Get starting from scratch at 35 years old

Hi there,

I'm a man from South East Asia, 35 years old, used to be an freelance FE developer with only over 1 year of experience, quit 6 years ago.

Since more than a year, my business failed due to covid pandemic, very bad financial situation. Last 3 months ago, I decided to come back to IT field, self-learning linux, scripting (shell and Python), docker and kubernetes and cloud as well. I'm going to learn some more essential tools for devops role and then probably apply to be an internship or junior engineer( may be next 3-4 month).

Sometimes it feels vague and overwhelming but I know it pays off. Do you have any advice to get me on right track, especially about building my own project and repository?

Thanks in advance!

https://redd.it/r5mjs4
@r_devops

What "monitoring-related" topics would be interesting for you?

Hello guys!
Need a bit of your help as DevOps professionals :)


To cut a long story short, my colleagues decided to regularly write educational materials about different topics referring to full-stack monitoring, observability, incident response, etc. They also are tech folks.

What would you, as a DevOps, preferably read about?

I'll attach a poll but if you have a topic/format you're interested in, please, don't hesitate to write it in the comment section.
Note: I use the term "monitoring" to generalize everything it consists of / relates to, incl. IT infrastructure monitoring, full-stack monitoring, synthetic monitoring, log management, root cause analysis, incident response, etc.

Thank you in advance :)

View Poll

https://redd.it/r5l42d
@r_devops

Tips for setting up heartbeats endpoints for microservices

I am going to set up the heartbeats endpoints for each microservice in a kubermetes cluster. Basically I just want to add a GET request endpoint. Our normal API access is based on Auth0 checking the role of the user. I’m wondering for the heartbeat endpoint, do I need to add the authentication logic?? Thanks in advance.

https://redd.it/r5fxoq
@r_devops

Platform owner who is responsible for software update?

HiI own few kubernetes clusters, I develop a little of software there but for some other application more responisble are developers. There is problem that they stay with 1-2 years old software and don't have time or don't want to update it to newest version. And now is question from SRE, DevOps perspective how much I'm responsible for that? Should I press on them to make update or I should be responsible only for infrastructure security? How it is your company? What do you think?

https://redd.it/r8v7fo
@r_devops

Restarting service what is the best way or ways of doing it.

I am quite new to DevOps stuff and still learning. I have a query, in my current system rabbitmq is being used as a message broker and there are two service reward system and the main API, the main API publishes a message to rabbitmq which in turn is consumed by reward system. My question is say someday if we have to restart the rabbitmq server, I have found the way to persist the message that were in queue, but during the time of restart there will be messages being published by the API to rabbitmq, but since it won't be able to receive them these messages will get lost. So how do I overcome this, also are there cases like these a lot or very few times so we can have kind of hack where we start another rabbitmq server and start sending messages there until we get the other one up and then again allow API service to start sending to the old one. Is there some standard way of redirecting the messages as for now I only know that API has config files pointing or saying to use specific rabbitmq server, what I am asking is like proxy so we can just configure the proxy so that we don't have to make any changes to the API service configs. Looking for you experiences and advices.

https://redd.it/r8v5ic
@r_devops

Automated SSH host key signing - concepts and best practices

Hey guys,

I'm working on a concept for SSH certificates for out company. We already run Hashicorp Vault, so it's the obvious choice for also using it as out SSH CA. Signing user certificates and distribution of the CA for validating this signed keys is easy by using a golden Image build with packer. There are plenty of blogs and tutorials how to achieve this.

However, host key signatures seem to be more complicated and I have not been able to find much literature on the subject. I have several VMs on VMWare and AWS. A host key signing process should work for both.

From my point of view there are two possible solutions:

1. Create host keys on the VM and send them to Vault via curl from inside the VM for signing. Store the result as singed key on the VM.
2. Create a host key outside the VM and sign it on Vault. Deploy the new host key and singed host key to the VM (cloud-init) or something like that.

Both scenarios have pros and cons.

* Signing the keys on the VM required the VM to have a Vault login and connection. This could be solved using AppRoles or AWS meta as auth provider in Vault.
* But how do we trigger the key signing? It's a task which must run after network is ready but before SSHD is starting. So maybe SystemD? Something else?
* Providing the keys from outside requires a more complex Terraform / Ansible /Cloud-formation etc. setup. It also doesn't work with auto scaling where hosts just appear without further configuration management .

As you can see, many questions to which I still have no answer. **I would therefore be happy to hear from you how you solve this and what your approaches are here.** Do you have any best practices or articles or good resources how others solve this? I'm sure we're not the first one struggling here.

The goal is to have a process which is stable, easy to understand and generic enough to apply on different platform.

Thanks in advance!

https://redd.it/r8v2o1
@r_devops

java spring K8s app issue help

If your Spring app suddenly stops processing files and need restart every other week to start processing files again. what does that mean?

Edit: what would be your first step to troubleshoot this as devops guy?

https://redd.it/r8z2z9
@r_devops

Which to choose.

Offered to jobs, need help to decide. Money doesn't matter. 🙂

View Poll

https://redd.it/r8y4bp
@r_devops

What places have the highest paid tech jobs without an outrageous cost of living?

I am getting to the point where I’m ready to start looking at the big wide world but I am wondering where I can go to get the most $$ and save a lot of it

I am confident I can get into most companies if I set my mind to it and prepare over the next year

I sometimes hear of crazy permanent roles paying over $250kUSD+ etc but never actually see them advertised. Are these only for the cream of the crop / savants amongst us? Or could a good engineer land a role like this as well?

Would love to hear others stories of working overseas to make big bucks

https://redd.it/r90txg
@r_devops

Looking For Advice On Containerizing Complex Application

My companies solution uses multiple Systemd services for different modules (API, front end, etc), MongoDB, Kafka/ZK etc. which traditionally has been distributed to our customers using a stripped down OS with CentOS as a base and distributed as an Iso for installation on bare metal servers as an appliance. The ISO uses a in memory OS to build a permanent OS shim that has all of our modules, dependencies, etc installed after formatting/partitioning disks through bash scripts before doing the chroot to the actual OS.

We're currently going through a transition with trying to scale the product and personally I feel that distributing our product in this way isn't ideal from an CI/CD and customer perspective as we have to build and distribute an Iso and go through a complicated migration to upgrade customers on older versions. I've been looking into ways to containerize our product and am unsure if it's worth the effort or even possible.

Some specific challenges:

Our OS base has been CentOS in the past but with hits EOL we have switched to using Oracle 8.4 for compatibility with existing RPM packages and ease of migration. We strip out a lot of stuff and lock the kernel to prevent customers messing with and complicating the OS environment and wrap most stuff in a limited custom shell.

We use Kafka/Zookeeper for inter module communication along with our REST API, as well as communicating between nodes (separate installs of our product on different servers) in a cluster.

We use MongoDB on a separate disk/partition for the database from the OS disk. We shard the DB for use across multiple nodes in the cluster to keep them in sync.

We support managing and mounting different types of backend storage including NFS, SMB/CIFS, LTFS, S3.

Each module that comprises our solution is built using Java/Kotlin and is ran as a service using Systemd. This is about 8-10 different services/modules.

Does something like this sound like it'd be worth trying to containerize or is it too complicated and would defeat the purpose of containers (isolation, security, etc.)?

I know ideally we would need a container per service/module, one for the DB, Kafka/ZK. Having to support systemd (at least in current iteration) as well as mounting the different disk types require elevated permissions and lower the isolation to the host. Also the networking with other nodes seems like it will be a nightmare, so I'm not sure it's even worth attempting. Thoughts?

https://redd.it/r91oa2
@r_devops

What silly thing am I missing here

Hey there,

I'm developing my first Azure Devops pipeline and hit a snag. I'm sure I've overlooked something simple here. Appreciate if you can point it out :-)

I'm building a pipeline which deploys a new Forest & child AD.

I can successfully create the DC VM (OS:2019-Datacenter, version:latest) & accommodating network interface / disks.

Google then told me I needed to implement a desired state configuration (DSC) to configure the domain.

So I call it within my ARM template with the following:

"resources":
{
"name": "CreateADForest",
"type": "extensions",
"apiVersion": "2019-12-01",
"location": "[parameters('location')",
"dependsOn":
"[resourceId('Microsoft.Compute/virtualMachines', parameters('dcCastleVirtualMachineName'))"
],
"properties": {
"publisher": "Microsoft.Powershell",
"type": "DSC",
"typeHandlerVersion": "2.20",
"autoUpgradeMinorVersion": true,
"settings": {
"ModulesUrl": "variables('adPDCForestModulesURL')",
"ConfigurationFunction": "variables('adPDCForestConfigurationFunction')",
"Properties": {
"DomainName": "parameters('domainNameCastle')",
"AdminCreds": {
"UserName": "parameters('dcCastleAdminUsername')",
"Password": "PrivateSettingsRef"
},
"childDomainDNSIP": "10.0.0.1",
"childDomain": "parameters('domainNameTower')"
}
},
"protectedSettings": {
"Items": {
"AdminPassword": "parameters('dcCastleAdminPassword')"
}
}
}
}

And that successfully downloads/invokes my "Configuration block" CreateADPDCForest.

Then my configuration block looks like this:

Configuration CreateADPDCForest
{ param    ( < snip> )
Import-DscResource -ModuleName xActiveDirectory, xStorage, xNetworking, PSDesiredStateConfiguration, xPendingReboot
<snip>
}

But this fails with the following error:

Import-DscResource -ModuleName xActiveDirectory, xStorage, xNetwo ...Could not find the module 'xActiveDirectory'

And I have noidea why.

Am I meant to install xActiveDirectory first? I tried that (I think) and it still failed. No blogs online seem to have to install it.

My image reference:

"imageReference": {
"publisher": "MicrosoftWindowsServer",
"offer": "WindowsServer",
"sku": "2019-Datacenter",
"version": "latest"
},

And the WMF version is: 5.1.17763.2268

Am I meant to be using 6.x+? If so, how do I "upgrade" my WMF to that version?

Cheers in advance,

https://redd.it/r93eb2
@r_devops

Anyway to remove a commit from code commit mistake made

I made a really stupid mistake and committed to the wrong repo noticed a split second after and reverted it but code commit doesn’t allow rebase so I currently have a commit and reversion showing on a FE repo when I intended to update a pipeline repo that was building that FE repo.

Worse still it was the master branch!.
The previous commit on there was 2 years ago and on the most recent branch 1 year ago and I think there planning to move to a new repo but there repo might still get updated.

Me and a more senior dev had been working off our pipeline repo master branch to update Our WIP pipelines (I know bad practice we should likely have it follow and work off another branch to avoid this very issue happening) I also use -am so it takes less time to go from change to push also admittedly increasing the chance of this very mistake though it’s the first time Iv made it

Is there anyway for me to fix this?

https://redd.it/r5ivnl
@r_devops

A tip to avoid having a false sense of security on GitHub

Good: Enable branch protection policies

Better: Configure CodeOwners

Best: Ensure PRs are ACTUALLY reviewed before approved

What do you think about this approach?

https://redd.it/r50tvl
@r_devops

Looking for advice on DevOps boot camp selection and is it even worth it?

I am a Marine Corps Veteran with 12+ years of project management experience. Over the past couple of years I have been looking to move into tech and away from my current field mainly due to lack of upward mobility. As a veteran there is a specific program called Vet Tec that covers the cost of certain accredited boot camps around the country.
Most of my technical experience revolves around basic IT related things (I’m the neighbor/friend/family member everyone calls to help with their computer problems). As a project manager my brain is wired to find inefficiencies and correct them. I have very basic Python experience and have dabbled with some physical computing via Raspberry Pi’s.

The program I’m looking into offers a DevOps course that gets you the following Certs:

-ISA 1002 CompTIA Security+ | 72 hours
-ISA 1005 Certified Ethical Hacker (CEH) | 72 hours
-DEV 1003 Splunk Core User | 72 hours

I would love some feedback from the community on what you think about this offer. Specifically, is this really worth my time. I’m capped currently at making about $85k a year and have a ridiculous commute that has me going from project to project driving 9hrs a day.

https://redd.it/r561fz
@r_devops

Wanting to start learning about DevOps but stuck between getting Azure Certification or AWS?

Hi everyone, I am a devops noob. I have 5 years experience in IT and it wasn't till recently, I decided I wanted to be in DevOps. A friend of mine has encouraged me to study and take the Azure Sys Admin exam so I have been studying for this but now I'm caught up with whether I should be spending my time focusing on Azure certification or change my focus completely to AWS instead. Should I just push forward and get Azure certified or change focus to AWS? Please help :(

https://redd.it/r551gn
@r_devops

Kubernetes nodes autoscaling

I'm new to the kubernetes ecosystem and I'd like to know if an open source tool exists that will allow to launch more kubernetes nodes across clusters/providers.

I understand that Kubernetes comes with a pod horizontal autoscaling capability and Rancher is managing nodes connectivity to create a k8s cluster .

What I'd like is a tool that based on prometheus metrics (or other), I can launch nodes in a given provider, similar to AWS autoscaling group, but vendor agnostic, so I would take advantage of a multi cloud cluster.

Ironically AWS launched Karpenter https://karpenter.sh/ which seems to do that but I'm not sure if I understand it correctly. (It supports only AWS atm)

How do you manage nodes autoscaling in your k8s setup ? How can the nodes register themselves to rancher ?

https://redd.it/r9c36e
@r_devops

ADO, YAML, and Terraform question for VM builds

Currently we are deploying VMs to Azure using YAML pipelines with ARM templates. We pass a couple variables like VM name/size, RSG, region, ect. Throw the YAML pipeline in the variables section provided by ADO when we want to build a new VM. Since it’s ARM it doesn’t care that we are just rerunning the same pipeline each time but changing the variables for a new VM.

My question is how can we do something similar with Terraform? From my understanding if we were to rerun the same pipeline Terraform would go “oh hey I see you got this new server but also you didn’t mention the old one so yeah I’ll make you a bee server but at the same time delete your previous one.”

Any times or links to articles with some details would be great!

https://redd.it/r9bg8j
@r_devops

Udemy Coupon for Microsoft Azure Practice Tests

Hi

May this Christmas 🎄 brings lots of success in your career goals.

Take Microsoft Azure Practice Tests to Familiarize Yourself with the Real Exam Experience.


I have udemy coupon codes.
CHRISTMAS-SPECL





AZ-303
https://www.udemy.com/course/microsoft-azure-architect-technologies-exam-practice-tests/?couponCode=CHRISTMAS-SPECL

AZ-304
https://www.udemy.com/course/microsoft-azure-architect-design-exam-practice-tests/?couponCode=CHRISTMAS-SPECL

AZ-500
https://www.udemy.com/course/microsoft-azure-security-technologies-exam-practice-tests/?couponCode=CHRISTMAS-SPECL


AZ-400
https://www.udemy.com/course/microsoft-azure-devops-solutions-exam-practice-tests/?couponCode=CHRISTMAS-SPECL

AZ-700
https://www.udemy.com/course/designing-and-implementing-microsoft-azure-networking-solutions/?couponCode=CHRISTMAS-SPECL


#udemycoupon #udemycourse #AzureDevOps
#Azure #azurecertification #DevOps

https://redd.it/r9drg2
@r_devops

As a sysadmin, can I make our VM provisioning process more similar to devops best practices?

Hello everyone. I'm a junior sysadmin who has been trying to learn the devops ways for a short while now.

I would like to discuss with you about how we provision our VMs for our users and get feedback if it can be improved. I know everything can be improved, and it's nice that I want to learn but I'm not sure it's worth it if we have a certain way of doing it which has very little flaws.

Each employee in our organization gets a gateway provisioned for him (Usually a CentOS m4/m5 EC2 instance).

Our way of provisioning VMs is we have a web-ui that wraps a bunch of Ansible playbooks and bash scripts. When executed, the playbooks create the VM, configure automounts, VNC settings, join it to our domain, etc.

I was wondering if I can utilize other tools or best practices to perform the same tasks, maybe even make it better somehow? My current struggle is maintenance usually, which isn't really a struggle as it's just a minor inconvenience to debug errors in this process sometimes.

I'm pretty much clueless when it comes to IaC tools and even my Ansible isn't that good, but I'm willing to learn and it would be great to work on a tool that would bring me real world experience in this role, which might help me become DevOps one day.

Any suggestions are welcome.

Thanks

https://redd.it/r9dpd7
@r_devops

Use GOTOAWS to simplify the AWS CLI tool.

GoToAWS is a tool that simplifies the AWS CLI for several operations.

I'm not sure how well-known it is, so I wanted to show it off. This video is short and digestible, so I hope you all enjoy it.

https://www.youtube.com/watch?v=uLtx1PUUZJQ

Let me know if you have any questions!

Cheers!

https://redd.it/r9ijro
@r_devops

"Error in decrypting data with cmk"

I am trying to granularize my ECS task role permissions, it was Adminstrative access earlier, so for this server I gave every possible access it might need, along with AWSKeyManagementServicePowerUser, but it still throws the above error. But when I add Adminstrative Access, it works.

Without Adminstrative access, I am getting 405 error on my server.

I couldn't find higher permission for KMS than the above mentioned.


Any idea which permission should I give?

Also, I tried searching from Cloudtrail but there are just so many calls(heath checks) so it gets really hard to figure out mine.

https://redd.it/r9pb55
@r_devops