Make GitHub Workflows run consecutively

I just started to write articles about stuff I dive into when developing. Currently that's GitHub Actions, so I thought devops is a suitable subreddit and I'd love to get a bit more feedback so I'm sharing it here as well. Hope that's Ok. If not, please suggest a more suitable subreddit.

When writing an article it will be mostly about some code that I published I guess. As I said, I just started and I hope to not give up too soon. :)

Article: https://markus-kottlaender.medium.com/make-github-workflows-run-consecutively-4d98840ed600

GitHub Action: https://github.com/marketplace/actions/consecutive-workflow-action

Hope it's interesting for someone.

https://redd.it/olpdcs
@r_devops

Jenkins CI Build Error

I setup a Jenkins pipeline for my Angular project. During the build I receive this error. I'm not sure how to resolve this one? Thankss.

found 2 moderate severity vulnerabilities
run npm audit fix to fix them, or npm audit for details
Pipeline }
Pipeline // nodejs
Pipeline }
Pipeline // stage
Pipeline }
Pipeline // node
Pipeline End of Pipeline
java.lang.NullPointerException: Cannot get property 'ha' on null object
at org.codehaus.groovy.runtime.NullObject.getProperty(NullObject.java:60)
at org.codehaus.groovy.runtime.InvokerHelper.getProperty(InvokerHelper.java:174)
at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.getProperty(ScriptBytecodeAdapter.java:456)
at org.kohsuke.groovy.sandbox.impl.Checker$7.call(Checker.java:355)

https://redd.it/olthoa
@r_devops

I did it, I finally made it into Operations!

I start this Monday!

I've been in IT for 6 years, started service desk, then admin, then support engineer. All 3 were customer facing for an MSP with the roles based purely in linux. I've been terrified to leave, and had 0 confidence in my abilities, but gave it a shot nonetheless.

I had been looking for just over a year, but really dove hard into applying over the last month. It's a very small company (<100) compared to where I was (\~8,000) . The role is as an Linux Operations Engineer, with nearly double the pay! I think having a homelab helped a lot.

I am very excited but also extremely nervous/anxious. I didn't realize how comfortable I had gotten in my old role, despite hating it. It will be a weird shift, I have a lot more responsibility now which is thrilling and scary. There are a number of new things I get to learn and play with. Once I get over the initial imposter syndrome/nerves, I think it's going to be a lot of fun! I've been wanting to do a lot of this stuff for ages, and it just wasn't really possible in my prior roles.

I am a bit anxious about being on-call as I haven't before. In my prior role I was in a phone queue, and I would get a lot of firefighting calls and alerts for clients, and was one of the reasons I looked to leave. I imagine on-call would be less stressful than that? I asked about their last major incident, which was over a year ago due to something with a 3rd party, so that was reassuring.

I may have to do some database things (mysql/mariadb), which I won't lie is intimidating (I get nervous/stressed). While I do have some experience, that's probably one of my weaker areas. Once I learn a bit more though, I imagine that will subside.

In any case, terrified and excited to start the journey! If you have any advice or wisdom on pre-job jitters/post job start, I would be happy to hear it :)

https://redd.it/oluwgz
@r_devops

Using Terraform automate the process of stopping EC2 instance with AWS Lambda

Using Terraform automate the process of stopping EC2 instance with AWS Lambda

https://www.youtube.com/watch?v=Z2G3tST4d1c

https://redd.it/olurdz
@r_devops

Secure HTTP and TCP tunnels that work anywhere

I thought the r/devops subreddit might be interested in this project I just found!

https://github.com/inlets/inlets-pro

https://redd.it/olv5cy
@r_devops

Devops jobs(iaas)

I've like 2 years of experience as an IAAS developer and overall 6 years of experience as a backend developer.

Is anyone aware of openings(remote/sponsored) in any growing cloud iaas provider ?

Skills mostly are infrastructure designing, go, java, Terraform provider development, openapi and microservices.

Kinda stuck somewhere and mostly looking for a rewarding challenge.

https://redd.it/om0vwx
@r_devops

Feeling bad about leaving my company

I recently got a good offer for an SRE position in a big UK company. My goal is FAANG in few years and i think moving to the new company will help me to achieve that.

The problem is, i am feeling kind of bad about leaving my current company. I like everybody here and i never had an issue. It's a startup and i am the only "devops guy". I joined as junior and i had a great career progression in terms of responsibilities and salary. I am free to try whatever i want and make changes but in terms of numbers like users we are stuck. In 3 years literally no growth, i never had a scaling issue because there is no load at all. Also no public cloud whatsoever and there is no plan to adopt it.

The new role is amazing and the manager really wants me to join and i really want to but i have this weird feeling, i feel guilty.

Did any of you have a similar experience?

https://redd.it/om17h6
@r_devops

Autoscale for docker swarm

Service to scale up and down containers in swarm depending on the load

It is one of the features, lack of which swarm makes k8s a no brainer for many use cases. The plan is to make a simple stack addon that will deploy on swarm manager and control replicas of other services based on CPU usage.

I am looking for feedback on whether this is something that will have any practical use case?

link to my repo: https://github.com/Bearbobs/autoscaler-docker-swarm

Thanks

https://redd.it/om3egp
@r_devops

Keen to train me up in software to become a DevOps where is a good place to start for an absolute beginner?

I am 31 years old and have no technical experience whatsoever apart from a bit of UX design which I did whilst studying graphic design in university. I am becoming more interested in what happens behind the scenes and would like to work as a DevOps in the future. I have no idea however where, to begin with, anything so any help would be welcome. My current role is based around healthcare and has no relation at all to technology.

https://redd.it/om5uty
@r_devops

What’s a good tool to collect periodic server metrics (cpu/men/bw) and open FDs? CSV output.

Need a tool to poll those stats periodically. Open FD count would be good too. I was looking at vmstat, netstat, iostat , etc… wondering if anyone has had experience / wisdom in this area.

https://redd.it/om7pv4
@r_devops

Can you recommend me a good Terraform course on Udemy?

I'm looking to catch the promo offers they have going on in the next 2 days.

I've used Terraform a few times, but I definitely consider myself as a beginner

https://redd.it/om99b3
@r_devops

Stackoverflow Enterprise & Business Edition: Opinions?

Hi,

I'm looking for opinions on the StackOverflow Enterprise or Business licenses. The problem is the price : $12 per month, per user -- regardless of engagement. For 6000 users, that's $800k per year, every year!

Is it really worth paying that much for?

https://redd.it/omatac
@r_devops

What tools can I use to set up a Pi-Hole and Ubiquiti cloud key "containers" and VM's as a newbie

Heya, as a newbie I have been looking to get into Linux and VM's and "containerization?"

&#x200B;

I have seen so many cloud posts etc I just want to start with a simple project at home that I'd be passionate about.

&#x200B;

I have some experience being an IT admin and I guess the goal is to learn Linux. I have a desktop running Ubuntu now and I want to delve deeper.

&#x200B;

So here's my question, I found a guide that references creating a KVM hypervisor using spacewalk however it's not around anymore what tools or guides would be best to work with here? I know this may be asked all the time but I would like some help specific to my project if there is a guide?

&#x200B;

I have access to a cloud guru, Linux academy, Pluralsight, and probably some other tools but I just want to get started and find the right tools, etc.

&#x200B;

Thanks in advance 🙏

&#x200B;

Edit: I have an old dell i5 2500 with 16 gigs of ram that I can use on my network will this do the job?
Edit 2:Here is the reddit post I keep coming back to years later because I understand how this guy puts it.

https://redd.it/om9vpv
@r_devops

I recently lost my job. I have made a 100 days plan to learn and upskill for job opportunities in DevOps. Could you review my plan and help me improve

I recently lost my job as my company closed down. I have 8 years of experience in manual testing. I have decided to upskill myself and start looking for jobs in Junior Devops roles. I have created a study plan. Please let me know if it is feasible or an over enthusiastic plan.


I intend to study 10-12 hrs a day for next 100 days. The main area of focus would be system administration, python programming, devops tools and one cloud platform. The breakup is as follows


1) System Administration : Focused on RHCSA/RHCE -- 3hours per day
2) Python Programming: Learn enough for scripting. -- 3hours per day
3) DevOps Tools: Ansible, Docker, Kubernetes -- 3hours per day
4) Cloud: GCP -- 3hours per day


Would it be wise to learn these 4 topics in parallel or should i concentrate one one area, complete it and then move to the next one.

https://redd.it/omc324
@r_devops

Using GCP or AWS instances for remote work

Is there a way I can use a Linux instance or compute engine to pull an IP from the modem at a remote office? I want to do this in order to run security scans of the network without having to drive out to said location over 100 miles away. I have someone who will be able to log me into a laptop on site and can even provide a Zoom session, but that device wont have all of the tools I need installed in order to complete my work. Im hoping to spin up a linux box in the cloud, install the tools, and then access it via web to run all scans remotely each month when necessary.

https://redd.it/om86le
@r_devops

Kubernetes + Git Book Recommendations?

Hi All,

I'm reaching the final lessons in a Udacity SUSE scholarship program I got to be a part of. In this program we covered CI/CD and got to do some great hands on projects using GitHub, Docker, Kubernetes, building images to DockerHub. It was a great ice breaker into the world of hands on DevOps.

My issue is that my retention of the material isn't great. I really need to practice this more and need to learn more details on how to implement this in real life. I need to do more hands on exercises. I'm thinking that finding a good book or two would be a great contrast and offer some more depth.

Are there any books on the topic that you could recommend?

What methods of study have helped you get the best retention? I figure hands on at work is the trump card, but short of that...

https://redd.it/omijmb
@r_devops

Combining Terraform IaC with GitOps

How coupled is your Terraform Infra and GitOps apps (Flux/ArgoCD/whatever)?

Situation: Terraform is pretty good at creating AWS resources. We want a service owner to be able to create the IAM Role/Policy and any backend resources (Dynamo, RDS, Elasticache, etc.) as well as deploy the apps to Kubernetes. This would work best if it can take advantage of things like remote state/data look-ups from other already created Terraform resource (namely ACM, R53, and VPC resources). For example for RDS, we would want to be able to specify the subnets, etc.

The present GitOps repo is based on kustomize. The base is the service (vanilla, no per-env specifics), and overlays provide all of the "last-mile" configuration. This usually includes some sort of Ingress (with hostname), and the IAM Roles for Service Accounts (IRSA) setup in the overlay.

These are usually set once and forget it type of things for us, but to keep things consistent and hands-off, more automation is welcome. Some of the values can't be predicted at plan time (e.g. security groups when using sg for pods feature). Terraform must be applied at least once to create those identifiers. IAM Role name could be templated with envsubst or similar, so that's not a big issue.

So far, this feels like a CI problem, where we need the Terraform apply to complete, read the outputs, and then post-render the terraform outputs either directly into the overlay kustomization.yaml, or push them to one of the configmap generators in order to take advantage of the new kustomize subsitutions (the extra ConfigMap is no biggie).

This feels reasonable to manage, as a successful terraform apply can just notify the next step in the workflow to generate a new last-mile overlay and write back to git for the controllers to pick up/sync. It gets a little more strange if you try to shove both the terraform and kustomize bits into the same repo with Flux/ArgoCD, as to me it becomes less clear which workflow is supposed to be invoked when considering Terraform (via Atlantis, etc.) or ArgoCD, for example.

Blogs, ref architectures, and opinions welcome!

https://redd.it/omiiz4
@r_devops

Deployment to Digital Ocean using Circle CI

My goal is to implement a CI/CD pipeline using CircleCi to automatically ssh into a digital ocean droplet, and execute a git pull and docker-compose command. See

Circle CI YML file

version: 2

defaults:
docker:
- image: circleci/python:3.7
workingdirectory: ~/project

jobs:
pull-and-build:
docker:
- image: arvindr226/alpine-ssh
workingdirectory: ~/project
steps:
- checkout:
path: ~/project
- run:
name: Deploy
command: |
ssh -oStrictHostKeyChecking=no -v $USER@$IP
git pull origin main
docker-compose up --build

workflows:
version: 2
build-project:
jobs:
- pull-and-build

&#x200B;

The digital ocean droplet was created using a putty. CircleCI doesn't recognize the .ppk in in SSH. Is there a way to add ppk public key in circle ci? Or is there another way to set up CI/CD pipeline to deploy on digital ocean?

https://redd.it/omlaf5
@r_devops

Total noob needs help.......please

Hi ladies and gents,

I have an assessment to do but don't know where to start😔
Would you be able to advise on any code editors or resources with regards to
• IaC Best Practice
• Cost
• Security
• Observability

There are some code snippets I need to do a peer review with regards to the above
I just need pointing in the right direction ☺️

Thank you in advance

https://redd.it/omn174
@r_devops

Should I buy Macbook M1 for devops?

I am planning to buy macbook m1 air, but I heard it had issues with devops software. There has already been a discussion on https://www.reddit.com/r/devops/comments/lmc986/experiences\_with\_macbook\_m1/. My question remains same.


But I would like to know how things have changed these past 5 months?

https://redd.it/omnq60
@r_devops

Question Creating kubernetes environment for painless microservice development for multiple isolated (external) development teams

Hello, this will be a long post, I will do tldr first:
I need to create a kubernetes solution for developing multiple applications by multiple teams (RBAC, policies and everything) as painlessly as possible (for the developers). The cluster will be running on vSphere with Tanzu.

Now for the whole story:
I was hired by capital city of my country as a DevOps engineer. I've been DevSecOps engineer in Azure for 3 years and have done lots of projects, but I've just scratched the surface of Kubernetes, using it only for a few months.

The city is trying to change the model of it's IT projects. In the past, everything was done by external providers for abnormally high price, and most of the apps and services aren't even owned by the city, but the providers, which causes a lock-in, and more and more money flowing in their pockets. The city now wants to create a new model, having an internal development team, plus any external provider will be working as an extra workforce managed by the city project managers, working on our infrastructure and using our tools and processes (part of the contract).

What I would like to ask, is how to make this as simple as possible for the development teams. The Kuberentes cluster will be running on Tanzu, as city already has own servers with vSphere (not to mention that they've outsourced vSphere upgrade and Tanzu installation for \~100K€ before I was hired and it's going on for over 2 months already). So best solution would be using tools and components already included in Tanzu.

My idea for RBAC (I'm open to any suggestions) is to first integrate the solution into city's AD (city has an office 365 subscription with Azure AD) for RBAC, both to internal (dev) Ingress endpoints and development tools (I'm trying to push for AzDO, because of AD integration, project and team separation and so on, but the management team is adamant on using Jira and github) so we can control access via AD groups.

To describe what will be developed: City has a huge API for all services (both internal and for citizens, over 100 of services) that's really outdated, using SOAP and mostly owned by provider (and the contract is over). I would like to refactor this into microservices, possibly even serverless functions (if possible, without dockerfiles, to make it simpler for developers, like Azure Functions for example), gradually, one by one. As I've seen, Tanzu has Knative integrated. The only problem I see is that Knative still needs dockerfiles AFAIK and Tanzu has no API gateway (only service mesh). I would like a service that creates routes for the microservices/functions and possibly has a graphql endpoint to fetch multiple things at once (all with as little configuration for the developers as possible). Also something that could make just some APIs accessible to specific roles. The developers should only specify the route for the API, and that also could possibly be scope protected by RBAC (for example team working on taxes could only create endpoints under /api/taxes/*). Also how would you do automated testing on such environment?

Another question for a different application, just for a suggestion: Other projects are city's websites, and unification of them into a single React solution with a self-hosted, headless CMS for the marketing team, probably based on Strapi (and maybe TinaCMS). Would you do the API for this solution also in the serverless way, or just have a frontend/backend containers?


I know this is a little too specific, but it's necessary from security and ease of use standpoint.

https://redd.it/omuw99
@r_devops