Best product to manage access to remote on-prem servers?

Let's say we will have 500 Linux servers out in the wild on private networks.

They can each establish a reverse proxy, and using passwordless authentication and SSH keys, as well as only one ssh key in the authorizedkeys file, I can confirm that my laptop is the only one able to connect.

However, let's say I'd like some program to manage this access. What would be the best way to handle this? Ideally, this program can add and remove SSH keys to the authorizedkeys on the server as necessary. OR potentially users must authenticate with this product, which then grants access to the server.

This is probably trivial, but I'm a bit confused on how to proceed. Obviously, I could go into each server and add/remove keys but this seems tedious. I could also use something like Ansible to handle this in a well-scaled way, however I would still prefer some web GUI to handle adding/removing keys or adding/removing users that can then access the single key.

I hope this make sense!

https://redd.it/o7rpzv
@r_devops

Why is learning Kubernetes so intimidating?

During customer interviews, while I was building OpsDrill, I was shocked by something. Very talented DevOps folks were having a hard time learning Kubernetes.

“I’ve been dragging my feet on learning”

“I’ve started and given up 3 times”

“I don’t know where to start, afraid it will mess up my laptop”

“It’s overwhelming”

I was relieved to hear this as I also found k8s intimidating at first.

There is a lot of great free material out there, but some of it feels like jumping straight into “Kubernetes 301: PhD in Containerology”.

(Kubernetes the Hard Way I’m looking at you. An amazing resource, but a very steep on-ramp for busy DevOps folks.)

In the past I’ve built games for learning as well as spaced repetition apps for helping to memorize materials. Would you be interested in

An adventure game
Played 15 minutes a day
Using real Kubernetes commands
To really, finally, learn Kubernetes?

https://redd.it/o7w9yn
@r_devops

GitHub - Publishing a pre-release on push to main (master) branch

I need my latest build artifacts to be available at any time. Currently, I do it by creating a GitHub release, which triggers a GitHub Actions workflow that publishes build artifacts to the created release.

I'd like to have a pre-release that is always up-to-date with my main (master) branch. Expected behavior:

1. git push to master
1. Workflow gets current latest release version 0.0.1rc1, pre-release==false
1. Workflow bumps current latest release 0.0.1rc2
1. Workflow creates a new release 0.0.1rc2, pre-release=true (if the release exists, skips this step)
1. Workflow uploads assets to 0.0.1rc2 and overwrites existing assets

Each push to master will always update 0.0.1rc2 and its build assets. Once I decide to create a new release 0.0.1rc3, pre-release=false, the same workflow will create a new release 0.0.1rc4, pre-release=true, and update its assets for each push to master, and so on ...

Does that make sense? Do you think it's a good/bad way to publish artifacts? Any thoughts/feedback is appreciated.

https://redd.it/o7nsuy
@r_devops

DevOps/cloud jobs outsourced to India?

Does anyone have statistics about DevOps, cloud engineer jobs being outsourced to India or other countries?

In my mind, since it is cloud which is accessible everywhere, it is like software development, it can be easily outsourced.

Appreciate any insight.

https://redd.it/o7yp7g
@r_devops

Using Ansible and Python in ESXi

Hey guys,

I am trying to do some playbooks with ansible to create and manage some VMs in ESXi but i am having some troubles.

First i check the connection and everything is working, i can even send bash commands with ansible.

I made a playbook that creates a VM but everytime i try to create i have `requests` error saying that i dont have `requests` installed in ESXi. So i tried to install requests but i dont have `pip` or `apt` and i cant even install setuptools with `python setup.py install`.

​

Are there any ways i can make this work? I think i need to install pip in ESXi but i dont know any other way i can do this

​

​

Here is my playbook

​

```yaml

\---

\- hosts: esxi

tasks:

\- name: Create VM based on Template

vmware_guest:

hostname: ""

username: ""

password: ""

validate_certs: False

name: TESTE

template: AWX-Template

datacenter: "Lab"

folder: /vmfs/volumes/HDD_2

state: poweredon

networks:

\- name: VM Network

type: static

start_connected: true

ip: 10.0.0.2

netmask: 255.255.255.0

gateway: 10.0.0.1

customization:

domain: lab.local

dns_servers:

\- 8.8.8.8

\- 8.8.4.4

wait_for_ip_address: yes

wait_for_customization: yes

​

​

```

https://redd.it/o7yo1n
@r_devops

Being SRE in the USA

Any SREs in the USA on here? I am based in the UK and I have been wondering about salary ranges depending on experience in the USA. I guess it depends on location as well. Thanks

https://redd.it/o7m92i
@r_devops

Sharing our Traefik runbook

Hey /r/devops!

At https://mediamachine.io we use traefik as a reverse proxy and we wrote an article about how we configured it to help us handle our incoming requests.

You can find the article here: https://mediamachine.io/blog/mediamachine-runbook-for-traefik .

Please take a look at it, and let me know if it's useful for you, or if you think we should write more about how we're using it.

Thanks!

https://redd.it/o7ezxp
@r_devops

4 years of devops background without know how to program

Yep, exactly what the title says. I have 4 years of experience in DevOps without knowing how to program, I can read code (Groovy and Python) but I'm not able to develop complex Jenkins libraries and automation with Python.
My background is more on the infrastructure side. I have 3 AWS certifications and another one from Red Hat...I can write simple bash scripts and also simple Jenkins Pipelines. Also I can write Docker and task-definitions for ECS, Terraform and Linux.

Recently I joined a new company where the core of the DevOps pipeline is a Jenkins Shared Library and since I can understand a bit of what it does I'm pretty sure I won't be able to maintain it and I'm a bit scared of don't know how to approach that. Any recommendation? (Courses, Tips, Tutorials)

Btw sorry for any bad written word, english is not my native language.

https://redd.it/o7dw1u
@r_devops

This is udemy DevOps class good?

Have you taken this class? Basing on reviews, it seems a good class. I am new to and want to expand on Ansible, Kubernetes and AWS. Would this be a quick good hands-on, intro class, to get more into DevOps?

Thanks.

# DevOps Project: CI/CD with Jenkins Ansible Docker Kubernetes

https://www.udemy.com/course/valaxy-devops/

#

https://redd.it/o83mxq
@r_devops

Help with selection process (logic test + personal presentation).

I have applied to the selection process of this company (bank) for hiring software developers. The first part consists in a logic test and personal presentation.

I accept help with materials to practice the logic part. Reports from people who have already participated of similar processes are welcome, since I have no idea of what is waiting for me. And any contributions that you deem constructive for an interview will be very useful, too. Thank you.

https://redd.it/o83444
@r_devops

Open Question: Terraform Scaling Challenges

Have you or are you in the process of expanding the set of people that are managing Terraform at your company? From trusted experts to dozens or hundreds of committers, what is your experience.

What challenges are you running into? How are you keeping reliability from suffering as you make this transition?

https://redd.it/o7ag2e
@r_devops

Vault Setup recommendation



Hi I am trying to install Hashicorp vault as docker. I have very basic questions.Thanks in advance for taking time to answer these.

Is it necessary to provide sudoer privilege to Vault. [or run as root on the host\]

Since I am having ( unable to set CAP_SETFCAP effective capability: Operation not permitted, Error initializing storage of type raft: failed to create fsm etc) errors.

Thank you again.

https://redd.it/o72zp1
@r_devops

From .NET Developer to DevOps - Recipe Please...

**Facts**

* 20 years as a .NET developer with everything that goes with it (C#, SQL Server, blah, blah, blah...)
* Currently working for Navy
* Hold Secret Clearance and Security+ Certificate


I want to break into DevOps. Because if my DoD employment should I go for AWS DevOps or Azure DevOps? I'm currently working in AWS as a dev and someone told me to get the Azure DevOps cert.


Confused. Need guidance.

https://redd.it/o71mfm
@r_devops

I don't understand how to deploy into a local apache server with Gitlab CI/CD.

A heads up : It's my very first time trying to write a pipeline by myself. I've read docs, had courses, etc. but going into practice is very different than reading or listening to some guy doing it. Besides I only learn by doing.

For real. I really don't get it.

[https://docs.gitlab.com/ee/ci/environments/](https://docs.gitlab.com/ee/ci/environments/)

The documentation does not help. It just shows how to upload to an... url ? What ? I really don't understand.

Basically, what I'd like to do, is to build my angular code, then upload it to a local server of mine, in a specific folder. Doesn't sound that much complex on paper, but it seems it is with Gitlab's CI/CD...

I run a Debian server. Using Apache web server. The website is already hosted (via code I manually dumped) and the full configuration of it is done.

I saw some people suggesting SSH, and while this sound the most logical choice to run my commands, I can't help but be a bit confused : my Gitlab runner runs docker, not ssh. Does that mean I need to change my runner's type into SSH ? Or I can connect into ssh using that docker executor ?

Also, that means I would need to extract my previously built artifact. But If I use a different image than my build job, won't that make it impossible to access the artifacts ? (Basically I see each stage as it's own service without any way to communicate to each other, or at least that's how I understand it)

My pipeline looks like this so far I used a template to help :

stages:
- build
- deploy

build-job:
image: node:latest
stage: build
script:
- npm install
- npm run build
cache:
paths:
- node_modules/
artifacts:
paths:
- dist/

deploy-job: #What I should do here ?
stage: deploy
script:
- echo "Application successfully deployed."

The build process runs without a fail... does not look super complex tho.

So hum, what I'm supposed to do here ?

Thanks for the explanations.

https://redd.it/o87rey
@r_devops

Flexible ad serving platform for carving up impressions by priority?

Been using DFP/Ad Manager 10+ years with static deliveries, such as x customer receives 1M impressions over y period.

But new requirements are 100% dynamic delivery ranked solely in priority like low, medium, high or perhaps better way to visualize is under, normal, over deliver -- without a fixed static number of impressions to each line item.

Advertisers are added and eliminated over the course of any fixed period, and are divided dynamically as under weight, normal weight, over weight.

I figured I need to write a custom simulation, but first if anyone knows this could be met with existing service, let me know.

https://redd.it/o8bs7d
@r_devops

Alternatives to dynatrace?

I’m just interested in anyone who has had a good experience with vendors or open source options other than dynatrace.

Would love to hear your experiences

https://redd.it/o8et9t
@r_devops

Military newbie that needs help

Hello everyone hope your weekend is going well. I'm writing to ask what can I as active duty navy(transitioning to the civilian world in a few months) can do to get my feet wet. I have 12 years of active duty service in the intelligence community and I have my bachelor's with a TS/SCI clearance. I look on LinkedIn and other job sites and see a lot of positions for devops but I know I dont qualify for those positions. I'm currently enrolled in a accelerated VETEC program for the devops pathway and at the end of this I will have sec+, CEH, and Splunk. I really don't know how those certs will help lay the foundation for devops but those are the certs the class requires us to obtain. Since I have a few months left on active duty what can I do to not only strengthen my working knowledge for technical interviews but where can I begin to learn the basics towards the devops pathway. I realize DEVOPs means different things to different people but any and all advise would be appreciated. Sorry for the long post.

https://redd.it/o8h65w
@r_devops

Do you manually approve builds as they roll out to each environment?

Kind of a simple question, but just wanted to get some idea of what others are doing / experiencing in their jobs. Does your CI/CD process include manual approvals, or do you automate to the point where you can trust your testing frameworks so that issues don't make it to production?

View Poll

https://redd.it/o8i2en
@r_devops

YouTube music lost one subscription

Yesterday night I tried to sign-up for their monthly subscription plan and their payment gateway page closes after entering my card details

I realized no one is perfect, we see Google SRE as a default standard for DevOps but no one is perfect !!

https://redd.it/o8cz16
@r_devops

How many requests per second are considered 'Heavy Load'?

I'm trying to quantify this in numbers even it is hard to come up with numbers that works for everything. any guide/tutorial would be appreciated!

https://redd.it/o8mxq0
@r_devops

Kuberneties

Hi. Why is kuberneties so popular? If we are an AWS shop and use ECS are we missing out on the benefits of kuberneties. I want to make sure we are doing the right thing in the long run. Thanks.

https://redd.it/o8nl5u
@r_devops