The things don't make sense in the SushiSwap's MISO launchpad hack:

According Theo SushiSwap's CTO: An "anonymous contractor" with the GitHub handle AristoK3 and access to the project's code repository had pushed a malicious code commit that was distributed on the platform's front end. What is ANONYMOUS CONTRACTOR?!?!

As confirmed here: "I have seen PRs with more than 40+ files changed that instantly got approved". Obviously, it doesn't make sense unless you are roadrunner!

https://redd.it/ps30p5
@r_devops

How do developers handle developing large scaled dockerized applications locally?

I am currently working on a fairly large scale project (upwards of 250 docker containers), which has complexe dependencies on multiple APIs and front-end applications. The staging and production infrastructures are running on Kubernetes. My team is made up of approximately 50 developers all running macOS on company laptops. We are split up into teams that each work on specific parts of the project. Some are front end developers, some are backend developers. Currently we all develop on our laptops locally using either locally installed dependancies or via docker containers (mongoDb, PHP, RabbitMQ…) but we are limited to installing only the specific part of the project we are currently working on as it does not seem possible to run the whole project at the same time on each developers laptop, but this method is very clunky, and can vary from one developers machine to another. I like the whole idea of using docker-compose to have the whole project running locally, but in my experience as soon as you have a few docker volumes running, the MacBooks grind to a halt. Currently switching over to Linux laptops is not an option.

I am looking for advice on how other large scale companies deal with the problem. I would love to have a similar experience to the production systems, possibly running something like Minikube locally, but I don’t think the performance will be any better and it adds a lot of complexity for new developers. We have also thought about running our dev environments on linux VMs but that can quickly be expensive.

How do people in large companies / projects deal with this ?

https://redd.it/prpz5e
@r_devops

Meta: Proposal to introduce a DevOps wiki and FAQ

Hello friends,

I think it might be nice if we introduce a proper wiki and FAQ for this subreddit. I suspect this subreddit will become more popular as DevOps roles become more popular as a choice of career and I think a wiki and FAQ will help people entering into this field and also prevent the same questions being asked again and again.

What does everyone think? Will this be practical or not?

If we do this, what sections should be included?

https://redd.it/prjgi3
@r_devops

How To Manage Staff Engineer That Always Has Strong Opinions On Your Work?

I am an ops engineer that sent the past 3 years on a small infra team at a *very* popular tech company. I got to onboard my company into K8s. I recently moved into a new company and I thought that I would be creating the micro service infrastructure, but they brought another more senior person to the team.

In my previous company, even the most staff level engineers had a sense of humility (there was this code of "we do not know what we are doing but we are here building the bestselling app things that we cab"). That pervious job is my only professional full-time devops experience, but our scale and success illustrated that we did something right.

In my new job, the staff engineer does whatever he wants, but always has opinions on the work of others. He also does things like tell me what kubernetes command to run, as if I do not have experience with kubernetes.

I realize that unless this is your personal project, you will always have to deal with this kind of bullshit. However, I hate the fact that we are in this space of "he is meant to be my peer but is acting like a tech lead without giving tech lead instructions and plans."

What do I do in such a situation, I do not care if I have to execute on his image. I truly do not. I just hate the ambiguity of hierarchy.

https://redd.it/psfvzc
@r_devops

If you're adopting container technology, what is the main problem that you're currently trying to solve?

https://www.poll-maker.com/poll3892940x8AE74cEf-123

https://redd.it/psfj44
@r_devops

🔥 HOW TO CHOOSE BETWEEN MULTIPLE DEVOPS JOB OFFERS?

https://youtu.be/7SA-s2PlePU

🔥 HOW TO CHOOSE BETWEEN MULTIPLE DEVOPS JOB OFFERS?

DevOps is the combination of cultural philosophies, practices, and tools that increases an organization's ability to deliver applications and services at high velocity: evolving and improving products at a faster pace than organizations using traditional software development and infrastructure management processes.

\#howtochoosebetweenmultipledevopsjoboffers #devops #awsdevops #joboffer #claydesk

https://redd.it/pshdkf
@r_devops

DevOps Master Class Part 6 - Infrastructure as Code

Lesson six of my new DevOps Master Class is now live which dives into Infrastructure as Code. Thinking about initial deployment of resources, configuration of the resource itself, creating custom images, creating containers, deploying to Kubernetes, policy and much more. All, as code!

https://youtu.be/8AgEwM8RhAU

YouTube Playlist for the whole course - https://www.youtube.com/playlist?list=PLlVtbbG169nFr8RzQ4GIxUEznpNR53ERq

GitHub Repo - https://github.com/johnthebrit/DevOpsMC

https://redd.it/psidgu
@r_devops

prometheus alerts from grafana dashboard

Hi guys. I am not able to create alerts for template variables. Pls help me. Thanks.

https://redd.it/psizc0
@r_devops

Need advice from people who have been in similar position

Am I making a mistake declining offers for Infrastructure Automation/SRE Ops roles in product companies and going for Backend development roles in mid-size service based/Big 4 companies?

https://redd.it/psjxew
@r_devops

Mobile DevOps?

Hey folks, how do you prioritize building a CI/CD pipeline for the mobile projects in the small teams under 10 devs?

Do you automate both Android and iOS at the same time or start off with one of them?

https://redd.it/psiz56
@r_devops

Distinguishing DevOps roles

I am noticing a lot of people here confusing the jobs roles of an SRE, SE, & SysAdmin, myself included. So to sum it all up, would this be an accurate distinction.

SRE - automates, designs, & monitors the infrastructure.

Systems Engineer - automates, designs, and monitors the OS deployments.

SysAdmin - maintains/monitors and responsible for the day to day upkeep of what system engineers design.

https://redd.it/psmqty
@r_devops

Vantage Launches Advanced Analytics: See the Cost of Each Individual AWS Resource

Hey folks,

Advanced Analytics is our biggest feature release since the initial launch of Vantage and shows every customer how much they're spending per AWS resource, broken down day-by-day by category (i.e. Data Transfer) as well as subcategory ("i.e. EU Egress Charges"). This functionality provides a richer set of analytics than AWS Cost Explorer provides and makes seeing costs tied to specific resources a lot easier...think things like S3 Buckets, SQS Queues, SNS Topics and Lambda Functions.

We built this feature by ingesting and processing Cost and Usage Reports (CUR) from AWS. By joining that information up with what resources are actually active in your AWS accounts we are able to show you the "true" accrued cost (versus just a rate) of every single AWS resource.

Would love to see what people think: https://vantage.sh/blog

https://redd.it/psp00v
@r_devops

Calling ansible tower template from gitlab ci

I have a Gitlab ci yml file and I need to trigger an Ansible template with tags as parameters. The command I am trying to run as a script is :

tower-cli job launch --monitor --insecure -u demo.ansgitlab -p xxx -h https://demo.comp.com/ -D temp-demo -job_tags service-1

But I am unable to trigger the template with a switch as job_tags.My playbook has tasks with individual tags already and I am not supposed to change anything in the playbook/template either.

​

Code snippet:

​

>script:
>
>- $LAUNCH_T_JOB -u demo.ansgitlab -p ${TOWER_PWD} -h https://demo.comp.com/ -D temp-demo -job_tags svc
>
>Deploy:
>
>variables:
>
>LAUNCH_T_JOB: tower-cli job launch --monitor --insecure
>
>T_CREDENTIALS: -u demo.ansgitlab -p ${TOWER_PWD} -h https://demo.comp.com/ ans_img_public: code.demo.gitlab.comp.com:5053/dsops-p-images/pimag
>
>ansible_project_name: demo-test version: "${CI_COMMIT_BRANCH}_${CI_PIPELINE_ID}"



Could someone please help here to execute the template with tags in it?

https://redd.it/psq83t
@r_devops

How to lead IT Security Spending for real change.

Justify the expenditure on cloud and data security, what are the potential costs and ensure IT spend is balanced with the potential business risk.


Cut costs, move services to different areas in the world, improve development and support, address better data management, resilience and security. Keep costs under control, particularly If developers or line of business managers skirt the IT department and go to public cloud services without proper governance, control or security.


Know what you need to do if you do not know who needs it, where they are, and the level of service needed. Remediate the endpoints and users if they fail the above, and present a layered defense in depth with security technologies in a cooperative environment.


Accurately and cost effectively capture IT asset location, real time inventory visibility and anti theft security in large enterprise and government building sites. Ensure security of end user devices that may contain organization data. Simultaneously contain costs, improve security and service levels, and address regulatory compliance.


Control IT cost spending or cost avoidance and reduce business risk. Unify all of your existing security systems to leverage the most e cient enterprise wide security solution.


Ensure you have protected your enterprise without spending hours poring over vulnerability reports. Manage, store, protect, and share your information in a fast, cost effective, and secure way. Manage your IT assets better by applying industry expertise and security operations in a cost effective fashion.


Quickly and cost effectively respond to legal matters requiring information under your management. Reduce the cost of password administration and still allow access to only those who need it. Get more value out of an IT team that spends most of its time keeping the lights on.


Evaluate security investments after they are made. Report infrastructure or services that are only partially utilized for security purposes.


Bring technology together to make it cost effective and secure. Speed iterative testing, better control costs, and support efforts to keep test environments secure. Know it will be kept safe and secure. Do this while implementing reasonable, cost effective security controls.


Report IT Security costs if the costs incurred are for the benefit of other departments or are shared with other departments. Report IT Security costs if some costs benefit other departments or are shared with other departments.


Report your organization Provisioned IT Services Spending Summary. Manage all this information, keep it up to date, and derive the most value from it to reduce cost and risk.


Calculate the Personnel PY Costs on the IT Security Spend Allocation worksheet. Speed iterative testing, control costs and ensure test environments are secure.


Control costs while managing security and risk. Evaluate the effectiveness of your security spending. Organizations decision to outsource affect that other organizations level of spending on security.


Complete your organization IT Investment Portfolio Summary. Recommend security improvements other than pointing out where its insufficient. Provide security for your data. Tie it back into a metric that you can get credit for. Secure on going maintenance and adjustments due to legal changes at low cost and low risk.


Get additional help on analyzing or cutting your costs. Reduce the complexity of managing multiple IT services in a hybrid environment.


Better understand your cost of consuming IT from anywhere. Measure cyber risk and its associated direct and latent costs. Fasttrack this to get it done.


Get more speed, agility and performance for your IT assets.


Reduce your costs and improve your cycle times. Control/provide access and recover costs. Deal with the continuous pressure to reduce the cost of IT. Target investment more precisely to maximise strategic advantage (good costs). Judge when is the right moment if it

cost a lot in migrate.


Build and manage it.


Securely provide a secret to its intended recipient.


Meaningfully distribute this cost across programs. Control cost of IT. Allocate its cost across those various missions.


Measure the level of interdependence. Maintain compliance without spending your whole budget on it. Better control, manage, and secure environments and your workloads. Optimize the costs of storing the current state of your IoT device.


Avoid going down a rabbit hole of spending on an IT project. Ensure your IT is secure from anywhere. Benchmark your existing infrastructure costs. Maintain your ability to evolve and improve. Identify which threats are most important and prioritize accordingly. Prevent the increased shadow it costs.


Be a force for good. Intend to fund it. Make your investments work. Keep the conversation going.


Put all the pieces together. Stop it happening again.


Be perceived by your customers. Be the catalyst for change.


Secure and govern it. Define vulnerability, easily, so that it can encompass this. Ensure the data is secure during the integration process.


Use it. Do it.


Collect the data. Go about it. Get it done. Know its working as intended. Calculate the cost. Stop the bad guys from abusing it. Do it better. Ensure it is secure. Manage through the worst of it.


Succeed in a complex environment.


Adapt your systems. Deal with corruption. Develop your people. Gain insight. Manage political risk. Plan amid uncertainty. Find the value.


Improve your processes. Actually do it. Get it unlocked. Treat questions of IT security.


Tap into this before its too late. Check that it is secure. Establish credit. Secure an operation, without unacceptable costs.


Grow now and tomorrow. Do this. Fix it. Initiate evaluations. Cost it.


To visualize the IT Security Spending work and manage it, I have built a IT Security Spending Kanban board that is broken down into 1031 Work Items that are prioritized into their Workflows. It's for where to get started on your current or impending IT Security Spending journey.


How many tasks can you move to Done?


Check it out here: https://theartofservice.com/IT-Security-Spending-Kanban

https://redd.it/pssk2c
@r_devops

Apps for Terraform | Building on Terraform

As I have tried to automate the day to day tasks for my DevOps work I have come to know that the best tool out there is Terraform. Unfortunately, it seems to that it has a big learning curve & it's just as easy to get in. Being a DevOps Engineer, are that other tools out there for Cloud Platform/Infrastructure management that are Terraform based, easy to use with a friendly GUI?

I found out that there's another product of HashiCorp known as Boundary for IAM/User Management accross all these platforms. But they GUI is not really made as use friendly as I would have expected.

My concern is for those people who are new to DevOps & want to automate their day-to-day stuff with Terraform but having difficulity adapting to it. Are there any projects going on in community which include better GUI as well some useful features built on top of the Terraform?

If not I plan myself to start working on something similar very soon, I have few features that can be added in that application & build it on top of Terraform. I am open to suggestions if the community has any.

https://redd.it/psqieb
@r_devops

Did you migrate to kubernetes? Did you regret it?

I had a debate with one of my colleagues recently about migrating to k8s his argument was basically that everyone he knows who have done the migration regreted it because it wasn't as smooth as they expected it.

I just want to know if this is really the case and if I should just keep our existing limited but stable orchestration system or if the stories he heard are just anecdotal and I should push more for k8s migration.

Also this is in the context of AWS EKS. I believe GCP is more mature and easier to manage / more stable.

https://redd.it/psutv4
@r_devops

Doing user research on API testing automation

Hi all,

I'm a UX researcher at RestQA (https://restqa.io/#/), which is an open-source, E2E API testing automation platform that's easy to install (through command line) and monitor through a central dashboard.

Instead of creating test scenarios that rely on steep technical knowledge, we help users create test scenarios using plain English. We have an entire dictionary of phrases. The problem is, you need to then understand our own terminology. Perhaps there is a better way to engage developers, and perhaps even make QA a bit more fun.

That's why we're looking to talk to devs and other product people to better understand their QA testing habits, and any pain points they might have. This will help us improve the UX of our current product, and better fit the needs of devs.

If you're interested in being a part of our user research, please contact us at [email protected]

I'd also love to create a conversation in the comments. Feel free to lend your thoughts there as well. It's all very much appreciated.

https://redd.it/psmmyn
@r_devops

Any good example of a wordpress docker container using litespeed?

Any good example of a wordpress docker container using litespeed? I was looking for an example on GitHub, but I couldn't find anything. I could only find examples with nginx, but not litespeed.

https://redd.it/psyilj
@r_devops

CI for a file inside a docker container

I have a Machine Learning app inside a docker container and is behind a nginx reverse proxy. Occasionally I'll need to retrain my model and re upload the file (\~100mb) to a host. Is there a way to do this efficiently? Right now I have change my image, re-push it to docker hub, stop the containers, pull the new image, and then finally restart the containers.

​

This is what my docker-compose.yml looks like

`
version: '2'

services:

  some-ml-app:
    image: username/image
    environment:
      VIRTUAL_HOST: something.com
      LETSENCRYPT_HOST: something.com
      LETSENCRYPT_EMAIL: [email protected]

  nginx-proxy:
    image: jwilder/nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/etc/nginx/vhost.d"
      - "./limit.conf:/etc/nginx/conf.d/limit.conf:ro"
      - "/usr/share/nginx/html"
      - "/var/run/docker.sock:/tmp/docker.sock:ro"
      - "/etc/nginx/certs"

  letsencrypt-nginx-proxy-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    volumes_from:
      - "nginx-proxy"

https://redd.it/pswt7b
@r_devops

VPN between AWS, DC and HQ

We are looking to replace our current VPN solution. Right now we have a Sophos network appliance in our datacenter handling the VPN for home users and have site 2 site connections between that, our AWS networks and our headquarters.

Since we're looking at slowly phasing out our datacenter we want to move the VPN to AWS. We started looking into AWS's Client VPN service and that works great and even hooks up with Google apps for authentication, which we already heavily use as a company. Problem is since this charges per user connection per hour the estimated monthly cost does not sit well with our boss.

So what alternatives are there? One is setting an openvpn server in an EC2 instance but that's very cumbersome for user management. Generating and revoking certificates is a big PITA in my experience. To my understanding there's no way to delegate authentication to Google with that right? Is there any other free software for VPN apart from openvpn we could look into?

https://redd.it/psgu37
@r_devops