5 Must Read DevOps Books

For all the people out there who want to understand DevOps and  CI/CD methodology better and start implementing it in their organization, I have curated a list of the top 5 must-read DevOps books. So let us dive into the world of books. 

https://redd.it/oq18nm
@r_devops

Your Ideal CI workflow and what's stopping you from implementing it?

Recently we integrated webhooks for CI into Devtron. You can currently configure these Webhooks on Devtron to run automatic builds for Pull Requests, Tags. For me, it felt like these are some of the most necessary Use Cases in CI to run automatic builds.

I can think of one or two more such configurations such as 'only run builds if the Pull requests are approved by someone' or 'Don’t run builds if the commit message doesn’t match a regex pattern,' but I am not sure how many would use these.

I am sure there are many more trigger points to run automated or manual builds. I am really curious to know what is your ideal CI workflow and if you haven't implemented it then why?

https://redd.it/oq26ah
@r_devops

Deploy cloud image via ISO

Hi all,

My enterprise does not allow instantiating VMs from images.
The only allowed method is to create a new VM and boot from one or more ISOs.

Is there a common way to create a bootable ISO that copies a cloud image to the VMs virtual disk? (E.g.: this focal img)

Right now, I'm using the autoinstall approach. But it's unnecessarily slow.

Cheers,

https://redd.it/oq12n7
@r_devops

How to incentivize team members to participate in code reviews?

We have a team of about 4-5 developers where we all contribute to various projects. When a change is made we send a PR link to our team and ask the team to review. Typically there is 1-2 people who are constantly reviewing and the rest of the team doesn't seem to want to participate at all.

We had discussed assigning PR's to developers randomly but that didn't seem like a great idea because of the varying level of knowledge/experience per developer as well as the developers current load.

Is there anyway to solve this problem without building any complex solution? How to incentivize the non-participating team members to contribute?

https://redd.it/oq3pkm
@r_devops

Azure DevOps Project

https://youtu.be/cWif2x2y1KM

https://redd.it/oq5wne
@r_devops

What is the problem with tags on DataDog?

Reddit keeps showing me an ad that suggests I should be frustrated with DataDog tags. I have never used DataDog but when I have briefly looked at its docs in the past, its tags seemed like a reasonable concept to me. What is wrong with them in practice such that an ad promising to get rid of them would be an effective pitch?

https://redd.it/oq6q7n
@r_devops

I'm on a quest to make developers in our org self sufficient when it comes to deployments, but unsure about the best approach when it comes to app configuration management. I would really appreciate your input.

I am of firm belief that if devs can't deploy their code to production without ops/admin involvement then something is missing in the process, therefore I'm working on a goal to make developers in the org self sufficient when it comes to deploying code to production.

In the process of implemeting ci/cd with (gitea + drone) I've come across an issue that I need an elegant solution for.The app in question uses config.ini file for configuration that currently is manually updated and contains configuration as well as secrets.


Migrating to a different configuration scheme (like central config server) is not viable at this time, due to time constraints, so the goal is to have the config.ini be constructed during ci/cd process.


I've come up with a plan to start version controlling config for production/dev/etc... in git and leave secrets values out, which will be injected into config file dynamically during ci/cd process.


For example, new config file in git would look like this:

config.ini.prod


DB_HOST = prod.site.com #would be real value
DB_USER = db #would be real value
SECRET_DB_PASS = #would be empty
...

One of the steps in ci/cd would do this:

cp config.ini.prod config.ini
./secrets-fill.sh
./secrets-confirm.sh
...

Where ./secrets-fill.sh would iterate through lines in config.ini and for any rows starting with SECRET_ it would fill value from secrets service like Vault

Then secrets-confirm.sh step would make sure no secrets are empty or else the pipeline would fail

This would make it possible for developers to ask admins to add secret to vault, and any time they would deploy code, ci/cd pipeline would be able to construct, fill and conirm config file was built fully.


Here are my questions:

* If we had to keep relying on config.ini file, is there any way you'd improve this approach?
* If I could convince stake holders to scrap this approach, ditch using config.ini and go with something else altogether, what would you recommend doing?
* In your org, who updates secrets in Vault/secrets service? Is there a bit of a silo situation there?

https://redd.it/oq5479
@r_devops

When automating a deployment involving Terraform, the common pattern is to store the state on a shared storage. What is the reason for not using a git private repository instead?

As the questions says. I'm looking into how terraform works from an automation perspective (deploying dedicated Shared VM for some legacy utility task runners from on-premise).

Everywhere I look it seems that the recommended solution is to store the tfstate files into a shared storage and pull them back in the pipeline workspace before the apply so that you can verify the state of the resources, then push them back.

To me it sounds a lot like a simple pull and push into a repository and I wonder why it's not suggested to use a dedicate repo instead so that we have a full changes history using git as well (yes, some storage solution have versioning as well, I'm aware).

I should add that most of the devops code/configs in our case are already in a dedicated git repository and the secrets in a secret manager. Everything get pulled together by the pipeline when a deployent need to happen.

It would have been natural to me to add a terraform-states directory in there and store the tfstate files but maybe I am missing something important if no one actually suggest that instead.

Links that explain it are more than welcome as well if you don't want to go into a detailed response!

A Little disclaimer: I know some people here are really passionate about what they use and I appreciate the devops community for that passion, I'm serious, but here I'm really asking more about the Why(s) than what 3rd party tool I should use :)

https://redd.it/oq92vo
@r_devops

Apache logs -> prometheus metrics -> grafana: is there really no ready setup somewhere?

I just want to tail my apache logs into an exporter (grok_exporter?) and show the stats in grafana. Is there really no ready-made setup for this? I found this but there's no grafana dashboard available anywhere.

Asking for a ready setup because I believe that this is such a common setup that if there isn't one I must be doing something obviously wrong

https://redd.it/oq3x7l
@r_devops

Leveraging operator pattern and VolumeSnapshots to backup databases in Kubernetes @BlaBlaCar

BlaBlaCar completed its migration to GCP and Kubernetes recently and decided to go multi-cloud in the near future. When moving to the cloud, we started to use disk snapshots to backup our MariaDB and Cassandra clusters running on Kubernetes.

As we are going multi-cloud we needed a cloud-agnostic solution, flexibility in our backup policies (frequency/retention) and trust in our backup process so we ended up building an operator to do the job. We wrote a Medium post explaining why and how we built the operator to manage our disk snapshots using the new VolumeSnapshot resource and how we continuously test these snapshots.

We think it's a good example to show when an operator can do a better job than core Kubernetes resources and we hope you'll find it interesting. Feel free to ask any question.

https://medium.com/blablacar/leveraging-operator-pattern-and-volumesnapshots-to-backup-databases-in-kubernetes-3a28aa425100

https://redd.it/opzlem
@r_devops

Women in DevOps

I'm interested in making the most inclusive team possible, and, for better or worse, I've been moved out of the DevOps Engineering position I was in, to a DevOps manager

In my current role, I think I've screened and interviewed roughly 70-80 candidates, and hired a handful out of those

That being said, only 3 of those candidates were women, all exceptionally capable, but none returned the skills test we sent out, and all of them accepted positions with other companies

My company is an exceptionally successful startup, with a focus on diversity and inclusion, but we have been, thus far, unsuccessful in diversifying the genders within the membership of the DevOps team

I'm curious to hear the experience of others when it comes to diversifying your DevOps team with more women in a male dominated field

https://redd.it/opx4el
@r_devops

How to transition from software dev to devops

Hey guys the title kind of says it all, I have been in a software development position for 3 years now working on ibm systems doing the full software cycle from conception of projects to deployment so I figure DevOps wouldn't be a hard transition. But I'm not sure how I transition to this role? Has anyone had a similar change that they could share with me?

https://redd.it/oqdird
@r_devops

Got an offer from Rural Sourcing

So I am moving from graphic design to DevOps and I have been interviewing for a month now. I was offered a decent amount over what they normally pay for Analyst II. It has been a very long month and very emotionally draining to be passed up so many times.

But! Because of all of your help, I finally got an offer.

So, thank you all.

https://redd.it/oqf687
@r_devops

How to migrate one iis website out of multiple websites from onprem data center to aws.

Hi All,

Please could you guide me, how can i migrate just one IIS website from a webserver present on VMware infrastructure to AWS.

I was thinking to use cloud endure but seems that is only use in case of migrating the entire webserver.

Sorry if I asked dumb question.

https://redd.it/opwcu1
@r_devops

Kubernetes Gremlins: What Broke My Cluster?

Tooling that helps finding nasty gremlins in Kubernetes clusters that create lots of troubles in cloud native applications.
https://kubevious.io/blog/post/kubernetes-gremlins-what-broke-my-cluster

https://redd.it/oqgv24
@r_devops

Packer vs User Data scripts

I have only used User Data Bash scripts to boot up my instances but I'm considering learning Packer because I have heard good things from my fellow colleagues. What are the advantages/disadvantages of using Packer with Terraform. (Using AWS cloud provider).

https://redd.it/oqgdu6
@r_devops

S3 Presigned URL issues

Hi,

I have a presigned URL to perform getObject

Yet when I try to use it I receive a 403 error.

Not sure what I need to change. I'm using axios like axios.get(getURL) where getURL is the signed URL response from an earlier request.

Do i need to pass a header along with it? The object I'm trying to get is already in the getURL with the bucket name

https://redd.it/oqg8o6
@r_devops

York University Certificate in devops course.

Hi! I’ve been in IT Operations for 3 years. I’m hoping to upskill myself. I’m torn between enrolling in this course or self-study and get certifications. Here’s the link of the course.

https://continue.yorku.ca/programs/certificate-in-devops/

Do you think it's better to self-study or enroll in this course?

https://redd.it/oqjctc
@r_devops

Wall mountable monitoring devices

Anyone have any good suggestions for a wall mountable device that can load websites for active monitoring like Grafana?

It'd be nice to have something that you could mount like a digital picture frame instead of a monitor that could load a website. It'd likely need a cable dangling I guess for power and not be a tablet as a tablet battery would likely bulge if it was left plugged in for ages.

The easiest would likely be a vesa mounted monitor plugged into a rasberry pi or something, but I'm wondering if anyone else has found anything neat to use. Even if it only refreshed every 5-10 minutes.

https://redd.it/oqjrnj
@r_devops

SOCKS5 proxy provider

Hi,

We have different resources on all the major cloud providers (GCP, AWS, AZ, IBM) and we'd like to present some of our egress traffic as coming from a limited set of static IP addresses.

Leveraging our current VNET/VPC gateway IPs is not an option as the number of IPs it would require would exceed the number of IPs we would like our egress services to use.

The only viable option I can think of is to launch a bunch of SOCKS5 proxies, and configure the egress service to use those proxies to establish egress connections.

If possible, we'd like to not have to maintain this piece.

1. Is there any other technical solution to achieve this?
1. I can't find out-of-the-box proxies provided by the big cloud providers (e.g. AWS SOCKS5 Proxy as a service). Is there an offering from them I'm missing?
1. In the sea of personal VPN offerings, the only business oriented product I found is https://www.quotaguard.com/static-ip-features/ Does anyone know other serious providers?

https://redd.it/oqll1a
@r_devops

Working as a "DevOps Engineer" but with caveats. Have the option of switching to Telco engineer. Interested and want to make a career in DevOps. Would this move be burning the bridges?

So I'm working as a DevOps Engineer right now but the work is more of release management. The day to day involves monitoring of our test environments hosted on Linux servers, troubleshooting them, monitoring test results (not writing the tests) and creating new releases. The thing is I'm not actively working with tools and technologies such as Ansible, Terraform, Kubernetes or public cloud. I'm trying to learn these by myself and also trying to get some azure certifications but that's going slow.

Now I have an offer for another job which is a junior Telco engineer. Part of it involves some system administration, Ansible and python/bash for automation. But main part is working with VoIP technologies and using Asterisk and Wireshark etc.

I'm confused if I should take this one or not. Because I do want to continue my career in DevOps. And I feel like the job that I'm in right now doesn't give me the exposure and opportunity to work with the tools and technologies that are in DevOps.

And I could get Ansible and some automation experience with the new one (my situation with the rest of the stuff stays the same). But I'm worried that it would be a change into something very specific as VoIP and I would move away from DevOps. Would it be a good idea to switch jobs here?

Also the new job pays a little bit more but involves some on call work which is potentially 1k-2k plus per month
Any opinions will be appreciated! I have to decide by Tuesday 😅

https://redd.it/oqpn5i
@r_devops