Tools to create a development VM

Hello,

I'm pretty ignorant on devops tooling. I'm trying to figure out the baseline tools needed to create a development vm for my development team.

Effectively, I want to create a Ubuntu 20.04 iso for VM Ware with some basic software already installed and configured: compilers, IDEs, docker, some more software packages. I'd like a reproducible way to create this VM, but once it is created I can host it for developers to pull down.

Tools like Packer / Vagrant look promising, but I'm not sure. Does anyone have a guide for this sort of developer environment setup?

https://redd.it/o5q24n
@r_devops

Enterprise On-Prem Container Image Hosting

Currently, we are using Harbor as our container registry. Either due to lack of knowledge or limitations of Harbor, we are finding it very hard to manage it at scale. For audit and security compliance reasons we have 5 instances that are separated at the network layer with only some users having the ability to replicate images to make sure only approved images are able to be run in production.

The biggest issues we have are

Nested group membership in AD
Keeping project settings in sync between the multiple instances
Ensuring only approved images go into a project that is used for production
Cleaning up users who have been offboarded. (why do we have to do this at the database level if they are ldap users)

Does anybody have any suggestions for a more robust on-prem container image hosting service that works for larger enterprises with strict security compliance requirements that allow less than technical members to approve images for production use?

Thank you,

https://redd.it/o5ozf6
@r_devops

How do you handle 'silent errors'?

Our applicative logs contain error entries: Commonly, the code keeps reporting about custom errors, 99% are not severe rather non-happy scenarios that are easy recoverable (e.g. failed to approach some 3rd party API). Naturally with time, given this noisy log, we started to ignore these error entries. Everything is OK usually, the app is up, until one day some error will be really meaningful and lead to customer-facing consequences. How do you handle the visibility and alerts of your errors?


Yes, we have common alerts for black-box metrics (e.g. latency, error rate), it still doesn't protect us from ignoring a really severe error one day

https://redd.it/o5oeth
@r_devops

What are your experiences using a PaaS for hosting your containerized apps?

If so, which one? We're primarily an AWS shop, so wondering if EKS is a good route. Or if there are good abstractions that sit on top of EKS that may be worth a look? Ideally looking for something that streamlines the deploy/release stage, too.

 

HashiCorp Waypoint looks interesting, although fairly young. What else should I be looking at?

https://redd.it/o5tyya
@r_devops

How to monitor for exposed domains?

We have qa/stage domains that sometimes get exposed when admins renew a cert, or whatever reason. Are there any tools, preferably free, that can monitor if our stage domains are exposed to the world?

https://redd.it/o5oka3
@r_devops

Here is something worth reading- How much testing is enough.

A familiar question every software developer and team grapples with is, “How much testing is enough to qualify a software release?” A lot depends on the type of software, its purpose, and its target audience. One would expect a far more rigorous approach to testing commercial search engine than a simple smartphone flashlight application. Yet no matter what the application, the question of how much testing is sufficient .....

https://testing.googleblog.com/2021/06/how-much-testing-is-enough.html

https://redd.it/o5kmq9
@r_devops

Too many security products, too little time - help?

Right now we have a lot of security and code analysis products in place at my company. We're transitioning from "Nobody works in devops" to DevSecOps + platform engineering - it's already too much to do, so we're looking at what we can consolidate for all of that, and I'm not a security guy.

Current security products and what they do that we have in place:

* Anomaly detection - AWS guarduty -> Alienvault
* Host vuln -> Alienvault
* Static code analysis -> codacy
* Dependency analysis -> snyk.io
* Rapid7 Insight VM -> dashboard and security project management
* Rapid7 InsightAppSec -> Dynamic Application Testing
* Container scanning -> AWS ECR

I'm looking for help finding good products that we can consolidate on to meet our needs, or if we really do need a million different security products. How are you guys doing security and what products do you use?


Things we care about:

* Infrastructure as code, even for our security products if possible - Rapid7 still has a lot of manual configuration steps that make it hard to maintain
* As few products as possible to meet our needs - we have way too many logins and dashboards for my team to maintain right now - trying to reduce that surface area.

https://redd.it/o5v627
@r_devops

For those that use Sonarqube for SAST, what security vulnerabilities do you break build on?

Just wondering what you guys break build on? We are implementing Sonarqube and wanted some guidance on what to consider.

https://redd.it/o5zvsa
@r_devops

Live Terraform Coding Interview Session

I’ve posted this in r/sysadmin but would like to share it here as well.

I was interviewing with a company that I really wanted to work for. Position is Senior DevOps Engineer. 3rd interview was live terraform coding session. Nothing else but Terraform.

I’ve interviewed with few companies and they all had live coding session using high level programming language but none actually did live terraform coding session.

I was asked to create environment to have nginx container up and running.

I can explain from top to bottom what’s needed to achieve this and how I would implement the environment but live Terraform coding session??

Has anyone ran into this before? I might be wrong but feel like this is just poor interview setup.

https://redd.it/o5wybe
@r_devops

Looking for an HTTP load-testing tool that can POST variable payloads

I'm doing load-testing of a backend API service, and I need to be able to increment a JSON field in the payload on every request. Most of the HTTP load testers I've looked at seem to be oriented at reproducing complex workflows for front-end stuff. I just need to hit one endpoint at variable rates while incrementing a counter in the payload. Does anyone happen to know of a tool that'd be able to accomplish this? Simpler is better in this case.

https://redd.it/o60i7g
@r_devops

Phorklift is an HTTP daemon with clear, powerful and dynamic configuration

The main feature of Phorklift is using Lua as configuration. It's very clear in most cases. While it can be powerful if need. It can even create/update/delete the configuration dynamiclly, may be used for e.g. micro-service.

The project's page describes this in details and gives some configuration fragments. There are also some more complete configuration examples.

I think this is suitable for devops.

https://redd.it/o63cnh
@r_devops

Creating stored procedures through UrbanCodeDeploy pipelines.

I was wondering if anyone here has some idea on creating stored procedures in Microsoft SQL Server through UrbanCodeDeploy pipelines. I tried googling but wasn't able to find any relevant solution

https://redd.it/o62qog
@r_devops

For those doing CI/CD for Xamarin, do any of you use GitHub Actions but offload to your own server?

Do you recommend this as one way to go or do you prefer using AppCenter and integrating that with GitHub?

https://redd.it/o64sgv
@r_devops

Software Dev to Devops

I am thinking of getting a few certs to make a career change:

- RHCSA
- AWS certified Developer
- AWS Devops Engineer

I don’t have much experience in any of these areas and have a training center near by so I am thinking it couldn’t hurt. Would you include anything like VMware? Do you think certs hold value? Appreciate all opinions!

https://redd.it/o64kpj
@r_devops

Is it just me, or do companies think DevOps engineers can solve all their problems

I've recently been looking at applying at companies to grow my career as a DevOps engineer.

I'm noticing that allot of companies don't seem to understand the role of a DevOps engineer or the culture of DevOps.

For example, they would list requirements that are not at all DevOps related and more security or network related, which in that case should they not just hire a network engineer ?

And regarding security, should they not then list the position as a DevSecOps engineer ?

Im getting really frustrated.

It almost feels that companies think if they have a issue they can't solve, they need to hire a DevOps engineer , since we are some type of magician that can solve all of their problems.

Is it just me thinking like this ?

https://redd.it/o66jto
@r_devops

Build Cross-Platform apps with .NET Core with these best practices

https://arohi-adhyaru.medium.com/build-cross-platform-apps-with-net-core-with-these-best-practices-9dcc7d31d15a

https://redd.it/o661lz
@r_devops

Getting into DevOps

Hello,

I’m after some information that would help me get into the DevOps role as I unfortunately flunked out of my CS degree (final year) as I was not in a good situation.

Currently, I am in the “do everything from web dev, customer service, setup and configure networks, AD management, to backups, patch management for software and servers, AV endpoint management, incident response, Azure/365 admin, diagnose common problems with software, hardware and all three major OSes, hardware repair, random security related tasks and the list goes on” role at a small company for 1 year. (Don’t even know the title for my job would be)

I am working towards getting entry-level AWS certificates and RHCSA as I see them to be the best for getting my foot in the door (would prefer to be vendor agnostic with Linux), as well as playing with Git, Docker, Ansible, Terraform and K8s, while concurrently playing with Python, Golang and ML. Going to start with Jenkins soon. I have always been interested in the Pen testing role (also working towards OSCP), but am open to the wider InfoSec/CyberSec role.

Am based in the UK. Any suggestions on what I should do break into the space? Not many junior roles around me and worried that the lack of degree would close a lot of doors on me.

Thank you.

https://redd.it/o68mxc
@r_devops

Development databases in Docker aren’t good enough

Hi r/devops,

Full disclosure - I'm a software engineer working on Spawn. We've put together this blog post to discuss why we think Docker falls short of giving you realistic and useful development database environments: https://medium.com/spawn-db/development-databases-in-docker-arent-good-enough-503ea95e7545

Your thoughts and opinions on this would be very welcome!

We've certainly felt the pain of using development database environments only to find out that our changes go wrong when they reach production. We built Spawn to try and make that pain go away by making it possible to instantly provision realistic production-like environments for Dev and CI workflows.

https://redd.it/o69rbz
@r_devops

Six mistakes to avoid while considering DevOps transformation

Discussed a few common mistakes that businesses should avoid to achieve transformational change with DevOps. What to Avoid When Considering DevOps Transformation

https://redd.it/o69g8u
@r_devops

What is your opinion on Incident Management Tools

Hey Folks,


I am interested in what other teams are using for incident management tooling.
Are you rolling your own or using a SAAS provider such as Pagerduty / Splunk On Call (formerly Victorops) / Squadcast.
I am currently going down the journey of implementing a third party service to intelligently handle alert / event notification and routing.


From what I have seen so far a lot of the providers seem to have feature parity with the key difference coming down to price.

https://redd.it/o67ib1
@r_devops

setting up a new environment in azure (beside the existing AD)

hey guys,

coming from google cloud, so azure is kind of new for me (and the company I joined as well)...

i want to setup a somehow separated cluster for k8s and create all the needed stuff like networks, etc. with terraform.

we already use office365 and the azure AD, but nothing else like VMs or DBs.

how can I avoid destroying the AD while creating my k8s stuff? no on in the company has knowledge about that, and I maybe google'd the wrong stuff.

can I just create a "project" like in google cloud (is that "Tennant" the proper equivalent thing for this?) or do I need to do something else?

Best,

dejeckehoot

https://redd.it/o6cil6
@r_devops