Best practices for external containers

Working on a couple of projects where we may be getting containers from vendors/partners or pulling them from places like Nvidia. Some to use directly, some to build into home grown apps.

Anyone have best practices to share on managing them?

Should we use them from provider registries? How do we make sure they are available and that we are all using the same versions?

Should we setup our own registry and manage the lifecycle ourselves? What should we setup? How do we keep them in sync with external registries?

Has anyone dealt with licensing? Should we expect license files or license managers for closed source software? We haven't asked so looking to be prepared.

Thanks for the help.

https://redd.it/nng1al
@r_devops

Will Continuous Design / Continuous Integration be a thing?

Hello everyone,

Over the past few months, I've been really digging into many of the common trends we've seen over the years relating to developer operations. I had observed that so many different processes were being automated in the developer lifecycle, but the design to development process has not, or at least not really. I had some hunches, specifically with UI/UX design to development that there are startups trying to fix this. But after digging into other types of design, I became interested in the idea that we could see many other toolsets that could aid other types of design (Architecture, Database, etc). As a play on words, I called this, "Continuous Design / Continuous Integration". I'd really like to hear the feedback of this community. I may be completely wrong but I love the idea of integrating all types of designers into the developer workflow. I share a good chunk of my research and thinking here: https://parabeac.github.io/CD-CI/

https://redd.it/nkubnv
@r_devops

Frontend programming question regarding featurebranching (DevOps way of working)

Hi guys, Im extremely new to Frontend programming and I have a question regarding DevOps best practice. Im creating a website using html css and js. This frontend does have to query out some information from backend APIs. We have dev, sta and prod, all deployed from the main branch, and people do pull featurebranches from the main branch, which usually results in deployments on the dev AWS account but with a featurebranch package. These featurebranch packages do not have that many dependencies, and if they have, they consume the main branch deployments on their respective environments.

​

The question I have is about featurebranching in the Frontend.

I notice a lot of people use environment.ts files in Angular like frameworks but that all is buildtime information, not runtime, and it feels incredibly static to me. In DevOps, shouldnt we try and look up this information more dynamically? Are there services that could help here, like AWS Cloud Map or Consul? Or do you just have to change my environment.ts file like stuff, repackage and redeploy on a featurebranch if you would like to access a different API Gateway endpoint for development purposes?

Any insight might be helpful. I have the feeling that backend frameworks have a lot more support build in for modern way of working than current frontend frameworks have. Also, it is not an option to just drop featurebranch support and claim the entire dev environment for myself since we have a ton of guys working on functionality.

Thank you in advance for some guidance. I can learn a lot from it.

https://redd.it/no90he
@r_devops

Exposing VPC/API gateway to a slack specific DNS

I have a slack bot which is running on a EC2 in a VPC.

The VPC/ API gateway is supposed to only be exposed to slack (for slack event listening), Its not supposed to be publicly accessible.
How would I filter based on slack's DNS? https://api.slack.com/robots

I saw that API gateway has resource policies however they are only IP\ AWS account\ VPC based.

Any other AWS services that can help?

https://redd.it/noak3s
@r_devops

Golang or Python for kickstart ?

I am from network security implementation background and thinking to shift my career to devops. Which programming language i should choose from between Golang and python ? Please advice

https://redd.it/no812q
@r_devops

Setting up a server with Linux/bitnami/docker/jenkins

Hi!

I develop Django apps and want to set up my own VPC but want to understand some things first.

I've used bitnami on AWS previously to host a Django app which worked good. So I think that maybe I can install bitnami on the Linux server i want to rent first.

Then I guess I want to use Docker to contain the environment I develop in.

Then I want to use Jenkins to manage testing and CI/CD.

Does this above make sense? Am I misunderstanding some of the parts or am I missing something?

https://redd.it/no6npm
@r_devops

Do you consider Devops as more of an art of science?

Obviously Devops focuses on using tools and solving problems using automation and hitting goals like faster releases.

However to be effective and good at the role is creativity and bringing new ideas also important? I ask because it can seem like just hitting and requirements and going off a specification sheet.

But there are many different ways to implement a solution and trade offs with each. Some people use terraform, others extend with Terragrunt. And then you can use Helm to update your stack, and CI will take care of everything. If you follow a different approach — say letting the systems get too complex then that becomes difficult to manage.

So how do you design the approach to be efficient, but also practical as well. As you add more features and things you want to do using tooling, then seems like more things can go wrong but that’s part of software adding new features and iterating.

In reality the end goal isn’t always desirable— I look at same an ambitious project like the game Cyberpunk not delivering on promises and being half baked. So is it the culture or processes that need to change? Because sometimes your org can’t agree on simple things and ask to cut it or go with another idea.. you see how this adds up with the final result becoming divergent from the original plan/idea on paper.

Any recommendations from knowledgeable practitioners on how to use good practices but also implement clean and agreeable design patterns?

https://redd.it/no71kd
@r_devops

How do you deploy a dockerized application on EC2 without docker hub?

I tried to deploy a dockerized app on production by doing: docker-compose up

​

However, I got this message error by trying to do so.

​

Traceback (most recent call last):
File "urllib3/connectionpool.py", line 426, in makerequest
File "<string>", line 3, in raisefrom
File "urllib3/connectionpool.py", line 421, in makerequest
File "http/client.py", line 1344, in getresponse
File "http/client.py", line 306, in begin
File "http/client.py", line 267, in readstatus
File "socket.py", line 589, in readinto
socket.timeout: timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "requests/adapters.py", line 449, in send
File "urllib3/connectionpool.py", line 727, in urlopen
File "urllib3/util/retry.py", line 403, in increment
File "urllib3/packages/six.py", line 735, in reraise
File "urllib3/connectionpool.py", line 677, in urlopen
File "urllib3/connectionpool.py", line 428, in makerequest
File "urllib3/connectionpool.py", line 336, in raisetimeout
urllib3.exceptions.ReadTimeoutError: UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "docker/api/client.py", line 205, in retrieveserverversion
File "docker/api/daemon.py", line 181, in version
File "docker/utils/decorators.py", line 46, in inner
File "docker/api/client.py", line 228, in get
File "requests/sessions.py", line 543, in get
File "requests/sessions.py", line 530, in request
File "requests/sessions.py", line 643, in send
File "requests/adapters.py", line 529, in send
requests.exceptions.ReadTimeout: UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "bin/docker-compose", line 3, in <module>
File "compose/cli/main.py", line 67, in main
File "compose/cli/main.py", line 123, in performcommand
File "compose/cli/command.py", line 69, in projectfromoptions
File "compose/cli/command.py", line 132, in getproject
File "compose/cli/dockerclient.py", line 43, in getclient
File "compose/cli/dockerclient.py", line 170, in dockerclient
File "docker/api/client.py", line 188, in init
File "docker/api/client.py", line 213, in retrieveserverversion
docker.errors.DockerException: Error while fetching server API version: UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)
1089579 Failed to execute script docker-compose

&#x200B;

Here's my docker-compose.yml file:

&#x200B;

version: '3.1'
services:
php:
image: leonard/${CPROJECT}.php:tg1
build:
context: .
dockerfile: './docker/php/Dockerfile'
dependson:
- redis
- mariadb
command:
- /bin/bash
- -c
- umask 000 && ./php-fpm-build.sh && php-fpm
networks:
- backend
volumes:
- ./htomato.com/:/var/www/:consistent
- ./htomato.com/nodemodules/:/var/www/nodemodules/:cached
- ./htomato.com/vendor/:/var/www/vendor/:cached
- ./logs/php/:/var/log/htomato/:cached

apache:
image: leonard/common.apache:tg1
build: './docker/apache/'
dependson:
- php
networks:
- frontend
- backend
- traefik

How do you deploy a dockerized application on EC2 without docker hub?

I tried to deploy a dockerized app on production by doing: docker-compose up

&#x200B;

However, I got this message error by trying to do so.

&#x200B;

Traceback (most recent call last):
File "urllib3/connectionpool.py", line 426, in _make_request
File "<string>", line 3, in raise_from
File "urllib3/connectionpool.py", line 421, in _make_request
File "http/client.py", line 1344, in getresponse
File "http/client.py", line 306, in begin
File "http/client.py", line 267, in _read_status
File "socket.py", line 589, in readinto
socket.timeout: timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "requests/adapters.py", line 449, in send
File "urllib3/connectionpool.py", line 727, in urlopen
File "urllib3/util/retry.py", line 403, in increment
File "urllib3/packages/six.py", line 735, in reraise
File "urllib3/connectionpool.py", line 677, in urlopen
File "urllib3/connectionpool.py", line 428, in _make_request
File "urllib3/connectionpool.py", line 336, in _raise_timeout
urllib3.exceptions.ReadTimeoutError: UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "docker/api/client.py", line 205, in _retrieve_server_version
File "docker/api/daemon.py", line 181, in version
File "docker/utils/decorators.py", line 46, in inner
File "docker/api/client.py", line 228, in _get
File "requests/sessions.py", line 543, in get
File "requests/sessions.py", line 530, in request
File "requests/sessions.py", line 643, in send
File "requests/adapters.py", line 529, in send
requests.exceptions.ReadTimeout: UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "bin/docker-compose", line 3, in <module>
File "compose/cli/main.py", line 67, in main
File "compose/cli/main.py", line 123, in perform_command
File "compose/cli/command.py", line 69, in project_from_options
File "compose/cli/command.py", line 132, in get_project
File "compose/cli/docker_client.py", line 43, in get_client
File "compose/cli/docker_client.py", line 170, in docker_client
File "docker/api/client.py", line 188, in __init__
File "docker/api/client.py", line 213, in _retrieve_server_version
docker.errors.DockerException: Error while fetching server API version: UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)
[1089579] Failed to execute script docker-compose

&#x200B;

Here's my docker-compose.yml file:

&#x200B;

version: '3.1'
services:
php:
image: leonard/${CPROJECT}.php:tg1
build:
context: .
dockerfile: './docker/php/Dockerfile'
depends_on:
- redis
- mariadb
command:
- /bin/bash
- -c
- umask 000 && ./php-fpm-build.sh && php-fpm
networks:
- backend
volumes:
- ./htomato.com/:/var/www/:consistent
- ./htomato.com/node_modules/:/var/www/node_modules/:cached
- ./htomato.com/vendor/:/var/www/vendor/:cached
- ./logs/php/:/var/log/htomato/:cached

apache:
image: leonard/common.apache:tg1
build: './docker/apache/'
depends_on:
- php
networks:
- frontend
- backend
- traefik

labels:
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache.rule=${HTTPRULE}
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache.service=${COMPOSE_CPROJECT_NAME}-apache
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache.entryPoints=web
- traefik.http.services.${COMPOSE_CPROJECT_NAME}-apache.loadbalancer.server.port=80

- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-ssl.rule=${HTTPRULE}
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-ssl.entryPoints=websecure
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-ssl.service=${COMPOSE_CPROJECT_NAME}-apache-ssl
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-ssl.tls=true
- traefik.http.services.${COMPOSE_CPROJECT_NAME}-apache-ssl.loadbalancer.server.port=80

- traefik.enable=true
- traefik.docker.network=webgateway
- traefik.port=80
volumes:
- ./htomato.com/public:/var/www/public
- ./docker/php/php.ini:/usr/local/etc/php/php.ini

mariadb:
image: leonard/common.mariadb:tg1
build: './docker/mariadb/'
restart: always
environment:
MYSQL_ROOT_PASSWORD: A7h2ie23
MYSQL_DATABASE: ${CPROJECT}
MYSQL_USER: ${CPROJECT}
MYSQL_PASSWORD: ${MARIADB_PASS}
DBDUMP: ${DBDUMP}
DATABASE: ${CPROJECT}
volumes:
- db-data:/var/lib/mysql
- ./docker/mariadb/import-dump.sh:/docker-entrypoint-initdb.d/a-import-dump.sh
networks:
- backend
ports:
- ${MARIADB_DEVPORT}:3301

redis:
image: redis
restart: always
networks:
- backend

varnish:
image: varnish:6.1
restart: always
depends_on:
- apache
networks:
- frontend
- backend
- traefik
volumes:
- ./docker/varnish:/etc/varnish

node:
image: leonard/node:8.17
build:
context: .
dockerfile: './docker/node/Dockerfile'

networks:
backend:
traefik:
labels:
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-gulp.rule=${HTTPRULE}
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-gulp.entryPoints=gulp
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-gulp.service=${COMPOSE_CPROJECT_NAME}-apache-gulp
- traefik.http.services.${COMPOSE_CPROJECT_NAME}-apache-gulp.loadbalancer.server.port=3000

- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-gulp-ui.rule=${HTTPRULE}
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-gulp-ui.entryPoints=gulp-ui
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-gulp-ui.service=${COMPOSE_CPROJECT_NAME}-apache-gulp-ui
- traefik.http.services.${COMPOSE_CPROJECT_NAME}-apache-gulp-ui.loadbalancer.server.port=3000

- traefik.enable=true
- traefik.docker.network=webgateway
- traefik.port=80

command:
- /bin/bash
- -c
- umask 000 && npm ci; socat TCP-LISTEN:80,fork,reuseaddr TCP:apache:80 & make css-browser
volumes:
- ./htomato.com:/htomato.com
working_dir: /htomato.com

volumes:
db-data:

networks:
frontend:
backend:
traefik:
external:
name: webgateway

&#x200B;

When I run docker-compose up on traefik and my project file on my local machine running an Ubuntu VM, I am not having any problem. Also, how do I make the app publicly accessible from the outside?

https://redd.it/nop006
@r_devops

Best way to set up a sever to host Django apps on a VPC

Hi,

I'm thinking of purchasing a VPC to host my own and clients websites/apps running with Django on the back-end. I will not be using AWS but another provider.

How would you set this up?

Linux + Docker + Jenkins? Is that enough?

https://redd.it/noh6iw
@r_devops

Getting started with DevOps

I recently picked interest in Devops, and so far I've been learning how to use some of its tools.
I started with Docker, Kubernetes and I'm about to complete my course on Ansible.

What other tool should I learn and how do I combine these tools, so I can get some hands on experience?

https://redd.it/nofcig
@r_devops

handling ecs deploys with terraform

I'm the new junior (and only) DevOps engineer for a small shop of devs. Currently there is no IaC in place. All devs currently work off one single EC2 dev instance(which has it's own host of problems..). Updates to that instance are basically running a docker-compose and pushing the image to the EC2. (Via Jenkins jobs)

My first given initiative was to give the devs a quick way to spin up/down an ephemeral environment. I was thinking of the following workflow for devs.

1. Use terraform to deploy all items required for an ECS Fargate setup(Cluster, service, task def, networking, etc)
2. Within the aws_ecs_task_definition I will set a terraform variable for image with no default so it will prompt at terraform apply i.e. "Enter your branch: "
3. BitBucket dev branches will build & push to ECR (via Jenkins) and will be tagged after the ticket(i.e. OL-2932-feature). Subsequent pushes will overwrite the current ECR image.
4. The dev will enter the branch at prompt(step 2) e.g. OL-2932-feature
5. The TF then creates all required infra while also using the branch name entered to obtain the image from ECR and use that image for ECS.

Does this workflow sound reasonable? The only concern I have is that the branch image will never change names or tags (it will always be OL-2932-feature:latest essentially, this is so the developer doesn't have to remember a variety of tags.) So another terraform apply won't refresh their infra with the newest image from ECR since TF won't detect new ECR images.


I was thinking after the initial terraform apply, use terraform apply -replace="aws_ecs_task_definition.my-api"going forward to get around that.

Curious if anyone has anything similar setup, am I going down a good path, over/under engineering?

https://redd.it/noedze
@r_devops

Monthly 'Getting into DevOps' thread - 2021/06

What is DevOps?

[AWS has a great article](https://aws.amazon.com/devops/what-is-devops/) that outlines DevOps as a work environment where development and operations teams are no longer "siloed", but instead work together across the entire application lifecycle -- from development and test to deployment to operations -- and automate processes that historically have been manual and slow.

Books to Read

The Phoenix Project - one of the original books to delve into DevOps culture, explained through the story of a fictional company on the brink of failure.
[The DevOps Handbook](https://www.amazon.com/dp/1942788002) - a practical "sequel" to The Phoenix Project.
Google's Site Reliability Engineering - Google engineers explain how they build, deploy, monitor, and maintain their systems.
[The Site Reliability Workbook](https://landing.google.com/sre/workbook/toc/) - The practical companion to the Google's Site Reliability Engineering Book
The Unicorn Project - the "sequel" to The Phoenix Project.
[DevOps for Dummies](https://www.amazon.com/DevOps-Dummies-Computer-Tech-ebook/dp/B07VXMLK3J/) - don't let the name fool you.

What Should I Learn?

Emily Wood's essay - why infrastructure as code is so important into today's world.
[2019 DevOps Roadmap](https://github.com/kamranahmedse/developer-roadmap#devops-roadmap) - one developer's ideas for which skills are needed in the DevOps world. This roadmap is controversial, as it may be too use-case specific, but serves as a good starting point for what tools are currently in use by companies.
This comment by /u/mdaffin - just remember, DevOps is a mindset to solving problems. It's less about the specific tools you know or the certificates you have, as it is the way you approach problem solving.
[This comment by /u/jpswade](https://gist.github.com/jpswade/4135841363e72ece8086146bd7bb5d91) - what is DevOps and associated terminology.
Roadmap.sh - Step by step guide for DevOps or any other Operations Role

Remember: DevOps as a term and as a practice is still in flux, and is more about culture change than it is specific tooling. As such, specific skills and tool-sets are not universal, and recommendations for them should be taken only as suggestions.

Previous Threads
https://www.reddit.com/r/devops/comments/n2n1jk/monthlygettingintodevopsthread202105/

https://www.reddit.com/r/devops/comments/mhx15t/monthlygettingintodevopsthread202104/

https://www.reddit.com/r/devops/comments/lvet1r/monthlygettingintodevopsthread202103/

https://www.reddit.com/r/devops/comments/la7j8w/monthlygettingintodevopsthread202102/

https://www.reddit.com/r/devops/comments/koijyu/monthlygettingintodevopsthread202101/

https://www.reddit.com/r/devops/comments/k4v7s0/monthlygettingintodevopsthread202012/

https://www.reddit.com/r/devops/comments/jmdce9/monthlygettingintodevopsthread202011/

https://www.reddit.com/r/devops/comments/j3i2p5/monthlygettingintodevopsthread202010/

https://www.reddit.com/r/devops/comments/ikf91l/monthlygettingintodevopsthread202009/

https://www.reddit.com/r/devops/comments/i1n8rz/monthlygettingintodevopsthread202008/

https://www.reddit.com/r/devops/comments/hjehb7/monthlygettingintodevopsthread202007/

https://www.reddit.com/r/devops/comments/gulrm9/monthlygettingintodevopsthread202006/


https://www.reddit.com/r/devops/comments/axcebk/monthlygettingintodevopsthread/

Please keep this on topic (as a reference for those new to devops).

https://redd.it/npua0y
@r_devops

Monthly 'Shameless Self Promotion' thread - 2021/06

Feel free to post your personal projects here. Just keep it to one project per comment thread.

https://redd.it/npuade
@r_devops

Responding to a sudo password request in a script?



New, so apologies for the wording. Essentially, I'm trying to run a script that contains a sudo command. It's part of a larger process that I'm trying to automate. Is there any way to respond to the password request within the script? I've tried a few things / googling but I haven't had any luck

This is what i tried

sshpass -p $password ssh -t $username@$ip "echo $password | sudo -S docker load < testimage.tar"

when i run this the docker command fails with ,"incorrect password"

I appreciate any time or guidance, thanks!

https://redd.it/npvlro
@r_devops

What CDN should I choose with Vercel?

I'm building a stock photo/illustration/icon site with Vercel. But not sure which CDN to go for.
So far Fastly, Cloudfront (not sure how hard it'll be to set up), mxcdn caught my eye.

What would you recommend?

https://redd.it/npv1bg
@r_devops

Workarounds to AWS Site-vpn CIDR overlap with DX

Looking to setup a site-to-site VPN from AWS to customer Data center running Cisco Meraki Gateway. This shouldn't be much of hassle setting up and getting the tunnels up, however the issue is we are both on overlapping subnet CIDR.

The problem is that AWS transit gateway/site-vpn setup doesn't allow SNAT/DNAT and in this case the customer gateway (Meraki) also doesn't support SNAT/DNAT as a workaround.

I looked up setting up Openswan to SNAT/DNAT but the https://aws.amazon.com/articles/connecting-cisco-asa-to-vpc-ec2-instance-ipsec/ mentions setting up NAT on the destination side as well.

What are the some of the workarounds I can do to get this tunnels up and running?

I see one such solution from AWS but it is kind of cumbersome https://github.com/aws-samples/aws-transit-gateway-overlapping-cidrs

https://redd.it/nps17b
@r_devops

Add AD user to local Admin group

How to add AD user to local Admin group using chef

https://redd.it/nppob4
@r_devops

Is it a good idea to add branch tags when commit history exists in Azure DevOps Repos?

Hi Everyone!

In one of the courses I took today, I noticed he was discussing the use of branch tags and it looks like a helpful feature for tracking commits and repositories. Another thing I noticed as well is that changes and commits are still visible in your commit histories, indicating your version updates.

I would like to get some suggestions on when branch tagging should be added. Is it a good idea to add branch tags on every commit or for every release?
When is branch tagging more useful than reading previous commits?

Thank you for your insights!

https://redd.it/npopds
@r_devops

Learning Spinnaker

Hi
Does anyone have good resources to learn Spinnaker (with AWA and Kubernetes)?

Thanks in advance.

https://redd.it/npn84v
@r_devops