Do I need to upgrade log4j again (since last Friday Dec 10 2022 ) ??????

https://blog.360totalsecurity.com/en/log4j-remote-code-execution-vulnerability-exists-in-apache/

https://github.com/apache/logging-log4j2/compare/log4j-2.15.0-rc1...log4j-2.15.0-rc2

https://redd.it/rfv5ye
@r_devops

Job Interview Question - When To Disclose DUI Incident To Potential Employer?

Hello,

I am currently interviewing for a job that I feel pretty confident that I am going to get an offer for (been through 3 rounds of interviews, each one successful, and have one last interview with the hiring manager). I am currently a seasoned IT professional and have been in the industry for around 10 years or so. Unfortunately, I have a DUI which I am not proud about. The incident occurred several years ago at this point and is something I attribute to being a dumb kid in his 20s that has come a long way since then (have a wife and kids now) and learned a great deal from.

Question - If I get an offer, I was thinking of disclosing the DUI (only at this stage of receiving an offer), because I assume if I accept the job offer, they will need to run background checks on me, and the DUI will pop up as a red flag. I just wanted to make sure if this was the best approach? and I should NOT try hiding the incident from the employer / recruiter and basically keeping quiet regarding the DUI incident?

Any feedback / thoughts / advice would be greatly appreciated.

https://redd.it/rfqejg
@r_devops

Is it possible to Jump from a Help Desk job to a Devops position?

Hello everyone, I may potentially start a Help Desk position soon and I am really interested in working with the cloud in the future. With that being said, I'm really interested in DevOps. I only have two certs at the moment. I also have some coding experience. I know I will have to get a Cloud cert but idk if I should get an AWS or Azure one, but i really want to jump from Help Desk to DevOps in a year or a year and a half.

https://redd.it/rg1zs3
@r_devops

Do you prefer push mode or pull mode for monitoring your systems?

Pyroscope is an open source continuous profiler and in v0.4.1 we added pull mode support (particularly for Go integration): https://github.com/pyroscope-io/pyroscope/releases/tag/v0.4.1

As an open source project we have less quantitative data to help us understand whether users prefer push mode or pull mode (in general) or even more specifically for getting profiling data about their applications.

Also for context, our Pull mode implementation was greatly influenced by prometheus and most commonly requested by prometheus pull-mode users (fun fact: Github copilot was able to write \~50% of our docs page on this topic likely because of it seeing so much prometheus).

We suspect more people prefer push mode (fundamentally easier to be precise -- in our case specifically about timestamps), but were definitely surprised by how many people requested a pull mode...

Whether its prometheus, datadog, influxDB, etc -- which method do you prefer for monitoring your systems?

https://redd.it/rfq8qb
@r_devops

Move from SRE to backend software engineering

Did any of you make this jump? I am considering moving away from SRE because I am simply finding this position to be stressful, I am getting burnt out quickly, works feels unappreciated and the on call is constant.

I have learned coding at uni but I am revisiting concepts with CS50, then I plan to learn OOP and just make the jump.

How hard was it to land a job? Does sre experience counts for the lack of developing experience?

Thanks.

https://redd.it/rg41ft
@r_devops

Ansible with azure key vault

Have anyone tried getting secrets into ansible from azure key vault?
I've spend few hours without any luck...

https://redd.it/rfiiad
@r_devops

WinRM I/O timeout during packer build when using private subnet

Overview of the Issue

I'm trying to create an AWS AMI with packer but it seems like I am running into an issue where it seems WinRM keeps timing out when I use a private subnet.

​

I've taken a look and can see there is a IGW attached to the VPC and when I do try this with a public subnet, its able to connect to WinRM just fine with no issues.

​

My question is what can be stopping winRM from connecting and how to prevent timeouts from occurring?

​

Reproduction Steps:

Launch the template and attempt to create AMI (packer build .)

​

Packer version

1.7.8

​

Simplified Packer Template:

packer {
requiredplugins {
amazon = {
version = ">= 0.0.2"
source = "github.com/hashicorp/amazon"
}
}
}

source "amazon-ebs" "windowsserver" {
amidescription = "TestAMI"
aminame = "TestAMI"
amiusers = ["${var.amiusers}"]
associatepublicipaddress = false
communicator = "winrm"
instancetype = "${var.instancetype}"
region = "${var.awsregion}"
securitygroupid = "${var.securitygroupid}"
forcederegister = true
forcedeletesnapshot = true
sourceamifilter {
filters = {
architecture = "x8664"
name = "WindowsServer-2019-English-Full-ContainersLatest-*"
root-device-type = "ebs"
virtualization-type = "hvm"
}
mostrecent = true
owners = "amazon"
}
subnetid = "${var.subnetid}"
userdatafile = "./bootstrapwindows.txt"
vpcid = "${var.vpcid}"
winrminsecure = true
winrmport = 5986
winrmusessl = true
winrmtimeout = "60m"
winrmusername = "Administrator"
}

build {
sources = ["source.amazon-ebs.windowsserver"]

provisioner "powershell" {
script = "./SetNetwork.ps1"

]

}

}

​

​

Operating system:

​

The EC2 is Windows Server 2019

​

​

\### Packerlog output:

2021/12/13 09:02:59 Using host value: EC2InstancePrivateIP
2021/12/13 09:02:59 packer-plugin-amazonv1.0.1x5.0linuxamd64 plugin: 2021/12/13 09:02:59 INFO Attempting WinRM connection...
2021/12/13 09:02:59 packer-plugin-amazonv1.0.1x5.0linuxamd64 plugin: 2021/12/13 09:02:59 DEBUG connecting to remote shell using WinRM
2021/12/13 09:03:29 packer-plugin-amazonv1.0.1x5.0linuxamd64 plugin: 2021/12/13 09:03:29 ERROR connection error: unknown error Post "EC2InstancePrivateIP:5986/wsman": dial tcp EC2InstancePrivateIP:5986: i/o timeout
2021/12/13 09:03:29 packer-plugin-amazonv1.0.1x5.0linuxamd64 plugin: 2021/12/13 09:03:29 ERROR WinRM connection err: unknown error Post "EC2InstancePrivateIP:5986/wsman": dial tcp EC2InstancePrivateIP:5986: i/o timeout

​

https://redd.it/rfghv4
@r_devops

GraphQL vs REST - a low-code API showdown

REST and (the newer) GraphQL APIs are the core technologies behind the vast most of today's integrations. These APIs allow external developers to tap into the functionality of the major platforms and build in their custom functionality to suit their needs.

​

https://linx.software/graphql-vs-rest-a-low-code-showdown/

https://redd.it/rg8ivm
@r_devops

"infrastructure in a bottle"

Hi,

In most of the jobs I worked, there's always a complex issue of testing new code. We always have the "dev" copy of infrastructure. But it's never in sync with prod, used by someone else to experiment with next push.

I am looking for something like VirtualBox but for entire infrastructure. Single command to spawn entire fleet of mock machines, with networks, dns, volumes etc. So I can do end-to-end on a one powerful enough machine.

An infrastructure in a bottle.

I was thinking about Kubernetes, but before I dive into 300 pages book on the subject, I figured it does not hurt to ask here first.

Does anyone know a language of decribing infrastructure, that can be just as much deployed on prod AND deployed locally?


By prod I don't mean AWS or any other provider in particular. On the opposite, I am happy to setup my own machines if that gives me this single use case.

Kind Regards

https://redd.it/rg9kr3
@r_devops

Where are you finding high paying jobs?

I keep reading that DevOps and SRE jobs are high paying in the $300k+ range but I rarely see any for that. I am located in Canada but looking for a remote US job and seeing almost none in that salary band. I wanted to ask and see where people are finding these high paying jobs? I currently make decent enough money but not close to what others are saying they make. Advice?

https://redd.it/rg9vi9
@r_devops

Improving Application Availability with Pod Readiness Gates

Hi /r/DevOps,

Today I published an article titled "Improving Application Availability with Pod Readiness Gates", where I explain how to use Kubernetes Readiness Gates to create custom Pod status conditions and to implement complex readiness checks in places where liveness and readiness probes just aren't good enough.

Here's the link: https://towardsdatascience.com/improving-application-availability-with-pod-readiness-gates-4ebebc3fb28a

Feedback is very much appreciated!

https://redd.it/rg929a
@r_devops

How to get the Kafka confluent developer or administrator certification ?

Hey everyone I just started working as a Devops engineer and I have been working with Kafka for about a month now, in order for me to make sure that I really understand Kafka and that I am fully autonomous while using I decided to pass the confluent official certification in 2 months. (And also use it as an argument to get better jobs proposal).

I have 2 questions :
- The certification is only valid for 2 years, do I need to pay again to extend it ?
- Do you have any tips to get the certification ?

https://redd.it/rgb69d
@r_devops

How do you test your cloud based resources if its written as IaC? Do you apply the same testing pyramid concepts?

I actually have two questions here,

The first would be on automation testing for the IaC itself, as I've recently started reading about different tools which can do this (e.g. terratest - it requires go knowledge though, RSpec - requires some ruby knowledge)
I'm interested to know more about your implementations for testing IaC, how did it benefit you/your team and the ROI of applying it.


The second question would be on how you guys do performance and stress testing? as I'm interested to know real world experience regarding it.

https://redd.it/rgdtby
@r_devops

Noop Question: Is it possible to Automate the Creation and Configuration of VM in Azure?

Hello there!

Currently, I'm working with a small team on a huge project, because that we need to do pretty much everything in the project (backend, frontend, support, business stuff, and DevOps).

I was thinking in find ways to get rid of support things, that can be massive sometimes. One of the things is the task to create and configure new Virtual Machines to Client when requested.

What we currently:
\- Clone Machine (the machine can be new or some that already exist)
\- Enter the VM and execute a script that will configure it:
\- Change hostname
\- Change username and password
\- Update few certificates
\- Enter the Server and add a new machine to the list

​

So can it be automated, or some part of it?


Thanks!

https://redd.it/rgelru
@r_devops

What is really considered Junior/Mid/Senior SRE?

I've seen job posts Junior/Mid/Senior SRE on LinkedIn. All with overlapping descriptions.

From a seasoned SRE point of view, which would be the real skillset and experience each one should have?

Thanks.

https://redd.it/rge0de
@r_devops

Can this be done with AWS free tier services?

Long time full-stack web developer staring at the prospect of using AWS for the first time.

I have a client (who happens to be an Amazon seller) looking to automate a few tasks, ideally using AWS Free Tier services.

The solution will be a small collection of PHP scripts (not a website, just the scripts and their Composer dependencies) that call various third party APIs (including UPS Quantum View and Dropbox) and send emails, all run as cron jobs at most hourly.

I could deploy on traditional hosting in a few minutes, but the AWS services are an obtuse menagerie.

From what I can gather, I'll need EC2 Beanstalk at minimum, but beyond that I'm lost.

I'm certain this can be done with AWS, but which services do I need?

Or should I steer the client toward hosting this on his GoDaddy server? Not ideal, but it's what he has.

https://redd.it/rgijdl
@r_devops

Do I have to add backend port to security groups in aws ec2 to let the frontend talk to it?

I have a website hosting on aws ec2. My backend is running at port 8000 and my frontend is at 3000. Now I made my ip public so people can access my website. I added 3000 into the security group and now people can see my frontend UI. However, I found out that I have to add backend port 8000 into the security group as well otherwise my website only has frontend because it could not talk to the backend. This is bit confusing to me because to my knowledge if I expose only frontend port, it will call 8000 by itself within the ec2 host just like how localhost works there. But now I need to expose 8000 to the public in order to make my website fully functional. I don't know if exposing both frontend and backend ports is supposed to be the way to host a website or there has to be another way? Any comments or suggestions would be greatly appreciated! :)

https://redd.it/rgk0t0
@r_devops

Create a symbolic link (also symlink or soft link) in Linux - Ansible module file

How to create an "example" symbolic link that references "/proc/cpuinfo" in Linux with Ansible. Simple Ansible code and verification included.

https://youtu.be/uZF671e924k

\#ansible #symlink #softlink #file #linux #filesystem

https://redd.it/rgkwhz
@r_devops

PagerDuty is down

https://status.pagerduty.com/

Edit: Looks like it's coming back online now. Will delete post when all clear.

https://redd.it/rgmhmu
@r_devops

How do you handle SSL certs for dynamic sub-subdomains like feat321.dev.example.com?

I’m in the middle of creating a way for our team to have preview apps foe open Pull Requests.

We have a commercial wildcard certificate for *.example.com. As you all know, this wildcard only works for level1 subdomains like dev.example.com.

We agreed to use domains like this for the preview apps: feat321.dev.example.com. With the restriction that another commercial wild card cert only for this use case is too expensive: how do you tackle this problem?

Do you use let’s encrypt certs for the specific domains, even if you have to create multiple ones per hour and maybe even delete them again within a few mins?

Or do you use a Let‘s Encrypt wildcard cert - which is cumbersome to renew due to the DNS TXT record challenge that has to be altered every 3 months?

Or do you maybe come up with some other domain structure like dev-feat321.example.com for the sake of simplicity?

https://redd.it/rgkjtp
@r_devops

What I can do to do more and more devops things?

I work for a company where I'm the sole "server guy". Fully remote, all of our infrastructure is in Digitalocean (and a few clients in AWS). All servers are managed by me, deployed by me, backed up by me and so on.

We have a very strong dev team, so I don't need to help them much; I'm not a dev myself, I can help understand some problems from a more out of the box perspective but that's it. They pretty much handle themselves. When shit hits the fan and they don't know what to do they either go to their lead dev, the company owner, or me; when the lead dev doesn't know how to handle it he goes to company owner; I'm the last resort when it's not a development challenge.

What I do daily:

\- orient devs on what to focus on (project management), test their work, give feedback, write new vectors for them to focus on the next day/push.

\- solve problems the devs don't know/have access to solve, like installing libraries, reconfiguring PHP, setting up Apache/NGinx/elasticsearch/whatnot to handle the workload

\- solve management requirements, like scripting backup and maintenance, scripting data normalization scripts to filter what devs need to feed to their code to attain client objectives

\- solve "lack of knowledge" issues, like devs don't know how to handle a certain workload and I know a service/software that does just that.

\- solve "lack of creativity" issues, like dev doesn't know how to handle a problem and I can think of a straightforward way to solve it but can't code the solution myself.

\- research when even the company owner doesn't know if something is possible.

There's no need for terraform/ansible on our company because 99,9% of our work is web development, so 99% of servers use the same structure (php, apache, yada yada); I handle most of our staging environment on a single big server (instead of several smaller ones, to save on cost of operation), and deploy to tailored size when it goes live.

There's also not much leeway to interfere in CICD because like I said, we do mostly webdev, so no "new features all the time". I'd bet 50% of our workload is Laravel and around 30% Magento.

Fact is that I earn 20 USD/h and I do have a lot of leeway to do more hours a day. My kids need special needs school next year so I'm wanting tips on what I could do to do more (hours) in my job and also bring more value to the company. Make things better.

I'm most reactive to events in the company and that gets me around 40h to 60h a month; I would love to see that reach 200h.

What would you guys suggest?

https://redd.it/rgnsgm
@r_devops