few interviews with RevOps Consulting Companies.

In my current company, I despise all the developer contractors. As they seem to do bare minimum effort or research, instead of looking for best solution and proposing it. They have no care if the company or product fails. And usually they hand us a black box, and say good luck, then when we need a patch or bug fix, they charge us so much more to fix the thing they broke in the first place.

Never worked with a DevOps consultant thou, so maybe that's different.


So what are your experiences with consulting firms in the Devops space?

https://redd.it/nb3rr0
@r_devops

jq equivalent command for jmespath cheatsheet

I was looking at this jmespath tutorial and I am wondering if there is something out there that shows the equivalent jq command for jmespath. For example (to get the value of James),

{
"people":
{"first": "James", "last": "d"},
{"first": "Jacob", "last": "e"},
{"first": "Jayden", "last": "f"},
{"missing": "different"}
,
"foo": {"bar": "baz"}
}

The jmespath query:

people*.first | 0

And in jq, I have something like this:

.people | select(.first == "James") | .first

Is there some cheatsheet that shows the equivalent jq command for jmespath? Similar to the above example. Thanks.

https://redd.it/naua1w
@r_devops

Jenkins, what's next?

In the last 2 years, I have used Jenkins day after day, got to work with a lot of helpful plugins like Job DSL, CASC, etc. Most of my work is implementing better solutions for our deployment process in different cloud providers. However, I hear about a lot of other CI/CD solutions that people use, not always Jenkins, but TeamCity, CirceCI, and more.


I don't wanna be one of those who are only comfortable working with one CI/CD tool in my short career (3 years DevOps Experience), and also I look for other solutions other than Jenkins, which might be a better fit to improve our team.
We currently have processes with over 60 parameters in our pipelines which makes it not easy to maintain (especially the groovy definitions in our repo)


What CI/CD tool you use? or, what CI/CD you would recommend me to explore?
Thanks

https://redd.it/nbin16
@r_devops