Distinguishing DevOps roles

I am noticing a lot of people here confusing the jobs roles of an SRE, SE, & SysAdmin, myself included. So to sum it all up, would this be an accurate distinction.

SRE - automates, designs, & monitors the infrastructure.

Systems Engineer - automates, designs, and monitors the OS deployments.

SysAdmin - maintains/monitors and responsible for the day to day upkeep of what system engineers design.

https://redd.it/psmqty
@r_devops

Vantage Launches Advanced Analytics: See the Cost of Each Individual AWS Resource

Hey folks,

Advanced Analytics is our biggest feature release since the initial launch of Vantage and shows every customer how much they're spending per AWS resource, broken down day-by-day by category (i.e. Data Transfer) as well as subcategory ("i.e. EU Egress Charges"). This functionality provides a richer set of analytics than AWS Cost Explorer provides and makes seeing costs tied to specific resources a lot easier...think things like S3 Buckets, SQS Queues, SNS Topics and Lambda Functions.

We built this feature by ingesting and processing Cost and Usage Reports (CUR) from AWS. By joining that information up with what resources are actually active in your AWS accounts we are able to show you the "true" accrued cost (versus just a rate) of every single AWS resource.

Would love to see what people think: https://vantage.sh/blog

https://redd.it/psp00v
@r_devops

Calling ansible tower template from gitlab ci

I have a Gitlab ci yml file and I need to trigger an Ansible template with tags as parameters. The command I am trying to run as a script is :

tower-cli job launch --monitor --insecure -u demo.ansgitlab -p xxx -h https://demo.comp.com/ -D temp-demo -job_tags service-1

But I am unable to trigger the template with a switch as job_tags.My playbook has tasks with individual tags already and I am not supposed to change anything in the playbook/template either.

​

Code snippet:

​

>script:
>
>- $LAUNCH_T_JOB -u demo.ansgitlab -p ${TOWER_PWD} -h https://demo.comp.com/ -D temp-demo -job_tags svc
>
>Deploy:
>
>variables:
>
>LAUNCH_T_JOB: tower-cli job launch --monitor --insecure
>
>T_CREDENTIALS: -u demo.ansgitlab -p ${TOWER_PWD} -h https://demo.comp.com/ ans_img_public: code.demo.gitlab.comp.com:5053/dsops-p-images/pimag
>
>ansible_project_name: demo-test version: "${CI_COMMIT_BRANCH}_${CI_PIPELINE_ID}"



Could someone please help here to execute the template with tags in it?

https://redd.it/psq83t
@r_devops

How to lead IT Security Spending for real change.

Justify the expenditure on cloud and data security, what are the potential costs and ensure IT spend is balanced with the potential business risk.


Cut costs, move services to different areas in the world, improve development and support, address better data management, resilience and security. Keep costs under control, particularly If developers or line of business managers skirt the IT department and go to public cloud services without proper governance, control or security.


Know what you need to do if you do not know who needs it, where they are, and the level of service needed. Remediate the endpoints and users if they fail the above, and present a layered defense in depth with security technologies in a cooperative environment.


Accurately and cost effectively capture IT asset location, real time inventory visibility and anti theft security in large enterprise and government building sites. Ensure security of end user devices that may contain organization data. Simultaneously contain costs, improve security and service levels, and address regulatory compliance.


Control IT cost spending or cost avoidance and reduce business risk. Unify all of your existing security systems to leverage the most e cient enterprise wide security solution.


Ensure you have protected your enterprise without spending hours poring over vulnerability reports. Manage, store, protect, and share your information in a fast, cost effective, and secure way. Manage your IT assets better by applying industry expertise and security operations in a cost effective fashion.


Quickly and cost effectively respond to legal matters requiring information under your management. Reduce the cost of password administration and still allow access to only those who need it. Get more value out of an IT team that spends most of its time keeping the lights on.


Evaluate security investments after they are made. Report infrastructure or services that are only partially utilized for security purposes.


Bring technology together to make it cost effective and secure. Speed iterative testing, better control costs, and support efforts to keep test environments secure. Know it will be kept safe and secure. Do this while implementing reasonable, cost effective security controls.


Report IT Security costs if the costs incurred are for the benefit of other departments or are shared with other departments. Report IT Security costs if some costs benefit other departments or are shared with other departments.


Report your organization Provisioned IT Services Spending Summary. Manage all this information, keep it up to date, and derive the most value from it to reduce cost and risk.


Calculate the Personnel PY Costs on the IT Security Spend Allocation worksheet. Speed iterative testing, control costs and ensure test environments are secure.


Control costs while managing security and risk. Evaluate the effectiveness of your security spending. Organizations decision to outsource affect that other organizations level of spending on security.


Complete your organization IT Investment Portfolio Summary. Recommend security improvements other than pointing out where its insufficient. Provide security for your data. Tie it back into a metric that you can get credit for. Secure on going maintenance and adjustments due to legal changes at low cost and low risk.


Get additional help on analyzing or cutting your costs. Reduce the complexity of managing multiple IT services in a hybrid environment.


Better understand your cost of consuming IT from anywhere. Measure cyber risk and its associated direct and latent costs. Fasttrack this to get it done.


Get more speed, agility and performance for your IT assets.


Reduce your costs and improve your cycle times. Control/provide access and recover costs. Deal with the continuous pressure to reduce the cost of IT. Target investment more precisely to maximise strategic advantage (good costs). Judge when is the right moment if it

cost a lot in migrate.


Build and manage it.


Securely provide a secret to its intended recipient.


Meaningfully distribute this cost across programs. Control cost of IT. Allocate its cost across those various missions.


Measure the level of interdependence. Maintain compliance without spending your whole budget on it. Better control, manage, and secure environments and your workloads. Optimize the costs of storing the current state of your IoT device.


Avoid going down a rabbit hole of spending on an IT project. Ensure your IT is secure from anywhere. Benchmark your existing infrastructure costs. Maintain your ability to evolve and improve. Identify which threats are most important and prioritize accordingly. Prevent the increased shadow it costs.


Be a force for good. Intend to fund it. Make your investments work. Keep the conversation going.


Put all the pieces together. Stop it happening again.


Be perceived by your customers. Be the catalyst for change.


Secure and govern it. Define vulnerability, easily, so that it can encompass this. Ensure the data is secure during the integration process.


Use it. Do it.


Collect the data. Go about it. Get it done. Know its working as intended. Calculate the cost. Stop the bad guys from abusing it. Do it better. Ensure it is secure. Manage through the worst of it.


Succeed in a complex environment.


Adapt your systems. Deal with corruption. Develop your people. Gain insight. Manage political risk. Plan amid uncertainty. Find the value.


Improve your processes. Actually do it. Get it unlocked. Treat questions of IT security.


Tap into this before its too late. Check that it is secure. Establish credit. Secure an operation, without unacceptable costs.


Grow now and tomorrow. Do this. Fix it. Initiate evaluations. Cost it.


To visualize the IT Security Spending work and manage it, I have built a IT Security Spending Kanban board that is broken down into 1031 Work Items that are prioritized into their Workflows. It's for where to get started on your current or impending IT Security Spending journey.


How many tasks can you move to Done?


Check it out here: https://theartofservice.com/IT-Security-Spending-Kanban

https://redd.it/pssk2c
@r_devops

Apps for Terraform | Building on Terraform

As I have tried to automate the day to day tasks for my DevOps work I have come to know that the best tool out there is Terraform. Unfortunately, it seems to that it has a big learning curve & it's just as easy to get in. Being a DevOps Engineer, are that other tools out there for Cloud Platform/Infrastructure management that are Terraform based, easy to use with a friendly GUI?

I found out that there's another product of HashiCorp known as Boundary for IAM/User Management accross all these platforms. But they GUI is not really made as use friendly as I would have expected.

My concern is for those people who are new to DevOps & want to automate their day-to-day stuff with Terraform but having difficulity adapting to it. Are there any projects going on in community which include better GUI as well some useful features built on top of the Terraform?

If not I plan myself to start working on something similar very soon, I have few features that can be added in that application & build it on top of Terraform. I am open to suggestions if the community has any.

https://redd.it/psqieb
@r_devops

Did you migrate to kubernetes? Did you regret it?

I had a debate with one of my colleagues recently about migrating to k8s his argument was basically that everyone he knows who have done the migration regreted it because it wasn't as smooth as they expected it.

I just want to know if this is really the case and if I should just keep our existing limited but stable orchestration system or if the stories he heard are just anecdotal and I should push more for k8s migration.

Also this is in the context of AWS EKS. I believe GCP is more mature and easier to manage / more stable.

https://redd.it/psutv4
@r_devops

Doing user research on API testing automation

Hi all,

I'm a UX researcher at RestQA (https://restqa.io/#/), which is an open-source, E2E API testing automation platform that's easy to install (through command line) and monitor through a central dashboard.

Instead of creating test scenarios that rely on steep technical knowledge, we help users create test scenarios using plain English. We have an entire dictionary of phrases. The problem is, you need to then understand our own terminology. Perhaps there is a better way to engage developers, and perhaps even make QA a bit more fun.

That's why we're looking to talk to devs and other product people to better understand their QA testing habits, and any pain points they might have. This will help us improve the UX of our current product, and better fit the needs of devs.

If you're interested in being a part of our user research, please contact us at [email protected]

I'd also love to create a conversation in the comments. Feel free to lend your thoughts there as well. It's all very much appreciated.

https://redd.it/psmmyn
@r_devops

Any good example of a wordpress docker container using litespeed?

Any good example of a wordpress docker container using litespeed? I was looking for an example on GitHub, but I couldn't find anything. I could only find examples with nginx, but not litespeed.

https://redd.it/psyilj
@r_devops

CI for a file inside a docker container

I have a Machine Learning app inside a docker container and is behind a nginx reverse proxy. Occasionally I'll need to retrain my model and re upload the file (\~100mb) to a host. Is there a way to do this efficiently? Right now I have change my image, re-push it to docker hub, stop the containers, pull the new image, and then finally restart the containers.

​

This is what my docker-compose.yml looks like

`
version: '2'

services:

  some-ml-app:
    image: username/image
    environment:
      VIRTUAL_HOST: something.com
      LETSENCRYPT_HOST: something.com
      LETSENCRYPT_EMAIL: [email protected]

  nginx-proxy:
    image: jwilder/nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/etc/nginx/vhost.d"
      - "./limit.conf:/etc/nginx/conf.d/limit.conf:ro"
      - "/usr/share/nginx/html"
      - "/var/run/docker.sock:/tmp/docker.sock:ro"
      - "/etc/nginx/certs"

  letsencrypt-nginx-proxy-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    volumes_from:
      - "nginx-proxy"

https://redd.it/pswt7b
@r_devops

VPN between AWS, DC and HQ

We are looking to replace our current VPN solution. Right now we have a Sophos network appliance in our datacenter handling the VPN for home users and have site 2 site connections between that, our AWS networks and our headquarters.

Since we're looking at slowly phasing out our datacenter we want to move the VPN to AWS. We started looking into AWS's Client VPN service and that works great and even hooks up with Google apps for authentication, which we already heavily use as a company. Problem is since this charges per user connection per hour the estimated monthly cost does not sit well with our boss.

So what alternatives are there? One is setting an openvpn server in an EC2 instance but that's very cumbersome for user management. Generating and revoking certificates is a big PITA in my experience. To my understanding there's no way to delegate authentication to Google with that right? Is there any other free software for VPN apart from openvpn we could look into?

https://redd.it/psgu37
@r_devops

DevOps and Change Mgmt

Our organization is slowly but surely moving into a DevOps world. In the existing ITIL base service delivery world we have an established and mature (bureaucratic) Change Mgmt process.

We are facing more and more changes from the DevOps side especially more Infrastructure as Code.

How best to handle change from the DevOps side without introducing antipatterns and such?

https://redd.it/pt6yyf
@r_devops

We analysed 30 job postings to understand what is expected from SRE role.

Hey, this is Kaushik from Spike.sh.

We worked on a fun project. The role of SRE has been in discussion for years but expectations still seem slightly mystical depending on every org's functions.


So, we took SRE job postings from Google, Twilio, Instacart, Gitlab, Spotify and more to understand some key expectations.

​

Here is an interesting figure from our article:

>Build tools and automations  (56% of job descriptions)

Only 56% of job descriptions talk about managing build tools and automations. I personally find this kinda shocking. Shouldn't this be in ALL job postings?


Do read and let me know what you think. We have some ideas on digging into more details about SRE, DevOps and more roles, that is if the community finds it useful !

https://spike.sh/blog/sre-role-2021-analysed-30-job-postings/

https://redd.it/pt7zd0
@r_devops

Training Plan For Devops.

As a team in our organization, we are new to devops and i am try to come up with a training plan for folks joining the team. You can expect that these new folks are new to devops and don't have much experience. Is there a training plan for devops?. Few things i can think off are

AWS, GCP, Azure, python, shell-scripting, terraform, jenkins, messaging technologies, docker, containers.

Are there any other things

​

Also, is there any links that you would recommend to above technologies. Udemy is also fine.

https://redd.it/psc1f1
@r_devops

Incite - Golang Library to write pretty Cloudwatch Log Insights queries

This one looks like a nice library to write pretty golang code to get Cloudwatch Log Insights queries.
https://github.com/gogama/incite


Anybody tried this yet? It takes care of streaming, polling, chunking, previewing and also has optional logging support.

https://redd.it/ptb52s
@r_devops

Distributed Load Testing Using Fargate | Open-Source AWS

Hacktober is right around the corner so i finally decided to make a series for working on Open-source projects. Would love any feedback good or bad.

https://youtu.be/LXKavTaeo4E

https://redd.it/pta7zb
@r_devops

k8s exposing multiple ports on the same domain name

I know that exposing multiple ports over the same domain name on k8s nginx ingress contorller is not possible. Any ideas for a good approach to accomplish this ?


example:
example.com:80 goes to service A and example.com:8000 goes to service B

https://redd.it/ptdh4z
@r_devops

App Deployment: CLI vs. Web UI?

I'm building a tool to deploy web applications to the cloud, and I'm wondering whether I should focus on building a CLI or web UI to manage and debug the apps. I would appreciate some feedback on what you enjoy using most!

https://redd.it/ptdtqb
@r_devops

learning on the job vs training

Hey all, I am new ish here. I started a sort of jr DevOps role a few years ago after about 20 years doing support and sys admin work. I always had an interest in DevOps but had none of the dev skills go get there. I transferred internally from a sr support position to a DevOps role so the interview did not have any code testing etc. Over the past few years I have gained a lot of skills and learned a lot of the tools of the trade, however none of it is deep knowledge. We are a Microsoft shop so 90% of what we do is in powershell and while that is an object-oriented language, it's not really used that much in the industry. I am really interested in Python but we don't use it in our team. I guess the question is, if I don't use a tool/language on a regular basis, how do I learn it and moreover how do I advance my career.?

https://redd.it/ptfzi8
@r_devops

Where do people host internal jobs?

I've run into situations where a job or script is needed by non-technical team members. These scripts might be as simple as one or two API calls to our backend, a SQL query, or a monthly report generator. Typically, we tell these folks to make the calls from Postman or have a Jenkins job they can input a few params into and run (we usually want to keep it simple and avoid building UI's). However, it feels weird giving this much access.

Has anyone else run into this problem? I'm wondering if there's any better solutions out there.

https://redd.it/ptdgpl
@r_devops

What do you, as a DevOps, use for infra downtime prevention, APM, and log management?

Hello all!


I'm new to the DevOps world and want to understand what solutions are worth relying on when the thing comes down to anomalies tracking, log analyzing, APM, alerting.

I had an experience with Zabbix, Datadog, InsightCat. You've probably heard about them. According to my colleagues, these solutions are the leaders. Also, we don't forget about ELK stack, obviously :)


I would appreciate your help. Thank you!

https://redd.it/pt4juj
@r_devops